trunk/Src/wptVerifyList.cpp

/* wptVerifyList.cpp - Listview for verifying signatures
 *      Copyright (C) 2001, 2002, 2003, 2005, 2006, 2007 Timo Schulz
 *      Copyright (C) 2005 g10 Code GmbH
 *
 * This file is part of WinPT.
 *
 * WinPT is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License 
 * as published by the Free Software Foundation; either version 2 
 * of the License, or (at your option) any later version.
 *  
 * WinPT is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <windows.h>
#include <time.h>

#include "resource.h"
#include "wptTypes.h"
#include "wptGPG.h"
#include "wptCommonCtl.h"
#include "wptKeylist.h"
#include "wptNLS.h"
#include "wptContext.h"
#include "wptErrors.h"
#include "wptW32API.h"
#include "wptVersion.h"

/* Symbolic column IDs */
enum {
    VER_COL_NAME = 0,
    VER_COL_STAT = 1,
    VER_COL_SIGNED = 2,
    VER_COL_TRUST = 3,
    VER_COL_KEYID = 4,
    VER_COL_UID = 5
};


/* Extract the file name part out of the given path in @path.
   Return value: file part or NULL on error. */
static char*
extract_filename (const char *path)
{
    char *p;
    size_t pos;

    p = strrchr (path, '\\');
    if (p == NULL)
        return m_strdup (path);
    pos = p-path;
    return substr (path, pos+1, strlen (path)-1);
}


/* Return human printable PKA status.
   If no pka information is available, return NULL. */
char*
get_pka_status (gpgme_signature_t sig)
{
    const char *fmt;
    char *pka_inf;

    if (sig->pka_trust == 0 || !sig->pka_address)
        return NULL;
    fmt = _("PKA: Verified signer's address is '%s'");
    pka_inf = new char[strlen (fmt)+strlen (sig->pka_address)+2];
    if (!pka_inf)
        BUG (NULL);     
    sprintf (pka_inf, fmt, sig->pka_address);
    return pka_inf;
}


/* Set additional signature information according to the
   signature @sig. If no info control is used, just return. */
void
verlist_set_additional_info (verlist_ctrl_t vlv, gpgme_signature_t sig)
{
    int used = 1;

    if (!vlv->infctl)
        return;

    /* if the signature is bad, we just hide the window and return. */
    if (sig->summary & GPGME_SIGSUM_RED) {
        ShowWindow (vlv->infctl, SW_HIDE);
        return;
    }
    /* XXX: if the summary does not contain GPGME_SIGSUM_GREEN, issue a warning. */
    if (sig->validity != GPGME_VALIDITY_MARGINAL &&
        sig->validity != GPGME_VALIDITY_FULL &&
        sig->validity != GPGME_VALIDITY_ULTIMATE &&
        !(sig->summary & GPGME_SIGSUM_KEY_MISSING)) {
        SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)
                     _("WARNING: This key is not certified with a trusted signature!\r\n"
                       "                   There is no indication that the signature belongs to the owner.\r\n"));
    }
    else if (sig->exp_timestamp > (DWORD)time (NULL))
        SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)
                     _("The signature is expired!"));
    else {
        char *pka_info = get_pka_status (sig);
        if (pka_info != NULL) {
            SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)pka_info);
            free_if_alloc (pka_info);
        }
        else {
            SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)"");
            used = 0;
        }
    }    
    ShowWindow (vlv->infctl, used? SW_SHOW : SW_HIDE);
}


/* Build a verify signature list control. With the parent window
   from @ctrl and the mod given in @fm_mode. @lv contains the
   new control on success.
   Return value: 0 on success. */
void
verlist_build (verlist_ctrl_t *vlv, HWND ctrl, int fm_mode)
{
    struct listview_column_s verlist[] = {
        {0, 120, (char *)_("Name")},
        {1, 140, (char *)_("Status")},
        {2, 120, (char *)_("Signed")},
        {3,  58, (char *)_("Trust") },
        {4,  80, (char *)_("Key ID" )},
        {5, 160, (char *)_("User ID")},
        {6, 0, NULL}
    };
    HICON ico[2];
    struct verlist_ctrl_s *v;
    int j;
    
