security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-04-17 15:44:34 +02:00
Code Activity

* gpgsm.c (main): New command --list-sigs

Browse Source 
* keylist.c (list_cert_std): New.  Use it whenever colon mode is
not used.
(list_cert_chain): New.
This commit is contained in:
Werner Koch 2002-06-04 09:41:59 +00:00
parent a3aa9e386b
commit c6416080a2
5 changed files with 480 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
sm/ChangeLog
View File

@ -1,3 +1,10 @@
2002-06-04 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): New command --list-sigs
* keylist.c (list_cert_std): New. Use it whenever colon mode is
not used.
(list_cert_chain): New.
2002-05-31 Werner Koch <wk@gnupg.org> 2002-05-31 Werner Koch <wk@gnupg.org>
* gpgsm.c (main): Don't print the "go ahead" message for an * gpgsm.c (main): Don't print the "go ahead" message for an

306
sm/certdump.c
View File

@ -32,8 +32,41 @@
#include "gpgsm.h" #include "gpgsm.h"
#include "keydb.h" #include "keydb.h"
#include "i18n.h"
struct dn_array_s {
char *key;
char *value;
};
/* print the first element of an S-Expression */ /* print the first element of an S-Expression */
void
gpgsm_print_serial (FILE *fp, KsbaConstSexp p)
{
unsigned long n;
KsbaConstSexp endp;
if (!p)
fputs (_("none"), fp);
else if (*p != '(')
fputs ("[Internal error - not an S-expression]", fp);
else
{
p++;
n = strtoul (p, (char**)&endp, 10);
p = endp;
if (*p!=':')
fputs ("[Internal Error - invalid S-expression]", fp);
else
{
for (p++; n; n--, p++)
fprintf (fp, "%02X", *p);
}
}
}
void void
gpgsm_dump_serial (KsbaConstSexp p) gpgsm_dump_serial (KsbaConstSexp p)
{ {
@ -59,7 +92,24 @@ gpgsm_dump_serial (KsbaConstSexp p)
} }
} }
void
gpgsm_print_time (FILE *fp, time_t t)
{
if (!t)
fputs (_("none"), fp);
else if ( t == (time_t)(-1) )
fputs ("[Error - Invalid time]", fp);
else
{
struct tm *tp;
tp = gmtime (&t);
fprintf (fp, "%04d-%02d-%02d %02d:%02d:%02d Z",
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
tp->tm_hour, tp->tm_min, tp->tm_sec);
assert (!tp->tm_isdst);
}
}
void void
gpgsm_dump_time (time_t t) gpgsm_dump_time (time_t t)
@ -82,6 +132,8 @@ gpgsm_dump_time (time_t t)
} }
void void
gpgsm_dump_string (const char *string) gpgsm_dump_string (const char *string)
{ {
@ -157,7 +209,261 @@ gpgsm_dump_cert (const char *text, KsbaCert cert)
} }
/* helper for the rfc2253 string parser */
static const unsigned char *
parse_dn_part (struct dn_array_s *array, const unsigned char *string)
{
const unsigned char *s, *s1;
size_t n;
unsigned char *p;
/* parse attributeType */
for (s = string+1; *s && *s != '='; s++)
;
if (!*s)
return NULL; /* error */
n = s - string;
if (!n)
return NULL; /* empty key */
array->key = p = xtrymalloc (n+1);
if (!array->key)
return NULL;
memcpy (p, string, n);
p[n] = 0;
trim_trailing_spaces (p);
if ( !strcmp (p, "1.2.840.113549.1.9.1") )
strcpy (p, "EMail");
string = s + 1;
if (*string == '#')
{ /* hexstring */
string++;
for (s=string; hexdigitp (s); s++)
s++;
n = s - string;
if (!n || (n & 1))
return NULL; /* empty or odd number of digits */
n /= 2;
array->value = p = xtrymalloc (n+1);
if (!p)
return NULL;
for (s1=string; n; s1 += 2, n--)
*p++ = xtoi_2 (s1);
*p = 0;
}
else
{ /* regular v3 quoted string */
for (n=0, s=string; *s; s++)
{
if (*s == '\\')
{ /* pair */
s++;
if (*s == ',' || *s == '=' || *s == '+'
|| *s == '<' || *s == '>' || *s == '#' || *s == ';'
