mirror of
git://git.gnupg.org/gnupg.git
synced 2024-12-22 10:19:57 +01:00
* verify.c (strtimestamp_r, gpgsm_verify):
* sign.c (gpgsm_sign): * keylist.c (print_time, list_cert_std, list_cert_colon): * certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert): * certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t.
This commit is contained in:
parent
c8fb3836fb
commit
dd808fa15b
13
sm/ChangeLog
13
sm/ChangeLog
@ -1,3 +1,16 @@
|
||||
2003-10-31 Werner Koch <wk@gnupg.org>
|
||||
|
||||
|
||||
* verify.c (strtimestamp_r, gpgsm_verify):
|
||||
|
||||
* sign.c (gpgsm_sign):
|
||||
|
||||
* keylist.c (print_time, list_cert_std, list_cert_colon):
|
||||
|
||||
* certdump.c (gpgsm_print_time, gpgsm_dump_time, gpgsm_dump_cert):
|
||||
|
||||
* certchain.c (gpgsm_validate_chain): Changed to use ksba_isotime_t.
|
||||
|
||||
2003-10-25 Werner Koch <wk@gnupg.org>
|
||||
|
||||
* certreqgen.c (read_parameters): Fixed faulty of !spacep().
|
||||
|
@ -408,23 +408,26 @@ gpgsm_is_root_cert (KsbaCert cert)
|
||||
/* Validate a chain and optionally return the nearest expiration time
|
||||
in R_EXPTIME */
|
||||
int
|
||||
gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
|
||||
gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, ksba_isotime_t r_exptime)
|
||||
{
|
||||
int rc = 0, depth = 0, maxdepth;
|
||||
char *issuer = NULL;
|
||||
char *subject = NULL;
|
||||
KEYDB_HANDLE kh = keydb_new (0);
|
||||
KsbaCert subject_cert = NULL, issuer_cert = NULL;
|
||||
time_t current_time = gnupg_get_time ();
|
||||
time_t exptime = 0;
|
||||
ksba_isotime_t current_time;
|
||||
ksba_isotime_t exptime;
|
||||
int any_expired = 0;
|
||||
int any_revoked = 0;
|
||||
int any_no_crl = 0;
|
||||
int any_crl_too_old = 0;
|
||||
int any_no_policy_match = 0;
|
||||
|
||||
|
||||
gnupg_get_isotime (current_time);
|
||||
if (r_exptime)
|
||||
*r_exptime = 0;
|
||||
*exptime = 0;
|
||||
|
||||
if (opt.no_chain_validation)
|
||||
{
|
||||
@ -460,26 +463,28 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
|
||||
}
|
||||
|
||||
{
|
||||
time_t not_before, not_after;
|
||||
ksba_isotime_t not_before, not_after;
|
||||
|
||||
not_before = ksba_cert_get_validity (subject_cert, 0);
|
||||
not_after = ksba_cert_get_validity (subject_cert, 1);
|
||||
if (not_before == (time_t)(-1) || not_after == (time_t)(-1))
|
||||
rc = ksba_cert_get_validity (subject_cert, 0, not_before);
|
||||
if (!rc)
|
||||
rc = ksba_cert_get_validity (subject_cert, 1, not_after);
|
||||
if (rc)
|
||||
{
|
||||
log_error ("certificate with invalid validity\n");
|
||||
log_error (_("certificate with invalid validity: %s\n"),
|
||||
ksba_strerror (rc));
|
||||
rc = gpg_error (GPG_ERR_BAD_CERT);
|
||||
goto leave;
|
||||
}
|
||||
|
||||
if (not_after)
|
||||
if (*not_after)
|
||||
{
|
||||
if (!exptime)
|
||||
exptime = not_after;
|
||||
else if (not_after < exptime)
|
||||
exptime = not_after;
|
||||
if (!*exptime)
|
||||
gnupg_copy_time (exptime, not_after);
|
||||
else if (strcmp (not_after, exptime) < 0 )
|
||||
gnupg_copy_time (exptime, not_after);
|
||||
}
|
||||
|
||||
if (not_before && current_time < not_before)
|
||||
if (*not_before && strcmp (current_time, not_before) < 0 )
|
||||
{
|
||||
log_error ("certificate too young; valid from ");
|
||||
gpgsm_dump_time (not_before);
|
||||
@ -487,7 +492,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
|
||||
rc = gpg_error (GPG_ERR_CERT_TOO_YOUNG);
|
||||
goto leave;
|
||||
}
|
||||
if (not_after && current_time > not_after)
|
||||
if (not_after && strcmp (current_time, not_after) > 0 )
|
||||
{
|
||||
log_error ("certificate has expired at ");
|
||||
gpgsm_dump_time (not_after);
|
||||
@ -692,7 +697,7 @@ gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime)
|
||||
|
||||
leave:
|
||||
if (r_exptime)
|
||||
*r_exptime = exptime;
|
||||
gnupg_copy_time (r_exptime, exptime);
|
||||
xfree (issuer);
|
||||
keydb_release (kh);
|
||||
ksba_cert_release (issuer_cert);
|
||||
|
@ -93,42 +93,22 @@ gpgsm_dump_serial (KsbaConstSexp p)
|
||||
}
|
||||
|
||||
void
|
||||
gpgsm_print_time (FILE *fp, time_t t)
|
||||
gpgsm_print_time (FILE *fp, ksba_isotime_t t)
|
||||
{
|
||||
if (!t)
|
||||
if (!t || !*t)
|
||||
fputs (_("none"), fp);
|
||||
else if ( t == (time_t)(-1) )
|
||||
fputs ("[Error - Invalid time]", fp);
|
||||
else
|
||||
{
|
||||
struct tm *tp;
|
||||
|
||||
tp = gmtime (&t);
|
||||
fprintf (fp, "%04d-%02d-%02d %02d:%02d:%02d Z",
|
||||
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
|
||||
tp->tm_hour, tp->tm_min, tp->tm_sec);
|
||||
assert (!tp->tm_isdst);
|
||||
}
|
||||
fprintf (fp, "%.4s-%.2s-%.2s %.2s:%.2s:%s", t, t+4, t+6, t+9, t+11, t+13);
|
||||
}
|
||||
|
||||
void
|
||||
gpgsm_dump_time (time_t t)
|
||||
gpgsm_dump_time (ksba_isotime_t t)
|
||||
{
|
||||
|
||||
if (!t)
|
||||
if (!t || !*t)
|
||||
log_printf (_("[none]"));
|
||||
else if ( t == (time_t)(-1) )
|
||||
log_printf (_("[error]"));
|
||||
else
|
||||
{
|
||||
struct tm *tp;
|
||||
|
||||
tp = gmtime (&t);
|
||||
log_printf ("%04d-%02d-%02d %02d:%02d:%02d",
|
||||
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
|
||||
tp->tm_hour, tp->tm_min, tp->tm_sec);
|
||||
assert (!tp->tm_isdst);
|
||||
}
|
||||
log_printf ("%.4s-%.2s-%.2s %.2s:%.2s:%s",
|
||||
t, t+4, t+6, t+9, t+11, t+13);
|
||||
}
|
||||
|
||||
|
||||
@ -167,7 +147,7 @@ gpgsm_dump_cert (const char *text, KsbaCert cert)
|
||||
KsbaSexp sexp;
|
||||
unsigned char *p;
|
||||
char *dn;
|
||||
time_t t;
|
||||
ksba_isotime_t t;
|
||||
|
||||
log_debug ("BEGIN Certificate `%s':\n", text? text:"");
|
||||
if (cert)
|
||||
@ -178,11 +158,11 @@ gpgsm_dump_cert (const char *text, KsbaCert cert)
|
||||
ksba_free (sexp);
|
||||
log_printf ("\n");
|
||||
|
||||
t = ksba_cert_get_validity (cert, 0);
|
||||
ksba_cert_get_validity (cert, 0, t);
|
||||
log_debug (" notBefore: ");
|
||||
gpgsm_dump_time (t);
|
||||
log_printf ("\n");
|
||||
t = ksba_cert_get_validity (cert, 1);
|
||||
ksba_cert_get_validity (cert, 1, t);
|
||||
log_debug (" notAfter: ");
|
||||
gpgsm_dump_time (t);
|
||||
log_printf ("\n");
|
||||
|
@ -1035,8 +1035,11 @@ main ( int argc, char **argv)
|
||||
|
||||
if (gnupg_faked_time_p ())
|
||||
{
|
||||
gnupg_isotime_t tbuf;
|
||||
|
||||
log_info (_("WARNING: running with faked system time: "));
|
||||
gpgsm_dump_time (gnupg_get_time ());
|
||||
gnupg_get_isotime (tbuf);
|
||||
gpgsm_dump_time (tbuf);
|
||||
log_printf ("\n");
|
||||
}
|
||||
|
||||
|
@ -177,12 +177,12 @@ void gpgsm_destroy_writer (Base64Context ctx);
|
||||
|
||||
/*-- certdump.c --*/
|
||||
void gpgsm_print_serial (FILE *fp, KsbaConstSexp p);
|
||||
void gpgsm_print_time (FILE *fp, time_t t);
|
||||
