* verify.c (calc_sig_summary): Set bad policy for wrong key usage.

(skip_token): New.
(_gpgme_verify_status_handler): Watch out for wrong key usage.
(gpgme_get_sig_string_attr): Hack to return info on the key
usage.  Does now make use of the former RESERVED argument which
has been renamed to WHATIDX.
(gpgme_get_sig_ulong_attr): Renamed RESERVED to WHATIDX.

* gpgme.texi (Verify): Explain the new whatidx variable.

5 files changed, 70 insertions, 20 deletions

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 19a292c0..3c9cee8d 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,7 @@
+2002-06-20  Werner Koch  <[email protected]>
+
+	* gpgme.texi (Verify): Explain the new whatidx variable.
+
 2002-06-10  Werner Koch  <[email protected]>
 
 	* gpgme.texi (Verify): Document attribute GPGME_ATTR_ERRTOK.
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index cd5e57fd..9f07ee92 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -2217,25 +2217,34 @@ fingerprint of the key which signed the plaintext, or @code{NULL} if
 no verification could be performed.
 @end deftypefun
 
-@deftypefun {const char *} gpgme_get_sig_string_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{what}}, @w{int @var{reserved}})
+@deftypefun {const char *} gpgme_get_sig_string_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{what}}, @w{int @var{whatidx}})
 This function is similar to @code{gpgme_get_sig_status} but may be used
 to retrieve more detailed information.  @var{ctx} should be the context
 used for the last signature verification, @var{idx} is used to enumerate
-over all signatures starting with @code{0} and @var{reserved} should be
-@code{0} for now.
+over all signatures starting with @code{0} and @var{whatidx} should be
+@code{0} for unless otherwise stated.
 
-The attributes @var{what} currently supports are
-@code{GPGME_ATTR_FPR} to return the fingerprint of the key used to
-create the signature and @code{GPGME_ERRTOK} to return a token
-with a more detailed error description.
+The following values may be used for @var{what}:
+@table @code
+@item GPGME_ATTR_FPR
+Return the fingerprint of the key used to create the signature.
+
+@item GPGME_ATTR_ERRTOK
+Return a token with a more detailed error description.  A @var{whatidx}
+of @code{0} returns an error token associated with validity calculation,
+a value of @code{1} return an error token related to the certifixate
+checking.
+
+@end table
 @end deftypefun
 
-@deftypefun {const char *} gpgme_get_sig_ulong_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{waht}}, @w{int @var{reserved}})
-This fucntion is similar to @code{gpgme_get_sig_string_attr} but used
+@deftypefun {const char *} gpgme_get_sig_ulong_attr (@w{GpgmeCtx @var{ctx}}, @w{int @var{idx}}, @w{GpgmeAttr @var{waht}}, @w{int @var{whatidx}})
+This function is similar to @code{gpgme_get_sig_string_attr} but used
 for attributes which can be represented by an @code{unsigned long} data
 type.  @var{ctx} should be the context used for the last signature
 verification, @var{idx} is used to enumerate over all signatures
-starting with @code{0} and @var{reserved} should be @code{0} for now.
+starting with @code{0} and @var{whatidx} should be @code{0} for unless
+otherwise stated.
 
 The following values may be used for @var{what}:
 @table @code
diff --git a/gpgme/ChangeLog b/gpgme/ChangeLog
index c017b081..5c68e9c9 100644
--- a/gpgme/ChangeLog
+++ b/gpgme/ChangeLog
@@ -1,3 +1,13 @@
+2002-06-20  Werner Koch  <[email protected]>
+
+	* verify.c (calc_sig_summary): Set bad policy for wrong key usage.
+	(skip_token): New.
+	(_gpgme_verify_status_handler): Watch out for wrong key usage.
+	(gpgme_get_sig_string_attr): Hack to return info on the key
+	usage.  Does now make use of the former RESERVED argument which
+	has been renamed to WHATIDX.
+	(gpgme_get_sig_ulong_attr): Renamed RESERVED to WHATIDX.
+
 2002-06-14  Marcus Brinkmann  <[email protected]>
 
