Reworked passing of envars to Pinentry.
[gnupg.git] / sm / qualified.c
blobd0db481b6b3005cd85573fa8d8ff4095971457b1
1 /* qualified.c - Routines related to qualified signatures
2 * Copyright (C) 2005, 2007 Free Software Foundation, Inc.
4 * This file is part of GnuPG.
6 * GnuPG is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 3 of the License, or
9 * (at your option) any later version.
11 * GnuPG is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, see <http://www.gnu.org/licenses/>.
20 #include <config.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <stdarg.h>
25 #include <assert.h>
26 #include <errno.h>
28 #include "gpgsm.h"
29 #include "i18n.h"
30 #include <ksba.h>
33 /* We open the file only once and keep the open file pointer as well
34 as the name of the file here. Note that, a listname not equal to
35 NULL indicates that this module has been intialized and if the
36 LISTFP is also NULL, no list of qualified signatures exists. */
37 static char *listname;
38 static FILE *listfp;
41 /* Read the trustlist and return entry by entry. KEY must point to a
42 buffer of at least 41 characters. COUNTRY shall be a buffer of at
43 least 3 characters to receive the country code of that qualified
44 signature (i.e. "de" for German and "be" for Belgium).
46 Reading a valid entry returns 0, EOF is indicated by GPG_ERR_EOF
47 and any other error condition is indicated by the appropriate error
48 code. */
49 static gpg_error_t
50 read_list (char *key, char *country, int *lnr)
52 gpg_error_t err;
53 int c, i, j;
54 char *p, line[256];
56 *key = 0;
57 *country = 0;
59 if (!listname)
61 listname = make_filename (gnupg_datadir (), "qualified.txt", NULL);
62 listfp = fopen (listname, "r");
63 if (!listfp && errno != ENOENT)
65 err = gpg_error_from_syserror ();
66 log_error (_("can't open `%s': %s\n"), listname, gpg_strerror (err));
67 return err;
71 if (!listfp)
72 return gpg_error (GPG_ERR_EOF);
76 if (!fgets (line, DIM(line)-1, listfp) )
78 if (feof (listfp))
79 return gpg_error (GPG_ERR_EOF);
80 return gpg_error_from_syserror ();
83 if (!*line || line[strlen(line)-1] != '\n')
85 /* Eat until end of line. */
86 while ( (c=getc (listfp)) != EOF && c != '\n')
88 return gpg_error (*line? GPG_ERR_LINE_TOO_LONG
89 : GPG_ERR_INCOMPLETE_LINE);
91 ++*lnr;
93 /* Allow for empty lines and spaces */
94 for (p=line; spacep (p); p++)
97 while (!*p || *p == '\n' || *p == '#');
99 for (i=j=0; (p[i] == ':' || hexdigitp (p+i)) && j < 40; i++)
100 if ( p[i] != ':' )
101 key[j++] = p[i] >= 'a'? (p[i] & 0xdf): p[i];
102 key[j] = 0;
103 if (j != 40 || !(spacep (p+i) || p[i] == '\n'))
105 log_error (_("invalid formatted fingerprint in `%s', line %d\n"),
106 listname, *lnr);
107 return gpg_error (GPG_ERR_BAD_DATA);
109 assert (p[i]);
110 i++;
111 while (spacep (p+i))
112 i++;
113 if ( p[i] >= 'a' && p[i] <= 'z'
114 && p[i+1] >= 'a' && p[i+1] <= 'z'
115 && (spacep (p+i+2) || p[i+2] == '\n'))
117 country[0] = p[i];
118 country[1] = p[i+1];
119 country[2] = 0;
121 else
123 log_error (_("invalid country code in `%s', line %d\n"), listname, *lnr);
124 return gpg_error (GPG_ERR_BAD_DATA);
127 return 0;
133 /* Check whether the certificate CERT is included in the list of
134 qualified certificates. This list is similar to the "trustlist.txt"
135 as maintained by gpg-agent and includes fingerprints of root
136 certificates to be used for qualified (legally binding like
137 handwritten) signatures. We keep this list system wide and not
138 per user because it is not a decision of the user.
140 Returns: 0 if the certificate is included. GPG_ERR_NOT_FOUND if it
141 is not in the list or any other error (e.g. if no list of
142 qualified signatures is available. If COUNTRY has not been passed
143 as NULL a string witha maximum length of 2 will be copied into it;
144 thus the caller needs to provide a buffer of length 3. */
145 gpg_error_t
146 gpgsm_is_in_qualified_list (ctrl_t ctrl, ksba_cert_t cert, char *country)
148 gpg_error_t err;
149 char *fpr;
150 char key[41];
151 char mycountry[3];
152 int lnr = 0;
154 (void)ctrl;
156 if (country)
157 *country = 0;
159 fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
160 if (!fpr)
161 return gpg_error (GPG_ERR_GENERAL);
163 if (listfp)
164 rewind (listfp);
165 while (!(err = read_list (key, mycountry, &lnr)))
167 if (!strcmp (key, fpr))
168 break;
170 if (gpg_err_code (err) == GPG_ERR_EOF)
171 err = gpg_error (GPG_ERR_NOT_FOUND);
173 if (!err && country)
174 strcpy (country, mycountry);
176 xfree (fpr);
177 return err;
181 /* We know that CERT is a qualified certificate. Ask the user for
182 consent to actually create a signature using this certificate.
183 Returns: 0 for yes, GPG_ERR_CANCEL for no or any otehr error
184 code. */
185 gpg_error_t
186 gpgsm_qualified_consent (ctrl_t ctrl, ksba_cert_t cert)
188 gpg_error_t err;
189 char *name, *subject, *buffer, *p;
190 const char *s;
191 char *orig_codeset = NULL;
193 name = ksba_cert_get_subject (cert, 0);
194 if (!name)
195 return gpg_error (GPG_ERR_GENERAL);
196 subject = gpgsm_format_name2 (name, 0);
197 ksba_free (name); name = NULL;
199 orig_codeset = i18n_switchto_utf8 ();
201 if (asprintf (&name,
202 _("You are about to create a signature using your "
203 "certificate:\n"
204 "\"%s\"\n"
205 "This will create a qualified signature by law "
206 "equated to a handwritten signature.\n\n%s%s"
207 "Are you really sure that you want to do this?"),
208 subject? subject:"?",
209 opt.qualsig_approval?
211 _("Note, that this software is not officially approved "
212 "to create or verify such signatures.\n"),
213 opt.qualsig_approval? "":"\n"
214 ) < 0 )
215 err = gpg_error_from_syserror ();
216 else
217 err = 0;
219 i18n_switchback (orig_codeset);
220 xfree (subject);
222 if (err)
223 return err;
225 buffer = p = xtrymalloc (strlen (name) * 3 + 1);
226 if (!buffer)
228 err = gpg_error_from_syserror ();
229 free (name);
230 return err;
232 for (s=name; *s; s++)
234 if (*s < ' ' || *s == '+')
236 sprintf (p, "%%%02X", *(unsigned char *)s);
237 p += 3;
239 else if (*s == ' ')
240 *p++ = '+';
241 else
242 *p++ = *s;
244 *p = 0;
245 free (name);
248 err = gpgsm_agent_get_confirmation (ctrl, buffer);
250 xfree (buffer);
251 return err;
255 /* Popup a prompt to inform the user that the signature created is not
256 a qualified one. This is of course only done if we know that we
257 have been approved. */
258 gpg_error_t
259 gpgsm_not_qualified_warning (ctrl_t ctrl, ksba_cert_t cert)
261 gpg_error_t err;
262 char *name, *subject, *buffer, *p;
263 const char *s;
264 char *orig_codeset;
266 if (!opt.qualsig_approval)
267 return 0;
269 name = ksba_cert_get_subject (cert, 0);
270 if (!name)
271 return gpg_error (GPG_ERR_GENERAL);
272 subject = gpgsm_format_name2 (name, 0);
273 ksba_free (name); name = NULL;
275 orig_codeset = i18n_switchto_utf8 ();
277 if (asprintf (&name,
278 _("You are about to create a signature using your "
279 "certificate:\n"
280 "\"%s\"\n"
281 "Note, that this certificate will NOT create a "
282 "qualified signature!"),
283 subject? subject:"?") < 0 )
284 err = gpg_error_from_syserror ();
285 else
286 err = 0;
288 i18n_switchback (orig_codeset);
289 xfree (subject);
291 if (err)
292 return err;
294 buffer = p = xtrymalloc (strlen (name) * 3 + 1);
295 if (!buffer)
297 err = gpg_error_from_syserror ();
298 free (name);
299 return err;
301 for (s=name; *s; s++)
303 if (*s < ' ' || *s == '+')
305 sprintf (p, "%%%02X", *(unsigned char *)s);
306 p += 3;
308 else if (*s == ' ')
309 *p++ = '+';
310 else
311 *p++ = *s;
313 *p = 0;
314 free (name);
317 err = gpgsm_agent_get_confirmation (ctrl, buffer);
319 xfree (buffer);
320 return err;