gpgsm: Support SENDCERT_SKI for --call-dirmngr

* sm/call-dirmngr.c (run_command_inq_cb): Support SENDCERT_SKI. * dirmngr/crlcache.c (crl_cache_insert): Print the CRL name along with the unknown OID nortice.
2024-12-22 10:19:57 +01:00 · 2023-06-19 14:05:22 +02:00 · 2023-06-19 14:05:22 +02:00 · 701a8b30f0
commit 701a8b30f0
parent 0a63afc79a
2 changed files with 37 additions and 9 deletions
--- a/dirmngr/crlcache.c
+++ b/dirmngr/crlcache.c
@ -2361,6 +2361,7 @@ crl_cache_insert (ctrl_t ctrl, const char *url, ksba_reader_t reader)
          || !strcmp (oid, oidstr_crlNumber) )
        continue;
      log_error (_("unknown critical CRL extension %s\n"), oid);
+      log_info ("(CRL='%s')\n", url);
      if (!err2)
        err2 = gpg_error (GPG_ERR_INV_CRL);
      invalidate_crl |= INVCRL_UNKNOWN_EXTN;
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@ -1001,16 +1001,17 @@ static gpg_error_t
 run_command_inq_cb (void *opaque, const char *line)
 {
  struct run_command_parm_s *parm = opaque;
+  gpg_error_t err;
  const char *s;
  int rc = 0;
+  ksba_cert_t cert = NULL;
+  ksba_sexp_t ski = NULL;
+  const unsigned char *der;
+  size_t derlen, n;

  if ((s = has_leading_keyword (line, "SENDCERT")))
-    { /* send the given certificate */
-      int err;
-      ksba_cert_t cert;
-      const unsigned char *der;
-      size_t derlen;
-
+    {
+      /* Send the given certificate.  */
      line = s;
      if (!*line)
        return gpg_error (GPG_ERR_ASS_PARAMETER);
@ -1029,11 +1030,36 @@ run_command_inq_cb (void *opaque, const char *line)
            rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
          else
            rc = assuan_send_data (parm->ctx, der, derlen);
-          ksba_cert_release (cert);
+        }
+    }
+  else if ((s = has_leading_keyword (line, "SENDCERT_SKI")))
+    {
+      /* Send a certificate where a sourceKeyIdentifier is included. */
+      line = s;
+      ski = make_simple_sexp_from_hexstr (line, &n);
+      line += n;
+      while (*line == ' ')
+        line++;
+
+      err = gpgsm_find_cert (parm->ctrl, line, ski, &cert,
+                             FIND_CERT_ALLOW_AMBIG|FIND_CERT_WITH_EPHEM);
+      if (err)
+        {
+          log_error ("certificate not found: %s\n", gpg_strerror (err));
+          rc = gpg_error (GPG_ERR_NOT_FOUND);
+        }
+      else
+        {
+          der = ksba_cert_get_image (cert, &derlen);
+          if (!der)
+            rc = gpg_error (GPG_ERR_INV_CERT_OBJ);
+          else
+            rc = assuan_send_data (parm->ctx, der, derlen);
        }
    }
  else if ((s = has_leading_keyword (line, "PRINTINFO")))
-    { /* Simply show the message given in the argument. */
+    {
+      /* Simply show the message given in the argument. */
      line = s;
      log_info ("dirmngr: %s\n", line);
    }
@ -1043,7 +1069,6 @@ run_command_inq_cb (void *opaque, const char *line)
         root certificate.  */
      char fpr[41];
      struct rootca_flags_s rootca_flags;
-      int n;

      line = s;

@ -1067,6 +1092,8 @@ run_command_inq_cb (void *opaque, const char *line)
      rc = gpg_error (GPG_ERR_ASS_UNKNOWN_INQUIRE);
    }

+  ksba_cert_release (cert);
+  xfree (ski);
  return rc;
 }