diff options
Diffstat (limited to 'src/gpgme-json.c')
-rw-r--r-- | src/gpgme-json.c | 2574 |
1 files changed, 2372 insertions, 202 deletions
diff --git a/src/gpgme-json.c b/src/gpgme-json.c index f1e9f25..b10331b 100644 --- a/src/gpgme-json.c +++ b/src/gpgme-json.c @@ -48,24 +48,25 @@ int main (void){fputs ("Build with Libgpg-error >= 1.28!\n", stderr);return 1;} /* We don't allow a request with more than 64 MiB. */ #define MAX_REQUEST_SIZE (64 * 1024 * 1024) -/* Minimal, default and maximum chunk size for returned data. The - * first chunk is returned directly. If the "more" flag is also - * returned, a "getmore" command needs to be used to get the next - * chunk. Right now this value covers just the value of the "data" - * element; so to cover for the other returned objects this values - * needs to be lower than the maximum allowed size of the browser. */ -#define MIN_REPLY_CHUNK_SIZE 512 -#define DEF_REPLY_CHUNK_SIZE (512 * 1024) +/* Minimal chunk size for returned data.*/ +#define MIN_REPLY_CHUNK_SIZE 30 + +/* If no chunksize is provided we print everything. Changing + * this to a positive value will result in all messages beeing + * chunked. */ +#define DEF_REPLY_CHUNK_SIZE 0 #define MAX_REPLY_CHUNK_SIZE (10 * 1024 * 1024) static void xoutofcore (const char *type) GPGRT_ATTR_NORETURN; static cjson_t error_object_v (cjson_t json, const char *message, - va_list arg_ptr) GPGRT_ATTR_PRINTF(2,0); + va_list arg_ptr, gpg_error_t err) + GPGRT_ATTR_PRINTF(2,0); static cjson_t error_object (cjson_t json, const char *message, ...) GPGRT_ATTR_PRINTF(2,3); static char *error_object_string (const char *message, ...) GPGRT_ATTR_PRINTF(1,2); +static char *process_request (const char *request); /* True if interactive mode is active. */ @@ -79,8 +80,6 @@ static struct char *buffer; /* Malloced data or NULL if not used. */ size_t length; /* Length of that data. */ size_t written; /* # of already written bytes from BUFFER. */ - const char *type;/* The "type" of the data. */ - int base64; /* The "base64" flag of the data. */ } pending_data; @@ -88,13 +87,7 @@ static struct * Helper functions and macros */ -#define xtrymalloc(a) gpgrt_malloc ((a)) #define xtrystrdup(a) gpgrt_strdup ((a)) -#define xmalloc(a) ({ \ - void *_r = gpgrt_malloc ((a)); \ - if (!_r) \ - xoutofcore ("malloc"); \ - _r; }) #define xcalloc(a,b) ({ \ void *_r = gpgrt_calloc ((a), (b)); \ if (!_r) \ @@ -112,6 +105,21 @@ static struct _r; }) #define xfree(a) gpgrt_free ((a)) +/* Only use calloc. */ +#define CALLOC_ONLY 1 + +#if CALLOC_ONLY +#define xtrymalloc(a) gpgrt_calloc (1, (a)) +#define xmalloc(a) xcalloc(1, (a)) +#else +#define xtrymalloc(a) gpgrt_malloc ((a)) +#define xmalloc(a) ({ \ + void *_r = gpgrt_malloc ((a)); \ + if (!_r) \ + xoutofcore ("malloc"); \ + _r; }) +#endif + #define spacep(p) (*(p) == ' ' || *(p) == '\t') #ifndef HAVE_STPCPY @@ -127,6 +135,19 @@ _my_stpcpy (char *a, const char *b) #endif /*!HAVE_STPCPY*/ +/* Free a NULL terminated array */ +static void +xfree_array (char **array) +{ + if (array) + { + int idx; + for (idx = 0; array[idx]; idx++) + xfree (array[idx]); + xfree (array); + } +} + static void xoutofcore (const char *type) @@ -147,6 +168,16 @@ xjson_CreateObject (void) return json; } +/* Call cJSON_CreateArray but terminate in case of an error. */ +static cjson_t +xjson_CreateArray (void) +{ + cjson_t json = cJSON_CreateArray (); + if (!json) + xoutofcore ("cJSON_CreateArray"); + return json; +} + /* Wrapper around cJSON_AddStringToObject which returns an gpg-error * code instead of the NULL or the new object. */ @@ -169,6 +200,15 @@ xjson_AddStringToObject (cjson_t object, const char *name, const char *string) } +/* Same as xjson_AddStringToObject but ignores NULL strings */ +static void +xjson_AddStringToObject0 (cjson_t object, const char *name, const char *string) +{ + if (!string) + return; + xjson_AddStringToObject (object, name, string); +} + /* Wrapper around cJSON_AddBoolToObject which terminates the process * in case of an error. */ static void @@ -179,6 +219,26 @@ xjson_AddBoolToObject (cjson_t object, const char *name, int abool) return ; } +/* Wrapper around cJSON_AddNumberToObject which terminates the process + * in case of an error. */ +static void +xjson_AddNumberToObject (cjson_t object, const char *name, double dbl) +{ + if (!cJSON_AddNumberToObject (object, name, dbl)) + xoutofcore ("cJSON_AddNumberToObject"); + return ; +} + +/* Wrapper around cJSON_AddItemToObject which terminates the process + * in case of an error. */ +static void +xjson_AddItemToObject (cjson_t object, const char *name, cjson_t item) +{ + if (!cJSON_AddItemToObject (object, name, item)) + xoutofcore ("cJSON_AddItemToObject"); + return ; +} + /* This is similar to cJSON_AddStringToObject but takes (DATA, * DATALEN) and adds it under NAME as a base 64 encoded string to * OBJECT. */ @@ -256,7 +316,8 @@ add_base64_to_object (cjson_t object, const char *name, /* Create a JSON error object. If JSON is not NULL the error message * is appended to that object. An existing "type" item will be replaced. */ static cjson_t -error_object_v (cjson_t json, const char *message, va_list arg_ptr) +error_object_v (cjson_t json, const char *message, va_list arg_ptr, + gpg_error_t err) { cjson_t response, j_tmp; char *msg; @@ -277,8 +338,10 @@ error_object_v (cjson_t json, const char *message, va_list arg_ptr) cJSON_ReplaceItemInObject (response, "type", j_tmp); } xjson_AddStringToObject (response, "msg", msg); - xfree (msg); + + xjson_AddNumberToObject (response, "code", err); + return response; } @@ -302,7 +365,20 @@ error_object (cjson_t json, const char *message, ...) va_list arg_ptr; va_start (arg_ptr, message); - response = error_object_v (json, message, arg_ptr); + response = error_object_v (json, message, arg_ptr, 0); + va_end (arg_ptr); + return response; +} + + +static cjson_t +gpg_error_object (cjson_t json, gpg_error_t err, const char *message, ...) +{ + cjson_t response; + va_list arg_ptr; + + va_start (arg_ptr, message); + response = error_object_v (json, message, arg_ptr, err); va_end (arg_ptr); return response; } @@ -316,7 +392,7 @@ error_object_string (const char *message, ...) char *msg; va_start (arg_ptr, message); - response = error_object_v (NULL, message, arg_ptr); + response = error_object_v (NULL, message, arg_ptr, 0); va_end (arg_ptr); msg = xjson_Print (response); @@ -398,12 +474,13 @@ get_chunksize (cjson_t json, size_t *r_chunksize) } -/* Extract the keys from the "keys" array in the JSON object. On - * success a string with the keys identifiers is stored at R_KEYS. +/* Extract the keys from the array or string with the name "name" + * in the JSON object. On success a string with the keys identifiers + * is stored at R_KEYS. * The keys in that string are LF delimited. On failure an error code * is returned. */ static gpg_error_t -get_keys (cjson_t json, char **r_keystring) +get_keys (cjson_t json, const char *name, char **r_keystring) { cjson_t j_keys, j_item; int i, nkeys; @@ -412,7 +489,7 @@ get_keys (cjson_t json, char **r_keystring) *r_keystring = NULL; - j_keys = cJSON_GetObjectItem (json, "keys"); + j_keys = cJSON_GetObjectItem (json, name); if (!j_keys) return gpg_error (GPG_ERR_NO_KEY); if (!cjson_is_array (j_keys) && !cjson_is_string (j_keys)) @@ -490,12 +567,12 @@ _create_new_context (gpgme_protocol_t proto) /* Return a context object for protocol PROTO. This is currently a - * statuically allocated context initialized for PROTO. Termnates + * statically allocated context initialized for PROTO. Terminates * process on failure. */ static gpgme_ctx_t get_context (gpgme_protocol_t proto) { - static gpgme_ctx_t ctx_openpgp, ctx_cms; + static gpgme_ctx_t ctx_openpgp, ctx_cms, ctx_conf; if (proto == GPGME_PROTOCOL_OpenPGP) { @@ -509,12 +586,17 @@ get_context (gpgme_protocol_t proto) ctx_cms = _create_new_context (proto); return ctx_cms; } + else if (proto == GPGME_PROTOCOL_GPGCONF) + { + if (!ctx_conf) + ctx_conf = _create_new_context (proto); + return ctx_conf; + } else log_bug ("invalid protocol %d requested\n", proto); } - /* Free context object retrieved by get_context. */ static void release_context (gpgme_ctx_t ctx) @@ -524,6 +606,23 @@ release_context (gpgme_ctx_t ctx) } +/* Create an addition context for short operations. */ +static gpgme_ctx_t +create_onetime_context (gpgme_protocol_t proto) +{ + return _create_new_context (proto); + +} + + +/* Release a one-time context. */ +static void +release_onetime_context (gpgme_ctx_t ctx) +{ + return gpgme_release (ctx); + +} + /* Given a Base-64 encoded string object in JSON return a gpgme data * object at R_DATA. */ @@ -590,28 +689,769 @@ data_from_base64_string (gpgme_data_t *r_data, cjson_t json) } - -/* - * Implementation of the commands. - */ +/* Create a keylist pattern array from a json keys object + * in the request. Returns either a malloced NULL terminated + * string array which can be used as patterns for + * op_keylist_ext or NULL. */ +static char ** +create_keylist_patterns (cjson_t request, const char *name) +{ + char *keystring; + char *p; + char *tmp; + char **ret; + int cnt = 2; /* Last NULL and one is not newline delimited */ + int i = 0; + + if (get_keys (request, name, &keystring)) + return NULL; + + for (p = keystring; *p; p++) + if (*p == '\n') + cnt++; + + ret = xcalloc (cnt, sizeof *ret); + + for (p = keystring, tmp = keystring; *p; p++) + { + if (*p != '\n') + continue; + *p = '\0'; + ret[i++] = xstrdup (tmp); + tmp = p + 1; + } + /* The last key is not newline delimted. */ + ret[i] = *tmp ? xstrdup (tmp) : NULL; + + xfree (keystring); + return ret; +} + + +/* Do a secret keylisting for protocol proto and add the fingerprints of + the secret keys for patterns to the result as "sec-fprs" array. */ +static gpg_error_t +add_secret_fprs (const char **patterns, gpgme_protocol_t protocol, + cjson_t result) +{ + gpgme_ctx_t ctx; + gpg_error_t err; + gpgme_key_t key = NULL; + cjson_t j_fprs = xjson_CreateArray (); + + ctx = create_onetime_context (protocol); + + gpgme_set_keylist_mode (ctx, GPGME_KEYLIST_MODE_LOCAL | + GPGME_KEYLIST_MODE_WITH_SECRET); + + err = gpgme_op_keylist_ext_start (ctx, patterns, 1, 0); + + if (err) + { + gpg_error_object (result, err, "Error listing keys: %s", + gpg_strerror (err)); + goto leave; + } + + while (!