trunk/Src/wptKeyserver.cpp

/* wptKeyserver.cpp - W32 Keyserver Access
 *      Copyright (C) 2000-2009 Timo Schulz
 *      Copyright (C) 2001 Marco Cunha
 *
 * This file is part of WinPT.
 *
 * WinPT is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License 
 * as published by the Free Software Foundation; either version 2 
 * of the License, or (at your option) any later version.
 *  
 * WinPT is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <windows.h>
#include <shlobj.h>
#include <stdio.h>
#include <sys/stat.h>
#include <ctype.h>

#include "wptGPG.h"
#include "wptKeyserver.h"
#include "wptErrors.h"
#include "wptTypes.h"
#include "wptNLS.h"
#include "wptW32API.h"
#include "wptRegistry.h"
#include "wptUTF8.h"
#include "wptVersion.h"
#include "StringBuffer.h"


/* Map net_errno to a winsock error. */
#define net_errno ((int)WSAGetLastError ())

keyserver server[MAX_KEYSERVERS] = {0};
keyserver_proxy_s proxy = {0};
static const char *server_list[] = {
    "hkp://pool.sks-keyservers.net",
    "hkp://subkeys.pgp.net",
    "http://minsky.surfnet.nl",
    NULL
};
#define NUM_DEF_KEYSERVERS 3

static char  hkp_err_msg[384];  /* Holds the error message from the server */
static int   hkp_has_err = 0;   /* != 0 indicates an error occurred. */

/* Default keyserver and port. */
char *default_keyserver = NULL;
WORD default_keyserver_port = 0;

/* Default socket timeout (secs). */
static size_t default_socket_timeout = 6;


/* Wrapper for safe memory allocation. */
static char*
safe_alloc (DWORD n)
{
    char *p = new char[n+1];
    if (!p)
        BUG (0);
    memset (p, 0, n);
    return p;
}


/* Basic64 encode the input @inbuf to @outbuf. */
static void
base64_encode (const char *inbuf, char *outbuf)
{
    char base64code[] =
        "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
    int index = 0, temp = 0, res = 0;
    int inputlen, len = 0;
    
    inputlen = strlen (inbuf);
    for (int i = 0; i < inputlen; i++) {
        res = temp;
        res = (res << 8) | (inbuf[i] & 0xFF);
        switch (index++) {
        case 0: 
            outbuf[len++] = base64code[res >> 2 & 0x3F]; 
            res &= 0x3; 
            break;
        case 1: 
            outbuf[len++] = base64code[res >> 4 & 0x3F]; 
            res &= 0xF;
            break;
        case 2:
            outbuf[len++] = base64code[res >> 6 & 0x3F];
            outbuf[len++] = base64code[res & 0x3F]; 
            res = index = 0; 
            break;
        }
        temp = res;
    }
    
    if (index == 2) {      
        outbuf[len++] = base64code[temp << 2 & 0x3F];   
        outbuf[len++] = '=';
    }
    else if (index == 1) {
        outbuf[len++] = base64code[temp << 4 & 0x3F];
        outbuf[len++] = '=';
        outbuf[len++] = '=';
    }

    outbuf[len] = '\0';
}


/* Check that the given buffer contains a valid keyserver URL
   and return the prefix length, 0 in case of an error. */
static int
check_URL (const char *buf)
{
    if (strstr (buf, "hkp://"))
        return 6;
    if (strstr (buf, "http://"))
        return 7;
    return 0;
}


/* Skip the URL schema and return only the host part of it. */
static const char*
skip_type_prefix (const char *hostname)
{
    int pos;

    if (!hostname)
        return hostname;

    pos = check_URL (hostname);
    if (pos > 0)
        hostname += pos;
    return hostname;
}


/* Parse the keyserver response and extract the human
   readable text passages. */
static int
parse_keyserver_error (const char *resp, char *txt, size_t txtlen)
{
    char *p, *p2;

    /* If we find no 'Error' substring we assume a success. */
    if (!stristr (resp, "Error"))
        return -1;

    memset (txt, 0, txtlen);
    p = strstr (resp, "\r\n\r\n");
    if (!p)
        return -1;
    resp += (p-resp);
    p = strstr (resp, "<h1>");
    if (!p)
        return -1;
    resp += (p-resp)+strlen ("<h1>");
    p = strstr (resp, "</h1>");
    if (!p)
        return -1;
    resp += (p-resp)+strlen ("</h1>");
    p2 = strstr (resp, "</body>");
    if (p2 != NULL)
        memcpy (txt, resp, (p2-resp));
    else {
        if (!strnicmp (resp, "<p>", 3))
            resp += 3;
        while (resp && (*resp == '\r' || *resp == '\n'))
            resp++;
        memcpy (txt, resp, strlen (resp));
    }
    return 0;
}