 	* wait.c (do_select): Return -1 on error, and 0 if nothing to run.
diff --git a/gpgme/gpgme.h b/gpgme/gpgme.h
index cc781cdc..798ebd79 100644
--- a/gpgme/gpgme.h
+++ b/gpgme/gpgme.h
@@ -317,11 +317,11 @@ const char *gpgme_get_sig_status (GpgmeCtx ctx, int idx,
 /* Retrieve certain attributes of a signature.  IDX is the index
    number of the signature after a successful verify operation.  WHAT
    is an attribute where GPGME_ATTR_EXPIRE is probably the most useful
-   one.  RESERVED must be passed as 0. */
+   one.  WHATIDX is to be passed as 0 for most attributes . */
 unsigned long gpgme_get_sig_ulong_attr (GpgmeCtx c, int idx,
-                                        GpgmeAttr what, int reserved);
+                                        GpgmeAttr what, int whatidx);
 const char *gpgme_get_sig_string_attr (GpgmeCtx c, int idx,
-                                      GpgmeAttr what, int reserved);
+                                      GpgmeAttr what, int whatidx);
 
 
 /* Get the key used to create signature IDX in CTX and return it in
diff --git a/gpgme/verify.c b/gpgme/verify.c
index fe99aa97..10054262 100644
--- a/gpgme/verify.c
+++ b/gpgme/verify.c
@@ -44,6 +44,7 @@ struct verify_result_s
   ulong timestamp;	/* Signature creation time.  */
   ulong exptimestamp;   /* signature exipration time or 0 */
   GpgmeValidity validity;
+  int wrong_key_usage;  
   char trust_errtok[31]; /* error token send with the trust status */
 };
 
@@ -82,6 +83,23 @@ is_token (const char *string, const char *token, size_t *next)
   return 1;
 }
 
+static int
+skip_token (const char *string, size_t *next)
+{
+  size_t n = 0;
+
+  for (;*string && *string != ' '; string++, n++)
+    ;
+  for (;*string == ' '; string++, n++)
+    ;
+  if (!*string)
+    return 0;
+  if (next)
+    *next = n;
+  return 1;
+}
+
+
 static size_t
 copy_token (const char *string, char *buffer, size_t length)
 {
@@ -306,6 +324,12 @@ _gpgme_verify_status_handler (GpgmeCtx ctx, GpgStatusCode code, char *args)
             ctx->result.verify->status = GPGME_SIG_STAT_ERROR;
 
         }
+      else if (skip_token (args, &n) && n)
+        {
+          args += n;
+          if (is_token (args, "Wrong_Key_Usage", NULL))
+            ctx->result.verify->wrong_key_usage = 1;
+        }
       break;
 
     case STATUS_EOF:
@@ -548,6 +572,9 @@ calc_sig_summary (VerifyResult result)
   else if (*result->trust_errtok)
     sum |= GPGME_SIGSUM_SYS_ERROR;
 
+  if (result->wrong_key_usage)
+    sum |= GPGME_SIGSUM_BAD_POLICY;
+
   /* Set the valid flag when the signature is unquestionable
      valid. */
   if ((sum & GPGME_SIGSUM_GREEN) && !(sum & ~GPGME_SIGSUM_GREEN))
@@ -558,15 +585,13 @@ calc_sig_summary (VerifyResult result)
 
 
 const char *
-gpgme_get_sig_string_attr (GpgmeCtx c, int idx, GpgmeAttr what, int reserved)
+gpgme_get_sig_string_attr (GpgmeCtx c, int idx, GpgmeAttr what, int whatidx)
 {
   VerifyResult result;
 
   if (!c || c->pending || !c->result.verify)
     return NULL;	/* No results yet or verification error.  */
-  if (reserved)
-    return NULL; /* We might want to use it to enumerate attributes of
-                    one signature */
+
   for (result = c->result.verify;
        result && idx > 0; result = result->next, idx--)
     ;
@@ -578,7 +603,10 @@ gpgme_get_sig_string_attr (GpgmeCtx c, int idx, GpgmeAttr what, int reserved)
     case GPGME_ATTR_FPR:
       return result->fpr;
     case GPGME_ATTR_ERRTOK:
-      return result->trust_errtok;
+      if (whatidx == 1)
+        return result->wrong_key_usage? "Wrong_Key_Usage":"";
+      else
+        return result->trust_errtok;
     default:
       break;
     }
@@ -592,8 +620,7 @@ gpgme_get_sig_ulong_attr (GpgmeCtx c, int idx, GpgmeAttr what, int reserved)
 
   if (!c || c->pending || !c->result.verify)
     return 0;	/* No results yet or verification error.  */
-  if (reserved)
-    return 0; 
+
   for (result = c->result.verify;
        result && idx > 0; result = result->next, idx--)
     ;