gpgme/tests/run-keylist.c

509 lines
15 KiB
C
Raw Permalink Normal View History

/* run-keylist.c - Helper to show a key listing.
* Copyright (C) 2008, 2009 g10 Code GmbH
*
* This file is part of GPGME.
*
* GPGME is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* GPGME is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this program; if not, see <https://gnu.org/licenses/>.
* SPDX-License-Identifier: LGPL-2.1-or-later
*/
/* We need to include config.h so that we know whether we are building
with large file system (LFS) support. */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <gpgme.h>
#define PGM "run-keylist"
#include "run-support.h"
static int verbose;
static int
show_usage (int ex)
{
fputs ("usage: " PGM " [options] [USERID_or_FILE]\n\n"
"Options:\n"
" --verbose run in verbose mode\n"
" --openpgp use the OpenPGP protocol (default)\n"
" --cms use the CMS protocol\n"
" --chain list all keys of the X.509 chain\n"
" --secret list only secret keys\n"
" --with-secret list pubkeys with secret info filled\n"
" --local use GPGME_KEYLIST_MODE_LOCAL\n"
" --extern use GPGME_KEYLIST_MODE_EXTERN\n"
" --sigs use GPGME_KEYLIST_MODE_SIGS\n"
" --tofu use GPGME_KEYLIST_MODE_TOFU\n"
" --sig-notations use GPGME_KEYLIST_MODE_SIG_NOTATIONS\n"
" --ephemeral use GPGME_KEYLIST_MODE_EPHEMERAL\n"
" --v5fpr use GPGME_KEYLIST_MODE_V5FPR\n"
" --validate use GPGME_KEYLIST_MODE_VALIDATE\n"
" --import import all keys\n"
" --offline use offline mode\n"
" --no-trust-check disable automatic trust database check\n"
" --from-file list all keys in the given file\n"
" --from-wkd list key from a web key directory\n"
" --require-gnupg required at least the given GnuPG version\n"
" --trust-model use the specified trust-model\n"
, stderr);
exit (ex);
}
static char *
xstrdup (const char *string)
{
char *p = strdup (string);
if (!p)
{
fprintf (stderr, "strdup failed\n");
exit (2);
}
return p;
}
static const char *
isotimestr (unsigned long value)
{
time_t t;
static char buffer[25+5];
struct tm *tp;
if (!value)
return "none";
t = value;
tp = gmtime (&t);
snprintf (buffer, sizeof buffer, "%04d-%02d-%02d %02d:%02d:%02d",
1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
tp->tm_hour, tp->tm_min, tp->tm_sec);
return buffer;
}
int
main (int argc, char **argv)
{
int last_argc = -1;
gpgme_error_t err;
gpgme_ctx_t ctx;
gpgme_keylist_mode_t mode = 0;
gpgme_key_t key;
gpgme_subkey_t subkey;
gpgme_keylist_result_t result;
int import = 0;
gpgme_key_t keyarray[100];
int keyidx = 0;
gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
int only_secret = 0;
int offline = 0;
int no_trust_check = 0;
int from_file = 0;
int from_wkd = 0;
int with_chain = 0;
gpgme_data_t data = NULL;
char *trust_model = NULL;
char *chain_id = NULL;
char *last_chain_id = NULL;
if (argc)
{ argc--; argv++; }
while (argc && last_argc != argc )
{
last_argc = argc;
if (!strcmp (*argv, "--"))
{
argc--; argv++;
break;
}
else if (!strcmp (*argv, "--help"))
show_usage (0);
else if (!strcmp (*argv, "--verbose"))
{
verbose = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--openpgp"))
{
protocol = GPGME_PROTOCOL_OpenPGP;
argc--; argv++;
}
else if (!strcmp (*argv, "--cms"))
{
protocol = GPGME_PROTOCOL_CMS;
argc--; argv++;
}
else if (!strcmp (*argv, "--chain"))
{
with_chain = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--secret"))
{
only_secret = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--local"))
{
mode |= GPGME_KEYLIST_MODE_LOCAL;
argc--; argv++;
}
else if (!strcmp (*argv, "--extern"))
{
mode |= GPGME_KEYLIST_MODE_EXTERN;
argc--; argv++;
}
else if (!strcmp (*argv, "--tofu"))
{
mode |= GPGME_KEYLIST_MODE_WITH_TOFU;
argc--; argv++;
}
else if (!strcmp (*argv, "--sigs"))
{
mode |= GPGME_KEYLIST_MODE_SIGS;
argc--; argv++;
}
else if (!strcmp (*argv, "--sig-notations"))
{
mode |= GPGME_KEYLIST_MODE_SIG_NOTATIONS;
argc--; argv++;
}
else if (!strcmp (*argv, "--ephemeral"))
{
mode |= GPGME_KEYLIST_MODE_EPHEMERAL;
argc--; argv++;
}
else if (!strcmp (*argv, "--validate"))
{
mode |= GPGME_KEYLIST_MODE_VALIDATE;
argc--; argv++;
}
else if (!strcmp (*argv, "--with-secret"))
{
mode |= GPGME_KEYLIST_MODE_WITH_SECRET;
argc--; argv++;
}
else if (!strcmp (*argv, "--v5fpr"))
{
mode |= GPGME_KEYLIST_MODE_WITH_V5FPR;
argc--; argv++;
}
else if (!strcmp (*argv, "--import"))
{
import = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--offline"))
{
offline = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--no-trust-check"))
{
no_trust_check = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--from-file"))
{
from_file = 1;
argc--; argv++;
}
else if (!strcmp (*argv, "--require-gnupg"))
{
argc--; argv++;
if (!argc)
show_usage (1);
gpgme_set_global_flag ("require-gnupg", *argv);
argc--; argv++;
}
else if (!strcmp (*argv, "--from-wkd"))
{
argc--; argv++;
mode |= GPGME_KEYLIST_MODE_LOCATE;
from_wkd = 1;
}
else if (!strcmp (*argv, "--trust-model"))
{
argc--; argv++;
if (!argc)
show_usage (1);
trust_model = strdup (*argv);
argc--; argv++;
}
else if (!strncmp (*argv, "--", 2))
show_usage (1);
}
if (argc > 1)
show_usage (1);
else if (from_file && !argc)
show_usage (1);
init_gpgme (protocol);
err = gpgme_new (&ctx);
fail_if_err (err);
gpgme_set_protocol (ctx, protocol);
gpgme_set_keylist_mode (ctx, mode);
gpgme_set_offline (ctx, offline);
if (no_trust_check)
{
err = gpgme_set_ctx_flag (ctx, "no-auto-check-trustdb", "1");
fail_if_err (err);
}
if (trust_model)
{
err = gpgme_set_ctx_flag (ctx, "trust-model", trust_model);
fail_if_err (err);
}
if (from_wkd)
{
err = gpgme_set_ctx_flag (ctx, "auto-key-locate",
"clear,nodefault,wkd");
fail_if_err (err);
}
if (from_file)
{
err = gpgme_data_new_from_file (&data, *argv, 1);
fail_if_err (err);
err = gpgme_op_keylist_from_data_start (ctx, data, 0);
}
else
err = gpgme_op_keylist_start (ctx, argc? argv[0]:NULL, only_secret);
fail_if_err (err);
next_cert:
while (!(err = gpgme_op_keylist_next (ctx, &key)))
{
gpgme_user_id_t uid;
gpgme_tofu_info_t ti;
gpgme_key_sig_t ks;
gpgme_revocation_key_t revkey;
int nuids;
int nsub;
int nsigs;
int nrevkeys;
printf ("keyid : %s\n", key->subkeys?nonnull (key->subkeys->keyid):"?");
printf ("can_cap : %s%s%s%s\n",
key->can_encrypt? "e":"",
key->can_sign? "s":"",
key->can_certify? "c":"",
key->can_authenticate? "a":"");
printf ("has_cap : %s%s%s%s\n",
key->has_encrypt? "e":"",
key->has_sign? "s":"",
key->has_certify? "c":"",
key->has_authenticate? "a":"");
printf ("flags :%s%s%s%s%s%s%s%s\n",
key->secret? " secret":"",
key->revoked? " revoked":"",
key->expired? " expired":"",
key->disabled? " disabled":"",
key->invalid? " invalid":"",
key->is_qualified? " qualified":"",
key->subkeys && key->subkeys->is_de_vs? " de-vs":"",
key->subkeys && key->subkeys->is_cardkey? " cardkey":"");
printf ("upd : %lu (%u)\n", key->last_update, key->origin);
if (key->chain_id)
{
printf ("chain_id: %s\n", nonnull (key->chain_id));
free (chain_id);
chain_id = xstrdup (key->chain_id);
}
subkey = key->subkeys;
for (nsub=0; subkey; subkey = subkey->next, nsub++)
{
printf ("fpr %2d: %s\n", nsub, nonnull (subkey->fpr));
if (subkey->v5fpr)
printf ("v5fpr %2d: %s\n", nsub, nonnull (subkey->v5fpr));
if (subkey->keygrip)
printf ("grip %2d: %s\n", nsub, subkey->keygrip);
if (subkey->curve)
printf ("curve %2d: %s\n", nsub, subkey->curve);
printf ("caps %2d: %s%s%s%s%s%s\n",
nsub,
subkey->can_encrypt? "e":"",
subkey->can_sign? "s":"",
subkey->can_certify? "c":"",
subkey->can_authenticate? "a":"",
subkey->can_renc? "r":"",
subkey->can_timestamp? "t":"");
printf ("flags %2d:%s%s%s%s%s%s%s%s%s\n",
nsub,
subkey->secret? " secret":"",
subkey->revoked? " revoked":"",
subkey->expired? " expired":"",
subkey->disabled? " disabled":"",
subkey->invalid? " invalid":"",