/* Check that the keyserver response indicates an OK.
   Return 0 on success. */
static int
check_hkp_response (const char *resp, int recv)
{
    int ec;

    ec = recv ? WPTERR_WINSOCK_RECVKEY : WPTERR_WINSOCK_SENDKEY;
    if (!resp)
        return ec;
    log_debug ("check_hkp_response: '%s'\r\n", resp);    
    if (!strstr (resp, "HTTP/1.0 200 OK") &&
        !strstr (resp, "HTTP/1.1 200 OK") &&
        !strstr (resp, "HTTP/1.0 500 OK") &&
        !strstr (resp, "HTTP/1.1 500 OK"))
        return ec; /* http error */

    if (!parse_keyserver_error (resp, hkp_err_msg, DIM (hkp_err_msg)-2)) {
        if (!strlen (hkp_err_msg))
            _snprintf (hkp_err_msg, DIM (hkp_err_msg)-1, 
                        "Unknown keyserver error");
        hkp_has_err = 1;
        return ec;
    }
    return 0;
}


/* Read a single line (\r\n) from a socket.
   Return 0 on success. */
static int
sock_getline (int fd, char *buf, int buflen, int *nbytes)
{
    char ch;
    int nread;
    
    if (nbytes)
        *nbytes = 0;
    *buf = 0;
    nread = 0;
    while (recv (fd, &ch, 1, 0) > 0) {
        *buf++ = ch;
        nread++;
        if (ch == '\r')
            continue; /* remove this char. */
        if (ch == '\n' || nread == (buflen - 1)) {
            *buf = 0;
            if (nbytes)
                *nbytes = nread;
            return 0;
        }
    }

    return -1;
}


/* Perform a select() on the given fd to find out
   is there is data for reading. Wait at least @nsecs milli seconds. */
static int
sock_select (int fd, int nmsecs)
{
    FD_SET rfd;
    timeval tv = {0, nmsecs*1000};

    FD_ZERO (&rfd);
    FD_SET (fd, &rfd);
    if (select (fd + 1, &rfd, NULL, NULL, &tv) == SOCKET_ERROR) {
        log_debug ("sock_select: select() failed ec=%d.\r\n", net_errno);
        return SOCKET_ERROR;
    }
    if (FD_ISSET (fd, &rfd))
        return 1;
    return 0;
}


/* Read from a socket @fd to buffer @buf with a fixed timeout 
   of 10 seconds. The amount of bytes which were read are 
   returned in @nbytes.
   Return value: 0 on success. */
static int
sock_read (int fd, char *buf, size_t buflen, int *nbytes)
{    
    size_t nleft = buflen;
    size_t n;
    int nread;
    int rc;
    
    if (nbytes)
        *nbytes = 0;
    n = 0;
    while (nleft > 0) {
        if (n >= default_socket_timeout)
            return WPTERR_WINSOCK_TIMEOUT;
        rc = sock_select (fd, 400);
        if (rc == SOCKET_ERROR)
            return rc;
        else if (!rc)
            n++;
        else {
            nread = recv (fd, buf, nleft, 0);
            if (nread == SOCKET_ERROR) {
                log_debug ("sock_read: recv() failed ec=%d.\r\n", net_errno);
                return SOCKET_ERROR;
            }
            else if (!nread)
                break;
            nleft -= nread;
            buf += nread;
        }       
    }
    if (nbytes)
        *nbytes = buflen - nleft;
        
    return 0;
}


/* Helper to create a string from the gpgme data and
   then release the gpgme data object. */
char*
data_release_and_get_mem (gpgme_data_t in, size_t *r_bufferlen)
{    
    char *buffer, *p;
    size_t n;

    gpg_data_putc (in, '\0');
    p = gpgme_data_release_and_get_mem (in, &n);
    buffer = m_strdup (p);
    if (r_bufferlen)
        *r_bufferlen = n;
    gpgme_free (p);
    return buffer;
}


/* Read much data as possible from the socket @fd and
   return the data in @buffer. Caller must free data.
   Return value: 0 on success. */
int
sock_read_ext (int fd, char **buffer, size_t *r_bufferlen)
{
    gpgme_data_t dh;
    char buf[1024];
    size_t timeout=0;
    int rc;

