* keydb.c (keydb_store_cert): Add optional ar EXISTED and changed

all callers. * call-agent.c (learn_cb): Print info message only for real imports. * import.c (gpgsm_import): Moved duplicated code to ... (check_and_store): new function. Added magic to import the entire chain. Print status only for real imports and moved printing code to .. (print_imported_status): New.
author: Werner Koch <[email protected]> 2002-07-02 10:40:12 +0000
committer: Werner Koch <[email protected]> 2002-07-02 10:40:12 +0000
commit: 5795c02b0944668cfe3901a5126b1d9171ce4212 (patch)
tree: 3e3557f8855b4219f38e62692a3241ffbe95143b
parent: * call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr (diff)
download: gnupg-5795c02b0944668cfe3901a5126b1d9171ce4212.tar.gz
gnupg-5795c02b0944668cfe3901a5126b1d9171ce4212.zip
9 files changed, 96 insertions, 44 deletions
diff --git a/sm/ChangeLog b/sm/ChangeLog
index 862b44d08..e44044b16 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,5 +1,15 @@
 2002-07-02  Werner Koch  <[email protected]>
 
+	* keydb.c (keydb_store_cert): Add optional ar EXISTED and changed
+	all callers.
+	* call-agent.c (learn_cb): Print info message only for real imports.
+
+	* import.c (gpgsm_import): Moved duplicated code to ...
+	(check_and_store): new function.  Added magic to import the entire
+	chain. Print status only for real imports and moved printing code
+	to ..
+	(print_imported_status): New.
+
 	* call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr
 	call in very verbose mode.
 
diff --git a/sm/call-agent.c b/sm/call-agent.c
index 9462deb40..3a0d0763e 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -702,8 +702,15 @@ learn_cb (void *opaque, const void *buffer, size_t length)
     log_error ("invalid certificate: %s\n", gnupg_strerror (rc));
   else
     {
-      if (!keydb_store_cert (cert, 0))
-        log_info ("certificate imported\n");
+      int existed;
+
+      if (!keydb_store_cert (cert, 0, &existed))
+        {
+          if (opt.verbose > 1 && existed)
+            log_info ("certificate already in DB\n");
+          else if (opt.verbose && !existed)
+            log_info ("certificate imported\n");
+        }
     }
 
   ksba_cert_release (cert);
diff --git a/sm/certchain.c b/sm/certchain.c
index 0457a0aa1..719f97b61 100644
--- a/sm/certchain.c
+++ b/sm/certchain.c
@@ -199,7 +199,7 @@ check_cert_policy (KsbaCert cert)
 static void
 find_up_store_certs_cb (void *cb_value, KsbaCert cert)
 {
-  if (keydb_store_cert (cert, 1))
+  if (keydb_store_cert (cert, 1, NULL))
     log_error ("error storing issuer certificate as ephemeral\n");
   ++*(int*)cb_value;
 }
diff --git a/sm/certpath.c b/sm/certpath.c
index 0457a0aa1..719f97b61 100644
--- a/sm/certpath.c
+++ b/sm/certpath.c
@@ -199,7 +199,7 @@ check_cert_policy (KsbaCert cert)
 static void
 find_up_store_certs_cb (void *cb_value, KsbaCert cert)
 {
-  if (keydb_store_cert (cert, 1))
+  if (keydb_store_cert (cert, 1, NULL))
     log_error ("error storing issuer certificate as ephemeral\n");
   ++*(int*)cb_value;
 }
diff --git a/sm/import.c b/sm/import.c
index 4f77b7f1f..2b7fbfecf 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -35,6 +35,61 @@
 #include "i18n.h"
 
 
+static void
+print_imported_status (CTRL ctrl, KsbaCert cert)
+{
+  char *fpr;
+ 
+  fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+  gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, " [X.509]", NULL);
+  xfree (fpr);
+}
+
+static void
+check_and_store (CTRL ctrl, KsbaCert cert, int depth)
+{
+  if ( !gpgsm_basic_cert_check (cert) )
+    {
+      int existed;
+
+      if (!keydb_store_cert (cert, 0, &existed))
+        {
+          KsbaCert next = NULL;
+
+          if (!existed)
+            print_imported_status (ctrl, cert);
+          if (opt.verbose > 1 && existed)
+            {
+              if (depth)
+                log_info ("issuer certificate already in DB\n");
+              else
+                log_info ("certificate already in DB\n");
+            }
+          else if (opt.verbose && !existed)
+            {
+              if (depth)
+                log_info ("issuer certificate imported\n");
+              else
+                log_info ("certificate imported\n");
+            }
+          /* Now lets walk up the chain and import all certificates up
+             the chain.*/
+          if ( depth >= 50 )
+            log_error (_("certificate path too long\n"));
+          else if (!gpgsm_walk_cert_chain (cert, &next))
+            {
+              check_and_store (ctrl, next, depth+1);
+              ksba_cert_release (next);
+            }
+        }
+      else
+        log_error (_("error storing certificate\n"));
+    }
+  else
+    log_error (_("basic certificate checks failed - not imported\n"));
+}
+
+
 
