📄 cldappgpkeyserver.cpp
字号:
err = PGPGetKeyDBObjBooleanProperty( sig,
kPGPSigProperty_IsExportable,
&bIsExportable );
ThrowIfPGPError_( err );
err = PGPGetKeyDBObjBooleanProperty( sig,
kPGPSigProperty_IsX509,
&bIsX509 );
ThrowIfPGPError_( err );
if( bIsExportable && !bIsX509 )
{
err = PGPGetKeyDBObjAllocatedDataProperty( sig,
kPGPSigProperty_KeyID,
(void **) &keyidPtr,
&bufSize );
ThrowIfPGPError_( err );
szSignerID[i] = (char *) PGPNewData( mgr,
kPGPMaxKeyIDStringSize,
kPGPMemoryMgrFlags_Clear );
if( IsNull( szSignerID[i] ) )
ThrowPGPError_( kPGPError_OutOfMemory );
err = PGPGetKeyIDString( keyidPtr, kPGPKeyIDString_Full, szSignerID[i] );
ThrowIfPGPError_( err );
(void) PGPFreeData( keyidPtr );
keyidPtr = NULL;
/*
* Netscape Directory Server (and probably other LDAP servers)
* don't like having several identical attribute-value pairs,
* so I need to check szSignerID for duplicates.
*/
for( j = 0; j < i; j++ )
{
if( pgpCompareStringsIgnoreCase( szSignerID[j], szSignerID[i] ) == 0 )
break;
}
if( j == i )
{
/* We made it all the way through without finding a duplicate */
i++;
}
else
{
(void) PGPFreeData( szSignerID[i] );
szSignerID[i] = NULL;
}
}
}
}
err = PGPGetKeyDBObjBooleanProperty( key, kPGPKeyProperty_IsRevoked, &bRevoked );
ThrowIfPGPError_( err );
err = PGPKeyIterRewind( keyIter, kPGPKeyDBObjType_SubKey );
ThrowIfPGPError_( err );
numSubKeys = 0;
while( ( err = PGPKeyIterNextKeyDBObj( keyIter, kPGPKeyDBObjType_SubKey, &subkey ) )
!= kPGPError_EndOfIteration )
{
numSubKeys++;
}
szSubKeyID = (char **) PGPNewData( mgr,
( numSubKeys + 1 ) * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( szSubKeyID ) )
ThrowPGPError_( kPGPError_OutOfMemory );
err = PGPKeyIterRewind( keyIter, kPGPKeyDBObjType_SubKey );
ThrowIfPGPError_( err );
i = 0;
while( ( err = PGPKeyIterNextKeyDBObj( keyIter, kPGPKeyDBObjType_SubKey, &subkey ) )
!= kPGPError_EndOfIteration )
{
err = PGPGetKeyDBObjAllocatedDataProperty( subkey,
kPGPSubKeyProperty_KeyID,
(void **) &keyidPtr,
&bufSize );
ThrowIfPGPError_( err );
szSubKeyID[i] = (char *) PGPNewData( mgr,
kPGPMaxKeyIDStringSize,
kPGPMemoryMgrFlags_Clear );
if( IsNull( szSubKeyID[i] ) )
ThrowPGPError_( kPGPError_OutOfMemory );
err = PGPGetKeyIDString( keyidPtr, kPGPKeyIDString_Full, szSubKeyID[i] );
ThrowIfPGPError_( err );
(void) PGPFreeData( keyidPtr );
keyidPtr = NULL;
/* Check for duplicates */
for( j = 0; j < i; j++ )
{
if( pgpCompareStringsIgnoreCase( szSubKeyID[j], szSubKeyID[i] ) == 0 )
break;
}
if( j == i )
{
/* We made it all the way through without finding a duplicate */
i++;
}
else
{
(void) PGPFreeData( szSubKeyID[i] );
szSubKeyID[i] = NULL;
}
}
if( numSubKeys > 0 )
{
szSubKeySize = (char **) PGPNewData( mgr,
( numSubKeys + 1 ) * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( szSubKeySize ) )
ThrowPGPError_( kPGPError_OutOfMemory );
err = PGPKeyIterRewind( keyIter, kPGPKeyDBObjType_SubKey );
ThrowIfPGPError_( err );
i = 0;
while( ( err = PGPKeyIterNextKeyDBObj( keyIter, kPGPKeyDBObjType_SubKey, &subkey ) )
!= kPGPError_EndOfIteration )
{
err = PGPGetKeyDBObjNumericProperty( subkey,
kPGPSubKeyProperty_Bits,
(PGPInt32 *) &keySize );
ThrowIfPGPError_( err );
szSubKeySize[i] = (char *) PGPNewData( mgr,
kMaxKeySizeStringLength,
kPGPMemoryMgrFlags_Clear );
if( IsNull( szSubKeySize[i] ) )
ThrowPGPError_( kPGPError_OutOfMemory );
sprintf( szSubKeySize[i], "%05i", (int) keySize );
/* Check for duplicates */
