1 /* keydb.c - key database dispatcher
2 * Copyright (C) 2001, 2003 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
27 #include <sys/types.h>
32 #include "../kbx/keybox.h"
38 static int active_handles;
41 KEYDB_RESOURCE_TYPE_NONE = 0,
42 KEYDB_RESOURCE_TYPE_KEYBOX
44 #define MAX_KEYDB_RESOURCES 20
46 struct resource_item {
47 KeydbResourceType type;
56 static struct resource_item all_resources[MAX_KEYDB_RESOURCES];
57 static int used_resources;
64 int used; /* items in active */
65 struct resource_item active[MAX_KEYDB_RESOURCES];
69 static int lock_all (KEYDB_HANDLE hd);
70 static void unlock_all (KEYDB_HANDLE hd);
74 * Register a resource (which currently may only be a keybox file).
75 * The first keybox which is added by this function is
76 * created if it does not exist.
77 * Note: this function may be called before secure memory is
81 keydb_add_resource (const char *url, int force, int secret)
83 static int any_secret, any_public;
84 const char *resname = url;
85 char *filename = NULL;
88 KeydbResourceType rt = KEYDB_RESOURCE_TYPE_NONE;
89 const char *created_fname = NULL;
92 gnupg-kbx:filename := this is a plain keybox
93 filename := See what is is, but create as plain keybox.
95 if (strlen (resname) > 10)
97 if (!strncmp (resname, "gnupg-kbx:", 10) )
99 rt = KEYDB_RESOURCE_TYPE_KEYBOX;
102 #if !defined(HAVE_DRIVE_LETTERS) && !defined(__riscos__)
103 else if (strchr (resname, ':'))
105 log_error ("invalid key resource URL `%s'\n", url );
106 rc = gpg_error (GPG_ERR_GENERAL);
109 #endif /* !HAVE_DRIVE_LETTERS && !__riscos__ */
112 if (*resname != DIRSEP_C )
113 { /* do tilde expansion etc */
114 if (strchr(resname, DIRSEP_C) )
115 filename = make_filename (resname, NULL);
117 filename = make_filename (opt.homedir, resname, NULL);
120 filename = xstrdup (resname);
123 force = secret? !any_secret : !any_public;
125 /* see whether we can determine the filetype */
126 if (rt == KEYDB_RESOURCE_TYPE_NONE)
128 FILE *fp2 = fopen( filename, "rb" );
133 /* FIXME: check for the keybox magic */
134 if (fread( &magic, 4, 1, fp2) == 1 )
136 if (magic == 0x13579ace || magic == 0xce9a5713)
137 ; /* GDBM magic - no more support */
139 rt = KEYDB_RESOURCE_TYPE_KEYBOX;
141 else /* maybe empty: assume ring */
142 rt = KEYDB_RESOURCE_TYPE_KEYBOX;
145 else /* no file yet: create ring */
146 rt = KEYDB_RESOURCE_TYPE_KEYBOX;
151 case KEYDB_RESOURCE_TYPE_NONE:
152 log_error ("unknown type of key resource `%s'\n", url );
153 rc = gpg_error (GPG_ERR_GENERAL);
156 case KEYDB_RESOURCE_TYPE_KEYBOX:
157 fp = fopen (filename, "rb");
160 rc = gpg_error (gpg_err_code_from_errno (errno));
166 #if 0 /* no autocreate of the homedirectory yet */
168 char *last_slash_in_filename;
170 last_slash_in_filename = strrchr (filename, DIRSEP_C);
171 *last_slash_in_filename = 0;
172 if (access (filename, F_OK))
173 { /* on the first time we try to create the default
174 homedir and in this case the process will be
175 terminated, so that on the next invocation can
176 read the options file in on startup */
177 try_make_homedir (filename);
178 rc = gpg_error (GPG_ERR_FILE_OPEN_ERROR);
179 *last_slash_in_filename = DIRSEP_C;
182 *last_slash_in_filename = DIRSEP_C;
