trunk/Src/wptVerifyList.cpp

/* wptVerifyList.cpp - Listview for verifying signatures
 *      Copyright (C) 2001, 2002, 2003, 2005, 2006, 2007 Timo Schulz
 *      Copyright (C) 2005 g10 Code GmbH
 *
 * This file is part of WinPT.
 *
 * WinPT is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License 
 * as published by the Free Software Foundation; either version 2 
 * of the License, or (at your option) any later version.
 *  
 * WinPT is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <windows.h>
#include <time.h>

#include "resource.h"
#include "wptTypes.h"
#include "wptGPG.h"
#include "wptCommonCtl.h"
#include "wptKeylist.h"
#include "wptNLS.h"
#include "wptContext.h"
#include "wptErrors.h"
#include "wptW32API.h"
#include "wptVersion.h"

/* Symbolic column IDs */
enum {
    VER_COL_NAME = 0,
    VER_COL_STAT = 1,
    VER_COL_SIGNED = 2,
    VER_COL_TRUST = 3,
    VER_COL_KEYID = 4,
    VER_COL_UID = 5
};


/* Extract the file name part out of the given path in @path.
   Return value: file part or NULL on error. */
static char*
extract_filename (const char *path)
{
    char *p;
    size_t pos;

    p = strrchr (path, '\\');
    if (p == NULL)
        return m_strdup (path);
    pos = p - path;
    return substr(path, pos+1, strlen(path));
}


/* Return human printable PKA status.
   If no pka information is available, return NULL. */
char*
get_pka_status (gpgme_signature_t sig)
{
    const char *fmt;
    char *pka_inf;

    if (sig->pka_trust == 0 || !sig->pka_address)
        return NULL;
    fmt = _("PKA: Verified signer's address is '%s'");
    pka_inf = new char[strlen (fmt)+strlen (sig->pka_address)+2];
    if (!pka_inf)
        BUG (NULL);     
    sprintf (pka_inf, fmt, sig->pka_address);
    return pka_inf;
}


/* Set additional signature information according to the
   signature @sig. If no info control is used, just return. */
void
verlist_set_additional_info (verlist_ctrl_t vlv, gpgme_signature_t sig)
{
    int used = 1;

    if (!vlv->infctl)
        return;

    /* if the signature is bad, we just hide the window and return. */
    if (sig->summary & GPGME_SIGSUM_RED) {
        ShowWindow (vlv->infctl, SW_HIDE);
        return;
    }
    /* XXX: if the summary does not contain GPGME_SIGSUM_GREEN, issue a warning. */
    
    if (sig->summary & GPGME_SIGSUM_VALID)
        used = 0;
    else if (sig->validity != GPGME_VALIDITY_MARGINAL &&
             sig->validity != GPGME_VALIDITY_FULL &&
             sig->validity != GPGME_VALIDITY_ULTIMATE &&
             !(sig->summary & GPGME_SIGSUM_KEY_MISSING)) {
        SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)
                     _("WARNING: This key is not certified with a trusted signature!\r\n"
                       "                   There is no indication that the signature belongs to the owner.\r\n"));
    }
    else if (sig->exp_timestamp > (DWORD)time (NULL))
        SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)
                     _("The signature is expired!"));
    else {
        char *pka_info = get_pka_status (sig);
        if (pka_info != NULL) {
            SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)pka_info);
            free_if_alloc (pka_info);
        }
        else {
            SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)"");
            used = 0;
        }
    }    
    ShowWindow (vlv->infctl, used? SW_SHOW : SW_HIDE);
}


/* Build a verify signature list control. With the parent window
   from @ctrl and the mod given in @fm_mode. @lv contains the
   new control on success.
   Return value: 0 on success. */
void
verlist_build (verlist_ctrl_t *vlv, HWND ctrl, int fm_mode)
{
    struct listview_column_s verlist[] = {
        {0, 120, (char *)_("Name")},
        {1, 122, (char *)_("Status")},
        {2, 120, (char *)_("Signed")},
        {3,  66, (char *)_("Trust") },
        {4,  80, (char *)_("Key ID" )},
        {5, 160, (char *)_("User ID")},
        {6, 0, NULL}
    };
    HICON ico[2];
    struct verlist_ctrl_s *v;    
    
