/* run-keylist.c  - Helper to show a key listing.
 * Copyright (C) 2008, 2009 g10 Code GmbH
 *
 * This file is part of GPGME.
 *
 * GPGME is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * GPGME is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this program; if not, see <https://gnu.org/licenses/>.
 * SPDX-License-Identifier: LGPL-2.1-or-later
 */

/* We need to include config.h so that we know whether we are building
   with large file system (LFS) support. */
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <time.h>

#include <gpgme.h>

#define PGM "run-keylist"

#include "run-support.h"


static int verbose;


static int
show_usage (int ex)
{
  fputs ("usage: " PGM " [options] [USERID_or_FILE]\n\n"
         "Options:\n"
         "  --verbose        run in verbose mode\n"
         "  --openpgp        use the OpenPGP protocol (default)\n"
         "  --cms            use the CMS protocol\n"
         "  --chain          list all keys of the X.509 chain\n"
         "  --secret         list only secret keys\n"
         "  --with-secret    list pubkeys with secret info filled\n"
         "  --local          use GPGME_KEYLIST_MODE_LOCAL\n"
         "  --extern         use GPGME_KEYLIST_MODE_EXTERN\n"
         "  --sigs           use GPGME_KEYLIST_MODE_SIGS\n"
         "  --tofu           use GPGME_KEYLIST_MODE_TOFU\n"
         "  --sig-notations  use GPGME_KEYLIST_MODE_SIG_NOTATIONS\n"
         "  --ephemeral      use GPGME_KEYLIST_MODE_EPHEMERAL\n"
         "  --v5fpr          use GPGME_KEYLIST_MODE_V5FPR\n"
         "  --validate       use GPGME_KEYLIST_MODE_VALIDATE\n"
         "  --import         import all keys\n"
         "  --offline        use offline mode\n"
         "  --no-trust-check disable automatic trust database check\n"
         "  --from-file      list all keys in the given file\n"
         "  --from-wkd       list key from a web key directory\n"
         "  --require-gnupg  required at least the given GnuPG version\n"
         "  --trust-model    use the specified trust-model\n"
         , stderr);
  exit (ex);
}


static char *
xstrdup (const char *string)
{
  char *p = strdup (string);
  if (!p)
    {
      fprintf (stderr, "strdup failed\n");
      exit (2);
    }
  return p;
}


static const char *
isotimestr (unsigned long value)
{
  time_t t;
  static char buffer[25+5];
  struct tm *tp;

  if (!value)
    return "none";
  t = value;

  tp = gmtime (&t);
  snprintf (buffer, sizeof buffer, "%04d-%02d-%02d %02d:%02d:%02d",
            1900+tp->tm_year, tp->tm_mon+1, tp->tm_mday,
            tp->tm_hour, tp->tm_min, tp->tm_sec);
  return buffer;
}



int
main (int argc, char **argv)
{
  int last_argc = -1;
  gpgme_error_t err;
  gpgme_ctx_t ctx;
  gpgme_keylist_mode_t mode = 0;
  gpgme_key_t key;
  gpgme_subkey_t subkey;
  gpgme_keylist_result_t result;
  int import = 0;
  gpgme_key_t keyarray[100];
  int keyidx = 0;
  gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
  int only_secret = 0;
  int offline = 0;
  int no_trust_check = 0;
  int from_file = 0;
  int from_wkd = 0;
  int with_chain = 0;
  gpgme_data_t data = NULL;
  char *trust_model = NULL;
  char *chain_id = NULL;
  char *last_chain_id = NULL;

  if (argc)
    { argc--; argv++; }

  while (argc && last_argc != argc )
    {
      last_argc = argc;
      if (!strcmp (*argv, "--"))
        {
          argc--; argv++;
          break;
        }
      else if (!strcmp (*argv, "--help"))
        show_usage (0);
      else if (!strcmp (*argv, "--verbose"))
        {
          verbose = 1;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--openpgp"))
        {
          protocol = GPGME_PROTOCOL_OpenPGP;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--cms"))
        {
          protocol = GPGME_PROTOCOL_CMS;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--chain"))
        {
          with_chain = 1;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--secret"))
        {
          only_secret = 1;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--local"))
        {
          mode |= GPGME_KEYLIST_MODE_LOCAL;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--extern"))
        {
          mode |= GPGME_KEYLIST_MODE_EXTERN;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--tofu"))
        {
          mode |= GPGME_KEYLIST_MODE_WITH_TOFU;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--sigs"))
        {
          mode |= GPGME_KEYLIST_MODE_SIGS;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--sig-notations"))
        {
          mode |= GPGME_KEYLIST_MODE_SIG_NOTATIONS;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--ephemeral"))
        {
          mode |= GPGME_KEYLIST_MODE_EPHEMERAL;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--validate"))
        {
          mode |= GPGME_KEYLIST_MODE_VALIDATE;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--with-secret"))
        {
          mode |= GPGME_KEYLIST_MODE_WITH_SECRET;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--v5fpr"))
        {
          mode |= GPGME_KEYLIST_MODE_WITH_V5FPR;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--import"))
        {
          import = 1;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--offline"))
        {
          offline = 1;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--no-trust-check"))
        {
          no_trust_check = 1;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--from-file"))
        {
          from_file = 1;
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--require-gnupg"))
        {
          argc--; argv++;
          if (!argc)
            show_usage (1);
          gpgme_set_global_flag ("require-gnupg", *argv);
          argc--; argv++;
        }
      else if (!strcmp (*argv, "--from-wkd"))
        {
          argc--; argv++;
          mode |= GPGME_KEYLIST_MODE_LOCATE;
          from_wkd = 1;
        }
      else if (!strcmp (*argv, "--trust-model"))
        {
          argc--; argv++;
          if (!argc)
            show_usage (1);
          trust_model = strdup (*argv);
          argc--; argv++;
        }
      else if (!strncmp (*argv, "--", 2))
        show_usage (1);
    }

  if (argc > 1)
    show_usage (1);
  else if (from_file && !argc)
    show_usage (1);

  init_gpgme (protocol);

  err = gpgme_new (&ctx);
  fail_if_err (err);
  gpgme_set_protocol (ctx, protocol);

  gpgme_set_keylist_mode (ctx, mode);

  gpgme_set_offline (ctx, offline);

  if (no_trust_check)
    {
      err = gpgme_set_ctx_flag (ctx, "no-auto-check-trustdb", "1");
      fail_if_err (err);
    }

  if (trust_model)
    {
      err = gpgme_set_ctx_flag (ctx, "trust-model", trust_model);
      fail_if_err (err);
    }

  if (from_wkd)
    {
      err = gpgme_set_ctx_flag (ctx, "auto-key-locate",
                                "clear,nodefault,wkd");
      fail_if_err (err);
    }

  if (from_file)
    {
      err = gpgme_data_new_from_file (&data, *argv, 1);
      fail_if_err (err);

      err = gpgme_op_keylist_from_data_start (ctx, data, 0);
    }
  else
    err = gpgme_op_keylist_start (ctx, argc? argv[0]:NULL, only_secret);
  fail_if_err (err);

 next_cert:
  while (!(err = gpgme_op_keylist_next (ctx, &key)))
    {
      gpgme_user_id_t uid;
      gpgme_tofu_info_t ti;
      gpgme_key_sig_t ks;
      gpgme_revocation_key_t revkey;
      int nuids;
      int nsub;
      int nsigs;
      int nrevkeys;

