aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngo Klöcker <[email protected]>2021-06-22 16:49:45 +0000
committerIngo Klöcker <[email protected]>2021-06-22 16:49:45 +0000
commitac4536990a4fed4a45a0851260c029e69d0cadf6 (patch)
tree96d1d0ab5631469853439a303dad0912eb91d92e
parentcore: Allow specifying an expiration date for key signatures (diff)
downloadgpgme-ac4536990a4fed4a45a0851260c029e69d0cadf6.tar.gz
gpgme-ac4536990a4fed4a45a0851260c029e69d0cadf6.zip
qt: Extend SignKeyJob to create signatures with expiration date
* lang/qt/src/signkeyjob.h (SignKeyJob::setExpirationDate): New. * lang/qt/src/qgpgmesignkeyjob.h, lang/qt/src/qgpgmesignkeyjob.cpp (QGpgMESignKeyJob::setExpirationDate): New. * lang/qt/src/qgpgmesignkeyjob.cpp (QGpgMESignKeyJob::Private): Add member m_expiration. (sign_key): Handle expiration date. (QGpgMESignKeyJob::start): Pass expiration date to sign_key. * lang/qt/tests/t-various.cpp (TestVarious::testSignKeyWithoutExpiration, TestVarious::testSignKeyWithExpiration): New. (TestVarious::initTestCase): Add "allow-weak-key-signatures" to gpg.conf. -- This allows Kleopatra (and other users of QGpgme) to create key signatures with expiration date. GnuPG-bug-id: 5336, 5506
Diffstat
-rw-r--r--lang/qt/src/qgpgmesignkeyjob.cpp39
-rw-r--r--lang/qt/src/qgpgmesignkeyjob.h2
-rw-r--r--lang/qt/src/signkeyjob.h11
-rw-r--r--lang/qt/tests/t-various.cpp132
4 files changed, 181 insertions, 3 deletions
diff --git a/lang/qt/src/qgpgmesignkeyjob.cpp b/lang/qt/src/qgpgmesignkeyjob.cpp
index 75ebeb04..5036a9b9 100644
--- a/lang/qt/src/qgpgmesignkeyjob.cpp
+++ b/lang/qt/src/qgpgmesignkeyjob.cpp
@@ -38,6 +38,7 @@
#include "qgpgmesignkeyjob.h"
+#include <QDate>
#include <QString>
#include "dataprovider.h"
@@ -46,6 +47,8 @@
#include "data.h"
#include "gpgsignkeyeditinteractor.h"
+#include "qgpgme_debug.h"
+
#include <cassert>
using namespace QGpgME;
@@ -74,6 +77,7 @@ public:
bool m_dupeOk = false;
QString m_remark;
TrustSignatureProperties m_trustSignature;
+ QDate m_expiration;
};
QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context)
@@ -88,7 +92,8 @@ QGpgMESignKeyJob::~QGpgMESignKeyJob() {}
static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector<unsigned int> &uids,
unsigned int checkLevel, const Key &signer, unsigned int opts,
bool dupeOk, const QString &remark,
- const TrustSignatureProperties &trustSignature)
+ const TrustSignatureProperties &trustSignature,
+ const QDate &expirationDate)
{
QGpgME::QByteArrayDataProvider dp;
Data data(&dp);
@@ -114,10 +119,32 @@ static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, cons
skei->setTrustSignatureScope(trustSignature.scope.toUtf8().toStdString());
}
- if (!signer.isNull())
+ if (!signer.isNull()) {
if (const Error err = ctx->addSigningKey(signer)) {
return std::make_tuple(err, QString(), Error());
}
+ }
+
+ if (expirationDate.isValid()) {