    v = new verlist_ctrl_s;
    if (!v)
        BUG (0);
    memset (v, 0, sizeof *v);
    listview_new (&v->lv, ctrl);
    for (int j=0; verlist[j].fieldname; j++)
        listview_add_column (v->lv, &verlist[j]);
    if (!fm_mode)
        listview_set_column_width (v->lv, 0, 80);
    listview_set_ext_style (v->lv);
    ico[0] = LoadIcon (glob_hinst, (LPCTSTR)IDI_SIG_GOOD);
    ico[1] = LoadIcon (glob_hinst, (LPCTSTR)IDI_SIG_BAD);
    listview_set_image_list (v->lv, 16, 16, ico, 2);
    *vlv = v;
}


void
verlist_set_info_control (verlist_ctrl_t vlv, HWND infctl)
{
    vlv->infctl = infctl;
}


/* Delete the given verify control in @lv. */
void
verlist_delete (verlist_ctrl_t vlv)
{
    if (vlv) {
        listview_release (vlv->lv);
        free_if_alloc (vlv);
    }
}


/* Handy function to extract the real key ID from a signature. */
const char *
sig_get_real_keyid (gpgme_signature_t sig, winpt_key_t key)
{
    const char *keyid;
    
     /* We still need an extra check for RSA:MD5 keys because we
        cannot derrive the keyid directly from the fingerprint. */
    if (strlen (sig->fpr) == 32) {
        if (key->ext != NULL)
            keyid = key->ext->key->subkeys->keyid+8;
        else /* show the fingerprint if the key is not in the keyring. */
            keyid = sig->fpr;
    }
    else
        keyid = get_keyid_from_fpr (sig->fpr);
    return keyid;
}

    
/* Add the given signature in @sig to the verify control @lv.
   Return value: 0 on success. */
int
verlist_add_sig (verlist_ctrl_t vlv, gpgme_signature_t sig)
{
    listview_ctrl_t lv;
    struct winpt_key_s key;    
    const char *attr;
    char keyid[32+1], timebuf[128];
    u32 key_attr;
    int is_bad;
    
    is_bad = sig->summary & GPGME_SIGSUM_RED? 1 : 0;
    lv = vlv->lv;
    if (listview_add_item_image (lv, " ", is_bad))
        return WPTERR_GENERAL;
        
    listview_add_sub_item (lv, 0, VER_COL_NAME, _("Clipboard"));

    memset (&key, 0, sizeof (key));
    winpt_get_pubkey (sig->fpr, &key);
    if (sig->summary == 0 && gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
        attr = get_gpg_sigstat (GPGME_SIGSUM_GREEN);
    else
        attr = get_gpg_sigstat (sig->summary);
    if (attr)
        listview_add_sub_item (lv, 0, VER_COL_STAT, (char *)attr);
    
    attr = get_locale_timedate (sig->timestamp, timebuf, DIM (timebuf)-1);
    if (!attr)
        attr = _("Unknown");
    listview_add_sub_item (lv, 0, VER_COL_SIGNED, (char *)attr);
    
    attr = _("Unknown");
    if (key.ctx) {
        key_attr = key.ext->uids->validity;
        attr = get_key_trust2 (NULL, key_attr, 0, 0);
    }
    listview_add_sub_item (lv, 0, VER_COL_TRUST, (char *)attr);
    
    attr = sig_get_real_keyid (sig, &key);
    _snprintf (keyid, DIM (keyid) -1, "0x%s", attr);
    listview_add_sub_item (lv, 0, VER_COL_KEYID, keyid);
    
    attr = key.ctx? key.ext->uids->name : _("user ID not found");
    listview_add_sub_item (lv, 0, VER_COL_UID, attr);

    if (vlv->infctl)
        verlist_set_additional_info (vlv, sig);
    return 0;
}


/* Add the given file signature in @log to the verify control @lv.
   Return value: 0 on success. */
int
verlist_add_sig_log (verlist_ctrl_t vlv, file_sig_ctx_t log)
{
    gpgme_signature_t sig = log->sig;
    struct listview_ctrl_s *lv;
    struct winpt_key_s key;
    const char *attr;
    char t[64], timebuf[128], *name;
    int is_bad;

    lv = vlv->lv;
    is_bad = sig->summary & GPGME_SIGSUM_RED? 1 : 0;
    if (listview_add_item_image (lv, "", is_bad))
        BUG (0);

    memset (&key, 0, sizeof (key));
    winpt_get_pubkey (sig->fpr, &key);
    
