1# -*-shell-script-*-
2# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
3
4# Monkeysphere authentication list-certifiers subcommand
5#
6# The monkeysphere scripts are written by:
7# Jameson Rollins <jrollins@finestructure.net>
8# Jamie McClelland <jm@mayfirst.org>
9# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
10#
11# They are Copyright 2008-2009, and are all released under the GPL,
12# version 3 or later.
13
14# list the host certifiers
15
16list_certifiers() {
17
18local keys
19local key
20local authfpr
21local keyfpr
22local uid
23local printedfpr
24
25# find trusted keys in sphere keychain
26log debug "finding trusted keys..."
27
28# FIXME: this assumes that the keygrip (16 hex chars) is unique; we're
29# only searching by keygrip at the moment.
30
31authgrip=$(core_fingerprint | cut -b 25-40)
32
33# We're walking the list of known signatures, and extracting all trust
34# signatures made by the core fingerprint and known to the sphere
35# keyring.
36
37# for each one of these, we're printing (colon-delimited): the
38# fingerprint, the trust depth, the trust level (60 == marginal, 120
39# == full), and the domain regex (if any):
40
41gpg_sphere --fingerprint --with-colons --check-sigs | \
42    cut -f 1,2,5,8,9,10 -d: | \
43    egrep '^(fpr:::::|uat:|uid:|sig:!:'"$authgrip"':[[:digit:]]+ [[:digit:]]+:)' | \
44    while IFS=: read -r type validity grip trustparams trustdomain fpr ; do
45    case $type in
46	'fpr') # this is a new key
47	    keyfpr=$fpr
48	    uid=
49	    printedfpr=no
50	    ;;
51	'uid') # here comes a user id (if we don't have a key, or the
52	       # uid has no calculated validity, we will not bother
53	       # with it):
54	    if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then
55		uid="$fpr"
56	    else
57		uid=
58	    fi
59	    ;;
60	'uat') # this is a user attribute. DETAILS.gz states that the
61	       # 10th field is the number of user attribute
62	       # subpackets, followed by the total number of bytes of
63	       # the subpackets:
64	    if [ "$keyfpr" ] && [ "$validity" = 'f' ] ; then
65		uid=$(printf "%d JPEG(?) image(s), total %d bytes" \
66		    "${fpr%% *}" "${fpr##* }")
67	    else
68		uid=
69	    fi
70	    ;;
71	'sig') # print all trust signatures, including regexes if
72	       # present, assuming that
73	    if [ "$keyfpr" ] && [ "$uid" ] ; then
74		trustdepth=${trustparams%% *}
75		trustlevel=${trustparams##* }
76		if [ "$printedfpr" = no ] ; then
77		    printf "%s:\n" "$keyfpr"
78		    printedfpr=yes
79		fi
80
81	    # FIXME: this is clumsy and not human-friendly.  we should
82	    # print out more human-readable information, if possible.
83		printf " :%s:%d:%d:%s\n" "$uid" "$trustdepth" "$trustlevel" "$trustdomain"
84	    fi
85	    ;;
86    esac
87done
88
89}
90