+2002-11-28 Marcus Brinkmann <marcus@g10code.de>
+
+ * NEWS: Add note about moving "gpgmeplug" to the "cryptplug"
+ package.
+ * README: Remove instructions related to "gpgmeplug".
+ * configure.ac: Remove enable option "gpgmeplug" and automake
+ conditional BUILD_GPGMEPLUG, as well as the status info about it.
+ (GPGMEPLUG): Remove variable.
+ * Makefile.am (gpgmeplug): Remove variable.
+ (SUBDIRS): Remove ${gpgmeplug}.
+ * cryptplug.h, gpgme-openpgp.c, gpgmeplug.dox, gpgme-smime.c,
+ Makefile.am, gpgmeplug.c, ChangeLog: Files removed.
+
2002-11-22 Marcus Brinkmann <marcus@g10code.de>
* configure.ac: Disable GPGSM for all dosish systems.
# Copyright (C) 2000 Werner Koch (dd9jn)
-# Copyright (C) 2001 g10 Code GmbH
+# Copyright (C) 2001, 2002 g10 Code GmbH
#
# This file is part of GPGME.
#
tests =
endif
-if BUILD_GPGMEPLUG
-gpgmeplug = gpgmeplug
-else
-gpgmeplug =
-endif
-
-SUBDIRS = ${assuan} gpgme ${tests} doc ${bonobo} ${complus} ${gpgmeplug}
+SUBDIRS = ${assuan} gpgme ${tests} doc ${bonobo} ${complus}
# Fix the version of the spec file and create a file named VERSION
# to be used for patch's Prereq: feature.
gpgme_op_genkey CHANGED: New parameter FPR.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+Noteworthy changes in version 0.3.13 (2002-11-20)
+-------------------------------------------------
+
+ * Release due to changes in gpgmeplug.
+
+Noteworthy changes in version 0.3.12 (2002-10-15)
+-------------------------------------------------
+
+ * Fixed some bux with key listings.
+
+ * The development has been branched to clean up some API issues.
+ This 0.3 series will be kept for compatibility reasons; so do don't
+ expect new features.
+
Noteworthy changes in version 0.3.11 (2002-09-20)
-------------------------------------------------
specify the location with the --with-gpgsm=/path/to/gpgsm argument to
configure.
-To enable the CryptPlug GPGME PlugIn for both protocols, use the
-`--enable-gpgmeplug' option to the configure script. `gpgmeplug' is
-experimental and you should not assume that it will stay with gpgme.
-The plug-ins are installed by `make install' in `pkglibdir', normally
-`PREFIX/lib/gpgme'.
-
Before building the CVS version following the generic install
instructions in `INSTALL', you need to set up the build scripts with
`./autogen.sh'. To build the W32 version, use `./autogen.sh
AM_CONDITIONAL(BUILD_COMPLUS, test "$component_system" = "COM+")
AM_CONDITIONAL(BUILD_BONOBO, test "$component_system" = "Bonobo")
-GPGMEPLUG=no
-AC_ARG_ENABLE(gpgmeplug,
- AC_HELP_STRING([--enable-gpgmeplug], [build GPGME Crypt Plug-In]),
- GPGMEPLUG=$enableval)
-AM_CONDITIONAL(BUILD_GPGMEPLUG, test "$GPGMEPLUG" = "yes")
-
dnl Make the version number in gpgme/gpgme.h the same as the one here.
dnl (this is easier than to have a *.in file just for one substitution)
GNUPG_FIX_HDR_VERSION(gpgme/gpgme.h, GPGME_VERSION)
AC_CONFIG_FILES(Makefile assuan/Makefile gpgme/Makefile
tests/Makefile tests/gpg/Makefile tests/gpgsm/Makefile
doc/Makefile
- bonobo/Makefile complus/Makefile gpgmeplug/Makefile)
+ bonobo/Makefile complus/Makefile)
AC_CONFIG_FILES(gpgme/gpgme-config, chmod +x gpgme/gpgme-config)
AC_OUTPUT
GpgSM version: min. $NEED_GPGSM_VERSION
GpgSM path: $GPGSM
-
- GPGME CryptPlug: $GPGMEPLUG
"
+++ /dev/null
-2002-11-19 Marcus Brinkmann <marcus@g10code.de>
-
- * gpgmeplug.c (requestDecentralCertificate): Add new argument to
- gpgme_op_genkey invocation.
-
-2002-10-12 Marcus Brinkmann <marcus@g10code.de>
-
- * gpgmeplug.c (checkMessageSignature): Update call to
- gpgme_op_verify to use new arguments.
-
-2002-09-20 Werner Koch <wk@gnupg.org>
-
- * gpgmeplug.c (nextCertificate): Sanity check for empty tmp_dn.
-
-2002-08-20 Steffen Hansen <steffen@hrhansen.dk>
-
- * Use gpgme_op_import_ext() instead of gpgme_op_import(). We
- should now be able to better check for the case when we have no
- error, but still no certificate was imported.
-
-2002-07-31 Steffen Hansen <steffen@hrhansen.dk>
-
- * Renamed importCertificate() to importCertificateWithFPR() and
- implemented importCertificateFromMem().
-
-2002-07-03 Werner Koch <wk@gnupg.org>
-
- * gpgmeplug.c (nextCertificate): Actually free the entire array
- and don't loop over tmp_dn and double free the first item.
- Spotted by Bernhard Herzog.
-
-2002-07-01 Werner Koch <wk@gnupg.org>
-
- * gpgmeplug.c (findCertificates): Reintroduced a free which must
- have been removed after my last fix. This avoids a memory leak
- when a fingerprint was not found. Removed the double loop
- increment in the code to release the arrays.
- (make_fingerprint): Removed superfluous check on retrun value of
- xmalloc.
- (safe_free): Removed. Changed all callers to use a regular free
- and at appropriate palces set the free pointer to NULL. That
- safe_free stuff seems to have been copied verbatim from some
- Mutt example code I posted.
- (storeNewCharPtr): Use xmalloc instead of an unchecked
- malloc. Removed superfluous string termination.
- (parseAddress): Use xmalloc instead of an unchecked malloc.
- (nextAddress): Ditto.
- (xstrdup): Oops, obviously I calculated the length wrong when
- coded this. Tsss, wrote xstrdup some hundreds times but missed it
- this time. Thanks to Steffen Hansen for noticing it.
-
- * gpgmeplug.c: Moved a few helper functions more to the top.
- Fixed comment syntax. Merged a copyright notice somewhere in the
- middle of the file with the one at the top.
-
-2002-06-28 Werner Koch <wk@gnupg.org>
-
- * gpgmeplug.c (xmalloc): New.
- (safe_malloc): Removed this macro and replaced it at all places
- without return values checks by xmalloc.
- (xstrdup): New. Replaces funny named macro with different
- semantics. Changed all callers to the new semantic.
- (findCertificates): Don't free duplicate free the FPR array
- values. Removed the unneeded initialization. Replaces the
- gcc-ish use dynamic allocation of automatic variables by repalce
- maxCerts with a macro MAXCERTS. Made some comments Real C (tm).
- (startListCertificates): Removed uneeded cast from xmalloc.
-
-2002-06-28 Bernhard Reiter <bernhard@intevation.de>
-
- * gpgmeplug.c: new macro days_to_seconds().
- this also fixes the dividing factor.
- (signatureCertificateDaysLeftToExpiry)
- (preceiverCertificateDaysLeftToExpiry): using the new macro
-
- (caCertificateDaysLeftToExpiry)
- (rootCertificateDaysLeftToExpiry): using new macro in deactivated code.
-
-
-2002-06-27 Steffen Hansen <steffen@hrhansen.dk>
-
- * gpgmeplug.c: Fixed pattern related bug.
-
- * cryptplug.h, gpgmeplug.c: Handle truncated data from dirmngr.
-
-2002-06-25 Steffen Hansen <steffen@hrhansen.dk>
-
- * cryptplug.h, gpgmeplug.c: New function importCertificate() for importing a
- certificate from the temp. db to the real one given a fingerprint.
-
-2002-06-20 Werner Koch <wk@gnupg.org>
-
- * gpgmeplug.c (reorder_dn): Added missing stdpart list terminator.
-
-2002-05-30 Steffen Hansen <steffen@hrhansen.dk>
-
- * cryptplug.h, gpgmeplug.c: Added certificate info listing functions.
- Not yet complete.
- Converted more C99 style comments to "classic" style.
-
-2002-03-23 Werner Koch <wk@gnupg.org>
-
- * gpgmeplug.c: Converted it to real C; i.e. use standard comments -
- we are doing ISO C 90. Translated a few German remarks and
- commented on some things.
-
-2002-03-08 Steffen Hansen <steffen@hrhansen.dk>
-
- * A little better address-parsing. Not real rfc822 yet, but at
- least it fetches the address between '<' and '>' now if they are
- present.
-
-2002-03-07 Steffen Hansen <steffen@klaralvdalens-datakonsult.se>
-
- * gpgmeplug.c (encryptMessage): Made the function accept multiple
- reciepients via addressee -- it is now parsed af a comma-separated
- list.
-
-2002-03-06 Werner Koch <wk@gnupg.org>
-
- * gpgmeplug.c (signMessage): Fixed offbyone. Don't include the
- EOS character into the signature.
- (checkMessageSignature): Ditto.
-
-2002-02-28 Kalle Dalheimer <kalle@klaralvdalens-datakonsult.se>
-
- * gpgmeplug.c (signMessage): Implemented warning when signature
- certificates are about to expire
- (isEmailInCertificate): Added support for checking whether the
- signer's email address is contained in his certificate.
-
- * cryptplug.h: Implemented warning when signature
- certificates are about to expire
-
-2002-02-27 Marcus Brinkmann <marcus@g10code.de>
-
- * gpgmeplug.c (signMessage): Fix code syntax.
-
-2002-02-01 Marcus Brinkmann <marcus@g10code.de>
-
- * Makefile.am (EXTRA_gpgme_openpgp_la_SOURCES): New variable.
- (EXTRA_gpgme_smime_la_SOURCES): Likewise.
-
- * gpgmeplug.c (passphrase_cb): Fix type of third argument.
-
-2002-01-16 Marcus Brinkmann <marcus@g10code.de>
-
- * gpgme-openpgp.c: New file.
- * Makefile.am (gpgme_openpgp_la_SOURCES): Replace gpgmeplug.c with
- gpgme-openpgp.c.
-
-2002-01-15 Marcus Brinkmann <marcus@g10code.de>
-
- * gpgmeplug.c: Renamed to ...
- * gpgme-openpgp.c: ... this. New file.
- * gpgsmplug.c: Renamed to ...
- * gpgme-smime.c: ... this. new file.
- * Makefile.am: Rewritten to use libtool's module functionality.
-
-2001-12-19 Marcus Brinkmann <marcus@g10code.de>
-
- * Makefile.am (lib_LTLIBRARIES): Rename to ...
- (noinst_LTLIBRARIES): ... this target.
-
-2001-12-19 Marcus Brinkmann <marcus@g10code.de>
-
- * Makefile.am (libgpgmeplug_la_SOURCES): Remove gpgme.h.
- (libgpgsmplug_la_SOURCES): Likewise.
-
-2001-11-29 Marcus Brinkmann <marcus@g10code.de>
-
- * gpgmeplug.c (checkMessageSignature): Add call to gpgme_set_protocol.
-
-2001-11-24 Marcus Brinkmann <marcus@g10code.de>
-
- * Makefile.am (libgpgsmplug_la_SOURCES): Fix source file.
-
-2001-11-22 Marcus Brinkmann <marcus@g10code.de>
-
- * Makefile.am (libgpgsmplug_la_LIBADD): New variable.
- (libgpgsmplug_la_LDFLAGS): Likewise.
- (libgpgsmplug_la_SOURCES): Likewise.
- (lib_LTLIBRARIES): Add libgpgsmplug.la.
- (INCLUDES): Include the local gpgme.h.
-
- * gpgmeplug.c (signMessage): Set protocol.
- (GPGMEPLUG_PROTOCOL) [!GPGMEPLUG_PROTOCOL]: Set
- GPGMEPLUG_PROTOCOL.
- * gpgsmplug.c: New file.
-
-2001-11-21 Marcus Brinkmann <marcus@g10code.de>
-
- * gpgmeplug.c: Include config.h only if [HAVE_CONFIG_H]. Do not
- include util.h.
- (deinitialize): Use free, not _gpgme_free.
- (setDirectoryServers): Use calloc, not xtrycalloc. Use free, not
- _gpgme_free. Use malloc instead xtrymalloc.
- (appendDirectoryServer): Use realloc, not xtryrealloc.
-
+++ /dev/null
-# $Id$
-#
-# Makefile.am - Automake specification file for GPGMEPLUG.
-# GPGMEPLUG is a GPGME based cryptography plug-in
-# following the common CRYPTPLUG specification.
-#
-# Copyright (C) 2001 by Klar?lvdalens Datakonsult AB
-# Copyright (C) 2002 g10 Code GmbH
-#
-# GPGMEPLUG is free software; you can redistribute it and/or modify
-# it under the terms of GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# GPGMEPLUG is distributed in the hope that it will be useful,
-# it under the terms of GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-#
-## Process this file with automake to produce Makefile.in
-
-INCLUDES = -I$(top_srcdir)/gpgme
-
-pkglib_LTLIBRARIES = gpgme-openpgp.la gpgme-smime.la
-
-gpgme_openpgp_la_SOURCES = cryptplug.h gpgme-openpgp.c
-EXTRA_gpgme_openpgp_la_SOURCES = gpgmeplug.c
-gpgme_openpgp_la_LIBADD = ../gpgme/libgpgme.la
-gpgme_openpgp_la_LDFLAGS = -module -avoid-version
-
-gpgme_smime_la_SOURCES = cryptplug.h gpgme-smime.c
-EXTRA_gpgme_smime_la_SOURCES = gpgmeplug.c
-gpgme_smime_la_LIBADD = ../gpgme/libgpgme.la
-gpgme_smime_la_LDFLAGS = -module -avoid-version
+++ /dev/null
-/* -*- Mode: C -*-
-
- $Id$
-
- CRYPTPLUG - an independent cryptography plug-in API
-
- Copyright (C) 2001 by Klarälvdalens Datakonsult AB
-
- CRYPTPLUG is free software; you can redistribute it and/or modify
- it under the terms of GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- CRYPTPLUG is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-*/
-
-#ifndef CRYPTPLUG_H
-#define CRYPTPLUG_H
-
-#include <stdlib.h>
-
-#ifdef __cplusplus
-extern "C" {
-#else
-typedef char bool;
-#define true 1
-#define false 0
-#endif
-
-/*! \file cryptplug.h
- \brief Common API header for CRYPTPLUG.
-
- CRYPTPLUG is an independent cryptography plug-in API
- developed for Sphinx-enabeling KMail and Mutt.
-
- CRYPTPLUG was designed for the Aegypten project, but it may
- be used by 3rd party developers as well to design pluggable
- crypto backends for the above mentioned MUAs.
-
- \note All string parameters appearing in this API are to be
- interpreted as UTF-8 encoded.
-
- \see pgpplugin.c
- \see gpgplugin.c
-*/
-
-/*! \defgroup groupGeneral Loading and Unloading the Plugin, General Functionality
-
- The functions in this section are used for loading and
- unloading plugins. Note that the actual locating of the plugin
- and the loading and unloading of the dynamic library is not
- covered here; this is MUA-specific code for which support code
- might already exist in the programming environments.
-*/
-
-/*! \defgroup groupDisplay Graphical Display Functionality
-
- The functions in this section return stationery that the
- MUAs can use in order to display security functionality
- graphically. This can be toolbar icons, shortcuts, tooltips,
- etc. Not all MUAs will use all this functionality.
-*/
-
-/*! \defgroup groupConfig Configuration Support
-
- The functions in this section provide the necessary
- functionality to configure the security functionality as well
- as to query configuration settings. Since all configuration
- settings will not be saved with the plugin, but rather with
- the MUA, there are also functions to set configuration
- settings programmatically; these will be used on startup of
- the plugin when the MUA transfers the configuration values it
- has read into the plugin. Usually, the functions to query and
- set the configuration values are not needed for anything but
- saving to and restoring from configuration files.
-*/
-
-
-/*! \defgroup groupConfigSign Signature Configuration
- \ingroup groupConfig
-
- The functions in this section provide the functionality
- to configure signature handling and set and query the
- signature configuration.
-*/
-
-/*! \defgroup groupConfigCrypt Encryption Configuration
- \ingroup groupConfig
-
- The functions in this section provide the functionality
- to configure encryption handling and set and query the
- encryption configuration.
-
- \note Whenever the term <b> encryption</b> is used here,
- it is supposed to mean both encryption and decryption,
- unless otherwise specified.
-*/
-
-/*! \defgroup groupConfigDir Directory Service Configuration
- \ingroup groupConfig
-
- This section contains messages for configuring the
- directory service.
-*/
-
-
-/*! \defgroup groupCertHand Certificate Handling
-
- The following methods are used to maintain and query certificates.
-*/
-
-
-/*! \defgroup groupSignCryptAct Signing and Encrypting Actions
-
- This section describes methods and structures
- used for signing and/or encrypting your mails.
-*/
-
-
-/*! \defgroup groupSignAct Signature Actions
- \ingroup groupSignCryptAct
-
- This section describes methods that are used for working
- with signatures.
-*/
-
-/*! \defgroup groupCryptAct Encryption and Decryption
- \ingroup groupSignCryptAct
-
- The following methods are used to encrypt and decrypt
- email messages.
-*/
-
-/*! \defgroup groupCertAct Certificate Handling Actions
-
- The functions in this section provide local certificate management.
-*/
-
-/*! \defgroup groupCRLAct CRL Handling Actions
-
- This section describes functions for managing CRLs.
-*/
-
-/*! \defgroup groupAdUsoInterno Important functions to be used by plugin implementors ONLY.
-
- This section describes functions that have to be used by
- plugin implementors but should not be used by plugin users
- directly.
-
- If you are not planning to write your own cryptography
- plugin <b>you should ignore this</b> section!
-*/
-
-/*! \defgroup certList Certificate Info listing functions
- */
-
-
-typedef enum {
- Feature_undef = 0,
-
- Feature_SignMessages = 1,
- Feature_VerifySignatures = 2,
- Feature_EncryptMessages = 3,
- Feature_DecryptMessages = 4,
- Feature_SendCertificates = 5,
- Feature_WarnSignCertificateExpiry = 6,
- Feature_WarnSignEmailNotInCertificate = 7,
- Feature_PinEntrySettings = 8,
- Feature_StoreMessagesWithSigs = 9,
- Feature_EncryptionCRLs = 10,
- Feature_WarnEncryptCertificateExpiry = 11,
- Feature_WarnEncryptEmailNotInCertificate = 12,
- Feature_StoreMessagesEncrypted = 13,
- Feature_CheckCertificatePath = 14,
- Feature_CertificateDirectoryService = 15,
- Feature_CRLDirectoryService = 16,
- Feature_CertificateInfo = 17
-} Feature;
-
-/* dummy values */
-typedef enum {
- PinRequest_undef = 0,
-
- PinRequest_Always = 1,
- PinRequest_WhenAddingCerts = 2,
- PinRequest_AlwaysWhenSigning = 3,
- PinRequest_OncePerSession = 4,
- PinRequest_AfterMinutes = 5
-} PinRequests;
-
-
-typedef enum {
- SignatureCompoundMode_undef = 0,
-
- SignatureCompoundMode_Opaque = 1,
- SignatureCompoundMode_Detached = 2
-} SignatureCompoundMode;
-
-
-typedef enum {
- SendCert_undef = 0,
-
- SendCert_DontSend = 1,
- SendCert_SendOwn = 2,
- SendCert_SendChainWithoutRoot = 3,
- SendCert_SendChainWithRoot = 4
-} SendCertificates;
-
-
-typedef enum {
- SignAlg_undef = 0,
-
- SignAlg_SHA1 = 1
-} SignatureAlgorithm;
-
-
-
-typedef enum {
- EncryptAlg_undef = 0,
-
- EncryptAlg_RSA = 1,
- EncryptAlg_SHA1 = 2,
- EncryptAlg_TripleDES = 3
-} EncryptionAlgorithm;
-
-typedef enum {
- SignEmail_undef = 0,
-
- SignEmail_SignAll = 1,
- SignEmail_Ask = 2,
- SignEmail_DontSign = 3
-} SignEmail;
-
-typedef enum {
- EncryptEmail_undef = 0,
-
- EncryptEmail_EncryptAll = 1,
- EncryptEmail_Ask = 2,
- EncryptEmail_DontEncrypt = 3
-} EncryptEmail;
-
-typedef enum {
- CertSrc_undef = 0,
-
- CertSrc_Server = 1,
- CertSrc_Local = 2,
- CertSrc_ServerLocal = CertSrc_Server | CertSrc_Local
-} CertificateSource;
-
-
-/*! \ingroup groupSignAct
- \brief Flags used to compose the SigStatusFlags value.
-
- This status flags are used to compose the SigStatusFlags value
- returned in \c SignatureMetaDataExtendedInfo after trying to
- verify a signed message part's signature status.
-
- The normal flags may <b>not</b> be used together with the
- special SigStat_NUMERICAL_CODE flag. When finding the special
- SigStat_NUMERICAL_CODE flag in a SigStatusFlags value you
- can obtain the respective error code number by substracting
- the SigStatusFlags value by SigStat_NUMERICAL_CODE: this is
- used to transport special status information NOT matching
- any of the normal predefined status codes.
-
- \note to PlugIn developers: Implementations of the CryptPlug API
- should try to express their signature states by bit-wise OR'ing
- the normal SigStatusFlags values. Using the SigStat_NUMERICAL_CODE
- flag should only be used as for exceptional situations where no
- other flag(s) could be used. By using the normal status flags your
- PlugIn's users will be told an understandable description of the
- status - when using (SigStat_NUMERICAL_CODE + internalCode) they
- will only be shown the respective code number and have to look
- into your PlugIn's manual to learn about it's meaning...
-*/
-enum {
- SigStat_VALID = 0x0001, /* The signature is fully valid */
- SigStat_GREEN = 0x0002, /* The signature is good. */
- SigStat_RED = 0x0004, /* The signature is bad. */
- SigStat_KEY_REVOKED = 0x0010, /* One key has been revoked. */
- SigStat_KEY_EXPIRED = 0x0020, /* One key has expired. */
- SigStat_SIG_EXPIRED = 0x0040, /* The signature has expired. */
- SigStat_KEY_MISSING = 0x0080, /* Can't verify: key missing. */
- SigStat_CRL_MISSING = 0x0100, /* CRL not available. */
- SigStat_CRL_TOO_OLD = 0x0200, /* Available CRL is too old. */
- SigStat_BAD_POLICY = 0x0400, /* A policy was not met. */
- SigStat_SYS_ERROR = 0x0800, /* A system error occured. */
-
- SigStat_NUMERICAL_CODE = 0x8000 /* An other error occured. */
-};
-typedef unsigned long SigStatusFlags;
-
-
-#define CRYPTPLUG_CERT_DOES_NEVER_EXPIRE 365000
-
-
-
-
-/*! \ingroup groupGeneral
- \brief This function returns the version string of this cryptography
- plug-in.
