From 1bfd5e92d0236d1db9782904c1a2d5dc7461dae2 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 10 Nov 2023 09:44:59 +0100
Subject: [PATCH] tests: Add option --chain to run-keylist

* tests/run-keylist.c (xstrdup): New.
(main): Add option.
--

This allows to list the entire chain.
---
 tests/run-keylist.c | 49 ++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 48 insertions(+), 1 deletion(-)

diff --git a/tests/run-keylist.c b/tests/run-keylist.c
index 08f9b8cf..a9d4b6aa 100644
--- a/tests/run-keylist.c
+++ b/tests/run-keylist.c
@@ -47,6 +47,7 @@ show_usage (int ex)
          "  --verbose        run in verbose mode\n"
          "  --openpgp        use the OpenPGP protocol (default)\n"
          "  --cms            use the CMS protocol\n"
+         "  --chain          list all keys of the X.509 chain\n"
          "  --secret         list only secret keys\n"
          "  --with-secret    list pubkeys with secret info filled\n"
          "  --local          use GPGME_KEYLIST_MODE_LOCAL\n"
@@ -69,6 +70,19 @@ show_usage (int ex)
 }
 
 
+static char *
+xstrdup (const char *string)
+{
+  char *p = strdup (string);
+  if (!p)
+    {
+      fprintf (stderr, "strdup failed\n");
+      exit (2);
+    }
+  return p;
+}
+
+
 static const char *
 isotimestr (unsigned long value)
 {
@@ -108,9 +122,11 @@ main (int argc, char **argv)
   int no_trust_check = 0;
   int from_file = 0;
   int from_wkd = 0;
+  int with_chain = 0;
   gpgme_data_t data = NULL;
   char *trust_model = NULL;
-
+  char *chain_id = NULL;
+  char *last_chain_id = NULL;
 
   if (argc)
     { argc--; argv++; }
@@ -140,6 +156,11 @@ main (int argc, char **argv)
           protocol = GPGME_PROTOCOL_CMS;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--chain"))
+        {
+          with_chain = 1;
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--secret"))
         {
           only_secret = 1;
@@ -281,6 +302,7 @@ main (int argc, char **argv)
     err = gpgme_op_keylist_start (ctx, argc? argv[0]:NULL, only_secret);
   fail_if_err (err);
 
+ next_cert:
   while (!(err = gpgme_op_keylist_next (ctx, &key)))
     {
       gpgme_user_id_t uid;
@@ -311,6 +333,12 @@ main (int argc, char **argv)
               key->subkeys && key->subkeys->is_de_vs? " de-vs":"",
               key->subkeys && key->subkeys->is_cardkey? " cardkey":"");
       printf ("upd     : %lu (%u)\n", key->last_update, key->origin);
+      if (key->chain_id)
+        {
+          printf ("chain_id: %s\n", nonnull (key->chain_id));
+          free (chain_id);
+          chain_id = xstrdup (key->chain_id);
+        }
 
       subkey = key->subkeys;
       for (nsub=0; subkey; subkey = subkey->next, nsub++)
@@ -445,6 +473,25 @@ main (int argc, char **argv)
   for (keyidx=0; keyarray[keyidx]; keyidx++)
     gpgme_key_unref (keyarray[keyidx]);
 
+
+  if (with_chain && chain_id && *chain_id
+      && (!last_chain_id || strcmp (last_chain_id, chain_id)))
+    {
+      if (++with_chain > 30)
+        {
+          fprintf (stderr, PGM ": certificate chain too long - circle?\n");
+          exit (1);
+        }
+
+      free (last_chain_id);
+      last_chain_id = xstrdup (chain_id);
+      err = gpgme_op_keylist_start (ctx, chain_id, 0);
+      fail_if_err (err);
+      goto next_cert;
+    }
+
+  free (chain_id);
+  free (last_chain_id);
   free (trust_model);
 
   gpgme_release (ctx);