static void print_cert(gnutls_buffer_st * str, gnutls_openpgp_crt_t cert)
{
int i, subkeys;
int err;
print_key_revoked(str, cert, -1);
/* Version. */
{
int version = gnutls_openpgp_crt_get_version(cert);
if (version < 0)
addf(str, "error: get_version: %s\n",
gnutls_strerror(version));
else
addf(str, _("\tVersion: %d\n"), version);
}
/* ID. */
print_key_id(str, cert, -1);
print_key_fingerprint(str, cert);
/* Names. */
i = 0;
do {
char *dn;
size_t dn_size = 0;
err = gnutls_openpgp_crt_get_name(cert, i, NULL, &dn_size);
if (err != GNUTLS_E_SHORT_MEMORY_BUFFER
&& err != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
&& err != GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str, "error: get_name: %s\n",
gnutls_strerror(err));
else {
dn = gnutls_malloc(dn_size);
if (!dn)
addf(str, "error: malloc (%d): %s\n",
(int) dn_size,
gnutls_strerror
(GNUTLS_E_MEMORY_ERROR));
else {
err =
gnutls_openpgp_crt_get_name(cert, i,
dn,
&dn_size);
if (err < 0
&& err !=
GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
&& err != GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str, "error: get_name: %s\n",
gnutls_strerror(err));
else if (err >= 0)
addf(str, _("\tName[%d]: %s\n"), i,
dn);
else if (err ==
GNUTLS_E_OPENPGP_UID_REVOKED)
addf(str,
_("\tRevoked Name[%d]: %s\n"),
i, dn);
gnutls_free(dn);
}
}
i++;
}
while (err >= 0);
print_key_times(str, cert, -1);
print_key_info(str, cert, -1);
print_key_usage(str, cert, -1);
subkeys = gnutls_openpgp_crt_get_subkey_count(cert);
if (subkeys < 0)
return;
for (i = 0; i < subkeys; i++) {
addf(str, _("\n\tSubkey[%d]:\n"), i);
print_key_revoked(str, cert, i);
print_key_id(str, cert, i);
print_key_times(str, cert, i);
print_key_info(str, cert, i);
print_key_usage(str, cert, i);
}
}
/* Converts a parsed gnutls_openpgp_crt_t to a gnutls_cert structure.
*/
int
_gnutls_openpgp_crt_to_gcert (gnutls_cert * gcert, gnutls_openpgp_crt_t cert)
{
int ret;
gnutls_openpgp_keyid_t keyid;
char err_buf[33];
memset (gcert, 0, sizeof (gnutls_cert));
gcert->cert_type = GNUTLS_CRT_OPENPGP;
gcert->version = gnutls_openpgp_crt_get_version (cert);
gcert->params_size = MAX_PUBLIC_PARAMS_SIZE;
ret = gnutls_openpgp_crt_get_preferred_key_id (cert, keyid);
if (ret == 0)
{
int idx;
uint32_t kid32[2];
_gnutls_debug_log
("Importing Openpgp cert and using openpgp sub key: %s\n",
_gnutls_bin2hex (keyid, sizeof (keyid), err_buf, sizeof (err_buf)));
KEYID_IMPORT (kid32, keyid);
idx = gnutls_openpgp_crt_get_subkey_idx (cert, keyid);
if (idx < 0)
{
gnutls_assert ();
return idx;
}
gcert->subject_pk_algorithm =
gnutls_openpgp_crt_get_subkey_pk_algorithm (cert, idx, NULL);
gnutls_openpgp_crt_get_subkey_usage (cert, idx, &gcert->key_usage);
gcert->use_subkey = 1;
memcpy (gcert->subkey_id, keyid, sizeof (keyid));
ret =
_gnutls_openpgp_crt_get_mpis (cert, kid32, gcert->params,
&gcert->params_size);
}
else
{
_gnutls_debug_log
("Importing Openpgp cert and using main openpgp key\n");
gcert->subject_pk_algorithm =
gnutls_openpgp_crt_get_pk_algorithm (cert, NULL);
gnutls_openpgp_crt_get_key_usage (cert, &gcert->key_usage);
ret =
_gnutls_openpgp_crt_get_mpis (cert, NULL, gcert->params,
&gcert->params_size);
gcert->use_subkey = 0;
}
if (ret < 0)
{
gnutls_assert ();
return ret;
}
{ /* copy the raw certificate */
#define SMALL_RAW 512
opaque *raw;
size_t raw_size = SMALL_RAW;
/* initially allocate a bogus size, just in case the certificate
* fits in it. That way we minimize the DER encodings performed.
*/
raw = gnutls_malloc (raw_size);
if (raw == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
ret =
gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw,
&raw_size);
if (ret < 0 && ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
{
gnutls_assert ();
gnutls_free (raw);
return ret;
}
if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
{
raw = gnutls_realloc (raw, raw_size);
if (raw == NULL)
{
gnutls_assert ();
return GNUTLS_E_MEMORY_ERROR;
}
ret =
gnutls_openpgp_crt_export (cert, GNUTLS_OPENPGP_FMT_RAW, raw,
&raw_size);
if (ret < 0)
{
gnutls_assert ();
gnutls_free (raw);
return ret;
}
}
gcert->raw.data = raw;
gcert->raw.size = raw_size;
}
return 0;
}