for( j = 0; j < i; j++ )
{
if( pgpCompareStringsIgnoreCase( szSubKeySize[j], szSubKeySize[i] ) == 0 )
break;
}
if( j == i )
{
/* We made it all the way through without finding a duplicate */
i++;
}
else
{
(void) PGPFreeData( szSubKeySize[i] );
szSubKeySize[i] = NULL;
}
}
}
else
{
/* Could be an RSA key or something that doesn't have subkeys */
numSubKeys = 1;
szSubKeySize = (char **) PGPNewData( mgr,
2 * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( szSubKeySize ) )
ThrowPGPError_( kPGPError_OutOfMemory );
err = PGPGetKeyDBObjNumericProperty( key,
kPGPKeyProperty_Bits,
(PGPInt32 *) &keySize );
ThrowIfPGPError_( err );
szSubKeySize[0] = (char *) PGPNewData( mgr,
kMaxKeySizeStringLength,
kPGPMemoryMgrFlags_Clear );
if( IsNull( szSubKeySize[i] ) )
ThrowPGPError_( kPGPError_OutOfMemory );
sprintf( szSubKeySize[0], "%05i", (int) keySize );
szSubKeySize[1] = NULL;
}
mod = (PGPldapMod **) PGPNewData( mgr,
sizeof( PGPldapMod * ) * ( kPGPNumberOfAttrs + 1 ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod ) )
ThrowPGPError_( kPGPError_OutOfMemory );
for( i = 0; i < kPGPNumberOfAttrs; i++ )
{
mod[i] = (PGPldapMod *) PGPNewData( mgr,
sizeof( PGPldapMod ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[i] ) )
ThrowPGPError_( kPGPError_OutOfMemory );
}
attrNum = 0;
/* objectclass */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kObjectclassAttr;
mod[attrNum]->value = (char **) PGPNewData( mgr,
2 * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
mod[attrNum]->value[0] = (char *) kPGPKeyObjectClass;
mod[attrNum]->value[1] = NULL;
attrNum++;
/* pgpcertid */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPCertIDAttr;
mod[attrNum]->value = (char **) PGPNewData( mgr,
2 * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
mod[attrNum]->value[0] = szCertID + 2;
mod[attrNum]->value[1] = NULL;
attrNum++;
/* pgpkey */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPKeyAttr;
mod[attrNum]->value = (char **) PGPNewData( mgr,
2 * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
mod[attrNum]->value[0] = exportedKey;
mod[attrNum]->value[1] = NULL;
attrNum++;
/* pgpdisabled */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPDisabledAttr;
mod[attrNum]->value = (char **) PGPNewData( mgr,
2 * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
mod[attrNum]->value[0] = (char *) ( bDisabled ? "1" : "0" );
mod[attrNum]->value[1] = NULL;
attrNum++;
/* pgpkeyid */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPKeyIDAttr;
mod[attrNum]->value = (char **) PGPNewData( mgr,
2 * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
mod[attrNum]->value[0] = szKeyID + 2;
mod[attrNum]->value[1] = NULL;
attrNum++;
/* pgpkeytype */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPKeyTypeAttr;
mod[attrNum]->value = (char **) PGPNewData( mgr,
2 * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
mod[attrNum]->value[0] = szAlgorithm;
mod[attrNum]->value[1] = NULL;
attrNum++;
/* pgpuserid */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPUserIDAttr;
mod[attrNum]->value = (char **) PGPNewData( mgr,
( numUserIDs + 1 ) * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
for( i = 0; IsntNull( szUserID[i] ); i++ )
mod[attrNum]->value[i] = szUserID[i];
mod[attrNum]->value[i] = NULL;
attrNum++;
/* pgpkeycreatetime */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPKeyCreateTime;
mod[attrNum]->value = (char **) PGPNewData( mgr,
2 * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
mod[attrNum]->value[0] = szCreationTime;
mod[attrNum]->value[1] = NULL;
attrNum++;
/* pgpkeyexpiretime */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPKeyExpireTime;
mod[attrNum]->value = (char **) PGPNewData( mgr,
2 * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
mod[attrNum]->value[0] = szExpirationTime;
mod[attrNum]->value[1] = NULL;
attrNum++;
/* pgpsignerid */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPSignerIDAttr;
mod[attrNum]->value = (char **) PGPNewData( mgr,
( numSignatures + 1 ) * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
for( i = 0; IsntNull( szSignerID[i] ); i++ )
mod[attrNum]->value[i] = szSignerID[i] + 2;
mod[attrNum]->value[i] = NULL;
attrNum++;
/* pgprevoked */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPRevokedAttr;
mod[attrNum]->value = (char **) PGPNewData( mgr,
2 * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
mod[attrNum]->value[0] = (char *) ( bRevoked ? "1" : "0" );
mod[attrNum]->value[1] = NULL;
attrNum++;
/* pgpsubkeyid */
if( IsntNull( szSubKeyID[0] ) )
{
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPSubKeyIDAttr;
mod[attrNum]->value = (char **) PGPNewData( mgr,
( numSubKeys + 1 ) * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
for( i = 0; IsntNull( szSubKeyID[i] ); i++ )
mod[attrNum]->value[i] = szSubKeyID[i] + 2;
mod[attrNum]->value[i] = NULL;
attrNum++;
}
/* pgpkeysize */
mod[attrNum]->op = kPGPldapModOp_Add;
mod[attrNum]->type = (char *) kPGPKeySizeAttr;
mod[attrNum]->value = (char **) PGPNewData( mgr,
( numSubKeys + 1 ) * sizeof( char * ),
kPGPMemoryMgrFlags_Clear );
if( IsNull( mod[attrNum]->value ) )
ThrowPGPError_( kPGPError_OutOfMemory );
for( i = 0; IsntNull( szSubKeySize[i] ); i++ )
mod[attrNum]->value[i] = szSubKeySize[i];
mod[attrNum]->value[i] = NULL;
attrNum++;
/* NULL */
while( attrNum < kPGPNumberOfAttrs )
{
if( IsntNull( mod[attrNum] ) )
(void) PGPFreeData( mod[attrNum] );
mod[attrNum++] = NULL;
}
/*
* If the DN already exists, this will have no effect. New
* attributes or values will NOT be added. In order to do this,
* we need to PGPldapModify the item on the server.
*/
err = PGPldapAddSync( mLDAP, dn, mod );
if( err == kPGPError_LDAPAlreadyExists )
{
/*
* It's already there. We need to replace what's already there.
* Note that this will add new attributes and new values to
* existing attributes.
*/
for( i = 0; IsntNull( mod[i] ); i++ )
mod[i]->op = kPGPldapModOp_Replace;
//first and second attributes should be objectclass and pgpcertid.
pgpAssert((0 == strcmp(mod[0]->type, kObjectclassAttr)) &&
(0 == strcmp(mod[1]->type, kPGPCertIDAttr)));
if((0 == strcmp(mod[0]->type, kObjectclassAttr)) &&
(0 == strcmp(mod[1]->type, kPGPCertIDAttr)))
{
//we do not request to replace those 2 attributes of an existing object
//active directory fails with "not allowed on rdn" error for a request
//to replace the second. objectclass attribute replace request is fatal.
//free the attribute related pointers for both of those attributes
for(i=0; i < 2; i++)
{
if(IsntNull(mod[i]->value))
{
(void) PGPFreeData(mod[i]->value);
mod[i]->value=NULL;
}
(void) PGPFreeData(mod[i]);
mod[i]=NULL;
}
//adjust the pointer array, get rid of the first 2 since they are gone
pgpAssert((NULL == mod[0]) && (NULL == mod[1]));
if((NULL == mod[0]) && (NULL == mod[1]))
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -