* call-agent.c (learn_cb): Use log_info instead of log_error on

successful import.

* keydb.c (keydb_set_ephemeral): New.
(keydb_store_cert): New are ephemeral, changed all callers.
* keylist.c (list_external_cb): Store cert as ephemeral.
* export.c (gpgsm_export): Kludge to export epehmeral certificates.

* gpgsm.c (main): New command --list-external-keys.

9 files changed, 78 insertions, 8 deletions

diff --git a/sm/ChangeLog b/sm/ChangeLog
index 9154d9e88..87426cbb3 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,15 @@
+2002-06-19  Werner Koch  <wk@gnupg.org>
+
+	* call-agent.c (learn_cb): Use log_info instead of log_error on
+	successful import.
+
+	* keydb.c (keydb_set_ephemeral): New.
+	(keydb_store_cert): New are ephemeral, changed all callers.
+	* keylist.c (list_external_cb): Store cert as ephemeral.
+	* export.c (gpgsm_export): Kludge to export epehmeral certificates.
+
+	* gpgsm.c (main): New command --list-external-keys.
+	
 2002-06-17  Werner Koch  <wk@gnupg.org>
 
 	* certreqgen.c (read_parameters): Improved error handling.
diff --git a/sm/call-agent.c b/sm/call-agent.c
index e11053220..f4b6087e2 100644
--- a/sm/call-agent.c
+++ b/sm/call-agent.c
@@ -693,8 +693,8 @@ learn_cb (void *opaque, const void *buffer, size_t length)
     log_error ("invalid certificate: %s\n", gnupg_strerror (rc));
   else
     {
-      if (!keydb_store_cert (cert))
-        log_error ("certificate imported\n");
+      if (!keydb_store_cert (cert, 0))
+        log_info ("certificate imported\n");
     }
 
   ksba_cert_release (cert);
diff --git a/sm/export.c b/sm/export.c
index ce2909fdf..fc82b7e6c 100644
--- a/sm/export.c
+++ b/sm/export.c
@@ -50,6 +50,7 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
   KsbaCert cert = NULL;
   int rc=0;
   int count = 0;
+  int i;
 
   hd = keydb_new (0);
   if (!hd)
@@ -91,7 +92,23 @@ gpgsm_export (CTRL ctrl, STRLIST names, FILE *fp)
         }
     }
 
+  /* If all specifications are done by fingerprint, we switch to
+     ephemeral mode so that _all_ currently available and matching
+     certificates are exported. 
 
+     fixme: we should in this case keep a list of certificates to
+     avoid accidential export of duplicate certificates. */
+  if (names && ndesc)
+    {
+      for (i=0; (i < ndesc
+                 && (desc[i].mode == KEYDB_SEARCH_MODE_FPR
+                     || desc[i].mode == KEYDB_SEARCH_MODE_FPR20
+                     || desc[i].mode == KEYDB_SEARCH_MODE_FPR16)); i++)
+        ;
+      if (i == ndesc)
+        keydb_set_ephemeral (hd, 1);
+    }
+      
   while (!(rc = keydb_search (hd, desc, ndesc)))
     {
       const unsigned char *image;
diff --git a/sm/gpgsm.c b/sm/gpgsm.c
index de62088bc..06a3a9c60 100644
--- a/sm/gpgsm.c
+++ b/sm/gpgsm.c
@@ -68,6 +68,7 @@ enum cmd_and_opt_values {
   aVerify,
   aVerifyFiles,
   aListKeys,
+  aListExternalKeys,
   aListSigs,
   aListSecretKeys,
   aSendKeys,
@@ -212,7 +213,8 @@ static ARGPARSE_OPTS opts[] = {
     { aVerify, "verify"   , 256, N_("verify a signature")},
     { aVerifyFiles, "verify-files" , 256, "@" },
     { aListKeys, "list-keys", 256, N_("list keys")},
-    { aListKeys, "list-public-keys", 256, "@" },
+    { aListKeys, "list-keys", 256, N_("list keys")},
+    { aListExternalKeys, "list-external-keys", 256, N_("list external keys")},
     { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
     { aListSigs,   "list-sigs", 256, N_("list certificate chain")}, 
     { aListSigs,   "check-sigs",256, "@"},
@@ -730,6 +732,7 @@ main ( int argc, char **argv)
         case aRecvKeys: set_cmd (&cmd, aRecvKeys); break;
         case aExport: set_cmd (&cmd, aExport); break;
         case aListKeys: set_cmd (&cmd, aListKeys); break;
+        case aListExternalKeys: set_cmd (&cmd, aListExternalKeys); break;
         case aListSecretKeys: set_cmd (&cmd, aListSecretKeys); break;
         case aListSigs: set_cmd (&cmd, aListSigs); break;
 
@@ -1214,6 +1217,13 @@ main ( int argc, char **argv)
       free_strlist(sl);
       break;
 