-
- If the plugins initialization fails the calling process might want
- to display the library version number to the user for checking if
- there is an old version of the library installed...
-
- \note This function <b>must</b> be implemented by each plug-in using
- this API specification.
-*/
-const char* libVersion( void );
-
-/*! \ingroup groupGeneral
- \brief This function returns a URL to be used for reporting a bug that
- you found (or suspect, resp.) in this cryptography plug-in.
-
- If the plugins for some reason cannot specify an appropriate URL you
- should at least be provided with a text giving you some advise on
- how to report a bug.
-
- \note This function <b>must</b> be implemented by each plug-in using
- this API specification.
-*/
-const char* bugURL( void );
-
-/*! \ingroup groupGeneral
- \brief This function sets up all internal structures.
-
- Plugins that need no initialization should provide an empty
- implementation. The method returns \c true if the initialization was
- successful and \c false otherwise. Before this function is called,
- no other plugin functions should be called; the behavior is
- undefined in this case.
-
- \note This function <b>must</b> be implemented by each plug-in using
- this API specification.
-*/
-bool initialize( void );
-
-/*! \ingroup groupGeneral
- \brief This function frees all internal structures.
-
- Plugins that do not keep any internal structures should provide an
- empty implementation. After this function has been called,
- no other plugin functions should be called; the behavior is
- undefined in this case.
-
- \note This function <b>must</b> be implemented by each plug-in using
- this API specification.
-*/
-void deinitialize( void );
-
-/*! \ingroup groupGeneral
- \brief This function returns \c true if the
- specified feature is available in the plugin, and
- \c false otherwise.
-
- Not all plugins will support all features; a complete Sphinx
- implementation will support all features contained in the enum,
- however.
-
- \note This function <b>must</b> be implemented by each plug-in using
- this API specification.
-*/
-bool hasFeature( Feature );
-
-
-/*! \ingroup groupDisplay
- \brief Returns stationery to indicate unsafe emails.
-*/
-void unsafeStationery( void** pixmap, const char** menutext, char* accel,
- const char** tooltip, const char** statusbartext );
-
-/*! \ingroup groupDisplay
- \brief Returns stationery to indicate signed emails.
-*/
-void signedStationery( void** pixmap, const char** menutext, char* accel,
- const char** tooltip, const char** statusbartext );
-
-/*! \ingroup groupDisplay
- \brief Returns stationery to indicate encrypted emails.
-*/
-void encryptedStationery( void** pixmap, const char**
- menutext, char* accel,
- const char** tooltip, const char** statusbartext );
-
-/*! \ingroup groupDisplay
- \brief Returns stationery to indicate signed and encrypted emails.
-*/
-void signedEncryptedStationery( void** pixmap, const char**
- menutext, char* accel,
- const char** tooltip, const char** statusbartext );
-
-/*! \ingroup groupConfigSign
- \brief This function returns an XML representation of a
- configuration dialog for configuring signature
- handling.
-
- The syntax is that of <filename>.ui</filename>
- files as specified in the <emphasis>Imhotep</emphasis>
- documentation. This function does not execute or show the
- dialog in any way; this is up to the MUA. Also, what the
- MUA makes of the information provided highly depends on
- the MUA itself. A GUI-based MUA will probably create a
- dialog window (possibly integrated into an existing
- configuration dialog in the application), while a
- terminal-based MUA might generate a series of questions or
- a terminal based menu selection.
-*/
-const char* signatureConfigurationDialog( void );
-
-/*! \ingroup groupConfigSign
- \brief This function returns an XML representation of a
- configuration dialog for selecting a signature key.
-
- This will typically be used when the user wants to select a
- signature key for one specific message only; the defaults
- are set in the dialog returned by
- signatureConfigurationDialog().
-*/
-const char* signatureKeySelectionDialog( void );
-
-/*! \ingroup groupConfigSign
- \brief This function returns an XML representation of a
- configuration dialog for selecting a signature
- algorithm.
-
- This will typically be used when the user wants
- to select a signature algorithm for one specific message only; the
- defaults are set in the dialog returned by
- signatureConfigurationDialog().
-*/
-const char* signatureAlgorithmDialog( void );
-
-/*! \ingroup groupConfigSign
- \brief This function returns an XML representation of a
- configuration dialog for selecting whether an email
- message and its attachments should be sent with or
- without signatures.
-
- This will typically be used when the
- user wants to select a signature key for one specific
- message only; the defaults are set in the dialog returned
- by signatureConfigurationDialog().
-*/
-const char* signatureHandlingDialog( void );
-
-/*! \ingroup groupConfigSign
- \brief Sets the signature key certificate that identifies the
- role of the signer.
-*/
-void setSignatureKeyCertificate( const char* certificate );
-
-/*! \ingroup groupConfigSign
- \brief Returns the signature key certificate that identifies
- the role of the signer.
-*/
-const char* signatureKeyCertificate( void );
-
-/*! \ingroup groupConfigSign
- \brief Sets the algorithm used for signing.
-*/
-void setSignatureAlgorithm( SignatureAlgorithm );
-
-/*! \ingroup groupConfigSign
- \brief Returns the algorithm used for signing.
-*/
-SignatureAlgorithm signatureAlgorithm( void );
-
-/*! \ingroup groupConfigSign
-\brief Sets whether signatures and signed data should be send
- as opaque signed or
- as multipart/signed message parts.
-*/
-void setSignatureCompoundMode( SignatureCompoundMode );
-
-/*! \ingroup groupConfigSign
-\brief Returns whether signatures and signed data will be send
- as opaque signed or
- as multipart/signed message parts.
-*/
-SignatureCompoundMode signatureCompoundMode( void );
-
-/*! \ingroup groupConfigSign
- \brief Sets which certificates should be sent with the
- message.
-*/
-void setSendCertificates( SendCertificates );
-/*! \ingroup groupConfigSign
- \brief Returns which certificates should be sent with the
- message.
-*/
-SendCertificates sendCertificates( void );
-
-/*! \ingroup groupConfigSign
- \brief Specifies whether email should be automatically
- signed, signed after confirmation, signed after
- confirmation for each part or not signed at all.
-*/
-void setSignEmail( SignEmail );
-
-/*! \ingroup groupConfigSign
- \brief Returns whether email should be automatically
- signed, signed after confirmation, signed after
- confirmation for each part or not signed at all.
-*/
-SignEmail signEmail( void );
-
-
-/*! \ingroup groupConfigSign
- \brief Specifies whether a warning should be emitted when the user
- tries to send an email message unsigned.
-*/
-void setWarnSendUnsigned( bool );
-
-
-/*! \ingroup groupConfigSign
- \brief Returns whether a warning should be emitted when the user
- tries to send an email message unsigned.
-*/
-bool warnSendUnsigned( void );
-
-
-/*! \ingroup groupConfigSign
- \brief Specifies whether sent email messages should be stored
- with or without their signatures.
-*/
-void setSaveSentSignatures( bool );
-
-/*! \ingroup groupConfigSign
- \brief Returns whether sent email messages should be stored
- with or without their signatures.
-*/
-bool saveSentSignatures( void );
-
-/*! \ingroup groupConfigSign
- \brief Specifies whether a warning should be emitted if the
- email address of the sender is not contained in the
- certificate.
-*/
-void setWarnNoCertificate( bool );
-
-/*! \ingroup groupConfigSign
- \brief Returns whether a warning should be emitted if the
- email address of the sender is not contained in the
- certificate.
-*/
-bool warnNoCertificate( void );
-
-/*!
- \ingroup groupConfigSign
- \brief Returns true if the specified email address is contained
- in the specified certificate.
-*/
-bool isEmailInCertificate( const char* email, const char* certificate );
-
-/*! \ingroup groupConfigSign
- \brief Specifies how often the PIN is requested when
- accessing the secret signature key.
-*/
-void setNumPINRequests( PinRequests );
-
-/*! \ingroup groupConfigSign
- \brief Returns how often the PIN is requested when
- accessing the secret signature key.
-*/
-PinRequests numPINRequests( void );
-
-/*! \ingroup groupConfigSign
- \brief Specifies the interval in minutes the PIN must be reentered if
- numPINRequests() is PinRequest_AfterMinutes.
-*/
-void setNumPINRequestsInterval( int );
-
-
-/*! \ingroup groupConfigSign
- \brief Returns the interval in minutes the PIN must be reentered if
- numPINRequests() is PinRequest_AfterMinutes.
-*/
-int numPINRequestsInterval( void );
-
-
-/*! \ingroup groupConfigSign
- \brief Specifies whether the certificate path should be
- followed to the root certificate or whether locally stored
- certificates may be used.
-*/
-void setCheckSignatureCertificatePathToRoot( bool );
-
-/*! \ingroup groupConfigSign
- \brief Returns whether the certificate path should be
- followed to the root certificate or whether locally stored
- certificates may be used.
-*/
-bool checkSignatureCertificatePathToRoot( void );
-
-/*! \ingroup groupConfigSign
- \brief Specifies whether certificate revocation lists should
- be used.
-*/
-void setSignatureUseCRLs( bool );
-
-/*! \ingroup groupConfigSign
- \brief Returns whether certificate revocation lists should
- be used.
-*/
-bool signatureUseCRLs( void );
-
-/*! \ingroup groupConfigSign
- \brief Specifies whether a warning should be emitted if the
- signature certificate expires in the near future.
-*/
-void setSignatureCertificateExpiryNearWarning( bool );
-
-/*! \ingroup groupConfigSign
- \brief Returns whether a warning should be emitted if
- the signature certificate expires in the near future.
-*/
-bool signatureCertificateExpiryNearWarning( void );
-
-/*! \ingroup groupConfigSign
- \brief Returns the number of days that are left until the
- specified certificate expires.
-
- Negative values show how many days ago the certificate DID expire,
- a zero value means the certificate expires today,
- special value CRYPTPLUG_CERT_DOES_NEVER_EXPIRE means there is
- no expire date stored in this certificate.
-
- \param certificate the certificate to check
-*/
-int signatureCertificateDaysLeftToExpiry( const char* certificate );
-
-/*! \ingroup groupConfigSign
- \brief Specifies the number of days which a signature certificate must
- be valid before it is considered to expire in the near
- future.
-*/
-void setSignatureCertificateExpiryNearInterval( int );
-
-/*! \ingroup groupConfigSign
- \brief Returns the number of days which a signature certificate must
- be valid before it is considered to expire in the near
- future.
-*/
-int signatureCertificateExpiryNearInterval( void );
-
-/*! \ingroup groupConfigSign
- \brief Specifies whether a warning should be emitted if the
- CA certificate expires in the near future.
-*/
-void setCACertificateExpiryNearWarning( bool );
-
-/*! \ingroup groupConfigSign
- \brief Returns whether a warning should be emitted if
- the CA certificate expires in the near future.
-*/
-bool caCertificateExpiryNearWarning( void );
-
-/*! \ingroup groupConfigSign
- \brief Returns the number of days that are left until the
- CA certificate of the specified certificate expires.
-
- Negative values show how many days ago the certificate DID expire,
- a zero value means the certificate expires today,
- special value CRYPTPLUG_CERT_DOES_NEVER_EXPIRE means there is
- no expire date stored in this certificate.
-
- \param certificate the certificate to check
-*/
-int caCertificateDaysLeftToExpiry( const char* certificate );
-
-/*! \ingroup groupConfigSign
- \brief Specifies the number of days which a CA certificate must
- be valid before it is considered to expire in the near
- future.
-*/
-void setCACertificateExpiryNearInterval( int );
-
-/*! \ingroup groupConfigSign
- \brief Returns the number of days which a CA certificate must
- be valid before it is considered to expire in the near
- future.
-*/
-int caCertificateExpiryNearInterval( void );
-
-/*! \ingroup groupConfigSign
- \brief Specifies whether a warning should be emitted if the
- root certificate expires in the near future.
-*/
-void setRootCertificateExpiryNearWarning( bool );
-
-/*! \ingroup groupConfigSign
- \brief Returns whether a warning should be emitted if
- the root certificate expires in the near future.
-*/
-bool rootCertificateExpiryNearWarning( void );
-
-/*! \ingroup groupConfigSign
- \brief Returns the number of days that are left until the
- root certificate of the specified certificate expires.
-
- Negative values show how many days ago the certificate DID expire,
- a zero value means the certificate expires today,
- special value CRYPTPLUG_CERT_DOES_NEVER_EXPIRE means there is
- no expire date stored in this certificate.
-
- \param certificate the certificate to check
-*/
-int rootCertificateDaysLeftToExpiry( const char* certificate );
-
-/*! \ingroup groupConfigSign
- \brief Specifies the number of days which a root certificate must
- be valid before it is considered to expire in the near
- future.
-*/
-void setRootCertificateExpiryNearInterval( int );
-
-/*! \ingroup groupConfigSign
- \brief Returns the number of days which a signature certificate must
- be valid before it is considered to expire in the near
- future.
-*/
-int rootCertificateExpiryNearInterval( void );
-
-
-
-
-/*! \ingroup groupConfigCrypt
- \brief This function returns an XML representation of a
- configuration dialog for configuring encryption
- handling.
-
- The syntax is that of <filename>.ui</filename>
- files as specified in the <emphasis>Imhotep</emphasis>
- documentation. This function does not execute or show the
- dialog in any way; this is up to the MUA. Also, what the
- MUA makes of the information provided highly depends on
- the MUA itself. A GUI-based MUA will probably create a
- dialog window (possibly integrated into an existing
- configuration dialog in the application), while a
- terminal-based MUA might generate a series of questions or
- a terminal based menu selection.
-*/
-const char* encryptionConfigurationDialog( void );
-
-/*! \ingroup groupConfigCrypt
- \brief This function returns an XML representation of a
- configuration dialog for selecting an encryption
- algorithm.
-
- This will typically be used when the user wants
- to select an encryption algorithm for one specific message only; the
- defaults are set in the dialog returned by
- encryptionConfigurationDialog().
-*/
-const char* encryptionAlgorithmDialog( void );
-
-/*! \ingroup groupConfigCrypt
- \brief This function returns an XML representation of a
- configuration dialog for selecting whether an email
- message and its attachments should be encrypted.
-
- This will typically be used when the
- user wants to select an encryption key for one specific
- message only; the defaults are set in the dialog returned
- by encryptionConfigurationDialog().
-*/
-const char* encryptionHandlingDialog( void );
-
-/*! \ingroup groupConfigCrypt
- \brief This function returns an XML representation of a
- dialog that lets the user select the certificate to use
- for encrypting.
-
- If it was not possible to determine the
- correct certificate from the information in the email
- message, the user is presented with a list of possible
- certificates to choose from. If a unique certificate was
- found, this is presented to the user, who needs to confirm
- the selection of the certificate. This procedure is repeated
- for each recipient of the email message.
-*/
-const char* encryptionReceiverDialog( void );
-
-/*! \ingroup groupConfigCrypt
- \brief Sets the algorithm used for encrypting.
-*/
-void setEncryptionAlgorithm( EncryptionAlgorithm );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns the algorithm used for encrypting.
-*/
-EncryptionAlgorithm encryptionAlgorithm( void );
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies whether email should be automatically
- encrypted, encrypted after confirmation, encrypted after
- confirmation for each part or not encrypted at all.
-*/
-void setEncryptEmail( EncryptEmail );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns whether email should be automatically
- encrypted, encrypted after confirmation, encrypted after
- confirmation for each part or not encrypted at all.
-*/
-EncryptEmail encryptEmail( void );
-
-/*! \ingroup groupConfigSign
- \brief Specifies whether a warning should be emitted when the user
- tries to send an email message unencrypted.
-*/
-void setWarnSendUnencrypted( bool );
-
-
-/*! \ingroup groupConfigSign
- \brief Returns whether a warning should be emitted when the user
- tries to send an email message unencrypted.
-*/
-bool warnSendUnencrypted( void );
-
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies whether encrypted email messages should be
- stored encrypted or decrypted.
-*/
-void setSaveMessagesEncrypted( bool );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns whether encrypted email messages should be stored
- encrypted or decrypted.
-*/
-bool saveMessagesEncrypted( void );
-
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies whether the certificate path should be checked
- during encryption.
-*/
-void setCheckCertificatePath( bool );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns whether the certificate path should be checked
- during encryption.
-*/
-bool checkCertificatePath( void );
-
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies whether the certificate path should be
- followed to the root certificate or whether locally stored
- certificates may be used.
-*/
-void setCheckEncryptionCertificatePathToRoot( bool );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns whether the certificate path should be
- followed to the root certificate or whether locally stored
- certificates may be used.
-*/
-bool checkEncryptionCertificatePathToRoot( void );
-
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies whether a warning should be emitted if the
- certificate of the receiver expires in the near future.
-*/
-void setReceiverCertificateExpiryNearWarning( bool );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns whether a warning should be emitted if the
- certificate of the receiver expires in the near future.
-*/
-bool receiverCertificateExpiryNearWarning( void );
-
-
-/*! \ingroup groupConfigCrypt
- \brief Returns the number of days until the specified receiver
- certificate expires.
-
- Negative values show how many days ago the certificate DID expire,
- a zero value means the certificate expires today,
- special value CRYPTPLUG_CERT_DOES_NEVER_EXPIRE means there is
- no expire date stored in this certificate.
-*/
-int receiverCertificateDaysLeftToExpiry( const char* certificate );
-
-
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies the number of days which a receiver certificate
- must be valid before it is considered to expire in the near future.
-*/
-void setReceiverCertificateExpiryNearWarningInterval( int );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns the number of days which a receiver certificate
- must be valid before it is considered to expire in the near future.
-*/
-int receiverCertificateExpiryNearWarningInterval( void );
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies whether a warning should be emitted if
- a certificate in the chain expires in the near future.
-*/
-void setCertificateInChainExpiryNearWarning( bool );
-
-
-/*! \ingroup groupConfigCrypt
- \brief Returns whether a warning should be emitted if a
- certificate in the chain expires in the near future.
-*/
-bool certificateInChainExpiryNearWarning( void );
-
-
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies the number of days which a certificate in the chain
- must be valid before it is considered to expire in the near future.
-*/
-void setCertificateInChainExpiryNearWarningInterval( int );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns the number of days which a certificate in the chain
- must be valid before it is considered to expire in the near future.
-*/
-int certificateInChainExpiryNearWarningInterval( void );
-
-
-/*! \ingroup groupConfigCrypt
- \brief Returns the number of days until the first certificate in
- the chain of the receiver certificate expires.
-
- Negative values show how many days ago the certificate DID expire,
- a zero value means the certificate expires today,
- special value CRYPTPLUG_CERT_DOES_NEVER_EXPIRE means there is
- no expire date stored in this certificate.
-*/
-int certificateInChainDaysLeftToExpiry( const char* certificate );
-
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies whether a warning is emitted if the email address
- of the receiver does not appear in the certificate.
-*/
-void setReceiverEmailAddressNotInCertificateWarning( bool );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns whether a warning is emitted if the email address
- of the receiver does not appear in the certificate.
-*/
-bool receiverEmailAddressNotInCertificateWarning( void );
-
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies whether certificate revocation lists should
- be used.
-*/
-void setEncryptionUseCRLs( bool );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns whether certificate revocation lists should
- be used.
-*/
-bool encryptionUseCRLs( void );
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies whether a warning should be emitted if any
- of the certificates involved in the signing process
- expires in the near future.
-*/
-void setEncryptionCRLExpiryNearWarning( bool );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns whether a warning should be emitted if any
- of the certificates involved in the signing process
- expires in the near future.
-*/
-bool encryptionCRLExpiryNearWarning( void );
-
-/*! \ingroup groupConfigCrypt
- \brief Specifies the number of days which a certificate must
- be valid before it is considered to expire in the near
- future.
-*/
-void setEncryptionCRLNearExpiryInterval( int );
-
-/*! \ingroup groupConfigCrypt
- \brief Returns the number of days which a certificate must
- be valid before it is considered to expire in the near
- future.
-*/
-int encryptionCRLNearExpiryInterval( void );
-
-
-/*! \ingroup groupConfigCrypt
- \brief Returns the number of days the currently active certification
- list is still valid.
-*/
-int encryptionCRLsDaysLeftToExpiry( void );
-
-
-
-/*! \ingroup groupConfigDir
- \brief This function returns an XML representation of a
- configuration dialog for selecting a directory
- server.
-*/
-const char* directoryServiceConfigurationDialog( void );
-
-/*! \ingroup groupConfigDir
- \brief Lets you configure how certificates and certificate
- revocation lists are retrieved (both locally and from directory
- services).
-
- Will mainly be used for restoring
- configuration data; interactive configuration will be done
- via the configuration dialog returned by
- \c directoryServiceConfigurationDialog().
-*/
-void appendDirectoryServer( const char* servername, int port,
- const char* description );
-
-
-
-
-/*! \ingroup groupConfigDir
-*/
-struct DirectoryServer {
- char* servername;
- int port;
- char* description;
-};
-
-
-/*! \ingroup groupConfigDir
- \brief Specifies a list of directory servers.
-
- Will mainly be used for restoring
- configuration data; interactive configuration will be done
- via the configuration dialog returned by
- \c directoryServiceConfigurationDialog().
-*/
-void setDirectoryServers( struct DirectoryServer[], unsigned int size );
-
-/*! \ingroup groupConfigDir
- \brief Returns the list of directory servers.
-
- Will mainly be used for saving configuration data; interactive
- configuration will be done via the configuration dialog
- returned by
- \c directoryServiceConfigurationDialog().
-*/
-struct DirectoryServer* directoryServers( int* numServers );
-
-/*! \ingroup groupConfigDir
- \brief Specifies whether certificates should be retrieved
- from a directory server, only locally, or both.
-*/
-void setCertificateSource( CertificateSource );
-
-/*! \ingroup groupConfigDir
- \brief Returns whether certificates should be retrieved
- from a directory server, only locally, or both.
-*/
-CertificateSource certificateSource( void );
-
-/*! \ingroup groupConfigDir
- \brief Specifies whether certificates should be retrieved
- from a directory server, only locally, or both.
-*/
-void setCRLSource( CertificateSource );
-
-/*! \ingroup groupConfigDir
- \brief Returns whether certificates should be retrieved
- from a directory server, only locally, or both.
-*/
-CertificateSource crlSource( void );
-
-
-/*! \ingroup groupCertHand
- \brief Returns \c true if and only if the
- certificates in the certificate chain starting at
- \c certificate are valid.
-
- If \c level is non-null, the parameter contains
- the degree of trust on a backend-specific scale. In an X.509
- implementation, this will either be \c 1
- (valid up to the root certificate) or \c 0
- (not valid up to the root certificate).
-*/
-bool certificateValidity( const char* certificate, int* level );
-
-
-/*! \ingroup groupSignCryptAct
- \brief Information record returned by signing and by encrypting
- functions - this record should be used together with a
- corresponding \c free_StructuringInfo() function call.
-
- Use this information to compose a MIME object containing signed
- and/or encrypted content (or to build a text frame around your
- flat non-MIME message body, resp.)