185 fp = fopen (filename, "w");
188 rc = gpg_error (gpg_err_code_from_errno (errno));
189 log_error (_("error creating keybox `%s': %s\n"),
190 filename, strerror(errno));
195 log_info (_("keybox `%s' created\n"), filename);
196 created_fname = filename;
200 /* now register the file */
203 void *token = keybox_register_file (filename, secret);
205 ; /* already registered - ignore it */
206 else if (used_resources >= MAX_KEYDB_RESOURCES)
207 rc = gpg_error (GPG_ERR_RESOURCE_LIMIT);
210 all_resources[used_resources].type = rt;
211 all_resources[used_resources].u.kr = NULL; /* Not used here */
212 all_resources[used_resources].token = token;
213 all_resources[used_resources].secret = secret;
215 all_resources[used_resources].lockhandle
216 = create_dotlock (filename);
217 if (!all_resources[used_resources].lockhandle)
218 log_fatal ( _("can't create lock for `%s'\n"), filename);
225 log_error ("resource type of `%s' not supported\n", url);
226 rc = gpg_error (GPG_ERR_NOT_SUPPORTED);
230 /* fixme: check directory permissions and print a warning */
234 log_error ("keyblock resource `%s': %s\n", filename, gpg_strerror(rc));
245 keydb_new (int secret)
250 hd = xcalloc (1, sizeof *hd);
253 assert (used_resources <= MAX_KEYDB_RESOURCES);
254 for (i=j=0; i < used_resources; i++)
256 if (!all_resources[i].secret != !secret)
258 switch (all_resources[i].type)
260 case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
262 case KEYDB_RESOURCE_TYPE_KEYBOX:
263 hd->active[j].type = all_resources[i].type;
264 hd->active[j].token = all_resources[i].token;
265 hd->active[j].secret = all_resources[i].secret;
266 hd->active[j].lockhandle = all_resources[i].lockhandle;
267 hd->active[j].u.kr = keybox_new (all_resources[i].token, secret);
268 if (!hd->active[j].u.kr)
271 return NULL; /* fixme: release all previously allocated handles*/
284 keydb_release (KEYDB_HANDLE hd)
290 assert (active_handles > 0);
294 for (i=0; i < hd->used; i++)
296 switch (hd->active[i].type)
298 case KEYDB_RESOURCE_TYPE_NONE:
300 case KEYDB_RESOURCE_TYPE_KEYBOX:
301 keybox_release (hd->active[i].u.kr);
310 /* Return the name of the current resource. This is function first
311 looks for the last found found, then for the current search
312 position, and last returns the first available resource. The
313 returned string is only valid as long as the handle exists. This
314 function does only return NULL if no handle is specified, in all
315 other error cases an empty string is returned. */
317 keydb_get_resource_name (KEYDB_HANDLE hd)
320 const char *s = NULL;
325 if ( hd->found >= 0 && hd->found < hd->used)
327 else if ( hd->current >= 0 && hd->current < hd->used)
332 switch (hd->active[idx].type)
334 case KEYDB_RESOURCE_TYPE_NONE:
337 case KEYDB_RESOURCE_TYPE_KEYBOX:
338 s = keybox_get_resource_name (hd->active[idx].u.kr);
345 /* Switch the handle into ephemeral mode and return the orginal value. */
347 keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
355 if (hd->is_ephemeral != yes)
357 for (i=0; i < hd->used; i++)
359 switch (hd->active[i].type)
361 case KEYDB_RESOURCE_TYPE_NONE:
363 case KEYDB_RESOURCE_TYPE_KEYBOX:
364 keybox_set_ephemeral (hd->active[i].u.kr, yes);
370 i = hd->is_ephemeral;
371 hd->is_ephemeral = yes;
378 lock_all (KEYDB_HANDLE hd)
382 /* Fixme: This locking scheme may lead to deadlock if the resources
383 are not added in the same sequence by all processes. We are
384 cuurently only allowing one resource so it is not a problem. */
385 for (i=0; i < hd->used; i++)
387 switch (hd->active[i].type)
389 case KEYDB_RESOURCE_TYPE_NONE:
391 case KEYDB_RESOURCE_TYPE_KEYBOX:
392 if (hd->active[i].lockhandle)
393 rc = make_dotlock (hd->active[i].lockhandle, -1);
402 /* revert the already set locks */
403 for (i--; i >= 0; i--)
405 switch (hd->active[i].type)
407 case KEYDB_RESOURCE_TYPE_NONE:
409 case KEYDB_RESOURCE_TYPE_KEYBOX:
410 if (hd->active[i].lockhandle)
411 release_dotlock (hd->active[i].lockhandle);
423 unlock_all (KEYDB_HANDLE hd)
430 for (i=hd->used-1; i >= 0; i--)
432 switch (hd->active[i].type)
434 case KEYDB_RESOURCE_TYPE_NONE:
436 case KEYDB_RESOURCE_TYPE_KEYBOX:
437 if (hd->active[i].lockhandle)
438 release_dotlock (hd->active[i].lockhandle);
448 * Return the last found keybox. Caller must free it.
449 * The returned keyblock has the kbode flag bit 0 set for the node with
450 * the public key used to locate the keyblock or flag bit 1 set for
454 keydb_get_keyblock (KEYDB_HANDLE hd, KBNODE *ret_kb)
459 return G10ERR_INV_ARG;
461 if ( hd->found < 0 || hd->found >= hd->used)
462 return -1; /* nothing found */
464 switch (hd->active[hd->found].type) {
465 case KEYDB_RESOURCE_TYPE_NONE:
466 rc = G10ERR_GENERAL; /* oops */
468 case KEYDB_RESOURCE_TYPE_KEYBOX:
469 rc = keybox_get_keyblock (hd->active[hd->found].u.kr, ret_kb);
477 * update the current keyblock with KB
480 keydb_update_keyblock (KEYDB_HANDLE hd, KBNODE kb)
485 return G10ERR_INV_ARG;
487 if ( hd->found < 0 || hd->found >= hd->used)
488 return -1; /* nothing found */
497 switch (hd->active[hd->found].type) {
498 case KEYDB_RESOURCE_TYPE_NONE:
499 rc = G10ERR_GENERAL; /* oops */
501 case KEYDB_RESOURCE_TYPE_KEYBOX:
502 rc = keybox_update_keyblock (hd->active[hd->found].u.kr, kb);
512 * Insert a new KB into one of the resources.
515 keydb_insert_keyblock (KEYDB_HANDLE hd, KBNODE kb)
521 return G10ERR_INV_ARG;
526 if ( hd->found >= 0 && hd->found < hd->used)
528 else if ( hd->current >= 0 && hd->current < hd->used)
531 return G10ERR_GENERAL;
537 switch (hd->active[idx].type) {
538 case KEYDB_RESOURCE_TYPE_NONE:
539 rc = G10ERR_GENERAL; /* oops */
541 case KEYDB_RESOURCE_TYPE_KEYBOX:
542 rc = keybox_insert_keyblock (hd->active[idx].u.kr, kb);
550 #endif /*disabled code*/
555 Return the last found keybox. Caller must free it. The returned
556 keyblock has the kbode flag bit 0 set for the node with the public
557 key used to locate the keyblock or flag bit 1 set for the user ID
560 keydb_get_cert (KEYDB_HANDLE hd, KsbaCert *r_cert)
565 return gpg_error (GPG_ERR_INV_VALUE);
567 if ( hd->found < 0 || hd->found >= hd->used)
568 return -1; /* nothing found */
570 switch (hd->active[hd->found].type)
572 case KEYDB_RESOURCE_TYPE_NONE:
573 rc = gpg_error (GPG_ERR_GENERAL); /* oops */
575 case KEYDB_RESOURCE_TYPE_KEYBOX:
576 rc = keybox_get_cert (hd->active[hd->found].u.kr, r_cert);
584 * Insert a new Certificate into one of the resources.
