[rs-commit] r74 - in /redwax-signtext/trunk/src/linux: crypto.c signtext.h

[rs-commit at redwax.eu]

Author: minfrin at redwax.eu
Date: Tue Sep 20 16:03:16 2022
New Revision: 74

Log:
Use emailProtections certificates for signing. Add a summary indicating the
number of certificates we found, without giving away any personal information
to the logs.

Modified:
    redwax-signtext/trunk/src/linux/crypto.c
    redwax-signtext/trunk/src/linux/signtext.h

Modified: redwax-signtext/trunk/src/linux/crypto.c
==============================================================================
--- redwax-signtext/trunk/src/linux/crypto.c	(original)
+++ redwax-signtext/trunk/src/linux/crypto.c	Tue Sep 20 16:03:16 2022
@@ -35,7 +35,9 @@
   size_t rder_len;
   gpg_error_t err;
 
+#if 0
   g_printerr("crypto_instance_append_ca: %s\n", ca);
+#endif
 
   err = ksba_dn_str2der(ca, &rder, &rder_len);
   if (err) {
@@ -74,7 +76,9 @@
 
   g_assert(GCR_IS_PKCS11_CERTIFICATE(obj));
 
+#if 0
   g_printerr("crypto_filter_match\n");
+#endif
 
   chain = g_object_get_data(G_OBJECT (obj), "chain");
 
@@ -102,8 +106,6 @@
     }
   }
 
-  g_printerr("crypto_filter_match: len %d\n", g_list_length(instance->cas));
-
   if (instance->cas && g_list_length(instance->cas)) {
 
     int i, len;
@@ -120,8 +122,9 @@
 
       certificate = gcr_certificate_chain_get_certificate(chain, i);
 
-//  g_printerr("crypto_filter_match: consider cert issuer %s\n", gcr_certificate_get_issuer_dn(certificate));
-
+#if 0
+      g_printerr("crypto_filter_match: consider cert issuer %s\n", gcr_certificate_get_issuer_dn(certificate));
+#endif
 
       der = gcr_certificate_get_issuer_raw(certificate, &der_len);
       dn = g_bytes_new_with_free_func(der, der_len, (GDestroyNotify)g_free, der);
@@ -211,6 +214,8 @@
     goto fatal;
   }
 
+  signtext->chains_len++;
+
   certificate = gcr_certificate_chain_get_endpoint(chain);
 
   g_object_set_data_full(G_OBJECT(certificate), "chain",
@@ -222,6 +227,7 @@
   switch (status) {
   case GCR_CERTIFICATE_CHAIN_ANCHORED:
     g_printerr("crypto_chain_done: anchored\n");
+    signtext->anchored_len++;
     break;
   default:
     g_printerr("crypto_chain_done: not anchored\n");
@@ -260,6 +266,8 @@
     g_object_unref(signtext->incoming);
     signtext->incoming = gcr_simple_collection_new();
 
+    g_printerr("Summary: We scanned %d modules, in which we found %d slots with tokens, containing %d certificates, of which %u certificates had emailProtection, and %u certificates were anchored correctly.\n", signtext->modules_len, signtext->slots_len, signtext->certificates_len, signtext->chains_len, signtext->anchored_len);
+
     g_timeout_add_seconds(2, crypto_slots_do, signtext);
   }
 
@@ -286,7 +294,7 @@
 
   gcr_certificate_chain_add (chain, current->data);
 
-  gcr_certificate_chain_build_async(chain, GCR_PURPOSE_CLIENT_AUTH, NULL, GCR_CERTIFICATE_CHAIN_NONE, signtext->cancellable, crypto_chain_done, signtext);
+  gcr_certificate_chain_build_async(chain, GCR_PURPOSE_EMAIL, NULL, GCR_CERTIFICATE_CHAIN_NONE, signtext->cancellable, crypto_chain_done, signtext);
 
   g_list_free(incoming);
 
@@ -426,6 +434,8 @@
     signtext->slots_len = slots_len;
     signtext->certificates_len = 0;
     signtext->incoming_len = 0;
+    signtext->chains_len = 0;
+    signtext->anchored_len = 0;
 
     return FALSE;
   }

Modified: redwax-signtext/trunk/src/linux/signtext.h
==============================================================================
--- redwax-signtext/trunk/src/linux/signtext.h	(original)
+++ redwax-signtext/trunk/src/linux/signtext.h	Tue Sep 20 16:03:16 2022
@@ -63,6 +63,8 @@
   guint slots_len;
   guint certificates_len;
   guint incoming_len;
+  guint chains_len;
+  guint anchored_len;
 } SignTextData;
 
 typedef struct SignTextToken SignTextToken;