(err = gpgme_op_keylist_next (ctx, &key))) + { + if (!key || !key->fpr) + continue; + cJSON_AddItemToArray (j_fprs, cJSON_CreateString (key->fpr)); + gpgme_key_unref (key); + key = NULL; + } + err = 0; + + release_onetime_context (ctx); + ctx = NULL; + + xjson_AddItemToObject (result, "sec-fprs", j_fprs); + +leave: + release_onetime_context (ctx); + gpgme_key_unref (key); + + return err; +} + + +/* Create sigsum json array */ +static cjson_t +sigsum_to_json (gpgme_sigsum_t summary) +{ + cjson_t result = xjson_CreateObject (); + cjson_t sigsum_array = xjson_CreateArray (); + + if ( (summary & GPGME_SIGSUM_VALID )) + cJSON_AddItemToArray (sigsum_array, + cJSON_CreateString ("valid")); + if ( (summary & GPGME_SIGSUM_GREEN )) + cJSON_AddItemToArray (sigsum_array, + cJSON_CreateString ("green")); + if ( (summary & GPGME_SIGSUM_RED )) + cJSON_AddItemToArray (sigsum_array, + cJSON_CreateString ("red")); + if ( (summary & GPGME_SIGSUM_KEY_REVOKED)) + cJSON_AddItemToArray (sigsum_array, + cJSON_CreateString ("revoked")); + if ( (summary & GPGME_SIGSUM_KEY_EXPIRED)) + cJSON_AddItemToArray (sigsum_array, + cJSON_CreateString ("key-expired")); + if ( (summary & GPGME_SIGSUM_SIG_EXPIRED)) + cJSON_AddItemToArray (sigsum_array, + cJSON_CreateString ("sig-expired")); + if ( (summary & GPGME_SIGSUM_KEY_MISSING)) + cJSON_AddItemToArray (sigsum_array, + cJSON_CreateString ("key-missing")); + if ( (summary & GPGME_SIGSUM_CRL_MISSING)) + cJSON_AddItemToArray (sigsum_array, + cJSON_CreateString ("crl-missing")); + if ( (summary & GPGME_SIGSUM_CRL_TOO_OLD)) + cJSON_AddItemToArray (sigsum_array, + cJSON_CreateString ("crl-too-old")); + if ( (summary & GPGME_SIGSUM_BAD_POLICY )) + cJSON_AddItemToArray (sigsum_array, + cJSON_CreateString ("bad-policy")); + if ( (summary & GPGME_SIGSUM_SYS_ERROR )) + cJSON_AddItemToArray (sigsum_array, + cJSON_CreateString ("sys-error")); + /* The signature summary as string array. */ + xjson_AddItemToObject (result, "sigsum", sigsum_array); + + /* Bools for the same. */ + xjson_AddBoolToObject (result, "valid", + (summary & GPGME_SIGSUM_VALID )); + xjson_AddBoolToObject (result, "green", + (summary & GPGME_SIGSUM_GREEN )); + xjson_AddBoolToObject (result, "red", + (summary & GPGME_SIGSUM_RED )); + xjson_AddBoolToObject (result, "revoked", + (summary & GPGME_SIGSUM_KEY_REVOKED)); + xjson_AddBoolToObject (result, "key-expired", + (summary & GPGME_SIGSUM_KEY_EXPIRED)); + xjson_AddBoolToObject (result, "sig-expired", + (summary & GPGME_SIGSUM_SIG_EXPIRED)); + xjson_AddBoolToObject (result, "key-missing", + (summary & GPGME_SIGSUM_KEY_MISSING)); + xjson_AddBoolToObject (result, "crl-missing", + (summary & GPGME_SIGSUM_CRL_MISSING)); + xjson_AddBoolToObject (result, "crl-too-old", + (summary & GPGME_SIGSUM_CRL_TOO_OLD)); + xjson_AddBoolToObject (result, "bad-policy", + (summary & GPGME_SIGSUM_BAD_POLICY )); + xjson_AddBoolToObject (result, "sys-error", + (summary & GPGME_SIGSUM_SYS_ERROR )); + + return result; +} + + +/* Helper for summary formatting */ +static const char * +validity_to_string (gpgme_validity_t val) +{ + switch (val) + { + case GPGME_VALIDITY_UNDEFINED:return "undefined"; + case GPGME_VALIDITY_NEVER: return "never"; + case GPGME_VALIDITY_MARGINAL: return "marginal"; + case GPGME_VALIDITY_FULL: return "full"; + case GPGME_VALIDITY_ULTIMATE: return "ultimate"; + case GPGME_VALIDITY_UNKNOWN: + default: return "unknown"; + } +} + +static const char * +protocol_to_string (gpgme_protocol_t proto) +{ + switch (proto) + { + case GPGME_PROTOCOL_OpenPGP: return "OpenPGP"; + case GPGME_PROTOCOL_CMS: return "CMS"; + case GPGME_PROTOCOL_GPGCONF: return "gpgconf"; + case GPGME_PROTOCOL_ASSUAN: return "assuan"; + case GPGME_PROTOCOL_G13: return "g13"; + case GPGME_PROTOCOL_UISERVER:return "uiserver"; + case GPGME_PROTOCOL_SPAWN: return "spawn"; + default: + return "unknown"; + } +} + +/* Create a sig_notation json object */ +static cjson_t +sig_notation_to_json (gpgme_sig_notation_t not) +{ + cjson_t result = xjson_CreateObject (); + xjson_AddBoolToObject (result, "human_readable", not->human_readable); + xjson_AddBoolToObject (result, "critical", not->critical); + + xjson_AddStringToObject0 (result, "name", not->name); + xjson_AddStringToObject0 (result, "value", not->value); + + xjson_AddNumberToObject (result, "flags", not->flags); + + return result; +} + +/* Create a key_sig json object */ +static cjson_t +key_sig_to_json (gpgme_key_sig_t sig) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddBoolToObject (result, "revoked", sig->revoked); + xjson_AddBoolToObject (result, "expired", sig->expired); + xjson_AddBoolToObject (result, "invalid", sig->invalid); + xjson_AddBoolToObject (result, "exportable", sig->exportable); + + xjson_AddStringToObject0 (result, "pubkey_algo_name", + gpgme_pubkey_algo_name (sig->pubkey_algo)); + xjson_AddStringToObject0 (result, "keyid", sig->keyid); + xjson_AddStringToObject0 (result, "status", gpgme_strerror (sig->status)); + xjson_AddStringToObject0 (result, "name", sig->name); + xjson_AddStringToObject0 (result, "email", sig->email); + xjson_AddStringToObject0 (result, "comment", sig->comment); + + xjson_AddNumberToObject (result, "pubkey_algo", sig->pubkey_algo); + xjson_AddNumberToObject (result, "timestamp", sig->timestamp); + xjson_AddNumberToObject (result, "expires", sig->expires); + xjson_AddNumberToObject (result, "status_code", sig->status); + xjson_AddNumberToObject (result, "sig_class", sig->sig_class); + + if (sig->notations) + { + gpgme_sig_notation_t not; + cjson_t array = xjson_CreateArray (); + for (not = sig->notations; not; not = not->next) + cJSON_AddItemToArray (array, sig_notation_to_json (not)); + xjson_AddItemToObject (result, "notations", array); + } + + return result; +} + +/* Create a tofu info object */ +static cjson_t +tofu_to_json (gpgme_tofu_info_t tofu) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddStringToObject0 (result, "description", tofu->description); + + xjson_AddNumberToObject (result, "validity", tofu->validity); + xjson_AddNumberToObject (result, "policy", tofu->policy); + xjson_AddNumberToObject (result, "signcount", tofu->signcount); + xjson_AddNumberToObject (result, "encrcount", tofu->encrcount); + xjson_AddNumberToObject (result, "signfirst", tofu->signfirst); + xjson_AddNumberToObject (result, "signlast", tofu->signlast); + xjson_AddNumberToObject (result, "encrfirst", tofu->encrfirst); + xjson_AddNumberToObject (result, "encrlast", tofu->encrlast); + + return result; +} + +/* Create a userid json object */ +static cjson_t +uid_to_json (gpgme_user_id_t uid) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddBoolToObject (result, "revoked", uid->revoked); + xjson_AddBoolToObject (result, "invalid", uid->invalid); + + xjson_AddStringToObject0 (result, "validity", + validity_to_string (uid->validity)); + xjson_AddStringToObject0 (result, "uid", uid->uid); + xjson_AddStringToObject0 (result, "name", uid->name); + xjson_AddStringToObject0 (result, "email", uid->email); + xjson_AddStringToObject0 (result, "comment", uid->comment); + xjson_AddStringToObject0 (result, "address", uid->address); + + xjson_AddNumberToObject (result, "origin", uid->origin); + xjson_AddNumberToObject (result, "last_update", uid->last_update); + + /* Key sigs */ + if (uid->signatures) + { + cjson_t sig_array = xjson_CreateArray (); + gpgme_key_sig_t sig; + + for (sig = uid->signatures; sig; sig = sig->next) + cJSON_AddItemToArray (sig_array, key_sig_to_json (sig)); + + xjson_AddItemToObject (result, "signatures", sig_array); + } + + /* TOFU info */ + if (uid->tofu) + { + gpgme_tofu_info_t tofu; + cjson_t array = xjson_CreateArray (); + for (tofu = uid->tofu; tofu; tofu = tofu->next) + cJSON_AddItemToArray (array, tofu_to_json (tofu)); + xjson_AddItemToObject (result, "tofu", array); + } + + return result; +} + +/* Create a subkey json object */ +static cjson_t +subkey_to_json (gpgme_subkey_t sub) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddBoolToObject (result, "revoked", sub->revoked); + xjson_AddBoolToObject (result, "expired", sub->expired); + xjson_AddBoolToObject (result, "disabled", sub->disabled); + xjson_AddBoolToObject (result, "invalid", sub->invalid); + xjson_AddBoolToObject (result, "can_encrypt", sub->can_encrypt); + xjson_AddBoolToObject (result, "can_sign", sub->can_sign); + xjson_AddBoolToObject (result, "can_certify", sub->can_certify); + xjson_AddBoolToObject (result, "can_authenticate", sub->can_authenticate); + xjson_AddBoolToObject (result, "secret", sub->secret); + xjson_AddBoolToObject (result, "is_qualified", sub->is_qualified); + xjson_AddBoolToObject (result, "is_cardkey", sub->is_cardkey); + xjson_AddBoolToObject (result, "is_de_vs", sub->is_de_vs); + + xjson_AddStringToObject0 (result, "pubkey_algo_name", + gpgme_pubkey_algo_name (sub->pubkey_algo)); + xjson_AddStringToObject0 (result, "pubkey_algo_string", + gpgme_pubkey_algo_string (sub)); + xjson_AddStringToObject0 (result, "keyid", sub->keyid); + xjson_AddStringToObject0 (result, "card_number", sub->card_number); + xjson_AddStringToObject0 (result, "curve", sub->curve); + xjson_AddStringToObject0 (result, "keygrip", sub->keygrip); + + xjson_AddNumberToObject (result, "pubkey_algo", sub->pubkey_algo); + xjson_AddNumberToObject (result, "length", sub->length); + xjson_AddNumberToObject (result, "timestamp", sub->timestamp); + xjson_AddNumberToObject (result, "expires", sub->expires); + + return result; +} + +/* Create a key json object */ +static cjson_t +key_to_json (gpgme_key_t key) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddBoolToObject (result, "revoked", key->revoked); + xjson_AddBoolToObject (result, "expired", key->expired); + xjson_AddBoolToObject (result, "disabled", key->disabled); + xjson_AddBoolToObject (result, "invalid", key->invalid); + xjson_AddBoolToObject (result, "can_encrypt", key->can_encrypt); + xjson_AddBoolToObject (result, "can_sign", key->can_sign); + xjson_AddBoolToObject (result, "can_certify", key->can_certify); + xjson_AddBoolToObject (result, "can_authenticate", key->can_authenticate); + xjson_AddBoolToObject (result, "secret", key->secret); + xjson_AddBoolToObject (result, "is_qualified", key->is_qualified); + + xjson_AddStringToObject0 (result, "protocol", + protocol_to_string (key->protocol)); + xjson_AddStringToObject0 (result, "issuer_serial", key->issuer_serial); + xjson_AddStringToObject0 (result, "issuer_name", key->issuer_name); + xjson_AddStringToObject0 (result, "fingerprint", key->fpr); + xjson_AddStringToObject0 (result, "chain_id", key->chain_id); + xjson_AddStringToObject0 (result, "owner_trust", + validity_to_string (key->owner_trust)); + + xjson_AddNumberToObject (result, "origin", key->origin); + xjson_AddNumberToObject (result, "last_update", key->last_update); + + /* Add subkeys */ + if (key->subkeys) + { + cjson_t subkey_array = xjson_CreateArray (); + gpgme_subkey_t sub; + for (sub = key->subkeys; sub; sub = sub->next) + cJSON_AddItemToArray (subkey_array, subkey_to_json (sub)); + + xjson_AddItemToObject (result, "subkeys", subkey_array); + } + + /* User Ids */ + if (key->uids) + { + cjson_t uid_array = xjson_CreateArray (); + gpgme_user_id_t uid; + for (uid = key->uids; uid; uid = uid->next) + cJSON_AddItemToArray (uid_array, uid_to_json (uid)); + + xjson_AddItemToObject (result, "userids", uid_array); + } + + return result; +} -/* Create a "data" object and the "type", "base64" and "more" flags - * from DATA and append them to RESULT. Ownership if DATA is +/* Create a signature json object */ +static cjson_t +signature_to_json (gpgme_signature_t sig) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddItemToObject (result, "summary", sigsum_to_json (sig->summary)); + + xjson_AddBoolToObject (result, "wrong_key_usage", sig->wrong_key_usage); + xjson_AddBoolToObject (result, "chain_model", sig->chain_model); + xjson_AddBoolToObject (result, "is_de_vs", sig->is_de_vs); + + xjson_AddStringToObject0 (result, "status_string", + gpgme_strerror (sig->status)); + xjson_AddStringToObject0 (result, "fingerprint", sig->fpr); + xjson_AddStringToObject0 (result, "validity_string", + validity_to_string (sig->validity)); + xjson_AddStringToObject0 (result, "pubkey_algo_name", + gpgme_pubkey_algo_name (sig->pubkey_algo)); + xjson_AddStringToObject0 (result, "hash_algo_name", + gpgme_hash_algo_name (sig->hash_algo)); + xjson_AddStringToObject0 (result, "pka_address", sig->pka_address); + + xjson_AddNumberToObject (result, "status_code", sig->status); + xjson_AddNumberToObject (result, "timestamp", sig->timestamp); + xjson_AddNumberToObject (result, "exp_timestamp", sig->exp_timestamp); + xjson_AddNumberToObject (result, "pka_trust", sig->pka_trust); + xjson_AddNumberToObject (result, "validity", sig->validity); + xjson_AddNumberToObject (result, "validity_reason", sig->validity_reason); + + if (sig->notations) + { + gpgme_sig_notation_t not; + cjson_t array = xjson_CreateArray (); + for (not = sig->notations; not; not = not->next) + cJSON_AddItemToArray (array, sig_notation_to_json (not)); + xjson_AddItemToObject (result, "notations", array); + } + + return result; +} + + +/* Create a JSON object from a gpgme_verify result */ +static cjson_t +verify_result_to_json (gpgme_verify_result_t verify_result) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddBoolToObject (result, "is_mime", verify_result->is_mime); + + if (verify_result->signatures) + { + cjson_t array = xjson_CreateArray (); + gpgme_signature_t sig; + + for (sig = verify_result->signatures; sig; sig = sig->next) + cJSON_AddItemToArray (array, signature_to_json (sig)); + xjson_AddItemToObject (result, "signatures", array); + } + + return result; +} + +/* Create a recipient json object */ +static cjson_t +recipient_to_json (gpgme_recipient_t recp) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddStringToObject0 (result, "keyid", recp->keyid); + xjson_AddStringToObject0 (result, "pubkey_algo_name", + gpgme_pubkey_algo_name (recp->pubkey_algo)); + xjson_AddStringToObject0 (result, "status_string", + gpgme_strerror (recp->status)); + + xjson_AddNumberToObject (result, "status_code", recp->status); + + return result; +} + + +/* Create a JSON object from a gpgme_decrypt result */ +static cjson_t +decrypt_result_to_json (gpgme_decrypt_result_t decrypt_result) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddStringToObject0 (result, "file_name", decrypt_result->file_name); + xjson_AddStringToObject0 (result, "symkey_algo", + decrypt_result->symkey_algo); + + xjson_AddBoolToObject (result, "wrong_key_usage", + decrypt_result->wrong_key_usage); + xjson_AddBoolToObject (result, "is_de_vs", + decrypt_result->is_de_vs); + xjson_AddBoolToObject (result, "is_mime", decrypt_result->is_mime); + xjson_AddBoolToObject (result, "legacy_cipher_nomdc", + decrypt_result->legacy_cipher_nomdc); + + if (decrypt_result->recipients) + { + cjson_t array = xjson_CreateArray (); + gpgme_recipient_t recp; + + for (recp = decrypt_result->recipients; recp; recp = recp->next) + cJSON_AddItemToArray (array, recipient_to_json (recp)); + xjson_AddItemToObject (result, "recipients", array); + } + + return result; +} + + +/* Create a JSON object from an engine_info */ +static cjson_t +engine_info_to_json (gpgme_engine_info_t info) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddStringToObject0 (result, "protocol", + protocol_to_string (info->protocol)); + xjson_AddStringToObject0 (result, "fname", info->file_name); + xjson_AddStringToObject0 (result, "version", info->version); + xjson_AddStringToObject0 (result, "req_version", info->req_version); + xjson_AddStringToObject0 (result, "homedir", info->home_dir ? + info->home_dir : + "default"); + return result; +} + + +/* Create a JSON object from an import_status */ +static cjson_t +import_status_to_json (gpgme_import_status_t sts) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddStringToObject0 (result, "fingerprint", sts->fpr); + xjson_AddStringToObject0 (result, "error_string", + gpgme_strerror (sts->result)); + + xjson_AddNumberToObject (result, "status", sts->status); + + return result; +} + +/* Create a JSON object from an import result */ +static cjson_t +import_result_to_json (gpgme_import_result_t imp) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddNumberToObject (result, "considered", imp->considered); + xjson_AddNumberToObject (result, "no_user_id", imp->no_user_id); + xjson_AddNumberToObject (result, "imported", imp->imported); + xjson_AddNumberToObject (result, "imported_rsa", imp->imported_rsa); + xjson_AddNumberToObject (result, "unchanged", imp->unchanged); + xjson_AddNumberToObject (result, "new_user_ids", imp->new_user_ids); + xjson_AddNumberToObject (result, "new_sub_keys", imp->new_sub_keys); + xjson_AddNumberToObject (result, "new_signatures", imp->new_signatures); + xjson_AddNumberToObject (result, "new_revocations", imp->new_revocations); + xjson_AddNumberToObject (result, "secret_read", imp->secret_read); + xjson_AddNumberToObject (result, "secret_imported", imp->secret_imported); + xjson_AddNumberToObject (result, "secret_unchanged", imp->secret_unchanged); + xjson_AddNumberToObject (result, "skipped_new_keys", imp->skipped_new_keys); + xjson_AddNumberToObject (result, "not_imported", imp->not_imported); + xjson_AddNumberToObject (result, "skipped_v3_keys", imp->skipped_v3_keys); + + + if (imp->imports) + { + cjson_t array = xjson_CreateArray (); + gpgme_import_status_t status; + + for (status = imp->imports; status; status = status->next) + cJSON_AddItemToArray (array, import_status_to_json (status)); + xjson_AddItemToObject (result, "imports", array); + } + + return result; +} + + +/* Create a JSON object from a gpgconf arg */ +static cjson_t +conf_arg_to_json (gpgme_conf_arg_t arg, gpgme_conf_type_t type) +{ + cjson_t result = xjson_CreateObject (); + int is_none = 0; + switch (type) + { + case GPGME_CONF_STRING: + case GPGME_CONF_PATHNAME: + case GPGME_CONF_LDAP_SERVER: + case GPGME_CONF_KEY_FPR: + case GPGME_CONF_PUB_KEY: + case GPGME_CONF_SEC_KEY: + case GPGME_CONF_ALIAS_LIST: + xjson_AddStringToObject0 (result, "string", arg->value.string); + break; + + case GPGME_CONF_UINT32: + xjson_AddNumberToObject (result, "number", arg->value.uint32); + break; + + case GPGME_CONF_INT32: + xjson_AddNumberToObject (result, "number", arg->value.int32); + break; + + case GPGME_CONF_NONE: + default: + is_none = 1; + break; + } + xjson_AddBoolToObject (result, "is_none", is_none); + return result; +} + + +/* Create a JSON object from a gpgconf option */ +static cjson_t +conf_opt_to_json (gpgme_conf_opt_t opt) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddStringToObject0 (result, "name", opt->name); + xjson_AddStringToObject0 (result, "description", opt->description); + xjson_AddStringToObject0 (result, "argname", opt->argname); + xjson_AddStringToObject0 (result, "default_description", + opt->default_description); + xjson_AddStringToObject0 (result, "no_arg_description", + opt->no_arg_description); + + xjson_AddNumberToObject (result, "flags", opt->flags); + xjson_AddNumberToObject (result, "level", opt->level); + xjson_AddNumberToObject (result, "type", opt->type); + xjson_AddNumberToObject (result, "alt_type", opt->alt_type); + + if (opt->default_value) + { + cjson_t array = xjson_CreateArray (); + gpgme_conf_arg_t arg; + + for (arg = opt->default_value; arg; arg = arg->next) + cJSON_AddItemToArray (array, conf_arg_to_json (arg, opt->alt_type)); + xjson_AddItemToObject (result, "default_value", array); + } + + if (opt->no_arg_value) + { + cjson_t array = xjson_CreateArray (); + gpgme_conf_arg_t arg; + + for (arg = opt->no_arg_value; arg; arg = arg->next) + cJSON_AddItemToArray (array, conf_arg_to_json (arg, opt->alt_type)); + xjson_AddItemToObject (result, "no_arg_value", array); + } + + if (opt->value) + { + cjson_t array = xjson_CreateArray (); + gpgme_conf_arg_t arg; + + for (arg = opt->value; arg; arg = arg->next) + cJSON_AddItemToArray (array, conf_arg_to_json (arg, opt->alt_type)); + xjson_AddItemToObject (result, "value", array); + } + return result; +} + + +/* Create a JSON object from a gpgconf component*/ +static cjson_t +conf_comp_to_json (gpgme_conf_comp_t cmp) +{ + cjson_t result = xjson_CreateObject (); + + xjson_AddStringToObject0 (result, "name", cmp->name); + xjson_AddStringToObject0 (result, "description", cmp->description); + xjson_AddStringToObject0 (result, "program_name", cmp->program_name); + + + if (cmp->options) + { + cjson_t array = xjson_CreateArray (); + gpgme_conf_opt_t opt; + + for (opt = cmp->options; opt; opt = opt->next) + cJSON_AddItemToArray (array, conf_opt_to_json (opt)); + xjson_AddItemToObject (result, "options", array); + } + + return result; +} + + +/* Create a gpgme_data from json string data named "name" + * in the request. Takes the base64 option into account. + * + * Adds an error to the "result" on error. */ +static gpg_error_t +get_string_data (cjson_t request, cjson_t result, const char *name, + gpgme_data_t *r_data) +{ + gpgme_error_t err; + int opt_base64; + cjson_t j_data; + + if ((err = get_boolean_flag (request, "base64", 0, &opt_base64))) + return err; + + /* Get the data. Note that INPUT is a shallow data object with the + * storage hold in REQUEST. */ + j_data = cJSON_GetObjectItem (request, name); + if (!j_data) + { + return gpg_error (GPG_ERR_NO_DATA); + } + if (!cjson_is_string (j_data)) + { + return gpg_error (GPG_ERR_INV_VALUE); + } + if (opt_base64) + { + err = data_from_base64_string (r_data, j_data); + if (err) + { + gpg_error_object (result, err, + "Error