From c6416080a2f3154c3a6807b42ef3e224c3904815 Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Tue, 4 Jun 2002 09:41:59 +0000 Subject: [PATCH] * gpgsm.c (main): New command --list-sigs * keylist.c (list_cert_std): New. Use it whenever colon mode is not used. (list_cert_chain): New. --- sm/ChangeLog | 7 ++ sm/certdump.c | 306 ++++++++++++++++++++++++++++++++++++++++++++++++++ sm/gpgsm.c | 9 +- sm/gpgsm.h | 7 ++ sm/keylist.c | 156 ++++++++++++++++++++++++- 5 files changed, 480 insertions(+), 5 deletions(-) diff --git a/sm/ChangeLog b/sm/ChangeLog index 889140034..d5ae4f679 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,3 +1,10 @@ +2002-06-04 Werner Koch + + * gpgsm.c (main): New command --list-sigs + * keylist.c (list_cert_std): New. Use it whenever colon mode is + not used. + (list_cert_chain): New. + 2002-05-31 Werner Koch * gpgsm.c (main): Don't print the "go ahead" message for an diff --git a/sm/certdump.c b/sm/certdump.c index 4d5e6bf7f..11e9f659f 100644 --- a/sm/certdump.c +++ b/sm/certdump.c @@ -32,8 +32,41 @@ #include "gpgsm.h" #include "keydb.h" +#include "i18n.h" + +struct dn_array_s { + char *key; + char *value; +}; + /* print the first element of an S-Expression */ +void +gpgsm_print_serial (FILE *fp, KsbaConstSexp p) +{ + unsigned long n; + KsbaConstSexp endp; + + if (!p) + fputs (_("none"), fp); + else if (*p != '(') + fputs ("[Internal error - not an S-expression]", fp); + else + { + p++; + n = strtoul (p, (char**)&endp, 10); + p = endp; + if (*p!=':') + fputs ("[Internal Error - invalid S-expression]", fp); + else + { + for (p++; n; n--, p++) + fprintf (fp, "%02X", *p); + } + } +} + + void gpgsm_dump_serial (KsbaConstSexp p) { @@ -59,7 +92,24 @@ gpgsm_dump_serial (KsbaConstSexp p) } } +void +gpgsm_print_time (FILE *fp, time_t t) +{ + if (!t) + fputs (_("none"), fp); + else if ( t == (time_t)(-1) ) + fputs ("[Error - Invalid time]", fp); + else + { + struct tm *tp; + tp = gmtime (&t); + fprintf (fp, "%04d-%02d-%02d %02d:%02d:%02d Z", + 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, + tp->tm_hour, tp->tm_min, tp->tm_sec); + assert (!tp->tm_isdst); + } +} void gpgsm_dump_time (time_t t) @@ -82,6 +132,8 @@ gpgsm_dump_time (time_t t) } + + void gpgsm_dump_string (const char *string) { @@ -157,7 +209,261 @@ gpgsm_dump_cert (const char *text, KsbaCert cert) } + +/* helper for the rfc2253 string parser */ +static const unsigned char * +parse_dn_part (struct dn_array_s *array, const unsigned char *string) +{ + const unsigned char *s, *s1; + size_t n; + unsigned char *p; + + /* parse attributeType */ + for (s = string+1; *s && *s != '='; s++) + ; + if (!*s) + return NULL; /* error */ + n = s - string; + if (!n) + return NULL; /* empty key */ + array->key = p = xtrymalloc (n+1); + if (!array->key) + return NULL; + memcpy (p, string, n); + p[n] = 0; + trim_trailing_spaces (p); + if ( !strcmp (p, "1.2.840.113549.1.9.1") ) + strcpy (p, "EMail"); + string = s + 1; + + if (*string == '#') + { /* hexstring */ + string++; + for (s=string; hexdigitp (s); s++) + s++; + n = s - string; + if (!n || (n & 1)) + return NULL; /* empty or odd number of digits */ + n /= 2; + array->value = p = xtrymalloc (n+1); + if (!p) + return NULL; + for (s1=string; n; s1 += 2, n--) + *p++ = xtoi_2 (s1); + *p = 0; + } + else + { /* regular v3 quoted string */ + for (n=0, s=string; *s; s++) + { + if (*s == '\\') + { /* pair */ + s++; + if (*s == ',' || *s == '=' || *s == '+' + || *s == '<' || *s == '>' || *s == '#' || *s == ';' + || *s == '\\' || *s == '\"' || *s == ' ') + n++; + else if (hexdigitp (s) && hexdigitp (s+1)) + { + s++; + n++; + } + else + return NULL; /* invalid escape sequence */ + } + else