+ // on 2106-02-07, the Unix time will reach 0xFFFFFFFF; since gpg uses uint32 internally
+ // for the expiration date clip it at 2106-02-06
+ static const QDate maxAllowedDate{2106, 2, 6};
+ const auto clippedExpirationDate = expirationDate <= maxAllowedDate ? expirationDate : maxAllowedDate;
+ if (clippedExpirationDate != expirationDate) {
+ qCWarning(QGPGME_LOG) << "Expiration of certification has been changed to" << clippedExpirationDate;
+ }
+ // use the "days from now" format to specify the expiration date of the certification;
+ // this format is the most appropriate regardless of the local timezone
+ const auto daysFromNow = QDate::currentDate().daysTo(clippedExpirationDate);
+ if (daysFromNow > 0) {
+ const auto certExpire = std::to_string(daysFromNow) + "d";
+ ctx->setFlag("cert-expire", certExpire.c_str());
+ }
+ } else {
+ // explicitly set "cert-expire" to "0" (no expiration) to override default-cert-expire set in gpg.conf
+ ctx->setFlag("cert-expire", "0");
+ }
+
const Error err = ctx->edit(key, std::unique_ptr<EditInteractor> (skei), data);
Error ae;
const QString log = _detail::audit_log_as_html(ctx, ae);
@@ -143,7 +170,7 @@ Error QGpgMESignKeyJob::start(const Key &key)
break;
}
run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey,
- opts, d->m_dupeOk, d->m_remark, d->m_trustSignature));
+ opts, d->m_dupeOk, d->m_remark, d->m_trustSignature, d->m_expiration));
d->m_started = true;
return Error();
}
@@ -197,4 +224,10 @@ void QGpgMESignKeyJob::setTrustSignature(GpgME::TrustSignatureTrust trust, unsig
d->m_trustSignature = {trust, depth, scope};
}
+void QGpgMESignKeyJob::setExpirationDate(const QDate &expiration)
+{
+ assert(!d->m_started);
+ d->m_expiration = expiration;
+}
+
#include "qgpgmesignkeyjob.moc"
diff --git a/lang/qt/src/qgpgmesignkeyjob.h b/lang/qt/src/qgpgmesignkeyjob.h
index 5332d543..2ea9e94c 100644
--- a/lang/qt/src/qgpgmesignkeyjob.h
+++ b/lang/qt/src/qgpgmesignkeyjob.h
@@ -87,6 +87,8 @@ public:
/* from SignKeyJob */
void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) Q_DECL_OVERRIDE;
+ void setExpirationDate(const QDate &expiration) override;
+
private:
class Private;
std::unique_ptr<Private> d;
diff --git a/lang/qt/src/signkeyjob.h b/lang/qt/src/signkeyjob.h
index 6214bfde..666af92a 100644
--- a/lang/qt/src/signkeyjob.h
+++ b/lang/qt/src/signkeyjob.h
@@ -46,6 +46,7 @@ class Key;
enum class TrustSignatureTrust : char;
}
+class QDate;
class QString;
namespace QGpgME
@@ -144,6 +145,16 @@ public:
**/
virtual void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) { Q_UNUSED(trust); Q_UNUSED(depth); Q_UNUSED(scope); };
+ /**
+ * Sets the expiration date of the key signature to @a expiration. By default,
+ * key signatures do not expire.
+ *
+ * Note: Expiration dates after 2106-02-06 will be set to 2106-02-06.
+ *
+ * Not pure virtual for ABI compatibility.