    *buffer = NULL;
    if (gpgme_data_new (&dh))
        return SOCKET_ERROR;
    while (timeout < default_socket_timeout) {
        rc = sock_select (fd, 500);
        if (rc == SOCKET_ERROR) {
            gpgme_data_release (dh);
            return rc;
        }
        else if (!rc)
            timeout++; /* socket not ready yet. */
        else {
            int nread = recv (fd, buf, DIM (buf), 0);
            log_debug ("recv n=%d bytes\r\n", nread);
            if (nread == SOCKET_ERROR)
                return SOCKET_ERROR;
            else if (!nread)
                break;
            gpgme_data_write (dh, buf, nread);
        }
    }
    
    if (timeout >= default_socket_timeout) {
        gpgme_data_release (dh);
        log_debug ("sock_read_ext: timeout\r\n");
        return WPTERR_WINSOCK_TIMEOUT;
    }
    log_debug ("sock_read_ext: success\r\n");
    *buffer = data_release_and_get_mem (dh, r_bufferlen);
    return 0;
}


/* Write the buffer @buf with the length @buflen to a socket @fd. */
static int
sock_write (int fd, const char *buf, size_t buflen)
{
    int nwritten;
    int nleft = buflen;

    while (nleft > 0) {
        nwritten = send (fd, buf, nleft, 0);
        if (nwritten == SOCKET_ERROR) {
            log_debug ("sock_write: send() failed ec=%d\r\n", net_errno);
            return SOCKET_ERROR;
        }
        nleft -= nwritten;
        buf += nwritten;
    }

    return 0;
}


/* Initialize the Winsock2 interface.*/
int
wsock_init (void)
{
    WSADATA wsa;

    if (WSAStartup (0x202, &wsa)) {
        log_debug ("wsock_init: WSAStartup failed ec=%d\r\n", net_errno);
        return WPTERR_WINSOCK_INIT;
    }
    return 0;
}


/* Cleanup the Winsock2 interface and free all resources. */
void
wsock_end (void)
{
    if (default_keyserver != NULL) {
        char str_port[64];
        set_reg_entry_keyserver ("Default", default_keyserver);
        free_if_alloc (default_keyserver);
        sprintf (str_port, "%d", default_keyserver_port);
        set_reg_entry_keyserver ("Default_Port", str_port);
    }   
    for (int i=0; i < MAX_KEYSERVERS; i++) {
        if (server[i].name != NULL)
            free_if_alloc (server[i].name);
    }
    kserver_proxy_release (&proxy);
    WSACleanup ();
    log_debug ("wsock_end: cleanup finished.\r\n");
}


/* Return a string representation of a winsock error. */
const char*
wsock_strerror (void)
{
    int ec = WSAGetLastError ();
    
    if (!ec)
        return "";
    switch (ec) {
    case WSANOTINITIALISED:
        return _("Winsock subsystem has not been initialized");
        
    case WSAENETDOWN:
        return _("Network subsystem has failed");


    case WSATRY_AGAIN:
        return _("Nonauthoritative host not found, or server failure");
        
    case WSAHOST_NOT_FOUND:
        return _("Could not resolve host name");

    case WSAETIMEDOUT:
    case WSAECONNABORTED:
        return _("Connection timeout");

    case WSAENETRESET:
    case WSAECONNRESET:
        return _("Connection resetted by peer");

    case WSAENETUNREACH:
        return _("The network cannot be reached from this host at this time");
        
    case WSAEHOSTUNREACH:
        return _("A socket operation was attempted to an unreachable host");
        
    case WSAECONNREFUSED:
        return _("The attempt to connect was forcefully rejected");
        
    case WSAESHUTDOWN:
        return _("Socket has been shutdown");

    default:
        break;
    }

    return _("Unknown network error"); 
}


/* Set default socket timeout for all reading operations. */
void
kserver_set_socket_timeout (size_t nsec)
{
    if (nsec < 0 || nsec > 3600)
        nsec = 10;
    default_socket_timeout = nsec;
}


/* Return the last keyserver error as a string. */
const char*
kserver_strerror (void)
{       
    return hkp_has_err? hkp_err_msg : NULL;
}


/* Read a keyserver from the list at index @idx.
   Return value: keyserver name at the given position. */
const char*
kserver_get_hostname (int idx, int type, WORD *port)
{
    if (type == -1) {
        *port = default_keyserver_port;
        return default_keyserver;
    }
    else if (!type && (size_t)idx < DIM (server_list)) {
        *port = HKP_PORT;
        return server_list[idx];
    }
    return NULL;
}


/* Check if the computer is connected to the internet.
   Return 0 on success -1 otherwise. */
int
kserver_check_inet_connection (void)
{
    int fd;

    if (!kserver_connect (default_keyserver, default_keyserver_port, &fd)) {
        closesocket (fd);
        return 0;
    }
    log_debug ("kserver_check_inet_connection: no inet connection.\r\n");
    return -1;
}