    v = new verlist_ctrl_s;
    if (!v)
        BUG (0);
    memset (v, 0, sizeof *v);
    listview_new (&v->lv, ctrl);
    for (j=0; verlist[j].fieldname; j++)
        listview_add_column (v->lv, &verlist[j]);
    if (!fm_mode)
        listview_set_column_width (v->lv, 0, 80);
    listview_set_ext_style (v->lv);
    ico[0] = LoadIcon (glob_hinst, (LPCTSTR)IDI_SIG_GOOD);
    ico[1] = LoadIcon (glob_hinst, (LPCTSTR)IDI_SIG_BAD);
    listview_set_image_list (v->lv, 16, 16, ico, 2);
    *vlv = v;
}


void
verlist_set_info_control (verlist_ctrl_t vlv, HWND infctl)
{
    vlv->infctl = infctl;
}


/* Delete the given verify control in @lv. */
void
verlist_delete (verlist_ctrl_t vlv)
{
    if (vlv) {
        listview_release (vlv->lv);
        free_if_alloc (vlv);
    }
}


/* Handy function to extract the real key ID from a signature. */
const char *
sig_get_real_keyid (gpgme_signature_t sig, winpt_key_t key)
{
    const char *keyid;
    
     /* We still need an extra check for RSA:MD5 keys because we
        cannot derrive the keyid directly from the fingerprint. */
    if (strlen (sig->fpr) == 32) {
        if (key->ext != NULL)
            keyid = key->ext->key->subkeys->keyid+8;
        else /* show the fingerprint if the key is not in the keyring. */
            keyid = sig->fpr;
    }
    else
        keyid = get_keyid_from_fpr (sig->fpr);
    return keyid;
}

    
/* Add the given signature in @sig to the verify control @lv.
   Return value: 0 on success. */
int
verlist_add_sig (verlist_ctrl_t vlv, gpgme_signature_t sig)
{
    listview_ctrl_t lv;
    struct winpt_key_s key;    
    const char *attr;
    char keyid[32+1], timebuf[128];
    u32 key_attr;
    int is_bad;
    
    is_bad = sig->summary & GPGME_SIGSUM_RED? 1 : 0;
    lv = vlv->lv;
    if (listview_add_item_image (lv, " ", is_bad))
        return WPTERR_GENERAL;
        
    listview_add_sub_item (lv, 0, VER_COL_NAME, _("Clipboard"));

    memset (&key, 0, sizeof (key));
    winpt_get_pubkey (sig->fpr, &key);
    if (sig->summary == 0 && gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
        attr = get_gpg_sigstat (GPGME_SIGSUM_GREEN);
    else
        attr = get_gpg_sigstat (sig->summary);
    if (attr)
        listview_add_sub_item (lv, 0, VER_COL_STAT, (char *)attr);
    
    attr = get_locale_timedate (sig->timestamp, timebuf, DIM (timebuf)-1);
    if (!attr)
        attr = _("Unknown");
    listview_add_sub_item (lv, 0, VER_COL_SIGNED, (char *)attr);
    
    attr = _("Unknown");
    if (key.ctx) {
        key_attr = key.ext->uids->validity;
        attr = get_key_trust2 (NULL, key_attr, 0, 0);
    }
    listview_add_sub_item (lv, 0, VER_COL_TRUST, (char *)attr);
    
    attr = sig_get_real_keyid (sig, &key);
    _snprintf (keyid, DIM (keyid) -1, "0x%s", attr);
    listview_add_sub_item (lv, 0, VER_COL_KEYID, keyid);
    
    attr = key.ctx? key.ext->uids->name : _("user ID not found");
    listview_add_sub_item (lv, 0, VER_COL_UID, attr);

    if (vlv->infctl)
        verlist_set_additional_info (vlv, sig);
    return 0;
}


/* Add the given file signature in @log to the verify control @lv.
   Return value: 0 on success. */
int
verlist_add_sig_log (verlist_ctrl_t vlv, file_sig_ctx_t log)
{
    gpgme_signature_t sig = log->sig;
    struct listview_ctrl_s *lv;
    struct winpt_key_s key;
    const char *attr;
    char t[64], timebuf[128], *name;
    int is_bad;

    lv = vlv->lv;
    is_bad = sig->summary & GPGME_SIGSUM_RED? 1 : 0;
    if (listview_add_item_image (lv, "", is_bad)) {
        log_debug ("verlist_add_sig_log: listview_add_item() failed.\n");
        return WPTERR_GENERAL;
    }