if (*s == '\"') + return NULL; /* invalid encoding */ + else if (*s == ',' || *s == '=' || *s == '+' + || *s == '<' || *s == '>' || *s == '#' || *s == ';' ) + break; + else + n++; + } + + array->value = p = xtrymalloc (n+1); + if (!p) + return NULL; + for (s=string; n; s++, n--) + { + if (*s == '\\') + { + s++; + if (hexdigitp (s)) + { + *p++ = xtoi_2 (s); + s++; + } + else + *p++ = *s; + } + else + *p++ = *s; + } + *p = 0; + } + return s; +} + + +/* Parse a DN and return an array-ized one. This is not a validating + parser and it does not support any old-stylish syntax; KSBA is + expected to return only rfc2253 compatible strings. */ +static struct dn_array_s * +parse_dn (const unsigned char *string) +{ + struct dn_array_s *array; + size_t arrayidx, arraysize; + int i; + + arraysize = 7; /* C,ST,L,O,OU,CN,email */ + arrayidx = 0; + array = xtrymalloc ((arraysize+1) * sizeof *array); + if (!array) + return NULL; + while (*string) + { + while (*string == ' ') + string++; + if (!*string) + break; /* ready */ + if (arrayidx >= arraysize) + { + struct dn_array_s *a2; + + arraysize += 5; + a2 = xtryrealloc (array, (arraysize+1) * sizeof *array); + if (!a2) + goto failure; + array = a2; + } + array[arrayidx].key = NULL; + array[arrayidx].value = NULL; + string = parse_dn_part (array+arrayidx, string); + arrayidx++; + if (!string) + goto failure; + while (*string == ' ') + string++; + if (*string && *string != ',' && *string != ';' && *string != '+') + goto failure; /* invalid delimiter */ + if (*string) + string++; + } + array[arrayidx].key = NULL; + array[arrayidx].value = NULL; + return array; + + failure: + for (i=0; i < arrayidx; i++) + { + xfree (array[i].key); + xfree (array[i].value); + } + xfree (array); + return NULL; +} + + +static int +print_dn_part (FILE *fp, struct dn_array_s *dn, const char *key, + int need_delim) +{ + int any = 0; + + for (; dn->key; dn++) + { + if (!strcmp (dn->key, key) && dn->value && *dn->value) + { + if (need_delim) + { + putc ('/', fp); + need_delim = 0; + } + if (any) + fputs (" + ", fp); + else + fprintf (fp, "%s=", key); + print_sanitized_utf8_string (fp, dn->value, '/'); + any = 1; + } + } + return any; +} + +/* Print all parts of a DN in a "standard" sequence. We first print + all the known parts, followed by the uncommon ones */ +static void +print_dn_parts (FILE *fp, struct dn_array_s *dn) +{ + const char *stdpart[] = { + "CN", "OU", "O", "STREET", "L", "ST", "C", "EMail", NULL + }; + int any=0, i; + + for (i=0; stdpart[i]; i++) + { + if (print_dn_part (fp, dn, stdpart[i], any)) + any = 1; + } + + /* now print the rest without any specific ordering */ + for (; dn->key; dn++) + { + for (i=0; stdpart[i]; i++) + { + if (!strcmp (dn->key, stdpart[i])) + break; + } + if (!stdpart[i]) + { + if (print_dn_part (fp, dn, dn->key, any)) + any = 1; + } + } +} +void +gpgsm_print_name (FILE *fp, const char *name) +{ + const unsigned char *s; + int i; + + s = name; + if (!s) + { + fputs (_("[Error - No name]"), fp); + } + else if (*s == '<') + { + const unsigned char *s2 = strchr (s+1, '>'); + if (s2) + print_sanitized_utf8_buffer (fp, s + 1, s2 - s - 1, 0); + } + else if (*s == '(') + fputs (_("[Error - unknown encoding]"), fp); + else if (!