    name = extract_filename (log->file);
    if (name != NULL)
        listview_add_sub_item (lv, 0, VER_COL_NAME, name);
    else
        listview_add_sub_item (lv, 0, VER_COL_NAME, log->file);
    free_if_alloc (name);
    
    if (sig->summary == 0 && gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
        attr = get_gpg_sigstat (GPGME_SIGSUM_GREEN);
    else
        attr = get_gpg_sigstat (sig->summary);
    listview_add_sub_item (lv, 0, VER_COL_STAT, attr);

    if (sig->timestamp > 0) {
        attr = get_locale_timedate (sig->timestamp, timebuf, DIM (timebuf)-1);
        if (!attr)
            attr = _("Unknown");
    }
    else
        attr = _("Unknown");
    listview_add_sub_item (lv, 0, VER_COL_SIGNED, attr);
        
    if (key.ctx != NULL)
        attr = get_key_trust2 (NULL, key.ctx->uids->validity, 0, 0);
    else
        attr = _("Unknown");
    listview_add_sub_item (lv, 0, VER_COL_TRUST, attr);

    attr = sig_get_real_keyid (sig, &key);
    _snprintf (t, DIM (t)-1, "0x%s", attr);
    listview_add_sub_item (lv, 0, VER_COL_KEYID, t);
    listview_add_sub_item (lv, 0, VER_COL_UID, 
                           log->user_id? 
                           log->user_id : _("user ID not found"));
    if (vlv->infctl)
        verlist_set_additional_info (vlv, sig);

