1# -*-shell-script-*- 2# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant) 3 4# Monkeysphere authentication list-certifiers subcommand 5# 6# The monkeysphere scripts are written by: 7# Jameson Rollins <jrollins@finestructure.net> 8# Jamie McClelland <jm@mayfirst.org> 9# Daniel Kahn Gillmor <dkg@fifthhorseman.net> 10# 11# They are Copyright 2008-2009, and are all released under the GPL, 12# version 3 or later. 13 14# list the host certifiers 15 16list_certifiers() { 17 18local keys 19local key 20local authfpr 21local keyfpr 22local uid 23local printedfpr 24 25# find trusted keys in sphere keychain 26log debug "finding trusted keys..." 27 28# FIXME: this assumes that the keygrip (16 hex chars) is unique; we're 29# only searching by keygrip at the moment. 30 31authgrip=$(core_fingerprint | cut -b 25-40) 32 33# We're walking the list of known signatures, and extracting all trust 34# signatures made by the core fingerprint and known to the sphere 35# keyring. 36 37# for each one of these, we're printing (colon-delimited): the 38# fingerprint, the trust depth, the trust level (60 == marginal, 120 39# == full), and the domain regex (if any): 40 41gpg_sphere --fingerprint --with-colons --check-sigs | \ 42 cut -f 1,2,5,8,9,10 -d: | \ 43 egrep '^(fpr:::::|uat:|uid:|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \ 44 while IFS=: read -r type validity grip trustparams trustdomain fpr ; do 45 case $type in 46 'fpr') # this is a new key 47 keyfpr=$fpr 48 uid= 49 printedfpr=no 50 ;; 51 'uid') # here comes a user id (if we don't have a key, or the 52 # uid has no calculated validity, we will not bother 53 # with it): 54 if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then 55 uid="$fpr" 56 else 57 uid= 58 fi 59 ;; 60 'uat') # this is a user attribute. DETAILS.gz states that the 61 # 10th field is the number of user attribute 62 # subpackets, followed by the total number of bytes of 63 # the subpackets: 64 if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then 65 uid=$(printf "%d JPEG(?) image(s), total %d bytes" \ 66 "${fpr%% *}" "${fpr##* }") 67 else 68 uid= 69 fi 70 ;; 71 'sig') # print all trust signatures, including regexes if 72 # present, assuming that 73 if [ "$keyfpr" ] && [ "$uid" ] ; then 74 trustdepth=${trustparams%% *} 75 trustlevel=${trustparams##* } 76 if [ "$printedfpr" = no ] ; then 77 printf "%s:\n" "$keyfpr" 78 printedfpr=yes 79 fi 80 81 # FIXME: this is clumsy and not human-friendly. we should 82 # print out more human-readable information, if possible. 83 printf " :%s:%d:%d:%s\n" "$uid" "$trustdepth" "$trustlevel" "$trustdomain" 84 fi 85 ;; 86 esac 87done 88 89} 90