-
- <b>If</b> value returned in \c makeMimeObject is <b>TRUE</b> the
- text strings returned in \c contentTypeMain and \c contentDispMain
- and \c contentTEncMain (and, if required, \c content[..]Version and
- \c bodyTextVersion and \c content[..]Sig) should be used to compose
- a respective MIME object.<br>
- If <b>FALSE</b> the texts returned in \c flatTextPrefix and
- \c flatTextSeparator and \c flatTextPostfix are to be used instead.<br>
- Allways <b>either</b> the \c content[..] and \c bodyTextVersion
- parameters <b>or</b> the \c flatText[..] parameters are holding
- valid data - never both of them may be used simultaneously
- as plugins will just ignore the parameters not matching their
- \c makeMimeObject setting.
-
- When creating your MIME object please observe these common rules:
- \li Parameters named \c contentType[..] and \c contentDisp[..] and
- \c contentTEnc[..] will return the values for the respective MIME
- headers 'Content-Type' and 'Content-Disposition' and
- 'Content-Transfer-Encoding'. The following applies to these parameters:
- \li The relevant MIME part may <b>only</b> be created if the respective
- \c contentType[..] parameter is holding a non-zero-length string. If the
- \c contentType[..] parameter value is invalid or holding an empty string
- the respective \c contentDisp[..] and \c contentTEnc[..] parameters
- should be ignored.
- \li If the respective \c contentDisp[..] or \c contentTEnc[..] parameter
- is NULL or holding a zero-length string it is up to you whether you want
- to add the relevant MIME header yourself, but since it in in the
- responsibility of the plugin implementors to provide you with all
- neccessary 'Content-[..]' header information you should <b>not need</b>
- to define them if they are not returned by the signing or encrypting
- function - otherwise this may be considered as a bug in the plugin and
- you could report the missing MIME header information to the address
- returned by the \c bugURL() function.
-
- If \c makeMultiMime returns FALSE the \c contentTypeMain returned must
- not be altered but used to specify a single part mime object holding the
- code bloc, e.g. this is used for 'enveloped-data' single part MIME
- objects. In this case you should ignore both the \c content[..]Version
- and \c content[..]Code parameters.
-
- If \c makeMultiMime returns TRUE also the following rules apply:
- \li If \c includeCleartext is TRUE you should include the cleartext
- as first part of our multipart MIME object, typically this is TRUE
- when signing mails but FALSE when encrypting.
- \li The \c contentTypeMain returned typically starts with
- "multipart/" while providing a "protocol" and a "micalg" parameter: just
- add an appropriate \c "; boundary=[your \c boundary \c string]" to get
- the complete Content-Type value to be used for the MIME object embedding
- both the signed part and the signature part (or - in case of
- encrypting - the version part and the code part, resp.).
- \li If \c contentTypeVersion is holding a non-zero-length string an
- additional MIME part must added immediately before the code part, this
- version part's MIME headers must have the unaltered values of
- \c contentTypeVersion and (if they are holding non-zero-length strings)
- \c contentDispVersion and \c contentTEncVersion, the unaltered contents
- of \c bodyTextVersion must be it's body.
- \li The value returned in \c contentTypeCode is specifying the complete
- Content-Type to be used for this multipart MIME object's signature part
- (or - in case of encrypting - for the code part following after the
- version part, resp.), you should not add/change/remove anything here
- but just use it's unaltered value for specifying the Content-Type header
- of the respective MIME part.
- \li The same applies to the \c contentDispCode value: just use it's
- unaltered value to specify the Content-Disposition header entry of
- the respective MIME part.
- \li The same applies to the \c contentTEncCode value: just use it's
- unaltered value to specify the Content-Transfer-Encoding header of
- the respective MIME part.
-
- <b>If</b> value returned in \c makeMimeObject is <b>FALSE</b> the
- text strings returned in \c flatTextPrefix and \c flatTextPostfix
- should be used to build a frame around the cleartext and the code
- bloc holding the signature (or - in case of encrypting - the encoded
- data bloc, resp.).<br>
- If \c includeCleartext is TRUE this frame should also include the
- cleartext as first bloc, this bloc should be divided from the code bloc
- by the contents of \c flatTextSeparator - typically this is used for
- signing but not when encrypting.<br>
- If \c includeCleartext is FALSE you should ignore both the cleartext
- and the \c flatTextSeparator parameter.
-
- <b>How to use StructuringInfo data in your program:</b>
- \li To compose a signed message please act as described below.
- \li For constructing an encrypted message just replace the
- \c signMessage() call by the respective \c encryptMessage() call
- and then proceed exactly the same way.
- \li In any case make <b>sure</b> to free your \c ciphertext <b>and</b>
- to call \c free_StructuringInfo() when you are done with processing
- the data returned by the signing (or encrypting, resp.) function.
-
-\verbatim
-
- char* ciphertext;
- StructuringInfo structInf;
-
- if( ! signMessage( cleartext, &ciphertext, certificate,
- &structuring ) ) {
-
- myErrorDialog( "Error: could not sign the message!" );
-
- } else {
- if( structInf.makeMimeObject ) {
-
- // Build the main MIME object.
- // This is done by
- // using the header values returned in
- // structInf.contentTypeMain and in
- // structInf.contentDispMain and in
- // structInf.contentTEncMain.
- ..
-
- if( ! structInf.makeMultiMime ) {
-
- // Build the main MIME object's body.
- // This is done by
- // using the code bloc returned in
- // ciphertext.
- ..
-
- } else {
-
- // Build the encapsulated MIME parts.
- if( structInf.includeCleartext ) {
-
- // Build a MIME part holding the cleartext.
- // This is done by
- // using the original cleartext's headers and by
- // taking it's original body text.
- ..
-
- }
- if( structInf.contentTypeVersion
- && 0 < strlen( structInf.contentTypeVersion ) ) {
-
- // Build a MIME part holding the version information.
- // This is done by
- // using the header values returned in
- // structInf.contentTypeVersion and
- // structInf.contentDispVersion and
- // structInf.contentTEncVersion and by
- // taking the body contents returned in
- // structInf.bodyTextVersion.
- ..
-
- }
- if( structInf.contentTypeCode
- && 0 < strlen( structInf.contentTypeCode ) ) {
-
- // Build a MIME part holding the code information.
- // This is done by
- // using the header values returned in
- // structInf.contentTypeCode and
- // structInf.contentDispCode and
- // structInf.contentTEncCode and by
- // taking the body contents returned in
- // ciphertext.
- ..
-
- } else {
-
- // Plugin error!
- myErrorDialog( "Error: Cryptography plugin returned a main"
- "Content-Type=Multipart/.. but did not "
- "specify the code bloc's Content-Type header."
- "\nYou may report this bug:"
- "\n" + cryptplug.bugURL() );
- }
- }
- } else {
-
- // Build a plain message body
- // based on the values returned in structInf.
- // Note: We do _not_ insert line breaks between the parts since
- // it is the plugin job to provide us with ready-to-use
- // texts containing all neccessary line breaks.
- strcpy( myMessageBody, structInf.plainTextPrefix );
- if( structInf.includeCleartext ) {
- strcat( myMessageBody, cleartext );
- strcat( myMessageBody, structInf.plainTextSeparator );
- }
- strcat( myMessageBody, *ciphertext );
- strcat( myMessageBody, structInf.plainTextPostfix );
- }
-
- // free the memory that was allocated
- // for the ciphertext
- free( ciphertext );
-
- // free the memory that was allocated
- // for our StructuringInfo's char* members
- free_StructuringInfo( &structuring );
- }
-
-\endverbatim
-
- \note Make sure to call \c free_StructuringInfo() when you are done
- with processing the StructuringInfo data!
-
- \see free_StructuringInfo
- \see signMessage, encryptMessage, encryptAndSignMessage
-*/
-struct StructuringInfo {
- bool includeCleartext; /*!< specifies whether we should include the
- cleartext as first part of our multipart
- MIME object (or - for non-MIME
- messages - as flat text to be set before
- the ciphertext, resp.), typically this
- is TRUE when signing mails but FALSE
- when encrypting<br>
- (this parameter is relevant no matter
- whether \c makeMimeObject is TRUE or
- FALSE) */
- bool makeMimeObject; /*!< specifies whether we should create a MIME
- object or a flat text message body */
- /* the following are used for MIME messages only */
- bool makeMultiMime; /*!< specifies whether we should create a
- 'Multipart' MIME object or a single part
- object, if FALSE only \c contentTypeMain,
- \c contentDispMain and \c contentTEncMain
- may be used and all other parameters have
- to be ignored<br>
- (ignore this parameter if \c makeMimeObject
- is FALSE) */
- char* contentTypeMain; /*!< value of the main 'Content-Type'
- header<br>
- (ignore this parameter if \c makeMimeObject
- is FALSE) */
- char* contentDispMain; /*!< value of the main 'Content-Disposition'
- header<br>
- (ignore this parameter if \c makeMimeObject
- is FALSE) */
- char* contentTEncMain; /*!< value of the main
- 'Content-TransferEncoding' header<br>
- (ignore this parameter if \c makeMimeObject
- is FALSE) */
- char* contentTypeVersion; /*!< 'Content-Type' of the additional version
- part that might preceed the code part -
- if NULL or zero length no version part
- must be created<br>
- (ignore this parameter if either
- \c makeMimeObject or \c makeMultiMime
- is FALSE) */
- char* contentDispVersion; /*!< 'Content-Disposition' of the additional
- preceeding the code part (only valid if
- \c contentTypeVersion holds a
- non-zero-length string)<br>
- (ignore this parameter if either
- \c makeMimeObject or \c makeMultiMime
- is FALSE or if \c contentTypeVersion does
- not return a non-zero-length string) */
- char* contentTEncVersion; /*!< 'Content-Transfer-Encoding' of the
- additional version part (only valid if
- \c contentTypeVersion holds a
- non-zero-length string)<br>
- (ignore this parameter if either
- \c makeMimeObject or \c makeMultiMime
- is FALSE or if \c contentTypeVersion does
- not return a non-zero-length string) */
- char* bodyTextVersion; /*!< body text of the additional version part
- (only valid if \c contentTypeVersion
- holds a non-zero-length string)<br>
- (ignore this parameter if either
- \c makeMimeObject or \c makeMultiMime
- is FALSE or if \c contentTypeVersion does
- not return a non-zero-length string) */
- char* contentTypeCode; /*!< 'Content-Type' of the code part holding
- the signature code (or the encrypted
- data, resp.)<br>
- (ignore this parameter if either
- \c makeMimeObject or \c makeMultiMime
- is FALSE) */
- char* contentDispCode; /*!< 'Content-Disposition' of the code part<br>
- (ignore this parameter if either
- \c makeMimeObject or \c makeMultiMime
- is FALSE or if \c contentTypeCode does
- not return a non-zero-length string) */
- char* contentTEncCode; /*!< 'Content-Type' of the code part<br>
- (ignore this parameter if either
- \c makeMimeObject or \c makeMultiMime
- is FALSE or if \c contentTypeCode does
- not return a non-zero-length string) */
- /* the following are used for flat non-MIME messages only */
- char* flatTextPrefix; /*!< text to preceed the main text (or the
- code bloc containing the encrypted main
- text, resp.)<br>
- (ignore this parameter if
- \c makeMimeObject is TRUE) */
- char* flatTextSeparator; /*!< text to be put between the main text and
- the signature code bloc (not used when
- encrypting)<br>
- (ignore this parameter if
- \c makeMimeObject is TRUE or if
- \c includeCleartext is FALSE) */
- char* flatTextPostfix; /*!< text to follow the signature code bloc
- (or the encrypted data bloc, resp.)<br>
- (ignore this parameter if
- \c makeMimeObject is TRUE) */
-};
-
-
-/*! \ingroup groupAdUsoInterno
- \brief If you are not planning to write your own cryptography
- plugin <b>you should ignore this</b> function!
-
- Usage of this function is depreciated for plugin users but highly
- recommended for plugin implementors since this is an internal
- function for initializing all char* members of a \c StructuringInfo
- struct.<br>
- This function <b>must</b> be called in <b>any</b> plugin's
- implementations of the following functions:
-
- \c signMessage() <br>
- \c encryptMessage() <br>
- \c encryptAndSignMessage()
-
- Calling this function makes sure the corresponding
- \c free_StructuringInfo() calls which will be embedded by
- your plugin's users into their code will be able to
- determine which of the char* members belonging to the
- respective's StructuringInfo had been allocated memory
- for during previous signing or encrypting actions.
-
- \see free_StructuringInfo, StructuringInfo
- \see signMessage, encryptMessage, encryptAndSignMessage
-*/
- inline void init_StructuringInfo( struct StructuringInfo* s )
- {
- if( ! s ) return;
-
- s->includeCleartext = false;
-
- s->makeMimeObject = false;
- s->makeMultiMime = false;
-
- s->contentTypeMain = 0;
- s->contentDispMain = 0;
- s->contentTEncMain = 0;
-
- s->contentTypeVersion = 0;
- s->contentDispVersion = 0;
- s->contentTEncVersion = 0;
- s->bodyTextVersion = 0;
-
- s->contentTypeCode = 0;
- s->contentDispCode = 0;
- s->contentTEncCode = 0;
-
- s->flatTextPrefix = 0;
- s->flatTextSeparator = 0;
- s->flatTextPostfix = 0;
- }
-
-/*! \ingroup groupSignCryptAct
- \brief Important method for freeing all memory that was allocated
- for the char* members of a \c StructuringInfo struct - use
- this function after <b>each</b> signing or encrypting function
- call.
-
- \note Even when intending to call \c encryptMessage() immediately
- after having called \c signMessage() you first <b>must</b> call
- the \c free_StructuringInfo() function to make sure all memory is
- set free that was allocated for your StructuringInfo's char* members
- by the \c signMessage() function!
-
- \see StructuringInfo
-*/
- inline void free_StructuringInfo( struct StructuringInfo* s )
- {
- if( ! s ) return;
- if( s->contentTypeMain ) free( s->contentTypeMain );
- if( s->contentDispMain ) free( s->contentDispMain );
- if( s->contentTEncMain ) free( s->contentTEncMain );
- if( s->contentTypeVersion ) free( s->contentTypeVersion );
- if( s->contentDispVersion ) free( s->contentDispVersion );
- if( s->contentTEncVersion ) free( s->contentTEncVersion );
- if( s->bodyTextVersion ) free( s->bodyTextVersion );
- if( s->contentTypeCode ) free( s->contentTypeCode );
- if( s->contentDispCode ) free( s->contentDispCode );
- if( s->contentTEncCode ) free( s->contentTEncCode );
- if( s->flatTextPrefix ) free( s->flatTextPrefix );
- if( s->flatTextSeparator ) free( s->flatTextSeparator );
- if( s->flatTextPostfix ) free( s->flatTextPostfix );
- }
-
-
-/*! \ingroup groupSignAct
- \brief Signs a message \c cleartext and returns
- in \c *ciphertext the signature data bloc that
- is to be added to the message. The length returned
- in \c *cipherLen tells you the size (==amount of bytes)
- of the ciphertext, if the structuring information
- would return with contentTEncCode set to "base64"
- the ciphertext might contain a char 0x00
- and has to be converted into base64 before sending.
-
- The signature role is specified by \c certificate.
- If \c certificate is \c NULL, the default certificate is used.
-
- If the message could be signed, the function returns
- \c true, otherwise
- \c false.
-
- Use the StructuringInfo data returned in parameter \c structuring
- to find out how to build the respective MIME object (or the plain
- text message body, resp.).
-
- \note The function allocates memory for the \c *ciphertext, so
- make sure you set free that memory when no longer needing
- it (as shown in example code provided with documentation
- of the struct \c StructuringInfo).
-
- \note The function also allocates memory for some char* members
- of the StructuringInfo* parameter that you are providing,
- therefore you <b>must</b> call the \c free_StructuringInfo() function
- to make sure all memory is set free that was allocated. This must be
- done <b>before</b> calling the next cryptography function - even if
- you intend to call \c encryptMessage() immediately after
- \c signMessage().
-
- \see StructuringInfo, free_StructuringInfo
-*/
-bool signMessage( const char* cleartext,
- char** ciphertext,
- const size_t* cipherLen,
- const char* certificate,
- struct StructuringInfo* structuring,
- int* errId,
- char** errTxt );
-
-
-/*! \ingroup groupSignAct
- */
-struct SignatureMetaDataExtendedInfo
-{
- struct tm* creation_time;
- SigStatusFlags sigStatusFlags;
- char* status_text;
- char* keyid;
- char* fingerprint;
- char* algo;
- char* userid;
- char* name;
- char* comment;
- char** emailList;
- int emailCount;
- unsigned long algo_num;
- unsigned long validity;
- unsigned long userid_num;
- unsigned long keylen;
- unsigned long key_created;
- unsigned long key_expires;
-};
-
-/*! \ingroup groupSignAct
-*/
-struct SignatureMetaData {
- char* status;
- struct SignatureMetaDataExtendedInfo* extended_info;
- int extended_info_count;
- char* nota_xml;
- int status_code;
-};
-
-/*! \ingroup groupSignAct
- \brief Checks whether the signature of a message is
- valid.
-
- \c cleartext must never be 0 but be a valid pointer.
-
- If \c *cleartext > 0 then **cleartext specifies the message text
- that was signed and \c signaturetext is the signature itself.
-
- If \c *cleartext == 0 is an empty string then \c signaturetext is
- supposed to contain an opaque signed message part. After checking the
- data and verifying the signature the cleartext of the message will be
- returned in \c cleartext. The user must free the respective memory
- ocupied by *cleartext.
-
- Depending on the configuration, MUAs might not need to use this.
- If \c sigmeta is non-null, the
- \c SignatureMetaData object pointed to will
- contain meta information about the signature after the
- function call.
-*/
-bool checkMessageSignature( char** cleartext,
- const char* signaturetext,
- bool signatureIsBinary,
- int signatureLen,
- struct SignatureMetaData* sigmeta );
-
-/*! \ingroup groupSignAct
- \brief Stores the certificates that follow with the message
- \c ciphertext locally.
-*/
-bool storeCertificatesFromMessage( const char* ciphertext );
-
-
-/*! \ingroup groupCryptAct
- \brief Find all certificate for a given addressee.
-
- NOTE: The certificate parameter must point to a not-yet allocated
- char*. The function will allocate the memory needed and
- return the size in newSize.
- If secretOnly is true, only secret keys are returned.
-*/
-bool findCertificates( const char* addressee,
- char** certificates,
- int* newSize,
- bool secretOnly );
-
-/*! \ingroup groupCryptAct
- \brief Encrypts an email message in
- \c cleartext according to the \c addressee and
- the current settings (algorithm, etc.) and
- returns the encoded data bloc in \c *ciphertext.
- The length returned in \c *cipherLen tells you the
- size (==amount of bytes) of the ciphertext, if the
- structuring information would return with
- contentTEncCode set to "base64" the ciphertext
- might contain a char 0x00 and has to be converted
- into base64 before sending.
-
- If the message could be encrypted, the function returns
- \c true, otherwise
- \c false.
-
- Use the StructuringInfo data returned in parameter \c structuring
- to find out how to build the respective MIME object (or the plain
- text message body, resp.).
-
- \note The function allocates memory for the \c *ciphertext, so
- make sure you set free that memory when no longer needing
- it (as shown in example code provided with documentation
- of the struct \c StructuringInfo).
-
- \note The function also allocates memory for some char* members
- of the StructuringInfo* parameter that you are providing,
- therefore you <b>must</b> call the \c free_StructuringInfo() function
- to make sure all memory is set free that was allocated. This must be
- done <b>before</b> calling the next cryptography function!
-
- \see StructuringInfo, free_StructuringInfo
-*/
-bool encryptMessage( const char* cleartext,
- const char** ciphertext,
- const size_t* cipherLen,
- const char* addressee,
- struct StructuringInfo* structuring,
- int* errId,
- char** errTxt );
-
-
-/*! \ingroup groupCryptAct
- \brief Combines the functionality of
- \c encryptMessage() and
- \c signMessage().
-
- If \c certificate is \c NULL,
- the default certificate will be used.
-
- If the message could be signed and encrypted, the function returns
- \c true, otherwise
- \c false.
-
- Use the StructuringInfo data returned in parameter \c structuring
- to find out how to build the respective MIME object (or the plain
- text message body, resp.).
-
- \note The function allocates memory for the \c *ciphertext, so
- make sure you set free that memory when no longer needing
- it (as shown in example code provided with documentation
- of the struct \c StructuringInfo).
-
- \note The function also allocates memory for some char* members
- of the StructuringInfo* parameter that you are providing,
- therefore you <b>must</b> call the \c free_StructuringInfo() function
- to make sure all memory is set free that was allocated. This must be
- done <b>before</b> calling the next cryptography function!
-
- \see StructuringInfo, free_StructuringInfo
-*/
-bool encryptAndSignMessage( const char* cleartext,
- const char** ciphertext,
- const char* certificate,
- struct StructuringInfo* structuring );
-
-/*! \ingroup groupCryptAct
- \brief Tries to decrypt an email message
- \c ciphertext and returns the decrypted
- message in \c cleartext.
-
- The \c certificate is used for decryption. If
- the message could be decrypted, the function returns
- \c true, otherwise
- \c false.
-*/
-bool decryptMessage( const char* ciphertext,
- bool cipherIsBinary,
- int cipherLen,
- const char** cleartext,
- const char* certificate,
- int* errId,
- char** errTxt );
-
-/*! \ingroup groupCryptAct
- \brief Combines the functionality of
- \c checkMessageSignature() and
- \c decryptMessage().
-
- If \c certificate is \c NULL,
- the default certificate will be used.
- If \c sigmeta is non-null, the \c SignatureMetaData
- object pointed to will contain meta information about
- the signature after the function call.
-*/
-bool decryptAndCheckMessage( const char* ciphertext,
- bool cipherIsBinary,
- int cipherLen,
- const char** cleartext,
- const char* certificate,
- bool* signatureFound,
- struct SignatureMetaData* sigmeta,
- int* errId,
- char** errTxt );
-
-
-/*! \ingroup groupCertAct
- \brief This function returns an XML representation of a dialog
- that can be used to fill in the data for requesting a
- certificate (which in turn is done with the function
- \c requestCertificate() described
- next.
-*/
-const char* requestCertificateDialog( void );
-
-/*! \ingroup groupCertAct
- \brief Generates a prototype certificate with the data provided
- in the four parameter. The memory returned in \a generatedKey
- must be freed with free() by the caller.
-*/
-bool requestDecentralCertificate( const char* certparms,
- char** generatedKey, int* keyLength );
-
-/*! \ingroup groupCertAct
- \brief Requests a certificate in a PSE from the CA
- specified in \c ca_address.
-*/
-bool requestCentralCertificateAndPSE( const char* name,
- const char* email, const char* organization, const char* department,
- const char* ca_address );
-
-/*! \ingroup groupCertAct
- \brief Creates a local PSE.
-*/
-bool createPSE( void );
-
-/*! \ingroup groupCertAct
- \brief Parses and adds a certificate returned by a CA upon
- request with
- \c requestDecentralCertificate() or
- \c requestCentralCertificate().
-
- If the certificate was requested with
- \c requestCentralCertificate(), the
- certificate returned will come complete with a PSE which is
- also registered with this method.
-*/
-bool registerCertificate( const char* );
-
-/*! \ingroup groupCertAct
- \brief Requests the prolongation of the certificate
- \c certificate from the CA
- \c ca_address.