    return 0;
}
1	/* wptVerifyList.cpp - Listview for verifying signatures
2	* Copyright (C) 2001, 2002, 2003, 2005, 2006, 2007 Timo Schulz
3	* Copyright (C) 2005 g10 Code GmbH
4	*
5	* This file is part of WinPT.
6	*
7	* WinPT is free software; you can redistribute it and/or
8	* modify it under the terms of the GNU General Public License
9	* as published by the Free Software Foundation; either version 2
10	* of the License, or (at your option) any later version.
11	*
12	* WinPT is distributed in the hope that it will be useful,
13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15	* General Public License for more details.
16	*/
17
18	#ifdef HAVE_CONFIG_H
19	#include <config.h>
20	#endif
21
22	#include <windows.h>
23	#include <time.h>
24
25	#include "resource.h"
26	#include "wptTypes.h"
27	#include "wptGPG.h"
28	#include "wptCommonCtl.h"
29	#include "wptKeylist.h"
30	#include "wptNLS.h"
31	#include "wptContext.h"
32	#include "wptErrors.h"
33	#include "wptW32API.h"
34	#include "wptVersion.h"
35
36	/* Symbolic column IDs */
37	enum {
38	VER_COL_NAME = 0,
39	VER_COL_STAT = 1,
40	VER_COL_SIGNED = 2,
41	VER_COL_TRUST = 3,
42	VER_COL_KEYID = 4,
43	VER_COL_UID = 5
44	};
45
46
47	/* Extract the file name part out of the given path in @path.
48	Return value: file part or NULL on error. */
49	static char*
50	extract_filename (const char *path)
51	{
52	char *p;
53	size_t pos;
54
55	p = strrchr (path, '\\');
56	if (p == NULL)
57	return m_strdup (path);
58	pos = p - path;
59	return substr(path, pos+1, strlen(path));
60	}
61
62
63	/* Return human printable PKA status.
64	If no pka information is available, return NULL. */
65	char*
66	get_pka_status (gpgme_signature_t sig)
67	{
68	const char *fmt;
69	char *pka_inf;
70
71	if (sig->pka_trust == 0 \|\| !sig->pka_address)
72	return NULL;
73	fmt = _("PKA: Verified signer's address is '%s'");
74	pka_inf = new char[strlen (fmt)+strlen (sig->pka_address)+2];
75	if (!pka_inf)
76	BUG (NULL);
77	sprintf (pka_inf, fmt, sig->pka_address);
78	return pka_inf;
79	}
80
81
82	/* Set additional signature information according to the
83	signature @sig. If no info control is used, just return. */
84	void
85	verlist_set_additional_info (verlist_ctrl_t vlv, gpgme_signature_t sig)
86	{
87	int used = 1;
88
89	if (!vlv->infctl)
90	return;
91
92	/* if the signature is bad, we just hide the window and return. */
93	if (sig->summary & GPGME_SIGSUM_RED) {
94	ShowWindow (vlv->infctl, SW_HIDE);
95	return;
96	}
97	/* XXX: if the summary does not contain GPGME_SIGSUM_GREEN, issue a warning. */
98
99	if (sig->summary & GPGME_SIGSUM_VALID)
100	used = 0;
101	else if (sig->validity != GPGME_VALIDITY_MARGINAL &&
102	sig->validity != GPGME_VALIDITY_FULL &&
103	sig->validity != GPGME_VALIDITY_ULTIMATE &&
104	!(sig->summary & GPGME_SIGSUM_KEY_MISSING)) {
105	SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)
106	_("WARNING: This key is not certified with a trusted signature!\r\n"
107	" There is no indication that the signature belongs to the owner.\r\n"));
108	}
109	else if (sig->exp_timestamp > (DWORD)time (NULL))
110	SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)
111	_("The signature is expired!"));
112	else {
113	char *pka_info = get_pka_status (sig);
114	if (pka_info != NULL) {
115	SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)pka_info);
116	free_if_alloc (pka_info);
117	}
118	else {
119	SendMessage (vlv->infctl, WM_SETTEXT, 0, (LPARAM)(char*)"");
120	used = 0;
121	}
122	}
123	ShowWindow (vlv->infctl, used? SW_SHOW : SW_HIDE);
124	}
125
126
127	/* Build a verify signature list control. With the parent window
128	from @ctrl and the mod given in @fm_mode. @lv contains the
129	new control on success.
130	Return value: 0 on success. */
131	void
132	verlist_build (verlist_ctrl_t *vlv, HWND ctrl, int fm_mode)
133	{
134	struct listview_column_s verlist[] = {
135	{0, 120, (char *)_("Name")},
136	{1, 122, (char *)_("Status")},
137	{2, 120, (char *)_("Signed")},
138	{3, 66, (char *)_("Trust") },
139	{4, 80, (char *)_("Key ID" )},
140	{5, 160, (char *)_("User ID")},
141	{6, 0, NULL}
142	};
143	HICON ico[2];
144	struct verlist_ctrl_s *v;
145
146	v = new verlist_ctrl_s;
147	if (!v)
148	BUG (0);
149	memset (v, 0, sizeof *v);
150	listview_new (&v->lv, ctrl);
151	for (int j=0; verlist[j].fieldname; j++)
152	listview_add_column (v->lv, &verlist[j]);
153	if (!fm_mode)
154	listview_set_column_width (v->lv, 0, 80);
155	listview_set_ext_style (v->lv);
156	ico[0] = LoadIcon (glob_hinst, (LPCTSTR)IDI_SIG_GOOD);