 int
 gpgsm_import (CTRL ctrl, int in_fd)
@@ -102,22 +157,7 @@ gpgsm_import (CTRL ctrl, int in_fd)
       
       for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
         {
-          if ( !gpgsm_basic_cert_check (cert) )
-            {
-              if (!keydb_store_cert (cert, 0))
-                {
-                  char *fpr;
-                  fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
-                  gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, " [X.509]", NULL);
-                  xfree (fpr);
-                  if (opt.verbose)
-                    log_info ("certificate imported\n");
-                }
-              else
-                log_error (_("error storing certificate\n"));
-            }
-          else
-            log_error (_("basic certificate checks failed - not imported\n"));
+          check_and_store (ctrl, cert, 0);
           ksba_cert_release (cert); 
           cert = NULL;
         }
@@ -140,23 +180,8 @@ gpgsm_import (CTRL ctrl, int in_fd)
           rc = map_ksba_err (rc);
           goto leave;
         }
-      
-      if ( !gpgsm_basic_cert_check (cert) )
-        {
-          if (!keydb_store_cert (cert, 0))
-            {
-              char *fpr;
-              fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
-              gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, " [X.509]", NULL);
-              xfree (fpr);
-              if (opt.verbose)
-                log_info ("certificate imported\n");
-            }
-          else
-            log_error (_("error storing certificate\n"));
-        }
-      else
-        log_error (_("basic certificate checks failed - not imported\n"));
+
+      check_and_store (ctrl, cert, 0);
     }
   else
     {
diff --git a/sm/keydb.c b/sm/keydb.c
index 52f40f1ad..fec44153c 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -1196,15 +1196,20 @@ keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc)
 }
 
 
-/* Store the certificate in the key Db but make sure that it does not
-   already exists.  We do this simply by comparing the fingerprint */
+/* Store the certificate in the key DB but make sure that it does not
+   already exists.  We do this simply by comparing the fingerprint.
+   If EXISTED is not NULL it will be set to true if the certificate
+   was already in the DB. */
 int
-keydb_store_cert (KsbaCert cert, int ephemeral)
+keydb_store_cert (KsbaCert cert, int ephemeral, int *existed)
 {
   KEYDB_HANDLE kh;
   int rc;
   unsigned char fpr[20];
 
+  if (existed)
+    *existed = 0;
+
   if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL))
     {
       log_error (_("failed to get the fingerprint\n"));
@@ -1226,7 +1231,11 @@ keydb_store_cert (KsbaCert cert, int ephemeral)
     {
       keydb_release (kh);
       if (!rc)
-        return 0; /* okay */
+        {
+          if (existed)
+            *existed = 1;
+          return 0; /* okay */
+        }
       log_error (_("problem looking for existing certificate: %s\n"),
                  gnupg_strerror (rc));
       return rc;
@@ -1252,3 +1261,4 @@ keydb_store_cert (KsbaCert cert, int ephemeral)
 }
 
 
+
diff --git a/sm/keydb.h b/sm/keydb.h
index 0721f431a..ad7eaf51d 100644
--- a/sm/keydb.h
+++ b/sm/keydb.h
@@ -63,7 +63,7 @@ int keydb_search_subject (KEYDB_HANDLE hd, const char *issuer);
 
 int keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc);
 
-int keydb_store_cert (KsbaCert cert, int ephemeral);
+int keydb_store_cert (KsbaCert cert, int ephemeral, int *existed);
 
 
 #endif /*GNUPG_KEYDB_H*/
diff --git a/sm/keylist.c b/sm/keylist.c
index c17fb7052..5431e1b00 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -548,7 +548,7 @@ list_external_cb (void *cb_value, KsbaCert cert)
 {
   struct list_external_parm_s *parm = cb_value;
 
-  if (keydb_store_cert (cert, 1))
+  if (keydb_store_cert (cert, 1, NULL))
     log_error ("error storing certificate as ephemeral\n");
 
   if (parm->print_header)
diff --git a/sm/verify.c b/sm/verify.c
index d5f8629b7..8e54da285 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -242,7 +242,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
          certificate first before entering it into the DB.  This way
          we would avoid cluttering the DB with invalid
          certificates. */
-      keydb_store_cert (cert, 0);
+      keydb_store_cert (cert, 0, NULL);
       ksba_cert_release (cert);
     }
author	Werner Koch <[email protected]>	2002-07-02 10:40:12 +0000
committer	Werner Koch <[email protected]>	2002-07-02 10:40:12 +0000
commit	5795c02b0944668cfe3901a5126b1d9171ce4212 (patch)
tree	3e3557f8855b4219f38e62692a3241ffbe95143b
parent	* call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr (diff)
download	gnupg-5795c02b0944668cfe3901a5126b1d9171ce4212.tar.gz gnupg-5795c02b0944668cfe3901a5126b1d9171ce4212.zip