-*/
-bool requestCertificateProlongation( const char*
- certificate, const char* ca_address );
-
-/*! \ingroup groupCertAct
- \brief Returns an HTML 2-formatted string that describes the
- certificate chain of the user's certificate.
-
- Data displayed is at least the issuer of the certificate, the serial number
- of the certificate, the owner of the certificate, the checksum
- of the certificate, the validity duration of the certificate,
- the usage of the certificate, and the contained email
- addresses, if any.
-*/
-const char* certificateChain( void );
-
-/*! \ingroup groupCertAct
- \brief Deletes the specified user certificate from the current
- PSE.
-*/
-bool deleteCertificate( const char* certificate );
-
-/*! \ingroup groupCertAct
- \brief Archives the specified user certificate in the current PSE.
-
- The certificate cannot be used any longer after this
- operation unless it is unarchived.
-*/
-bool archiveCertificate( const char* certificate );
-
-
-/*! \ingroup groupCRLAct
- \brief Returns a HTML 2-formatted string that describes the
- CRL, suitable for display in the MUA.
-*/
-const char* displayCRL( void );
-
-/*! \ingroup groupCRLAct
- \brief Manually update the CRL. CRLs will also be automatically
- updated on demand by the backend.
-
- If there is a local version of a CRL saved, it will be overwritten
- with the new CRL from the CA.
-*/
-void updateCRL( void );
-
-struct CertIterator;
-
-struct DnPair {
- char *key;
- char *value;
-};
-
-struct CertificateInfo {
- char** userid;
- char* serial;
- char* fingerprint;
-
- char* issuer;
- char* chainid;
-
- char* caps;
-
- unsigned long created;
- unsigned long expire;
-
- int secret : 1;
- int invalid : 1;
- int expired : 1;
- int disabled : 1;
-
-
- struct DnPair *dnarray; /* parsed values from userid[0] */
-};
-
-/*! \function struct CertIterator* startListCertificates( const char* pattern );
- \function struct CertificateInfo* nextCertificate( struct CertIterator* );
- \function void endListCertificates( struct CertIterator* );
-
- \ingroup certList
- Example that runs through certs matching "Steffen":
-\verbatim
- struct CertificateInfo* info;
- struct CertIterator* it = startListCertificates("Steffen", 0 );
- while( nextCertificate( it, &info ) == GPGME_No_Error && info ) {
- do something with info.
- dont free() it, the struct will be reused
- by the next call to nextCertificate()
- }
- int truncated = endListCertificates( it );
-\endverbatim
-*/
-struct CertIterator*
-startListCertificates( const char* pattern, int remote );
-
-int
-nextCertificate( struct CertIterator*, struct CertificateInfo** result );
-
-int
-endListCertificates( struct CertIterator* );
-
-/*!
- Import a certificate that was a result from a search-operation using the startListCertificates(), nextCertificate() funtions.
-
- The fingerprint must be passed to identify the key.
-
- Additional info about the import operation is available in the additional_info parameter. The string must be free'd by the user with free().
- */
-
-int
-importCertificateWithFPR( const char* fingerprint, char** additional_info );
-
-/*!
- Import a certificate from memory.
-
- Additional info about the import operation is available in the additional_info parameter. The string must be free'd by the user with free().
-*/
-int
-importCertificateFromMem( const char* data, size_t length, char** additional_info );
-
-#ifdef __cplusplus
-}
-#endif
-#endif /*CRYPTPLUG_H*/
-
+++ /dev/null
-#define GPGMEPLUG_PROTOCOL GPGME_PROTOCOL_OpenPGP
-
-/* definitions for signing */
-// 1. opaque signatures (only used for S/MIME)
-#define GPGMEPLUG_OPA_SIGN_INCLUDE_CLEARTEXT false
-#define GPGMEPLUG_OPA_SIGN_MAKE_MIME_OBJECT false
-#define GPGMEPLUG_OPA_SIGN_MAKE_MULTI_MIME false
-#define GPGMEPLUG_OPA_SIGN_CTYPE_MAIN ""
-#define GPGMEPLUG_OPA_SIGN_CDISP_MAIN ""
-#define GPGMEPLUG_OPA_SIGN_CTENC_MAIN ""
-#define GPGMEPLUG_OPA_SIGN_CTYPE_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_CDISP_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_CTENC_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_BTEXT_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_CTYPE_CODE ""
-#define GPGMEPLUG_OPA_SIGN_CDISP_CODE ""
-#define GPGMEPLUG_OPA_SIGN_CTENC_CODE ""
-#define GPGMEPLUG_OPA_SIGN_FLAT_PREFIX ""
-#define GPGMEPLUG_OPA_SIGN_FLAT_SEPARATOR ""
-#define GPGMEPLUG_OPA_SIGN_FLAT_POSTFIX ""
-// 2. detached signatures (used for S/MIME and for OpenPGP)
-#define GPGMEPLUG_DET_SIGN_INCLUDE_CLEARTEXT true
-#define GPGMEPLUG_DET_SIGN_MAKE_MIME_OBJECT true
-#define GPGMEPLUG_DET_SIGN_MAKE_MULTI_MIME true
-#define GPGMEPLUG_DET_SIGN_CTYPE_MAIN "multipart/signed; protocol=\"application/pgp-signature\"; micalg=pgp-sha1"
-#define GPGMEPLUG_DET_SIGN_CDISP_MAIN ""
-#define GPGMEPLUG_DET_SIGN_CTENC_MAIN ""
-#define GPGMEPLUG_DET_SIGN_CTYPE_VERSION ""
-#define GPGMEPLUG_DET_SIGN_CDISP_VERSION ""
-#define GPGMEPLUG_DET_SIGN_CTENC_VERSION ""
-#define GPGMEPLUG_DET_SIGN_BTEXT_VERSION ""
-#define GPGMEPLUG_DET_SIGN_CTYPE_CODE "application/pgp-signature"
-#define GPGMEPLUG_DET_SIGN_CDISP_CODE ""
-#define GPGMEPLUG_DET_SIGN_CTENC_CODE ""
-#define GPGMEPLUG_DET_SIGN_FLAT_PREFIX ""
-#define GPGMEPLUG_DET_SIGN_FLAT_SEPARATOR ""
-#define GPGMEPLUG_DET_SIGN_FLAT_POSTFIX ""
-// 3. common definitions for opaque and detached signing
-#define __GPGMEPLUG_SIGNATURE_CODE_IS_BINARY false
-
-/* definitions for encoding */
-#define GPGMEPLUG_ENC_INCLUDE_CLEARTEXT false
-#define GPGMEPLUG_ENC_MAKE_MIME_OBJECT true
-#define GPGMEPLUG_ENC_MAKE_MULTI_MIME true
-#define GPGMEPLUG_ENC_CTYPE_MAIN "multipart/encrypted; protocol=\"application/pgp-encrypted\""
-#define GPGMEPLUG_ENC_CDISP_MAIN ""
-#define GPGMEPLUG_ENC_CTENC_MAIN ""
-#define GPGMEPLUG_ENC_CTYPE_VERSION "application/pgp-encrypted"
-#define GPGMEPLUG_ENC_CDISP_VERSION "attachment"
-#define GPGMEPLUG_ENC_CTENC_VERSION ""
-#define GPGMEPLUG_ENC_BTEXT_VERSION "Version: 1"
-#define GPGMEPLUG_ENC_CTYPE_CODE "application/octet-stream"
-#define GPGMEPLUG_ENC_CDISP_CODE "inline; filename=\"msg.asc\""
-#define GPGMEPLUG_ENC_CTENC_CODE ""
-#define GPGMEPLUG_ENC_FLAT_PREFIX ""
-#define GPGMEPLUG_ENC_FLAT_SEPARATOR ""
-#define GPGMEPLUG_ENC_FLAT_POSTFIX ""
-#define __GPGMEPLUG_ENCRYPTED_CODE_IS_BINARY false
-
-#include "gpgmeplug.c"
+++ /dev/null
-#define GPGMEPLUG_PROTOCOL GPGME_PROTOCOL_CMS
-
-/* definitions for signing */
-// 1. opaque signatures (only used for S/MIME)
-#define GPGMEPLUG_OPA_SIGN_INCLUDE_CLEARTEXT false
-#define GPGMEPLUG_OPA_SIGN_MAKE_MIME_OBJECT true
-#define GPGMEPLUG_OPA_SIGN_MAKE_MULTI_MIME false
-#define GPGMEPLUG_OPA_SIGN_CTYPE_MAIN "application/pkcs7-mime; smime-type=signed-data; name=\"smime.p7m\""
-#define GPGMEPLUG_OPA_SIGN_CDISP_MAIN "attachment; filename=\"smime.p7m\""
-#define GPGMEPLUG_OPA_SIGN_CTENC_MAIN "base64"
-#define GPGMEPLUG_OPA_SIGN_CTYPE_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_CDISP_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_CTENC_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_BTEXT_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_CTYPE_CODE ""
-#define GPGMEPLUG_OPA_SIGN_CDISP_CODE ""
-#define GPGMEPLUG_OPA_SIGN_CTENC_CODE ""
-#define GPGMEPLUG_OPA_SIGN_FLAT_PREFIX ""
-#define GPGMEPLUG_OPA_SIGN_FLAT_SEPARATOR ""
-#define GPGMEPLUG_OPA_SIGN_FLAT_POSTFIX ""
-// 2. detached signatures (used for S/MIME and for OpenPGP)
-#define GPGMEPLUG_DET_SIGN_INCLUDE_CLEARTEXT true
-#define GPGMEPLUG_DET_SIGN_MAKE_MIME_OBJECT true
-#define GPGMEPLUG_DET_SIGN_MAKE_MULTI_MIME true
-#define GPGMEPLUG_DET_SIGN_CTYPE_MAIN "multipart/signed; protocol=\"application/pkcs7-signature\"; micalg=sha1"
-#define GPGMEPLUG_DET_SIGN_CDISP_MAIN ""
-#define GPGMEPLUG_DET_SIGN_CTENC_MAIN ""
-#define GPGMEPLUG_DET_SIGN_CTYPE_VERSION ""
-#define GPGMEPLUG_DET_SIGN_CDISP_VERSION ""
-#define GPGMEPLUG_DET_SIGN_CTENC_VERSION ""
-#define GPGMEPLUG_DET_SIGN_BTEXT_VERSION ""
-#define GPGMEPLUG_DET_SIGN_CTYPE_CODE "application/pkcs7-signature; name=\"smime.p7s\""
-#define GPGMEPLUG_DET_SIGN_CDISP_CODE "attachment; filename=\"smime.p7s\""
-#define GPGMEPLUG_DET_SIGN_CTENC_CODE "base64"
-#define GPGMEPLUG_DET_SIGN_FLAT_PREFIX ""
-#define GPGMEPLUG_DET_SIGN_FLAT_SEPARATOR ""
-#define GPGMEPLUG_DET_SIGN_FLAT_POSTFIX ""
-// 3. common definitions for opaque and detached signing
-#define __GPGMEPLUG_SIGNATURE_CODE_IS_BINARY true
-
-/* definitions for encoding */
-#define GPGMEPLUG_ENC_INCLUDE_CLEARTEXT false
-#define GPGMEPLUG_ENC_MAKE_MIME_OBJECT true
-#define GPGMEPLUG_ENC_MAKE_MULTI_MIME false
-#define GPGMEPLUG_ENC_CTYPE_MAIN "application/pkcs7-mime; smime-type=enveloped-data; name=\"smime.p7m\""
-#define GPGMEPLUG_ENC_CDISP_MAIN "attachment; filename=\"smime.p7m\""
-#define GPGMEPLUG_ENC_CTENC_MAIN "base64"
-#define GPGMEPLUG_ENC_CTYPE_VERSION ""
-#define GPGMEPLUG_ENC_CDISP_VERSION ""
-#define GPGMEPLUG_ENC_CTENC_VERSION ""
-#define GPGMEPLUG_ENC_BTEXT_VERSION ""
-#define GPGMEPLUG_ENC_CTYPE_CODE ""
-#define GPGMEPLUG_ENC_CDISP_CODE ""
-#define GPGMEPLUG_ENC_CTENC_CODE ""
-#define GPGMEPLUG_ENC_FLAT_PREFIX ""
-#define GPGMEPLUG_ENC_FLAT_SEPARATOR ""
-#define GPGMEPLUG_ENC_FLAT_POSTFIX ""
-#define __GPGMEPLUG_ENCRYPTED_CODE_IS_BINARY true
-
-#include "gpgmeplug.c"
+++ /dev/null
-/* -*- Mode: C -*-
-
- $Id$
-
- GPGMEPLUG - an GPGME based cryptography plug-in following
- the common CRYPTPLUG specification.
-
- Copyright (C) 2001 by Klarälvdalens Datakonsult AB
- Copyright (C) 2002 g10 Code GmbH
-
- GPGMEPLUG is free software; you can redistribute it and/or modify
- it under the terms of GNU General Public License as published by
- the Free Software Foundation; version 2 of the License.
-
- GPGMEPLUG is distributed in the hope that it will be useful,
- it under the terms of GNU General Public License as published by
- the Free Software Foundation; version 2 of the License
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
-*/
-
-
-
-/*! \file gpgmeplug.c
- \brief GPGME implementation of CRYPTPLUG following the
- specification located in common API header cryptplug.h.
-
- CRYPTPLUG is an independent cryptography plug-in API
- developed for Sphinx-enabeling KMail and Mutt.
-
- CRYPTPLUG was designed for the Aegypten project, but it may
- be used by 3rd party developers as well to design pluggable
- crypto backends for the above mentioned MUAs.
-
- \note All string parameters appearing in this API are to be
- interpreted as UTF-8 encoded.
-
- \see cryptplug.h
-*/
-
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-#include <stdio.h>
-#include <string.h>
-#include <assert.h>
-#include <errno.h>
-#include <time.h>
-#include <ctype.h>
-
-#ifndef BUG_URL
-#define BUG_URL "http:://www.gnupg.org/aegypten/"
-#endif
-
-#include "gpgme.h"
-#ifndef GPGMEPLUG_PROTOCOL
-#define GPGMEPLUG_PROTOCOL GPGME_PROTOCOL_OpenPGP
-#endif
-
-/* definitions for signing */
-/* 1. opaque signatures (only used for S/MIME). */
-#ifndef GPGMEPLUG_OPA_SIGN_MAKE_MIME_OBJECT
-#define GPGMEPLUG_OPA_SIGN_INCLUDE_CLEARTEXT false
-#define GPGMEPLUG_OPA_SIGN_MAKE_MIME_OBJECT false
-#define GPGMEPLUG_OPA_SIGN_MAKE_MULTI_MIME false
-#define GPGMEPLUG_OPA_SIGN_CTYPE_MAIN ""
-#define GPGMEPLUG_OPA_SIGN_CDISP_MAIN ""
-#define GPGMEPLUG_OPA_SIGN_CTENC_MAIN ""
-#define GPGMEPLUG_OPA_SIGN_CTYPE_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_CDISP_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_CTENC_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_BTEXT_VERSION ""
-#define GPGMEPLUG_OPA_SIGN_CTYPE_CODE ""
-#define GPGMEPLUG_OPA_SIGN_CDISP_CODE ""
-#define GPGMEPLUG_OPA_SIGN_CTENC_CODE ""
-#define GPGMEPLUG_OPA_SIGN_FLAT_PREFIX ""
-#define GPGMEPLUG_OPA_SIGN_FLAT_SEPARATOR ""
-#define GPGMEPLUG_OPA_SIGN_FLAT_POSTFIX ""
-#endif
-/* 2. detached signatures (used for S/MIME and for OpenPGP) */
-#ifndef GPGMEPLUG_DET_SIGN_MAKE_MIME_OBJECT
-#define GPGMEPLUG_DET_SIGN_INCLUDE_CLEARTEXT true
-#define GPGMEPLUG_DET_SIGN_MAKE_MIME_OBJECT true
-#define GPGMEPLUG_DET_SIGN_MAKE_MULTI_MIME true
-#define GPGMEPLUG_DET_SIGN_CTYPE_MAIN "multipart/signed;protocol=application/pgp-signature;micalg=pgp-sha1"
-#define GPGMEPLUG_DET_SIGN_CDISP_MAIN ""
-#define GPGMEPLUG_DET_SIGN_CTENC_MAIN ""
-#define GPGMEPLUG_DET_SIGN_CTYPE_VERSION ""
-#define GPGMEPLUG_DET_SIGN_CDISP_VERSION ""
-#define GPGMEPLUG_DET_SIGN_CTENC_VERSION ""
-#define GPGMEPLUG_DET_SIGN_BTEXT_VERSION ""
-#define GPGMEPLUG_DET_SIGN_CTYPE_CODE "application/pgp-signature"
-#define GPGMEPLUG_DET_SIGN_CDISP_CODE ""
-#define GPGMEPLUG_DET_SIGN_CTENC_CODE ""
-#define GPGMEPLUG_DET_SIGN_FLAT_PREFIX ""
-#define GPGMEPLUG_DET_SIGN_FLAT_SEPARATOR ""
-#define GPGMEPLUG_DET_SIGN_FLAT_POSTFIX ""
-#endif
-/* 3. common definitions for opaque and detached signing */
-#ifndef __GPGMEPLUG_SIGNATURE_CODE_IS_BINARY
-#define __GPGMEPLUG_SIGNATURE_CODE_IS_BINARY false
-#endif
-
-#define __GPGMEPLUG_ERROR_CLEARTEXT_IS_ZERO "Error: Cannot run checkMessageSignature() with cleartext == 0"
-
-/* definitions for encoding */
-#ifndef GPGMEPLUG_ENC_MAKE_MIME_OBJECT
-#define GPGMEPLUG_ENC_INCLUDE_CLEARTEXT false
-#define GPGMEPLUG_ENC_MAKE_MIME_OBJECT true
-#define GPGMEPLUG_ENC_MAKE_MULTI_MIME true
-#define GPGMEPLUG_ENC_CTYPE_MAIN "multipart/encrypted; protocol=application/pgp-encrypted"
-#define GPGMEPLUG_ENC_CDISP_MAIN ""
-#define GPGMEPLUG_ENC_CTENC_MAIN ""
-#define GPGMEPLUG_ENC_CTYPE_VERSION "application/pgp-encrypted"
-#define GPGMEPLUG_ENC_CDISP_VERSION "attachment"
-#define GPGMEPLUG_ENC_CTENC_VERSION ""
-#define GPGMEPLUG_ENC_BTEXT_VERSION "Version: 1"
-#define GPGMEPLUG_ENC_CTYPE_CODE "application/octet-stream"
-#define GPGMEPLUG_ENC_CDISP_CODE "inline; filename=\"msg.asc\""
-#define GPGMEPLUG_ENC_CTENC_CODE ""
-#define GPGMEPLUG_ENC_FLAT_PREFIX ""
-#define GPGMEPLUG_ENC_FLAT_SEPARATOR ""
-#define GPGMEPLUG_ENC_FLAT_POSTFIX ""
-#define __GPGMEPLUG_ENCRYPTED_CODE_IS_BINARY false
-#endif
-/* Note: The following specification will result in
- function encryptAndSignMessage() producing
- _empty_ mails.
- This must be changed as soon as our plugin
- is supporting the encryptAndSignMessage() function. */
-#ifndef GPGMEPLUG_ENCSIGN_MAKE_MIME_OBJECT
-#define GPGMEPLUG_ENCSIGN_INCLUDE_CLEARTEXT false
-#define GPGMEPLUG_ENCSIGN_MAKE_MIME_OBJECT false
-#define GPGMEPLUG_ENCSIGN_MAKE_MULTI_MIME false
-#define GPGMEPLUG_ENCSIGN_CTYPE_MAIN ""
-#define GPGMEPLUG_ENCSIGN_CDISP_MAIN ""
-#define GPGMEPLUG_ENCSIGN_CTENC_MAIN ""
-#define GPGMEPLUG_ENCSIGN_CTYPE_VERSION ""
-#define GPGMEPLUG_ENCSIGN_CDISP_VERSION ""
-#define GPGMEPLUG_ENCSIGN_CTENC_VERSION ""
-#define GPGMEPLUG_ENCSIGN_BTEXT_VERSION ""
-#define GPGMEPLUG_ENCSIGN_CTYPE_CODE ""
-#define GPGMEPLUG_ENCSIGN_CDISP_CODE ""
-#define GPGMEPLUG_ENCSIGN_CTENC_CODE ""
-#define GPGMEPLUG_ENCSIGN_FLAT_PREFIX ""
-#define GPGMEPLUG_ENCSIGN_FLAT_SEPARATOR ""
-#define GPGMEPLUG_ENCSIGN_FLAT_POSTFIX ""
-#endif
-
-#include "cryptplug.h"
-
-
-#define days_from_seconds(x) ((x)/86400)
-
-
-typedef struct {
- const char* bugURL;
- const char* signatureKeyCertificate;
- SignatureAlgorithm signatureAlgorithm;
- SignatureCompoundMode signatureCompoundMode;
- SendCertificates sendCertificates;
- SignEmail signEmail;
- bool saveSentSignatures;
- bool warnNoCertificate;
- PinRequests numPINRequests;
- bool checkSignatureCertificatePathToRoot;
- bool signatureUseCRLs;
- EncryptionAlgorithm encryptionAlgorithm;
- EncryptEmail encryptEmail;
- bool saveMessagesEncrypted;
- bool checkEncryptionCertificatePathToRoot;
- bool encryptionUseCRLs;
- bool encryptionCRLExpiryNearWarning;
- int encryptionCRLNearExpiryInterval;
- struct DirectoryServer *directoryServers;
- unsigned int numDirectoryServers;
- CertificateSource certificateSource;
- CertificateSource cRLSource;
- bool warnSendUnsigned;
- int numPINRequestsInterval;
- bool signatureCertificateExpiryNearWarning;
- int signatureCertificateExpiryNearInterval;
- bool cACertificateExpiryNearWarning;
- int cACertificateExpiryNearInterval;
- bool rootCertificateExpiryNearWarning;
- int rootCertificateExpiryNearInterval;
- bool warnSendUnencrypted;
- bool checkCertificatePath;
- bool receiverCertificateExpiryNearWarning;
- int receiverCertificateExpiryNearWarningInterval;
- bool certificateInChainExpiryNearWarning;
- int certificateInChainExpiryNearWarningInterval;
- bool receiverEmailAddressNotInCertificateWarning;
- const char* libVersion; /* a statically allocated string with the GPGME Version used */
-} Config;
-
-
-Config config;
-
-#define NEAR_EXPIRY 14
-
-/* Max number of parts in a DN */
-#define MAX_GPGME_IDX 20
-
-/* some macros to replace ctype ones and avoid locale problems */
-#define spacep(p) (*(p) == ' ' || *(p) == '\t')
-#define digitp(p) (*(p) >= '0' && *(p) <= '9')
-#define hexdigitp(a) (digitp (a) \
- || (*(a) >= 'A' && *(a) <= 'F') \
- || (*(a) >= 'a' && *(a) <= 'f'))
-/* the atoi macros assume that the buffer has only valid digits */
-#define atoi_1(p) (*(p) - '0' )
-#define atoi_2(p) ((atoi_1(p) * 10) + atoi_1((p)+1))
-#define atoi_4(p) ((atoi_2(p) * 100) + atoi_2((p)+2))
-#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
- *(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
-#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
-
-static void *
-xmalloc (size_t n)
-{
- char *p = malloc (n);
- if (!p)
- {
- fputs ("\nfatal: out of core\n", stderr);
- exit (4);
- }
- return p;
-}
-
-/* Please: Don't call an allocation function xfoo when it may return NULL. */
-/* Wrong: #define xstrdup( x ) (x)?strdup(x):0 */
-/* Right: */
-static char *
-xstrdup (const char *string)
-{
- char *p = xmalloc (strlen (string)+1);
- strcpy (p, string);
- return p;
-}
-
-
-
-bool initialize()
-{
- int engineCheckVersion = gpgme_engine_check_version (GPGMEPLUG_PROTOCOL);
- config.bugURL = malloc( strlen( BUG_URL ) + 1 );
- strcpy( (char* )config.bugURL, BUG_URL );
- config.signatureKeyCertificate = malloc( 1 );
- strcpy( (char* )config.signatureKeyCertificate, "" );
- config.signatureAlgorithm = SignAlg_SHA1;
- if( GPGMEPLUG_PROTOCOL == GPGME_PROTOCOL_CMS )
- config.signatureCompoundMode = SignatureCompoundMode_Opaque;
- else
- config.signatureCompoundMode = SignatureCompoundMode_Detached;
- config.sendCertificates = SendCert_SendChainWithRoot;
- config.signEmail = SignEmail_SignAll;
- config.saveSentSignatures = true;
- config.warnNoCertificate = true;
- config.numPINRequests = PinRequest_Always;
- config.checkSignatureCertificatePathToRoot = true;
- config.signatureUseCRLs = true;
- config.encryptionAlgorithm = EncryptAlg_RSA;
- config.encryptEmail = EncryptEmail_Ask;
- config.saveMessagesEncrypted = true;
- config.checkEncryptionCertificatePathToRoot = true;
- config.encryptionUseCRLs = true;
- config.encryptionCRLExpiryNearWarning = true;
- config.encryptionCRLNearExpiryInterval = NEAR_EXPIRY;
- config.directoryServers = NULL;
- config.numDirectoryServers = 0;
- config.certificateSource = CertSrc_Server;
- config.cRLSource = CertSrc_Server;
- config.warnSendUnsigned = true;
- config.numPINRequestsInterval = NEAR_EXPIRY;
- config.signatureCertificateExpiryNearWarning = true;
- config.signatureCertificateExpiryNearInterval = NEAR_EXPIRY;
- config.cACertificateExpiryNearWarning = true;
- config.cACertificateExpiryNearInterval = NEAR_EXPIRY;
- config.rootCertificateExpiryNearWarning = true;
- config.rootCertificateExpiryNearInterval = NEAR_EXPIRY;
- config.warnSendUnencrypted = false;
- config.checkCertificatePath = true;
- config.receiverCertificateExpiryNearWarning = true;
- config.receiverCertificateExpiryNearWarningInterval = NEAR_EXPIRY;
- config.certificateInChainExpiryNearWarning = true;
- config.certificateInChainExpiryNearWarningInterval = NEAR_EXPIRY;
- config.receiverEmailAddressNotInCertificateWarning = true;
- config.libVersion = gpgme_check_version (NULL);
- if( engineCheckVersion != GPGME_No_Error )
- fprintf( stderr, "gpgmeplug initialize() returned %i\n", engineCheckVersion );
- return (engineCheckVersion == GPGME_No_Error);
-};
-
-
-void deinitialize()
-{
- unsigned int i;
- for( i = 0; i < config.numDirectoryServers; ++i ) {
- free( (char *)config.directoryServers[i].servername );
- free( (char *)config.directoryServers[i].description );
- }
- free( config.directoryServers );
-}
-
-
-bool hasFeature( Feature flag )
-{
- /* our own plugins are supposed to support everything */
- switch ( flag ) {
- case Feature_SignMessages: return true;
- case Feature_VerifySignatures: return true;
- case Feature_EncryptMessages: return true;
- case Feature_DecryptMessages: return true;
- case Feature_SendCertificates: return true;
- case Feature_WarnSignCertificateExpiry: return true;
- case Feature_WarnSignEmailNotInCertificate: return true;
- case Feature_PinEntrySettings: return true;
- case Feature_StoreMessagesWithSigs: return true;
- case Feature_EncryptionCRLs: return true;
- case Feature_WarnEncryptCertificateExpiry: return true;
- case Feature_WarnEncryptEmailNotInCertificate: return true;
- case Feature_StoreMessagesEncrypted: return true;
- case Feature_CheckCertificatePath: return true;
- case Feature_CertificateDirectoryService: return false;
- case Feature_CRLDirectoryService: return false;
- /* undefined or not yet implemented: */
- case Feature_undef: return false;
- default: return false;
- }
-}
-
-
-const char* libVersion(){ return config.libVersion; }
-
-
-const char* bugURL(){ return config.bugURL; }
-
-
-void unsafeStationery( void** pixmap, const char** menutext, char* accel,
- const char** tooltip, const char** statusbartext ){}
-
-void signedStationery( void** pixmap, const char** menutext, char* accel,
- const char** tooltip, const char** statusbartext ){}
-
-void encryptedStationery( void** pixmap, const char**
- menutext, char* accel,
- const char** tooltip, const char** statusbartext ){}
-
-void signedEncryptedStationery( void** pixmap, const char**
- menutext, char* accel,
- const char** tooltip, const char** statusbartext ){}
-
-const char* signatureConfigurationDialog(){ return 0; }
-
-const char* signatureKeySelectionDialog(){ return 0; }
-
-const char* signatureAlgorithmDialog(){ return 0; }
-
-const char* signatureHandlingDialog(){ return 0; }
-
-void setSignatureKeyCertificate( const char* certificate )
-{
- config.signatureKeyCertificate = certificate;
-}
-
-const char* signatureKeyCertificate()
-{
- return config.signatureKeyCertificate;
-}
-
-void setSignatureAlgorithm( SignatureAlgorithm sigAlg )
-{
- config.signatureAlgorithm = sigAlg;
-}
-
-SignatureAlgorithm signatureAlgorithm()
-{
- return config.signatureAlgorithm;
-}
-
-void setSignatureCompoundMode( SignatureCompoundMode signComp )
-{
- config.signatureCompoundMode = signComp;
-}
-
-SignatureCompoundMode signatureCompoundMode()
-{
- return config.signatureCompoundMode;
-}
-
-void setSendCertificates( SendCertificates sendCert )
-{
- config.sendCertificates = sendCert;
-}
-
-SendCertificates sendCertificates()
-{
- return config.sendCertificates;
-}
-
-void setSignEmail( SignEmail signMail )
-{
- config.signEmail = signMail;
-}
-
-SignEmail signEmail()
-{
- return config.signEmail;
-}
-
-
-
-
-
-void setWarnSendUnsigned( bool flag )
-{
- config.warnSendUnsigned = flag;
-}
-
-bool warnSendUnsigned()
-{
- return config.warnSendUnsigned;
-}
-
-
-
-
-
-
-void setSaveSentSignatures( bool flag )
-{
- config.saveSentSignatures = flag;
-}
-
-bool saveSentSignatures()
-{
- return config.saveSentSignatures;
-}
-
-void setWarnNoCertificate( bool flag )
-{
- config.warnNoCertificate = flag;
-}
-
-bool warnNoCertificate()
-{
- return config.warnNoCertificate;
-}
-
-
-bool isEmailInCertificate( const char* email, const char* fingerprint )
-{
- bool bOk = false;
- if( searchEmail && fingerprint ){
- GpgmeCtx ctx;
- GpgmeError err;
- GpgmeKey rKey;
- int UID_idx;
- const char* attr_string;
- const char* email = searchEmail;
- int emailLen = strlen( email );
- int emailCount = 0;
-
- if (email && *email == '<'){
- ++email;
- emailLen -= 2;
- }
-
- fprintf( stderr, "gpgmeplug isEmailInCertificate looking address %s\nin certificate with fingerprint %s\n", email, fingerprint );
-
- gpgme_new( &ctx );
- gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL );
-
- err = gpgme_op_keylist_start( ctx, fingerprint, 0 );
- if ( GPGME_No_Error == err ) {
- err = gpgme_op_keylist_next( ctx, &rKey );
- gpgme_op_keylist_end( ctx );
- if ( GPGME_No_Error == err ) {
- /* extract email(s) */
- for( UID_idx = 0;
- (attr_string = gpgme_key_get_string_attr(
- rKey, GPGME_ATTR_EMAIL, 0, UID_idx));
- ++UID_idx ){
- if( !attr_string || !*attr_string )
- attr_string = gpgme_key_get_string_attr(
- rKey, GPGME_ATTR_USERID, 0, UID_idx );
- if( attr_string ){
- if( *attr_string == '<' )
- ++attr_string;
- if( *attr_string ){
- ++emailCount;
- fprintf( stderr, "gpgmeplug isEmailInCertificate found email: %s\n", attr_string );
- if( 0 == strncasecmp(attr_string, email, emailLen) ){
- bOk = true;
- break;
- }
- }
- }
- }
- if( !emailCount )
- fprintf( stderr, "gpgmeplug isEmailInCertificate found NO EMAIL\n" );
- else if( !bOk )
- fprintf( stderr, "gpgmeplug isEmailInCertificate found NO MATCHING email\n" );
- gpgme_key_release( rKey );
- }else{
- fprintf( stderr, "gpgmeplug isEmailInCertificate found NO CERTIFICATE for fingerprint %s\n", fingerprint );
- }
- }else{
- fprintf( stderr, "gpgmeplug isEmailInCertificate could NOT open KEYLIST for fingerprint %s\n", fingerprint );
- }
- gpgme_release( ctx );
- }else{
- if( searchEmail )
- fprintf( stderr, "gpgmeplug isEmailInCertificate called with parameter FINGERPRINT being EMPTY\n" );
- else
- fprintf( stderr, "gpgmeplug isEmailInCertificate called with parameter EMAIL being EMPTY\n" );
- }
- return bOk;
-}
-
-
-void setNumPINRequests( PinRequests reqMode )
-{
- config.numPINRequests = reqMode;
-
- /* PENDING(g10) Put this value into gpg and make it ask for the pin
- according to this. Note that there is also
- setNumPINRequestsInterval() which is only used if reqMode ==
- PinRequest_AfterMinutes.
- */
-}
-
-PinRequests numPINRequests()
-{
- return config.numPINRequests;
-}
-
-
-
-void setNumPINRequestsInterval( int interval )
-{
- config.numPINRequestsInterval = interval;
-
- /* PENDING(g10) Put this value into gpg and make it ask for the pin
- according to this. Note that this should only be used if
- config.numPINRequests (set with setNumPINRequests()) has the
- value PinRequest_AfterMinutes.
- */
-}
-
-int numPINRequestsInterval()
-{
- return config.numPINRequestsInterval;
-}
-
-
-
-void setCheckSignatureCertificatePathToRoot( bool flag )
-{
- config.checkSignatureCertificatePathToRoot = flag;
-}
-
-bool checkSignatureCertificatePathToRoot()
-{
- return config.checkSignatureCertificatePathToRoot;
-}
-
-void setSignatureUseCRLs( bool flag )
-{
- config.signatureUseCRLs = flag;
-}
-
-bool signatureUseCRLs()
-{
- return config.signatureUseCRLs;
-}
-
-
-
-
-
-
-void setSignatureCertificateExpiryNearWarning( bool flag )
-{
- config.signatureCertificateExpiryNearWarning = flag;
-}
-
-bool signatureCertificateExpiryNearWarning( void )
-{
- return config.signatureCertificateExpiryNearWarning;
-}
-
-
-int signatureCertificateDaysLeftToExpiry( const char* certificate )
-{
- GpgmeCtx ctx;
- GpgmeError err;
- GpgmeKey rKey;
- int daysLeft = CRYPTPLUG_CERT_DOES_NEVER_EXPIRE;
-
- gpgme_new( &ctx );
- gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL );
-
- err = gpgme_op_keylist_start( ctx, certificate, 0 );
- if ( GPGME_No_Error == err ) {
- err = gpgme_op_keylist_next( ctx, &rKey );
- gpgme_op_keylist_end( ctx );
- if ( GPGME_No_Error == err ) {
- time_t expire_time = gpgme_key_get_ulong_attr(
- rKey, GPGME_ATTR_EXPIRE, NULL, 0 );
- if ( 0 != expire_time ) {
- time_t cur_time = time (NULL);
- if( cur_time > expire_time ) {
- daysLeft = days_from_seconds(cur_time - expire_time);
- daysLeft *= -1;
- }
- else
- daysLeft = days_from_seconds(expire_time - cur_time);
- }
- gpgme_key_release( rKey );
- }
- }
- gpgme_release( ctx );
-
- /*
- fprintf( stderr, "gpgmeplug signatureCertificateDaysLeftToExpiry returned %d\n", daysLeft );
- */
-
- return daysLeft;
-}
-
-
-void setSignatureCertificateExpiryNearInterval( int interval )
-{
- config.signatureCertificateExpiryNearInterval = interval;
-}
-
-int signatureCertificateExpiryNearInterval( void )
-{
- return config.signatureCertificateExpiryNearInterval;
-}
-
-void setCACertificateExpiryNearWarning( bool flag )
-{
- config.cACertificateExpiryNearWarning = flag;
-}
-
-bool caCertificateExpiryNearWarning( void )
-{
- return config.cACertificateExpiryNearWarning;
-}
-
-int caCertificateDaysLeftToExpiry( const char* certificate )
-{
- /* PENDING(g10)
- Please return the number of days that are left until the
- CA certificate for the certificate specified in the parameter
- certificate expires.
- */
- /*
- GpgmeCtx ctx;
- GpgmeError err;
- GpgmeKey rKey;
- time_t daysLeft = 0;
-
- gpgme_new( &ctx );
- gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL );
-
- err = gpgme_op_keylist_start( ctx, certificate, 0 );
- if ( GPGME_No_Error == err ) {
- err = gpgme_op_keylist_next( ctx, &rKey );
- gpgme_op_keylist_end( ctx );
- if ( GPGME_No_Error == err ) {
- time_t expire_time = gpgme_key_get_ulong_attr(
- rKey,
-
-??????????????????????? GPGME_ATTR_EXPIRE, ???????????????????????
-
- NULL, 0 );
- time_t cur_time = time (NULL);
- daysLeft = days_from_seconds(expire_time - cur_time);
- gpgme_key_release( rKey );
- }
- }
- gpgme_release( ctx );
-
-
- // fprintf( stderr, "gpgmeplug caCertificateDaysLeftToExpiry returned %d\n", daysLeft );
- return daysLeft;
- */
-
- return 10; /* dummy that triggers a warning in the MUA */
-}
-
-void setCACertificateExpiryNearInterval( int interval )
-{
- config.cACertificateExpiryNearInterval = interval;
-}
-
-int caCertificateExpiryNearInterval( void )
-{
- return config.cACertificateExpiryNearInterval;
-}
-
-void setRootCertificateExpiryNearWarning( bool flag )
-{
- config.rootCertificateExpiryNearWarning = flag;
-}
-
-bool rootCertificateExpiryNearWarning( void )
-{
- return config.rootCertificateExpiryNearWarning;
-}
-
-int rootCertificateDaysLeftToExpiry( const char* certificate )
-{
- /* PENDING(g10)
- Please return the number of days that are left until the
- root certificate for the certificate specified in the parameter
- certificate expires.
- */
- /*
- GpgmeCtx ctx;
- GpgmeError err;
- GpgmeKey rKey;
- time_t daysLeft = 0;
-
- gpgme_new( &ctx );
- gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL );
-
- err = gpgme_op_keylist_start( ctx, certificate, 0 );
- if ( GPGME_No_Error == err ) {
- err = gpgme_op_keylist_next( ctx, &rKey );
- gpgme_op_keylist_end( ctx );
- if ( GPGME_No_Error == err ) {
- time_t expire_time = gpgme_key_get_ulong_attr(
- rKey,
-
-??????????????????????? GPGME_ATTR_EXPIRE, ???????????????????????
-
- NULL, 0 );
- time_t cur_time = time (NULL);
- daysLeft = days_from_seconds(expire_time - cur_time);
- gpgme_key_release( rKey );
- }
- }
- gpgme_release( ctx );
-
-
- // fprintf( stderr, "gpgmeplug rootCertificateDaysLeftToExpiry returned %d\n", daysLeft );
- return daysLeft;
- */
-
- return 10; /* dummy that triggers a warning in the MUA */
-}
-
-
-void setRootCertificateExpiryNearInterval( int interval )
-{
- config.rootCertificateExpiryNearInterval = interval;
-}
-
-int rootCertificateExpiryNearInterval( void )
-{
- return config.rootCertificateExpiryNearInterval;
-}
-
-
-
-
-
-
-
-
-const char* encryptionConfigurationDialog(){ return 0; }
-
-const char* encryptionAlgorithmDialog(){ return 0; }
-
-const char* encryptionHandlingDialog(){ return 0; }
-
-const char* encryptionReceiverDialog(){ return 0; }
-
-void setEncryptionAlgorithm( EncryptionAlgorithm cryptAlg )
-{
- config.encryptionAlgorithm = cryptAlg;
-}
-
-EncryptionAlgorithm encryptionAlgorithm()
-{
- return config.encryptionAlgorithm;
-}
-
-void setEncryptEmail( EncryptEmail cryptMode )
-{
- config.encryptEmail = cryptMode;
-}
-
-EncryptEmail encryptEmail()
-{
- return config.encryptEmail;
-}
-
-
-
-
-
-
-void setWarnSendUnencrypted( bool flag )
-{
- config.warnSendUnencrypted = flag;
-}
-
-bool warnSendUnencrypted()
-{
- return config.warnSendUnencrypted;
-}
-
-
-
-
-
-
-
-
-
-void setSaveMessagesEncrypted( bool flag )
-{
- config.saveMessagesEncrypted = flag;
-}
-
-bool saveMessagesEncrypted()
-{
- return config.saveMessagesEncrypted;
-}
-
-
-
-
-
-
-
-void setCheckCertificatePath( bool flag )
-{
- config.checkCertificatePath = flag;
-}
-
-bool checkCertificatePath()
-{
- return config.checkCertificatePath;
-}
-
-
-
-
-
-
-
-
-void setCheckEncryptionCertificatePathToRoot( bool flag )
-{
- config.checkEncryptionCertificatePathToRoot = flag;
-}
-
-bool checkEncryptionCertificatePathToRoot()
-{
- return config.checkEncryptionCertificatePathToRoot;
-}
-
-
-
-
-
-
-
-void setReceiverCertificateExpiryNearWarning( bool flag )
-{
- config.receiverCertificateExpiryNearWarning = flag;
-}
-
-bool receiverCertificateExpiryNearWarning()
-{
- return config.receiverCertificateExpiryNearWarning;
-}
-
-
-int receiverCertificateDaysLeftToExpiry( const char* certificate )
-{
- GpgmeCtx ctx;
- GpgmeError err;
- GpgmeKey rKey;
- int daysLeft = CRYPTPLUG_CERT_DOES_NEVER_EXPIRE;
-
- gpgme_new( &ctx );
- gpgme_set_protocol( ctx, GPGMEPLUG_PROTOCOL );
-
- err = gpgme_op_keylist_start( ctx, certificate, 0 );
- if ( GPGME_No_Error == err ) {
- err = gpgme_op_keylist_next( ctx, &rKey );
- gpgme_op_keylist_end( ctx );
- if ( GPGME_No_Error == err ) {
- time_t expire_time = gpgme_key_get_ulong_attr(
- rKey,GPGME_ATTR_EXPIRE, NULL, 0 );
- if ( 0 != expire_time ) {
- time_t cur_time = time (NULL);
- if( cur_time > expire_time ) {
- daysLeft = days_from_seconds(cur_time - expire_time);
- daysLeft *= -1;
- }
- else
- daysLeft = days_from_seconds(expire_time - cur_time);
- }
- gpgme_key_release( rKey );
- }
- }
- gpgme_release( ctx );
-
- /*
- fprintf( stderr, "gpgmeplug receiverCertificateDaysLeftToExpiry returned %d\n", daysLeft );
- */
-
- return daysLeft;
-}
-
-
-void setReceiverCertificateExpiryNearWarningInterval( int interval )
-{
- config.receiverCertificateExpiryNearWarningInterval = interval;
-}
-
-int receiverCertificateExpiryNearWarningInterval()
-{
- return config.receiverCertificateExpiryNearWarningInterval;
-}
-
-void setCertificateInChainExpiryNearWarning( bool flag )
-{
- config.certificateInChainExpiryNearWarning = flag;
-}
-
-bool certificateInChainExpiryNearWarning()
-{
- return config.certificateInChainExpiryNearWarning;
-}
-
-
-int certificateInChainDaysLeftToExpiry( const char* certificate )
-{
- /* PENDING(g10)
- Please return the number of days that are left until the
- the first certificate in the chain of the specified certificate
- expires.
- */
- return 10; /* dummy that triggers a warning in the MUA */
-}
-
-
-void setCertificateInChainExpiryNearWarningInterval( int interval )
-{
- config.certificateInChainExpiryNearWarningInterval = interval;
-}
-
-int certificateInChainExpiryNearWarningInterval()
-{
- return config.certificateInChainExpiryNearWarningInterval;
-}
-
-void setReceiverEmailAddressNotInCertificateWarning( bool flag )
-{
- config.receiverEmailAddressNotInCertificateWarning = flag;
-}
-
-bool receiverEmailAddressNotInCertificateWarning()
-{
- return config.receiverEmailAddressNotInCertificateWarning;
-}
-
-
-
-
-
-
-
-
-void setEncryptionUseCRLs( bool flag )
-{
- config.encryptionUseCRLs = flag;
-
- /* PENDING(g10) Store this setting in gpgme and use it. If true,
- every certificate used for encryption should be checked against
- applicable CRLs.
- */
-}
-
-bool encryptionUseCRLs()
-{
- return config.encryptionUseCRLs;
-}
-
-
-int encryptionCRLsDaysLeftToExpiry()
-{
- /* PENDING(g10)
- Please return the number of days that are left until the
- CRL used for encryption expires.
- */
- return 10; /* dummy that triggers a warning in the MUA */
-}
-
-void setEncryptionCRLExpiryNearWarning( bool flag )
-{
- config.encryptionCRLExpiryNearWarning = flag;
-}
-
-bool encryptionCRLExpiryNearWarning()
-{
- return config.encryptionCRLExpiryNearWarning;
-}
-
-void setEncryptionCRLNearExpiryInterval( int interval )
-{
- config.encryptionCRLNearExpiryInterval = interval;
-}
-
-int encryptionCRLNearExpiryInterval()
-{
- return config.encryptionCRLNearExpiryInterval;
-}
-
-
-const char* directoryServiceConfigurationDialog(){ return 0; }
-
-void appendDirectoryServer( const char* servername,
- int port,
- const char* description )
-{
- struct DirectoryServer *newServers = NULL;
- newServers = realloc( config.directoryServers,
- (1+config.numDirectoryServers) * sizeof *newServers );
- if( newServers ) {
- config.directoryServers = newServers;
- newServers[ config.numDirectoryServers ].servername =
- malloc( 1+strlen( servername ) );
- if( newServers[ config.numDirectoryServers ].servername ) {
- strcpy( (char *)newServers[ config.numDirectoryServers ].servername,
- servername );
- newServers[ config.numDirectoryServers ].description =
- malloc( 1+strlen( description ) );
- if( newServers[ config.numDirectoryServers ].description ) {
- strcpy( (char *)newServers[ config.numDirectoryServers ].description,
- description );
- newServers[ config.numDirectoryServers ].port = port;
- config.numDirectoryServers += 1;
- }
- }
- }
-}
-
-void setDirectoryServers( struct DirectoryServer server[], unsigned int size )
-{
- unsigned int i;
- int oldSize = config.numDirectoryServers;
- struct DirectoryServer *newServers = NULL;
- newServers = calloc ( size, sizeof *newServers );
- if( newServers ) {
- for( i=0; i < oldSize; ++i ) {
- free( (char *)config.directoryServers[i].servername );
- free( (char *)config.directoryServers[i].description );
- }
- free( config.directoryServers );
- for( i=0; i < size; ++i ) {
- newServers[ i ].servername = malloc( 1+strlen( server[i].servername ) );
- if( newServers[ i ].servername ) {
- strcpy( (char *)newServers[ i ].servername, server[i].servername );
- newServers[ i ].description = malloc( 1+strlen( server[i].description ) );
- if( newServers[ i ].description ) {
- strcpy( (char *)newServers[ i ].description, server[i].description );
- newServers[ i ].port = server[i].port;
- }
- }
- }
- config.directoryServers = newServers;
- config.numDirectoryServers = size;
- }
-}
-
-struct DirectoryServer * directoryServers( int* numServers )
-{
- if( numServers )
- *numServers = config.numDirectoryServers;
- return config.directoryServers;
-};
-
-void setCertificateSource( CertificateSource source )
-{
- config.certificateSource = source;
-}
-
-CertificateSource certificateSource()
-{
- return config.certificateSource;
-}
-
-void setCRLSource( CertificateSource source )
-{
- config.cRLSource = source;
-}
-
-CertificateSource crlSource()
-{
- return config.cRLSource;
-}
-
-
-bool certificateValidity( const char* certificate,
- int* level ){ return true; }
-
-
-void storeNewCharPtr( char** dest, const char* src )
-{
- int sLen = strlen( src );
- *dest = xmalloc( sLen + 1 );
- strcpy( *dest, src );
-}
-
-
-bool signMessage( const char* cleartext,
- char** ciphertext,
- const size_t* cipherLen,
- const char* certificate,
- struct StructuringInfo* structuring,
- int* errId,
- char** errTxt )
-{
- bool bIsOpaque;
- GpgmeCtx ctx;
- GpgmeError err;
- GpgmeKey rKey;
- GpgmeData data, sig;
- char* rSig = 0;
- bool bOk = false;
- int sendCerts = 1;
-
- init_StructuringInfo( structuring );
-
- if( !ciphertext )
- return false;
-
- err = gpgme_new (&ctx);
- gpgme_set_protocol (ctx, GPGMEPLUG_PROTOCOL);
-
- gpgme_set_armor (ctx, __GPGMEPLUG_SIGNATURE_CODE_IS_BINARY ? 0 : 1);
- /* gpgme_set_textmode (ctx, 1); */
-
- switch ( config.sendCertificates ) {
- case SendCert_undef:
- break;
- case SendCert_DontSend:
- sendCerts = 0;
- break;
- case SendCert_SendOwn:
- sendCerts = 1;
- break;
- case SendCert_SendChainWithoutRoot:
- sendCerts = -2;
- break;
- case SendCert_SendChainWithRoot:
- sendCerts = -1;
- break;
- default:
- sendCerts = 0;
- break;
- }
- gpgme_set_include_certs (ctx, sendCerts);
-
- /* select the signer's key if provided */
- if (certificate != 0) {
- err = gpgme_op_keylist_start(ctx, certificate, 0);
- while (err == GPGME_No_Error) {
- err = gpgme_op_keylist_next(ctx, &rKey);
- if (err == GPGME_No_Error) {
- unsigned long u;
- u = gpgme_key_get_ulong_attr(rKey, GPGME_ATTR_CAN_SIGN, 0, 0);
- if( u ) {
-
-// const char* s;
-// s = gpgme_key_get_string_attr(rKey, GPGME_ATTR_FPR, 0, 0);
-// fprintf( stderr, "gpgmeplug signMessage signing with key: %s\n", s );
-
- /* clear existing signers */
- gpgme_signers_clear(ctx);
- /* set the signing key */
- gpgme_signers_add(ctx, rKey);
- /* we only support one signer for now */
- break;
- }
- }
- }
- gpgme_op_keylist_end(ctx);
- }
-
- /* PENDING(g10) Implement this
-
- gpgme_set_signature_algorithm( ctx, config.signatureAlgorithm )
- --> This does not make sense. The algorithm is a property of
- the certificate used [wk 2002-03-23] */
-
- gpgme_data_new_from_mem (&data, cleartext,
- strlen( cleartext ), 1 );
- gpgme_data_new ( &sig );
-
- /* NOTE: Currently we support Opaque signed messages only for S/MIME,
- but not for OpenPGP mode! */
- if( GPGMEPLUG_PROTOCOL == GPGME_PROTOCOL_CMS )
- bIsOpaque = (SignatureCompoundMode_Opaque == signatureCompoundMode());
- else
- bIsOpaque = false;
-
- err = gpgme_op_sign ( ctx,
- data,
- sig,
- bIsOpaque
- ? GPGME_SIG_MODE_NORMAL
- : GPGME_SIG_MODE_DETACH );
-
- if ( err == GPGME_No_Error ) {
- if( __GPGMEPLUG_SIGNATURE_CODE_IS_BINARY ) {
- *ciphertext = gpgme_data_release_and_get_mem( sig, (size_t*)cipherLen );
- bOk = true;
- }
- else {
- rSig = gpgme_data_release_and_get_mem( sig, (size_t*)cipherLen );
- *ciphertext = malloc( *cipherLen + 1 );
- if( *ciphertext ) {
- if( *cipherLen ) {
- bOk = true;
- strncpy((char*)*ciphertext, rSig, *cipherLen );
- }
- (*ciphertext)[*cipherLen] = '\0';
- }
- free( rSig );
- }
- }
- else {
- gpgme_data_release( sig );
-/*
-*ciphertext = malloc( 70 );
-strcpy((char*)*ciphertext, "xyz\nsig-dummy\nzyx" );
-(*ciphertext)[17] = '\0';
-err = 0;
-{
-*/
- *ciphertext = 0;
- fprintf( stderr, "\n\n gpgme_op_sign() returned this error code: %i\n\n", err );
- if( errId )
- *errId = err;
- if( errTxt ) {
- const char* _errTxt = gpgme_strerror( err );
- *errTxt = malloc( strlen( _errTxt ) + 1 );
- if( *errTxt )
- strcpy(*errTxt, _errTxt );
- }
-/*
-}
-*/
- }
- gpgme_data_release( data );
- gpgme_release (ctx);
-
- if( bOk && structuring ) {
- if( bIsOpaque ) {
- structuring->includeCleartext = GPGMEPLUG_OPA_SIGN_INCLUDE_CLEARTEXT;
- structuring->makeMimeObject = GPGMEPLUG_OPA_SIGN_MAKE_MIME_OBJECT;
- if( structuring->makeMimeObject ) {
- structuring->makeMultiMime = GPGMEPLUG_OPA_SIGN_MAKE_MULTI_MIME;
- storeNewCharPtr( &structuring->contentTypeMain,
- GPGMEPLUG_OPA_SIGN_CTYPE_MAIN );
- storeNewCharPtr( &structuring->contentDispMain,
- GPGMEPLUG_OPA_SIGN_CDISP_MAIN );
- storeNewCharPtr( &structuring->contentTEncMain,
- GPGMEPLUG_OPA_SIGN_CTENC_MAIN );
- if( structuring->makeMultiMime ) {
- storeNewCharPtr( &structuring->contentTypeVersion,
- GPGMEPLUG_OPA_SIGN_CTYPE_VERSION );
- storeNewCharPtr( &structuring->contentDispVersion,
- GPGMEPLUG_OPA_SIGN_CDISP_VERSION );
- storeNewCharPtr( &structuring->contentTEncVersion,
- GPGMEPLUG_OPA_SIGN_CTENC_VERSION );
- storeNewCharPtr( &structuring->bodyTextVersion,
- GPGMEPLUG_OPA_SIGN_BTEXT_VERSION );
- storeNewCharPtr( &structuring->contentTypeCode,
- GPGMEPLUG_OPA_SIGN_CTYPE_CODE );
- storeNewCharPtr( &structuring->contentDispCode,
- GPGMEPLUG_OPA_SIGN_CDISP_CODE );
- storeNewCharPtr( &structuring->contentTEncCode,
- GPGMEPLUG_OPA_SIGN_CTENC_CODE );
- }
- } else {
- storeNewCharPtr( &structuring->flatTextPrefix,
- GPGMEPLUG_OPA_SIGN_FLAT_PREFIX );
- storeNewCharPtr( &structuring->flatTextSeparator,
- GPGMEPLUG_OPA_SIGN_FLAT_SEPARATOR );
- storeNewCharPtr( &structuring->flatTextPostfix,
- GPGMEPLUG_OPA_SIGN_FLAT_POSTFIX );
- }
- } else {
- structuring->includeCleartext = GPGMEPLUG_DET_SIGN_INCLUDE_CLEARTEXT;
- structuring->makeMimeObject = GPGMEPLUG_DET_SIGN_MAKE_MIME_OBJECT;
- if( structuring->makeMimeObject ) {
- structuring->makeMultiMime = GPGMEPLUG_DET_SIGN_MAKE_MULTI_MIME;
- storeNewCharPtr( &structuring->contentTypeMain,
- GPGMEPLUG_DET_SIGN_CTYPE_MAIN );
- storeNewCharPtr( &structuring->contentDispMain,
- GPGMEPLUG_DET_SIGN_CDISP_MAIN );
- storeNewCharPtr( &structuring->contentTEncMain,
- GPGMEPLUG_DET_SIGN_CTENC_MAIN );
- if( structuring->makeMultiMime ) {
- storeNewCharPtr( &structuring->contentTypeVersion,
- GPGMEPLUG_DET_SIGN_CTYPE_VERSION );
- storeNewCharPtr( &structuring->contentDispVersion,
- GPGMEPLUG_DET_SIGN_CDISP_VERSION );
- storeNewCharPtr( &structuring->contentTEncVersion,
- GPGMEPLUG_DET_SIGN_CTENC_VERSION );
- storeNewCharPtr( &structuring->bodyTextVersion,
- GPGMEPLUG_DET_SIGN_BTEXT_VERSION );
- storeNewCharPtr( &structuring->contentTypeCode,
- GPGMEPLUG_DET_SIGN_CTYPE_CODE );
- storeNewCharPtr( &structuring->contentDispCode,
- GPGMEPLUG_DET_SIGN_CDISP_CODE );
- storeNewCharPtr( &structuring->contentTEncCode,
- GPGMEPLUG_DET_SIGN_CTENC_CODE );
- }
- } else {
- storeNewCharPtr( &structuring->flatTextPrefix,
- GPGMEPLUG_DET_SIGN_FLAT_PREFIX );
- storeNewCharPtr( &structuring->flatTextSeparator,
- GPGMEPLUG_DET_SIGN_FLAT_SEPARATOR );
- storeNewCharPtr( &structuring->flatTextPostfix,
- GPGMEPLUG_DET_SIGN_FLAT_POSTFIX );
- }
- }
- }
- return bOk;
-}
-
-
-
-bool storeCertificatesFromMessage(
- const char* ciphertext ){ return true; }
-
-
-/* returns address if address doesn't contain a <xxx> part
- * else it returns a new string xxx and frees address
- */
-static char* parseAddress( char* address )
-{
- char* result = address;
- char* i;
- char* j;
- if( !result ) return result;
- i = index( address, '<' );
- if( i ) {
- j = index( i+1, '>' );
- if( j == NULL ) j = address+strlen(address);
- result = xmalloc( j-i );
- strncpy( result, i+1, j-i-1 );
- result[j-i-1] = '\0';
- free( address );
- } else {
- i = address;
- j = i+strlen(address);
- }
- {
- /* remove surrounding whitespace */
- char* k = result+(j-i-1);
- char* l = result;
- while( isspace( *l ) ) ++l;
- while( isspace( *k ) ) --k;
- if( l != result || k != result+(j-i-1) ) {
- char* result2 = xmalloc( k-l+2 );
- strncpy( result2, l, k-l+1 );
- result2[k-l+1] = '\0';
- free(result);
- result = result2;
- }
- }
- return result;
-}
-
-static char* nextAddress( const char** address )
-{
- const char *start = *address;
- char* result = NULL;
- int quote = 0;
- int comment = 0;
- int found = 0;
- if( *address == NULL ) return NULL;
- while( **address ) {
-
- switch( **address ) {
- case '\\': /* escaped character */
- ++(*address);
- break;
- case '"':
- if( comment == 0 ) {
- if( quote > 0 ) --quote;
- else ++quote;
- }
- break;
- case '(': /* comment start */
- if( quote == 0 ) ++comment;
- break;
- case ')': /* comment end */
- if( quote == 0 ) --comment;
- break;
- case '\0':
- case '\1': /* delimiter */
- if( quote == 0 && comment == 0 ) {
- found = 1;
- }
- break;
- }
- ++(*address);
- if( found ) break;
- }
- if( found || **address == 0 ) {
- size_t len;
- len = *address - start;
- if( len > 0 ) {
- if( **address != 0 ) --len;
- result = xmalloc( len*sizeof(char)+1 );
- strncpy( result, start, len );
- result[len] = '\0';
- }
- }
- return parseAddress(result);
-}
-
-bool encryptMessage( const char* cleartext,
- const char** ciphertext,
- const size_t* cipherLen,
- const char* certificate,
- struct StructuringInfo* structuring,
- int* errId,
- char** errTxt )
-{
- GpgmeCtx ctx;
- GpgmeError err;
- GpgmeData gCiphertext, gPlaintext;
- GpgmeRecipients rset;
- char* rCiph = 0;
- bool bOk = false;
-
- init_StructuringInfo( structuring );
-
- gpgme_new (&ctx);
- gpgme_set_protocol (ctx, GPGMEPLUG_PROTOCOL);
-
- gpgme_set_armor (ctx, __GPGMEPLUG_ENCRYPTED_CODE_IS_BINARY ? 0 : 1);
- /* gpgme_set_textmode (ctx, 1); */
-
- gpgme_data_new_from_mem (&gPlaintext, cleartext,
- 1+strlen( cleartext ), 1 );
- err = gpgme_data_new ( &gCiphertext );
-
- gpgme_recipients_new (&rset);
-
- /*
- if( GPGMEPLUG_PROTOCOL == GPGME_PROTOCOL_CMS )
- {
- gpgme_recipients_add_name (rset,
- "/CN=test cert 1,OU=Aegypten Project,O=g10 Code GmbH,L=DÃ?sseldorf,C=DE" );
-
- fputs( "\nGPGSMPLUG encryptMessage() using test key of Aegypten Project\n", stderr );
- }
- else
- */
- {
- const char* p = certificate;
- char* tok;
- while( (tok = nextAddress( &p ) ) != 0 ) {
- gpgme_recipients_add_name (rset, tok );
- fprintf( stderr, "\nGPGMEPLUG encryptMessage() using addressee %s\n", tok );
- free(tok);
- }
- }
-
- /* PENDING(g10) Implement this
- Possible values: RSA = 1, SHA1 = 2, TripleDES = 3
- gpgme_set_encryption_algorithm( ctx, config.encryptionAlgorithm );
-
- -> Your are mixing public key and symmetric algorithms. The
- latter may be configured but the sphix specifications do opnly
- allow 3-DES so this is not nothing we need to do. The proper way
- to select the symmetric algorithm is anyway by looking at the
- capabilities of the certificate because this is the only way to
- know what the recipient can accept. [wk 2002-03-23]
-
- PENDING(g10) Implement this
- gpgme_set_encryption_check_certificate_path(
- config.checkCertificatePath )
-
- PENDING(g10) Implement this
- gpgme_set_encryption_check_certificate_path_to_root(
- config.checkEncryptionCertificatePathToRoot )
-
- -> Not checking a certificate up to the ROOT CA is dangerous and
- stupid. There is no need for those options. [wk 2002-03-23] */
-
-
-
- err = gpgme_op_encrypt (ctx, rset, gPlaintext, gCiphertext );
- if( err ) {
- fprintf( stderr, "\ngpgme_op_encrypt() returned this error code: %i\n", err );
- if( errId )
- *errId = err;
- if( errTxt ) {
- const char* _errTxt = gpgme_strerror( err );
- *errTxt = malloc( strlen( _errTxt ) + 100 ); // leave room for reason string
- if( *errTxt ) {
- char* opInfo;
- strcpy(*errTxt, _errTxt );
- opInfo = gpgme_get_op_info(ctx, 0);
- if( NULL != opInfo && *opInfo ){
- const int opLen = strlen( opInfo );
- const int reasonLen = 8;
- char reason[ 1+reasonLen ];
- char* pos1;
- strcpy( reason, "<reason>" );
- pos1 = strstr( opInfo, reason );
- if( NULL != pos1 &&
- opLen > reasonLen + (pos1 - opInfo) ){
- char* pos2;
- pos1 += reasonLen;
- pos2 = strchr( pos1, '<' );
- if( NULL != pos2 &&
- pos1 < pos2 ){
- long int reasonId;
- strcat( *errTxt, " - " );
- *pos2 = '\0';
- fprintf( stderr, " and this reason code: %s\n\n", pos1 );
- reasonId = strtol( pos1, NULL, 10 );
- switch( reasonId ) {
- case 0: strcat( *errTxt, "No specific reason given" );
- break;
- case 1: strcat( *errTxt, "Not Found" );
- break;
- case 2: strcat( *errTxt, "Ambigious specification" );
- break;
- case 3: strcat( *errTxt, "Key can't be used for operation" );
- break;
- case 4: strcat( *errTxt, "Key has been revoked" );
- break;
- case 5: strcat( *errTxt, "Key has expired" );
- break;
- case 6: strcat( *errTxt, "No CRL known for certificate" );
- break;
- case 7: strcat( *errTxt, "No current CRL available" );
- break;
- case 8: strcat( *errTxt, "Contraints not matched" );
- break;
- default: {
- strcat( *errTxt, "Extended error Id: #" );
- strcat( *errTxt, pos1 );
- }
- }
- *pos2 = '<';
- }
- }
- free( opInfo );
- }
- }
- }
- }
-
- gpgme_recipients_release (rset);
- gpgme_data_release (gPlaintext);
-
- if( err == GPGME_No_Error ) {
- if( __GPGMEPLUG_ENCRYPTED_CODE_IS_BINARY ) {
- *ciphertext = gpgme_data_release_and_get_mem( gCiphertext, (size_t*)cipherLen );
- bOk = true;
- }
- else {
- rCiph = gpgme_data_release_and_get_mem( gCiphertext, (size_t*)cipherLen );
- *ciphertext = malloc( *cipherLen + 1 );
- if( *ciphertext ) {
- if( *cipherLen ) {
- bOk = true;
- strncpy((char*)*ciphertext, rCiph, *cipherLen );
- }
- ((char*)(*ciphertext))[*cipherLen] = 0;
- }
- free( rCiph );
- }
- }
- else {
- gpgme_data_release ( gCiphertext );
- *ciphertext = 0;
- /* error handling is missing: if only one untrusted key was found
- (or none at all), gpg won't sign the message. (hier fehlt eine
- Fehlerbehandlung: fuer einen Recipient nur ein untrusted key
- (oder gar keiner) gefunden wurde, verweigert gpg das signieren.)
- */
- }
-
- gpgme_release (ctx);
-
- fflush( stderr );
-
- if( bOk && structuring ) {
- structuring->includeCleartext = GPGMEPLUG_ENC_INCLUDE_CLEARTEXT;
- structuring->makeMimeObject = GPGMEPLUG_ENC_MAKE_MIME_OBJECT;
- if( structuring->makeMimeObject ) {
- structuring->makeMultiMime = GPGMEPLUG_ENC_MAKE_MULTI_MIME;
- storeNewCharPtr( &structuring->contentTypeMain,
- GPGMEPLUG_ENC_CTYPE_MAIN );
- storeNewCharPtr( &structuring->contentDispMain,
- GPGMEPLUG_ENC_CDISP_MAIN );
- storeNewCharPtr( &structuring->contentTEncMain,
- GPGMEPLUG_ENC_CTENC_MAIN );
- if( structuring->makeMultiMime ) {
- storeNewCharPtr( &structuring->contentTypeVersion,
- GPGMEPLUG_ENC_CTYPE_VERSION );
- storeNewCharPtr( &structuring->contentDispVersion,
- GPGMEPLUG_ENC_CDISP_VERSION );
- storeNewCharPtr( &structuring->contentTEncVersion,
- GPGMEPLUG_ENC_CTENC_VERSION );
- storeNewCharPtr( &structuring->bodyTextVersion,
- GPGMEPLUG_ENC_BTEXT_VERSION );
- storeNewCharPtr( &structuring->contentTypeCode,
- GPGMEPLUG_ENC_CTYPE_CODE );
- storeNewCharPtr( &structuring->contentDispCode,
- GPGMEPLUG_ENC_CDISP_CODE );
- storeNewCharPtr( &structuring->contentTEncCode,
- GPGMEPLUG_ENC_CTENC_CODE );
- }
- } else {
- storeNewCharPtr( &structuring->flatTextPrefix,
- GPGMEPLUG_ENC_FLAT_PREFIX );
- storeNewCharPtr( &structuring->flatTextSeparator,
- GPGMEPLUG_ENC_FLAT_SEPARATOR );
- storeNewCharPtr( &structuring->flatTextPostfix,
- GPGMEPLUG_ENC_FLAT_POSTFIX );
- }
- }
- return bOk;
-}
-
-
-bool encryptAndSignMessage( const char* cleartext,
- const char** ciphertext,
- const char* certificate,
- struct StructuringInfo* structuring )
-{
- bool bOk;
-
- init_StructuringInfo( structuring );
-
- bOk = false;
-
- /* implementation of this function is still missing */
-
- if( bOk && structuring ) {
- structuring->includeCleartext = GPGMEPLUG_ENCSIGN_INCLUDE_CLEARTEXT;
- structuring->makeMimeObject = GPGMEPLUG_ENCSIGN_MAKE_MIME_OBJECT;
- if( structuring->makeMimeObject ) {
- structuring->makeMultiMime = GPGMEPLUG_ENCSIGN_MAKE_MULTI_MIME;
- storeNewCharPtr( &structuring->contentTypeMain,
- GPGMEPLUG_ENCSIGN_CTYPE_MAIN );
- storeNewCharPtr( &structuring->contentDispMain,
- GPGMEPLUG_ENCSIGN_CDISP_MAIN );
- storeNewCharPtr( &structuring->contentTEncMain,
- GPGMEPLUG_ENCSIGN_CTENC_MAIN );
- if( structuring->makeMultiMime ) {
- storeNewCharPtr( &structuring->contentTypeVersion,
- GPGMEPLUG_ENCSIGN_CTYPE_VERSION );
- storeNewCharPtr( &structuring->contentDispVersion,
- GPGMEPLUG_ENCSIGN_CDISP_VERSION );
- storeNewCharPtr( &structuring->contentTEncVersion,
- GPGMEPLUG_ENCSIGN_CTENC_VERSION );
- storeNewCharPtr( &structuring->bodyTextVersion,
- GPGMEPLUG_ENCSIGN_BTEXT_VERSION );
- storeNewCharPtr( &structuring->contentTypeCode,
- GPGMEPLUG_ENCSIGN_CTYPE_CODE );
- storeNewCharPtr( &structuring->contentDispCode,
- GPGMEPLUG_ENCSIGN_CDISP_CODE );
- storeNewCharPtr( &structuring->contentTEncCode,
- GPGMEPLUG_ENCSIGN_CTENC_CODE );
- }
- } else {
- storeNewCharPtr( &structuring->flatTextPrefix,
- GPGMEPLUG_ENCSIGN_FLAT_PREFIX );
- storeNewCharPtr( &structuring->flatTextSeparator,
- GPGMEPLUG_ENCSIGN_FLAT_SEPARATOR );
- storeNewCharPtr( &structuring->flatTextPostfix,
- GPGMEPLUG_ENCSIGN_FLAT_POSTFIX );
- }
- }
- return bOk;
-}
-
-
-bool decryptMessage( const char* ciphertext,
- bool cipherIsBinary,
- int cipherLen,
- const char** cleartext,
- const char* certificate,
- int* errId,
- char** errTxt )
-{
- GpgmeCtx ctx;
- GpgmeError err;
- GpgmeData gCiphertext, gPlaintext;
- size_t rCLen = 0;
- char* rCiph = 0;
- bool bOk = false;
-
- if( !ciphertext )
- return false;
-
- err = gpgme_new (&ctx);
- gpgme_set_protocol (ctx, GPGMEPLUG_PROTOCOL);
-
- gpgme_set_armor (ctx, cipherIsBinary ? 0 : 1);
- /* gpgme_set_textmode (ctx, cipherIsBinary ? 0 : 1); */
-
- /*
- gpgme_data_new_from_mem( &gCiphertext, ciphertext,
- 1+strlen( ciphertext ), 1 ); */
- gpgme_data_new_from_mem( &gCiphertext,
- ciphertext,
- cipherIsBinary
- ? cipherLen
- : strlen( ciphertext ),
- 1 );
-
- gpgme_data_new( &gPlaintext );
-
- err = err = gpgme_op_decrypt( ctx, gCiphertext, gPlaintext );
- if( err ) {
- fprintf( stderr, "\ngpgme_op_decrypt() returned this error code: %i\n\n", err );
- if( errId )
- *errId = err;
- if( errTxt ) {
- const char* _errTxt = gpgme_strerror( err );
- *errTxt = malloc( strlen( _errTxt ) + 1 );
- if( *errTxt )
- strcpy(*errTxt, _errTxt );
- }
- }
-
- gpgme_data_release( gCiphertext );
-
- rCiph = gpgme_data_release_and_get_mem( gPlaintext, &rCLen );
-
- *cleartext = malloc( rCLen + 1 );
- if( *cleartext ) {
- if( rCLen ) {
- bOk = true;
- strncpy((char*)*cleartext, rCiph, rCLen );
- }
- ((char*)(*cleartext))[rCLen] = 0;
- }
-
- free( rCiph );
- gpgme_release( ctx );
- return bOk;
-}
-
-
-const char* requestCertificateDialog(){ return 0; }
-
-
-/* The buffer generatedKey contains the LEN bytes you want.
- Caller is responsible for freeing. */
-bool requestDecentralCertificate( const char* certparms,
- char** generatedKey, int* length )
-{
- GpgmeError err;
- GpgmeCtx ctx;
- GpgmeData pub;
- int len;
-
- err = gpgme_data_new (&pub);
- fprintf( stderr, "1: gpgme returned %d\n", err );
- if( err != GPGME_No_Error )
- return false;
-
- err = gpgme_new (&ctx);
- fprintf( stderr, "2: gpgme returned %d\n", err );
- if( err != GPGME_No_Error ) {
- gpgme_data_release( pub );
- return false;
- }
-
- gpgme_set_protocol (ctx, GPGME_PROTOCOL_CMS);
- /* Don't ASCII-armor, the MUA will use base64 encoding */
- /* gpgme_set_armor (ctx, 1); */
- err = gpgme_op_genkey (ctx, certparms, pub, NULL, NULL);
- fprintf( stderr, "3: gpgme returned %d\n", err );
- if( err != GPGME_No_Error ) {
- gpgme_data_release( pub );
- gpgme_release( ctx );
- return false;
- }
-
- gpgme_release (ctx);
- *generatedKey = gpgme_data_release_and_get_mem (pub, &len);
- *length = len;
-
- return true;
-}
-
-bool requestCentralCertificateAndPSE( const char* name,
- const char* email, const char* organization, const char* department,
- const char* ca_address ){ return true; }
-
-bool createPSE(){ return true; }
-
-bool registerCertificate( const char* certificate ){ return true; }
-
-bool requestCertificateProlongation( const char* certificate,
- const char* ca_address ){ return true; }
-
-const char* certificateChain(){ return 0; }
-
-bool deleteCertificate( const char* certificate ){ return true; }
-
-bool archiveCertificate( const char* certificate ){ return true; }
-
-
-const char* displayCRL(){ return 0; }
-
-void updateCRL(){}
-
-
-char *
-trim_trailing_spaces( char *string )
-{
- char *p, *mark;
-
- for( mark = NULL, p = string; *p; p++ ) {
- if( isspace( *p ) ) {
- if( !mark )
- mark = p;
- }
- else
- mark = NULL;
- }
- if( mark )
- *mark = '\0' ;
-
- return string ;
-}
-
-/* Parse a DN and return an array-ized one. This is not a validating
- parser and it does not support any old-stylish syntax; gpgme is
- expected to return only rfc2253 compatible strings. */
-static const unsigned char *
-parse_dn_part (struct DnPair *array, const unsigned char *string)
-{
- const unsigned char *s, *s1;
- size_t n;
- unsigned char *p;
-
- /* parse attributeType */
- for (s = string+1; *s && *s != '='; s++)
- ;
- if (!*s)
- return NULL; /* error */
- n = s - string;
- if (!n)
- return NULL; /* empty key */
- array->key = p = xmalloc (n+1);
-
-
- memcpy (p, string, n);
- p[n] = 0;
- trim_trailing_spaces (p);
- if ( !strcmp (p, "1.2.840.113549.1.9.1") )
- strcpy (p, "EMail");
- string = s + 1;
-
- if (*string == '#')
- { /* hexstring */
- string++;
- for (s=string; hexdigitp (s); s++)
- s++;
- n = s - string;
- if (!n || (n & 1))
- return NULL; /* empty or odd number of digits */
- n /= 2;
- array->value = p = xmalloc (n+1);
-
-
- for (s1=string; n; s1 += 2, n--)
- *p++ = xtoi_2 (s1);
- *p = 0;
- }
- else
- { /* regular v3 quoted string */
- for (n=0, s=string; *s; s++)
- {
- if (*s == '\\')
- { /* pair */
- s++;
- if (*s == ',' || *s == '=' || *s == '+'
- || *s == '<' || *s == '>' || *s == '#' || *s == ';'
- || *s == '\\' || *s == '\"' || *s == ' ')
- n++;
- else if (hexdigitp (s) && hexdigitp (s+1))
- {
- s++;
- n++;
- }
- else
- return NULL; /* invalid escape sequence */
- }
- else if (*s == '\"')
- return NULL; /* invalid encoding */
- else if (*s == ',' || *s == '=' || *s == '+'
- || *s == '<' || *s == '>' || *s == '#' || *s == ';' )
- break;
- else
- n++;
- }
-
- array->value = p = xmalloc (n+1);
-
-
- for (s=string; n; s++, n--)
- {
- if (*s == '\\')
- {
- s++;
- if (hexdigitp (s))
- {
- *p++ = xtoi_2 (s);
- s++;
- }
- else
- *p++ = *s;
- }
- else
- *p++ = *s;
- }
- *p = 0;
- }
- return s;
-}
-
-
-/* Parse a DN and return an array-ized one. This is not a validating
- parser and it does not support any old-stylish syntax; gpgme is
- expected to return only rfc2253 compatible strings. */
-static struct DnPair *
-parse_dn (const unsigned char *string)
-{
- struct DnPair *array;
- size_t arrayidx, arraysize;
- int i;
-
- if( !string )
- return NULL;
-
- arraysize = 7; /* C,ST,L,O,OU,CN,email */
- arrayidx = 0;
- array = xmalloc ((arraysize+1) * sizeof *array);
-
-
- while (*string)
- {
- while (*string == ' ')
- string++;
- if (!*string)
- break; /* ready */
- if (arrayidx >= arraysize)
- { /* mutt lacks a real safe_realoc - so we need to copy */
- struct DnPair *a2;
-
- arraysize += 5;
- a2 = xmalloc ((arraysize+1) * sizeof *array);
- for (i=0; i < arrayidx; i++)
- {
- a2[i].key = array[i].key;
- a2[i].value = array[i].value;
- }
- free (array);
- array = a2;
- }
- array[arrayidx].key = NULL;
- array[arrayidx].value = NULL;
- string = parse_dn_part (array+arrayidx, string);
- arrayidx++;
- if (!string)
- goto failure;
- while (*string == ' ')
- string++;
- if (*string && *string != ',' && *string != ';' && *string != '+')
- goto failure; /* invalid delimiter */
- if (*string)
- string++;
- }
- array[arrayidx].key = NULL;
- array[arrayidx].value = NULL;
- return array;
-
- failure:
- for (i=0; i < arrayidx; i++)
- {
- free (array[i].key);
- free (array[i].value);
- }
- free (array);
- return NULL;
-}
-
-static int
-add_dn_part( char* result, struct DnPair* dn, const char* part )
-{
- int any = 0;
-
- if( dn ) {
- for(; dn->key; ++dn ) {
- if( !strcmp( dn->key, part ) ) {
- if( any ) strcat( result, "+" );
- /* email hack */
- if( !strcmp( part, "1.2.840.113549.1.9.1" ) ) strcat( result, "EMail" );
- else strcat( result, part );
- strcat( result, "=" );
- strcat( result, dn->value );
- any = 1;
- }
- }
- }
- return any;
-}
-
-static char*
-reorder_dn( struct DnPair *dn )
-{
- /* note: The must parts are: CN, L, OU, O, C */
- const char* stdpart[] = {
- "CN", "S", "SN", "GN", "T", "UID",
- "MAIL", "EMAIL", "MOBILE", "TEL", "FAX", "STREET",
- "L", "PC", "SP", "ST",
- "OU",
- "O",
- "C",
- NULL
- };
- int any=0, any2=0, len=0, i;
- char* result;
- if( dn ) {
- for( i = 0; dn[i].key; ++i ) {
- len += strlen( dn[i].key );
- len += strlen( dn[i].value );
- len += 4; /* ',' and '=', and possibly "(" and ")" */
- }
- }
- result = xmalloc( (len+1)*sizeof(char) );
- *result = 0;
-
- /* add standard parts */
- for( i = 0; stdpart[i]; ++i ) {
- if( any ) {
- strcat( result, "," );
- }
- any = add_dn_part( result, dn, stdpart[i] );
- }
-
- /* add remaining parts in no particular order */
- if( dn ) {
- for(; dn->key; ++dn ) {
- for( i = 0; stdpart[i]; ++i ) {
- if( !strcmp( dn->key, stdpart[i] ) ) {
- break;
- }
- }
- if( !stdpart[i] ) {
- if( any ) strcat( result, "," );
- if( !any2 ) strcat( result, "(");
- any = add_dn_part( result, dn, dn->key );
- any2 = 1;
- }
- }
- }
- if( any2 ) strcat( result, ")");
- return result;
-}
-
-struct CertIterator {
- GpgmeCtx ctx;
- struct CertificateInfo info;
-};
-
-struct CertIterator*
-startListCertificates( const char* pattern, int remote )
-{
- GpgmeError err;
- struct CertIterator* it;
- const char* patterns[] = { pattern, NULL };
- fprintf( stderr, "startListCertificates( \"%s\", %d )\n", pattern, remote );
-
- it = xmalloc( sizeof( struct CertIterator ) );
-
- err = gpgme_new (&(it->ctx));
- /*fprintf( stderr, "2: gpgme returned %d\n", err );*/
- if( err != GPGME_No_Error ) {
- free( it );
- return NULL;
- }
-
- gpgme_set_protocol (it->ctx, GPGME_PROTOCOL_CMS);
- if( remote ) gpgme_set_keylist_mode ( it->ctx, GPGME_KEYLIST_MODE_EXTERN );
- else gpgme_set_keylist_mode ( it->ctx, GPGME_KEYLIST_MODE_LOCAL );
- err = gpgme_op_keylist_ext_start ( it->ctx, patterns, 0, 0);
- if( err != GPGME_No_Error ) {
- fprintf( stderr, "gpgme_op_keylist_ext_start returned %d", err );
- endListCertificates( it );
- return NULL;
- }
- memset( &(it->info), 0, sizeof( struct CertificateInfo ) );
- return it;
-}
-
-/* free() each string in a char*[] and the array itself */
-static void
-freeStringArray( char** c )
-{
- char** _c = c;
-
- while( c && *c ) {
- /*fprintf( stderr, "freeing \"%s\"\n", *c );*/
- free( *c );
- ++c;
- }
- free( _c );
-}
-
-/* free all malloc'ed data in a struct CertificateInfo */
-static void
-freeInfo( struct CertificateInfo* info )
-{
- struct DnPair* a = info->dnarray;
- assert( info );
- freeStringArray( info->userid );
- free( info->serial);
- free( info->fingerprint );
- free( info->issuer );
- free( info->chainid );
- free( info->caps );
- while( a && a->key && a->value ) {
- free (a->key);
- free (a->value);
- ++a;
- }
- free (info->dnarray);
- memset( info, 0, sizeof( *info ) );
-}
-
-/* Format the fingerprint nicely. The caller should
- free the returned value using free() */
-static char* make_fingerprint( const char* fpr )
-{
- int len = strlen(fpr);
- int i = 0;
- char* result = xmalloc( (len + len/2 + 1)*sizeof(char) );
-
- for(; *fpr; ++fpr, ++i ) {
- if( i%3 == 2) {
- result[i] = ':'; ++i;
- }
- result[i] = *fpr;
- }
- result[i] = 0;
- return result;
-}
-
-int
-nextCertificate( struct CertIterator* it, struct CertificateInfo** result )
-{
- GpgmeError err;
- GpgmeKey key;
- int retval = GPGME_No_Error;
- assert( it );
- fprintf( stderr, "nextCertificates( %p, %p )\n", it, result );
- err = gpgme_op_keylist_next ( it->ctx, &key);
- if( err != GPGME_EOF ) {
- int idx;
- const char* s;
- unsigned long u;
- char* names[MAX_GPGME_IDX+1];
- struct DnPair *issuer_dn, *tmp_dn;
- retval = err;
- memset( names, 0, sizeof( names ) );
- freeInfo( &(it->info) );
-
- for( idx = 0; (s = gpgme_key_get_string_attr (key, GPGME_ATTR_USERID, 0, idx)) && idx < MAX_GPGME_IDX;
- ++idx ) {
- names[idx] = xstrdup( s );
- }
-
- it->info.userid = xmalloc( sizeof( char* ) * (idx+1) );
- memset( it->info.userid, 0, sizeof( char* ) * (idx+1) );
- it->info.dnarray = 0;
- for( idx = 0; names[idx] != 0; ++idx ) {
- struct DnPair* a = parse_dn( names[idx] );
- if( idx == 0 ) {
- it->info.userid[idx] = reorder_dn( a );
- it->info.dnarray = a;
- free (names[idx]);
- names[idx] = NULL;
- } else {
- it->info.userid[idx] = names[idx];
- }
- }
- it->info.userid[idx] = 0;
-
- s = gpgme_key_get_string_attr (key, GPGME_ATTR_SERIAL, 0, 0);
- it->info.serial = s? xstrdup(s) : NULL;
-
- s = gpgme_key_get_string_attr (key, GPGME_ATTR_FPR, 0, 0);
- it->info.fingerprint = make_fingerprint( s );
-
- s = gpgme_key_get_string_attr (key, GPGME_ATTR_ISSUER, 0, 0);
- if( s ) {
- issuer_dn = tmp_dn = parse_dn( s );
- /*it->info.issuer = xstrdup(s);*/
- it->info.issuer = reorder_dn( issuer_dn );
- while( tmp_dn && tmp_dn->key ) {
- free( tmp_dn->key );
- free( tmp_dn->value );
- ++tmp_dn;
- }
- free( issuer_dn );
- issuer_dn = tmp_dn = NULL;
- } else {
- it->info.issuer = NULL;
- }
- s = gpgme_key_get_string_attr (key, GPGME_ATTR_CHAINID, 0, 0);
- it->info.chainid = s? xstrdup(s): NULL;
-
- s = gpgme_key_get_string_attr (key, GPGME_ATTR_KEY_CAPS, 0, 0);
- it->info.caps = s? xstrdup(s) : NULL;
-
- u = gpgme_key_get_ulong_attr (key, GPGME_ATTR_CREATED, 0, 0);
- it->info.created = u;
-
- u = gpgme_key_get_ulong_attr (key, GPGME_ATTR_EXPIRE, 0, 0);
- it->info.expire = u;
-
- u = gpgme_key_get_ulong_attr (key, GPGME_ATTR_IS_SECRET, 0, 0);
- it->info.secret = u;
-
- u = gpgme_key_get_ulong_attr (key, GPGME_ATTR_UID_INVALID, 0, 0);
- it->info.invalid = u;
-
- u = gpgme_key_get_ulong_attr (key, GPGME_ATTR_KEY_EXPIRED, 0, 0);
- it->info.expired = u;
-
- u = gpgme_key_get_ulong_attr (key, GPGME_ATTR_KEY_DISABLED, 0, 0);
- it->info.disabled = u;
-
- gpgme_key_release (key);
- /*return &(it->info);*/
- *result = &(it->info);
- } else {
- *result = NULL;
- }
- return retval;
-}
-
-int
-endListCertificates( struct CertIterator* it )
-{
- char *s = gpgme_get_op_info (it->ctx, 0);
- int truncated = s && strstr (s, "<truncated/>");
- fprintf( stderr, "endListCertificates( %p )\n", it );
- if( s ) free( s );
- assert(it);
- freeInfo( &(it->info) );
- gpgme_op_keylist_end(it->ctx);
- gpgme_release (it->ctx);
- free( it );
- return truncated;
-}
-
-int
-importCertificateWithFPR( const char* fingerprint, char** additional_info )
-{
- GpgmeError err;
- GpgmeCtx ctx;
- GpgmeData keydata;
- GpgmeRecipients recips;
- char* buf;
- const char* tmp1;
- char* tmp2;
- int count = 0;
-
- err = gpgme_new( &ctx );
- /*fprintf( stderr, "2: gpgme returned %d\n", err );*/
- if( err != GPGME_No_Error ) {
- return err;
- }
- gpgme_set_protocol( ctx, GPGME_PROTOCOL_CMS );
- gpgme_set_keylist_mode( ctx, GPGME_KEYLIST_MODE_LOCAL );
-
- err = gpgme_data_new( &keydata );
- if( err ) {
- fprintf( stderr, "gpgme_data_new returned %d\n", err );
- gpgme_release( ctx );
- return err;
- }
-
- err = gpgme_recipients_new( &recips );
- if( err ) {
- fprintf( stderr, "gpgme_recipients_new returned %d\n", err );
- gpgme_data_release( keydata );
- gpgme_release( ctx );
- return err;
- }
-
- buf = malloc( sizeof(char)*( strlen( fingerprint ) + 1 ) );
- if( !buf ) {
- gpgme_recipients_release( recips );
- gpgme_data_release( keydata );
- gpgme_release( ctx );
- return GPGME_Out_Of_Core;
- }
- tmp1 = fingerprint;
- tmp2 = buf;
- while( *tmp1 ) {
- if( *tmp1 != ':' ) *tmp2++ = *tmp1;
- tmp1++;
- }
- *tmp2 = 0;
- fprintf( stderr, "calling gpgme_recipients_add_name( %s )\n", buf );
- err = gpgme_recipients_add_name( recips, buf );
- if( err ) {
- fprintf( stderr, "gpgme_recipients_add_name returned %d\n", err );
- free (buf);
- gpgme_recipients_release( recips );
- gpgme_data_release( keydata );
- gpgme_release( ctx );
- return err;
- }
-
- err = gpgme_op_export( ctx, recips, keydata );
- if( err ) {
- fprintf( stderr, "gpgme_op_export returned %d\n", err );
- free (buf);
- *additional_info = gpgme_get_op_info( ctx, 0 );
- gpgme_recipients_release( recips );
- gpgme_data_release( keydata );
- gpgme_release( ctx );
- return err;
- }
- free (buf);
- buf = NULL;
-
- err = gpgme_op_import_ext( ctx, keydata, &count );
- *additional_info = gpgme_get_op_info( ctx, 0 );
- if( err ) {
- fprintf( stderr, "gpgme_op_import_ext returned %d\n", err );
- gpgme_recipients_release( recips );
- gpgme_data_release( keydata );
- gpgme_release( ctx );
- return err;
- }
- if( count < 1 ) {
- /* we didn't import anything?!? */
- fprintf( stderr, "gpgme_op_import_ext did not import any certificates\n" );
- gpgme_recipients_release( recips );
- gpgme_data_release( keydata );
- gpgme_release( ctx );
- return -1; /* FIXME */
- }
-
- gpgme_recipients_release( recips );
- gpgme_data_release( keydata );
- gpgme_release( ctx );
- return 0;
-}
-int
-importCertificateFromMem( const char* data, size_t length , char** additional_info )
-{
- GpgmeError err;
- GpgmeCtx ctx;
- GpgmeData keydata;
- int count = 0;
-
- err = gpgme_new( &ctx );
- /*fprintf( stderr, "2: gpgme returned %d\n", err );*/
- if( err != GPGME_No_Error ) {
- return err;
- }
- gpgme_set_protocol( ctx, GPGME_PROTOCOL_CMS );
- gpgme_set_keylist_mode( ctx, GPGME_KEYLIST_MODE_LOCAL );
-
- err = gpgme_data_new_from_mem( &keydata, data, length, 0 );
- if( err ) {
- fprintf( stderr, "gpgme_data_new returned %d\n", err );
- gpgme_release( ctx );
- return err;
- }
-
- err = gpgme_op_import_ext( ctx, keydata, &count );
- *additional_info = gpgme_get_op_info( ctx, 0 );
- if( err) {
- fprintf( stderr, "gpgme_op_import_ext returned %d\n", err );
- gpgme_data_release( keydata );
- gpgme_release( ctx );
- return err;
- }
- if( count < 1 ) {
- /* we didn't import anything?!? */
- fprintf( stderr, "gpgme_op_import_ext did not import any certificate\n" );
- gpgme_data_release( keydata );
- gpgme_release( ctx );
- return -1; /* FIXME */
- }
-
- gpgme_data_release( keydata );
- gpgme_release( ctx );
- return 0;
-}
-
-/* == == == == == == == == == == == == == == == == == == == == == == == == ==
- == ==
- == Continuation of CryptPlug code ==
- == ==
-== == == == == == == == == == == == == == == == == == == == == == == == == */
-
-
-/*
- Find all certificate for a given addressee and return them in a
- '\1' separated list.