|| *s == '\\' || *s == '\"' || *s == ' ')
n++;
else if (hexdigitp (s) && hexdigitp (s+1))
{
s++;
n++;
}
else
return NULL; /* invalid escape sequence */
}
else if (*s == '\"')
return NULL; /* invalid encoding */
else if (*s == ',' || *s == '=' || *s == '+'
|| *s == '<' || *s == '>' || *s == '#' || *s == ';' )
break;
else
n++;
}
array->value = p = xtrymalloc (n+1);
if (!p)
return NULL;
for (s=string; n; s++, n--)
{
if (*s == '\\')
{
s++;
if (hexdigitp (s))
{
*p++ = xtoi_2 (s);
s++;
}
else
*p++ = *s;
}
else
*p++ = *s;
}
*p = 0;
}
return s;
}
/* Parse a DN and return an array-ized one. This is not a validating
parser and it does not support any old-stylish syntax; KSBA is
expected to return only rfc2253 compatible strings. */
static struct dn_array_s *
parse_dn (const unsigned char *string)
{
struct dn_array_s *array;
size_t arrayidx, arraysize;
int i;
arraysize = 7; /* C,ST,L,O,OU,CN,email */
arrayidx = 0;
array = xtrymalloc ((arraysize+1) * sizeof *array);
if (!array)
return NULL;
while (*string)
{
while (*string == ' ')
string++;
if (!*string)
break; /* ready */
if (arrayidx >= arraysize)
{
struct dn_array_s *a2;
arraysize += 5;
a2 = xtryrealloc (array, (arraysize+1) * sizeof *array);
if (!a2)
goto failure;
array = a2;
}
array[arrayidx].key = NULL;
array[arrayidx].value = NULL;
string = parse_dn_part (array+arrayidx, string);
arrayidx++;
if (!string)
goto failure;
while (*string == ' ')
string++;
if (*string && *string != ',' && *string != ';' && *string != '+')
goto failure; /* invalid delimiter */
if (*string)
string++;
}
array[arrayidx].key = NULL;
array[arrayidx].value = NULL;
return array;
failure:
for (i=0; i < arrayidx; i++)
{
xfree (array[i].key);
xfree (array[i].value);
}
xfree (array);
return NULL;
}
static int
print_dn_part (FILE *fp, struct dn_array_s *dn, const char *key,
int need_delim)
{
int any = 0;
for (; dn->key; dn++)
{
if (!strcmp (dn->key, key) && dn->value && *dn->value)
{
if (need_delim)
{
putc ('/', fp);
need_delim = 0;
}
if (any)
fputs (" + ", fp);
else
fprintf (fp, "%s=", key);
print_sanitized_utf8_string (fp, dn->value, '/');
any = 1;
}
}
return any;
}
/* Print all parts of a DN in a "standard" sequence. We first print
all the known parts, followed by the uncommon ones */
static void
print_dn_parts (FILE *fp, struct dn_array_s *dn)
{
const char *stdpart[] = {
"CN", "OU", "O", "STREET", "L", "ST", "C", "EMail", NULL
};
int any=0, i;
for (i=0; stdpart[i]; i++)
{
if (print_dn_part (fp, dn, stdpart[i], any))
any = 1;
}
/* now print the rest without any specific ordering */
for (; dn->key; dn++)
{
for (i=0; stdpart[i]; i++)
{
if (!strcmp (dn->key, stdpart[i]))
break;
}
if (!stdpart[i])
{
if (print_dn_part (fp, dn, dn->key, any))
any = 1;
}
}
}
void
gpgsm_print_name (FILE *fp, const char *name)
{
const unsigned char *s;
int i;
s = name;
if (!s)
{
fputs (_("[Error - No name]"), fp);
}
else if (*s == '<')
{
const unsigned char *s2 = strchr (s+1, '>');
if (s2)
print_sanitized_utf8_buffer (fp, s + 1, s2 - s - 1, 0);
}
else if (*s == '(')
fputs (_("[Error - unknown encoding]"), fp);
else if (!((*s >= '0' && *s < '9')
|| (*s >= 'A' && *s <= 'Z')
|| (*s >= 'a' && *s <= 'z')))
fputs (_("[Error - invalid encoding]"), fp);
else
{
struct dn_array_s *dn = parse_dn (s);
if (!dn)
fputs (_("[Error - invalid DN]"), fp);
else
{
print_dn_parts (fp, dn);
for (i=0; dn[i].key; i++)
{
xfree (dn[i].key);
xfree (dn[i].value);
}
xfree (dn);
}
}
}