/* If the request contains the keyid, it have to be
   always postfix with '0x'+keyid. This code checks
   if the keyid is a decimal value and if so if it contains
   the '0x'. If not it is inserted. */
const char*
kserver_check_keyid (const char *keyid)
{       
    static char id[64];

    if (strstr (keyid, "@"))
        return keyid; /* email address */
    if (strncmp (keyid, "0x", 2)) {
        memset (&id, 0, sizeof (id));
        _snprintf (id, DIM (id)-1, "0x%s", keyid);
        return id;
    }
    return keyid;
}


/* Update the keyserver proxy user. */
static void
update_proxy_user (const char *proxy_user, const char *proxy_pass)
{
    char t[257]; /* user:pass = 127+1+127+1 = 257 */
    size_t n;

    n = 4*(strlen (proxy_user) + strlen (proxy_pass))/3 + 32 + 2;
    free_if_alloc (proxy.base64_user);
    proxy.base64_user = safe_alloc (n+1);
    _snprintf (t, DIM (t)-1, "%s:%s", proxy_user, proxy_pass);
    base64_encode (t, proxy.base64_user);
    free_if_alloc (proxy.user);
    free_if_alloc (proxy.pass);
    proxy.user = m_strdup (proxy_user);
    proxy.pass = m_strdup (proxy_pass);
}


/* Set the default keyserver. The position is always one. */
void
keyserver_set_default (const char *hostname, WORD port)
{
    int pos=0;
    
    if (port == 0)
        port = HKP_PORT;
    
    free_if_alloc (default_keyserver);
    default_keyserver = m_strdup (hostname);
    default_keyserver_port = port;
    
    while (pos < MAX_KEYSERVERS) {
        if (server[pos].is_default)
            break;
        if (server[pos].used) {
            pos++;
            continue;
        }
        break;
    }
    free_if_alloc (server[pos].name);
    server[pos].name =  m_strdup (default_keyserver);
    server[pos].used = 1;
    server[pos].port = port;
    server[pos].is_default = 1;
}


/* Skip all kind of whitespace chars in @str.
static const char*
skip_whitespace (const char *str)
{
    while (str && *str) {
        if (*str == ' ' ||
            *str == '\t' ||
            *str == '\n' ||
            *str == '\r') {
            str++;
            continue;
        }
        break;
    }
    return str;
}*/


/* Return the specified keyserver config setting @key as an integer. */
static int
get_conf_kserver_int (const char *key)
{
    char *p;
    int val = 0;

    p = get_reg_entry_keyserver (key);
    if (p && *p)
        val = atoi (p);
    free_if_alloc (p);
    return val;
}


/* Read the proxy configuration and store it into @prox. */
static void
read_proxy_config (keyserver_proxy_t prox)
{
    char *proto;

    if (!prox)
        return;
    
    proto = get_reg_entry_keyserver("Proto");
    if (proto != NULL && strlen (proto) > 0)
        prox->proto = atoi (proto);
    else
        prox->proto = PROXY_PROTO_NONE;
    free_if_alloc (proto);
    
    free_if_alloc (prox->host);
    prox->host = get_reg_entry_keyserver ("Host");
    
    free_if_alloc (prox->user);
    prox->user = get_reg_entry_keyserver ("User");
    
    free_if_alloc (prox->pass); 
    prox->pass = get_reg_entry_keyserver ("Pass");
    
    prox->port = get_conf_kserver_int ("Port");
}


static int 
is_keyserver_present (const char *name)
{
    for (int i=0; i < MAX_KEYSERVERS; i++) {
        if (server[i].name != NULL &&
            stricmp (server[i].name, name) == 0)
            return 1;
    }
    return 0;
}

/* Load the keyserver configuration. */
int
kserver_load_conf (void)
{
    char *str_server, *str_port;
    int port, list_pos;    
    
    /* If a preferred keyserver is available, load
     * the values and store it at position 0.
     */
    str_server = get_reg_entry_keyserver("Default");
    if (str_server && *str_server) {
        port = HKP_PORT;
        str_port = get_reg_entry_keyserver("Default_Port");
        if (str_port && *str_port)
            port = atoi (str_port);         
        keyserver_set_default (str_server, port);
        free_if_alloc (str_port);
    }
    free_if_alloc (str_server);
    
    /* Now add the default pool servers after the 
     * preferred keyserver if present.
     */
    list_pos = 1;
    for (int i=0; server_list[i] != NULL; i++) {
        if (is_keyserver_present (server_list[i]))
            continue;
        server[list_pos].used = 1;
        server[list_pos].port = HKP_PORT;
        server[list_pos].name = m_strdup (server_list[i]);
        server[list_pos].is_default = 0;
        list_pos++;
        if (list_pos > MAX_KEYSERVERS)
            break;
    }
    return 0;
}


