* gpgsm.c, gpgsm.h: Add local_user.

* sign.c (gpgsm_get_default_cert): New. (get_default_signer): Use the new function if local_user is not set otherwise used that value. * encrypt.c (get_default_recipient): Removed. (gpgsm_encrypt): Use gpgsm_get_default_cert. * verify.c (gpgsm_verify): Better error text for a bad signature found by comparing the hashs.
2002-03-05 15:56:46 +00:00 · 2002-03-05 15:56:46 +00:00 · c8454f792d
parent dfda938ee9
commit c8454f792d
9 changed files with 96 additions and 55 deletions
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@ -1,3 +1,15 @@
+2002-03-05  Werner Koch  <wk@gnupg.org>
+
+	* gpgsm.c, gpgsm.h: Add local_user.
+	* sign.c (gpgsm_get_default_cert): New.
+	(get_default_signer): Use the new function if local_user is not
+	set otherwise used that value.
+	* encrypt.c (get_default_recipient): Removed.
+	(gpgsm_encrypt): Use gpgsm_get_default_cert.
+
+	* verify.c (gpgsm_verify): Better error text for a bad signature
+	found by comparing the hashs.
+
 2002-02-27  Werner Koch  <wk@gnupg.org>

 	* call-dirmngr.c, call-agent.c: Add 2 more arguments to all uses
--- a/sm/certcheck.c
+++ b/sm/certcheck.c
@ -204,14 +204,15 @@ gpgsm_check_cms_signature (KsbaCert cert, KsbaConstSexp sigval,
    }

  p = ksba_cert_get_public_key (cert);
-  if (DBG_X509)
-    log_debug ("public key: %s\n", p);
  n = gcry_sexp_canon_len (p, 0, NULL, NULL);
  if (!n)
    {
      log_error ("libksba did not return a proper S-Exp\n");
      return GNUPG_Bug;
    }
+  if (DBG_X509)
+    log_printhex ("public key: ", p, n);
+
  rc = gcry_sexp_sscan ( &s_pkey, NULL, p, n);
  if (rc)
    {
@ -256,7 +257,7 @@ gpgsm_create_cms_signature (KsbaCert cert, GCRY_MD_HD md, int mdalgo,
                           r_sigval, &siglen);
  xfree (grip);
  /* FIXME: we should check that the returned S-Exp is valid fits int
-     siglen.  It ould probaly be a good idea to scan and print it
+     siglen.  It ould probably be a good idea to scan and print it
     again to make this sure and be sure that we have canoncical
     encoding */
  return rc;
--- a/sm/encrypt.c
+++ b/sm/encrypt.c
@ -58,45 +58,6 @@ struct encrypt_cb_parm_s {
 };


-static KsbaCert
-get_default_recipient (void)
-{
-  const char key[] =
-    "/CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=Düsseldorf,C=DE";
-
-  KEYDB_SEARCH_DESC desc;
-  KsbaCert cert = NULL;
-  KEYDB_HANDLE kh = NULL;
-  int rc;
-
-  rc = keydb_classify_name (key, &desc);
-  if (rc)
-    {
-      log_error ("failed to find recipient: %s\n", gnupg_strerror (rc));
-      return NULL;
-    }
-
-  kh = keydb_new (0);
-  if (!kh)
-    return NULL;
-
-  rc = keydb_search (kh, &desc, 1);
-  if (rc)
-    {
-      log_debug ("failed to find default certificate: rc=%d\n", rc);
-    }
-  else 
-    {
-      rc = keydb_get_cert (kh, &cert);
-      if (rc)
-        {
-          log_debug ("failed to get cert: rc=%d\n", rc);
-        }
-    }
-
-  keydb_release (kh);
-  return cert;
-}



@ -417,8 +378,8 @@ gpgsm_encrypt (CTRL ctrl, CERTLIST recplist, int data_fd, FILE *out_fp)
     STATUS_NO_RECP */
  if (!recplist)
    {
-      help_recplist.cert = get_default_recipient ();
-      if (!help_recplist.cert)
+      rc = gpgsm_get_default_cert (&help_recplist.cert);
+      if (rc)
        {
          log_error ("no default recipient found\n");
          rc = seterr (General_Error);
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@ -875,6 +875,7 @@ main ( int argc, char **argv)
        case oTextmode: /*fixme:opt.textmode=1;*/  break;

        case oUser: /* store the local users */
+          opt.local_user = pargs.r.ret_str;
          add_to_strlist ( &locusr, pargs.r.ret_str);
          break;

--- a/sm/gpgsm.h
+++ b/sm/gpgsm.h
@ -58,6 +58,8 @@ struct {
  char *def_recipient;    /* userID of the default recipient */
  int def_recipient_self; /* The default recipient is the default key */