    memset (&key, 0, sizeof (key));
    winpt_get_pubkey (sig->fpr, &key);
    
    name = extract_filename (log->file);
    if (name != NULL)
        listview_add_sub_item (lv, 0, VER_COL_NAME, name);
    else
        listview_add_sub_item (lv, 0, VER_COL_NAME, log->file);
    free_if_alloc (name);
    
    if (sig->summary == 0 && gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
        attr = get_gpg_sigstat (GPGME_SIGSUM_GREEN);
    else
        attr = get_gpg_sigstat (sig->summary);
    listview_add_sub_item (lv, 0, VER_COL_STAT, attr);

    if (sig->timestamp > 0) {
        attr = get_locale_timedate (sig->timestamp, timebuf, DIM (timebuf)-1);
        if (!attr)
            attr = _("Unknown");
    }
    else
        attr = _("Unknown");
    listview_add_sub_item (lv, 0, VER_COL_SIGNED, attr);
        
    if (key.ctx != NULL)
        attr = get_key_trust2 (NULL, key.ctx->uids->validity, 0, 0);
    else
        attr = _("Unknown");
    listview_add_sub_item (lv, 0, VER_COL_TRUST, attr);

    attr = sig_get_real_keyid (sig, &key);
    _snprintf (t, DIM (t)-1, "0x%s", attr);
    listview_add_sub_item (lv, 0, VER_COL_KEYID, t);
    listview_add_sub_item (lv, 0, VER_COL_UID, 
                           log->user_id? 
                           log->user_id : _("user ID not found"));
    if (vlv->infctl)
        verlist_set_additional_info (vlv, sig);