/* Connect to the keyserver @hostname (port @port).
   Return value: 0 on success */
int
kserver_connect (const char *hostname, WORD port, int *conn_fd)
{         
    struct hostent *hp;
    struct sockaddr_in sock;
    char host[128] = {0};
    DWORD iaddr;
    bool use_proxy = proxy.host != NULL;
    int rc, fd;

    if (!port)
        port = HKP_PORT;
    if (conn_fd)
        *conn_fd = 0;
    hostname = skip_type_prefix (hostname);
    log_debug ("kserver_connect: %s:%d\r\n", hostname, port);
    
    if (use_proxy && proxy.proto == PROXY_PROTO_HTTP)
        port = proxy.port;
    memset (&sock, 0, sizeof (sock));
    sock.sin_family = AF_INET;
    sock.sin_port = htons (port);
    strncpy (host, use_proxy? proxy.host : hostname, DIM (host)-1);

    if ((iaddr = inet_addr (host)) != INADDR_NONE)
        memcpy (&sock.sin_addr, &iaddr, sizeof (iaddr));
    else if ((hp = gethostbyname (host))) {
        if (hp->h_addrtype != AF_INET || hp->h_length != 4) {
            log_debug ("gethostbyname: unknown address type.\r\n");
            return WPTERR_WINSOCK_RESOLVE;
        }
        memcpy (&sock.sin_addr, hp->h_addr, hp->h_length);
    }
    else {
        log_debug ("gethostbyname(%s): failed ec=%d.\r\n", host, net_errno);
        return use_proxy? WPTERR_WINSOCK_PROXY : WPTERR_WINSOCK_RESOLVE;
    }
    fd = socket (AF_INET, SOCK_STREAM, 0);
    if (fd == INVALID_SOCKET)   
        return WPTERR_WINSOCK_SOCKET;
    rc = connect (fd, (struct sockaddr *) &sock, sizeof (sock));
    if (rc == SOCKET_ERROR) {
        log_debug ("connect: failed ec=%d.\r\n", net_errno);
        closesocket (fd);
        return use_proxy? WPTERR_WINSOCK_PROXY : WPTERR_WINSOCK_CONNECT;
    }
    
    if (conn_fd)
        *conn_fd = fd;
    WSASetLastError (0);
    return 0;
}


/* Check if the URL needs to be encoded or not.
static bool
URL_must_encoded (const char *url)
{
    if (strchr (url, '.') || strchr (url, '@') || strchr (url, ' '))
        return true;
    return false;
}*/


/* Perform URL encoding of the given data. */
static char*
URL_encode (const char *url, DWORD ulen, DWORD *ret_nlen)
{
    gpgme_data_t hd;
    char numbuf[8], *p;
    size_t i, nlen;

    if (gpgme_data_new (&hd))
        BUG (0);
    for (i=0; i < ulen; i++) {
        if (isalnum (url[i]) || url[i] == '-')
            gpg_data_putc (hd, url[i]);
        else if (url[i] == ' ')
            gpg_data_putc (hd, '+');
        else {
            sprintf (numbuf, "%%%02X", url[i]);
            gpgme_data_write (hd, numbuf, strlen (numbuf));
        }
    }

    p = data_release_and_get_mem (hd, &nlen);
    if (ret_nlen)
        *ret_nlen = nlen;
    return p;
}


/* Format a request for the given keyid (send). */
static char*
kserver_send_request (const char *hostname, WORD port, 
                      const char *pubkey, DWORD octets)
{
    const char *fmt;
    char *request;
    char *enc_pubkey;
    DWORD enc_octets;
    int reqlen;

    log_debug ("kserver_send_request: %s:%d\r\n", hostname, port);

    if (!port)
        port = HKP_PORT;
    enc_pubkey = URL_encode (pubkey, octets, &enc_octets);
    reqlen = 2*strlen (hostname) + 2*32/*port*/ + enc_octets + 32 /*len*/ + 1;
    
    if (proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
        fmt = "POST http://%s:%d/pks/add HTTP/1.0\r\n"
              "Referer: \r\n"
              "User-Agent: WinPT/W32\r\n"
              "Host: %s:%d\r\n"
              "Proxy-Authorization: Basic %s\r\n"
              "Content-type: application/x-www-form-urlencoded\r\n"
              "Content-length: %d\r\n"
              "Connection: close\r\n"
              "\r\n"
              "keytext=%s"
              "\r\n";
        reqlen += strlen (fmt) + strlen (proxy.base64_user) + 1;
        request = safe_alloc (reqlen+1);
        _snprintf (request, reqlen, fmt,
                   skip_type_prefix (hostname), port, hostname, port,
                   proxy.base64_user, enc_octets+9, enc_pubkey);
    }
    else {
        fmt = "POST /pks/add HTTP/1.0\r\n"
              "Referer: \r\n"
              "User-Agent: WinPT/W32\r\n"
              "Host: %s:%d\r\n"
              "Content-type: application/x-www-form-urlencoded\r\n"
              "Content-length: %d\r\n"
              "Connection: close\r\n"
              "\r\n"
              "keytext=%s"
              "\r\n";
        reqlen += strlen (fmt)+1;
        request = safe_alloc (reqlen+1);
        _snprintf (request, reqlen, fmt,
                   skip_type_prefix (hostname), port,
                   enc_octets+9, enc_pubkey);
    }

    free_if_alloc (enc_pubkey);
    log_debug ("request:\r\n%s\r\n", request);
    return request;
}


