diff options
Diffstat (limited to '')
| -rw-r--r-- | sm/import.c | 200 |
1 files changed, 17 insertions, 183 deletions
diff --git a/sm/import.c b/sm/import.c index 7fde82327..8dc36c1ad 100644 --- a/sm/import.c +++ b/sm/import.c @@ -31,6 +31,8 @@ #include <ksba.h> #include "gpgsm.h" +#include "keydb.h" +#include "i18n.h" struct reader_cb_parm_s { FILE *fp; @@ -68,199 +70,31 @@ reader_cb (void *cb_value, char *buffer, size_t count, size_t *nread) static void -print_integer (unsigned char *p) +store_cert (KsbaCert cert) { - unsigned long len; - - if (!p) - fputs ("none", stdout); - else - { - len = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; - for (p+=4; len; len--, p++) - printf ("%02X", *p); - } -} - -static void -print_time (time_t t) -{ - - if (!t) - fputs ("none", stdout); - else if ( t == (time_t)(-1) ) - fputs ("error", stdout); - else - { - struct tm *tp; - - tp = gmtime (&t); - printf ("%04d-%02d-%02d %02d:%02d:%02d", - 1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday, - tp->tm_hour, tp->tm_min, tp->tm_sec); - assert (!tp->tm_isdst); - } -} - -static void -print_dn (char *p) -{ - - if (!p) - fputs ("error", stdout); - else - printf ("`%s'", p); -} - -static void -print_cert (KsbaCert cert) -{ - unsigned char *p; - char *dn; - time_t t; - - p = ksba_cert_get_serial (cert); - fputs ("serial: ", stdout); - print_integer (p); - ksba_free (p); - putchar ('\n'); - - t = ksba_cert_get_validity (cert, 0); - fputs ("notBefore: ", stdout); - print_time (t); - putchar ('\n'); - t = ksba_cert_get_validity (cert, 1); - fputs ("notAfter: ", stdout); - print_time (t); - putchar ('\n'); - - dn = ksba_cert_get_issuer (cert); - fputs ("issuer: ", stdout); - print_dn (dn); - ksba_free (dn); - putchar ('\n'); - - dn = ksba_cert_get_subject (cert); - fputs ("subject: ", stdout); - print_dn (dn); - ksba_free (dn); - putchar ('\n'); - - printf ("hash algo: %d\n", ksba_cert_get_digest_algo (cert)); -} - - - -static MPI -do_encode_md (GCRY_MD_HD md, int algo, size_t len, unsigned nbits, - const byte *asn, size_t asnlen) -{ - int nframe = (nbits+7) / 8; - byte *frame; - int i,n; - MPI a; - - if( len + asnlen + 4 > nframe ) - log_bug("can't encode a %d bit MD into a %d bits frame\n", - (int)(len*8), (int)nbits); - - /* We encode the MD in this way: - * - * 0 A PAD(n bytes) 0 ASN(asnlen bytes) MD(len bytes) - * - * PAD consists of FF bytes. - */ - frame = xmalloc (nframe); - n = 0; - frame[n++] = 0; - frame[n++] = 1; /* block type */ - i = nframe - len - asnlen -3 ; - assert( i > 1 ); - memset( frame+n, 0xff, i ); n += i; - frame[n++] = 0; - memcpy( frame+n, asn, asnlen ); n += asnlen; - memcpy( frame+n, gcry_md_read(md, algo), len ); n += len; - assert( n == nframe ); - gcry_mpi_scan ( &a, GCRYMPI_FMT_USG, frame, &nframe); - xfree(frame); - return a; -} - - - - -static void -check_selfsigned_cert (KsbaCert cert) -{ - /* OID for MD5 as defined in PKCS#1 (rfc2313) */ - static byte asn[18] = /* Object ID is 1.2.840.113549.2.5 (md5) */ - { 0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 - }; - - GCRY_MD_HD md; - int rc, algo; - GCRY_MPI frame; - char *p; - GCRY_SEXP s_sig, s_hash, s_pkey; - - algo = ksba_cert_get_digest_algo (cert); - md = gcry_md_open (algo, 0); - if (!md) - { - log_error ("md_open failed: %s\n", gcry_strerror (-1)); - return; - } + KEYDB_HANDLE kh; + int rc; - gcry_md_start_debug (md, "cert"); - rc = ksba_cert_hash (cert, gcry_md_write, md); - if (rc) + kh = keydb_new (0); + if (!kh) { - log_error ("ksba_cert_hash failed: %s\n", ksba_strerror (rc)); - gcry_md_close (md); + log_error (_("failed to allocated keyDB handle\n")); return; } - gcry_md_final (md); - - p = ksba_cert_get_sig_val (cert); - printf ("signature: %s\n", p); - - rc = gcry_sexp_sscan ( &s_sig, NULL, p, strlen(p)); + rc = keydb_locate_writable (kh, 0); if (rc) - { - log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); - return; - } - /*gcry_sexp_dump (s_sig);*/ - - - /* FIXME: need to map the algo to the ASN OID - we assume a fixed - one for now */ - frame = do_encode_md (md, algo, 16, 2048, asn, DIM(asn)); + log_error (_("error finding writable keyDB: %s\n"), gpgsm_strerror (rc)); - /* put hash into the S-Exp s_hash */ - if ( gcry_sexp_build (&s_hash, NULL, "%m", frame) ) - BUG (); - /*fputs ("hash:\n", stderr); gcry_sexp_dump (s_hash);*/ - _gcry_log_mpidump ("hash", frame); - - p = ksba_cert_get_public_key (cert); - printf ("public key: %s\n", p); - - rc = gcry_sexp_sscan ( &s_pkey, NULL, p, strlen(p)); + rc = keydb_insert_cert (kh, cert); if (rc) { - log_error ("gcry_sexp_scan failed: %s\n", gcry_strerror (rc)); - return; + log_error (_("error storing certificate: %s\n"), gpgsm_strerror (rc)); } - /*gcry_sexp_dump (s_pkey);*/ - - rc = gcry_pk_verify (s_sig, s_hash, s_pkey); - log_error ("gcry_pk_verify: %s\n", gcry_strerror (rc)); - + keydb_release (kh); } + int gpgsm_import (int in_fd) @@ -311,9 +145,8 @@ gpgsm_import (int in_fd) goto leave; } - print_cert (cert); - check_selfsigned_cert (cert); - + if ( !gpgsm_validate_path (cert) ) + store_cert (cert); leave: ksba_cert_release (cert); @@ -323,3 +156,4 @@ gpgsm_import (int in_fd) return rc; } + |