decoding Base-64 encoded '%s': %s", + name, gpg_strerror (err)); + return err; + } + } + else + { + err = gpgme_data_new_from_mem (r_data, j_data->valuestring, + strlen (j_data->valuestring), 0); + if (err) + { + gpg_error_object (result, err, "Error getting '%s': %s", + name, gpg_strerror (err)); + return err; + } + } + return 0; +} + + +/* Create a "data" object and the "type" and "base64" flags + * from DATA and append them to RESULT. Ownership of DATA is * transferred to this function. TYPE must be a fixed string. - * CHUNKSIZE is the chunksize requested from the caller. If BASE64 is - * -1 the need for base64 encoding is determined by the content of - * DATA, all other values are take as rtue or false. Note that - * op_getmore has similar code but works on PENDING_DATA which is set - * here. */ + * If BASE64 is -1 the need for base64 encoding is determined + * by the content of DATA, all other values are taken as true + * or false. */ static gpg_error_t -make_data_object (cjson_t result, gpgme_data_t data, size_t chunksize, +make_data_object (cjson_t result, gpgme_data_t data, const char *type, int base64) { gpg_error_t err; char *buffer; - size_t buflen; - int c; + const char *s; + size_t buflen, n; if (!base64 || base64 == -1) /* Make sure that we really have a string. */ gpgme_data_write (data, "", 1); @@ -629,58 +1469,131 @@ make_data_object (cjson_t result, gpgme_data_t data, size_t chunksize, base64 = 0; if (!buflen) log_fatal ("Appended Nul byte got lost\n"); - if (memchr (buffer, 0, buflen-1)) - { - buflen--; /* Adjust for the extra nul byte. */ - base64 = 1; - } - /* Fixme: We might want to do more advanced heuristics than to - * only look for a Nul. */ + /* Figure out if there is any Nul octet in the buffer. In that + * case we need to Base-64 the buffer. Due to problems with the + * browser's Javascript we use Base-64 also in case an UTF-8 + * character is in the buffer. This is because the chunking may + * split an UTF-8 characters and JS can't handle this. */ + for (s=buffer, n=0; n < buflen -1; s++, n++) + if (!*s || (*s & 0x80)) + { + buflen--; /* Adjust for the extra nul byte. */ + base64 = 1; + break; + } } - /* Adjust the chunksize if we need to do base64 conversion. */ - if (base64) - chunksize = (chunksize / 4) * 3; - xjson_AddStringToObject (result, "type", type); xjson_AddBoolToObject (result, "base64", base64); - if (buflen > chunksize) + if (base64) + err = add_base64_to_object (result, "data", buffer, buflen); + else + err = cjson_AddStringToObject (result, "data", buffer); + + leave: + gpgme_free (buffer); + return err; +} + + +/* Encode and chunk response. + * + * If neccessary this base64 encodes and chunks the repsonse + * for getmore so that we always return valid json independent + * of the chunksize. + * + * A chunked repsonse contains the base64 encoded chunk + * as a string and a boolean if there is still more data + * available for getmore like: + * { + * chunk: "SGVsbG8gV29ybGQK" + * more: true + * } + * + * Chunking is only done if the response is larger then the + * chunksize. + * + * caller has to xfree the return value. + */ +static char * +encode_and_chunk (cjson_t request, cjson_t response) +{ + char *data; + gpg_error_t err = 0; + size_t chunksize = 0; + char *getmore_request = NULL; + + if (opt_interactive) + data = cJSON_Print (response); + else + data = cJSON_PrintUnformatted (response); + + if (!data) { - xjson_AddBoolToObject (result, "more", 1); + err = GPG_ERR_NO_DATA; + goto leave; + } - c = buffer[chunksize]; - buffer[chunksize] = 0; - if (base64) - err = add_base64_to_object (result, "data", buffer, chunksize); - else - err = cjson_AddStringToObject (result, "data", buffer); - buffer[chunksize] = c; - if (err) - goto leave; + if (!request) + { + goto leave; + } - pending_data.buffer = buffer; - buffer = NULL; - pending_data.length = buflen; - pending_data.written = chunksize; - pending_data.type = type; - pending_data.base64 = base64; + if ((err = get_chunksize (request, &chunksize))) + { + err = GPG_ERR_INV_VALUE; + goto leave; } - else + + if (!chunksize) + goto leave; + + pending_data.buffer = data; + /* Data should already be encoded so that it does not + contain 0.*/ + pending_data.length = strlen (data); + pending_data.written = 0; + + if (gpgrt_asprintf (&getmore_request, + "{ \"op\":\"getmore\", \"chunksize\": %i }", + (int) chunksize) == -1) { - if (base64) - err = add_base64_to_object (result, "data", buffer, buflen); - else - err = cjson_AddStringToObject (result, "data", buffer); + err = gpg_error_from_syserror (); + goto leave; } - leave: - gpgme_free (buffer); - return err; + data = process_request (getmore_request); + +leave: + xfree (getmore_request); + + if (!err && !data) + { + err = GPG_ERR_GENERAL; + } + + if (err) + { + cjson_t err_obj = gpg_error_object (NULL, err, + "Encode and chunk failed: %s", + gpgme_strerror (err)); + xfree (data); + if (opt_interactive) + data = cJSON_Print (err_obj); + data = cJSON_PrintUnformatted (err_obj); + + cJSON_Delete (err_obj); + } + + return data; } +/* + * Implementation of the commands. + */ static const char hlp_encrypt[] = "op: \"encrypt\"\n" "keys: Array of strings with the fingerprints or user-ids\n" @@ -690,7 +1603,10 @@ static const char hlp_encrypt[] = "\n" "Optional parameters:\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n" - "chunksize: Max number of bytes in the resulting \"data\".\n" + "signing_keys: Similar to the keys parameter for added signing.\n" + " (openpgp only)" + "file_name: The file name associated with the data.\n" + "sender: Sender info to embed in a signature.\n" "\n" "Optional boolean flags (default is false):\n" "base64: Input data is base64 encoded.\n" @@ -708,32 +1624,29 @@ static const char hlp_encrypt[] = "data: Unless armor mode is used a Base64 encoded binary\n" " ciphertext. In armor mode a string with an armored\n" " OpenPGP or a PEM message.\n" - "base64: Boolean indicating whether data is base64 encoded.\n" - "more: Optional boolean indicating that \"getmore\" is required."; + "base64: Boolean indicating whether data is base64 encoded."; static gpg_error_t op_encrypt (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_protocol_t protocol; - size_t chunksize; - int opt_base64; + char **signing_patterns = NULL; int opt_mime; char *keystring = NULL; - cjson_t j_input; + char *file_name = NULL; gpgme_data_t input = NULL; gpgme_data_t output = NULL; int abool; gpgme_encrypt_flags_t encrypt_flags = 0; + gpgme_ctx_t keylist_ctx = NULL; + gpgme_key_t key = NULL; + cjson_t j_tmp = NULL; if ((err = get_protocol (request, &protocol))) goto leave; ctx = get_context (protocol); - if ((err = get_chunksize (request, &chunksize))) - goto leave; - if ((err = get_boolean_flag (request, "base64", 0, &opt_base64))) - goto leave; if ((err = get_boolean_flag (request, "mime", 0, &opt_mime))) goto leave; @@ -765,81 +1678,114 @@ op_encrypt (cjson_t request, cjson_t result) if (abool) encrypt_flags |= GPGME_ENCRYPT_WANT_ADDRESS; - - /* Get the keys. */ - err = get_keys (request, &keystring); - if (err) + j_tmp = cJSON_GetObjectItem (request, "file_name"); + if (j_tmp && cjson_is_string (j_tmp)) { - /* Provide a custom error response. */ - error_object (result, "Error getting keys: %s", gpg_strerror (err)); - goto leave; + file_name = j_tmp->valuestring; } - /* Get the data. Note that INPUT is a shallow data object with the - * storage hold in REQUEST. */ - j_input = cJSON_GetObjectItem (request, "data"); - if (!j_input) + j_tmp = cJSON_GetObjectItem (request, "sender"); + if (j_tmp && cjson_is_string (j_tmp)) { - err = gpg_error (GPG_ERR_NO_DATA); - goto leave; + gpgme_set_sender (ctx, j_tmp->valuestring); } - if (!cjson_is_string (j_input)) + + /* Get the keys. */ + err = get_keys (request, "keys", &keystring); + if (err) { - err = gpg_error (GPG_ERR_INV_VALUE); + /* Provide a custom error response. */ + gpg_error_object (result, err, "Error getting keys: %s", + gpg_strerror (err)); goto leave; } - if (opt_base64) + + /* Do we have signing keys ? */ + signing_patterns = create_keylist_patterns (request, "signing_keys"); + if (signing_patterns) { - err = data_from_base64_string (&input, j_input); + keylist_ctx = create_onetime_context (protocol); + gpgme_set_keylist_mode (keylist_ctx, GPGME_KEYLIST_MODE_LOCAL); + + err = gpgme_op_keylist_ext_start (keylist_ctx, + (const char **) signing_patterns, + 1, 0); if (err) { - error_object (result, "Error decoding Base-64 encoded 'data': %s", - gpg_strerror (err)); + gpg_error_object (result, err, "Error listing keys: %s", + gpg_strerror (err)); goto leave; } - } - else - { - err = gpgme_data_new_from_mem (&input, j_input->valuestring, - strlen (j_input->valuestring), 0); - if (err) + while (!(err = gpgme_op_keylist_next (keylist_ctx, &key))) { - error_object (result, "Error getting 'data': %s", gpg_strerror (err)); - goto leave; + if ((err = gpgme_signers_add (ctx, key))) + { + gpg_error_object (result, err, "Error adding signer: %s", + gpg_strerror (err)); + goto leave; + } + gpgme_key_unref (key); + key = NULL; } + release_onetime_context (keylist_ctx); + keylist_ctx = NULL; } + + if ((err = get_string_data (request, result, "data", &input))) + goto leave; + if (opt_mime) gpgme_data_set_encoding (input, GPGME_DATA_ENCODING_MIME); + if (file_name) + { + gpgme_data_set_file_name (input, file_name); + } /* Create an output data object. */ err = gpgme_data_new (&output); if (err) { - error_object (result, "Error creating output data object: %s", - gpg_strerror (err)); + gpg_error_object (result, err, "Error creating output data object: %s", + gpg_strerror (err)); goto leave; } /* Encrypt. */ - err = gpgme_op_encrypt_ext (ctx, NULL, keystring, encrypt_flags, - input, output); + if (!signing_patterns) + { + err = gpgme_op_encrypt_ext (ctx, NULL, keystring, encrypt_flags, + input, output); + } + else + { + err = gpgme_op_encrypt_sign_ext (ctx, NULL, keystring, encrypt_flags, + input, output); + + } /* encrypt_result = gpgme_op_encrypt_result (ctx); */ if (err) { - error_object (result, "Encryption failed: %s", gpg_strerror (err)); + gpg_error_object (result, err, "Encryption failed: %s", + gpg_strerror (err)); goto leave; } gpgme_data_release (input); input = NULL; /* We need to base64 if armoring has not been requested. */ - err = make_data_object (result, output, chunksize, + err = make_data_object (result, output, "ciphertext", !gpgme_get_armor (ctx)); output = NULL; leave: + xfree_array (signing_patterns); xfree (keystring); + release_onetime_context (keylist_ctx); + /* Reset sender in case the context is reused */ + gpgme_set_sender (ctx, NULL); + gpgme_key_unref (key); + gpgme_signers_clear (ctx); release_context (ctx); gpgme_data_release (input); gpgme_data_release (output); @@ -854,121 +1800,1275 @@ static const char hlp_decrypt[] = "\n" "Optional parameters:\n" "protocol: Either \"openpgp\" (default) or \"cms\".