      printf ("keyid   : %s\n", key->subkeys?nonnull (key->subkeys->keyid):"?");
      printf ("can_cap : %s%s%s%s\n",
              key->can_encrypt? "e":"",
              key->can_sign? "s":"",
              key->can_certify? "c":"",
              key->can_authenticate? "a":"");
      printf ("has_cap : %s%s%s%s\n",
              key->has_encrypt? "e":"",
              key->has_sign? "s":"",
              key->has_certify? "c":"",
              key->has_authenticate? "a":"");
      printf ("flags   :%s%s%s%s%s%s%s%s%s\n",
              key->secret? " secret":"",
              key->revoked? " revoked":"",
              key->expired? " expired":"",
              key->disabled? " disabled":"",
              key->invalid? " invalid":"",
              key->is_qualified? " qualified":"",
              key->subkeys && key->subkeys->is_de_vs? " de-vs":"",
              key->subkeys && key->subkeys->is_de_vs
              && key->subkeys->is_de_vs? "(beta)":"",
              key->subkeys && key->subkeys->is_cardkey? " cardkey":"");
      printf ("upd     : %lu (%u)\n", key->last_update, key->origin);
      if (key->chain_id)
        {
          printf ("chain_id: %s\n", nonnull (key->chain_id));
          free (chain_id);
          chain_id = xstrdup (key->chain_id);
        }

      subkey = key->subkeys;
      for (nsub=0; subkey; subkey = subkey->next, nsub++)
        {
          char *algostr;

          printf ("fpr   %2d: %s\n", nsub, nonnull (subkey->fpr));
          if (subkey->v5fpr)
            printf ("v5fpr %2d: %s\n", nsub, nonnull (subkey->v5fpr));
          if (subkey->keygrip)
            printf ("grip  %2d: %s\n", nsub, subkey->keygrip);
          algostr = gpgme_pubkey_algo_string (subkey);
          printf   ("algo  %2d: %s (%s)\n", nsub, algostr,
                    gpgme_pubkey_algo_name (subkey->pubkey_algo));
          gpgme_free (algostr);
          printf ("caps  %2d: %s%s%s%s%s%s\n",
                  nsub,
                  subkey->can_encrypt? "e":"",
                  subkey->can_sign? "s":"",
                  subkey->can_certify? "c":"",
                  subkey->can_authenticate? "a":"",
                  subkey->can_renc? "r":"",
                  subkey->can_timestamp? "t":"");
          printf ("flags %2d:%s%s%s%s%s%s%s%s%s%s\n",
                  nsub,
                  subkey->secret? " secret":"",
                  subkey->revoked? " revoked":"",
                  subkey->expired? " expired":"",
                  subkey->disabled? " disabled":"",
                  subkey->invalid? " invalid":"",
                  subkey->is_group_owned? " group":"",
                  subkey->is_qualified? " qualified":"",
                  subkey->is_de_vs? " de-vs":"",
                  subkey->is_de_vs && subkey->beta_compliance? "(beta)":"",
                  subkey->is_cardkey? " cardkey":"");
        }
      for (nuids=0, uid=key->uids; uid; uid = uid->next, nuids++)
        {
          printf ("userid %d: %s\n", nuids, nonnull(uid->uid));
          printf ("    mbox: %s\n", nonnull(uid->address));
          if (uid->email && uid->email != uid->address)
            printf ("   email: %s\n", uid->email);
          if (uid->name)
            printf ("    name: %s\n", uid->name);
          if (uid->comment)
            printf ("   cmmnt: %s\n", uid->comment);
          if (uid->uidhash)
            printf (" uidhash: %s\n", uid->uidhash);
          printf ("     upd: %lu (%u)\n", uid->last_update, uid->origin);
          printf ("   valid: %s\n",
                  uid->validity == GPGME_VALIDITY_UNKNOWN? "unknown":
                  uid->validity == GPGME_VALIDITY_UNDEFINED? "undefined":
                  uid->validity == GPGME_VALIDITY_NEVER? "never":
                  uid->validity == GPGME_VALIDITY_MARGINAL? "marginal":
                  uid->validity == GPGME_VALIDITY_FULL? "full":
                  uid->validity == GPGME_VALIDITY_ULTIMATE? "ultimate": "[?]");
          if ((ti = uid->tofu))
            {
              printf ("    tofu: %u (%s)\n", ti->validity,
                      ti->validity == 0? "conflict" :
                      ti->validity == 1? "no history" :
                      ti->validity == 2? "little history" :
                      ti->validity == 3? "enough history" :
                      ti->validity == 4? "lot of history" : "?");
              printf ("  policy: %u (%s)\n", ti->policy,
                      ti->policy == GPGME_TOFU_POLICY_NONE? "none" :
                      ti->policy == GPGME_TOFU_POLICY_AUTO? "auto" :
                      ti->policy == GPGME_TOFU_POLICY_GOOD? "good" :
                      ti->policy == GPGME_TOFU_POLICY_UNKNOWN? "unknown" :
                      ti->policy == GPGME_TOFU_POLICY_BAD? "bad" :
                      ti->policy == GPGME_TOFU_POLICY_ASK? "ask" : "?");
              printf ("   nsigs: %hu\n", ti->signcount);
              printf ("   first: %s\n", isotimestr (ti->signfirst));
              printf ("    last: %s\n", isotimestr (ti->signlast));
              printf ("   nencr: %hu\n", ti->encrcount);
              printf ("   first: %s\n", isotimestr (ti->encrfirst));
              printf ("    last: %s\n", isotimestr (ti->encrlast));
            }
          for (nsigs=0, ks=uid->signatures; ks; ks = ks->next, nsigs++)
            {
              printf ("signature %d: %s\n", nsigs, nonnull (ks->uid));
              printf ("       keyid: %s\n", nonnull (ks->keyid));
              printf ("     created: %s\n", isotimestr(ks->timestamp));
              printf ("     expires: %s\n", isotimestr(ks->expires));
              printf ("       class: %x\n", ks->sig_class);
              printf (" trust depth: %u\n", ks->trust_depth);
              printf (" trust value: %u\n", ks->trust_value);
              printf (" trust scope: %s\n", nonnull (ks->trust_scope));
            }
        }

      revkey = key->revocation_keys;
      for (nrevkeys=0; revkey; revkey = revkey->next, nrevkeys++)
        {
          printf ("revkey%2d: %s\n", nrevkeys, revkey->fpr);
          printf ("   class: %x\n", revkey->key_class);
        }

      putchar ('\n');

      if (import)
        {
          if (keyidx < DIM (keyarray)-1)
            keyarray[keyidx++] = key;
          else
            {
              fprintf (stderr, PGM": too many keys in import mode"
                       "- skipping this key\n");
              gpgme_key_unref (key);
            }
        }
      else
        gpgme_key_unref (key);
    }
  if (gpgme_err_code (err) != GPG_ERR_EOF)
    fail_if_err (err);
  err = gpgme_op_keylist_end (ctx);
  fail_if_err (err);
  keyarray[keyidx] = NULL;
  gpgme_data_release (data);

  result = gpgme_op_keylist_result (ctx);
  if (result->truncated)
    {
      fprintf (stderr, PGM ": key listing unexpectedly truncated\n");
      exit (1);
    }

  if (import)
    {
      gpgme_import_result_t impres;

      err = gpgme_op_import_keys (ctx, keyarray);
      fail_if_err (err);
      impres = gpgme_op_import_result (ctx);
      if (!impres)
        {
          fprintf (stderr, PGM ": no import result returned\n");
          exit (1);
        }
      print_import_result (impres);
    }

  for (keyidx=0; keyarray[keyidx]; keyidx++)
    gpgme_key_unref (keyarray[keyidx]);


  if (with_chain && chain_id && *chain_id
      && (!last_chain_id || strcmp (last_chain_id, chain_id)))
    {
      if (++with_chain > 30)
        {
          fprintf (stderr, PGM ": certificate chain too long - circle?\n");
          exit (1);
        }

      free (last_chain_id);
      last_chain_id = xstrdup (chain_id);
      err = gpgme_op_keylist_start (ctx, chain_id, 0);
      fail_if_err (err);
      goto next_cert;
    }

  free (chain_id);
  free (last_chain_id);
  free (trust_model);

  gpgme_release (ctx);
  return 0;
}