security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00
Code Activity

gpg: new list-option store-x509-notations.

Browse Source 
* g10/options.h (LIST_STORE_X509_NOTATIONS): New.
* g10/gpg.c (parse_list_options): Add "store-x509-notations".
* g10/keylist.c (print_x509_notations): Add arg PK and code to write a
file.
(list_signature_print): Add arg lastpk and handle new option.
(list_keyblock_print): Track last key or subkey and pass to
list_signature_print.
This commit is contained in:
Werner Koch 2024-03-14 20:58:01 +01:00
parent 14c1b73093
commit f78501c545
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
4 changed files with 54 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/gpg.texi
View File

@ -1416,6 +1416,12 @@ give the opposite meaning. The options are:
This is intended for debugging and the output format may change This is intended for debugging and the output format may change
without notice. without notice.
@item store-x509-notations
@opindex list-options:store-x509-notations
Store X.509 certificates embedded in key signatures as PEM data
files. The filename consists the 4 byte key ID of the certificate,
a dash, the fingerprint of the key or subkey, and the suffix ".pem".
@item show-keyserver-urls @item show-keyserver-urls
@opindex list-options:show-keyserver-urls @opindex list-options:show-keyserver-urls
Show any preferred keyserver URL in the Show any preferred keyserver URL in the

1
g10/gpg.c
View File

@ -2087,6 +2087,7 @@ parse_list_options(char *str)
{"show-user-notations",LIST_SHOW_USER_NOTATIONS,NULL, {"show-user-notations",LIST_SHOW_USER_NOTATIONS,NULL,
N_("show user-supplied notations during signature listings")}, N_("show user-supplied notations during signature listings")},
{"show-x509-notations",LIST_SHOW_X509_NOTATIONS,NULL, NULL }, {"show-x509-notations",LIST_SHOW_X509_NOTATIONS,NULL, NULL },
{"store-x509-notations",LIST_STORE_X509_NOTATIONS,NULL, NULL },
{"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS,NULL, {"show-keyserver-urls",LIST_SHOW_KEYSERVER_URLS,NULL,
N_("show preferred keyserver URLs during signature listings")}, N_("show preferred keyserver URLs during signature listings")},
{"show-uid-validity",LIST_SHOW_UID_VALIDITY,NULL, {"show-uid-validity",LIST_SHOW_UID_VALIDITY,NULL,

