diff options
| author | Werner Koch <[email protected]> | 2002-03-05 15:56:46 +0000 |
|---|---|---|
| committer | Werner Koch <[email protected]> | 2002-03-05 15:56:46 +0000 |
| commit | c8454f792d7d592bd714a05265319287974825c9 (patch) | |
| tree | ddb7b0cfbdacff04ba90276c22c4203dee16b039 /sm/sign.c | |
| parent | Minor fixes; about to release 0.3.1 (diff) | |
| download | gnupg-c8454f792d7d592bd714a05265319287974825c9.tar.gz gnupg-c8454f792d7d592bd714a05265319287974825c9.zip | |
* gpgsm.c, gpgsm.h: Add local_user.
* sign.c (gpgsm_get_default_cert): New.
(get_default_signer): Use the new function if local_user is not
set otherwise used that value.
* encrypt.c (get_default_recipient): Removed.
(gpgsm_encrypt): Use gpgsm_get_default_cert.
* verify.c (gpgsm_verify): Better error text for a bad signature
found by comparing the hashs.
Diffstat (limited to 'sm/sign.c')
| -rw-r--r-- | sm/sign.c | 76 |
1 files changed, 71 insertions, 5 deletions
@@ -61,19 +61,84 @@ hash_data (int fd, GCRY_MD_HD md) } +/* Get the default certificate which is defined as the first one our + keyDB retruns and has a secret key available */ +int +gpgsm_get_default_cert (KsbaCert *r_cert) +{ + KEYDB_HANDLE hd; + KsbaCert cert = NULL; + int rc; + char *p; + + hd = keydb_new (0); + if (!hd) + return GNUPG_General_Error; + rc = keydb_search_first (hd); + if (rc) + { + keydb_release (hd); + return rc; + } + + do + { + rc = keydb_get_cert (hd, &cert); + if (rc) + { + log_error ("keydb_get_cert failed: %s\n", gnupg_strerror (rc)); + keydb_release (hd); + return rc; + } + + p = gpgsm_get_keygrip_hexstring (cert); + if (p) + { + if (!gpgsm_agent_havekey (p)) + { + xfree (p); + keydb_release (hd); + *r_cert = cert; + return 0; /* got it */ + } + xfree (p); + } + + ksba_cert_release (cert); + cert = NULL; + } + while (!(rc = keydb_search_next (hd))); + if (rc && rc != -1) + log_error ("keydb_search_next failed: %s\n", gnupg_strerror (rc)); + + ksba_cert_release (cert); + keydb_release (hd); + return rc; +} + + static KsbaCert get_default_signer (void) { - // const char key[] = "1.2.840.113549.1.9.1=#7472757374407765622E6465#,CN=WEB.DE TrustCenter,OU=TrustCenter,O=WEB.DE AG,L=D-76227 Karlsruhe,C=DE"; - const char key[] = - "/CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=Düsseldorf,C=DE"; - KEYDB_SEARCH_DESC desc; KsbaCert cert = NULL; KEYDB_HANDLE kh = NULL; int rc; - rc = keydb_classify_name (key, &desc); + if (!opt.local_user) + { + rc = gpgsm_get_default_cert (&cert); + if (rc) + { + if (rc != -1) + log_debug ("failed to find default certificate: %s\n", + gnupg_strerror (rc)); + return NULL; + } + return cert; + } + + rc = keydb_classify_name (opt.local_user, &desc); if (rc) { log_error ("failed to find default signer: %s\n", gnupg_strerror (rc)); @@ -103,6 +168,7 @@ get_default_signer (void) } + /* Depending on the options in CTRL add the certificate CERT as well as other certificate up in the chain to the Root-CA to the CMS object. */ |