security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

dirmngr: Add experimental command WKD_GET. 

* dirmngr/server.c (cmd_wkd_get): New.
(register_commands): Add command WKD_GET.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2016-04-27 08:20:25 +02:00
parent c3aeda82b8
commit c83c6f212e
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
1 changed files with 74 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
dirmngr/server.c
View File

@ -1,7 +1,7 @@
/* server.c - LDAP and Keyserver access server
* Copyright (C) 2002 Klarälvdalens Datakonsult AB
* Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2011, 2015 g10 Code GmbH
* Copyright (C) 2014 Werner Koch
* Copyright (C) 2014, 2015, 2016 Werner Koch
*
* This file is part of GnuPG.
*
@ -621,7 +621,7 @@ static const char hlp_dns_cert[] =
" * Return the first record of any supported subtype\n"
" PGP Return the first record of subtype PGP (3)\n"
" IPGP Return the first record of subtype IPGP (6)\n"
"If the content of a certifciate is available (PGP) it is returned\n"
"If the content of a certificate is available (PGP) it is returned\n"
"by data lines. Fingerprints and URLs are returned via status lines.\n"
"In --pka mode the fingerprint and if available an URL is returned.\n"
"In --dane mode the key is returned from RR type 61";
@ -797,6 +797,75 @@ cmd_dns_cert (assuan_context_t ctx, char *line)
}
static const char hlp_wkd_get[] =
"WKD_GET <user_id>\n"
"\n"
"Return the key for <user_id> from a Web Key Directory.\n";
static gpg_error_t
cmd_wkd_get (assuan_context_t ctx, char *line)
{
ctrl_t ctrl = assuan_get_pointer (ctx);
gpg_error_t err = 0;
char *mbox = NULL;
char *domain; /* Points to mbox. */
char sha1buf[20];
char *uri = NULL;
char *encodedhash = NULL;
line = skip_options (line);
mbox = mailbox_from_userid (line);
if (!mbox || !(domain = strchr (mbox, '@')))
{
err = set_error (GPG_ERR_INV_USER_ID, "no mailbox in user id");
goto leave;
}
*domain++ = 0;
gcry_md_hash_buffer (GCRY_MD_SHA1, sha1buf, mbox, strlen (mbox));
encodedhash = zb32_encode (sha1buf, 8*20);
if (!encodedhash)
{
err = gpg_error_from_syserror ();
goto leave;
}
uri = strconcat ("https://",
domain,
"/.well-known/openpgpkey/hu/",
domain,
"/",
encodedhash,
NULL);
if (!uri)
{
err = gpg_error_from_syserror ();
goto leave;
}
/* Setup an output stream and perform the get. */
{
estream_t outfp;
outfp = es_fopencookie (ctx, "w", data_line_cookie_functions);
if (!outfp)
err = set_error (GPG_ERR_ASS_GENERAL, "error setting up a data stream");
else
{
err = ks_action_fetch (ctrl, uri, outfp);
es_fclose (outfp);
}
}
leave:
xfree (uri);
xfree (encodedhash);
xfree (mbox);
return leave_cmd (ctx, err);
}
static const char hlp_ldapserver[] =
"LDAPSERVER <data>\n"
@ -1076,7 +1145,7 @@ static const char hlp_checkocsp[] =
"Processing then takes place without further interaction; in\n"
"particular dirmngr tries to locate other required certificates by\n"
"its own mechanism which includes a local certificate store as well\n"
"as a list of trusted root certifciates.\n"
"as a list of trusted root certificates.\n"
"\n"
"If the option --force-default-responder is given, only the default\n"
"OCSP responder will be used and any other methods of obtaining an\n"
@ -2018,7 +2087,7 @@ cmd_ks_fetch (assuan_context_t ctx, char *line)
/* No options for now. */
line = skip_options (line);
err = ensure_keyserver (ctrl);
err = ensure_keyserver (ctrl); /* FIXME: Why do we needs this here? */
if (err)
goto leave;
@ -2261,6 +2330,7 @@ register_commands (assuan_context_t ctx)
const char * const help;
} table[] = {
{ "DNS_CERT", cmd_dns_cert, hlp_dns_cert },
{ "WKD_GET", cmd_wkd_get, hlp_wkd_get },
{ "LDAPSERVER", cmd_ldapserver, hlp_ldapserver },
{ "ISVALID", cmd_isvalid, hlp_isvalid },
{ "CHECKCRL", cmd_checkcrl, hlp_checkcrl },