/* Interface for receiving a public key. */
int
kserver_recvkey (const char *hostname, WORD port, const char *keyid,
                 char **r_key, size_t *r_keylen)
{
    StringBuffer req;
    const char *reqbuf;
    int conn_fd;
    int rc;

    if (!port)
        port = HKP_PORT;
    hkp_has_err = 0; /* reset */
    rc = kserver_connect (hostname, port, &conn_fd);
    if (rc)
        goto leave;

    if (proxy.host && proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
        req = req + "GET http://" + skip_type_prefix (hostname) +
            ":" + port +
            "/pks/lookup?op=get&search=" + keyid + " HTTP/1.0\r\n" +
            "Proxy-Authorization: Basic " + proxy.base64_user + "\r\n" +
            "Host: " + skip_type_prefix (hostname) + ":" + port + "\r\n"+
            "Connection: close\r\n"+
            "\r\n";
    }
    else if (proxy.host && proxy.proto == PROXY_PROTO_HTTP) {
        req = req + "GET http://" + skip_type_prefix (hostname) + 
            ":" + port + "/pks/lookup?op=get&search=" + keyid + 
            " HTTP/1.0\r\n" +
            "Host: " + skip_type_prefix (hostname) + ":" + port + "\r\n"+
            "Connection: close\r\n"+
            "\r\n";
    }
    else
        req = req + "GET /pks/lookup?op=get&search=" + keyid +     
            " HTTP/1.0\r\n"+ // FIXME
            "Host: " + skip_type_prefix (hostname) + ":" + port + "\r\n"+
            "Connection: close\r\n"+
            "\r\n";
    
    log_debug ("req:\r\n%s\r\n", req.getBuffer ());   

    reqbuf = req.getBuffer ();
    rc = sock_write (conn_fd, reqbuf, strlen (reqbuf));
    if (rc == SOCKET_ERROR) {
        rc = WPTERR_WINSOCK_RECVKEY;
        goto leave;
    }
    
    rc = sock_read_ext (conn_fd, r_key, r_keylen);
    if (rc == SOCKET_ERROR) {
        rc = WPTERR_WINSOCK_RECVKEY;
        goto leave;
    }

    log_debug ("response:\r\n%s\r\n", *r_key);
    rc = check_hkp_response (*r_key, 1);
    if (rc)
        goto leave;
    
    WSASetLastError (0);
    
leave:
    closesocket (conn_fd);
    return rc;
}


/* Interface to send a public key. */
int
kserver_sendkey (const char *hostname, WORD port, 
                 const char *pubkey, size_t len)
{
    char *request = NULL;
    char log[2048] = {0};
    int conn_fd, n;
    int rc;
    
    hkp_has_err = 0; /* reset */
    rc = kserver_connect (hostname, port, &conn_fd);
    if (rc)
        goto leave;
    
    request = kserver_send_request (hostname, port, pubkey, len);
    rc = sock_write (conn_fd, request, strlen (request));
    if (rc == SOCKET_ERROR) {
        rc = WPTERR_WINSOCK_SENDKEY;
        goto leave;     
    }
    
    rc = sock_read (conn_fd, log, DIM (log)-1, &n);
    if (rc == SOCKET_ERROR) {
        rc = WPTERR_WINSOCK_SENDKEY;
        goto leave;
    }

    log_debug ("kserver_sendkey: read %d bytes\r\n%s\r\n", n, log);
    rc = check_hkp_response (log, 0);
    if (rc)
        goto leave;
    
    WSASetLastError (0);

leave:
    closesocket (conn_fd);
    free_if_alloc (request);
    return rc;
}


/* Check keyserver response. */
static int
kserver_search_chkresp (int fd)
{
    char buf[128];
    int n=0;
    
    /* parse response 'HTTP/1.0 500 OK' */
    if (sock_getline (fd, buf, DIM (buf)-1, &n))
        return WPTERR_KEYSERVER_NOTFOUND;

    log_debug ("kserver_search_chkpresp: %s\r\n", buf);
    if (strncmp (buf, "HTTP/1.", 7))
        return WPTERR_KEYSERVER_NOTFOUND;
    if (strncmp (buf+(8+1), "200", 3))
        return WPTERR_KEYSERVER_NOTFOUND;
    return 0;
}