void gpgsm_print_time (FILE *fp, ksba_isotime_t t);
|
||||
void gpgsm_print_name (FILE *fp, const char *string);
|
||||
|
||||
void gpgsm_dump_cert (const char *text, KsbaCert cert);
|
||||
void gpgsm_dump_serial (KsbaConstSexp p);
|
||||
void gpgsm_dump_time (time_t t);
|
||||
void gpgsm_dump_time (ksba_isotime_t t);
|
||||
void gpgsm_dump_string (const char *string);
|
||||
|
||||
|
||||
@ -199,7 +199,7 @@ int gpgsm_create_cms_signature (KsbaCert cert, gcry_md_hd_t md, int mdalgo,
|
||||
/*-- certchain.c --*/
|
||||
int gpgsm_walk_cert_chain (KsbaCert start, KsbaCert *r_next);
|
||||
int gpgsm_is_root_cert (KsbaCert cert);
|
||||
int gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, time_t *r_exptime);
|
||||
int gpgsm_validate_chain (CTRL ctrl, KsbaCert cert, ksba_isotime_t r_exptime);
|
||||
int gpgsm_basic_cert_check (KsbaCert cert);
|
||||
|
||||
/*-- certlist.c --*/
|
||||
|
21
sm/keylist.c
21
sm/keylist.c
@ -101,14 +101,12 @@ print_capabilities (KsbaCert cert, FILE *fp)
|
||||
|
||||
|
||||
static void
|
||||
print_time (time_t t, FILE *fp)
|
||||
print_time (gnupg_isotime_t t, FILE *fp)
|
||||
{
|
||||
if (!t)
|
||||
if (!t || !*t)
|
||||
;
|
||||
else if ( t == (time_t)(-1) )
|
||||
putc ('?', fp);
|
||||
else
|
||||
fprintf (fp, "%lu", (unsigned long)t);
|
||||
fputs (t, fp);
|
||||
}
|
||||
|
||||
|
||||
@ -153,6 +151,7 @@ list_cert_colon (KsbaCert cert, FILE *fp, int have_secret)
|
||||
char *p;
|
||||
KsbaSexp sexp;
|
||||
char *fpr;
|
||||
ksba_isotime_t t;
|
||||
|
||||
fputs (have_secret? "crs:":"crt:", fp);
|
||||
trustletter = 0;
|
||||
@ -177,9 +176,11 @@ list_cert_colon (KsbaCert cert, FILE *fp, int have_secret)
|
||||
fpr+24);
|
||||
|
||||
/* we assume --fixed-list-mode for gpgsm */
|
||||
print_time ( ksba_cert_get_validity (cert, 0), fp);
|
||||
ksba_cert_get_validity (cert, 0, t);
|
||||
print_time (t, fp);
|
||||
putc (':', fp);
|
||||
print_time ( ksba_cert_get_validity (cert, 1), fp);
|
||||
ksba_cert_get_validity (cert, 1, t);
|
||||
print_time ( t, fp);
|
||||
putc (':', fp);
|
||||
/* field 8, serial number: */
|
||||
if ((sexp = ksba_cert_get_serial (cert)))
|
||||
@ -280,7 +281,7 @@ list_cert_std (KsbaCert cert, FILE *fp, int have_secret)
|
||||
KsbaError kerr;
|
||||
KsbaSexp sexp;
|
||||
char *dn;
|
||||
time_t t;
|
||||
ksba_isotime_t t;
|
||||
int idx;
|
||||
int is_ca, chainlen;
|
||||
unsigned int kusage;
|
||||
@ -318,11 +319,11 @@ list_cert_std (KsbaCert cert, FILE *fp, int have_secret)
|
||||
putc ('\n', fp);
|
||||
}
|
||||
|
||||
t = ksba_cert_get_validity (cert, 0);
|
||||
ksba_cert_get_validity (cert, 0, t);
|
||||
fputs (" validity: ", fp);
|
||||
gpgsm_print_time (fp, t);
|
||||
fputs (" through ", fp);
|
||||
t = ksba_cert_get_validity (cert, 1);
|
||||
ksba_cert_get_validity (cert, 1, t);
|
||||
gpgsm_print_time (fp, t);
|
||||
putc ('\n', fp);
|
||||
|
||||
|
@ -306,7 +306,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
|
||||
int signer;
|
||||
const char *algoid;
|
||||
int algo;
|
||||
time_t signed_at;
|
||||
ksba_isotime_t signed_at;
|
||||
CERTLIST cl;
|
||||
int release_signerlist = 0;
|
||||
|
||||
@ -462,7 +462,7 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
|
||||
}
|
||||
}
|
||||
|
||||
signed_at = gnupg_get_time ();
|
||||
gnupg_get_isotime (signed_at);
|
||||
for (cl=signerlist,signer=0; cl; cl = cl->next, signer++)
