Enabled the OpenPGP key retrieval callback function (untested yet).

6 files changed, 39 insertions, 140 deletions

diff --git a/NEWS b/NEWS
index ebb0bb504a..4f2dea7528 100644
--- a/NEWS
+++ b/NEWS
@@ -5,10 +5,12 @@ Version 0.5.12
 - Added the certificate authenticated SRP cipher suites.
 - gnutls_x509_extract_certificate_dn_string() was updated to return
   an RFC2253 conforming string.
-- Added the functions:
+- Added the SRP related functions:
    gnutls_srp_verifier()
    gnutls_srp_base64_encode()
    gnutls_srp_base64_decode()
+- Added the function gnutls_openpgp_set_recv_key_function()
+  which can be used to set a callback, to get OpenPGP keys.
 
 Version 0.5.11 (5/11/2002)
 - Some fixes in 'gnutls-cli' client program to prevent some segmentation 
diff --git a/doc/tex/ex-pgp-keyserver.tex b/doc/tex/ex-pgp-keyserver.tex
index abcaae8b66..4d55e36699 100644
--- a/doc/tex/ex-pgp-keyserver.tex
+++ b/doc/tex/ex-pgp-keyserver.tex
@@ -24,15 +24,9 @@ int
 recv_openpgp_key(const unsigned char *keyfpr, unsigned int
                  keyfpr_length, gnutls_datum * key)
 {
-   CDK_STREAM buf = NULL;
-   struct hostent *hp;
-   struct sockaddr_in sock;
-   char *request = NULL;
-   char buffer[4096];
-   int fd = -1;
-   int rc = -1, state = 0, nread = 0;
-   size_t nbytes = 0, n = 0;
    const unsigned char *keyid;
+   int rc;
+   CDK_KBNODE knode = NULL;
 
    /* The key fingerprint should be 20 bytes
     */
@@ -47,88 +41,17 @@ recv_openpgp_key(const unsigned char *keyfpr, unsigned int
       return -1;
    }
 
-   /* Connect to the key server 
-    */
-   hp = gethostbyname(hostname);
-   if (hp == NULL)
-      return -1;
-
-   memset(&sock, 0, sizeof sock);
-   memcpy(&sock.sin_addr, hp->h_addr, hp->h_length);
-   sock.sin_family = hp->h_addrtype;
-   sock.sin_port = htons(port);
-
-   fd = socket(AF_INET, SOCK_STREAM, 0);
-   if (fd == -1)
-      return -1;
-
-   setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *) 1, 1);
-   if (connect(fd, (struct sockaddr *) &sock, sizeof sock) == -1) {
-      close(fd);
-      return -1;
-   }
-
-   n = strlen(hostname) + 100;
-   request = cdk_calloc(1, n + 1);
-   if (!request) {
-      close(fd);
-      return -1;
-   }
-   snprintf(request, n,
-            "GET /pks/lookup?op=get&search=0x%08lX HTTP/1.0\r\n"
-            "Host: %s:%d\r\n\r\n", *((unsigned int *) keyid), host, port);
-
-   if (write(fd, request, strlen(request)) == -1) {
-      cdk_free(request);
-      close(fd);
-      return -1;
-   }
-   cdk_free(request);
-
-   buf = cdk_stream_tmp();
-   if (!buf) {
-      rc = -1;
-      goto leave;
-   }
-
-   while ((n = read(fd, buffer, sizeof buffer - 1)) > 0) {
-      buffer[n] = '\0';
-      nbytes += n;
-      cdk_stream_write(buf, buffer, n);
-      if (strstr(buffer, "<pre>") || strstr(buffer, "</pre>"))
-         state++;
-   }
-
-   if (state != 2) {
-      rc = -1;
-      goto leave;
-   }
-
-   key->data = NULL;
-   key->size = 0;
-
-   cdk_stream_set_armor_flag(buf, 0);
-   cdk_stream_seek(buf, 0);
-   while (!cdk_stream_eof(buf)) {
-      nread = cdk_stream_read(buf, buf, sizeof buf - 1);
-      if (nread == EOF)
-         break;
-      key->data = realloc(key->data, key->size + nread);
-      if (key->data == NULL) {
-         rc = -1;
-         goto leave;
-      }
-
-      memcpy(&key->data[key->size], buf, nread);
-      key->size += nread;
+   rc = cdk_keyserver_recv_key( hostname, port, keyid, &knode );
+   if( !rc ) {
+       unsigned char *buf = cdk_calloc( 1, 20001 );
+       size_t len = 20000;
+       cdk_kbnode_write_to_mem( knode, buf, &len);
+       datum_append( key, buf, len );
+       cdk_free( buf );
    }
+   cdk_kbnode_release( knode );
+   return map_cdk_rc( rc );
 
