* verify.c (calc_sig_summary): Set bad policy for wrong key usage.

(skip_token): New. (_gpgme_verify_status_handler): Watch out for wrong key usage. (gpgme_get_sig_string_attr): Hack to return info on the key usage. Does now make use of the former RESERVED argument which has been renamed to WHATIDX. (gpgme_get_sig_ulong_attr): Renamed RESERVED to WHATIDX. * gpgme.texi (Verify): Explain the new whatidx variable.
2002-06-20 12:13:44 +00:00 · 2002-06-20 12:13:44 +00:00 · 45d99504f5
commit 45d99504f5
parent af2050538e
5 changed files with 70 additions and 20 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,3 +1,7 @@
+2002-06-20  Werner Koch  <wk@gnupg.org>
+
+	* gpgme.texi (Verify): Explain the new whatidx variable.
+
 2002-06-10  Werner Koch  <wk@gnupg.org>

 	* gpgme.texi (Verify): Document attribute GPGME_ATTR_ERRTOK.
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@ -2217,25 +2217,34 @@ fingerprint of the key which signed the plaintext, or @code{NULL} if
 no verification could be performed.
@end deftypefun

-@deftypefun {const char *} gpgme_get_sig_string_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{what}}, @w{int @var{reserved}})
+@deftypefun {const char *} gpgme_get_sig_string_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{what}}, @w{int @var{whatidx}})
 This function is similar to @code{gpgme_get_sig_status} but may be used
 to retrieve more detailed information.  @var{ctx} should be the context
 used for the last signature verification, @var{idx} is used to enumerate
-over all signatures starting with @code{0} and @var{reserved} should be
-@code{0} for now.
+over all signatures starting with @code{0} and @var{whatidx} should be
+@code{0} for unless otherwise stated.

-The attributes @var{what} currently supports are
-@code{GPGME_ATTR_FPR} to return the fingerprint of the key used to
-create the signature and @code{GPGME_ERRTOK} to return a token
-with a more detailed error description.
+The following values may be used for @var{what}:
+@table @code
+@item GPGME_ATTR_FPR
+Return the fingerprint of the key used to create the signature.
+
+@item GPGME_ATTR_ERRTOK
+Return a token with a more detailed error description.  A @var{whatidx}
+of @code{0} returns an error token associated with validity calculation,
+a value of @code{1} return an error token related to the certifixate
+checking.
+
+@end table
@end deftypefun

-@deftypefun {const char *} gpgme_get_sig_ulong_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{waht}}, @w{int @var{reserved}})
-This fucntion is similar to @code{gpgme_get_sig_string_attr} but used
+@deftypefun {const char *} gpgme_get_sig_ulong_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{waht}}, @w{int @var{whatidx}})
+This function is similar to @code{gpgme_get_sig_string_attr} but used
 for attributes which can be represented by an @code{unsigned long} data
 type.  @var{ctx} should be the context used for the last signature
 verification, @var{idx} is used to enumerate over all signatures
-starting with @code{0} and @var{reserved} should be @code{0} for now.
+starting with @code{0} and @var{whatidx} should be @code{0} for unless
+otherwise stated.

 The following values may be used for @var{what}:
@table @code
--- a/gpgme/ChangeLog
+++ b/gpgme/ChangeLog
@ -1,3 +1,13 @@
+2002-06-20  Werner Koch  <wk@gnupg.org>
+
+	* verify.c (calc_sig_summary): Set bad policy for wrong key usage.
+	(skip_token): New.
+	(_gpgme_verify_status_handler): Watch out for wrong key usage.
+	(gpgme_get_sig_string_attr): Hack to return info on the key
+	usage.  Does now make use of the former RESERVED argument which
+	has been renamed to WHATIDX.
+	(gpgme_get_sig_ulong_attr): Renamed RESERVED to WHATIDX.
+
 2002-06-14  Marcus Brinkmann  <marcus@g10code.de>