+  char *local_user;       /* NULL or argument to -u */
+
  int always_trust;       /* Trust the given keys even if there is no
                             valid certification path */
  int skip_verify;        /* do not check signatures on data */
@ -189,6 +191,7 @@ int gpgsm_import (CTRL ctrl, int in_fd);
 int gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp);

 /*-- sign.c --*/
+int gpgsm_get_default_cert (KsbaCert *r_cert);
 int gpgsm_sign (CTRL ctrl, int data_fd, int detached, FILE *out_fp);

 /*-- encrypt.c --*/
--- a/sm/keydb.c
+++ b/sm/keydb.c
@ -1197,4 +1197,3 @@ keydb_store_cert (KsbaCert cert)
 }


-
--- a/sm/keylist.c
+++ b/sm/keylist.c
@ -233,7 +233,7 @@ gpgsm_list_keys (CTRL ctrl, STRLIST names, FILE *fp, unsigned int mode)
  int have_secret;

 #warning there is no key selection yet
-  /* We must take care of qouting here */
+  /* We must take care of quoting here */
  hd = keydb_new (0);
  if (!hd)
    rc = GNUPG_General_Error;
--- a/sm/sign.c
+++ b/sm/sign.c
@ -61,19 +61,84 @@ hash_data (int fd, GCRY_MD_HD md)
 }


+/* Get the default certificate which is defined as the first one our
+   keyDB retruns and has a secret key available */
+int
+gpgsm_get_default_cert (KsbaCert *r_cert)
+{
+  KEYDB_HANDLE hd;
+  KsbaCert cert = NULL;
+  int rc;
+  char *p;
+
+  hd = keydb_new (0);
+  if (!hd)
+    return GNUPG_General_Error;
+  rc = keydb_search_first (hd);
+  if (rc)
+    {
+      keydb_release (hd);
+      return rc;
+    }
+
+  do
+    {
+      rc = keydb_get_cert (hd, &cert);
+      if (rc) 
+        {
+          log_error ("keydb_get_cert failed: %s\n", gnupg_strerror (rc));
+          keydb_release (hd);
+          return rc;
+        }
+      
+      p = gpgsm_get_keygrip_hexstring (cert);
+      if (p)
+        {
+          if (!gpgsm_agent_havekey (p))
+            {
+              xfree (p);
+              keydb_release (hd);
+              *r_cert = cert;
+              return 0; /* got it */
+            }
+          xfree (p);
+        }
+    
+      ksba_cert_release (cert); 
+      cert = NULL;
+    }
+  while (!(rc = keydb_search_next (hd)));
+  if (rc && rc != -1)
+    log_error ("keydb_search_next failed: %s\n", gnupg_strerror (rc));
+  
+  ksba_cert_release (cert);
+  keydb_release (hd);
+  return rc;
+}
+
+
 static KsbaCert
 get_default_signer (void)
 {
-  //  const char key[] = "1.2.840.113549.1.9.1=#7472757374407765622E6465#,CN=WEB.DE TrustCenter,OU=TrustCenter,O=WEB.DE AG,L=D-76227 Karlsruhe,C=DE";
-  const char key[] =
-    "/CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=Düsseldorf,C=DE";
-
  KEYDB_SEARCH_DESC desc;
  KsbaCert cert = NULL;
  KEYDB_HANDLE kh = NULL;
  int rc;

-  rc = keydb_classify_name (key, &desc);
+  if (!opt.local_user)
+    {
+      rc = gpgsm_get_default_cert (&cert);
+      if (rc)
+        {
+          if (rc != -1)
+            log_debug ("failed to find default certificate: %s\n",
+                       gnupg_strerror (rc));
+          return NULL;
+        }
+      return cert;
+    }
+
+  rc = keydb_classify_name (opt.local_user, &desc);
  if (rc)
    {
      log_error ("failed to find default signer: %s\n", gnupg_strerror (rc));
@ -103,6 +168,7 @@ get_default_signer (void)
 }


+
 /* Depending on the options in CTRL add the certificate CERT as well as
   other certificate up in the chain to the Root-CA to the CMS
   object. */
--- a/sm/verify.c
+++ b/sm/verify.c
@ -328,8 +328,8 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
               || gcry_md_get_algo_dlen (algo) != msgdigestlen
               || !s || memcmp (s, msgdigest, msgdigestlen) )
            {
-              log_error ("message digest attribute does not "
-                         "match calculated one\n");
+              log_error ("invalid signature: message digest attribute "
+                         "does not match calculated one\n");
              gpgsm_status (ctrl, STATUS_BADSIG, NULL);
              goto next_signer; 
            }
@ -424,5 +424,3 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
    fclose (fp);
  return rc;
 }
-
-