    return 0;
}
1	/* wptVerifyList.cpp - Listview for verifying signatures
2	* Copyright (C) 2001, 2002, 2003, 2005, 2006, 2007 Timo Schulz
3	* Copyright (C) 2005 g10 Code GmbH
4	*
5	* This file is part of WinPT.
6	*
7	* WinPT is free software; you can redistribute it and/or
8	* modify it under the terms of the GNU General Public License
9	* as published by the Free Software Foundation; either version 2
10	* of the License, or (at your option) any later version.
11	*
12	* WinPT is distributed in the hope that it will be useful,
13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15	* General Public License for more details.
16	*/
17
18	#ifdef HAVE_CONFIG_H
19	#include <config.h>
20	#endif
21
22	#include <windows.h>
23	#include <time.h>
24
25	#include "resource.h"
26	#include "wptTypes.h"
27	#include "wptGPG.h"
28	#include "wptCommonCtl.h"
29	#include "wptKeylist.h"
30	#include "wptNLS.h"
31	#include "wptContext.h"
32	#include "wptErrors.h"
33	#include "wptW32API.h"
34	#include "wptVersion.h"
35
36	/* Symbolic column IDs */
37	enum {
38	VER_COL_NAME = 0,
39	VER_COL_STAT = 1,
40	VER_COL_SIGNED = 2,
41	VER_COL_TRUST = 3,
42	VER_COL_KEYID = 4,
43	VER_COL_UID = 5
44	};
45
46
47	/* Extract the file name part out of the given path in @path.
48	Return value: file part or NULL on error. */
49	static char*
50	extract_filename (const char *path)
51	{
52	char *p;
53	size_t pos;
54
55	p = strrchr (path, '\\');
56	if (p == NULL)
57	return m_strdup (path);
58	pos = p-path;
59	return substr (path, pos+1, strlen (path)-1);
60	}
61
62
63	/* Return human printable PKA status.
64	If no pka information is available, return NULL. */
65	char*
66	get_pka_status (gpgme_signature_t sig)
67	{
68	const char *fmt;
69	char *pka_inf;
70
71	if (sig->pka_trust == 0 \|\| !sig->pka_address)
72	return NULL;
73	fmt = _("PKA: Verified signer's address is '%s'");
74	pka_inf = new char[strlen (fmt)+strlen (sig->pka_address)+2];
75	if (!pka_inf)
76	BUG (NULL);
77	sprintf (pka_inf, fmt, sig->pka_address);
78	return pka_inf;
79	}
80
81
82	/* Set additional signature information according to the
83	signature @sig. If no info control is used, just return. */
84	void
85	verlist_set_additional_info (verlist_ctrl_t vlv, gpgme_signature_t sig)
86	{
87	int used = 1;
88
89	if (!vlv->infctl)
90	return;
91
92	/* if the signature is bad, we just hide the window and return. */
93	if (sig->summary & GPGME_SIGSUM_RED) {
94	ShowWindow (vlv->infctl, SW_HIDE);
95	return;
96	}
97	/* XXX: if the summary does not contain GPGME_SIGSUM_GREEN, issue a warning. */
98	if (sig->validity != GPGME_VALIDITY_MARGINAL &&
99	sig->validity != GPGME_VALIDITY_FULL &&
100	sig->validity != GPGME_VALIDITY_ULTIMATE &&
101	!(sig->summary & GPGME_SIGSUM_KEY_MISSING)) {
102	SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)
103	_("WARNING: This key is not certified with a trusted signature!\r\n"
104	" There is no indication that the signature belongs to the owner.\r\n"));
105	}
106	else if (sig->exp_timestamp > (DWORD)time (NULL))
107	SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)
108	_("The signature is expired!"));
109	else {
110	char *pka_info = get_pka_status (sig);
111	if (pka_info != NULL) {
112	SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)pka_info);
113	free_if_alloc (pka_info);
114	}
115	else {
116	SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)"");
117	used = 0;
118	}
119	}
120	ShowWindow (vlv->infctl, used? SW_SHOW : SW_HIDE);
121	}
122
123
124	/* Build a verify signature list control. With the parent window
125	from @ctrl and the mod given in @fm_mode. @lv contains the
126	new control on success.
127	Return value: 0 on success. */
128	void
129	verlist_build (verlist_ctrl_t *vlv, HWND ctrl, int fm_mode)
130	{
131	struct listview_column_s verlist[] = {
132	{0, 120, (char *)_("Name")},
133	{1, 140, (char *)_("Status")},
134	{2, 120, (char *)_("Signed")},
135	{3, 58, (char *)_("Trust") },
136	{4, 80, (char *)_("Key ID" )},
137	{5, 160, (char *)_("User ID")},
138	{6, 0, NULL}
139	};
140	HICON ico[2];
141	struct verlist_ctrl_s *v;
142	int j;
143
144	v = new verlist_ctrl_s;
145	if (!v)
146	BUG (0);
147	memset (v, 0, sizeof *v);
148	listview_new (&v->lv, ctrl);
149	for (j=0; verlist[j].fieldname; j++)
150	listview_add_column (v->lv, &verlist[j]);
151	if (!fm_mode)
152	listview_set_column_width (v->lv, 0, 80);
153	listview_set_ext_style (v->lv);
154	ico[0] = LoadIcon (glob_hinst, (LPCTSTR)IDI_SIG_GOOD);
155	ico[1] = LoadIcon (glob_hinst, (LPCTSTR)IDI_SIG_BAD);
