sm: Lookup missing issuers first using authorityInfoAccess.

* sm/call-dirmngr.c (gpgsm_dirmngr_lookup): Add optional arg URL and adjust all callers. * sm/certchain.c (oidstr_caIssuers): New. (struct find_up_store_certs_s): Add additional fields. (find_up_store_certs_cb): Store the fingerprint. (find_up_via_auth_info_access): New. (find_up): Try the AIA URI first. -- Note that --auto-issuer-key-retrieve is required to use that. GnuPG-bug-id: 4898 Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2020-04-16 18:01:37 +02:00 · 2020-04-16 18:01:37 +02:00 · d57209553d
commit d57209553d
parent 3b27c26241
4 changed files with 180 additions and 26 deletions
--- a/sm/call-dirmngr.c
+++ b/sm/call-dirmngr.c
@ -756,20 +756,24 @@ lookup_status_cb (void *opaque, const char *line)


 /* Run the Directory Manager's lookup command using the pattern
-   compiled from the strings given in NAMES.  The caller must provide
-   the callback CB which will be passed cert by cert.  Note that CTRL
-   is optional.  With CACHE_ONLY the dirmngr will search only its own
-   key cache. */
+   compiled from the strings given in NAMES or from URI.  The caller
+   must provide the callback CB which will be passed cert by cert.
+   Note that CTRL is optional.  With CACHE_ONLY the dirmngr will
+   search only its own key cache. */
 int
-gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
+gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, const char *uri,
+                      int cache_only,
                      void (*cb)(void*, ksba_cert_t), void *cb_value)
 {
  int rc;
-  char *pattern;
  char line[ASSUAN_LINELENGTH];
  struct lookup_parm_s parm;
  size_t len;
  assuan_context_t ctx;
+  const char *s;
+
+  if ((names && uri) || (!names && !uri))
+    return gpg_error (GPG_ERR_INV_ARG);

  /* The lookup function can be invoked from the callback of a lookup
     function, for example to walk the chain.  */
@ -792,19 +796,35 @@ gpgsm_dirmngr_lookup (ctrl_t ctrl, strlist_t names, int cache_only,
      log_fatal ("both dirmngr contexts are in use\n");
    }

-  pattern = pattern_from_strlist (names);
-  if (!pattern)
+  if (names)
    {
-      if (ctx == dirmngr_ctx)
-	release_dirmngr (ctrl);
-      else
-	release_dirmngr2 (ctrl);
+      char *pattern = pattern_from_strlist (names);
+      if (!pattern)
+        {
+          if (ctx == dirmngr_ctx)
+            release_dirmngr (ctrl);
+          else
+            release_dirmngr2 (ctrl);

-      return out_of_core ();
+          return out_of_core ();
+        }
+      snprintf (line, DIM(line), "LOOKUP%s %s",
+                cache_only? " --cache-only":"", pattern);
+      xfree (pattern);
+    }
+  else
+    {
+      for (s=uri; *s; s++)
+        if (*s <= ' ')
+          {
+            if (ctx == dirmngr_ctx)
+              release_dirmngr (ctrl);
+            else
+              release_dirmngr2 (ctrl);
+            return gpg_error (GPG_ERR_INV_URI);
+          }
+      snprintf (line, DIM(line), "LOOKUP --url %s", uri);
    }
-  snprintf (line, DIM(line), "LOOKUP%s %s",
-            cache_only? " --cache-only":"", pattern);
-  xfree (pattern);

  parm.ctrl = ctrl;
  parm.ctx = ctx;