\n" - "chunksize: Max number of bytes in the resulting \"data\".\n" "\n" "Optional boolean flags (default is false):\n" "base64: Input data is base64 encoded.\n" "\n" "Response on success:\n" - "type: \"plaintext\"\n" - "data: The decrypted data. This may be base64 encoded.\n" - "base64: Boolean indicating whether data is base64 encoded.\n" - "mime: A Boolean indicating whether the data is a MIME object.\n" - "info: An optional object with extra information.\n" - "more: Optional boolean indicating that \"getmore\" is required."; + "type: \"plaintext\"\n" + "data: The decrypted data. This may be base64 encoded.\n" + "base64: Boolean indicating whether data is base64 encoded.\n" + "mime: deprecated - use dec_info is_mime instead\n" + "dec_info: An object with decryption information. (gpgme_decrypt_result_t)\n" + " Boolean values:\n" + " wrong_key_usage: Key should not have been used for encryption.\n" + " is_de_vs: Message was encrypted in compliance to the de-vs\n" + " mode.\n" + " is_mime: Message claims that the content is a MIME Message.\n" + " legacy_cipher_nomdc: The message was made by a legacy algorithm\n" + " without integrity protection.\n" + " String values:\n" + " file_name: The filename contained in the decrypt result.\n" + " symkey_algo: A string with the symmetric encryption algorithm and\n" + " mode using the format \"<algo>.<mode>\".\n" + " Array values:\n" + " recipients: The list of recipients (gpgme_recipient_t).\n" + " String values:\n" + " keyid: The keyid of the recipient.\n" + " pubkey_algo_name: gpgme_pubkey_algo_name of used algo.\n" + " status_string: The status code as localized gpg-error string\n" + " Number values:\n" + " status_code: The status as a number. (gpg_error_t)\n" + "info: Optional an object with verification information.\n" + " (gpgme_verify_result_t)\n" + " file_name: The filename contained in the verify result.\n" + " is_mime: The is_mime info contained in the verify result.\n" + " signatures: Array of signatures\n" + " summary: Object containing summary information.\n" + " Boolean values: (Check gpgme_sigsum_t doc for meaning)\n" + " valid\n" + " green\n" + " red\n" + " revoked\n" + " key-expired\n" + " sig-expired\n" + " key-missing\n" + " crl-missing\n" + " crl-too-old\n" + " bad-policy\n" + " sys-error\n" + " sigsum: Array of strings representing the sigsum.\n" + " Boolean values:\n" + " wrong_key_usage: Key should not have been used for signing.\n" + " chain_model: Validity has been verified using the chain model.\n" + " is_de_vs: signature is in compliance to the de-vs mode.\n" + " String values:\n" + " status_string: The status code as localized gpg-error string\n" + " fingerprint: The fingerprint of the signing key.\n" + " validity_string: The validity as string.\n" + " pubkey_algo_name: gpgme_pubkey_algo_name of used algo.\n" + " hash_algo_name: gpgme_hash_algo_name of used hash algo\n" + " pka_address: The mailbox from the PKA information.\n" + " Number values:\n" + " status_code: The status as a number. (gpg_error_t)\n" + " timestamp: Signature creation time. (secs since epoch)\n" + " exp_timestamp: Signature expiration or 0. (secs since epoch)\n" + " pka_trust: PKA status: 0 = not available, 1 = bad, 2 = okay, 3 = RFU.\n" + " validity: validity as number (gpgme_validity_t)\n" + " validity_reason: (gpg_error_t)\n" + " Array values:\n" + " notations: Notation data and policy urls (gpgme_sig_notation_t)\n" + " Boolean values:\n" + " human_readable\n" + " critical\n" + " String values:\n" + " name\n" + " value\n" + " Number values:\n" + " flags\n"; static gpg_error_t op_decrypt (cjson_t request, cjson_t result) { gpg_error_t err; gpgme_ctx_t ctx = NULL; gpgme_protocol_t protocol; - size_t chunksize; - int opt_base64; - cjson_t j_input; gpgme_data_t input = NULL; gpgme_data_t output = NULL; gpgme_decrypt_result_t decrypt_result; + gpgme_verify_result_t verify_result; if ((err = get_protocol (request, &protocol))) goto leave; ctx = get_context (protocol); - if ((err = get_chunksize (request, &chunksize))) + + if ((err = get_string_data (request, result, "data", &input))) + goto leave; + + /* Create an output data object. */ + err = gpgme_data_new (&output); + if (err) + { + gpg_error_object (result, err, + "Error creating output data object: %s", + gpg_strerror (err)); + goto leave; + } + + /* Decrypt. */ + err = gpgme_op_decrypt_ext (ctx, GPGME_DECRYPT_VERIFY, + input, output); + decrypt_result = gpgme_op_decrypt_result (ctx); + if (err) + { + gpg_error_object (result, err, "Decryption failed: %s", + gpg_strerror (err)); + goto leave; + } + gpgme_data_release (input); + input = NULL; + + if (decrypt_result->is_mime) + xjson_AddBoolToObject (result, "mime", 1); + + xjson_AddItemToObject (result, "dec_info", + decrypt_result_to_json (decrypt_result)); + + verify_result = gpgme_op_verify_result (ctx); + if (verify_result && verify_result->signatures) + { + xjson_AddItemToObject (result, "info", + verify_result_to_json (verify_result)); + } + + err = make_data_object (result, output, "plaintext", -1); + output = NULL; + + if (err) + { + gpg_error_object (result, err, "Plaintext output failed: %s", + gpg_strerror (err)); + goto leave; + } + + leave: + release_context (ctx); + gpgme_data_release (input); + gpgme_data_release (output); + return err; +} + + + +static const char hlp_sign[] = + "op: \"sign\"\n" + "keys: Array of strings with the fingerprints of the signing key.\n" + " For a single key a String may be used instead of an array.\n" + "data: Input data. \n" + "\n" + "Optional parameters:\n" + "protocol: Either \"openpgp\" (default) or \"cms\".\n" + "sender: The mail address of the sender.\n" + "mode: A string with the signing mode can be:\n" + " detached (default)\n" + " opaque\n" + " clearsign\n" + "\n" + "Optional boolean flags (default is false):\n" + "base64: Input data is base64 encoded.\n" + "armor: Request output in armored format.\n" + "\n" + "Response on success:\n" + "type: \"signature\"\n" + "data: Unless armor mode is used a Base64 encoded binary\n" + " signature. In armor mode a string with an armored\n" + " OpenPGP or a PEM message.\n" + "base64: Boolean indicating whether data is base64 encoded.\n"; +static gpg_error_t +op_sign (cjson_t request, cjson_t result) +{ + gpg_error_t err; + gpgme_ctx_t ctx = NULL; + gpgme_protocol_t protocol; + char **patterns = NULL; + gpgme_data_t input = NULL; + gpgme_data_t output = NULL; + int abool; + cjson_t j_tmp; + gpgme_sig_mode_t mode = GPGME_SIG_MODE_DETACH; + gpgme_ctx_t keylist_ctx = NULL; + gpgme_key_t key = NULL; + + if ((err = get_protocol (request, &protocol))) + goto leave; + ctx = get_context (protocol); + + if ((err = get_boolean_flag (request, "armor", 0, &abool))) goto leave; + gpgme_set_armor (ctx, abool); - if ((err = get_boolean_flag (request, "base64", 0, &opt_base64))) + j_tmp = cJSON_GetObjectItem (request, "mode"); + if (j_tmp && cjson_is_string (j_tmp)) + { + if (!strcmp (j_tmp->valuestring, "opaque")) + { + mode = GPGME_SIG_MODE_NORMAL; + } + else if (!strcmp (j_tmp->valuestring, "clearsign")) + { + mode = GPGME_SIG_MODE_CLEAR; + } + } + + j_tmp = cJSON_GetObjectItem (request, "sender"); + if (j_tmp && cjson_is_string (j_tmp)) + { + gpgme_set_sender (ctx, j_tmp->valuestring); + } + + patterns = create_keylist_patterns (request, "keys"); + if (!patterns) + { + gpg_error_object (result, err, "Error getting keys: %s", + gpg_strerror (gpg_error (GPG_ERR_NO_KEY))); + goto leave; + } + + /* Do a keylisting and add the keys */ + keylist_ctx = create_onetime_context (protocol); + gpgme_set_keylist_mode (keylist_ctx, GPGME_KEYLIST_MODE_LOCAL); + + err = gpgme_op_keylist_ext_start (keylist_ctx, + (const char **) patterns, 1, 0); + if (err) + { + gpg_error_object (result, err, "Error listing keys: %s", + gpg_strerror (err)); + goto leave; + } + while (!(err = gpgme_op_keylist_next (keylist_ctx, &key))) + { + if ((err = gpgme_signers_add (ctx, key))) + { + gpg_error_object (result, err, "Error adding signer: %s", + gpg_strerror (err)); + goto leave; + } + gpgme_key_unref (key); + key = NULL; + } + + if ((err = get_string_data (request, result, "data", &input))) goto leave; - /* Get the data. Note that INPUT is a shallow data object with the - * storage hold in REQUEST. */ - j_input = cJSON_GetObjectItem (request, "data"); - if (!j_input) + /* Create an output data object. */ + err = gpgme_data_new (&output); + if (err) { - err = gpg_error (GPG_ERR_NO_DATA); + gpg_error_object (result, err, "Error creating output data object: %s", + gpg_strerror (err)); goto leave; } - if (!cjson_is_string (j_input)) + + /* Sign. */ + err = gpgme_op_sign (ctx, input, output, mode); + if (err) { - err = gpg_error (GPG_ERR_INV_VALUE); + gpg_error_object (result, err, "Signing failed: %s", + gpg_strerror (err)); goto leave; } - if (opt_base64) + + gpgme_data_release (input); + input = NULL; + + /* We need to base64 if armoring has not been requested. */ + err = make_data_object (result, output, + "signature", !gpgme_get_armor (ctx)); + output = NULL; + + leave: + xfree_array (patterns); + gpgme_signers_clear (ctx); + gpgme_key_unref (key); + release_onetime_context (keylist_ctx); + release_context (ctx); + gpgme_data_release (input); + gpgme_data_release (output); + return err; +} + + + +static const char hlp_verify[] = + "op: \"verify\"\n" + "data: The data to verify.\n" + "\n" + "Optional parameters:\n" + "protocol: Either \"openpgp\" (default) or \"cms\".\n" + "signature: A detached signature. If missing opaque is assumed.\n" + "\n" + "Optional boolean flags (default is false):\n" + "base64: Input data is base64 encoded.\n" + "\n" + "Response on success:\n" + "type: \"plaintext\"\n" + "data: The verified data. This may be base64 encoded.\n" + "base64: Boolean indicating whether data is base64 encoded.\n" + "info: An object with verification information (gpgme_verify_result_t).\n" + " is_mime: Boolean that is true if the messages claims it is MIME.\n" + " Note that this flag is not covered by the signature.)\n" + " signatures: Array of signatures\n" + " summary: Object containing summary information.\n" + " Boolean values: (Check gpgme_sigsum_t doc for meaning)\n" + " valid\n" + " green\n" + " red\n" + " revoked\n" + " key-expired\n" + " sig-expired\n" + " key-missing\n" + " crl-missing\n" + " crl-too-old\n" + " bad-policy\n" + " sys-error\n" + " sigsum: Array of strings representing the sigsum.