📄 cldappgpkeyserver.cpp
字号:
(PGPKeyServerRef) this,
kPGPKeyServerState_Querying );
ThrowIfPGPErrorOrLDAPCanceled_( err );
err = PGPNewLDAPMessage( mLDAP, &firstMessage );
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerSearchFailed );
err = PGPldapSearchSync( mLDAP,
mBaseKeySpaceDN,
kPGPldapScope_Subtree,
query,
(char **) pgpKeyAttrs,
FALSE,
firstMessage );
switch( err )
{
case kPGPError_NoErr:
break;
case kPGPError_LDAPInsufficientAccess:
ThrowPGPError_( kPGPError_ServerAuthorizationFailed );
break;
case kPGPError_LDAPSizelimitExceeded:
case kPGPError_LDAPTimelimitExceeded:
partialResults = true;
break;
default:
ThrowPGPError_( kPGPError_ServerSearchFailed );
break;
}
err = pgpEventKeyServer( mContext,
mEventHandler,
mEventHandlerData,
(PGPKeyServerRef) this,
kPGPKeyServerState_ProcessingResults );
ThrowIfPGPErrorOrLDAPCanceled_( err );
err = PGPNewKeyDB( mContext, &foundKeys );
ThrowIfPGPErrorOrLDAPCanceled_( err );
err = PGPldapFirstEntry( mLDAP, firstMessage, ¤tMessage );
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerSearchFailed );
while( PGPldapMessageRefIsValid( currentMessage ) )
{
err = PGPldapGetValuesLen( mLDAP,
currentMessage,
(char *) kPGPKeyAttr,
&berValues );
if( err != kPGPError_LDAPNoSuchAttribute )
{
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerSearchFailed );
for( i = 0; IsntNull( berValues[i] ); i++ )
{
err = PGPImport( mContext,
&singleKeyDB,
PGPOInputBuffer( mContext,
berValues[i]->value,
berValues[i]->length ),
PGPOLastOption( mContext ) );
if( IsPGPError( err ) )
receivedBadKeys = true;
else
{
err = PGPNewKeySet( singleKeyDB, &singleKeySet );
ThrowIfPGPError_( err );
err = PGPCopyKeys( singleKeySet, foundKeys, NULL );
ThrowIfPGPError_( err );
(void) PGPFreeKeySet( singleKeySet );
singleKeySet = kInvalidPGPKeySetRef;
(void) PGPFreeKeyDB( singleKeyDB );
singleKeyDB = kInvalidPGPKeyDBRef;
}
}
(void) PGPFreeLDAPValuesLen( berValues );
berValues = NULL;
}
ThrowIfLDAPCanceled_();
err = PGPldapNextEntry( mLDAP, currentMessage, ¤tMessage );
if( IsPGPError( err ) )
ThrowPGPError_( kPGPError_ServerSearchFailed );
}
if( PGPldapMessageRefIsValid( firstMessage ) )
{
(void) PGPFreeLDAPMessage( firstMessage );
firstMessage = kInvalidPGPldapMessageRef;
}
*outFoundKeys = foundKeys;
if( PGPldapMessageRefIsValid( firstMessage ) )
{
(void) PGPFreeLDAPMessage( firstMessage );
firstMessage = kInvalidPGPldapMessageRef;
}
if( IsntNull( berValues ) )
(void) PGPFreeLDAPValuesLen( berValues );
if( IsntNull( query ) )
(void) PGPFreeData( query );
}
catch( ... )
{
if( PGPKeySetRefIsValid( singleKeySet ) )
(void) PGPFreeKeySet( singleKeySet );
if( PGPKeyDBRefIsValid( singleKeyDB ) )
(void) PGPFreeKeyDB( singleKeyDB );
if( PGPKeyDBRefIsValid( foundKeys ) )
(void) PGPFreeKeyDB( foundKeys );
if( PGPldapMessageRefIsValid( firstMessage ) )
(void) PGPFreeLDAPMessage( firstMessage );
if( IsntNull( berValues ) )
(void) PGPFreeLDAPValuesLen( berValues );
if( IsntNull( query ) )
(void) PGPFreeData( query );
if( mCanceled )
ThrowPGPError_( kPGPError_UserAbort );
else
{
(void) PGPldapGetErrno( mLDAP, NULL, &szError, &ldapResult );
SetErrorString( szError );
throw;
}
}
if( receivedBadKeys )
ThrowPGPError_( kPGPError_ServerBadKeysInSearchResults );
if( partialResults )
ThrowPGPError_( kPGPError_ServerPartialSearchResults );
return;
}
void
CLDAPPGPKeyServer::Upload(
PGPKeyUploadPreference inSendPrivateKeys,
