📄 pkmisc.c
字号:
// create the new keyset to collect the meta-introducer keys
err = PGPNewKeySet (g_Context, &keysetMeta); CKERR;
// now we'll iterate the entire keyset
err = PGPOrderKeySet (keysetMain, kPGPAnyOrdering, &keylist); CKERR;
err = PGPNewKeyIter (keylist, &keyiter); CKERR;
while (IsntPGPError (PGPKeyIterNext (keyiter, &key)) &&
PGPKeyRefIsValid (key))
{
PGPBoolean bDisabled;
PGPBoolean bExpired;
PGPBoolean bRevoked;
PGPBoolean bMetaIntroducer;
PGPValidity validity;
PGPUserIDRef userid;
PGPSigRef sig;
bMetaIntroducer = FALSE;
// we'll exclude expired, revoked, disabled and invalid keys
PGPGetKeyBoolean (key, kPGPKeyPropIsExpired, &bExpired);
PGPGetKeyBoolean (key, kPGPKeyPropIsRevoked, &bRevoked);
PGPGetKeyBoolean (key, kPGPKeyPropIsDisabled, &bDisabled);
PGPGetPrimaryUserIDValidity (key, &validity);
if (!bDisabled && !bExpired && !bRevoked &&
(validity >= validityThreshold))
{
while (IsntPGPError (PGPKeyIterNextUserID (keyiter, &userid)) &&
PGPUserIDRefIsValid (userid) &&
!bMetaIntroducer)
{
while (IsntPGPError (PGPKeyIterNextUIDSig (keyiter, &sig)) &&
PGPSigRefIsValid (sig) &&
!bMetaIntroducer)
{
PGPBoolean bExportable;
PGPUInt32 uTrustLevel;
PGPGetSigBoolean (sig,
kPGPSigPropIsRevoked, &bRevoked);
PGPGetSigBoolean (sig,
kPGPSigPropIsExportable, &bExportable);
PGPGetSigNumber (sig,
kPGPSigPropTrustLevel, &uTrustLevel);
if (!bRevoked && !bExportable && (uTrustLevel == 2))
bMetaIntroducer = TRUE;
}
}
// this is a meta introducer, add it to our growing collection
if (bMetaIntroducer)
{
err = PGPNewSingletonKeySet (key, &keysetSingle); CKERR;
err = PGPAddKeys (keysetSingle, keysetMeta); CKERR;
PGPFreeKeySet (keysetSingle);
keysetSingle = kInvalidPGPKeySetRef;
}
}
}
// return keyset
*pkeysetMeta = keysetMeta;
keysetMeta = kInvalidPGPKeySetRef;
done :
if (PGPKeySetRefIsValid (keysetMeta))
PGPFreeKeySet (keysetMeta);
if (PGPKeySetRefIsValid (keysetSingle))
PGPFreeKeySet (keysetSingle);
if (PGPKeyIterRefIsValid (keyiter))
PGPFreeKeyIter (keyiter);
if (PGPKeyListRefIsValid (keylist))
PGPFreeKeyList (keylist);
return err;
}
// ____________________________________
//
// find keys signed by specified key and update them from keyserver
static PGPError
sFindAndUpdateKeysIntroducedBy (
HWND hwnd,
PGPKeyRef key,
PGPKeySetRef keysetMain,
PGPKeySetRef keysetSigned)
{
PGPError err = kPGPError_NoErr;
PGPFilterRef filter = kInvalidPGPFilterRef;
PGPKeyListRef keylist = kInvalidPGPKeyListRef;
PGPKeyIterRef keyiter = kInvalidPGPKeyIterRef;
PGPKeySetRef keysetFound = kInvalidPGPKeySetRef;
PGPKeySetRef keysetSingle = kInvalidPGPKeySetRef;
PGPKeyID keyidMeta;
// get the keyid of this meta introducer key
err = PGPGetKeyIDFromKey (key, &keyidMeta); CKERR;
// create a filter to find keys signed by this key
err = PGPNewSigKeyIDFilter (g_Context, &keyidMeta, &filter); CKERR;
// go out and search the root keyserver with this filter
err = PGPclSearchServerWithFilter (g_Context, g_TLSContext,
hwnd, filter, PGPCL_ROOTSERVER,
keysetMain, &keysetFound); CKERR;
if (!PGPKeySetRefIsValid (keysetFound))
goto done;
// we found some keys signed by the meta introducer, now iterate them
err = PGPOrderKeySet (keysetFound, kPGPAnyOrdering, &keylist); CKERR;
err = PGPNewKeyIter (keylist, &keyiter); CKERR;
while ( IsntPGPError (PGPKeyIterNext (keyiter, &key)) &&
PGPKeyRefIsValid (key))
{
PGPBoolean bSignedByMeta = FALSE;
PGPUserIDRef userid;
PGPSigRef sig;
PGPBoolean bExportable;
PGPUInt32 uTrustLevel;
PGPKeyID keyidSigner;
while ( IsntPGPError (PGPKeyIterNextUserID (keyiter, &userid)) &&
PGPUserIDRefIsValid (userid) &&
!bSignedByMeta)
{
while ( IsntPGPError (PGPKeyIterNextUIDSig (keyiter, &sig)) &&
PGPSigRefIsValid (sig) &&
!bSignedByMeta)
{
err = PGPGetKeyIDOfCertifier (sig, &keyidSigner); CKERR;
err = PGPGetSigBoolean (sig,
kPGPSigPropIsExportable, &bExportable); CKERR;
err =PGPGetSigNumber (sig,
kPGPSigPropTrustLevel, &uTrustLevel); CKERR;
// check if this cert was created by meta introducer
// and if it has the appropriate properties
if (bExportable && (uTrustLevel == 1)) {
if (PGPCompareKeyIDs (&keyidMeta, &keyidSigner) == 0)
bSignedByMeta = TRUE;
}
}
}
// this key is one that we're looking for, add it to keyset
if (bSignedByMeta) {
err = PGPNewSingletonKeySet (key, &keysetSingle); CKERR;
err = PGPAddKeys (keysetSingle, keysetSigned); CKERR;
PGPFreeKeySet (keysetSingle);
keysetSingle = kInvalidPGPKeySetRef;
}
}
done:
if (PGPKeySetRefIsValid (keysetSingle))
PGPFreeKeySet (keysetSingle);
if (PGPKeySetRefIsValid (keysetFound))
PGPFreeKeySet (keysetFound);
if (PGPKeyListRefIsValid (keylist))
PGPFreeKeyList (keylist);
if (PGPKeyIterRefIsValid (keyiter))
PGPFreeKeyIter (keyiter);
if (PGPFilterRefIsValid (filter))
PGPFreeFilter (filter);
return err;
}
// ____________________________________
//
// Auto update trusted introducers in keyring
BOOL
PKAutoUpdateIntroducers (
HWND hwnd,
PGPKeySetRef keysetMain,
BOOL bForce)
{
PGPError err = kPGPError_NoErr;
PGPKeySetRef keysetMeta = kInvalidPGPKeySetRef;
PGPKeySetRef keysetUpdatedMeta = kInvalidPGPKeySetRef;
PGPKeySetRef keysetSigned = kInvalidPGPKeySetRef;
PGPKeyListRef keylist = kInvalidPGPKeyListRef;
PGPKeyIterRef keyiter = kInvalidPGPKeyIterRef;
BOOL bImported = FALSE;
PGPKeyRef key;
PGPInt32 iNumKeys;
HCURSOR hcursorOld;
// get meta introducers from main keyset
err = sGetMetaIntroducers (keysetMain, &keysetMeta); CKERR;
// if we have some, update them from root keyserver
PGPCountKeys (keysetMeta, &iNumKeys);
if (iNumKeys > 0)
{
err = PGPclUpdateKeySetFromServer (g_Context, g_TLSContext, hwnd,
keysetMeta, PGPCL_ROOTSERVER, keysetMain,
&keysetUpdatedMeta); CKERR;
}
// if we found keys on keyserver, add them to our main keyset
if (PGPRefIsValid (keysetUpdatedMeta)) {
hcursorOld = SetCursor (LoadCursor (NULL, IDC_WAIT));
err = PGPAddKeys (keysetUpdatedMeta, keysetMain);
if (IsntPGPError (err))
{
bImported = TRUE;
err = PKCommitKeyRingChanges (keysetMain, TRUE);
}
SetCursor (hcursorOld);
CKERR;
}
// create new keyset to collect keys signed by the meta introducers
err = PGPNewKeySet (g_Context, &keysetSigned); CKERR;
// now prepare to iterate through the meta introducers
err = PGPOrderKeySet (keysetMeta, kPGPAnyOrdering, &keylist); CKERR;
err = PGPNewKeyIter (keylist, &keyiter); CKERR;
while ( IsntPGPError (PGPKeyIterNext (keyiter, &key)) &&
PGPKeyRefIsValid (key))
{
// go look for keys signed by this meta introducer
err = sFindAndUpdateKeysIntroducedBy (
hwnd, key, keysetMain, keysetSigned); CKERR;
}
CKERR;
// now add the updated signed keys to our main keyset
if (bForce)
{
hcursorOld = SetCursor (LoadCursor (NULL, IDC_WAIT));
err = PGPAddKeys (keysetSigned, keysetMain);
if (IsntPGPError (err)) {
bImported = TRUE;
err = PKCommitKeyRingChanges (keysetMain, TRUE);
}
SetCursor (hcursorOld);
}
else
{
PGPCountKeys (keysetSigned, &iNumKeys);
if (iNumKeys > 0)
{
err = PGPclQueryAddKeys (g_Context,
g_TLSContext,
hwnd,
keysetSigned,
keysetMain);
if (IsntPGPError (err)) {
bImported = TRUE;
err = PKCommitKeyRingChanges (keysetMain, TRUE);
}
}
else
{
PKMessageBox (hwnd, IDS_AUTOUPDATECAPTION,
IDS_NONEWTRUSTEDINTROS, MB_OK|MB_ICONEXCLAMATION);
}
}
done:
if (PGPKeyListRefIsValid (keylist))
PGPFreeKeyList (keylist);
if (PGPKeyIterRefIsValid (keyiter))
PGPFreeKeyIter (keyiter);
if (PGPKeySetRefIsValid (keysetUpdatedMeta))
PGPFreeKeySet (keysetUpdatedMeta);
if (PGPKeySetRefIsValid (keysetMeta))
PGPFreeKeySet (keysetMeta);
if (PGPKeySetRefIsValid (keysetSigned))
PGPFreeKeySet (keysetSigned);
PGPclErrorBox (hwnd, err);
return bImported;
}
// ____________________________________
//
// Ask CA for any new CRLs
BOOL
PKUpdateCARevocations (
HWND hwnd,
HKEYMAN hKM,
PGPKeySetRef keysetMain)
{
PGPError err = kPGPError_NoErr;
PGPInt32 iNumKeys = 0;
BOOL bImported = FALSE;
err = PGPclGetCertificateRevocationsFromServer (
g_Context,
g_TLSContext,
hwnd,
keysetMain);
if (err == kPGPError_Win32_NoNewCRL)
{
PKMessageBox (hwnd, IDS_CAPTION, IDS_NONEWCRLS,
MB_OK|MB_ICONINFORMATION);
}
else if (!PGPclErrorBox (hwnd, err))
{
PKCommitKeyRingChanges (keysetMain, TRUE);
PGPkmReLoadKeySet (hKM, FALSE);
}
return bImported;
}
// __________________________________________________________
//
// Schedule the next CRL update
PGPError
PKScheduleNextCRLUpdate (
PGPContextRef context,
PGPKeySetRef keysetMain)
{
PGPError err = kPGPError_NoErr;
#if PGP_BUSINESS_SECURITY
PGPPrefRef prefrefAdmin = kInvalidPGPPrefRef;
PGPPrefRef prefrefClient = kInvalidPGPPrefRef;
PGPKeyRef keyRootCA;
PGPSigRef sigRootCA;
PGPBoolean bAutoUpdate;
PGPBoolean bHasCRL;
PGPUInt32 uNextUpdate;
err = PGPclOpenAdminPrefs (PGPGetContextMemoryMgr (context),
&prefrefAdmin, PGPclIsAdminInstall()); CKERR;
err = PGPGetPrefBoolean (prefrefAdmin,
kPGPPrefAutoUpdateX509CRL, &bAutoUpdate); CKERR;
if (bAutoUpdate)
{
err = PGPclOpenClientPrefs (PGPGetContextMemoryMgr (context),
&prefrefClient); CKERR;
err = PGPclGetRootCACertPrefs (context, prefrefClient, keysetMain,
&keyRootCA, &sigRootCA); CKERR;
err = PGPGetKeyBoolean (
keyRootCA, kPGPKeyPropHasCRL, &bHasCRL); CKERR;
if (bHasCRL)
{
err = PGPGetKeyTime (keyRootCA,
kPGPKeyPropCRLNextUpdate, &uNextUpdate); CKERR;
PGPSetPrefNumber (prefrefClient,
kPGPPrefNextAutoCRLUpdate,
uNextUpdate);
}
CKERR;
}
done:
if (PGPPrefRefIsValid (prefrefClient))
PGPclCloseClientPrefs (prefrefClient, TRUE);
if (PGPPrefRefIsValid (prefrefAdmin))
PGPclCloseAdminPrefs (prefrefAdmin, FALSE);
#endif // PGP_BUSINESS_SECURITY
return err;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -