/* certlist.c - build list of certificates
* Copyright (C) 2001, 2003, 2004, 2005, 2007,
- * 2008 Free Software Foundation, Inc.
+ * 2008, 2011 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
#include <stdlib.h>
#include <string.h>
#include <errno.h>
-#include <unistd.h>
+#include <unistd.h>
#include <time.h>
#include <assert.h>
extusemask |= (KSBA_KEYUSAGE_DIGITAL_SIGNATURE
| KSBA_KEYUSAGE_NON_REPUDIATION);
}
-
+
/* This is a hack to cope with OCSP. Note that we do
not yet fully comply with the requirements and that
the entire CRL/OCSP checking thing should undergo a
}
xfree (extkeyusages);
extkeyusages = NULL;
-
+
if (!any_critical)
extusemask = ~0; /* Reset to the don't care mask. */
}
}
if (err)
- {
+ {
log_error (_("error getting key usage information: %s\n"),
gpg_strerror (err));
xfree (extkeyusages);
return err;
- }
+ }
if (mode == 4)
{
if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN)))
return 0;
- log_info (_("certificate should have not "
+ log_info (_("certificate should not have "
"been used for certification\n"));
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
}
if (mode == 5)
{
- if (use != ~0
+ if (use != ~0
&& (have_ocsp_signing
|| (use & (KSBA_KEYUSAGE_KEY_CERT_SIGN
|KSBA_KEYUSAGE_CRL_SIGN))))
return 0;
- log_info (_("certificate should have not "
+ log_info (_("certificate should not have "
"been used for OCSP response signing\n"));
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
}
)
return 0;
- log_info (mode==3? _("certificate should have not been used for encryption\n"):
- mode==2? _("certificate should have not been used for signing\n"):
+ log_info (mode==3? _("certificate should not have been used for encryption\n"):
+ mode==2? _("certificate should not have been used for signing\n"):
mode==1? _("certificate is not usable for encryption\n"):
_("certificate is not usable for signing\n"));
return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
}
+/* Return true if CERT has the well known private key extension. */
+int
+gpgsm_cert_has_well_known_private_key (ksba_cert_t cert)
+{
+ int idx;
+ const char *oid;
+
+ for (idx=0; !ksba_cert_get_extension (cert, idx,
+ &oid, NULL, NULL, NULL);idx++)
+ if (!strcmp (oid, "1.3.6.1.4.1.11591.2.2.2") )
+ return 1; /* Yes. */
+ return 0; /* No. */
+}
+
+
static int
same_subject_issuer (const char *subject, const char *issuer, ksba_cert_t cert)
{
char *subject2 = ksba_cert_get_subject (cert, 0);
char *issuer2 = ksba_cert_get_issuer (cert, 0);
int tmp;
-
+
tmp = (subject && subject2
&& !strcmp (subject, subject2)
&& issuer && issuer2
/* Add CERT to the list of certificates at CERTADDR but avoid
duplicates. */
-int
+int
gpgsm_add_cert_to_certlist (ctrl_t ctrl, ksba_cert_t cert,
certlist_t *listaddr, int is_encrypt_to)
{
KEYDB_HANDLE kh = NULL;
ksba_cert_t cert = NULL;
- rc = keydb_classify_name (name, &desc);
+ rc = classify_user_id (name, &desc, 0);
if (!rc)
{
kh = keydb_new (0);
/* We want the error code from the first match in this case. */
if (rc && wrong_usage)
rc = wrong_usage;
-
+
if (!rc)
{
certlist_t dup_certs = NULL;
else if (!rc)
{
ksba_cert_t cert2 = NULL;
-
- /* If this is the first possible duplicate, add the original
+
+ /* If this is the first possible duplicate, add the original
certificate to our list of duplicates. */
if (!dup_certs)
gpgsm_add_cert_to_certlist (ctrl, cert, &dup_certs, 0);
keybox). */
if (!keydb_get_cert (kh, &cert2))
{
- int tmp = (same_subject_issuer (first_subject,
- first_issuer,
+ int tmp = (same_subject_issuer (first_subject,
+ first_issuer,
cert2)
&& ((gpg_err_code (
secret? gpgsm_cert_use_sign_p (cert2)
if (is_cert_in_certlist (cert2, dup_certs))
tmp = 1;
}
-
+
ksba_cert_release (cert2);
if (tmp)
goto next_ambigious;
if (!rc && !is_cert_in_certlist (cert, *listaddr))
{
- if (!rc && secret)
+ if (!rc && secret)
{
char *p;
-
+
rc = gpg_error (GPG_ERR_NO_SECKEY);
p = gpgsm_get_keygrip_hexstring (cert);
if (p)
certlist_t cl = xtrycalloc (1, sizeof *cl);
if (!cl)
rc = out_of_core ();
- else
+ else
{
cl->cert = cert; cert = NULL;
cl->next = *listaddr;
}
}
}
-
+
keydb_release (kh);
ksba_cert_release (cert);
return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
KEYDB_HANDLE kh = NULL;
*r_cert = NULL;
- rc = keydb_classify_name (name, &desc);
+ rc = classify_user_id (name, &desc, 0);
if (!rc)
{
kh = keydb_new (0);
if (!rc && keyid)
{
ksba_sexp_t subj;
-
+
rc = ksba_cert_get_subj_key_id (*r_cert, NULL, &subj);
if (!rc)
{
rc = keydb_search (kh, &desc, 1);
if (rc == -1)
rc = 0;
- else
+ else
{
if (!rc)
{
}
}
}
-
+
keydb_release (kh);
return rc == -1? gpg_error (GPG_ERR_NO_PUBKEY): rc;
}
-
projects / gnupg.git / blobdiff