-   rc = 0;
-
- leave:
-   cdk_stream_close(buf);
-   close(fd);
-   return rc;
 }
 
 
diff --git a/lib/auth_cert.c b/lib/auth_cert.c
index 5c5774336f..6c3845d201 100644
--- a/lib/auth_cert.c
+++ b/lib/auth_cert.c
@@ -866,7 +866,7 @@ int _gnutls_proc_openpgp_server_certificate(gnutls_session session,
 			gnutls_assert();
 			return GNUTLS_E_INIT_LIBEXTRA;
 		}
-		if ( (ret=_E_gnutls_openpgp_request_key( &akey, cred, p, 20)) < 0) {
+		if ( (ret=_E_gnutls_openpgp_request_key( session, &akey, cred, p, 20)) < 0) {
 			gnutls_assert();
 			return ret;
 		}
diff --git a/libextra/gnutls_extra.h b/libextra/gnutls_extra.h
index e1f6d67bdc..51676ed806 100644
--- a/libextra/gnutls_extra.h
+++ b/libextra/gnutls_extra.h
@@ -4,6 +4,7 @@ typedef int (*OPENPGP_VERIFY_KEY_FUNC)( const char *,
 	const gnutls_datum *, const gnutls_datum*, int);
 typedef time_t (*OPENPGP_KEY_CREATION_TIME_FUNC)( const gnutls_datum*);
 typedef time_t (*OPENPGP_KEY_EXPIRATION_TIME_FUNC)( const gnutls_datum*);
-typedef int (*OPENPGP_KEY_REQUEST)(gnutls_datum*, const gnutls_certificate_credentials, opaque*,int);
+typedef int (*OPENPGP_KEY_REQUEST)(gnutls_session, gnutls_datum*, 
+	const gnutls_certificate_credentials, opaque*,int);
 typedef int (*OPENPGP_FINGERPRINT)(const gnutls_datum*, unsigned char*, size_t*);
 typedef int (*OPENPGP_CERT2GNUTLS_CERT)(gnutls_cert*, gnutls_datum);
diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c
index 9ac0ac9385..91e2015237 100644
--- a/libextra/gnutls_openpgp.c
+++ b/libextra/gnutls_openpgp.c
@@ -1,5 +1,5 @@
 /*
- *      Copyright (C) 2002 Timo Schulz <twoaday@freakmail.de>
+ * Copyright (C) 2002 Timo Schulz <twoaday@freakmail.de>
  *
  * This file is part of GNUTLS.
  *
@@ -300,12 +300,12 @@ openpgp_pk_to_gnutls_cert( gnutls_cert *cert, cdkPKT_public_key *pk )
     cert->cert_type = GNUTLS_CRT_OPENPGP;
 
     if( is_DSA(pk->pubkey_algo) || pk->pubkey_algo == GCRY_PK_RSA_S )
-        cert->keyUsage = GNUTLS_X509KEY_DIGITAL_SIGNATURE;
+        cert->keyUsage = KEY_DIGITAL_SIGNATURE;
     else if( pk->pubkey_algo == GCRY_PK_RSA_E )
-        cert->keyUsage = GNUTLS_X509KEY_ENCIPHER_ONLY;
+        cert->keyUsage = KEY_ENCIPHER_ONLY;
     else if( pk->pubkey_algo == GCRY_PK_RSA )
-        cert->keyUsage = GNUTLS_X509KEY_DIGITAL_SIGNATURE
-            | GNUTLS_X509KEY_ENCIPHER_ONLY;
+        cert->keyUsage = KEY_DIGITAL_SIGNATURE
+            | KEY_ENCIPHER_ONLY;
 
     cert->params_size = cdk_pk_get_npkey( pk->pubkey_algo );
     for( i = 0; i < cert->params_size; i++ ) {
@@ -1377,36 +1377,6 @@ gnutls_certificate_set_openpgp_keyring_mem( gnutls_certificate_credentials c,
     return rc;
 }
 