subkey->is_group_owned? " group":"",
subkey->is_qualified? " qualified":"",
subkey->is_de_vs? " de-vs":"",
subkey->is_cardkey? " cardkey":"");
}
for (nuids=0, uid=key->uids; uid; uid = uid->next, nuids++)
{
printf ("userid %d: %s\n", nuids, nonnull(uid->uid));
printf (" mbox: %s\n", nonnull(uid->address));
if (uid->email && uid->email != uid->address)
printf (" email: %s\n", uid->email);
if (uid->name)
printf (" name: %s\n", uid->name);
if (uid->comment)
printf (" cmmnt: %s\n", uid->comment);
if (uid->uidhash)
printf (" uidhash: %s\n", uid->uidhash);
printf (" upd: %lu (%u)\n", uid->last_update, uid->origin);
printf (" valid: %s\n",
uid->validity == GPGME_VALIDITY_UNKNOWN? "unknown":
uid->validity == GPGME_VALIDITY_UNDEFINED? "undefined":
uid->validity == GPGME_VALIDITY_NEVER? "never":
uid->validity == GPGME_VALIDITY_MARGINAL? "marginal":
uid->validity == GPGME_VALIDITY_FULL? "full":
uid->validity == GPGME_VALIDITY_ULTIMATE? "ultimate": "[?]");
if ((ti = uid->tofu))
{
printf (" tofu: %u (%s)\n", ti->validity,
ti->validity == 0? "conflict" :
ti->validity == 1? "no history" :
ti->validity == 2? "little history" :
ti->validity == 3? "enough history" :
ti->validity == 4? "lot of history" : "?");
printf (" policy: %u (%s)\n", ti->policy,
ti->policy == GPGME_TOFU_POLICY_NONE? "none" :
ti->policy == GPGME_TOFU_POLICY_AUTO? "auto" :
ti->policy == GPGME_TOFU_POLICY_GOOD? "good" :
ti->policy == GPGME_TOFU_POLICY_UNKNOWN? "unknown" :
ti->policy == GPGME_TOFU_POLICY_BAD? "bad" :
ti->policy == GPGME_TOFU_POLICY_ASK? "ask" : "?");
printf (" nsigs: %hu\n", ti->signcount);
printf (" first: %s\n", isotimestr (ti->signfirst));
printf (" last: %s\n", isotimestr (ti->signlast));
printf (" nencr: %hu\n", ti->encrcount);
printf (" first: %s\n", isotimestr (ti->encrfirst));
printf (" last: %s\n", isotimestr (ti->encrlast));
}
for (nsigs=0, ks=uid->signatures; ks; ks = ks->next, nsigs++)
{
printf ("signature %d: %s\n", nsigs, nonnull (ks->uid));
printf (" keyid: %s\n", nonnull (ks->keyid));
printf (" created: %s\n", isotimestr(ks->timestamp));
printf (" expires: %s\n", isotimestr(ks->expires));
printf (" class: %x\n", ks->sig_class);
printf (" trust depth: %u\n", ks->trust_depth);
printf (" trust value: %u\n", ks->trust_value);
printf (" trust scope: %s\n", nonnull (ks->trust_scope));
}
}
revkey = key->revocation_keys;
for (nrevkeys=0; revkey; revkey = revkey->next, nrevkeys++)
{
printf ("revkey%2d: %s\n", nrevkeys, revkey->fpr);
printf (" class: %x\n", revkey->key_class);
}
putchar ('\n');
if (import)
{
if (keyidx < DIM (keyarray)-1)
keyarray[keyidx++] = key;
else
{
fprintf (stderr, PGM": too many keys in import mode"
"- skipping this key\n");
gpgme_key_unref (key);
}
}
else
gpgme_key_unref (key);
}
if (gpgme_err_code (err) != GPG_ERR_EOF)
fail_if_err (err);
err = gpgme_op_keylist_end (ctx);
fail_if_err (err);
keyarray[keyidx] = NULL;
gpgme_data_release (data);
result = gpgme_op_keylist_result (ctx);
if (result->truncated)
{
fprintf (stderr, PGM ": key listing unexpectedly truncated\n");
exit (1);
}
if (import)
{
gpgme_import_result_t impres;
err = gpgme_op_import_keys (ctx, keyarray);
fail_if_err (err);
impres = gpgme_op_import_result (ctx);
if (!impres)
{
fprintf (stderr, PGM ": no import result returned\n");
exit (1);
}
print_import_result (impres);
}
for (keyidx=0; keyarray[keyidx]; keyidx++)
gpgme_key_unref (keyarray[keyidx]);
if (with_chain && chain_id && *chain_id
&& (!last_chain_id || strcmp (last_chain_id, chain_id)))
{
if (++with_chain > 30)
{
fprintf (stderr, PGM ": certificate chain too long - circle?\n");
exit (1);
}
free (last_chain_id);
last_chain_id = xstrdup (chain_id);
err = gpgme_op_keylist_start (ctx, chain_id, 0);
fail_if_err (err);
goto next_cert;
}
free (chain_id);
free (last_chain_id);
free (trust_model);
gpgme_release (ctx);
return 0;
}