587 keydb_insert_cert (KEYDB_HANDLE hd, KsbaCert cert)
594 return gpg_error (GPG_ERR_INV_VALUE);
599 if ( hd->found >= 0 && hd->found < hd->used)
601 else if ( hd->current >= 0 && hd->current < hd->used)
604 return gpg_error (GPG_ERR_GENERAL);
610 gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
612 switch (hd->active[idx].type)
614 case KEYDB_RESOURCE_TYPE_NONE:
615 rc = gpg_error (GPG_ERR_GENERAL);
617 case KEYDB_RESOURCE_TYPE_KEYBOX:
618 rc = keybox_insert_cert (hd->active[idx].u.kr, cert, digest);
628 /* update the current keyblock with KB */
630 keydb_update_cert (KEYDB_HANDLE hd, KsbaCert cert)
636 return gpg_error (GPG_ERR_INV_VALUE);
638 if ( hd->found < 0 || hd->found >= hd->used)
639 return -1; /* nothing found */
648 gpgsm_get_fingerprint (cert, GCRY_MD_SHA1, digest, NULL); /* kludge*/
650 switch (hd->active[hd->found].type)
652 case KEYDB_RESOURCE_TYPE_NONE:
653 rc = gpg_error (GPG_ERR_GENERAL); /* oops */
655 case KEYDB_RESOURCE_TYPE_KEYBOX:
656 rc = keybox_update_cert (hd->active[hd->found].u.kr, cert, digest);
666 * The current keyblock or cert will be deleted.
669 keydb_delete (KEYDB_HANDLE hd)
674 return gpg_error (GPG_ERR_INV_VALUE);
676 if ( hd->found < 0 || hd->found >= hd->used)
677 return -1; /* nothing found */
686 switch (hd->active[hd->found].type)
688 case KEYDB_RESOURCE_TYPE_NONE:
689 rc = gpg_error (GPG_ERR_GENERAL);
691 case KEYDB_RESOURCE_TYPE_KEYBOX:
692 rc = keybox_delete (hd->active[hd->found].u.kr);
703 * Locate the default writable key resource, so that the next
704 * operation (which is only relevant for inserts) will be done on this
708 keydb_locate_writable (KEYDB_HANDLE hd, const char *reserved)
713 return gpg_error (GPG_ERR_INV_VALUE);
715 rc = keydb_search_reset (hd); /* this does reset hd->current */
719 for ( ; hd->current >= 0 && hd->current < hd->used; hd->current++)
721 switch (hd->active[hd->current].type)
723 case KEYDB_RESOURCE_TYPE_NONE:
726 case KEYDB_RESOURCE_TYPE_KEYBOX:
727 if (keybox_is_writable (hd->active[hd->current].token))
728 return 0; /* found (hd->current is set to it) */
737 * Rebuild the caches of all key resources.
740 keydb_rebuild_caches (void)
744 for (i=0; i < used_resources; i++)
746 if (all_resources[i].secret)
748 switch (all_resources[i].type)
750 case KEYDB_RESOURCE_TYPE_NONE: /* ignore */
752 case KEYDB_RESOURCE_TYPE_KEYBOX:
753 /* rc = keybox_rebuild_cache (all_resources[i].token); */
755 /* log_error (_("failed to rebuild keybox cache: %s\n"), */
756 /* g10_errstr (rc)); */
765 * Start the next search on this handle right at the beginning
768 keydb_search_reset (KEYDB_HANDLE hd)
773 return gpg_error (GPG_ERR_INV_VALUE);
777 /* and reset all resources */
778 for (i=0; !rc && i < hd->used; i++)
780 switch (hd->active[i].type)
782 case KEYDB_RESOURCE_TYPE_NONE:
784 case KEYDB_RESOURCE_TYPE_KEYBOX:
785 rc = keybox_search_reset (hd->active[i].u.kr);
789 return rc; /* fixme: we need to map error codes or share them with
794 * Search through all keydb resources, starting at the current position,
795 * for a keyblock which contains one of the keys described in the DESC array.