9
sm/gpgsm.c
View File

@ -213,8 +213,8 @@ static ARGPARSE_OPTS opts[] = {
{ aListKeys, "list-keys", 256, N_("list keys")}, { aListKeys, "list-keys", 256, N_("list keys")},
{ aListKeys, "list-public-keys", 256, "@" }, { aListKeys, "list-public-keys", 256, "@" },
{ aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")}, { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
{ aDummy, "list-sigs", 256, "@"}, { aListSigs, "list-sigs", 256, N_("list certificate chain")},
{ aDummy, "check-sigs",256, "@"}, { aListSigs, "check-sigs",256, "@"},
{ oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")}, { oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")},
{ aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")}, { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
{ aKeygen, "gen-key", 256, N_("generate a new key pair")}, { aKeygen, "gen-key", 256, N_("generate a new key pair")},
@ -360,7 +360,7 @@ static ARGPARSE_OPTS opts[] = {
{ oWithKeyData,"with-key-data", 0, "@"}, { oWithKeyData,"with-key-data", 0, "@"},
{ aListKeys, "list-key", 0, "@" }, /* alias */ { aListKeys, "list-key", 0, "@" }, /* alias */
{ aListSigs, "list-sig", 0, "@" }, /* alias */ { aListSigs, "list-sig", 0, "@" }, /* alias */
{ aCheckKeys, "check-sig",0, "@" }, /* alias */ { aListSigs, "check-sig",0, "@" }, /* alias */
{ oSkipVerify, "skip-verify",0, "@" }, { oSkipVerify, "skip-verify",0, "@" },
{ oCompressKeys, "compress-keys",0, "@"}, { oCompressKeys, "compress-keys",0, "@"},
{ oCompressSigs, "compress-sigs",0, "@"}, { oCompressSigs, "compress-sigs",0, "@"},
@ -727,6 +727,7 @@ main ( int argc, char **argv)
case aExport: set_cmd (&cmd, aExport); break; case aExport: set_cmd (&cmd, aExport); break;
case aListKeys: set_cmd (&cmd, aListKeys); break; case aListKeys: set_cmd (&cmd, aListKeys); break;
case aListSecretKeys: set_cmd (&cmd, aListSecretKeys); break; case aListSecretKeys: set_cmd (&cmd, aListSecretKeys); break;
case aListSigs: set_cmd (&cmd, aListSigs); break;
case aLearnCard: set_cmd (&cmd, aLearnCard); break; case aLearnCard: set_cmd (&cmd, aLearnCard); break;
@ -1179,6 +1180,8 @@ main ( int argc, char **argv)
/* xfree(username); */ /* xfree(username); */
break; break;
case aListSigs:
ctrl.with_chain = 1;
case aListKeys: case aListKeys:
for (sl=NULL; argc; argc--, argv++) for (sl=NULL; argc; argc--, argv++)
add_to_strlist (&sl, *argv); add_to_strlist (&sl, *argv);