\n" + " Boolean values:\n" + " wrong_key_usage: Key should not have been used for signing.\n" + " chain_model: Validity has been verified using the chain model.\n" + " is_de_vs: signature is in compliance to the de-vs mode.\n" + " String values:\n" + " status_string: The status code as localized gpg-error string\n" + " fingerprint: The fingerprint of the signing key.\n" + " validity_string: The validity as string.\n" + " pubkey_algo_name: gpgme_pubkey_algo_name of used algo.\n" + " hash_algo_name: gpgme_hash_algo_name of used hash algo\n" + " pka_address: The mailbox from the PKA information.\n" + " Number values:\n" + " status_code: The status as a number. (gpg_error_t)\n" + " timestamp: Signature creation time. (secs since epoch)\n" + " exp_timestamp: Signature expiration or 0. (secs since epoch)\n" + " pka_trust: PKA status: 0 = not available, 1 = bad, 2 = okay, 3 = RFU.\n" + " validity: validity as number (gpgme_validity_t)\n" + " validity_reason: (gpg_error_t)\n" + " Array values:\n" + " notations: Notation data and policy urls (gpgme_sig_notation_t)\n" + " Boolean values:\n" + " human_readable\n" + " critical\n" + " String values:\n" + " name\n" + " value\n" + " Number values:\n" + " flags\n"; +static gpg_error_t +op_verify (cjson_t request, cjson_t result) +{ + gpg_error_t err; + gpgme_ctx_t ctx = NULL; + gpgme_protocol_t protocol; + gpgme_data_t input = NULL; + gpgme_data_t signature = NULL; + gpgme_data_t output = NULL; + gpgme_verify_result_t verify_result; + + if ((err = get_protocol (request, &protocol))) + goto leave; + ctx = get_context (protocol); + + if ((err = get_string_data (request, result, "data", &input))) + goto leave; + + err = get_string_data (request, result, "signature", &signature); + /* Signature data is optional otherwise we expect opaque or clearsigned. */ + if (err && err != gpg_error (GPG_ERR_NO_DATA)) + goto leave; + + if (!signature) { - err = data_from_base64_string (&input, j_input); + /* Verify opaque or clearsigned we need an output data object. */ + err = gpgme_data_new (&output); if (err) { - error_object (result, "Error decoding Base-64 encoded 'data': %s", - gpg_strerror (err)); + gpg_error_object (result, err, + "Error creating output data object: %s", + gpg_strerror (err)); goto leave; } + err = gpgme_op_verify (ctx, input, 0, output); } else { - err = gpgme_data_new_from_mem (&input, j_input->valuestring, - strlen (j_input->valuestring), 0); + err = gpgme_op_verify (ctx, signature, input, NULL); + } + + if (err) + { + gpg_error_object (result, err, "Verify failed: %s", gpg_strerror (err)); + goto leave; + } + gpgme_data_release (input); + input = NULL; + gpgme_data_release (signature); + signature = NULL; + + verify_result = gpgme_op_verify_result (ctx); + if (verify_result && verify_result->signatures) + { + xjson_AddItemToObject (result, "info", + verify_result_to_json (verify_result)); + } + + if (output) + { + err = make_data_object (result, output, "plaintext", -1); + output = NULL; + if (err) { - error_object (result, "Error getting 'data': %s", gpg_strerror (err)); + gpg_error_object (result, err, "Plaintext output failed: %s", + gpg_strerror (err)); goto leave; } } - /* Create an output data object. */ - err = gpgme_data_new (&output); + leave: + release_context (ctx); + gpgme_data_release (input); + gpgme_data_release (output); + gpgme_data_release (signature); + return err; +} + + + +static const char hlp_version[] = + "op: \"version\"\n" + "\n" + "Response on success:\n" + "gpgme: The GPGME Version.\n" + "info: dump of engine info. containing:\n" + " protocol: The protocol.\n" + " fname: The file name.\n" + " version: The version.\n" + " req_ver: The required version.\n" + " homedir: The homedir of the engine or \"default\".\n"; +static gpg_error_t +op_version (cjson_t request, cjson_t result) +{ + gpg_error_t err = 0; + gpgme_engine_info_t ei = NULL; + cjson_t infos = xjson_CreateArray (); + + (void)request; + + if (!cJSON_AddStringToObject (result, "gpgme", gpgme_check_version (NULL))) + { + cJSON_Delete (infos); + return gpg_error_from_syserror (); + } + + if ((err = gpgme_get_engine_info (&ei))) + { + cJSON_Delete (infos); + return err; + } + + for (; ei; ei = ei->next) + cJSON_AddItemToArray (infos, engine_info_to_json (ei)); + + if (!cJSON_AddItemToObject (result, "info", infos)) + { + err = gpg_error_from_syserror (); + cJSON_Delete (infos); + return err; + } + + return 0; +} + + + +static const char hlp_keylist[] = + "op: \"keylist\"\n" + "\n" + "Optional parameters:\n" + "keys: Array of strings or fingerprints to lookup\n" + " For a single key a String may be used instead of an array.\n" + " default lists all keys.\n" + "protocol: Either \"openpgp\" (default) or \"cms\".\n" + "\n" + "Optional boolean flags (default is false):\n" + "secret: List only secret keys.\n" + "with-secret: Add KEYLIST_MODE_WITH_SECRET.\n" + "extern: Add KEYLIST_MODE_EXTERN.\n" + "local: Add KEYLIST_MODE_LOCAL. (default mode).\n" + "sigs: Add KEYLIST_MODE_SIGS.\n" + "notations: Add KEYLIST_MODE_SIG_NOTATIONS.\n" + "tofu: Add KEYLIST_MODE_WITH_TOFU.\n" + "ephemeral: Add KEYLIST_MODE_EPHEMERAL.\n" + "validate: Add KEYLIST_MODE_VALIDATE.\n" + "locate: Add KEYLIST_MODE_LOCATE.\n" + "\n" + "Response on success:\n" + "keys: Array of keys.\n" + " Boolean values:\n" + " revoked\n" + " expired\n" + " disabled\n" + " invalid\n" + " can_encrypt\n" + " can_sign\n" + " can_certify\n" + " can_authenticate\n" + " secret\n" + " is_qualified\n" + " String values:\n" + " protocol\n" + " issuer_serial (CMS Only)\n" + " issuer_name (CMS Only)\n" + " chain_id (CMS Only)\n" + " owner_trust (OpenPGP only)\n" + " fingerprint\n" + " Number values:\n" + " last_update\n" + " origin\n" + " Array values:\n" + " subkeys\n" + " Boolean values:\n" + " revoked\n" + " expired\n" + " disabled\n" + " invalid\n" + " can_encrypt\n" + " can_sign\n" + " can_certify\n" + " can_authenticate\n" + " secret\n" + " is_qualified\n" + " is_cardkey\n" + " is_de_vs\n" + " String values:\n" + " pubkey_algo_name\n" + " pubkey_algo_string\n" + " keyid\n" + " card_number\n" + " curve\n" + " keygrip\n" + " Number values:\n" + " pubkey_algo\n" + " length\n" + " timestamp\n" + " expires\n" + " userids\n" + " Boolean values:\n" + " revoked\n" + " invalid\n" + " String values:\n" + " validity\n" + " uid\n" + " name\n" + " email\n" + " comment\n" + " address\n" + " Number values:\n" + " origin\n" + " last_update\n" + " Array values:\n" + " signatures\n" + " Boolean values:\n" + " revoked\n" + " expired\n" + " invalid\n" + " exportable\n" + " String values:\n" + " pubkey_algo_name\n" + " keyid\n" + " status\n" + " uid\n" + " name\n" + " email\n" + " comment\n" + " Number values:\n" + " pubkey_algo\n" + " timestamp\n" + " expires\n" + " status_code\n" + " sig_class\n" + " Array values:\n" + " notations\n" + " Boolean values:\n" + " human_readable\n" + " critical\n" + " String values:\n" + " name\n" + " value\n" + " Number values:\n" + " flags\n" + " tofu\n" + " String values:\n" + " description\n" + " Number values:\n" + " validity\n" + " policy\n" + " signcount\n" + " encrcount\n" + " signfirst\n" + " signlast\n" + " encrfirst\n" + " encrlast\n"; +static gpg_error_t +op_keylist (cjson_t request, cjson_t result) +{ + gpg_error_t err; + gpgme_ctx_t ctx = NULL; + gpgme_protocol_t protocol; + char **patterns = NULL; + int abool; + int secret_only = 0; + gpgme_keylist_mode_t mode = 0; + gpgme_key_t key = NULL; + cjson_t keyarray = xjson_CreateArray (); + + if ((err = get_protocol (request, &protocol))) + goto leave; + ctx = get_context (protocol); + + /* Handle the various keylist mode bools. */ + if ((err = get_boolean_flag (request, "secret", 0, &abool))) + goto leave; + if (abool) + { + mode |= GPGME_KEYLIST_MODE_WITH_SECRET; + secret_only = 1; + } + if ((err = get_boolean_flag (request, "with-secret", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_KEYLIST_MODE_WITH_SECRET; + if ((err = get_boolean_flag (request, "extern", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_KEYLIST_MODE_EXTERN; + + if ((err = get_boolean_flag (request, "local", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_KEYLIST_MODE_LOCAL; + + if ((err = get_boolean_flag (request, "sigs", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_KEYLIST_MODE_SIGS; + + if ((err = get_boolean_flag (request, "notations", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_KEYLIST_MODE_SIG_NOTATIONS; + + if ((err = get_boolean_flag (request, "tofu", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_KEYLIST_MODE_WITH_TOFU; + + if ((err = get_boolean_flag (request, "ephemeral", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_KEYLIST_MODE_EPHEMERAL; + + if ((err = get_boolean_flag (request, "validate", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_KEYLIST_MODE_VALIDATE; + + if ((err = get_boolean_flag (request, "locate", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_KEYLIST_MODE_LOCATE; + + if (!mode) + { + /* default to local */ + mode = GPGME_KEYLIST_MODE_LOCAL; + } + + /* Get the keys. */ + patterns = create_keylist_patterns (request, "keys"); + + /* Do a keylisting and add the keys */ + gpgme_set_keylist_mode (ctx, mode); + + err = gpgme_op_keylist_ext_start (ctx, (const char **) patterns, + secret_only, 0); if (err) { - error_object (result, "Error creating output data object: %s", - gpg_strerror (err)); + gpg_error_object (result, err, "Error listing keys: %s", + gpg_strerror (err)); goto leave; } - /* Decrypt. */ - err = gpgme_op_decrypt_ext (ctx, GPGME_DECRYPT_VERIFY, - input, output); - decrypt_result = gpgme_op_decrypt_result (ctx); + while (!(err = gpgme_op_keylist_next (ctx, &key))) + { + cJSON_AddItemToArray (keyarray, key_to_json (key)); + gpgme_key_unref (key); + } + err = 0; + + if (!cJSON_AddItemToObject (result, "keys", keyarray)) + { + err = gpg_error_from_syserror (); + goto leave; + } + + leave: + xfree_array (patterns); + if (err) + { + cJSON_Delete (keyarray); + } + return err; +} + + + +static const char hlp_import[] = + "op: \"import\"\n" + "data: The data to import.\n" + "\n" + "Optional parameters:\n" + "protocol: Either \"openpgp\" (default) or \"cms\".\n" + "\n" + "Optional boolean flags (default is false):\n" + "base64: Input data is base64 encoded.\n" + "\n" + "Response on success:\n" + "result: The import result.