798 keydb_search (KEYDB_HANDLE hd, KEYDB_SEARCH_DESC *desc, size_t ndesc)
803 return gpg_error (GPG_ERR_INV_VALUE);
805 while (rc == -1 && hd->current >= 0 && hd->current < hd->used)
807 switch (hd->active[hd->current].type)
809 case KEYDB_RESOURCE_TYPE_NONE:
810 BUG(); /* we should never see it here */
812 case KEYDB_RESOURCE_TYPE_KEYBOX:
813 rc = keybox_search (hd->active[hd->current].u.kr, desc, ndesc);
816 if (rc == -1) /* EOF -> switch to next resource */
819 hd->found = hd->current;
827 keydb_search_first (KEYDB_HANDLE hd)
829 KEYDB_SEARCH_DESC desc;
831 memset (&desc, 0, sizeof desc);
832 desc.mode = KEYDB_SEARCH_MODE_FIRST;
833 return keydb_search (hd, &desc, 1);
837 keydb_search_next (KEYDB_HANDLE hd)
839 KEYDB_SEARCH_DESC desc;
841 memset (&desc, 0, sizeof desc);
842 desc.mode = KEYDB_SEARCH_MODE_NEXT;
843 return keydb_search (hd, &desc, 1);
847 keydb_search_kid (KEYDB_HANDLE hd, u32 *kid)
849 KEYDB_SEARCH_DESC desc;
851 memset (&desc, 0, sizeof desc);
852 desc.mode = KEYDB_SEARCH_MODE_LONG_KID;
853 /* desc.u.kid[0] = kid[0]; */
854 /* desc.u.kid[1] = kid[1]; */
855 return keydb_search (hd, &desc, 1);
859 keydb_search_fpr (KEYDB_HANDLE hd, const byte *fpr)
861 KEYDB_SEARCH_DESC desc;
863 memset (&desc, 0, sizeof desc);
864 desc.mode = KEYDB_SEARCH_MODE_FPR;
865 memcpy (desc.u.fpr, fpr, 20);
866 return keydb_search (hd, &desc, 1);
870 keydb_search_issuer (KEYDB_HANDLE hd, const char *issuer)
872 KEYDB_SEARCH_DESC desc;
875 memset (&desc, 0, sizeof desc);
876 desc.mode = KEYDB_SEARCH_MODE_ISSUER;
877 desc.u.name = issuer;
878 rc = keydb_search (hd, &desc, 1);
883 keydb_search_issuer_sn (KEYDB_HANDLE hd,
884 const char *issuer, KsbaConstSexp serial)
886 KEYDB_SEARCH_DESC desc;
888 const unsigned char *s;
890 memset (&desc, 0, sizeof desc);
891 desc.mode = KEYDB_SEARCH_MODE_ISSUER_SN;
894 return gpg_error (GPG_ERR_INV_VALUE);
896 for (desc.snlen = 0; digitp (s); s++)
897 desc.snlen = 10*desc.snlen + atoi_1 (s);
899 return gpg_error (GPG_ERR_INV_VALUE);
901 desc.u.name = issuer;
902 rc = keydb_search (hd, &desc, 1);
907 keydb_search_subject (KEYDB_HANDLE hd, const char *name)
909 KEYDB_SEARCH_DESC desc;
912 memset (&desc, 0, sizeof desc);
913 desc.mode = KEYDB_SEARCH_MODE_SUBJECT;
915 rc = keydb_search (hd, &desc, 1);
921 hextobyte (const unsigned char *s)
925 if( *s >= '0' && *s <= '9' )