|
||||
{
|
||||
err = ksba_cms_set_signing_time (cms, signer, signed_at);
|
||||
@ -577,11 +577,11 @@ gpgsm_sign (CTRL ctrl, CERTLIST signerlist,
|
||||
gcry_md_close (md);
|
||||
goto leave;
|
||||
}
|
||||
rc = asprintf (&buf, "%c %d %d 00 %lu %s",
|
||||
rc = asprintf (&buf, "%c %d %d 00 %s %s",
|
||||
detached? 'D':'S',
|
||||
GCRY_PK_RSA, /* FIXME: get pk algo from cert */
|
||||
algo,
|
||||
(ulong)signed_at,
|
||||
signed_at,
|
||||
fpr);
|
||||
xfree (fpr);
|
||||
if (rc < 0)
|
||||
|
31
sm/verify.c
31
sm/verify.c
@ -35,22 +35,14 @@
|
||||
#include "i18n.h"
|
||||
|
||||
static char *
|
||||
strtimestamp_r (time_t atime)
|
||||
strtimestamp_r (ksba_isotime_t atime)
|
||||
{
|
||||
char *buffer = xmalloc (15);
|
||||
|
||||
if (atime < 0)
|
||||
strcpy (buffer, "????" "-??" "-??");
|
||||
else if (!atime)
|
||||
if (!atime || !*atime)
|
||||
strcpy (buffer, "none");
|
||||
else
|
||||
{
|
||||
struct tm *tp;
|
||||
|
||||
tp = gmtime( &atime );
|
||||
sprintf (buffer, "%04d-%02d-%02d",
|
||||
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday);
|
||||
}
|
||||
sprintf (buffer, "%.4s-%.2s-%.2s", atime, atime+4, atime+6);
|
||||
return buffer;
|
||||
}
|
||||
|
||||
@ -251,7 +243,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
{
|
||||
char *issuer = NULL;
|
||||
KsbaSexp sigval = NULL;
|
||||
time_t sigtime, keyexptime;
|
||||
ksba_isotime_t sigtime, keyexptime;
|
||||
KsbaSexp serial;
|
||||
char *msgdigest = NULL;
|
||||
size_t msgdigestlen;
|
||||
@ -279,13 +271,14 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
log_printf ("\n");
|
||||
}
|
||||
|
||||
err = ksba_cms_get_signing_time (cms, signer, &sigtime);
|
||||
err = ksba_cms_get_signing_time (cms, signer, sigtime);
|
||||
if (err == KSBA_No_Data)
|
||||
sigtime = 0;
|
||||
*sigtime = 0;
|
||||
else if (err)
|
||||
{
|
||||
log_error ("error getting signing time: %s\n", ksba_strerror (err));
|
||||
sigtime = (time_t)-1;
|
||||
*sigtime = 0; /* FIXME: we can't encode an error in the time
|
||||
string. */
|
||||
}
|
||||
|
||||
err = ksba_cms_get_message_digest (cms, signer,
|
||||
@ -383,7 +376,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
}
|
||||
|
||||
log_info (_("Signature made "));
|
||||
if (sigtime)
|
||||
if (*sigtime)
|
||||
gpgsm_dump_time (sigtime);
|
||||
else
|
||||
log_printf (_("[date not given]"));
|
||||
@ -459,7 +452,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
|
||||
if (DBG_X509)
|
||||
log_debug ("signature okay - checking certs\n");
|
||||
rc = gpgsm_validate_chain (ctrl, cert, &keyexptime);
|
||||
rc = gpgsm_validate_chain (ctrl, cert, keyexptime);
|
||||
if (gpg_err_code (rc) == GPG_ERR_CERT_EXPIRED)
|
||||
{
|
||||
gpgsm_status (ctrl, STATUS_EXPKEYSIG, NULL);
|
||||
@ -474,8 +467,8 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
|
||||
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
|
||||
tstr = strtimestamp_r (sigtime);
|
||||
buf = xmalloc ( strlen(fpr) + strlen (tstr) + 120);
|
||||
sprintf (buf, "%s %s %lu %lu", fpr, tstr,
|
||||
(unsigned long)sigtime, (unsigned long)keyexptime );
|
||||
sprintf (buf, "%s %s %s %s", fpr, tstr,
|
||||
sigtime, keyexptime );
|
||||
xfree (tstr);
|
||||
xfree (fpr);
|
||||
gpgsm_status (ctrl, STATUS_VALIDSIG, buf);
|
||||
|
Loading…
x
Reference in New Issue
Block a user