* import.c (gpgsm_import): Try to identify the type of input and

handle certs-only messages.

* maperror.c (map_gcry_err): Add libgcrypt's new S-expression errors.
(map_ksba_err): Add a few mappings.

* configure.ac: We now require libgcrypt 1.1.7 and libksba 0.4.2.

1 files changed, 83 insertions, 17 deletions

diff --git a/sm/import.c b/sm/import.c
index 69c9d3405..1463407a1 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -43,7 +43,9 @@ gpgsm_import (CTRL ctrl, int in_fd)
   Base64Context b64reader = NULL;
   KsbaReader reader;
   KsbaCert cert = NULL;
+  KsbaCMS cms = NULL;
   FILE *fp = NULL;
+  KsbaContentType ct;
 
   fp = fdopen ( dup (in_fd), "rb");
   if (!fp)
@@ -60,30 +62,94 @@ gpgsm_import (CTRL ctrl, int in_fd)
       goto leave;
     }
 
-  cert = ksba_cert_new ();
-  if (!cert)
-    {
-      rc = seterr (Out_Of_Core);
-      goto leave;
-    }
+  ct = ksba_cms_identify (reader);
+  if (ct == KSBA_CT_SIGNED_DATA)
+    { /* This is probably a signed-only message - import the certs */
+      KsbaStopReason stopreason;
+      int i;
 
-  rc = ksba_cert_read_der (cert, reader);
-  if (rc)
-    {
-      rc = map_ksba_err (rc);
-      goto leave;
-    }
+      cms = ksba_cms_new ();
+      if (!cms)
+        {
+          rc = seterr (Out_Of_Core);
+          goto leave;
+        }
 
-  if ( !gpgsm_basic_cert_check (cert) )
-    {
-      if (!keydb_store_cert (cert))
+      rc = ksba_cms_set_reader_writer (cms, reader, NULL);
+      if (rc)
+        {
+          log_error ("ksba_cms_set_reader_writer failed: %s\n",
+                     ksba_strerror (rc));
+          rc = map_ksba_err (rc);
+          goto leave;
+        }
+
+
+      do 
         {
-          if (opt.verbose)
-            log_info ("certificate imported\n");
+          rc = ksba_cms_parse (cms, &stopreason);
+          if (rc)
+            {
+              log_error ("ksba_cms_parse failed: %s\n", ksba_strerror (rc));
+              rc = map_ksba_err (rc);
+              goto leave;
+            }
+
+          if (stopreason == KSBA_SR_BEGIN_DATA)
+              log_info ("not a certs-only message\n");
         }
+      while (stopreason != KSBA_SR_READY);   
+      
+      for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
+        {
+          if ( !gpgsm_basic_cert_check (cert) )
+            {
+              if (!keydb_store_cert (cert))
+                {
+                  if (opt.verbose)
+                    log_info ("certificate imported\n");
+                }
+            }
+          ksba_cert_release (cert); 
+          cert = NULL;
+        }
+
     }
+  else if (ct == KSBA_CT_NONE)
+    { /* Failed to identify this message - assume a certificate */
+
+      cert = ksba_cert_new ();
+      if (!cert)
+        {
+          rc = seterr (Out_Of_Core);
+          goto leave;
+        }
+
+      rc = ksba_cert_read_der (cert, reader);
+      if (rc)
+        {
+          rc = map_ksba_err (rc);
+          goto leave;
+        }
       
+      if ( !gpgsm_basic_cert_check (cert) )
+        {
+          if (!keydb_store_cert (cert))
+            {
+              if (opt.verbose)
+                log_info ("certificate imported\n");
+            }
+        }
+    }
+  else
+    {
+      log_error ("can't extract certificates from input\n");
+      rc = GNUPG_No_Data;
+    }
+   
+
  leave:
+  ksba_cms_release (cms);
   ksba_cert_release (cert);
   gpgsm_destroy_reader (b64reader);
   if (fp)