+ **/
+ virtual void setExpirationDate(const QDate &expiration) { Q_UNUSED(expiration); }
+
Q_SIGNALS:
void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error());
};
diff --git a/lang/qt/tests/t-various.cpp b/lang/qt/tests/t-various.cpp
index bec0a57e..8563b681 100644
--- a/lang/qt/tests/t-various.cpp
+++ b/lang/qt/tests/t-various.cpp
@@ -46,6 +46,7 @@
#include "dn.h"
#include "data.h"
#include "dataprovider.h"
+#include "signkeyjob.h"
#include "t-support.h"
@@ -233,6 +234,131 @@ private Q_SLOTS:
delete ctx;
}
+ void testSignKeyWithoutExpiration()
+ {
+ Error err;
+
+ if (!loopbackSupported()) {
+ return;
+ }
+
+ auto ctx = Context::create(OpenPGP);
+ QVERIFY(ctx);
+
+ // Get the signing key ([email protected])
+ auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
+ QVERIFY(!err);
+ QVERIFY(!seckey.isNull());
+
+ // Get the target key (Bob / Bravo Test)
+ auto target = ctx->key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", err, false);
+ QVERIFY(!err);
+ QVERIFY(!target.isNull());
+ QVERIFY(target.numUserIDs() > 0);
+
+ // Create the job
+ auto job = std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
+ QVERIFY(job);
+
+ // Hack in the passphrase provider
+ auto jobCtx = Job::context(job.get());
+ TestPassphraseProvider provider;
+ jobCtx->setPassphraseProvider(&provider);
+ jobCtx->setPinentryMode(Context::PinentryLoopback);
+
+ // Setup the job
+ job->setExportable(true);
+ job->setSigningKey(seckey);
+ job->setDupeOk(true);
+
+ connect(job.get(), &SignKeyJob::result,
+ this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
+ Q_EMIT asyncDone();
+ if (err2) {
+ if (err2.code() == GPG_ERR_GENERAL) {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
+ "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
+ } else {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
+ }
+ }
+ });
+
+ job->start(target);
+ QSignalSpy spy{this, &TestVarious::asyncDone};
+ QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
+
+ // At this point the signature should have been added.
+ target.update();
+ const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(keySignature.neverExpires());
+ }
+
+ void testSignKeyWithExpiration()
+ {
+ Error err;
+
+ if (!loopbackSupported()) {
+ return;
+ }
+
+ auto ctx = Context::create(OpenPGP);
+ QVERIFY(ctx);
+
+ // Get the signing key ([email protected])
+ auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
+ QVERIFY(!err);
+ QVERIFY(!seckey.isNull());
+
+ // Get the target key (Bob / Bravo Test)
+ auto target = ctx->key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", err, false);
+ QVERIFY(!err);
+ QVERIFY(!target.isNull());
+ QVERIFY(target.numUserIDs() > 0);
+
+ // Create the job
+ auto job = std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
+ QVERIFY(job);
+
+ // Hack in the passphrase provider
+ auto jobCtx = Job::context(job.get());
+ TestPassphraseProvider provider;
+ jobCtx->setPassphraseProvider(&provider);
+ jobCtx->setPinentryMode(Context::PinentryLoopback);
+
+ // Setup the job
+ job->setExportable(true);
+ job->setSigningKey(seckey);
+ job->setDupeOk(true);
+ job->setExpirationDate(QDate{2222, 2, 22});
+
+ connect(job.get(), &SignKeyJob::result,
+ this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
+ Q_EMIT asyncDone();
+ if (err2) {
+ if (err2.code() == GPG_ERR_GENERAL) {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
+ "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
+ } else {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
+ }
+ }
+ });
+
+ QTest::ignoreMessage(QtWarningMsg, "Expiration of certification has been changed to QDate(\"2106-02-06\")");
+
+ job->start(target);
+ QSignalSpy spy{this, &TestVarious::asyncDone};
+ QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
+
+ // At this point the signature should have been added.
+ target.update();
+ const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(!keySignature.neverExpires());
+ const auto expirationDate = QDateTime::fromSecsSinceEpoch(keySignature.expirationTime()).date();
+ QCOMPARE(expirationDate, QDate(2106, 2, 6)); // expiration date is capped at 2106-02-06
+ }
+
void testVersion()
{
QVERIFY(EngineInfo::Version("2.1.0") < EngineInfo::Version("2.1.1"));
@@ -285,6 +411,12 @@ private Q_SLOTS:
const QString gpgHome = qgetenv("GNUPGHOME");
QVERIFY(copyKeyrings(gpgHome, mDir.path()));
qputenv("GNUPGHOME", mDir.path().toUtf8());
+ QFile conf(mDir.path() + QStringLiteral("/gpg.conf"));
+ QVERIFY(conf.open(QIODevice::WriteOnly));
+ if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() >= "2.2.18") {
+ conf.write("allow-weak-key-signatures");
+ }
+ conf.close();
}
private:
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-09 03:11:45 +0000