X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fshare%2Fma%2Flist_certifiers;h=38a3222db32e721c7cb8adaf70913c8659be5f50;hb=cb23b390761c20358c5db30203589c823c7b5bbf;hp=e37485ead6bbba2e0ac2455c98c14361ea1f674b;hpb=bd249afe1f74e2dfc451f73a261d0dfb4a8b58ca;p=monkeysphere.git

diff --git a/src/share/ma/list_certifiers b/src/share/ma/list_certifiers
index e37485e..38a3222 100644
--- a/src/share/ma/list_certifiers
+++ b/src/share/ma/list_certifiers
@@ -17,14 +17,73 @@ list_certifiers() {
 
 local keys
 local key
+local authfpr
+local keyfpr
+local uid
+local printedfpr
 
-# find trusted keys in authentication keychain
-keys=$(gpg_sphere "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-keys --with-colons --fingerprint" | \
-    grep ^pub: | cut -d: -f2,5 | egrep '^(u|f):' | cut -d: -f2)
+# find trusted keys in sphere keychain
+log debug "finding trusted keys..."
 
-# output keys
-for key in $keys ; do
-    gpg_sphere "--no-options --list-options show-uid-validity --keyring ${GNUPGHOME_AUTHENTICATION}/pubring.gpg --list-key --fingerprint $key"
+# FIXME: this assumes that the keygrip (16 hex chars) is unique; we're
+# only searching by keygrip at the moment.
+
+authgrip=$(core_fingerprint | cut -b 25-40)
+
+# We're walking the list of known signatures, and extracting all trust
+# signatures made by the core fingerprint and known to the sphere
+# keyring.
+
+# for each one of these, we're printing (colon-delimited): the
+# fingerprint, the trust depth, the trust level (60 == marginal, 120
+# == full), and the domain regex (if any):
+
+gpg_sphere "--fingerprint --with-colons --fixed-list-mode --check-sigs" | \
+    cut -f 1,2,5,8,9,10 -d: | \
+    egrep '^(fpr:::::|uat:|uid:|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
+    while IFS=: read -r type validity grip trustparams trustdomain fpr ; do
+    case $type in
+	'fpr') # this is a new key
+	    keyfpr=$fpr
+	    uid=
+	    printedfpr=no
+	    ;;
+	'uid') # here comes a user id (if we don't have a key, or the
+	       # uid has no calculated validity, we will not bother
+	       # with it):
+	    if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then
+		uid="$fpr"
+	    else
+		uid=
+	    fi
+	    ;;
+	'uat') # this is a user attribute. DETAILS.gz states that the
+	       # 10th field is the number of user attribute
+	       # subpackets, followed by the total number of bytes of
+	       # the subpackets:
+	    if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then
+		uid=$(printf "%d JPEG(?) image(s), total %d bytes" \
+		    "${fpr%% *}" "${fpr##* }")
+	    else
+		uid=
+	    fi
+	    ;;
+	'sig') # print all trust signatures, including regexes if
+	       # present, assuming that
+	    if [ "$keyfpr" ] && [ "$uid" ] ; then
+		trustdepth=${trustparams%% *}
+		trustlevel=${trustparams##* }
+		if [ "$printedfpr" = no ] ; then
+		    printf "%s:\n" "$keyfpr"
+		    printedfpr=yes
+		fi
+
+	    # FIXME: this is clumsy and not human-friendly.  we should
+	    # print out more human-readable information, if possible.
+		printf " :%s:%d:%d:%s\n" "$uid" "$trustdepth" "$trustlevel" "$trustdomain"
+	    fi
+	    ;;
+    esac
 done
 
 }