7
sm/gpgsm.h
View File

@ -107,6 +107,7 @@ struct server_control_s {
int status_fd; /* only for non-server mode */ int status_fd; /* only for non-server mode */
struct server_local_s *server_local; struct server_local_s *server_local;
int with_colons; /* use column delimited output format */ int with_colons; /* use column delimited output format */
int with_chain; /* include the certifying certs in a listing */
int autodetect_encoding; /* try to detect the input encoding */ int autodetect_encoding; /* try to detect the input encoding */
int is_pem; /* Is in PEM format */ int is_pem; /* Is in PEM format */
@ -162,11 +163,17 @@ void gpgsm_destroy_writer (Base64Context ctx);
/*-- certdump.c --*/ /*-- certdump.c --*/
void gpgsm_print_serial (FILE *fp, KsbaConstSexp p);
void gpgsm_print_time (FILE *fp, time_t t);
void gpgsm_print_name (FILE *fp, const char *string);
void gpgsm_dump_cert (const char *text, KsbaCert cert); void gpgsm_dump_cert (const char *text, KsbaCert cert);
void gpgsm_dump_serial (KsbaConstSexp p); void gpgsm_dump_serial (KsbaConstSexp p);
void gpgsm_dump_time (time_t t); void gpgsm_dump_time (time_t t);
void gpgsm_dump_string (const char *string); void gpgsm_dump_string (const char *string);
/*-- certcheck.c --*/ /*-- certcheck.c --*/
int gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert); int gpgsm_check_cert_sig (KsbaCert issuer_cert, KsbaCert cert);
int gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval, int gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,

