From 29b7d7ad0b6dbaf9b55086c56225aab82c9da616 Mon Sep 17 00:00:00 2001 From: Karl-Heinz Zimmer Date: Thu, 31 Oct 2002 13:58:54 +0000 Subject: [PATCH] Add support for certificates having the e-mail address stored in GPGME_ATTR_USERID instead of GPGME_ATTR_EMAIL. --- gpgmeplug/gpgmeplug.c | 71 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 58 insertions(+), 13 deletions(-) diff --git a/gpgmeplug/gpgmeplug.c b/gpgmeplug/gpgmeplug.c index 03d3dbe5..85b395db 100644 --- a/gpgmeplug/gpgmeplug.c +++ b/gpgmeplug/gpgmeplug.c @@ -451,20 +451,65 @@ bool warnNoCertificate() } -bool isEmailInCertificate( const char* email, const char* certificate ) +bool isEmailInCertificate( const char* email, const char* fingerprint ) { - /* PENDING(g10) this function should return true if the email - address passed as the first parameter is contained in the - certificate passed as the second parameter, and false - otherwise. This is used to alert the user if his own email - address is not contained in the certificate he uses for - signing. - Note that the parameter email can be anything that is allowed - in a From: line. - Another note: OK, OK, we'll handle that in the MUA. You can - assume that you only get the email address. - */ - return false; /* dummy*/ + GpgmeCtx ctx; + GpgmeError err; + GpgmeKey rKey; + int UID_idx; + const char* attr_string; + int emailCount = 0; + bool bOk = false; + int fprLen = strlen( fingerprint ); + + fprintf( stderr, "gpgmeplug isEmailInCertificate looking for fingerprint %s\n", fingerprint ); + + gpgme_new( &ctx ); + gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL ); + + err = gpgme_op_keylist_start( ctx, fingerprint, 0 ); + if ( GPGME_No_Error == err ) { + err = gpgme_op_keylist_next( ctx, &rKey ); + gpgme_op_keylist_end( ctx ); + if ( GPGME_No_Error == err ) { + /* extract email(s) */ + for( UID_idx = 0; + (attr_string = gpgme_key_get_string_attr( + rKey, GPGME_ATTR_EMAIL, 0, UID_idx ) ); + ++UID_idx ){ + if (attr_string && *attr_string) { + ++emailCount; + fprintf( stderr, "gpgmeplug isEmailInCertificate found email: %s\n", attr_string ); + if( 0 == strcasecmp(attr_string, email) ){ + bOk = true; + break; + }else{ + attr_string = gpgme_key_get_string_attr( + rKey, GPGME_ATTR_USERID, 0, UID_idx ); + if (attr_string && *attr_string == '<'){ + ++attr_string; + if( 0 == strncasecmp(attr_string, email, fprLen) ){ + bOk = true; + break; + } + } + } + } + } + if( !emailCount ) + fprintf( stderr, "gpgmeplug isEmailInCertificate found NO EMAIL\n" ); + else if( !bOk ) + fprintf( stderr, "gpgmeplug isEmailInCertificate found NO MATCHING email\n" ); + gpgme_key_release( rKey ); + }else{ + fprintf( stderr, "gpgmeplug isEmailInCertificate found NO CERTIFICATE for fingerprint %s\n", fingerprint ); + } + }else{ + fprintf( stderr, "gpgmeplug isEmailInCertificate could NOT open KEYLIST for fingerprint %s\n", fingerprint ); + } + gpgme_release( ctx ); + + return bOk; }