\n" + " Number values:\n" + " considered\n" + " no_user_id\n" + " imported\n" + " imported_rsa\n" + " unchanged\n" + " new_user_ids\n" + " new_sub_keys\n" + " new_signatures\n" + " new_revocations\n" + " secret_read\n" + " secret_imported\n" + " secret_unchanged\n" + " skipped_new_keys\n" + " not_imported\n" + " skipped_v3_keys\n" + " Array values:\n" + " imports: List of keys for which an import was attempted\n" + " String values:\n" + " fingerprint\n" + " error_string\n" + " Number values:\n" + " error_code\n" + " status\n"; +static gpg_error_t +op_import (cjson_t request, cjson_t result) +{ + gpg_error_t err; + gpgme_ctx_t ctx = NULL; + gpgme_data_t input = NULL; + gpgme_import_result_t import_result; + gpgme_protocol_t protocol; + + if ((err = get_protocol (request, &protocol))) + goto leave; + ctx = get_context (protocol); + + if ((err = get_string_data (request, result, "data", &input))) + goto leave; + + /* Import. */ + err = gpgme_op_import (ctx, input); + import_result = gpgme_op_import_result (ctx); if (err) { - error_object (result, "Decryption failed: %s", gpg_strerror (err)); + gpg_error_object (result, err, "Import failed: %s", + gpg_strerror (err)); goto leave; } gpgme_data_release (input); input = NULL; - if (decrypt_result->is_mime) - xjson_AddBoolToObject (result, "mime", 1); - - err = make_data_object (result, output, chunksize, "plaintext", -1); - output = NULL; + xjson_AddItemToObject (result, "result", + import_result_to_json (import_result)); leave: release_context (ctx); gpgme_data_release (input); + return err; +} + + +static const char hlp_export[] = + "op: \"export\"\n" + "\n" + "Optional parameters:\n" + "keys: Array of strings or fingerprints to lookup\n" + " For a single key a String may be used instead of an array.\n" + " default exports all keys.\n" + "protocol: Either \"openpgp\" (default) or \"cms\".\n" + "\n" + "Optional boolean flags (default is false):\n" + "armor: Request output in armored format.\n" + "extern: Add EXPORT_MODE_EXTERN.\n" + "minimal: Add EXPORT_MODE_MINIMAL.\n" + "raw: Add EXPORT_MODE_RAW.\n" + "pkcs12: Add EXPORT_MODE_PKCS12.\n" + "with-sec-fprs: Add the sec-fprs array to the result.\n" + "\n" + "Response on success:\n" + "type: \"keys\"\n" + "data: Unless armor mode is used a Base64 encoded binary.\n" + " In armor mode a string with an armored\n" + " OpenPGP or a PEM / PKCS12 key.\n" + "base64: Boolean indicating whether data is base64 encoded.\n" + "sec-fprs: Optional, only if with-secret is set. An array containing\n" + " the fingerprints of the keys in the export for which a secret\n" + " key is available"; +static gpg_error_t +op_export (cjson_t request, cjson_t result) +{ + gpg_error_t err; + gpgme_ctx_t ctx = NULL; + gpgme_protocol_t protocol; + char **patterns = NULL; + int abool; + int with_secret = 0; + gpgme_export_mode_t mode = 0; + gpgme_data_t output = NULL; + + if ((err = get_protocol (request, &protocol))) + goto leave; + ctx = get_context (protocol); + + if ((err = get_boolean_flag (request, "armor", 0, &abool))) + goto leave; + gpgme_set_armor (ctx, abool); + + /* Handle the various export mode bools. */ + if ((err = get_boolean_flag (request, "secret", 0, &abool))) + goto leave; + if (abool) + { + err = gpg_error (GPG_ERR_FORBIDDEN); + goto leave; + } + + if ((err = get_boolean_flag (request, "extern", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_EXPORT_MODE_EXTERN; + + if ((err = get_boolean_flag (request, "minimal", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_EXPORT_MODE_MINIMAL; + + if ((err = get_boolean_flag (request, "raw", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_EXPORT_MODE_RAW; + + if ((err = get_boolean_flag (request, "pkcs12", 0, &abool))) + goto leave; + if (abool) + mode |= GPGME_EXPORT_MODE_PKCS12; + + if ((err = get_boolean_flag (request, "with-sec-fprs", 0, &abool))) + goto leave; + if (abool) + with_secret = 1; + + /* Get the export patterns. */ + patterns = create_keylist_patterns (request, "keys"); + + /* Create an output data object. */ + err = gpgme_data_new (&output); + if (err) + { + gpg_error_object (result, err, "Error creating output data object: %s", + gpg_strerror (err)); + goto leave; + } + + err = gpgme_op_export_ext (ctx, (const char **) patterns, + mode, output); + if (err) + { + gpg_error_object (result, err, "Error exporting keys: %s", + gpg_strerror (err)); + goto leave; + } + + /* We need to base64 if armoring has not been requested. */ + err = make_data_object (result, output, + "keys", !gpgme_get_armor (ctx)); + output = NULL; + + if (!err && with_secret) + { + err = add_secret_fprs ((const char **) patterns, protocol, result); + } + +leave: + xfree_array (patterns); + release_context (ctx); gpgme_data_release (output); + + return err; +} + + +static const char hlp_delete[] = + "op: \"delete\"\n" + "key: Fingerprint of the key to delete.\n" + "\n" + "Optional parameters:\n" + "protocol: Either \"openpgp\" (default) or \"cms\".\n" + "\n" + "Response on success:\n" + "success: Boolean true.\n"; +static gpg_error_t +op_delete (cjson_t request, cjson_t result) +{ + gpg_error_t err; + gpgme_ctx_t ctx = NULL; + gpgme_ctx_t keylist_ctx = NULL; + gpgme_protocol_t protocol; + gpgme_key_t key = NULL; + int secret = 0; + cjson_t j_key = NULL; + + if ((err = get_protocol (request, &protocol))) + goto leave; + ctx = get_context (protocol); + keylist_ctx = get_context (protocol); + + if ((err = get_boolean_flag (request, "secret", 0, &secret))) + goto leave; + if (secret) + { + err = gpg_error (GPG_ERR_FORBIDDEN); + goto leave; + } + + j_key = cJSON_GetObjectItem (request, "key"); + if (!j_key) + { + err = gpg_error (GPG_ERR_NO_KEY); + goto leave; + } + if (!cjson_is_string (j_key)) + { + err = gpg_error (GPG_ERR_INV_VALUE); + goto leave; + } + + /* Get the key */ + if ((err = gpgme_get_key (keylist_ctx, j_key->valuestring, &key, 0))) + { + gpg_error_object (result, err, "Error fetching key for delete: %s", + gpg_strerror (err)); + goto leave; + } + + err = gpgme_op_delete (ctx, key, 0); + if (err) + { + gpg_error_object (result, err, "Error deleting key: %s", + gpg_strerror (err)); + goto leave; + } + + xjson_AddBoolToObject (result, "success", 1); + +leave: + gpgme_key_unref (key); + release_context (ctx); + release_context (keylist_ctx); + + return err; +} + + +static const char hlp_config_opt[] = + "op: \"config_opt\"\n" + "component: The component of the option.\n" + "option: The name of the option.\n" + "\n" + "Response on success:\n" + "\n" + "option: Information about the option.\n" + " String values:\n" + " name: The name of the option\n" + " description: Localized description of the opt.\n" + " argname: Thhe argument name e.g. --verbose\n" + " default_description\n" + " no_arg_description\n" + " Number values:\n" + " flags: Flags for this option.\n" + " level: the level of the description. See gpgme_conf_level_t.\n" + " type: The type of the option. See gpgme_conf_type_t.\n" + " alt_type: Alternate type of the option. See gpgme_conf_type_t\n" + " Arg type values: (see desc. below)\n" + " default_value: Array of the default value.\n" + " no_arg_value: Array of the value if it is not set.\n" + " value: Array for the current value if the option is set.\n" + "\n" + "If the response is empty the option was not found\n" + ""; +static gpg_error_t +op_config_opt (cjson_t request, cjson_t result) +{ + gpg_error_t err; + gpgme_ctx_t ctx = NULL; + gpgme_conf_comp_t conf = NULL; + gpgme_conf_comp_t comp = NULL; + cjson_t j_tmp; + char *comp_name = NULL; + char *opt_name = NULL; + + ctx = get_context (GPGME_PROTOCOL_GPGCONF); + + j_tmp = cJSON_GetObjectItem (request, "component"); + if (!j_tmp || !cjson_is_string (j_tmp)) + { + err = gpg_error (GPG_ERR_INV_VALUE); + goto leave; + } + comp_name = j_tmp->valuestring; + + + j_tmp = cJSON_GetObjectItem (request, "option"); + if (!j_tmp || !cjson_is_string (j_tmp)) + { + err = gpg_error (GPG_ERR_INV_VALUE); + goto leave; + } + opt_name = j_tmp->valuestring; + + /* Load the config */ + err = gpgme_op_conf_load (ctx, &conf); + if (err) + { + goto leave; + } + + comp = conf; + for (comp = conf; comp; comp = comp->next) + { + gpgme_conf_opt_t opt = NULL; + int found = 0; + if (!comp->name || strcmp (comp->name, comp_name)) + { + /* Skip components if a single one is specified */ + continue; + } + for (opt = comp->options; opt; opt = opt->next) + { + if (!opt->name || strcmp (opt->name, opt_name)) + { + /* Skip components if a single one is specified */ + continue; + } + xjson_AddItemToObject (result, "option", conf_opt_to_json (opt)); + found = 1; + break; + } + if (found) + break; + } + +leave: + gpgme_conf_release (conf); + release_context (ctx); + + return err; +} + + +static const char hlp_config[] = + "op: \"config\"\n" + "\n" + "Optional parameters:\n" + "component: Component of entries to list.\n" + " Default: all\n" + "\n" + "Response on success:\n" + " components: Array of the component program configs.\n" + " name: The component name.\n" + " description: Description of the component.\n" + " program_name: The absolute path to the program.\n" + " options: Array of config options\n" + " String values:\n" + " name: The name of the option\n" + " description: Localized description of the opt.\n" + " argname: Thhe argument name e.g. --verbose\n" + " default_description\n" + " no_arg_description\n" + " Number values:\n" + " flags: Flags for this option.\n" + " level: the level of the description. See gpgme_conf_level_t.\n" + " type: The type of the option. See gpgme_conf_type_t.\n" + " alt_type: Alternate type of the option. See gpgme_conf_type_t\n" + " Arg type values: (see desc. below)\n" + " default_value: Array of the default value.\n" + " no_arg_value: Array of the value if it is not set.\n" + " value: Array for the current value if the option is set.\n" + "\n" + "Conf type values are an array of values that are either\n" + "of type number named \"number\" or of type string,\n" + "named \"string\".\n" + "If the type is none the bool value is_none is true.\n" + ""; +static gpg_error_t +op_config (cjson_t request, cjson_t result) +{ + gpg_error_t err; + gpgme_ctx_t ctx = NULL; + gpgme_conf_comp_t conf = NULL; + gpgme_conf_comp_t comp = NULL; + cjson_t j_tmp; + char *comp_name = NULL; + cjson_t j_comps = xjson_CreateArray (); + + ctx = get_context (GPGME_PROTOCOL_GPGCONF); + + j_tmp = cJSON_GetObjectItem (request, "component"); + if (j_tmp && cjson_is_string (j_tmp)) + { + comp_name = j_tmp->valuestring; + } + else if (j_tmp && !cjson_is_string (j_tmp)) + { + err = gpg_error (GPG_ERR_INV_VALUE); + goto leave; + } + + /* Load the config */ + err = gpgme_op_conf_load (ctx, &conf); + if (err) + { + goto leave; + } + + comp = conf; + for (comp = conf; comp; comp = comp->next) + { + if (comp_name && comp->name && strcmp (comp->name, comp_name)) + { + /* Skip components if a single one is specified */ + continue; + } + cJSON_AddItemToArray (j_comps, conf_comp_to_json (comp)); + } + xjson_AddItemToObject (result, "components", j_comps); + +leave: + gpgme_conf_release (conf); + release_context (ctx); + return err; } -static const char hlp_getmore[] = - "op: \"getmore\"\n" +static const char hlp_createkey[] = + "op: \"createkey\"\n" + "userid: The user id. E.g. \"Foo Bar <foo@bar.baz>\"\n" "\n" "Optional parameters:\n" - "chunksize: Max number of bytes in the \"data\" object.\n" + "algo: Algo of the key as string. See doc for gpg --quick-gen-key.\n" + " Supported values are \"default\" and \"future-default\".\n" + "expires: Seconds from now to expiry as Number. 0 means no expiry.\n" + " The default is to use a standard expiration interval.\n" "\n" "Response on success:\n" - "type: Type of the pending data\n" - "data: The next chunk of data\n" - "base64: Boolean indicating whether data is base64 encoded\n" - "more: Optional boolean requesting another \"getmore\"."; + "fingerprint: The fingerprint of the created key.\n" + "\n" + "Note: This interface does not allow key generation if the userid\n" + "of the new key already exists in the keyring.\n"; +static gpg_error_t +op_createkey (cjson_t request, cjson_t result) +{ + gpg_error_t err; + gpgme_ctx_t ctx = NULL; + unsigned int flags = GPGME_CREATE_FORCE; /* Always force as the GUI should + handle checks, if required. */ + unsigned long expires = 0; + cjson_t j_tmp; + const char *algo = "default"; + const char *userid; + gpgme_genkey_result_t res; + +#ifdef GPG_AGENT_ALLOWS_KEYGEN_THROUGH_BROWSER + /* GnuPG forbids keygen through the browser socket so for + this we create an unrestricted context. + See GnuPG-Bug-Id: T4010 for more info */ + ctx = get_context (GPGME_PROTOCOL_OpenPGP); +#else + err = gpgme_new (&ctx); + if (err) + log_fatal ("error creating GPGME context: %s\n", gpg_strerror (err)); + gpgme_set_protocol (ctx, GPGME_PROTOCOL_OpenPGP); +#endif + + j_tmp = cJSON_GetObjectItem (request, "algo"); + if (j_tmp && cjson_is_string (j_tmp)) + { + algo = j_tmp->valuestring; + } + + j_tmp = cJSON_GetObjectItem (request, "userid"); + if (!j_tmp || !cjson_is_string (j_tmp)) + { + err = gpg_error (GPG_ERR_INV_VALUE); + goto leave; + } + + userid = j_tmp->valuestring; + + j_tmp = cJSON_GetObjectItem (request, "expires"); + if (j_tmp) + { + if (!cjson_is_number (j_tmp)) + { + err = gpg_error (GPG_ERR_INV_VALUE); + goto leave; + } + expires = j_tmp->valueint; + + if (!expires) + flags |= GPGME_CREATE_NOEXPIRE; + } + + + if ((err = gpgme_op_createkey (ctx, userid, algo, 0, expires, NULL, flags))) + goto leave; + + res = gpgme_op_genkey_result (ctx); + if (!res) + { + err = gpg_error (GPG_ERR_GENERAL); + goto leave; + } + + xjson_AddStringToObject0 (result, "fingerprint", res->fpr); + +leave: +#ifdef GPG_AGENT_ALLOWS_KEYGEN_THROUGH_BROWSER + release_context (ctx); +#else + gpgme_release (ctx); +#endif + + return err; +} + + + +static const char hlp_getmore[] = + "op: \"getmore\"\n" + "\n" + "Response on success:\n" + "response: base64 encoded json response.\n" + "more: Another getmore is required.\n" + "base64: boolean if the response is base64 encoded.\n"; static gpg_error_t op_getmore (cjson_t request, cjson_t result) { @@ -980,20 +3080,24 @@ op_getmore (cjson_t request, cjson_t result) if ((err = get_chunksize (request, &chunksize))) goto leave; - /* Adjust the chunksize if we need to do base64 conversion. */ - if (pending_data.base64) - chunksize = (chunksize / 4) * 3; + /* For the meta data we need 41 bytes: + {"more":true,"base64":true,"response":""} */ + chunksize -= 41; + + /* Adjust the chunksize for the base64 conversion. */ + chunksize = (chunksize / 4) * 3; /* Do we have anything pending? */ if (!pending_data.buffer) { err = gpg_error (GPG_ERR_NO_DATA); - error_object (result, "Operation not possible: %s", gpg_strerror (err)); + gpg_error_object (result, err, "Operation not possible: %s", + gpg_strerror (err)); goto leave; } - xjson_AddStringToObject (result, "type", pending_data.type); - xjson_AddBoolToObject (result, "base64", pending_data.base64); + /* We currently always use base64 encoding for simplicity. */ + xjson_AddBoolToObject (result, "base64", 1); if (pending_data.written >= pending_data.length) { @@ -1002,7 +3106,7 @@ op_getmore (cjson_t request, cjson_t result) gpgme_free (pending_data.buffer); pending_data.buffer = NULL; xjson_AddBoolToObject (result, "more", 0); - err = cjson_AddStringToObject (result, "data", ""); + err = cjson_AddStringToObject (result, "response", ""); } else { @@ -1017,21 +3121,16 @@ op_getmore (cjson_t request, cjson_t result) c = pending_data.buffer[pending_data.written + n]; pending_data.buffer[pending_data.written + n] = 0; - if (pending_data.base64) - err = add_base64_to_object (result, "data", - (pending_data.buffer - + pending_data.written), n); - else - err = cjson_AddStringToObject (result, "data", - (pending_data.buffer - + pending_data.written)); + err = add_base64_to_object (result, "response", + (pending_data.buffer + + pending_data.written), n); pending_data.buffer[pending_data.written + n] = c; if (!err) { pending_data.written += n; if (pending_data.written >= pending_data.length) { - gpgme_free (pending_data.buffer); + xfree (pending_data.buffer); pending_data.buffer = NULL; } } @@ -1051,9 +3150,27 @@ static const char hlp_help[] = "operation is not performned but a string with the documentation\n" "returned. To list all operations it is allowed to leave out \"op\" in\n" "help mode. Supported values for \"op\" are:\n\n" + " config Read configuration values.\n" + " config_opt Read a single configuration value.\n" + " decrypt Decrypt data.\n" + " delete Delete a key.\n" " encrypt Encrypt data.\n" - " getmore Retrieve remaining data.\n" - " help Help overview."; + " export Export keys.\n" + " createkey Generate a keypair (OpenPGP only).\n" + " import Import data.\n" + " keylist List keys.\n" + " sign Sign data.\n" + " verify Verify data.\n" + " version Get engine information.\n" + " getmore Retrieve remaining data if chunksize was used.\n" + " help Help overview.\n" + "\n" + "If the data needs to be transferred in smaller chunks the\n" + "property \"chunksize\" with an integer value can be added.\n" + "When \"chunksize\" is set the response (including json) will\n" + "not be larger then \"chunksize\" but might be smaller.\n" + "The chunked result will be transferred in base64 encoded chunks\n" + "using the \"getmore\" operation. See help getmore for more info."; static gpg_error_t op_help (cjson_t request, cjson_t result) { @@ -1090,10 +3207,20 @@ process_request (const char *request) gpg_error_t (*handler)(cjson_t request, cjson_t result); const char * const helpstr; } optbl[] = { - { "encrypt", op_encrypt, hlp_encrypt }, - { "decrypt", op_decrypt, hlp_decrypt }, - { "getmore", op_getmore, hlp_getmore }, - { "help", op_help, hlp_help }, + { "config", op_config, hlp_config }, + { "config_opt", op_config_opt, hlp_config_opt }, + { "encrypt", op_encrypt, hlp_encrypt }, + { "export", op_export, hlp_export }, + { "decrypt", op_decrypt, hlp_decrypt }, + { "delete", op_delete, hlp_delete }, + { "createkey", op_createkey, hlp_createkey }, + { "keylist", op_keylist, hlp_keylist }, + { "import", op_import, hlp_import }, + { "sign", op_sign, hlp_sign }, + { "verify", op_verify, hlp_verify }, + { "version", op_version, hlp_version }, + { "getmore", op_getmore, hlp_getmore }, + { "help", op_help, hlp_help }, { NULL } }; size_t erroff; @@ -1101,8 +3228,9 @@ process_request (const char *request) cjson_t j_tmp, j_op; cjson_t response; int helpmode; + int is_getmore = 0; const char *op; - char *res; + char *res = NULL; int idx; response = xjson_CreateObject (); @@ -1146,7 +3274,7 @@ process_request (const char *request) else { gpg_error_t err; - + is_getmore = optbl[idx].handler == op_getmore; /* If this is not the "getmore" command and we have any * pending data release that data. */ if (pending_data.buffer && optbl[idx].handler != op_getmore) @@ -1163,8 +3291,8 @@ process_request (const char *request) || strcmp (j_tmp->valuestring, "error")) { /* No error type response - provide a generic one. */ - error_object (response, "Operation failed: %s", - gpg_strerror (err)); + gpg_error_object (response, err, "Operation failed: %s", + gpg_strerror (err)); } xjson_AddStringToObject (response, "op", op); @@ -1178,14 +3306,37 @@ process_request (const char *request) } leave: - cJSON_Delete (json); - if (opt_interactive) - res = cJSON_Print (response); + if (is_getmore) + { + /* For getmore we bypass the encode_and_chunk. */ + if (opt_interactive) + res = cJSON_Print (response); + else + res = cJSON_PrintUnformatted (response); + } else - res = cJSON_PrintUnformatted (response); + res = encode_and_chunk (json, response); if (!res) - log_error ("Printing JSON data failed\n"); + { + cjson_t err_obj; + + log_error ("printing JSON data failed\n"); + + err_obj = error_object (NULL, "Printing JSON data failed"); + if (opt_interactive) + res = cJSON_Print (err_obj); + res = cJSON_PrintUnformatted (err_obj); + cJSON_Delete (err_obj); + } + + cJSON_Delete (json); cJSON_Delete (response); + + if (!res) + { + /* Can't happen unless we created a broken error_object above */ + return xtrystrdup ("Bug: Fatal error in process request\n"); + } return res; } @@ -1557,7 +3708,7 @@ native_messaging_repl (void) } /* Read request. */ - request = xtrymalloc (nrequest); + request = xtrymalloc (nrequest + 1); if (!request) { err = gpg_error_from_syserror (); @@ -1582,6 +3733,7 @@ native_messaging_repl (void) } else /* Process request */ { + request[n] = '\0'; /* Ensure that request has an end */ if (opt_debug) log_debug ("request='%s'\n", request); xfree (response); @@ -1620,6 +3772,10 @@ native_messaging_repl (void) log_error ("error writing request: %s\n", gpg_strerror (err)); break; } + xfree (response); + response = NULL; + xfree (request); + request = NULL; } xfree (response); @@ -1684,6 +3840,8 @@ main (int argc, char *argv[]) }; gpgrt_argparse_t pargs = { &argc, &argv}; + int log_file_set = 0; + gpgrt_set_strusage (my_strusage); #ifdef HAVE_SETLOCALE @@ -1720,12 +3878,24 @@ main (int argc, char *argv[]) if (!opt_debug) { + /* Handling is similar to GPGME_DEBUG */ const char *s = getenv ("GPGME_JSON_DEBUG"); + const char *s1; + if (s && atoi (s) > 0) - opt_debug = 1; + { + opt_debug = 1; + s1 = strchr (s, PATHSEP_C); + if (s1 && strlen (s1) > 2) + { + s1++; + log_set_file (s1); + log_file_set = 1; + } + } } - if (opt_debug) + if (opt_debug && !log_file_set) { const char *home = getenv ("HOME"); char *file = xstrconcat ("socket://", |