PGPKeySetRef inKeysToUpload,
PGPKeySetRef * outKeysThatFailed)
{
StPreserveSocketsEventHandler preserve(this);
PGPKeyIterRef keyIter = kInvalidPGPKeyIterRef;
PGPKeyListRef keyList = kInvalidPGPKeyListRef;
PGPKeySetRef errorKeySet = kInvalidPGPKeySetRef;
PGPKeyDBObjRef key = kInvalidPGPKeyDBObjRef;
PGPKeyID keyid;
PGPKeyID * keyidPtr = NULL;
char szCertID[kPGPMaxKeyIDStringSize];
char szKeyID[kPGPMaxKeyIDStringSize];
PGPKeyDBObjRef userid = kInvalidPGPKeyDBObjRef;
char * dn = NULL;
PGPldapMod ** mod = NULL;
PGPBoolean exportPrivateKeys = false;
PGPBoolean bDisabled = false;
char * exportedKey = NULL;
PGPInt32 algorithm = 0;
char * szAlgorithm = NULL;
PGPSize numUserIDs = 0;
char ** szUserID = NULL;
PGPInt32 iType = 0;
PGPTime creationPGPTime = 0;
time_t creationTime = 0;
struct tm * time = NULL;
char szCreationTime[128];
PGPTime expirationPGPTime = 0;
time_t expirationTime = 0;
char szExpirationTime[128];
PGPBoolean bIsExportable = false;
PGPBoolean bIsX509 = false;
PGPKeyDBObjRef sig = kInvalidPGPKeyDBObjRef;
PGPSize numSignatures = 0;
char ** szSignerID = NULL;
PGPBoolean bRevoked = false;
PGPKeyDBObjRef subkey = kInvalidPGPKeyDBObjRef;
PGPSize numSubKeys = 0;
char ** szSubKeyID = NULL;
char ** szSubKeySize = NULL;
PGPSize keySize = 0;
PGPSize bufSize = 0;
PGPUInt32 i = 0;
PGPUInt32 j = 0;
PGPUInt32 attrNum = 0;
PGPMemoryMgrRef mgr = kInvalidPGPMemoryMgrRef;
char * szError = NULL;
PGPldapResult ldapResult = kPGPldapResult_Success;
PGPError err = kPGPError_NoErr;
SetErrorString( NULL );
mgr = PGPPeekContextMemoryMgr( mContext );
if( !mIsOpen )
ThrowPGPError_( kPGPError_ServerNotOpen );
if( inSendPrivateKeys == kPGPPrivateKeyAllowed )
exportPrivateKeys = true;
try
{
err = pgpEventKeyServer( mContext,
mEventHandler,
mEventHandlerData,
(PGPKeyServerRef) this,
kPGPKeyServerState_Uploading );
ThrowIfPGPErrorOrLDAPCanceled_( err );
err = PGPNewEmptyKeySet( PGPPeekKeySetKeyDB( inKeysToUpload ), &errorKeySet );
ThrowIfPGPError_( err );
/* Iterate through inKeysToUpload */
err = PGPOrderKeySet( inKeysToUpload, kPGPKeyOrdering_Any, FALSE, &keyList );
ThrowIfPGPError_( err );
err = PGPNewKeyIter( keyList, &keyIter );
ThrowIfPGPError_( err );
while( ( err = PGPKeyIterNextKeyDBObj( keyIter, kPGPKeyDBObjType_Key, &key ) )
== kPGPError_NoErr )
{
/* Upload the key */
err = PGPExport( mContext,
PGPOExportKeyDBObj( mContext, key ),
PGPOExportPrivateKeys( mContext,
exportPrivateKeys ),
PGPOAllocatedOutputBuffer(
mContext,
(void **) &exportedKey,
MAX_PGPSize,
&bufSize ),
PGPOExportFormat( mContext,
mExportFormat ),
PGPOLastOption( mContext ) );
ThrowIfPGPError_( err );
err = PGPGetKeyID( key, &keyid );
ThrowIfPGPError_( err );
err = PGPGetKeyIDString( &keyid, kPGPKeyIDString_Full, szCertID );
ThrowIfPGPError_( err );
err = PGPGetKeyIDString( &keyid, kPGPKeyIDString_Abbreviated, szKeyID );
ThrowIfPGPError_( err );
dn = (char *)PGPNewData( mgr,
strlen( kPGPCertIDAttr ) + sizeof( "=" ) + strlen( szCertID ) +
sizeof( ", " ) + strlen( mBaseKeySpaceDN ) + 1,
kPGPMemoryMgrFlags_Clear );
if( IsNull( dn ) )
ThrowPGPError_( kPGPError_OutOfMemory );
sprintf(dn, "%s=%s, %s", kPGPCertIDAttr, szCertID+2, mBaseKeySpaceDN);
err = PGPGetKeyDBObjBooleanProperty( key, kPGPKeyProperty_IsDisabled, &bDisabled );
ThrowIfPGPError_( err );
err = PGPGetKeyDBObjNumericProperty( key, kPGPKeyProperty_AlgorithmID, &algorithm );
ThrowIfPGPError_( err );
switch( algorithm )
{
case kPGPPublicKeyAlgorithm_RSA:
case kPGPPublicKeyAlgorithm_RSAEncryptOnly:
case kPGPPublicKeyAlgorithm_RSASignOnly:
szAlgorithm = (char *) kPGPAlgorithmString_RSA;
break;
case kPGPPublicKeyAlgorithm_ElGamal:
case kPGPPublicKeyAlgorithm_DSA:
szAlgorithm = (char *) kPGPAlgorithmString_DSSDH;
break;
}
/* Count how many userids we have */
err = PGPKeyIterRewind( keyIter, kPGPKeyDBObjType_UserID );
ThrowIfPGPError_( err );
numUserIDs = 0;
while( ( err = PGPKeyIterNextKeyDBObj( keyIter, kPGPKeyDBObjType_UserID, &userid ) )
!= kPGPError_EndOfIteration )
{
err = PGPGetKeyDBObjNumericProperty( userid,
kPGPUserIDProperty_AttributeType, &iType );
ThrowIfPGPError_( err );
if( iType != kPGPAttribute_Image )
numUserIDs++;
}
szUserID = (char **) PGPNewData( mgr,
( numUserIDs + 1 ) * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( szUserID ) )
ThrowPGPError_( kPGPError_OutOfMemory );
/* Now get the userids */
err = PGPKeyIterRewind( keyIter, kPGPKeyDBObjType_UserID );
ThrowIfPGPError_( err );
for( i = 0; i < numUserIDs; )
{
err = PGPKeyIterNextKeyDBObj( keyIter, kPGPKeyDBObjType_UserID, &userid );
ThrowIfPGPError_( err );
err = PGPGetKeyDBObjNumericProperty( userid,
kPGPUserIDProperty_AttributeType, &iType );
ThrowIfPGPError_( err );
if( iType != kPGPAttribute_Image )
{
err = PGPGetKeyDBObjAllocatedDataProperty( userid,
kPGPUserIDProperty_Name,
(void **) &szUserID[i++],
&bufSize );
ThrowIfPGPError_( err );
}
}
szUserID[i] = NULL;
err = PGPGetKeyDBObjTimeProperty( key,
kPGPKeyProperty_Creation,
&creationPGPTime );
ThrowIfPGPError_( err );
creationTime = PGPGetStdTimeFromPGPTime( creationPGPTime );
time = gmtime( &creationTime );
sprintf( szCreationTime, "%04i%02i%02i%02i%02i%02iZ",
time->tm_year + 1900,
time->tm_mon + 1,
time->tm_mday,
time->tm_hour,
time->tm_min,
time->tm_sec );
err = PGPGetKeyDBObjTimeProperty( key,
kPGPKeyProperty_Expiration,
&expirationPGPTime );
ThrowIfPGPError_( err );
expirationTime = PGPGetStdTimeFromPGPTime( expirationPGPTime );
time = gmtime( &expirationTime );
sprintf( szExpirationTime, "%04i%02i%02i%02i%02i%02iZ",
time->tm_year + 1900,
time->tm_mon + 1,
time->tm_mday,
time->tm_hour,
time->tm_min,
time->tm_sec );
err = PGPKeyIterRewind( keyIter, kPGPKeyDBObjType_UserID );
ThrowIfPGPError_( err );
numSignatures = 0;
while( ( err = PGPKeyIterNextKeyDBObj( keyIter, kPGPKeyDBObjType_UserID, &userid ) )
!= kPGPError_EndOfIteration )
{
err = PGPKeyIterRewind( keyIter, kPGPKeyDBObjType_Signature );
ThrowIfPGPError_( err );
while( ( err = PGPKeyIterNextKeyDBObj( keyIter, kPGPKeyDBObjType_Signature, &sig ) )
!= kPGPError_EndOfIteration )
{
err = PGPGetKeyDBObjBooleanProperty( sig,
kPGPSigProperty_IsExportable,
&bIsExportable );
ThrowIfPGPError_( err );
if( bIsExportable )
numSignatures++;
}
}
szSignerID = (char **) PGPNewData( mgr,
( numSignatures + 1 ) * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( szSignerID ) )
ThrowPGPError_( kPGPError_OutOfMemory );
err = PGPKeyIterRewind( keyIter, kPGPKeyDBObjType_UserID );
ThrowIfPGPError_( err );
i = 0;
while( ( err = PGPKeyIterNextKeyDBObj( keyIter, kPGPKeyDBObjType_UserID, &userid ) )
!= kPGPError_EndOfIteration )
{
err = PGPKeyIterRewind( keyIter, kPGPKeyDBObjType_Signature );
ThrowIfPGPError_( err );
while( ( err = PGPKeyIterNextKeyDBObj( keyIter, kPGPKeyDBObjType_Signature, &sig ) )
!= kPGPError_EndOfIteration )
{
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -