aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorIngo Klöcker <[email protected]>2021-05-05 16:38:16 +0000
committerIngo Klöcker <[email protected]>2021-05-05 17:26:33 +0000
commitf0858e45b0be260730e742643e741547123d4287 (patch)
tree9fb594a4d50c4155f59ac29b80068a1ae28bd7e7
parentqt: Pimpl QGpgMESignKeyJob (diff)
downloadgpgme-f0858e45b0be260730e742643e741547123d4287.tar.gz
gpgme-f0858e45b0be260730e742643e741547123d4287.zip
qt: Extend SignKeyJob to create trust signatures
* lang/qt/src/signkeyjob.h (SignKeyJob::setTrustSignature): New. * lang/qt/src/qgpgmesignkeyjob.h, lang/qt/src/qgpgmesignkeyjob.cpp (QGpgMESignKeyJob::setTrustSignature): New. * lang/qt/src/qgpgmesignkeyjob.cpp (sign_key): Handle trust signatures. (QGpgMESignKeyJob::start): Pass trust signature attributes to sign_key. (QGpgMESignKeyJob::setTrustSignature): New. -- This allows Kleopatra to create trust signatures for trusted introducers. GnuPG-bug-id: 5245, 5421
Diffstat (limited to '')
-rw-r--r--lang/qt/src/qgpgmesignkeyjob.cpp38
-rw-r--r--lang/qt/src/qgpgmesignkeyjob.h3
-rw-r--r--lang/qt/src/signkeyjob.h20
-rw-r--r--lang/qt/tests/Makefile.am8
-rw-r--r--lang/qt/tests/t-trustsignatures.cpp565
5 files changed, 629 insertions, 5 deletions
diff --git a/lang/qt/src/qgpgmesignkeyjob.cpp b/lang/qt/src/qgpgmesignkeyjob.cpp
index 73dd9a88..75ebeb04 100644
--- a/lang/qt/src/qgpgmesignkeyjob.cpp
+++ b/lang/qt/src/qgpgmesignkeyjob.cpp
@@ -51,6 +51,15 @@
using namespace QGpgME;
using namespace GpgME;
+namespace
+{
+struct TrustSignatureProperties {
+ TrustSignatureTrust trust = TrustSignatureTrust::None;
+ unsigned int depth = 0;
+ QString scope;
+};
+}
+
class QGpgMESignKeyJob::Private
{
public:
@@ -64,6 +73,7 @@ public:
bool m_started = false;
bool m_dupeOk = false;
QString m_remark;
+ TrustSignatureProperties m_trustSignature;
};
QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context)
@@ -77,7 +87,8 @@ QGpgMESignKeyJob::~QGpgMESignKeyJob() {}
static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector<unsigned int> &uids,
unsigned int checkLevel, const Key &signer, unsigned int opts,
- bool dupeOk, const QString &remark)
+ bool dupeOk, const QString &remark,
+ const TrustSignatureProperties &trustSignature)
{
QGpgME::QByteArrayDataProvider dp;
Data data(&dp);
@@ -97,6 +108,12 @@ static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, cons
ctx->addSignatureNotation("[email protected]", remark.toUtf8().constData());
}
+ if (opts & GpgSignKeyEditInteractor::Trust) {
+ skei->setTrustSignatureTrust(trustSignature.trust);
+ skei->setTrustSignatureDepth(trustSignature.depth);
+ skei->setTrustSignatureScope(trustSignature.scope.toUtf8().toStdString());
+ }
+
if (!signer.isNull())
if (const Error err = ctx->addSigningKey(signer)) {
return std::make_tuple(err, QString(), Error());
@@ -116,8 +133,17 @@ Error QGpgMESignKeyJob::start(const Key &key)
if (d->m_exportable) {
opts |= GpgSignKeyEditInteractor::Exportable;
}
+ switch (d->m_trustSignature.trust) {
+ case TrustSignatureTrust::Partial:
+ case TrustSignatureTrust::Complete:
+ opts |= GpgSignKeyEditInteractor::Trust;
+ break;
+ default:
+ opts &= ~GpgSignKeyEditInteractor::Trust;
+ break;
+ }
run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey,
- opts, d->m_dupeOk, d->m_remark));
+ opts, d->m_dupeOk, d->m_remark, d->m_trustSignature));
d->m_started = true;
return Error();
}
@@ -163,4 +189,12 @@ void QGpgMESignKeyJob::setDupeOk(bool value)
assert(!d->m_started);
d->m_dupeOk = value;
}
+
+void QGpgMESignKeyJob::setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope)
+{
+ assert(!d->m_started);
+ assert(depth <= 255);
+ d->m_trustSignature = {trust, depth, scope};
+}
+
#include "qgpgmesignkeyjob.moc"
diff --git a/lang/qt/src/qgpgmesignkeyjob.h b/lang/qt/src/qgpgmesignkeyjob.h
index e8a65fe7..5332d543 100644
--- a/lang/qt/src/qgpgmesignkeyjob.h
+++ b/lang/qt/src/qgpgmesignkeyjob.h
@@ -84,6 +84,9 @@ public:
/* from SignKeyJob */
void setDupeOk(bool value) Q_DECL_OVERRIDE;
+ /* from SignKeyJob */
+ void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) Q_DECL_OVERRIDE;
+
private:
class Private;
std::unique_ptr<Private> d;
diff --git a/lang/qt/src/signkeyjob.h b/lang/qt/src/signkeyjob.h
index e3ae75f7..461b9b3a 100644
--- a/lang/qt/src/signkeyjob.h
+++ b/lang/qt/src/signkeyjob.h
@@ -43,6 +43,7 @@ namespace GpgME
{
class Error;
class Key;
+enum class TrustSignatureTrust : char;
}
class QString;
@@ -127,6 +128,25 @@ public:
**/
virtual void setRemark(const QString &) {};
+ /**
+ * If set, then the created signature will be a trust signature. By default,
+ * no trust signatures are created.
+ *
+ * @a trust is the amount of trust to put into the signed key, either
+ * @c TrustSignatureTrust::Partial or @c TrustSignatureTrust::Complete.
+ * @a depth is the level of the trust signature. Values between 0 and 255 are
+ * allowed. Level 0 has the same meaning as an ordinary validity signature.
+ * Level 1 means that the signed key is asserted to be a valid trusted
+ * introducer. Level n >= 2 means that the signed key is asserted to be
+ * trusted to issue level n-1 trust signatures, i.e., that it is a "meta
+ * introducer".
+ * @a scope is a domain name that limits the scope of trust of the signed key
+ * to user IDs with email addresses matching the domain (or a subdomain).
+ *
+ * Not pure virtual for ABI compatibility.
+ **/
+ virtual void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) { Q_UNUSED(trust); Q_UNUSED(depth); Q_UNUSED(scope); };
+
Q_SIGNALS:
void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error());
};
diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am
index ace5082c..41ea8087 100644
--- a/lang/qt/tests/Makefile.am
+++ b/lang/qt/tests/Makefile.am
@@ -27,11 +27,11 @@ TESTS_ENVIRONMENT = GNUPGHOME=$(GNUPGHOME)
EXTRA_DIST = initial.test
TESTS = initial.test t-keylist t-keylocate t-ownertrust t-tofuinfo \
- t-encrypt t-verify t-various t-config t-remarks
+ t-encrypt t-verify t-various t-config t-remarks t-trustsignatures
moc_files = t-keylist.moc t-keylocate.moc t-ownertrust.moc t-tofuinfo.moc \
t-encrypt.moc t-support.hmoc t-wkspublish.moc t-verify.moc \
- t-various.moc t-config.moc t-remarks.moc
+ t-various.moc t-config.moc t-remarks.moc t-trustsignatures.moc
AM_LDFLAGS = -no-install
@@ -57,6 +57,7 @@ t_verify_SOURCES = t-verify.cpp $(support_src)
t_various_SOURCES = t-various.cpp $(support_src)
t_config_SOURCES = t-config.cpp $(support_src)
t_remarks_SOURCES = t-remarks.cpp $(support_src)
+t_trustsignatures_SOURCES = t-trustsignatures.cpp $(support_src)
run_keyformailboxjob_SOURCES = run-keyformailboxjob.cpp
nodist_t_keylist_SOURCES = $(moc_files)
@@ -64,7 +65,8 @@ nodist_t_keylist_SOURCES = $(moc_files)
BUILT_SOURCES = $(moc_files) pubring-stamp
noinst_PROGRAMS = t-keylist t-keylocate t-ownertrust t-tofuinfo t-encrypt \
- run-keyformailboxjob t-wkspublish t-verify t-various t-config t-remarks
+ run-keyformailboxjob t-wkspublish t-verify t-various t-config t-remarks \
+ t-trustsignatures
CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \
gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \
diff --git a/lang/qt/tests/t-trustsignatures.cpp b/lang/qt/tests/t-trustsignatures.cpp
new file mode 100644
index 00000000..d392b2fb
--- /dev/null
+++ b/lang/qt/tests/t-trustsignatures.cpp
@@ -0,0 +1,565 @@
+/* t-remarks.cpp
+
+ This file is part of qgpgme, the Qt API binding for gpgme
+ Copyright (c) 2021 g10 Code GmbH
+ Software engineering by Ingo Klöcker <[email protected]>
+
+ QGpgME is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 2 of the
+ License, or (at your option) any later version.
+
+ QGpgME is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+ In addition, as a special exception, the copyright holders give
+ permission to link the code of this program with any edition of
+ the Qt library by Trolltech AS, Norway (or with modified versions
+ of Qt that use the same license as Qt), and distribute linked
+ combinations including the two. You must obey the GNU General
+ Public License in all respects for all of the code used other than
+ Qt. If you modify this file, you may extend this exception to
+ your version of the file, but you are not obligated to do so. If
+ you do not wish to do so, delete this exception statement from
+ your version.
+*/
+
+#ifdef HAVE_CONFIG_H
+ #include "config.h"
+#endif
+
+#include "t-support.h"
+
+#include "context.h"
+#include "engineinfo.h"
+#include "protocol.h"
+#include "signkeyjob.h"
+
+#include <QSignalSpy>
+#include <QTemporaryDir>
+#include <QTest>
+
+using namespace QGpgME;
+using namespace GpgME;
+
+class TestTrustSignatures: public QGpgMETest
+{
+ Q_OBJECT
+
+Q_SIGNALS:
+ void asyncDone();
+
+private Q_SLOTS:
+ void test_tsign_single_uid_key_and_then_tsign_it_again()
+ {
+ Error err;
+
+ if (!loopbackSupported()) {
+ return;
+ }
+
+ auto ctx = Context::create(OpenPGP);
+ QVERIFY(ctx);
+
+ // Get the signing key ([email protected])
+ auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
+ QVERIFY(!err);
+ QVERIFY(!seckey.isNull());
+
+ // Get the target key ([email protected])
+ auto target = ctx->key("E8143C489C8D41124DC40D0B47AF4B6961F04784", err, false);
+ QVERIFY(!err);
+ QVERIFY(!target.isNull());
+ QVERIFY(target.numUserIDs() > 0);
+
+ // Create first trust signature
+ {
+ // Create the job
+ auto job = std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
+ QVERIFY(job);
+
+ // Hack in the passphrase provider
+ auto jobCtx = Job::context(job.get());
+ TestPassphraseProvider provider;
+ jobCtx->setPassphraseProvider(&provider);
+ jobCtx->setPinentryMode(Context::PinentryLoopback);
+
+ // Setup the job
+ job->setExportable(true);
+ job->setSigningKey(seckey);
+ job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org"));
+
+ connect(job.get(), &SignKeyJob::result,
+ this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
+ Q_EMIT asyncDone();
+ if (err2) {
+ if (err2.code() == GPG_ERR_GENERAL) {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
+ "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
+ } else {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
+ }
+ }
+ });
+
+ job->start(target);
+ QSignalSpy spy (this, SIGNAL(asyncDone()));
+ QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
+
+ // At this point the trust signature should have been added.
+ target.update();
+ const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(trustSignature.isTrustSignature());
+ QCOMPARE(trustSignature.trustDepth(), 1u);
+ QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete);
+ QVERIFY(trustSignature.trustScope());
+ const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
+ QVERIFY(!trustScope.isEmpty());
+ const QRegExp regex{trustScope};
+ QVERIFY(regex.isValid());
+ QVERIFY(regex.indexIn(QStringLiteral("Foo <[email protected]>")) != -1);
+ }
+
+ // Create second trust signature
+ {
+ // Create the job
+ auto job = std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
+ QVERIFY(job);
+
+ // Hack in the passphrase provider
+ auto jobCtx = Job::context(job.get());
+ TestPassphraseProvider provider;
+ jobCtx->setPassphraseProvider(&provider);
+ jobCtx->setPinentryMode(Context::PinentryLoopback);
+
+ // Setup the job
+ job->setExportable(true);
+ job->setSigningKey(seckey);
+ job->setDupeOk(true);
+ job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net"));
+
+ connect(job.get(), &SignKeyJob::result,
+ this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
+ Q_EMIT asyncDone();
+ if (err2) {
+ if (err2.code() == GPG_ERR_GENERAL) {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
+ "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
+ } else {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
+ }
+ }
+ });
+
+ err = job->start(target);
+ QVERIFY(!err);
+ QSignalSpy spy (this, SIGNAL(asyncDone()));
+ QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
+
+ // At this point the trust signature should have been added.
+ target.update();
+ const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(trustSignature.isTrustSignature());
+ QCOMPARE(trustSignature.trustDepth(), 2u);
+ QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial);
+ QVERIFY(trustSignature.trustScope());
+ const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
+ QVERIFY(!trustScope.isEmpty());
+ const QRegExp regex{trustScope};
+ QVERIFY(regex.isValid());
+ QVERIFY(regex.indexIn(QStringLiteral("Foo <[email protected]>")) != -1);
+ }
+ }
+
+ void test_tsign_multi_uid_key_and_then_tsign_it_again()
+ {
+ Error err;
+
+ if (!loopbackSupported()) {
+ return;
+ }
+
+ auto ctx = Context::create(OpenPGP);
+ QVERIFY(ctx);
+
+ // Get the signing key ([email protected])
+ auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
+ QVERIFY(!err);
+ QVERIFY(!seckey.isNull());
+
+ // Get the target key (Bob / Bravo Test)
+ auto target = ctx->key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", err, false);
+ QVERIFY(!err);
+ QVERIFY(!target.isNull());
+ QVERIFY(target.numUserIDs() > 0);
+
+ // Create first trust signature
+ {
+ // Create the job
+ auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
+ QVERIFY(job);
+
+ // Hack in the passphrase provider
+ auto jobCtx = Job::context(job);
+ TestPassphraseProvider provider;
+ jobCtx->setPassphraseProvider(&provider);
+ jobCtx->setPinentryMode(Context::PinentryLoopback);
+
+ // Setup the job
+ job->setExportable(true);
+ job->setSigningKey(seckey);
+ job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org"));
+
+ connect(job, &SignKeyJob::result,
+ this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
+ Q_EMIT asyncDone();
+ if (err2) {
+ if (err2.code() == GPG_ERR_GENERAL) {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
+ "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
+ } else {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
+ }
+ }
+ });
+
+ job->start(target);
+ QSignalSpy spy (this, SIGNAL(asyncDone()));
+ QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
+
+ // At this point the trust signature should have been added.
+ target.update();
+ const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(trustSignature.isTrustSignature());
+ QCOMPARE(trustSignature.trustDepth(), 1u);
+ QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete);
+ QVERIFY(trustSignature.trustScope());
+ const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
+ QVERIFY(!trustScope.isEmpty());
+ const QRegExp regex{trustScope};
+ QVERIFY(regex.isValid());
+ QVERIFY(regex.indexIn(QStringLiteral("Foo <[email protected]>")) != -1);
+ }
+
+ // Create second trust signature
+ {
+ // Create the job
+ auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
+ QVERIFY(job);
+
+ // Hack in the passphrase provider
+ auto jobCtx = Job::context(job);
+ TestPassphraseProvider provider;
+ jobCtx->setPassphraseProvider(&provider);
+ jobCtx->setPinentryMode(Context::PinentryLoopback);
+
+ // Setup the job
+ job->setExportable(true);
+ job->setSigningKey(seckey);
+ job->setDupeOk(true);
+ job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net"));
+
+ connect(job, &SignKeyJob::result,
+ this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
+ Q_EMIT asyncDone();
+ if (err2) {
+ if (err2.code() == GPG_ERR_GENERAL) {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
+ "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
+ } else {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
+ }
+ }
+ });
+
+ err = job->start(target);
+ QVERIFY(!err);
+ QSignalSpy spy (this, SIGNAL(asyncDone()));
+ QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
+
+ // At this point the trust signature should have been added.
+ target.update();
+ const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(trustSignature.isTrustSignature());
+ QCOMPARE(trustSignature.trustDepth(), 2u);
+ QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial);
+ QVERIFY(trustSignature.trustScope());
+ const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
+ QVERIFY(!trustScope.isEmpty());
+ const QRegExp regex{trustScope};
+ QVERIFY(regex.isValid());
+ QVERIFY(regex.indexIn(QStringLiteral("Foo <[email protected]>")) != -1);
+ }
+ }
+
+ void test_tsign_first_uid_and_then_tsign_both_uids()
+ {
+ Error err;
+
+ if (!loopbackSupported()) {
+ return;
+ }
+
+ auto ctx = Context::create(OpenPGP);
+ QVERIFY(ctx);
+
+ // Get the signing key ([email protected])
+ auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
+ QVERIFY(!err);
+ QVERIFY(!seckey.isNull());
+
+ // Get the target key (Mallory / Mike Test)
+ auto target = ctx->key("2686AA191A278013992C72EBBE794852BE5CF886", err, false);
+ QVERIFY(!err);
+ QVERIFY(!target.isNull());
+ QVERIFY(target.numUserIDs() > 0);
+
+ // Create first trust signature
+ {
+ // Create the job
+ auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
+ QVERIFY(job);
+
+ // Hack in the passphrase provider
+ auto jobCtx = Job::context(job);
+ TestPassphraseProvider provider;
+ jobCtx->setPassphraseProvider(&provider);
+ jobCtx->setPinentryMode(Context::PinentryLoopback);
+
+ // Setup the job
+ job->setExportable(true);
+ job->setSigningKey(seckey);
+ job->setUserIDsToSign({0});
+ job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org"));
+
+ connect(job, &SignKeyJob::result,
+ this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
+ Q_EMIT asyncDone();
+ if (err2) {
+ if (err2.code() == GPG_ERR_GENERAL) {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
+ "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
+ } else {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
+ }
+ }
+ });
+
+ job->start(target);
+ QSignalSpy spy (this, SIGNAL(asyncDone()));
+ QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
+
+ // At this point the trust signature should have been added.
+ target.update();
+ const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(trustSignature.isTrustSignature());
+ QCOMPARE(trustSignature.trustDepth(), 1u);
+ QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete);
+ QVERIFY(trustSignature.trustScope());
+ const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
+ QVERIFY(!trustScope.isEmpty());
+ const QRegExp regex{trustScope};
+ QVERIFY(regex.isValid());
+ QVERIFY(regex.indexIn(QStringLiteral("Foo <[email protected]>")) != -1);
+ }
+
+ // Create second trust signature
+ {
+ // Create the job
+ auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
+ QVERIFY(job);
+
+ // Hack in the passphrase provider
+ auto jobCtx = Job::context(job);
+ TestPassphraseProvider provider;
+ jobCtx->setPassphraseProvider(&provider);
+ jobCtx->setPinentryMode(Context::PinentryLoopback);
+
+ // Setup the job
+ job->setExportable(true);
+ job->setSigningKey(seckey);
+ job->setDupeOk(true);
+ job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net"));
+
+ connect(job, &SignKeyJob::result,
+ this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
+ Q_EMIT asyncDone();
+ if (err2) {
+ if (err2.code() == GPG_ERR_GENERAL) {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
+ "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
+ } else {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
+ }
+ }
+ });
+
+ err = job->start(target);
+ QVERIFY(!err);
+ QSignalSpy spy (this, SIGNAL(asyncDone()));
+ QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
+
+ // At this point the trust signature should have been added.
+ target.update();
+ const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(trustSignature.isTrustSignature());
+ QCOMPARE(trustSignature.trustDepth(), 2u);
+ QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial);
+ QVERIFY(trustSignature.trustScope());
+ const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
+ QVERIFY(!trustScope.isEmpty());
+ const QRegExp regex{trustScope};
+ QVERIFY(regex.isValid());
+ QVERIFY(regex.indexIn(QStringLiteral("Foo <[email protected]>")) != -1);
+ }
+ }
+
+ void test_tsign_all_uids_and_then_tsign_first_uid()
+ {
+ Error err;
+
+ if (!loopbackSupported()) {
+ return;
+ }
+
+ auto ctx = Context::create(OpenPGP);
+ QVERIFY(ctx);
+
+ // Get the signing key ([email protected])
+ auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
+ QVERIFY(!err);
+ QVERIFY(!seckey.isNull());
+
+ // Get the target key (Echelon / Echo Test / Eve)
+ auto target = ctx->key("3531152DE293E26A07F504BC318C1FAEFAEF6D1B", err, false);
+ QVERIFY(!err);
+ QVERIFY(!target.isNull());
+ QVERIFY(target.numUserIDs() > 0);
+
+ // Create first trust signature
+ {
+ // Create the job
+ auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
+ QVERIFY(job);
+
+ // Hack in the passphrase provider
+ auto jobCtx = Job::context(job);
+ TestPassphraseProvider provider;
+ jobCtx->setPassphraseProvider(&provider);
+ jobCtx->setPinentryMode(Context::PinentryLoopback);
+
+ // Setup the job
+ job->setExportable(true);
+ job->setSigningKey(seckey);
+ job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org"));
+
+ connect(job, &SignKeyJob::result,
+ this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
+ Q_EMIT asyncDone();
+ if (err2) {
+ if (err2.code() == GPG_ERR_GENERAL) {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
+ "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
+ } else {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
+ }
+ }
+ });
+
+ job->start(target);
+ QSignalSpy spy (this, SIGNAL(asyncDone()));
+ QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
+
+ // At this point the trust signature should have been added.
+ target.update();
+ const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(trustSignature.isTrustSignature());
+ QCOMPARE(trustSignature.trustDepth(), 1u);
+ QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete);
+ QVERIFY(trustSignature.trustScope());
+ const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
+ QVERIFY(!trustScope.isEmpty());
+ const QRegExp regex{trustScope};
+ QVERIFY(regex.isValid());
+ QVERIFY(regex.indexIn(QStringLiteral("Foo <[email protected]>")) != -1);
+ }
+
+ // Create second trust signature
+ {
+ // Create the job
+ auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
+ QVERIFY(job);
+
+ // Hack in the passphrase provider
+ auto jobCtx = Job::context(job);
+ TestPassphraseProvider provider;
+ jobCtx->setPassphraseProvider(&provider);
+ jobCtx->setPinentryMode(Context::PinentryLoopback);
+
+ // Setup the job
+ job->setExportable(true);
+ job->setSigningKey(seckey);
+ job->setUserIDsToSign({0});
+ job->setDupeOk(true);
+ job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net"));
+
+ connect(job, &SignKeyJob::result,
+ this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
+ Q_EMIT asyncDone();
+ if (err2) {
+ if (err2.code() == GPG_ERR_GENERAL) {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
+ "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
+ } else {
+ QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
+ }
+ }
+ });
+
+ err = job->start(target);
+ QVERIFY(!err);
+ QSignalSpy spy (this, SIGNAL(asyncDone()));
+ QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
+
+ // At this point the trust signature should have been added.
+ target.update();
+ const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
+ QVERIFY(trustSignature.isTrustSignature());
+ QCOMPARE(trustSignature.trustDepth(), 2u);
+ QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial);
+ QVERIFY(trustSignature.trustScope());
+ const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
+ QVERIFY(!trustScope.isEmpty());
+ const QRegExp regex{trustScope};
+ QVERIFY(regex.isValid());
+ QVERIFY(regex.indexIn(QStringLiteral("Foo <[email protected]>")) != -1);
+ }
+ }
+
+ void initTestCase()
+ {
+ QGpgMETest::initTestCase();
+ const QString gpgHome = qgetenv("GNUPGHOME");
+ QVERIFY(copyKeyrings(gpgHome, mDir.path()));
+ qputenv("GNUPGHOME", mDir.path().toUtf8());
+ QFile conf(mDir.path() + QStringLiteral("/gpg.conf"));
+ QVERIFY(conf.open(QIODevice::WriteOnly));
+ if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() >= "2.2.18") {
+ conf.write("allow-weak-key-signatures");
+ }
+ conf.close();
+ }
+
+private:
+ QTemporaryDir mDir;
+};
+
+QTEST_MAIN(TestTrustSignatures)
+
+#include "t-trustsignatures.moc"
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-30 07:08:30 +0000