156
sm/keylist.c
View File

@ -38,6 +38,7 @@ struct list_external_parm_s {
FILE *fp; FILE *fp;
int print_header; int print_header;
int with_colons; int with_colons;
int with_chain;
}; };
@ -269,6 +270,146 @@ list_cert_colon (KsbaCert cert, FILE *fp, int have_secret)
} }
/* List one certificate in standard mode */
static void
list_cert_std (KsbaCert cert, FILE *fp, int have_secret)
{
KsbaError kerr;
KsbaSexp sexp;
char *dn;
time_t t;
int idx;
int is_ca, pathlen;
unsigned int kusage;
char *string, *p;
sexp = ksba_cert_get_serial (cert);
fputs ("Serial number: ", fp);
gpgsm_print_serial (fp, sexp);
ksba_free (sexp);
putc ('\n', fp);
dn = ksba_cert_get_issuer (cert, 0);
fputs (" Issuer: ", fp);
gpgsm_print_name (fp, dn);
ksba_free (dn);
putc ('\n', fp);
for (idx=1; (dn = ksba_cert_get_issuer (cert, idx)); idx++)
{
fputs (" aka: ", fp);
gpgsm_print_name (fp, dn);
ksba_free (dn);
putc ('\n', fp);
}
dn = ksba_cert_get_subject (cert, 0);
fputs (" Subject: ", fp);
gpgsm_print_name (fp, dn);
ksba_free (dn);
putc ('\n', fp);
for (idx=1; (dn = ksba_cert_get_subject (cert, idx)); idx++)
{
fputs (" aka: ", fp);
gpgsm_print_name (fp, dn);
ksba_free (dn);
putc ('\n', fp);
}
t = ksba_cert_get_validity (cert, 0);
fputs (" validity: ", fp);
gpgsm_print_time (fp, t);
fputs (" through ", fp);
t = ksba_cert_get_validity (cert, 1);
gpgsm_print_time (fp, t);
putc ('\n', fp);
kerr = ksba_cert_get_key_usage (cert, &kusage);
if (kerr != KSBA_No_Data)
{
fputs (" key usage:", fp);
if (kerr)
fprintf (fp, " [error: %s]", ksba_strerror (kerr));
else
{
if ( (kusage & KSBA_KEYUSAGE_DIGITAL_SIGNATURE))
fputs (" digitalSignature", fp);
if ( (kusage & KSBA_KEYUSAGE_NON_REPUDIATION))
fputs (" nonRepudiation", fp);
if ( (kusage & KSBA_KEYUSAGE_KEY_ENCIPHERMENT))
fputs (" keyEncipherment", fp);
if ( (kusage & KSBA_KEYUSAGE_DATA_ENCIPHERMENT))
fputs (" dataEncripherment", fp);
if ( (kusage & KSBA_KEYUSAGE_KEY_AGREEMENT))
fputs (" keyAgreement", fp);
if ( (kusage & KSBA_KEYUSAGE_KEY_CERT_SIGN))
fputs (" certSign", fp);
if ( (kusage & KSBA_KEYUSAGE_CRL_SIGN))
fputs (" crlSign", fp);
if ( (kusage & KSBA_KEYUSAGE_ENCIPHER_ONLY))
fputs (" encipherOnly", fp);
if ( (kusage & KSBA_KEYUSAGE_DECIPHER_ONLY))
fputs (" decipherOnly", fp);
}
putc ('\n', fp);
}
kerr = ksba_cert_get_cert_policies (cert, &string);
if (kerr != KSBA_No_Data)
{
fputs (" policies: ", fp);
if (kerr)
fprintf (fp, "[error: %s]", ksba_strerror (kerr));
else
{
for (p=string; *p; p++)
{
if (*p == '\n')
*p = ',';
}
print_sanitized_string (fp, string, 0);
xfree (string);
}
putc ('\n', fp);
}
kerr = ksba_cert_is_ca (cert, &is_ca, &pathlen);
if (kerr || is_ca)
{
fputs (" path length: ", fp);
if (kerr)
fprintf (fp, "[error: %s]", ksba_strerror (kerr));
else if (pathlen == -1)
fputs ("unlimited", fp);
else
fprintf (fp, "%d", pathlen);
putc ('\n', fp);
}
dn = gpgsm_get_fingerprint_string (cert, 0);
fprintf (fp, " fingerprint: %s\n", dn?dn:"error");
xfree (dn);
}
/* Same as standard mode mode list all certifying certts too */
static void
list_cert_chain (KsbaCert cert, FILE *fp)
{
KsbaCert next = NULL;
list_cert_std (cert, fp, 0);
ksba_cert_ref (cert);
while (!gpgsm_walk_cert_chain (cert, &next))
{
ksba_cert_release (cert);
fputs ("Certified by\n", fp);
list_cert_std (next, fp, 0);
cert = next;
}
ksba_cert_release (cert);
putc ('\n', fp);
}
/* List all internal keys or just the key given as NAMES. /* List all internal keys or just the key given as NAMES.
@ -380,8 +521,13 @@ list_internal_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode)
{ {
if (ctrl->with_colons) if (ctrl->with_colons)
list_cert_colon (cert, fp, have_secret); list_cert_colon (cert, fp, have_secret);
else if (ctrl->with_chain)
list_cert_chain (cert, fp);
else else
list_cert_colon (cert, fp, have_secret); {
list_cert_std (cert, fp, have_secret);
putc ('\n', fp);
}
} }
ksba_cert_release (cert); ksba_cert_release (cert);
cert = NULL; cert = NULL;
@ -416,8 +562,13 @@ list_external_cb (void *cb_value, KsbaCert cert)
if (parm->with_colons) if (parm->with_colons)
list_cert_colon (cert, parm->fp, 0); list_cert_colon (cert, parm->fp, 0);
else if (parm->with_chain)
list_cert_chain (cert, parm->fp);
else else
list_cert_colon (cert, parm->fp, 0); {
list_cert_std (cert, parm->fp, 0);
putc ('\n', parm->fp);
}
} }
@ -433,6 +584,7 @@ list_external_keys (CTRL ctrl, STRLIST names, FILE *fp)
parm.fp = fp; parm.fp = fp;
parm.print_header = ctrl->no_server; parm.print_header = ctrl->no_server;
parm.with_colons = ctrl->with_colons; parm.with_colons = ctrl->with_colons;
parm.with_chain = ctrl->with_chain;
rc = gpgsm_dirmngr_lookup (names, list_external_cb, &parm); rc = gpgsm_dirmngr_lookup (names, list_external_cb, &parm);
if (rc) if (rc)