/* End the keyserver search procedure. */
void 
kserver_search_end (int conn_fd)
{
    log_debug ("kserver_search_end: fd=%d\r\n", conn_fd);
    closesocket (conn_fd);
}


/* Extract the amount of keys from the info record. */
static size_t
count_keys_in_response (char *buf)
{
    char *p;
    int recno = 0;
    size_t n = 0;

    /* info:1:4 */
    if (strncmp (buf, "info", 4))
        return 0;
    p = strtok (buf, ":");
    while (p != NULL) {
        recno++;
        if (recno == 3)
            n = atoi (p);
        p = strtok (NULL, ":");
    }
    return n;
}


/* Start the keyserver search.
   Connect to host @hostname and port @port.
   The pattern are given in @pattern.
   The socket is returned in @conn_fd and @nkeys contains
   the amount of keys which were found. */
int
kserver_search_begin (const char *hostname, WORD port, 
                      const char *pattern, int *conn_fd, size_t *nkeys)
{

    StringBuffer req;
    const char *reqbuf;
    char *enc_patt = NULL;
    char status[128];
    int rc, sock_fd;
    int nread;
    
    *conn_fd = 0;

    rc = kserver_connect (hostname, port, &sock_fd);
    if (rc)
        goto leave;

    enc_patt = URL_encode (pattern, strlen (pattern), NULL);
    if (proxy.host && proxy.user && proxy.proto == PROXY_PROTO_HTTP) {
        req = req + "GET http://" + skip_type_prefix (hostname) + ":" + port + 
            "/pks/lookup?options=mr&op=index&search=" + enc_patt + 
            " HTTP/1.0\r\n" +
            "Host: " + skip_type_prefix (hostname)  + ":" + port+ "\r\n"+
            "Connection: close\r\n" +
            "Proxy-Authorization: Basic " + proxy.base64_user + "\r\n\r\n";
    }    
    else if (proxy.host && proxy.proto == PROXY_PROTO_HTTP) {
        req = req + "GET http://" + skip_type_prefix (hostname) + ":" + port +
            "/pks/lookup?options=mr&op=index&search=" + enc_patt + 
            " HTTP/1.0\r\n"+
            "Host: " + skip_type_prefix (hostname)  + ":" + port+ "\r\n"+
            "Connection: close\r\n"+
            "\r\n";
    }
    else {
        req = req + "GET /pks/lookup?options=mr&op=index&search=" + 
         enc_patt + " HTTP/1.0\r\n" +
         "Host: " + skip_type_prefix (hostname)  + ":" + port+ "\r\n"+
         "Connection: close\r\n"+
         "\r\n";
    }
    
    log_debug ("kserver_search_begin:\r\n%s\r\n", req.getBuffer ());
    reqbuf = req.getBuffer ();
    if (sock_write (sock_fd, reqbuf, strlen (reqbuf)) == SOCKET_ERROR) {
        rc = WPTERR_GENERAL;
        goto leave;
    }
    
    rc = kserver_search_chkresp (sock_fd);
    if (rc) {
        closesocket (sock_fd);
        sock_fd = 0;
        goto leave;
    }

    /* Skip all lines until we reach the "info:" record. */
    for (;;) {
        if (sock_getline (sock_fd, status, DIM (status)-1, &nread)) {   
            log_debug ("kserver_search_begin: retrieving status line failed.\r\n");
            closesocket (sock_fd);
            sock_fd = 0;
            rc = WPTERR_GENERAL;
            break;
        }
        if (!strncmp (status, "info:", 5))
            break;
    }

    if (!rc)
        *nkeys = count_keys_in_response (status);
    *conn_fd = sock_fd;
    
leave:
    free_if_alloc (enc_patt);
    return rc;
}


/* Parse a single pub record returned by the keyserver. */
static void
parse_pub_record (keyserver_key_s *key, char *buf)
{
    enum pub_rec_t {ID=1, KEYID, ALGO, SIZE, CREATE, EXPIRE};
    char *p;
    int recno = 0;
    int off = 0;

    /* pub:{BF3DF9B4, ED4681C9BF3DF9B4, FPR}:17:1024:925411133:: */
    p = strtok (buf, ":");
    while (p != NULL) {
        recno++;
        switch (recno) {
        case ID: 
            break;

        case KEYID:
            /* If for any reason the returned record actually contains
               a fingerprint instead of a key ID, we truncate the fpr. */
            off = strlen (p) == 40? 32 : 0;
            free_if_alloc (key->keyid);
            key->keyid = m_strdup (p+off);
            break;

        case ALGO:
            key->algo = atoi (p);
            break;
            
        case SIZE:
            key->bits = atoi (p);
            break;

        case CREATE:
            key->creation = strtoul (p, NULL, 10);
            break;

        case EXPIRE:
            key->expires = strtoul (p, NULL, 10);
            break;
        }
        p = strtok (NULL, ":");
    }
}