-
-/*-
- * gnutls_openpgp_recv_key - Receives a key from a HKP keyserver.
- * @host - the hostname of the keyserver.
- * @port - the service port (if not set use 11371).
- * @keyid - The 32-bit keyID (rightmost bits keyid[1])
- * @key - Context to store the raw (dearmored) key.
- *
- * Try to connect to a public keyserver to get the specified key.
- -*/
-int
-gnutls_openpgp_recv_key(const char *host, short port, uint32 keyid,
-                        gnutls_datum *key)
-{
-    int rc;
-    CDK_KBNODE knode = NULL;
-    
-    rc = cdk_keyserver_recv_key( host, port, &keyid, &knode );
-    if( !rc ) {
-        unsigned char *buf = cdk_calloc( 1, 20001 );
-        size_t len = 20000;
-        cdk_kbnode_write_to_mem( knode, buf, &len);
-        datum_append( key, buf, len );
-        cdk_free( buf );
-    }
-    cdk_kbnode_release( knode );
-    return map_cdk_rc( rc );
-}
-
-
 /*-
  * _gnutls_openpgp_request_key - Receives a key from a database, key server etc
  * @ret - a pointer to gnutls_datum structure.
@@ -1419,12 +1389,11 @@ gnutls_openpgp_recv_key(const char *host, short port, uint32 keyid,
  *
  -*/
 int
-_gnutls_openpgp_request_key( gnutls_datum* ret, 
+_gnutls_openpgp_request_key( gnutls_session session, gnutls_datum* ret, 
                              const gnutls_certificate_credentials cred,
                              opaque* key_fpr,
                              int key_fpr_size)
 {
-    uint32 keyid;
     int rc = 0;
 
     if( !ret || !cred || !key_fpr ) {
@@ -1436,18 +1405,21 @@ _gnutls_openpgp_request_key( gnutls_datum* ret,
         return GNUTLS_E_HASH_FAILED; /* only MD5 and SHA1 are supported */
   
     rc = gnutls_openpgp_get_key( ret, &cred->keyring, KEY_ATTR_FPR, key_fpr );
-    if( rc >= 0 )
+    if( rc >= 0 ) /* key was found */
         return rc;
+    else rc = GNUTLS_E_OPENPGP_GETKEY_FAILED;
 
-    keyid = buftou32( key_fpr + (key_fpr_size - 4) );
-
-    /* fixme: we should use the internal callback. */
-    rc = gnutls_openpgp_recv_key( cred->pgp_key_server,
-                                  cred->pgp_key_server_port,
-                                  keyid, ret );
-
-    if( rc == GNUTLS_E_INVALID_REQUEST )
-    	return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+    /* If the callback function was set, then try this one.
+     */
+    if (session->internals.openpgp_recv_key_func != NULL) {
+	rc = session->internals.openpgp_recv_key_func( session, 
+		key_fpr, key_fpr_size, ret);
+	
+	if (rc < 0) {
+		gnutls_assert();
+		return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+	}
+    }
 
     return rc;
 }
@@ -1645,7 +1617,7 @@ xml_add_key( gnutls_string *xmlkey, int ext, cdkPKT_public_key *pk, int sub )
         return rc;
 
     if( pk->expiredate > 0 ) {
-        sprintf( tmp, "%lu", pk->expiredate );
+        sprintf( tmp, "%lu", (unsigned long)pk->expiredate );
         rc = xml_add_tag( xmlkey, "EXPIREDATE", tmp );
 	if( rc )
             return rc;
@@ -2035,7 +2007,7 @@ gnutls_certificate_set_openpgp_keyring_mem( gnutls_certificate_credentials c,
 }
 
 int
-_gnutls_openpgp_request_key( gnutls_datum* ret,
+_gnutls_openpgp_request_key( gnutls_session session, gnutls_datum* ret,
                              const gnutls_certificate_credentials cred,
                              opaque* key_fpr,
                              int key_fpr_size )
diff --git a/libextra/gnutls_openpgp.h b/libextra/gnutls_openpgp.h
index 2128136ec5..4260cb9411 100644
--- a/libextra/gnutls_openpgp.h
+++ b/libextra/gnutls_openpgp.h
@@ -97,6 +97,7 @@ int _gnutls_openpgp_cert2gnutls_cert(
 
 int
 _gnutls_openpgp_request_key(
+    gnutls_session,
     gnutls_datum* ret, 
     const gnutls_certificate_credentials cred,
     opaque* key_fpr,