int main (int argc, char **argv) { gpg_error_t err; unsigned char *fpr; size_t fpr_len; char *url; void *key; size_t keylen; char const *name; if (argc) { argc--; argv++; } if (!argc) name = "simon.josefsson.org"; else if (argc == 1) name = *argv; else { fputs ("usage: t-dns-cert [name]\n", stderr); return 1; } printf ("CERT lookup on '%s'\n", name); err = get_dns_cert (name, DNS_CERTTYPE_ANY, &key, &keylen, &fpr, &fpr_len, &url); if (err) printf ("get_dns_cert failed: %s <%s>\n", gpg_strerror (err), gpg_strsource (err)); else if (key) { printf ("Key found (%u bytes)\n", (unsigned int)keylen); } else { if (fpr) { int i; printf ("Fingerprint found (%d bytes): ", (int)fpr_len); for (i = 0; i < fpr_len; i++) printf ("%02X", fpr[i]); putchar ('\n'); } else printf ("No fingerprint found\n"); if (url) printf ("URL found: %s\n", url); else printf ("No URL found\n"); } xfree (key); xfree (fpr); xfree (url); return 0; }
/* Import key in a CERT or pointed to by a CERT */ int keyserver_import_cert (ctrl_t ctrl, const char *name,unsigned char **fpr,size_t *fpr_len) { gpg_error_t err; char *domain,*look,*url; estream_t key; look=xstrdup(name); domain=strrchr(look,'@'); if(domain) *domain='.'; err = get_dns_cert (look, &key, fpr, fpr_len, &url); if (err) ; else if (key) { int armor_status=opt.no_armor; /* CERTs are always in binary format */ opt.no_armor=1; err = import_keys_es_stream (ctrl, key, NULL, fpr, fpr_len, opt.keyserver_options.import_options); opt.no_armor=armor_status; es_fclose (key); key = NULL; } else if (*fpr) { /* We only consider the IPGP type if a fingerprint was provided. This lets us select the right key regardless of what a URL points to, or get the key from a keyserver. */ if(url) { struct keyserver_spec *spec; spec=parse_keyserver_uri(url,1,NULL,0); if(spec) { err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,spec); free_keyserver_spec(spec); } } else if(opt.keyserver) { /* If only a fingerprint is provided, try and fetch it from our --keyserver */ err = keyserver_import_fprint (ctrl, *fpr,*fpr_len,opt.keyserver); } else log_info(_("no keyserver known (use option --keyserver)\n")); /* Give a better string here? "CERT fingerprint for \"%s\" found, but no keyserver" " known (use option --keyserver)\n" ? */ } xfree(url); xfree(look); return err; }