* import.c (gpgsm_import): Just do a basic cert check before

storing it.
* certpath.c (gpgsm_basic_cert_check): New.

* keydb.c (keydb_store_cert): New.
* import.c (store_cert): Removed and change all caller to use
the new function.
* verify.c (store_cert): Ditto.

* certlist.c (gpgsm_add_to_certlist): Validate the path

* certpath.c (gpgsm_validate_path): Check the trust list.
* call-agent.c (gpgsm_agent_istrusted): New.

1 files changed, 28 insertions, 1 deletions

diff --git a/sm/call-agent.c b/sm/call-agent.c
index 87b10248a..54c2d4e07 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -182,7 +182,8 @@ start_agent (void)
       return seterr (Not_Implemented);
     }
 
-  log_debug ("connection to agent established\n");
+  if (DBG_AGENT)
+    log_debug ("connection to agent established\n");
   return 0;
 }
 
@@ -400,5 +401,31 @@ gpgsm_agent_genkey (KsbaConstSexp keyparms, KsbaSexp *r_pubkey)
   return 0;
 }
 
+
+/* Ask the agent whether the certificate is in the list of trusted
+   keys */
+int
+gpgsm_agent_istrusted (KsbaCert cert)
+{
+  int rc;
+  char *fpr;
+  char line[ASSUAN_LINELENGTH];
 
+  rc = start_agent ();
+  if (rc)
+    return rc;
 
+  fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
+  if (!fpr)
+    {
+      log_error ("error getting the fingerprint\n");
+      return seterr (General_Error);
+    }
+
+  snprintf (line, DIM(line)-1, "ISTRUSTED %s", fpr);
+  line[DIM(line)-1] = 0;
+  xfree (fpr);
+
+  rc = assuan_transact (agent_ctx, line, NULL, NULL, NULL, NULL);
+  return map_assuan_err (rc);
+}