156	listview_set_image_list (v->lv, 16, 16, ico, 2);
157	*vlv = v;
158	}
159
160
161	void
162	verlist_set_info_control (verlist_ctrl_t vlv, HWND infctl)
163	{
164	vlv->infctl = infctl;
165	}
166
167
168	/* Delete the given verify control in @lv. */
169	void
170	verlist_delete (verlist_ctrl_t vlv)
171	{
172	if (vlv) {
173	listview_release (vlv->lv);
174	free_if_alloc (vlv);
175	}
176	}
177
178
179	/* Handy function to extract the real key ID from a signature. */
180	const char *
181	sig_get_real_keyid (gpgme_signature_t sig, winpt_key_t key)
182	{
183	const char *keyid;
184
185	/* We still need an extra check for RSA:MD5 keys because we
186	cannot derrive the keyid directly from the fingerprint. */
187	if (strlen (sig->fpr) == 32) {
188	if (key->ext != NULL)
189	keyid = key->ext->key->subkeys->keyid+8;
190	else /* show the fingerprint if the key is not in the keyring. */
191	keyid = sig->fpr;
192	}
193	else
194	keyid = get_keyid_from_fpr (sig->fpr);
195	return keyid;
196	}
197
198
199	/* Add the given signature in @sig to the verify control @lv.
200	Return value: 0 on success. */
201	int
202	verlist_add_sig (verlist_ctrl_t vlv, gpgme_signature_t sig)
203	{
204	listview_ctrl_t lv;
205	struct winpt_key_s key;
206	const char *attr;
207	char keyid[32+1], timebuf[128];
208	u32 key_attr;
209	int is_bad;
210
211	is_bad = sig->summary & GPGME_SIGSUM_RED? 1 : 0;
212	lv = vlv->lv;
213	if (listview_add_item_image (lv, " ", is_bad))
214	return WPTERR_GENERAL;
215
216	listview_add_sub_item (lv, 0, VER_COL_NAME, _("Clipboard"));
217
218	memset (&key, 0, sizeof (key));
219	winpt_get_pubkey (sig->fpr, &key);
220	if (sig->summary == 0 && gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
221	attr = get_gpg_sigstat (GPGME_SIGSUM_GREEN);
222	else
223	attr = get_gpg_sigstat (sig->summary);
224	if (attr)
225	listview_add_sub_item (lv, 0, VER_COL_STAT, (char *)attr);
226
227	attr = get_locale_timedate (sig->timestamp, timebuf, DIM (timebuf)-1);
228	if (!attr)
229	attr = _("Unknown");
230	listview_add_sub_item (lv, 0, VER_COL_SIGNED, (char *)attr);
231
232	attr = _("Unknown");
233	if (key.ctx) {
234	key_attr = key.ext->uids->validity;
235	attr = get_key_trust2 (NULL, key_attr, 0, 0);
236	}
237	listview_add_sub_item (lv, 0, VER_COL_TRUST, (char *)attr);
238
239	attr = sig_get_real_keyid (sig, &key);
240	_snprintf (keyid, DIM (keyid) -1, "0x%s", attr);
241	listview_add_sub_item (lv, 0, VER_COL_KEYID, keyid);
242
243	attr = key.ctx? key.ext->uids->name : _("user ID not found");
244	listview_add_sub_item (lv, 0, VER_COL_UID, attr);
245
246	if (vlv->infctl)
247	verlist_set_additional_info (vlv, sig);
248	return 0;
249	}
250
251
252	/* Add the given file signature in @log to the verify control @lv.
253	Return value: 0 on success. */
254	int
255	verlist_add_sig_log (verlist_ctrl_t vlv, file_sig_ctx_t log)
256	{
257	gpgme_signature_t sig = log->sig;
258	struct listview_ctrl_s *lv;
259	struct winpt_key_s key;
260	const char *attr;
261	char t[64], timebuf[128], *name;
262	int is_bad;
263
264	lv = vlv->lv;
265	is_bad = sig->summary & GPGME_SIGSUM_RED? 1 : 0;
266	if (listview_add_item_image (lv, "", is_bad)) {
267	log_debug ("verlist_add_sig_log: listview_add_item() failed.\n");
268	return WPTERR_GENERAL;
269	}
270
271	memset (&key, 0, sizeof (key));
272	winpt_get_pubkey (sig->fpr, &key);
273
274	name = extract_filename (log->file);
275	if (name != NULL)
276	listview_add_sub_item (lv, 0, VER_COL_NAME, name);
277	else
278	listview_add_sub_item (lv, 0, VER_COL_NAME, log->file);
279	free_if_alloc (name);
280
281	if (sig->summary == 0 && gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
282	attr = get_gpg_sigstat (GPGME_SIGSUM_GREEN);
283	else
284	attr = get_gpg_sigstat (sig->summary);
285	listview_add_sub_item (lv, 0, VER_COL_STAT, attr);
286
287	if (sig->timestamp > 0) {
288	attr = get_locale_timedate (sig->timestamp, timebuf, DIM (timebuf)-1);
289	if (!attr)
290	attr = _("Unknown");
291	}
292	else
293	attr = _("Unknown");
294	listview_add_sub_item (lv, 0, VER_COL_SIGNED, attr);
295
296	if (key.ctx != NULL)
297	attr = get_key_trust2 (NULL, key.ctx->uids->validity, 0, 0);
298	else
299	attr = _("Unknown");
300	listview_add_sub_item (lv, 0, VER_COL_TRUST, attr);
301
302	attr = sig_get_real_keyid (sig, &key);
303	_snprintf (t, DIM (t)-1, "0x%s", attr);
304	listview_add_sub_item (lv, 0, VER_COL_KEYID, t);
305	listview_add_sub_item (lv, 0, VER_COL_UID,
306	log->user_id?
307	log->user_id : _("user ID not found"));
308	if (vlv->infctl)
309	verlist_set_additional_info (vlv, sig);
310
311	return 0;
312	}