- NOTE: The certificate parameter must point to a not-yet allocated
- char*. The function will allocate the memory needed and
- return the size in newSize.
- If secretOnly is true, only secret keys are returned.
-*/
-bool findCertificates( const char* addressee,
- char** certificates,
- int* newSize,
- bool secretOnly )
-{
-#define MAXCERTS 1024
- /* use const char declarations since all of them are needed twice */
- const char* delimiter = "\1";
- const char* openBracket = " (";
- const char* closeBracket = ")";
-
- GpgmeCtx ctx;
- GpgmeError err;
- GpgmeKey rKey;
- const char *s;
- const char *s2;
- char* dn;
- struct DnPair* a;
- int nFound = 0;
- int iFound = 0;
- int siz = 0;
- char* DNs[MAXCERTS];
- char* FPRs[MAXCERTS];
-
- if( ! certificates ){
- fprintf( stderr, "gpgme: findCertificates called with invalid *certificates pointer\n" );
- return false;
- }
-
- if( ! newSize ){
- fprintf( stderr, "gpgme: findCertificates called with invalid newSize pointer\n" );
- return false;
- }
-
- *certificates = 0;
- *newSize = 0;
-
- /* calculate length of buffer needed for certs plus fingerprints */
- gpgme_new (&ctx);
- gpgme_set_protocol (ctx, GPGMEPLUG_PROTOCOL);
- err = gpgme_op_keylist_start(ctx, addressee, secretOnly ? 1 : 0);
- while( GPGME_No_Error == err ) {
- err = gpgme_op_keylist_next(ctx, &rKey);
- if( GPGME_No_Error == err ) {
- s = gpgme_key_get_string_attr (rKey, GPGME_ATTR_USERID, NULL, 0);
- if( s ) {
- dn = xstrdup( s );
- s2 = gpgme_key_get_string_attr (rKey, GPGME_ATTR_FPR, NULL, 0);
- if( s2 ) {
- if( nFound )
- siz += strlen( delimiter );
- a = parse_dn( dn );
- free( dn );
- dn = reorder_dn( a );
- siz += strlen( dn );
- siz += strlen( openBracket );
- siz += strlen( s2 );
- siz += strlen( closeBracket );
- DNs[ nFound ] = dn;
- dn = NULL; /* prevent it from being free'ed below. */
- FPRs[nFound ] = xstrdup( s2 );
- ++nFound;
- if( nFound >= MAXCERTS ) {
- fprintf( stderr,
- "gpgme: findCertificates found too many certificates (%d)\n",
- MAXCERTS );
- break;
- }
- }
- free (dn);
- }
- }
- }
- gpgme_op_keylist_end( ctx );
- gpgme_release (ctx);
-
-
- if( 0 < siz ) {
- /* add one for trailing ZERO char */
- ++siz;
- *newSize = siz;
- /* allocate the buffer */
- *certificates = xmalloc( sizeof(char) * siz );
- memset( *certificates, 0, sizeof(char) * siz );
- /* fill the buffer */
- for (iFound=0; iFound < nFound; iFound++) {
- if( !iFound )
- strcpy(*certificates, DNs[iFound] );
- else {
- strcat(*certificates, delimiter );
- strcat(*certificates, DNs[iFound] );
- }
- strcat( *certificates, openBracket );
- strcat( *certificates, FPRs[iFound] );
- strcat( *certificates, closeBracket );
- free( DNs[ iFound ] );
- free( FPRs[iFound ] );
- }
- }
-
- return ( 0 < nFound );
-}
-
-
-static const char*
-sig_status_to_string( GpgmeSigStat status )
-{
- const char *result;
-
- switch (status) {
- case GPGME_SIG_STAT_NONE:
- result = "Oops: Signature not verified";
- break;
- case GPGME_SIG_STAT_NOSIG:
- result = "No signature found";
- break;
- case GPGME_SIG_STAT_GOOD:
- result = "Good signature";
- break;
- case GPGME_SIG_STAT_BAD:
- result = "BAD signature";
- break;
- case GPGME_SIG_STAT_NOKEY:
- result = "No public key to verify the signature";
- break;
- case GPGME_SIG_STAT_ERROR:
- result = "Error verifying the signature";
- break;
- case GPGME_SIG_STAT_DIFF:
- result = "Different results for signatures";
- break;
- default:
- result = "Error: Unknown status";
- break;
- }
-
- return result;
-}
-
-
-void obtain_signature_information( GpgmeCtx * ctx,
- GpgmeSigStat status,
- struct SignatureMetaData* sigmeta )
-{
- GpgmeError err;
- GpgmeKey key;
- const char* statusStr;
- const char* fpr;
- unsigned long sumGPGME;
- SigStatusFlags sumPlug;
- time_t created;
- struct DnPair* a;
- int sig_idx=0;
- int UID_idx=0;
-
- /* Provide information in the sigmeta struct */
- /* the status string */
- statusStr = sig_status_to_string( status );
- sigmeta->status = malloc( strlen( statusStr ) + 1 );
- if( sigmeta->status ) {
- strcpy( sigmeta->status, statusStr );
- sigmeta->status[strlen( statusStr )] = '\0';
- } else
- ; /* nothing to do, is already 0 */
-
- /* Extended information for any number of signatures. */
- fpr = gpgme_get_sig_status( *ctx, sig_idx, &status, &created );
- sigmeta->extended_info = 0;
- while( fpr != NULL ) {
- struct tm* ctime_val;
- const char* sig_status;
-
- void* alloc_return = realloc( sigmeta->extended_info,
- sizeof( struct SignatureMetaDataExtendedInfo )
- * ( sig_idx + 1 ) );
- if( alloc_return ) {
- sigmeta->extended_info = alloc_return;
-
- /* clear the data area */
- memset( &sigmeta->extended_info[sig_idx],
- 0,
- sizeof (struct SignatureMetaDataExtendedInfo) );
-
- /* the creation time */
- sigmeta->extended_info[sig_idx].creation_time = malloc( sizeof( struct tm ) );
- if( sigmeta->extended_info[sig_idx].creation_time ) {
- ctime_val = localtime( &created );
- memcpy( sigmeta->extended_info[sig_idx].creation_time,
- ctime_val, sizeof( struct tm ) );
- }
-
- /* the extended signature verification status */
- sumGPGME = gpgme_get_sig_ulong_attr( *ctx,
- sig_idx,
- GPGME_ATTR_SIG_SUMMARY,
- 0 );
- fprintf( stderr, "gpgmeplug checkMessageSignature status flags: %lX\n", sumGPGME );
- /* translate GPGME status flags to common CryptPlug status flags */
- sumPlug = 0;
- if( sumGPGME & GPGME_SIGSUM_VALID ) sumPlug |= SigStat_VALID ;
- if( sumGPGME & GPGME_SIGSUM_GREEN ) sumPlug |= SigStat_GREEN ;
- if( sumGPGME & GPGME_SIGSUM_RED ) sumPlug |= SigStat_RED ;
- if( sumGPGME & GPGME_SIGSUM_KEY_REVOKED ) sumPlug |= SigStat_KEY_REVOKED;
- if( sumGPGME & GPGME_SIGSUM_KEY_EXPIRED ) sumPlug |= SigStat_KEY_EXPIRED;
- if( sumGPGME & GPGME_SIGSUM_SIG_EXPIRED ) sumPlug |= SigStat_SIG_EXPIRED;
- if( sumGPGME & GPGME_SIGSUM_KEY_MISSING ) sumPlug |= SigStat_KEY_MISSING;
- if( sumGPGME & GPGME_SIGSUM_CRL_MISSING ) sumPlug |= SigStat_CRL_MISSING;
- if( sumGPGME & GPGME_SIGSUM_CRL_TOO_OLD ) sumPlug |= SigStat_CRL_TOO_OLD;
- if( sumGPGME & GPGME_SIGSUM_BAD_POLICY ) sumPlug |= SigStat_BAD_POLICY ;
- if( sumGPGME & GPGME_SIGSUM_SYS_ERROR ) sumPlug |= SigStat_SYS_ERROR ;
- if( !sumPlug )
- sumPlug = SigStat_NUMERICAL_CODE | sumGPGME;
- sigmeta->extended_info[sig_idx].sigStatusFlags = sumPlug;
-
- sigmeta->extended_info[sig_idx].validity = GPGME_VALIDITY_UNKNOWN;
-
- err = gpgme_get_sig_key (*ctx, sig_idx, &key);
-
- if ( err == GPGME_No_Error) {
- const char* attr_string;
- unsigned long attr_ulong;
-
- /* extract key identidy */
- attr_string = gpgme_key_get_string_attr(key, GPGME_ATTR_KEYID, 0, 0);
- if (attr_string != 0)
- storeNewCharPtr( &sigmeta->extended_info[sig_idx].keyid, attr_string );
-
- /* extract finger print */
- attr_string = gpgme_key_get_string_attr(key, GPGME_ATTR_FPR, 0, 0);
- if (attr_string != 0)
- storeNewCharPtr( &sigmeta->extended_info[sig_idx].fingerprint,
- attr_string );
-
- /* algorithms useable with this key */
- attr_string = gpgme_key_get_string_attr(key, GPGME_ATTR_ALGO, 0, 0);
- if (attr_string != 0)
- storeNewCharPtr( &sigmeta->extended_info[sig_idx].algo,
- attr_string );
- attr_ulong = gpgme_key_get_ulong_attr(key, GPGME_ATTR_ALGO, 0, 0);
- sigmeta->extended_info[sig_idx].algo_num = attr_ulong;
-
- /* extract key validity */
- attr_ulong = gpgme_key_get_ulong_attr(key, GPGME_ATTR_VALIDITY, 0, 0);
- sigmeta->extended_info[sig_idx].validity = attr_ulong;
-
- /* extract user id, according to the documentation it's representable
- * as a number, but it seems that it also has a string representation
- */
- attr_string = gpgme_key_get_string_attr(key, GPGME_ATTR_USERID, 0, 0);
- if (attr_string != 0) {
- a = parse_dn( attr_string );
- sigmeta->extended_info[sig_idx].userid = reorder_dn( a );
- }
-
- attr_ulong = gpgme_key_get_ulong_attr(key, GPGME_ATTR_USERID, 0, 0);
- sigmeta->extended_info[sig_idx].userid_num = attr_ulong;
-
- /* extract the length */
- sigmeta->extended_info[sig_idx].keylen = attr_ulong;
-
- /* extract the creation time of the key */
- attr_ulong = gpgme_key_get_ulong_attr(key, GPGME_ATTR_CREATED, 0, 0);
- sigmeta->extended_info[sig_idx].key_created = attr_ulong;
-
- /* extract the expiration time of the key */
- attr_ulong = gpgme_key_get_ulong_attr(key, GPGME_ATTR_EXPIRE, 0, 0);
- sigmeta->extended_info[sig_idx].key_expires = attr_ulong;
-
- /* extract user name */
- attr_string = gpgme_key_get_string_attr(key, GPGME_ATTR_NAME, 0, 0);
- if (attr_string != 0) {
- a = parse_dn( attr_string );
- sigmeta->extended_info[sig_idx].name = reorder_dn( a );
- }
-
- /* extract email(s) */
- sigmeta->extended_info[sig_idx].emailCount = 0;
- sigmeta->extended_info[sig_idx].emailList = 0;
- for( UID_idx=0;
- (attr_string = gpgme_key_get_string_attr(key,
- GPGME_ATTR_EMAIL, 0, UID_idx));
- ++UID_idx ){
- if (*attr_string) {
- fprintf( stderr, "gpgmeplug checkMessageSignature found email: %s\n", attr_string );
- if( !sigmeta->extended_info[sig_idx].emailCount )
- alloc_return =
- malloc( sizeof( char*) );
- else
- alloc_return =
- realloc( sigmeta->extended_info[sig_idx].emailList,
- sizeof( char*)
- * (sigmeta->extended_info[sig_idx].emailCount + 1) );
- if( alloc_return ) {
- sigmeta->extended_info[sig_idx].emailList = alloc_return;
- storeNewCharPtr(
- &( sigmeta->extended_info[sig_idx].emailList[
- sigmeta->extended_info[sig_idx].emailCount ] ),
- attr_string );
- ++sigmeta->extended_info[sig_idx].emailCount;
- }
- }
- }
- if( !sigmeta->extended_info[sig_idx].emailCount )
- fprintf( stderr, "gpgmeplug checkMessageSignature found NO EMAIL\n" );
-
- /* extract the comment */
- attr_string = gpgme_key_get_string_attr(key, GPGME_ATTR_COMMENT, 0, 0);
- if (attr_string != 0)
- storeNewCharPtr( &sigmeta->extended_info[sig_idx].comment,
- attr_string );
- }
- else
- storeNewCharPtr( &sigmeta->extended_info[sig_idx].fingerprint, fpr );
-
- sig_status = sig_status_to_string( status );
- storeNewCharPtr( &sigmeta->extended_info[sig_idx].status_text,
- sig_status );
-
- } else
- break; /* if allocation fails once, it isn't likely to
- succeed the next time either */
-
- fpr = gpgme_get_sig_status (*ctx, ++sig_idx, &status, &created);
- }
- sigmeta->extended_info_count = sig_idx;
- sigmeta->nota_xml = gpgme_get_notation( *ctx );
- sigmeta->status_code = status;
-}
-
-
-bool checkMessageSignature( char** cleartext,
- const char* signaturetext,
- bool signatureIsBinary,
- int signatureLen,
- struct SignatureMetaData* sigmeta )
-{
- GpgmeCtx ctx;
- GpgmeSigStat status;
- GpgmeData datapart, sigpart;
- char* rClear = 0;
- size_t clearLen;
- bool isOpaqueSigned;
-
- if( !cleartext ) {
- if( sigmeta )
- storeNewCharPtr( &sigmeta->status,
- __GPGMEPLUG_ERROR_CLEARTEXT_IS_ZERO );
-
- return false;
- }
-
- isOpaqueSigned = !*cleartext;
-
- gpgme_new( &ctx );
- gpgme_set_protocol (ctx, GPGMEPLUG_PROTOCOL);
- gpgme_set_armor (ctx, signatureIsBinary ? 0 : 1);
- /* gpgme_set_textmode (ctx, signatureIsBinary ? 0 : 1); */
-
- if( isOpaqueSigned )
- gpgme_data_new( &datapart );
- else
- gpgme_data_new_from_mem( &datapart, *cleartext,
- strlen( *cleartext ), 1 );
-
- gpgme_data_new_from_mem( &sigpart,
- signaturetext,
- signatureIsBinary
- ? signatureLen
- : strlen( signaturetext ),
- 1 );
-
- gpgme_op_verify( ctx, sigpart, isOpaqueSigned ? NULL : datapart,
- isOpaqueSigned ? datapart : NULL, &status );
-
- if( isOpaqueSigned ) {
- rClear = gpgme_data_release_and_get_mem( datapart, &clearLen );
- *cleartext = malloc( clearLen + 1 );
- if( *cleartext ) {
- if( clearLen )
- strncpy(*cleartext, rClear, clearLen );
- (*cleartext)[clearLen] = '\0';
- }
- free( rClear );
- }
- else
- gpgme_data_release( datapart );
-
- gpgme_data_release( sigpart );
-
- obtain_signature_information( &ctx, status, sigmeta );
-
- gpgme_release( ctx );
- return ( status == GPGME_SIG_STAT_GOOD );
-}
-
-
-bool decryptAndCheckMessage( const char* ciphertext,
- bool cipherIsBinary,
- int cipherLen,
- const char** cleartext,
- const char* certificate,
- bool* signatureFound,
- struct SignatureMetaData* sigmeta,
- int* errId,
- char** errTxt )
-{
- GpgmeCtx ctx;
- GpgmeError err;
- GpgmeSigStat sigstatus;
- GpgmeData gCiphertext, gPlaintext;
- size_t rCLen = 0;
- char* rCiph = 0;
- bool bOk = false;
-
- if( !ciphertext )
- return false;
-
- err = gpgme_new (&ctx);
- gpgme_set_protocol (ctx, GPGMEPLUG_PROTOCOL);
-
- gpgme_set_armor (ctx, cipherIsBinary ? 0 : 1);
- /* gpgme_set_textmode (ctx, cipherIsBinary ? 0 : 1); */
-
- /*
- gpgme_data_new_from_mem( &gCiphertext, ciphertext,
- 1+strlen( ciphertext ), 1 ); */
- gpgme_data_new_from_mem( &gCiphertext,
- ciphertext,
- cipherIsBinary
- ? cipherLen
- : strlen( ciphertext ),
- 1 );
-
- gpgme_data_new( &gPlaintext );
-
- err = gpgme_op_decrypt_verify( ctx, gCiphertext, gPlaintext, &sigstatus );
- gpgme_data_release( gCiphertext );
- if( err ) {
- fprintf( stderr, "\ngpgme_op_decrypt_verify() returned this error code: %i\n\n", err );
- if( errId )
- *errId = err;
- if( errTxt ) {
- const char* _errTxt = gpgme_strerror( err );
- *errTxt = malloc( strlen( _errTxt ) + 1 );
- if( *errTxt )
- strcpy(*errTxt, _errTxt );
- }
- gpgme_data_release( gPlaintext );
- gpgme_release( ctx );
- return bOk;
- }
-
- rCiph = gpgme_data_release_and_get_mem( gPlaintext, &rCLen );
-
- *cleartext = malloc( rCLen + 1 );
- if( *cleartext ) {
- if( rCLen ) {
- bOk = true;
- strncpy((char*)*cleartext, rCiph, rCLen );
- }
- ((char*)(*cleartext))[rCLen] = 0;
- }
- free( rCiph );
-
- if( signatureFound )
- *signatureFound = sigstatus != GPGME_SIG_STAT_NONE;
- if( sigmeta && sigstatus != GPGME_SIG_STAT_NONE )
- obtain_signature_information( &ctx, sigstatus, sigmeta );
-
- gpgme_release( ctx );
- return bOk;
-}
+++ /dev/null
-# Doxygen configuration generated by Doxywizard version 0.1
-#---------------------------------------------------------------------------
-# General configuration options
-#---------------------------------------------------------------------------
-PROJECT_NAME = GPGMEPLUG
-PROJECT_NUMBER = 0
-OUTPUT_DIRECTORY = doc/
-OUTPUT_LANGUAGE = English
-QUIET = NO
-WARNINGS = YES
-DISABLE_INDEX = NO
-EXTRACT_ALL = NO
-EXTRACT_PRIVATE = NO
-HIDE_UNDOC_MEMBERS = NO
-HIDE_UNDOC_CLASSES = NO
-BRIEF_MEMBER_DESC = YES
-REPEAT_BRIEF = YES
-ALWAYS_DETAILED_SEC = NO
-FULL_PATH_NAMES = NO
-STRIP_FROM_PATH =
-INTERNAL_DOCS = NO
-CLASS_DIAGRAMS = YES
-SOURCE_BROWSER = NO
-INLINE_SOURCES = NO
-STRIP_CODE_COMMENTS = YES
-CASE_SENSE_NAMES = NO
-VERBATIM_HEADERS = YES
-SHOW_INCLUDE_FILES = YES
-JAVADOC_AUTOBRIEF = YES
-INHERIT_DOCS = YES
-INLINE_INFO = YES
-SORT_MEMBER_DOCS = YES
-TAB_SIZE = 8
-ENABLED_SECTIONS =
-#---------------------------------------------------------------------------
-# configuration options related to the input files
-#---------------------------------------------------------------------------
-INPUT = .
-FILE_PATTERNS = *.h \
- *.c
-RECURSIVE = YES
-EXCLUDE =
-EXCLUDE_PATTERNS = moc_*
-EXAMPLE_PATH =
-EXAMPLE_PATTERNS =
-IMAGE_PATH =
-INPUT_FILTER =
-#---------------------------------------------------------------------------
-# configuration options related to the alphabetical class index
-#---------------------------------------------------------------------------
-ALPHABETICAL_INDEX = NO
-COLS_IN_ALPHA_INDEX = 5
-IGNORE_PREFIX =
-#---------------------------------------------------------------------------
-# configuration options related to the HTML output
-#---------------------------------------------------------------------------
-GENERATE_HTML = YES
-HTML_OUTPUT = html
-HTML_HEADER =
-HTML_FOOTER =
-HTML_STYLESHEET =
-HTML_ALIGN_MEMBERS = YES
-GENERATE_HTMLHELP = NO
-#---------------------------------------------------------------------------
-# configuration options related to the LaTeX output
-#---------------------------------------------------------------------------
-GENERATE_LATEX = YES
-LATEX_OUTPUT = latex
-COMPACT_LATEX = NO
-PAPER_TYPE = a4wide
-EXTRA_PACKAGES =
-LATEX_HEADER =
-PDF_HYPERLINKS = NO
-LATEX_BATCHMODE = NO
-#---------------------------------------------------------------------------
-# configuration options related to the RTF output
-#---------------------------------------------------------------------------
-GENERATE_RTF = NO
-RTF_OUTPUT = rtf
-COMPACT_RTF = NO
-RTF_HYPERLINKS = NO
-#---------------------------------------------------------------------------
-# configuration options related to the man page output
-#---------------------------------------------------------------------------
-GENERATE_MAN = YES
-MAN_OUTPUT = man
-MAN_EXTENSION = .3
-#---------------------------------------------------------------------------
-# Configuration options related to the preprocessor
-#---------------------------------------------------------------------------
-ENABLE_PREPROCESSING = YES
-MACRO_EXPANSION = NO
-SEARCH_INCLUDES = YES
-INCLUDE_PATH =
-PREDEFINED =
-EXPAND_ONLY_PREDEF = NO
-#---------------------------------------------------------------------------
-# Configuration::addtions related to external references
-#---------------------------------------------------------------------------
-TAGFILES =
-GENERATE_TAGFILE =
-ALLEXTERNALS = NO
-PERL_PATH = /usr/bin/perl
-#---------------------------------------------------------------------------
-# Configuration options related to the dot tool
-#---------------------------------------------------------------------------
-HAVE_DOT = NO
-CLASS_GRAPH = YES
-COLLABORATION_GRAPH = YES
-INCLUDE_GRAPH = YES
-GRAPHICAL_HIERARCHY = YES
-#---------------------------------------------------------------------------
-# Configuration::addtions related to the search engine
-#---------------------------------------------------------------------------
-SEARCHENGINE = NO
-CGI_NAME = search.cgi
-CGI_URL =
-DOC_URL =
-DOC_ABSPATH =
-BIN_ABSPATH = /usr/local/bin/
-EXT_DOC_PATHS =
projects / gpgme.git / commitdiff