((*s >= '0' && *s < '9') + || (*s >= 'A' && *s <= 'Z') + || (*s >= 'a' && *s <= 'z'))) + fputs (_("[Error - invalid encoding]"), fp); + else + { + struct dn_array_s *dn = parse_dn (s); + if (!dn) + fputs (_("[Error - invalid DN]"), fp); + else + { + print_dn_parts (fp, dn); + for (i=0; dn[i].key; i++) + { + xfree (dn[i].key); + xfree (dn[i].value); + } + xfree (dn); + } + } +} + + diff --git a/sm/gpgsm.c b/sm/gpgsm.c index 17344ec22..3aeddd845 100644 --- a/sm/gpgsm.c +++ b/sm/gpgsm.c @@ -213,8 +213,8 @@ static ARGPARSE_OPTS opts[] = { { aListKeys, "list-keys", 256, N_("list keys")}, { aListKeys, "list-public-keys", 256, "@" }, { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")}, - { aDummy, "list-sigs", 256, "@"}, - { aDummy, "check-sigs",256, "@"}, + { aListSigs, "list-sigs", 256, N_("list certificate chain")}, + { aListSigs, "check-sigs",256, "@"}, { oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")}, { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")}, { aKeygen, "gen-key", 256, N_("generate a new key pair")}, @@ -360,7 +360,7 @@ static ARGPARSE_OPTS opts[] = { { oWithKeyData,"with-key-data", 0, "@"}, { aListKeys, "list-key", 0, "@" }, /* alias */ { aListSigs, "list-sig", 0, "@" }, /* alias */ - { aCheckKeys, "check-sig",0, "@" }, /* alias */ + { aListSigs, "check-sig",0, "@" }, /* alias */ { oSkipVerify, "skip-verify",0, "@" }, { oCompressKeys, "compress-keys",0, "@"}, { oCompressSigs, "compress-sigs",0, "@"}, @@ -727,6 +727,7 @@ main ( int argc, char **argv) case aExport: set_cmd (&cmd, aExport); break; case aListKeys: set_cmd (&cmd, aListKeys); break; case aListSecretKeys: set_cmd (&cmd, aListSecretKeys); break; + case aListSigs: set_cmd (&cmd, aListSigs); break; case aLearnCard: set_cmd (&cmd, aLearnCard); break; @@ -1179,6 +1180,8 @@ main ( int argc, char **argv) /* xfree(username); */ break; + case aListSigs: + ctrl.with_chain = 1; case aListKeys: for (sl=NULL; argc; argc--, argv++) add_to_strlist (&sl, *argv); diff --git a/sm/gpgsm.h b/sm/gpgsm.h index b1969112c..2ecb3169e 100644 --- a/sm/gpgsm.h +++ b/sm/gpgsm.h @@ -107,6 +107,7 @@ struct server_control_s { int status_fd; /* only for non-server mode */ struct server_local_s *server_local; int with_colons; /* use column delimited output format */ + int with_chain; /* include the certifying certs in a listing */ int autodetect_encoding; /* try to detect the input encoding */ int is_pem; /* Is in PEM format */ @@ -162,11 +163,17 @@ void gpgsm_destroy_writer (Base64Context ctx); /*-- certdump.c --*/ +void gpgsm_print_serial (FILE *fp, KsbaConstSexp p); +void gpgsm_print_time (FILE *fp, time_t t); +void gpgsm_print_name (FILE *fp, const char *string); + void gpgsm_dump_cert (const char *text, KsbaCert cert); void gpgsm_dump_serial (KsbaConstSexp p); void gpgsm_dump_time (time_t t); void gpgsm_dump_string (const char *string); + + /*-- certcheck.c --*/ int gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert); int gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval, diff --git a/sm/keylist.c b/sm/keylist.c index b53b10f16..d52790f2b 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -38,6 +38,7 @@ struct list_external_parm_s { FILE *fp; int print_header; int with_colons; + int with_chain; }; @@ -269,6 +270,146 @@ list_cert_colon (KsbaCert cert, FILE *fp, int have_secret) } +/* List one certificate in standard mode */ +static void +list_cert_std (KsbaCert cert, FILE *fp, int have_secret) +{ + KsbaError kerr; + KsbaSexp sexp; + char *dn; + time_t t; + int idx; + int is_ca, pathlen; + unsigned int kusage; + char *string, *p; + + sexp = ksba_cert_get_serial (cert); + fputs ("Serial number: ", fp); + gpgsm_print_serial (fp, sexp); + ksba_free (sexp); + putc ('\n', fp); + + dn = ksba_cert_get_issuer (cert, 0); + fputs (" Issuer: ", fp); + gpgsm_print_name (fp, dn); + ksba_free (dn); + putc ('\n', fp); + for (idx=1; (dn = ksba_cert_get_issuer (cert, idx)); idx++) + { + fputs (" aka: ", fp); + gpgsm_print_name (fp, dn); + ksba_free (dn); + putc ('\n', fp); + } + + dn = ksba_cert_get_subject (cert, 0); + fputs (" Subject: ", fp); + gpgsm_print_name (fp, dn); + ksba_free (dn); + putc ('\n', fp); + for (idx=1; (dn = ksba_cert_get_subject (cert, idx)); idx++) + { + fputs (" aka: ", fp); + gpgsm_print_name (fp, dn); + ksba_free (dn); + putc ('\n', fp); + } + + t = ksba_cert_get_validity (cert, 0); + fputs (" validity: ", fp); + gpgsm_print_time (fp, t); + fputs (" through ", fp); + t = ksba_cert_get_validity (cert, 1); + gpgsm_print_time (fp, t); + putc ('\n', fp); + + kerr = ksba_cert_get_key_usage (cert, &kusage); + if (kerr != KSBA_No_Data) + { + fputs (" key usage:", fp); + if (kerr) + fprintf (fp, " [error: %s]", ksba_strerror (kerr)); + else + { + if ( (kusage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE)) + fputs (" digitalSignature", fp); + if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION)) + fputs (" nonRepudiation", fp); + if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT)) + fputs (" keyEncipherment", fp); + if ( (kusage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT)) + fputs (" dataEncripherment", fp); + if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT)) + fputs (" keyAgreement", fp); + if ( (kusage & KSBA_KEYUSAGE_KEY_CERT_SIGN)) + fputs (" certSign", fp); + if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN)) + fputs (" crlSign", fp); + if ( (kusage & KSBA_KEYUSAGE_ENCIPHER_ONLY)) + fputs (" encipherOnly", fp); + if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY)) + fputs (" decipherOnly", fp); + } + putc ('\n', fp); + } + + kerr = ksba_cert_get_cert_policies (cert, &string); + if (kerr != KSBA_No_Data) + { + fputs (" policies: ", fp); + if (kerr) + fprintf (fp, "[error: %s]", ksba_strerror (kerr)); + else + { + for (p=string; *p; p++) + { + if (*p == '\n') + *p = ','; + } + print_sanitized_string (fp, string, 0); + xfree (string); + } + putc ('\n', fp); + } + + kerr = ksba_cert_is_ca (cert, &is_ca, &pathlen); + if (kerr || is_ca) + { + fputs (" path length: ", fp); + if (kerr) + fprintf (fp, "[error: %s]", ksba_strerror (kerr)); + else if (pathlen == -1) + fputs ("unlimited", fp); + else + fprintf (fp, "%d", pathlen); + putc ('\n', fp); + } + + + dn = gpgsm_get_fingerprint_string (cert, 0); + fprintf (fp, " fingerprint: %s\n", dn?dn:"error"); + xfree (dn); +} + +/* Same as standard mode mode list all certifying certts too */ +static void +list_cert_chain (KsbaCert cert, FILE *fp) +{ + KsbaCert next = NULL; + + list_cert_std (cert, fp, 0); + ksba_cert_ref (cert); + while (!gpgsm_walk_cert_chain (cert, &next)) + { + ksba_cert_release (cert); + fputs ("Certified by\n", fp); + list_cert_std (next, fp, 0); + cert = next; + } + ksba_cert_release (cert); + putc ('\n', fp); +} + /* List all internal keys or just the key given as NAMES. @@ -380,8 +521,13 @@ list_internal_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode) { if (ctrl->with_colons) list_cert_colon (cert, fp, have_secret); + else if (ctrl->with_chain) + list_cert_chain (cert, fp); else - list_cert_colon (cert, fp, have_secret); + { + list_cert_std (cert, fp, have_secret); + putc ('\n', fp); + } } ksba_cert_release (cert); cert = NULL; @@ -416,8 +562,13 @@ list_external_cb (void *cb_value, KsbaCert cert) if (parm->with_colons) list_cert_colon (cert, parm->fp, 0); + else if (parm->with_chain) + list_cert_chain (cert, parm->fp); else - list_cert_colon (cert, parm->fp, 0); + { + list_cert_std (cert, parm->fp, 0); + putc ('\n', parm->fp); + } } @@ -433,6 +584,7 @@ list_external_keys (CTRL ctrl, STRLIST names, FILE *fp) parm.fp = fp; parm.print_header = ctrl->no_server; parm.with_colons = ctrl->with_colons; + parm.with_chain = ctrl->with_chain; rc = gpgsm_dirmngr_lookup (names, list_external_cb, &parm); if (rc)