2007-04-30 Marcus Brinkmann <marcus@g10code.de>

	* src/agent.h (scute_agent_is_trusted): New prototype.  Include <stdbool.h>.
	* src/agent.c (scute_agent_is_trusted): New implementation.
	* src/cert.h (struct cert): New member IS_TRUSTED.
	* src/cert-gpgsm.c (export_cert): Set CERT->is_trusted.
	* src/cert-object.c (scute_attr_cert): Set CKA_TRUSTED to
	CERT->is_trusted.
	* tests/t-getattribute.c: Support new option '--printable'.

ChangeLog

@@ -1,5 +1,13 @@
 2007-04-30  Marcus Brinkmann  <marcus@g10code.de>
 
+	* src/agent.h (scute_agent_is_trusted): New prototype.  Include <stdbool.h>.
+	* src/agent.c (scute_agent_is_trusted): New implementation.
+	* src/cert.h (struct cert): New member IS_TRUSTED.
+	* src/cert-gpgsm.c (export_cert): Set CERT->is_trusted.
+	* src/cert-object.c (scute_attr_cert): Set CKA_TRUSTED to
+	CERT->is_trusted.
+	* tests/t-getattribute.c: Support new option '--printable'.
+
 	* src/table.c (scute_table_dealloc): Return, but not a value.
 
 2007-02-09  Marcus Brinkmann  <marcus@g10code.de>

NEWS

@@ -12,6 +12,8 @@ Noteworthy changes in version 1.1.0 (unreleased)
  * Scute now supports certificates larger than the kernel pipe buffer
    with GPGSM versions later than 2.0.0 (exclusive).
 
+ * Scute now sets the CKA_TRUSTED attribute to something useful.
+
 
 Noteworthy changes in version 1.0.0 (2006-11-11)
 ------------------------------------------------

TODO

@@ -19,6 +19,10 @@
    exporting the information from GPGSM (ISTRUSTED) will not be
    useful.  It's unclear if this can be improved in a meaningful way.
 
+* Could be done better:
+** Search for grip/fingerprint directly instead iterating over all
+   keys with GPGSM?
+
 * Standard ambiguities, or non-conformance in the applications:
 ** If the token is removed, the current sessions are closed.  If then
    a new token is inserted, and the application calls C_OpenSession, a

src/agent.c

@@ -630,6 +630,25 @@ scute_agent_sign (char *grip, unsigned char *data, int len,
   return 0;
 }
 
+
+/* Determine if FPR is trusted.  */
+gpg_error_t scute_agent_is_trusted (char *fpr, bool *is_trusted)
+{
+  gpg_error_t err;
+  bool trusted = false;
+  char cmd[150];
+
+  snprintf (cmd, sizeof (cmd), "ISTRUSTED %s", fpr);
+  err = assuan_transact (agent_ctx, cmd, NULL, NULL, NULL, NULL, NULL, NULL);
+  if (err && gpg_err_code (err) != GPG_ERR_NOT_TRUSTED)
+    return err;
+  else if (!err)
+    trusted = true;
+
+  *is_trusted = trusted;
+  return 0;
+}
+
 
 void
 scute_agent_finalize (void)

src/agent.h

@@ -31,6 +31,7 @@
 #define AGENT_H	1
 
 #include <gpg-error.h>
+#include <stdbool.h>
 
 
 /* The information structure for a smart card.  */
@@ -101,4 +102,7 @@ gpg_error_t scute_agent_sign (char *grip, unsigned char *data, int len,
 			      unsigned char *sig_result,
 			      unsigned int *sig_len);
 
+/* Determine if FPR is trusted.  */
+gpg_error_t scute_agent_is_trusted (char *fpr, bool *is_trusted);
+
 #endif	/* AGENT_H */

src/cert-gpgsm.c

@@ -675,6 +675,9 @@ export_cert (char *fpr, struct cert *cert)
       err = export_cert_compat (fpr, cert);
     }
 
+  if (!err)
+    err = scute_agent_is_trusted (fpr, &cert->is_trusted);
+
   return err;
 }
 

src/cert-object.c

@@ -382,7 +382,7 @@ scute_attr_cert (struct cert *cert,
 			  'L', 'a', 'b', 'e', 'l' };
 
   CK_CERTIFICATE_TYPE obj_cert_type = CKC_X_509;
-  CK_BBOOL obj_trusted = CK_FALSE;
+  CK_BBOOL obj_trusted = cert->is_trusted;
   CK_ULONG obj_cert_cat = 0;
   CK_BYTE obj_check_value[3] = { '\0', '\0', '\0' };
   CK_DATE obj_start_date;

src/cert.h

@@ -84,6 +84,11 @@ struct cert
      a PKCS #11 object.  */
   unsigned char *cert_der;
   int cert_der_len;
+
+  /* If the certificate is trusted or not.  For performance reasons,
+     this is not entered by the search function, but afterwards by the
+     filter before converting it into a PKCS #11 object.  */
+  bool is_trusted;
 };
 
 

tests/t-getattribute.c

@@ -29,34 +29,54 @@
 
 #include <stdio.h>
 #include <stdbool.h>
+#include <ctype.h>
 
 #include "t-support.h"
 
+/* If printable characters should be output "as-is".  */
+bool printable;
+
 CK_RV
 dump_one (CK_ATTRIBUTE_PTR attr, unsigned char *data, int max_size)
 {
-  bool some;
   int i;
+  int col;
 
   if (attr->ulValueLen < 0 || attr->ulValueLen > max_size)
     return CKR_GENERAL_ERROR;
 
-  some = false;
+  col = 0;
   for (i = 0; i < attr->ulValueLen; i++)
     {
-      if (some == false)
+      if (col == 0)
+	printf ("     ");
+
+      if (printable)
 	{
-	  printf ("     ");
-	  some = true;
+	  if (isprint (data[i]))
+	    {
+	      printf ("%c", data[i]);
+	      col++;
+	    }
+	  else
+	    {
+	      printf ("\\x%02x", data[i]);
+	      col += 4;
+	    }
+	}
+      else
+	{
+	  printf ("%02x", data[i]);
+	  col += 2;
 	}
-      printf ("%02x", data[i]);
-      if (((i + 1) % 32) == 0)
+
+      if (col >= 64)
 	{
 	  printf ("\n");
-	  some = false;
+	  col = 0;
 	}
     }
-  if (some)
+  if (col)
     printf ("\n");
 
   return 0;
@@ -508,6 +528,9 @@ main (int argc, char *argv[])
   CK_ULONG slots_count;
   int i;
 
+  if (argc > 1 && !strcmp ("--printable", argv[1]))
+    printable = true;
+    
   init_cryptoki ();
 
   err = C_GetSlotList (true, NULL, &slots_count);