927 else if ( *s >= 'A' && *s <= 'F' )
928 c = 16 * (10 + *s - 'A');
929 else if ( *s >= 'a' && *s <= 'f' )
930 c = 16 * (10 + *s - 'a');
934 if ( *s >= '0' && *s <= '9' )
936 else if ( *s >= 'A' && *s <= 'F' )
938 else if ( *s >= 'a' && *s <= 'f' )
947 classify_user_id (const char *name,
948 KEYDB_SEARCH_DESC *desc,
956 /* clear the structure so that the mode field is set to zero unless
957 * we set it to the correct value right at the end of this function */
958 memset (desc, 0, sizeof *desc);
960 /* skip leading spaces. Fixme: what about trailing white space? */
961 for(s = name; *s && spacep (s); s++ )
966 case 0: /* empty string is an error */
969 case '.': /* an email address, compare from end */
970 mode = KEYDB_SEARCH_MODE_MAILEND;
975 case '<': /* an email address */
976 mode = KEYDB_SEARCH_MODE_MAIL;
981 case '@': /* part of an email address */
982 mode = KEYDB_SEARCH_MODE_MAILSUB;
987 case '=': /* exact compare */
988 mode = KEYDB_SEARCH_MODE_EXACT;
993 case '*': /* case insensitive substring search */
994 mode = KEYDB_SEARCH_MODE_SUBSTR;
999 case '+': /* compare individual words */
1000 mode = KEYDB_SEARCH_MODE_WORDS;
1005 case '/': /* subject's DN */
1007 if (!*s || spacep (s))
1008 return 0; /* no DN or prefixed with a space */
1010 mode = KEYDB_SEARCH_MODE_SUBJECT;
1019 { /* "#/" indicates an issuer's DN */
1021 if (!*s || spacep (s))
1022 return 0; /* no DN or prefixed with a space */
1024 mode = KEYDB_SEARCH_MODE_ISSUER;
1027 { /* serialnumber + optional issuer ID */
1028 for (si=s; *si && *si != '/'; si++)
1030 if (!strchr("01234567890abcdefABCDEF", *si))
1031 return 0; /* invalid digit in serial number*/
1036 mode = KEYDB_SEARCH_MODE_SN;
1040 if (!*s || spacep (s))
1041 return 0; /* no DN or prefixed with a space */
1043 mode = KEYDB_SEARCH_MODE_ISSUER_SN;
1049 case ':': /*Unified fingerprint */
1051 const char *se, *si;
1054 se = strchr (++s,':');
1057 for (i=0,si=s; si < se; si++, i++ )
1059 if (!strchr("01234567890abcdefABCDEF", *si))
1060 return 0; /* invalid digit */
1062 if (i != 32 && i != 40)
1063 return 0; /* invalid length of fpr*/
1064 for (i=0,si=s; si < se; i++, si +=2)
1065 desc->u.fpr[i] = hextobyte(si);
1069 mode = KEYDB_SEARCH_MODE_FPR;
1074 if (s[0] == '0' && s[1] == 'x')
1080 hexlength = strspn(s, "0123456789abcdefABCDEF");
1081 if (hexlength >= 8 && s[hexlength] =='!')
1084 hexlength++; /* just for the following check */
1087 /* check if a hexadecimal number is terminated by EOS or blank */
1088 if (hexlength && s[hexlength] && !spacep (s+hexlength))
1090 if (hexprefix) /* a "0x" prefix without correct */
1091 return 0; /* termination is an error */
1092 /* The first chars looked like a hex number, but really is
1098 hexlength--; /* remove the bang */
1101 || (!hexprefix && hexlength == 9 && *s == '0'))
1106 kid = strtoul( s, NULL, 16 );
1107 desc->u.kid[4] = kid >> 24;
1108 desc->u.kid[5] = kid >> 16;
1109 desc->u.kid[6] = kid >> 8;
1110 desc->u.kid[7] = kid;
1111 mode = KEYDB_SEARCH_MODE_SHORT_KID;
1113 else if (hexlength == 16
1114 || (!hexprefix && hexlength == 17 && *s == '0'))
1115 { /* complete keyid */
1116 unsigned long kid0, kid1;
1118 if (hexlength == 17)
1120 mem2str(buf, s, 9 );
1121 kid0 = strtoul (buf, NULL, 16);
1122 kid1 = strtoul (s+8, NULL, 16);
1123 desc->u.kid[0] = kid0 >> 24;
1124 desc->u.kid[1] = kid0 >> 16;
1125 desc->u.kid[2] = kid0 >> 8;
1126 desc->u.kid[3] = kid0;
1127 desc->u.kid[4] = kid1 >> 24;
1128 desc->u.kid[5] = kid1 >> 16;
1129 desc->u.kid[6] = kid1 >> 8;
1130 desc->u.kid[7] = kid1;
1131 mode = KEYDB_SEARCH_MODE_LONG_KID;
1133 else if (hexlength == 32
1134 || (!hexprefix && hexlength == 33 && *s == '0'))
1135 { /* md5 fingerprint */
1137 if (hexlength == 33)
1139 memset(desc->u.fpr+16, 0, 4);
1140 for (i=0; i < 16; i++, s+=2)
1142 int c = hextobyte(s);
1147 mode = KEYDB_SEARCH_MODE_FPR16;
1149 else if (hexlength == 40
1150 || (!hexprefix && hexlength == 41 && *s == '0'))
1151 { /* sha1/rmd160 fingerprint */
1153 if (hexlength == 41)
1155 for (i=0; i < 20; i++, s+=2)
1157 int c = hextobyte(s);
1162 mode = KEYDB_SEARCH_MODE_FPR20;
1164 else if (!hexprefix)
1166 /* The fingerprint in an X.509 listing is often delimited by
1167 colons, so we try to single this case out. */
1169 hexlength = strspn (s, ":0123456789abcdefABCDEF");
1170 if (hexlength == 59 && (!s[hexlength] || spacep (s+hexlength)))
1174 for (i=0; i < 20; i++, s += 3)
1176 int c = hextobyte(s);
1177 if (c == -1 || (i < 19 && s[2] != ':'))
1182 mode = KEYDB_SEARCH_MODE_FPR20;
1184 if (!mode) /* default is substring search */
1188 mode = KEYDB_SEARCH_MODE_SUBSTR;
1192 { /* hex number with a prefix but a wrong length */
1203 keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc)
1206 KEYDB_SEARCH_DESC dummy_desc;
1211 if (!classify_user_id (name, desc, &dummy))
1212 return gpg_error (GPG_ERR_INV_NAME);
1217 /* Store the certificate in the key DB but make sure that it does not
1218 already exists. We do this simply by comparing the fingerprint.
1219 If EXISTED is not NULL it will be set to true if the certificate
1220 was already in the DB. */
1222 keydb_store_cert (KsbaCert cert, int ephemeral, int *existed)
1226 unsigned char fpr[20];
1231 if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL))
1233 log_error (_("failed to get the fingerprint\n"));
1234 return gpg_error (GPG_ERR_GENERAL);
1240 log_error (_("failed to allocate keyDB handle\n"));
1241 return gpg_error (GPG_ERR_ENOMEM);;
1245 keydb_set_ephemeral (kh, 1);
1247 rc = keydb_search_fpr (kh, fpr);
1255 return 0; /* okay */
1257 log_error (_("problem looking for existing certificate: %s\n"),
1262 rc = keydb_locate_writable (kh, 0);
1265 log_error (_("error finding writable keyDB: %s\n"), gpg_strerror (rc));
1270 rc = keydb_insert_cert (kh, cert);
1273 log_error (_("error storing certificate: %s\n"), gpg_strerror (rc));
projects / gnupg.git / blob