157	ico[1] = LoadIcon (glob_hinst, (LPCTSTR)IDI_SIG_BAD);
158	listview_set_image_list (v->lv, 16, 16, ico, 2);
159	*vlv = v;
160	}
161
162
163	void
164	verlist_set_info_control (verlist_ctrl_t vlv, HWND infctl)
165	{
166	vlv->infctl = infctl;
167	}
168
169
170	/* Delete the given verify control in @lv. */
171	void
172	verlist_delete (verlist_ctrl_t vlv)
173	{
174	if (vlv) {
175	listview_release (vlv->lv);
176	free_if_alloc (vlv);
177	}
178	}
179
180
181	/* Handy function to extract the real key ID from a signature. */
182	const char *
183	sig_get_real_keyid (gpgme_signature_t sig, winpt_key_t key)
184	{
185	const char *keyid;
186
187	/* We still need an extra check for RSA:MD5 keys because we
188	cannot derrive the keyid directly from the fingerprint. */
189	if (strlen (sig->fpr) == 32) {
190	if (key->ext != NULL)
191	keyid = key->ext->key->subkeys->keyid+8;
192	else /* show the fingerprint if the key is not in the keyring. */
193	keyid = sig->fpr;
194	}
195	else
196	keyid = get_keyid_from_fpr (sig->fpr);
197	return keyid;
198	}
199
200
201	/* Add the given signature in @sig to the verify control @lv.
202	Return value: 0 on success. */
203	int
204	verlist_add_sig (verlist_ctrl_t vlv, gpgme_signature_t sig)
205	{
206	listview_ctrl_t lv;
207	struct winpt_key_s key;
208	const char *attr;
209	char keyid[32+1], timebuf[128];
210	u32 key_attr;
211	int is_bad;
212
213	is_bad = sig->summary & GPGME_SIGSUM_RED? 1 : 0;
214	lv = vlv->lv;
215	if (listview_add_item_image (lv, " ", is_bad))
216	return WPTERR_GENERAL;
217
218	listview_add_sub_item (lv, 0, VER_COL_NAME, _("Clipboard"));
219
220	memset (&key, 0, sizeof (key));
221	winpt_get_pubkey (sig->fpr, &key);
222	if (sig->summary == 0 && gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
223	attr = get_gpg_sigstat (GPGME_SIGSUM_GREEN);
224	else
225	attr = get_gpg_sigstat (sig->summary);
226	if (attr)
227	listview_add_sub_item (lv, 0, VER_COL_STAT, (char *)attr);
228
229	attr = get_locale_timedate (sig->timestamp, timebuf, DIM (timebuf)-1);
230	if (!attr)
231	attr = _("Unknown");
232	listview_add_sub_item (lv, 0, VER_COL_SIGNED, (char *)attr);
233
234	attr = _("Unknown");
235	if (key.ctx) {
236	key_attr = key.ext->uids->validity;
237	attr = get_key_trust2 (NULL, key_attr, 0, 0);
238	}
239	listview_add_sub_item (lv, 0, VER_COL_TRUST, (char *)attr);
240
241	attr = sig_get_real_keyid (sig, &key);
242	_snprintf (keyid, DIM (keyid) -1, "0x%s", attr);
243	listview_add_sub_item (lv, 0, VER_COL_KEYID, keyid);
244
245	attr = key.ctx? key.ext->uids->name : _("user ID not found");
246	listview_add_sub_item (lv, 0, VER_COL_UID, attr);
247
248	if (vlv->infctl)
249	verlist_set_additional_info (vlv, sig);
250	return 0;
251	}
252
253
254	/* Add the given file signature in @log to the verify control @lv.
255	Return value: 0 on success. */
256	int
257	verlist_add_sig_log (verlist_ctrl_t vlv, file_sig_ctx_t log)
258	{
259	gpgme_signature_t sig = log->sig;
260	struct listview_ctrl_s *lv;
261	struct winpt_key_s key;
262	const char *attr;
263	char t[64], timebuf[128], *name;
264	int is_bad;
265
266	lv = vlv->lv;
267	is_bad = sig->summary & GPGME_SIGSUM_RED? 1 : 0;
268	if (listview_add_item_image (lv, "", is_bad))
269	BUG (0);
270
271	memset (&key, 0, sizeof (key));
272	winpt_get_pubkey (sig->fpr, &key);
273
274	name = extract_filename (log->file);
275	if (name != NULL)
276	listview_add_sub_item (lv, 0, VER_COL_NAME, name);
277	else
278	listview_add_sub_item (lv, 0, VER_COL_NAME, log->file);
279	free_if_alloc (name);
280
281	if (sig->summary == 0 && gpg_err_code (sig->status) == GPG_ERR_NO_ERROR)
282	attr = get_gpg_sigstat (GPGME_SIGSUM_GREEN);
283	else
284	attr = get_gpg_sigstat (sig->summary);
285	listview_add_sub_item (lv, 0, VER_COL_STAT, attr);
286
287	if (sig->timestamp > 0) {
288	attr = get_locale_timedate (sig->timestamp, timebuf, DIM (timebuf)-1);
289	if (!attr)
290	attr = _("Unknown");
291	}
292	else
293	attr = _("Unknown");
294	listview_add_sub_item (lv, 0, VER_COL_SIGNED, attr);
295
296	if (key.ctx != NULL)
297	attr = get_key_trust2 (NULL, key.ctx->uids->validity, 0, 0);
298	else
299	attr = _("Unknown");
300	listview_add_sub_item (lv, 0, VER_COL_TRUST, attr);
301
302	attr = sig_get_real_keyid (sig, &key);
303	_snprintf (t, DIM (t)-1, "0x%s", attr);
304	listview_add_sub_item (lv, 0, VER_COL_KEYID, t);
305	listview_add_sub_item (lv, 0, VER_COL_UID,
306	log->user_id?
307	log->user_id : _("user ID not found"));
308	if (vlv->infctl)
309	verlist_set_additional_info (vlv, sig);
310
311	return 0;
312	}