54
g10/keylist.c
View File

@ -1172,15 +1172,36 @@ dump_attribs (const PKT_user_id *uid, PKT_public_key *pk)
/* If PK is given the output is written to a new file instead of
* stdout. */
static void static void
print_x509_notations (struct notation *nots) print_x509_notations (struct notation *nots, PKT_public_key *pk)
{ {
gpg_error_t err; gpg_error_t err;
gpgrt_b64state_t state; gpgrt_b64state_t state = NULL;
char hexfpr[2*4 + 1 + 2*MAX_FINGERPRINT_LEN+4+1];
char sha1[20];
estream_t fp;
for (; nots; nots = nots->next) for (; nots; nots = nots->next)
{ {
state = gpgrt_b64enc_start (es_stdout, "CERTIFICATE"); if (pk)
{
gcry_md_hash_buffer (GCRY_MD_SHA1, sha1, nots->bdat, nots->blen);
bin2hex (sha1+16, 4, hexfpr);
hexfpr[2*4] = '-';
hexfingerprint (pk, hexfpr + 2*4+1, 2*MAX_FINGERPRINT_LEN);
strcat (hexfpr, ".pem");
fp = es_fopen (hexfpr, "w");
if (!fp)
{
err = gpg_err_code_from_syserror ();
goto b64fail;
}
}
else
fp = es_stdout;
state = gpgrt_b64enc_start (fp, "CERTIFICATE");
if (!state) if (!state)
{ {
err = gpg_err_code_from_syserror (); err = gpg_err_code_from_syserror ();
@ -1192,12 +1213,19 @@ print_x509_notations (struct notation *nots)
err = gpgrt_b64enc_finish (state); err = gpgrt_b64enc_finish (state);
if (err) if (err)
goto b64fail; goto b64fail;
if (fp != es_stdout)
{
es_fclose (fp);
fp = NULL;
}
} }
return; return;
b64fail: b64fail:
log_error ("error writing base64 encoded notation: %s\n", gpg_strerror (err)); log_error ("error writing base64 encoded notation: %s\n", gpg_strerror (err));
gpgrt_b64enc_finish (state); gpgrt_b64enc_finish (state);
if (fp && fp != es_stdout)
gpgrt_fcancel (fp);
} }
@ -1250,7 +1278,7 @@ cmp_signodes (const void *av, const void *bv)
* NODFLG_MARK_B to indicate self-signatures. */ * NODFLG_MARK_B to indicate self-signatures. */
static void static void
list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node, list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
struct keylist_context *listctx) struct keylist_context *listctx, PKT_public_key *lastpk)
{ {
/* (extra indentation to keep the diff history short) */ /* (extra indentation to keep the diff history short) */
PKT_signature *sig = node->pkt->pkt.signature; PKT_signature *sig = node->pkt->pkt.signature;
@ -1375,7 +1403,8 @@ list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
0)); 0));
if (sig->flags.notation if (sig->flags.notation
&& (opt.list_options & LIST_SHOW_X509_NOTATIONS)) && (opt.list_options
& (LIST_SHOW_X509_NOTATIONS|LIST_STORE_X509_NOTATIONS)))
{ {
struct notation *nots; struct notation *nots;
@ -1383,7 +1412,10 @@ list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
&& (nots = search_sig_notations (sig, && (nots = search_sig_notations (sig,
"x509certificate@pgp.com"))) "x509certificate@pgp.com")))
{ {
print_x509_notations (nots); if ((opt.list_options & LIST_STORE_X509_NOTATIONS))
print_x509_notations (nots, lastpk);
else
print_x509_notations (nots, NULL);
free_notation (nots); free_notation (nots);
} }
} }
@ -1437,6 +1469,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
int rc; int rc;
kbnode_t node; kbnode_t node;
PKT_public_key *pk; PKT_public_key *pk;
PKT_public_key *lastpk;
u32 *mainkid; u32 *mainkid;
int skip_sigs = 0; int skip_sigs = 0;
char *hexgrip = NULL; char *hexgrip = NULL;
@ -1453,6 +1486,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
pk = node->pkt->pkt.public_key; pk = node->pkt->pkt.public_key;
mainkid = pk_keyid (pk); mainkid = pk_keyid (pk);
lastpk = pk;
if (secret || opt.with_keygrip) if (secret || opt.with_keygrip)
{ {
@ -1601,6 +1635,7 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
{ {
PKT_public_key *pk2 = node->pkt->pkt.public_key; PKT_public_key *pk2 = node->pkt->pkt.public_key;
lastpk = pk2;
if ((pk2->flags.revoked || pk2->has_expired) if ((pk2->flags.revoked || pk2->has_expired)
&& !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS)) && !(opt.list_options & LIST_SHOW_UNUSABLE_SUBKEYS))
{ {
@ -1642,7 +1677,9 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
if (opt.with_key_screening) if (opt.with_key_screening)
print_pk_screening (pk2, 0); print_pk_screening (pk2, 0);
} }
else if ((opt.list_sigs || (opt.list_options & LIST_SHOW_X509_NOTATIONS)) else if ((opt.list_sigs
|| (opt.list_options
& (LIST_SHOW_X509_NOTATIONS|LIST_STORE_X509_NOTATIONS)))
&& node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs) && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
{ {
kbnode_t n; kbnode_t n;
@ -1670,7 +1707,8 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
qsort (sigarray, sigcount, sizeof *sigarray, cmp_signodes); qsort (sigarray, sigcount, sizeof *sigarray, cmp_signodes);
for (idx=0; idx < sigcount; idx++) for (idx=0; idx < sigcount; idx++)
list_signature_print (ctrl, keyblock, sigarray[idx], listctx); list_signature_print (ctrl, keyblock, sigarray[idx], listctx,
lastpk);
xfree (sigarray); xfree (sigarray);
} }
} }

1
g10/options.h
View File

@ -445,6 +445,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
#define LIST_SHOW_PREF_VERBOSE (1<<15) #define LIST_SHOW_PREF_VERBOSE (1<<15)
#define LIST_SHOW_UNUSABLE_SIGS (1<<16) #define LIST_SHOW_UNUSABLE_SIGS (1<<16)
#define LIST_SHOW_X509_NOTATIONS (1<<17) #define LIST_SHOW_X509_NOTATIONS (1<<17)
#define LIST_STORE_X509_NOTATIONS (1<<18)
#define VERIFY_SHOW_PHOTOS (1<<0) #define VERIFY_SHOW_PHOTOS (1<<0)
#define VERIFY_SHOW_POLICY_URLS (1<<1) #define VERIFY_SHOW_POLICY_URLS (1<<1)