+    case aListExternalKeys:
+      for (sl=NULL; argc; argc--, argv++)
+        add_to_strlist (&sl, *argv);
+      gpgsm_list_keys (&ctrl, sl, stdout, (0 | (1<<7)));
+      free_strlist(sl);
+      break;
+
     case aListSecretKeys:
       for (sl=NULL; argc; argc--, argv++)
         add_to_strlist (&sl, *argv);
diff --git a/sm/import.c b/sm/import.c
index 0f4547206..1258d308b 100644
--- a/sm/import.c
+++ b/sm/import.c
@@ -104,7 +104,7 @@ gpgsm_import (CTRL ctrl, int in_fd)
         {
           if ( !gpgsm_basic_cert_check (cert) )
             {
-              if (!keydb_store_cert (cert))
+              if (!keydb_store_cert (cert, 0))
                 {
                   if (opt.verbose)
                     log_info ("certificate imported\n");
@@ -139,7 +139,7 @@ gpgsm_import (CTRL ctrl, int in_fd)
       
       if ( !gpgsm_basic_cert_check (cert) )
         {
-          if (!keydb_store_cert (cert))
+          if (!keydb_store_cert (cert, 0))
             {
               if (opt.verbose)
                 log_info ("certificate imported\n");
diff --git a/sm/keydb.c b/sm/keydb.c
index 4f7bbb594..50c9e54bd 100644
--- a/sm/keydb.c
+++ b/sm/keydb.c
@@ -59,6 +59,7 @@ struct keydb_handle {
   int locked;
   int found;
   int current;
+  int ephemeral;
   int used; /* items in active */
   struct resource_item active[MAX_KEYDB_RESOURCES];
 };
@@ -331,6 +332,29 @@ keydb_get_resource_name (KEYDB_HANDLE hd)
   return s? s: "";
 }
 
+int
+keydb_set_ephemeral (KEYDB_HANDLE hd, int yes)
+{
+  int i;
+
+  if (!hd)
+    return GNUPG_Invalid_Value;
+
+  for (i=0; i < hd->used; i++)
+    {
+      switch (hd->active[i].type) 
+        {
+        case KEYDB_RESOURCE_TYPE_NONE:
+          break;
+        case KEYDB_RESOURCE_TYPE_KEYBOX:
+          keybox_set_ephemeral (hd->active[i].u.kr, yes);
+          break;
+        }
+    }
+
+  return 0;
+}
+
 
 
 static int 
@@ -1147,7 +1171,7 @@ keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc)
 /* Store the certificate in the key Db but make sure that it does not
    already exists.  We do this simply by comparing the fingerprint */
 int
-keydb_store_cert (KsbaCert cert)
+keydb_store_cert (KsbaCert cert, int ephemeral)
 {
   KEYDB_HANDLE kh;
   int rc;
@@ -1166,6 +1190,9 @@ keydb_store_cert (KsbaCert cert)
       return GNUPG_Out_Of_Core;
     }
 
+  if (ephemeral)
+    keydb_set_ephemeral (kh, 1);
+  
   rc = keydb_search_fpr (kh, fpr);
   if (rc != -1)
     {
diff --git a/sm/keydb.h b/sm/keydb.h
index 9032c5296..0721f431a 100644
--- a/sm/keydb.h
+++ b/sm/keydb.h
@@ -32,6 +32,7 @@ typedef struct keydb_handle *KEYDB_HANDLE;
 int keydb_add_resource (const char *url, int force, int secret);
 KEYDB_HANDLE keydb_new (int secret);
 void keydb_release (KEYDB_HANDLE hd);
+int keydb_set_ephemeral (KEYDB_HANDLE hd, int yes);
 const char *keydb_get_resource_name (KEYDB_HANDLE hd);
 
 #if 0 /* pgp stuff */
@@ -62,7 +63,7 @@ int keydb_search_subject (KEYDB_HANDLE hd, const char *issuer);
 
 int keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc);
 
-int keydb_store_cert (KsbaCert cert);
+int keydb_store_cert (KsbaCert cert, int ephemeral);
 
 
 #endif /*GNUPG_KEYDB_H*/
diff --git a/sm/keylist.c b/sm/keylist.c
index 65171a1d4..a8d9c5411 100644
--- a/sm/keylist.c
+++ b/sm/keylist.c
@@ -548,6 +548,9 @@ list_external_cb (void *cb_value, KsbaCert cert)
 {
   struct list_external_parm_s *parm = cb_value;
 
+  if (keydb_store_cert (cert, 1))
+    log_error ("error storing certificate as ephemeral\n");
+
   if (parm->print_header)
     {
       const char *resname = "[external keys]";
diff --git a/sm/verify.c b/sm/verify.c
index 394939eb0..286dc68bb 100644
--- a/sm/verify.c
+++ b/sm/verify.c
@@ -242,7 +242,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
          certificate first before entering it into the DB.  This way
          we would avoid cluttering the DB with invalid
          certificates. */
-      keydb_store_cert (cert);
+      keydb_store_cert (cert, 0);
       ksba_cert_release (cert);
     }