 	* wait.c (do_select): Return -1 on error, and 0 if nothing to run.
--- a/gpgme/gpgme.h
+++ b/gpgme/gpgme.h
@ -317,11 +317,11 @@ const char *gpgme_get_sig_status (GpgmeCtx ctx, int idx,
 /* Retrieve certain attributes of a signature.  IDX is the index
   number of the signature after a successful verify operation.  WHAT
   is an attribute where GPGME_ATTR_EXPIRE is probably the most useful
-   one.  RESERVED must be passed as 0. */
+   one.  WHATIDX is to be passed as 0 for most attributes . */
 unsigned long gpgme_get_sig_ulong_attr (GpgmeCtx c, int idx,
-                                        GpgmeAttr what, int reserved);
+                                        GpgmeAttr what, int whatidx);
 const char *gpgme_get_sig_string_attr (GpgmeCtx c, int idx,
-                                      GpgmeAttr what, int reserved);
+                                      GpgmeAttr what, int whatidx);


 /* Get the key used to create signature IDX in CTX and return it in
--- a/gpgme/verify.c
+++ b/gpgme/verify.c
@ -44,6 +44,7 @@ struct verify_result_s
  ulong timestamp;	/* Signature creation time.  */
  ulong exptimestamp;   /* signature exipration time or 0 */
  GpgmeValidity validity;
+  int wrong_key_usage;  
  char trust_errtok[31]; /* error token send with the trust status */
 };

@ -82,6 +83,23 @@ is_token (const char *string, const char *token, size_t *next)
  return 1;
 }

+static int
+skip_token (const char *string, size_t *next)
+{
+  size_t n = 0;
+
+  for (;*string && *string != ' '; string++, n++)
+    ;
+  for (;*string == ' '; string++, n++)
+    ;
+  if (!*string)
+    return 0;
+  if (next)
+    *next = n;
+  return 1;
+}
+
+
 static size_t
 copy_token (const char *string, char *buffer, size_t length)
 {
@ -306,6 +324,12 @@ _gpgme_verify_status_handler (GpgmeCtx ctx, GpgStatusCode code, char *args)
            ctx->result.verify->status = GPGME_SIG_STAT_ERROR;

        }
+      else if (skip_token (args, &n) && n)
+        {
+          args += n;
+          if (is_token (args, "Wrong_Key_Usage", NULL))
+            ctx->result.verify->wrong_key_usage = 1;
+        }
      break;

    case STATUS_EOF:
@ -548,6 +572,9 @@ calc_sig_summary (VerifyResult result)
  else if (*result->trust_errtok)
    sum |= GPGME_SIGSUM_SYS_ERROR;

+  if (result->wrong_key_usage)
+    sum |= GPGME_SIGSUM_BAD_POLICY;
+
  /* Set the valid flag when the signature is unquestionable
     valid. */
  if ((sum & GPGME_SIGSUM_GREEN) && !(sum & ~GPGME_SIGSUM_GREEN))
@ -558,15 +585,13 @@ calc_sig_summary (VerifyResult result)


 const char *
-gpgme_get_sig_string_attr (GpgmeCtx c, int idx, GpgmeAttr what, int reserved)
+gpgme_get_sig_string_attr (GpgmeCtx c, int idx, GpgmeAttr what, int whatidx)
 {
  VerifyResult result;

  if (!c || c->pending || !c->result.verify)
    return NULL;	/* No results yet or verification error.  */
-  if (reserved)
-    return NULL; /* We might want to use it to enumerate attributes of
-                    one signature */
+
  for (result = c->result.verify;
       result && idx > 0; result = result->next, idx--)
    ;
@ -578,7 +603,10 @@ gpgme_get_sig_string_attr (GpgmeCtx c, int idx, GpgmeAttr what, int reserved)
    case GPGME_ATTR_FPR:
      return result->fpr;
    case GPGME_ATTR_ERRTOK:
-      return result->trust_errtok;
+      if (whatidx == 1)
+        return result->wrong_key_usage? "Wrong_Key_Usage":"";
+      else
+        return result->trust_errtok;
    default:
      break;
    }
@ -592,8 +620,7 @@ gpgme_get_sig_ulong_attr (GpgmeCtx c, int idx, GpgmeAttr what, int reserved)

  if (!c || c->pending || !c->result.verify)
    return 0;	/* No results yet or verification error.  */
-  if (reserved)
-    return 0; 
+
  for (result = c->result.verify;
       result && idx > 0; result = result->next, idx--)
    ;