/* Return a new assuan context for a Dirmngr connection. */
static gpg_error_t
start_dirmngr_ext (ctrl_t ctrl, assuan_context_t *ctx_r)
{
gpg_error_t err;
assuan_context_t ctx;
if (opt.disable_dirmngr)
return gpg_error (GPG_ERR_NO_DIRMNGR);
if (*ctx_r)
return 0;
/* Note: if you change this to multiple connections, you also need
to take care of the implicit option sending caching. */
err = start_new_dirmngr (&ctx, GPG_ERR_SOURCE_DEFAULT,
opt.homedir, opt.dirmngr_program,
opt.verbose, DBG_ASSUAN,
gpgsm_status2, ctrl);
prepare_dirmngr (ctrl, ctx, err);
if (err)
return err;
*ctx_r = ctx;
return 0;
}
/* Connect to the Dirmngr and return an assuan context. */
static gpg_error_t
connect_dirmngr (assuan_context_t *r_ctx)
{
gpg_error_t err;
assuan_context_t ctx;
*r_ctx = NULL;
err = start_new_dirmngr (&ctx,
GPG_ERR_SOURCE_DEFAULT,
NULL,
opt.autostart, opt.verbose, opt.debug_ipc,
NULL, NULL);
if (!opt.autostart && gpg_err_code (err) == GPG_ERR_NO_DIRMNGR)
{
static int shown;
if (!shown)
{
shown = 1;
log_info (_("no dirmngr running in this session\n"));
}
}
if (err)
assuan_release (ctx);
else
{
*r_ctx = ctx;
}
return err;
}
int
main (int argc, char **argv )
{
ARGPARSE_ARGS pargs;
assuan_context_t ctx;
gpg_error_t err;
unsigned char *certbuf;
size_t certbuflen = 0;
int cmd_ping = 0;
int cmd_cache_cert = 0;
int cmd_validate = 0;
int cmd_lookup = 0;
int cmd_loadcrl = 0;
int cmd_squid_mode = 0;
early_system_init ();
set_strusage (my_strusage);
log_set_prefix ("dirmngr-client",
GPGRT_LOG_WITH_PREFIX);
/* For W32 we need to initialize the socket subsystem. Because we
don't use Pth we need to do this explicit. */
#ifdef HAVE_W32_SYSTEM
{
WSADATA wsadat;
WSAStartup (0x202, &wsadat);
}
#endif /*HAVE_W32_SYSTEM*/
/* Init Assuan. */
assuan_set_assuan_log_prefix (log_get_prefix (NULL));
assuan_set_gpg_err_source (GPG_ERR_SOURCE_DEFAULT);
/* Setup I18N. */
i18n_init();
/* Parse the command line. */
pargs.argc = &argc;
pargs.argv = &argv;
pargs.flags= 1; /* Do not remove the args. */
while (arg_parse (&pargs, opts) )
{
switch (pargs.r_opt)
{
case oVerbose: opt.verbose++; break;
case oQuiet: opt.quiet++; break;
case oOCSP: opt.use_ocsp++; break;
case oPing: cmd_ping = 1; break;
case oCacheCert: cmd_cache_cert = 1; break;
case oValidate: cmd_validate = 1; break;
case oLookup: cmd_lookup = 1; break;
case oUrl: opt.url = 1; break;
case oLocal: opt.local = 1; break;
case oLoadCRL: cmd_loadcrl = 1; break;
case oPEM: opt.pem = 1; break;
case oSquidMode:
opt.pem = 1;
opt.escaped_pem = 1;
cmd_squid_mode = 1;
break;
case oForceDefaultResponder: opt.force_default_responder = 1; break;
default : pargs.err = 2; break;
}
}
if (log_get_errorcount (0))
exit (2);
if (cmd_ping)
err = 0;
else if (cmd_lookup || cmd_loadcrl)
{
if (!argc)
usage (1);
err = 0;
}
else if (cmd_squid_mode)
{
err = 0;
if (argc)
usage (1);
}
else if (!argc)
{
err = read_certificate (NULL, &certbuf, &certbuflen);
if (err)
log_error (_("error reading certificate from stdin: %s\n"),
gpg_strerror (err));
}
else if (argc == 1)
{
err = read_certificate (*argv, &certbuf, &certbuflen);
if (err)
log_error (_("error reading certificate from '%s': %s\n"),
*argv, gpg_strerror (err));
}
else
{
err = 0;
usage (1);
}
if (log_get_errorcount (0))
exit (2);
if (certbuflen > 20000)
{
log_error (_("certificate too large to make any sense\n"));
exit (2);
}
err = start_new_dirmngr (&ctx,
GPG_ERR_SOURCE_DEFAULT,
opt.dirmngr_program
? opt.dirmngr_program
: gnupg_module_name (GNUPG_MODULE_NAME_DIRMNGR),
! cmd_ping,
opt.verbose,
0,
NULL, NULL);
if (err)
{
log_error (_("can't connect to the dirmngr: %s\n"), gpg_strerror (err));
exit (2);
}
if (cmd_ping)
;
else if (cmd_squid_mode)
{
while (!(err = squid_loop_body (ctx)))
;
if (gpg_err_code (err) == GPG_ERR_EOF)
err = 0;
}
else if (cmd_lookup)
{
int last_err = 0;
for (; argc; argc--, argv++)
{
err = do_lookup (ctx, *argv);
if (err)
{
log_error (_("lookup failed: %s\n"), gpg_strerror (err));
last_err = err;
}
}
err = last_err;
}
else if (cmd_loadcrl)
{
int last_err = 0;
for (; argc; argc--, argv++)
{
err = do_loadcrl (ctx, *argv);
if (err)
{
log_error (_("loading CRL '%s' failed: %s\n"),
*argv, gpg_strerror (err));
last_err = err;
}
}
err = last_err;
}
else if (cmd_cache_cert)
{
err = do_cache (ctx, certbuf, certbuflen);
xfree (certbuf);
}
else if (cmd_validate)
{
err = do_validate (ctx, certbuf, certbuflen);
xfree (certbuf);
}
else
{
err = do_check (ctx, certbuf, certbuflen);
xfree (certbuf);
}
assuan_release (ctx);
if (cmd_ping)
{
if (!opt.quiet)
log_info (_("a dirmngr daemon is up and running\n"));
return 0;
}
else if (cmd_lookup|| cmd_loadcrl || cmd_squid_mode)
return err? 1:0;
else if (cmd_cache_cert)
{
if (err && gpg_err_code (err) == GPG_ERR_DUP_VALUE )
{
if (!opt.quiet)
log_info (_("certificate already cached\n"));
}
else if (err)
{
log_error (_("error caching certificate: %s\n"),
gpg_strerror (err));
return 1;
}
return 0;
}
else if (cmd_validate && err)
{
log_error (_("validation of certificate failed: %s\n"),
gpg_strerror (err));
return 1;
}
else if (!err)
{
if (!opt.quiet)
log_info (_("certificate is valid\n"));
return 0;
}
else if (gpg_err_code (err) == GPG_ERR_CERT_REVOKED )
{
if (!opt.quiet)
log_info (_("certificate has been revoked\n"));
return 1;
}
else
{
log_error (_("certificate check failed: %s\n"), gpg_strerror (err));
return 2;
}
}