/* Parse a single user id returned by the keyserver. */
static void
parse_uid_record (keyserver_key_s *key, char *buf)
{
    enum uid_rec_t {ID=1, UID, CREATE, EXPIRE};
    keyserver_uid_s *u, *n;
    char *p, *raw;
    int recno = 0;

    /* uid:Timo Schulz <[email protected]>:1138440360:: */
    u = new keyserver_uid_s;
    memset (u, 0, sizeof *u);

    p = strtok (buf, ":");
    while (p != NULL) {
        recno++;

        switch (recno) {
        case ID:
            break;

        case UID:
            unhexify_buffer (p, &raw);
            u->uid = utf8_to_native (raw);
            free_if_alloc (raw);
            break;

        case CREATE:
            u->creation = strtoul (p, NULL, 10);
            break;

        case EXPIRE:
            u->expires = strtoul (p, NULL, 10);
            break;
        }

        p = strtok (NULL, ":");
    }
    if (!key->uids)
        key->uids = u;
    else {
        for (n = key->uids; n->next; n=n->next)
            ;
        n->next = u;
    }
}


/* Peek the next 3 bytes to check if the next line
   would be a new "pub" record. In this case, return
   -1 as an EOF indication, 0 otherwise. */
static int
is_key_eof (int fd)
{
    char buf[64];
    int n;

    n = recv (fd, buf, 3, MSG_PEEK);
    if (n < 3 || strncmp (buf, "pub", 3))
        return 0;
    return -1;
}


/* Return the next key from the search response. */
int
kserver_search_next (int fd, keyserver_key_s **r_key)
{
    keyserver_uid_s *uid, *u = NULL;
    keyserver_key_s *key;
    char buf[512];
    int n = 0;
    long max = 0;

    log_debug ("keyserver_search_next:\r\n");
    *r_key = NULL;

    key = new keyserver_key_s;
    memset (key, 0, sizeof *key);
    for (;;) {
        if (sock_getline (fd, buf, DIM (buf)-1, &n))
            break;
        /*log_debug ("record: '%s'\r\n", buf); */
        if (!strncmp (buf, "pub", 3))
            parse_pub_record (key, buf);
        else
            parse_uid_record (key, buf);
        if (is_key_eof (fd))
            break;
    }

    /* the uid with the newest self sig is used as the
       primary user id. */
    for (uid = key->uids; uid; uid = uid->next) {
        if (uid->creation > max) {
            max = uid->creation;
            u = uid;
        }
    }

    key->main_uid = u? u : key->uids;
    *r_key = key;
    return 0;
}


/* Release the keyserver key @key and all its elements. */
void
kserver_release_key (keyserver_key_s *key)
{
    keyserver_uid_s *u;

    while (key->uids) {
        u = key->uids->next;
        free_if_alloc (key->uids->uid);
        free_if_alloc (key->uids);
        key->uids = u;
    }
    free_if_alloc (key->keyid);
    free_if_alloc (key);
}


/* Release mbmers in the proxy context @ctx. */
void
kserver_proxy_release (keyserver_proxy_t ctx)
{
    free_if_alloc (ctx->host);
    free_if_alloc (ctx->pass);
    free_if_alloc (ctx->user);
    ctx->port = ctx->proto = 0;
}


/* Check if the given name @name is a valid inernet address
   which means an dotted IP or a valid DNS name.
   Return value: 0 on success. */
int
check_inet_address (const char *addr)
{
    const char *not_allowed = "=!§$%&@#*~\\/}][{<>|,;:'";

    for (size_t i=0; i < strlen (addr); i++) {
        if (strchr (not_allowed, addr[i]))
            return -1;
    }
    return 0;
}


/* Split the URL @r_keyserver into the host and the port
   part if possible. */
gpgme_error_t
parse_keyserver_url (char **r_keyserver, unsigned short *r_port)
{
    char *p;
    char *url = *r_keyserver;
    int off;

    /* no port is given so use the default port. */
    p = strrchr (url, ':');
    if (p == strchr (url, ':')) {
        *r_port = HKP_PORT;
        return 0;
    }

    if (url[(p-url)-1] == '/') /* remove / in .de/:11371 */
        off = 1;
    else
        off = 0;

    *r_keyserver = substr (url, 0, (p-url)-off);
    *r_port = atoi (url+(p-url)+1);
    free_if_alloc (url);
    return 0;
}