diff --git a/lang/qt/src/qgpgmesignkeyjob.cpp b/lang/qt/src/qgpgmesignkeyjob.cpp index 75ebeb04..5036a9b9 100644 --- a/lang/qt/src/qgpgmesignkeyjob.cpp +++ b/lang/qt/src/qgpgmesignkeyjob.cpp @@ -38,6 +38,7 @@ #include "qgpgmesignkeyjob.h" +#include #include #include "dataprovider.h" @@ -46,6 +47,8 @@ #include "data.h" #include "gpgsignkeyeditinteractor.h" +#include "qgpgme_debug.h" + #include using namespace QGpgME; @@ -74,6 +77,7 @@ public: bool m_dupeOk = false; QString m_remark; TrustSignatureProperties m_trustSignature; + QDate m_expiration; }; QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context) @@ -88,7 +92,8 @@ QGpgMESignKeyJob::~QGpgMESignKeyJob() {} static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector &uids, unsigned int checkLevel, const Key &signer, unsigned int opts, bool dupeOk, const QString &remark, - const TrustSignatureProperties &trustSignature) + const TrustSignatureProperties &trustSignature, + const QDate &expirationDate) { QGpgME::QByteArrayDataProvider dp; Data data(&dp); @@ -114,10 +119,32 @@ static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, cons skei->setTrustSignatureScope(trustSignature.scope.toUtf8().toStdString()); } - if (!signer.isNull()) + if (!signer.isNull()) { if (const Error err = ctx->addSigningKey(signer)) { return std::make_tuple(err, QString(), Error()); } + } + + if (expirationDate.isValid()) { + // on 2106-02-07, the Unix time will reach 0xFFFFFFFF; since gpg uses uint32 internally + // for the expiration date clip it at 2106-02-06 + static const QDate maxAllowedDate{2106, 2, 6}; + const auto clippedExpirationDate = expirationDate <= maxAllowedDate ? expirationDate : maxAllowedDate; + if (clippedExpirationDate != expirationDate) { + qCWarning(QGPGME_LOG) << "Expiration of certification has been changed to" << clippedExpirationDate; + } + // use the "days from now" format to specify the expiration date of the certification; + // this format is the most appropriate regardless of the local timezone + const auto daysFromNow = QDate::currentDate().daysTo(clippedExpirationDate); + if (daysFromNow > 0) { + const auto certExpire = std::to_string(daysFromNow) + "d"; + ctx->setFlag("cert-expire", certExpire.c_str()); + } + } else { + // explicitly set "cert-expire" to "0" (no expiration) to override default-cert-expire set in gpg.conf + ctx->setFlag("cert-expire", "0"); + } + const Error err = ctx->edit(key, std::unique_ptr (skei), data); Error ae; const QString log = _detail::audit_log_as_html(ctx, ae); @@ -143,7 +170,7 @@ Error QGpgMESignKeyJob::start(const Key &key) break; } run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey, - opts, d->m_dupeOk, d->m_remark, d->m_trustSignature)); + opts, d->m_dupeOk, d->m_remark, d->m_trustSignature, d->m_expiration)); d->m_started = true; return Error(); } @@ -197,4 +224,10 @@ void QGpgMESignKeyJob::setTrustSignature(GpgME::TrustSignatureTrust trust, unsig d->m_trustSignature = {trust, depth, scope}; } +void QGpgMESignKeyJob::setExpirationDate(const QDate &expiration) +{ + assert(!d->m_started); + d->m_expiration = expiration; +} + #include "qgpgmesignkeyjob.moc" diff --git a/lang/qt/src/qgpgmesignkeyjob.h b/lang/qt/src/qgpgmesignkeyjob.h index 5332d543..2ea9e94c 100644 --- a/lang/qt/src/qgpgmesignkeyjob.h +++ b/lang/qt/src/qgpgmesignkeyjob.h @@ -87,6 +87,8 @@ public: /* from SignKeyJob */ void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) Q_DECL_OVERRIDE; + void setExpirationDate(const QDate &expiration) override; + private: class Private; std::unique_ptr d; diff --git a/lang/qt/src/signkeyjob.h b/lang/qt/src/signkeyjob.h index 6214bfde..666af92a 100644 --- a/lang/qt/src/signkeyjob.h +++ b/lang/qt/src/signkeyjob.h @@ -46,6 +46,7 @@ class Key; enum class TrustSignatureTrust : char; } +class QDate; class QString; namespace QGpgME @@ -144,6 +145,16 @@ public: **/ virtual void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) { Q_UNUSED(trust); Q_UNUSED(depth); Q_UNUSED(scope); }; + /** + * Sets the expiration date of the key signature to @a expiration. By default, + * key signatures do not expire. + * + * Note: Expiration dates after 2106-02-06 will be set to 2106-02-06. + * + * Not pure virtual for ABI compatibility. + **/ + virtual void setExpirationDate(const QDate &expiration) { Q_UNUSED(expiration); } + Q_SIGNALS: void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error()); }; diff --git a/lang/qt/tests/t-various.cpp b/lang/qt/tests/t-various.cpp index bec0a57e..8563b681 100644 --- a/lang/qt/tests/t-various.cpp +++ b/lang/qt/tests/t-various.cpp @@ -46,6 +46,7 @@ #include "dn.h" #include "data.h" #include "dataprovider.h" +#include "signkeyjob.h" #include "t-support.h" @@ -233,6 +234,131 @@ private Q_SLOTS: delete ctx; } + void testSignKeyWithoutExpiration() + { + Error err; + + if (!loopbackSupported()) { + return; + } + + auto ctx = Context::create(OpenPGP); + QVERIFY(ctx); + + // Get the signing key (alfa@example.net) + auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true); + QVERIFY(!err); + QVERIFY(!seckey.isNull()); + + // Get the target key (Bob / Bravo Test) + auto target = ctx->key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", err, false); + QVERIFY(!err); + QVERIFY(!target.isNull()); + QVERIFY(target.numUserIDs() > 0); + + // Create the job + auto job = std::unique_ptr{openpgp()->signKeyJob()}; + QVERIFY(job); + + // Hack in the passphrase provider + auto jobCtx = Job::context(job.get()); + TestPassphraseProvider provider; + jobCtx->setPassphraseProvider(&provider); + jobCtx->setPinentryMode(Context::PinentryLoopback); + + // Setup the job + job->setExportable(true); + job->setSigningKey(seckey); + job->setDupeOk(true); + + connect(job.get(), &SignKeyJob::result, + this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) { + Q_EMIT asyncDone(); + if (err2) { + if (err2.code() == GPG_ERR_GENERAL) { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n" + "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString()))); + } else { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString()))); + } + } + }); + + job->start(target); + QSignalSpy spy{this, &TestVarious::asyncDone}; + QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT)); + + // At this point the signature should have been added. + target.update(); + const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1); + QVERIFY(keySignature.neverExpires()); + } + + void testSignKeyWithExpiration() + { + Error err; + + if (!loopbackSupported()) { + return; + } + + auto ctx = Context::create(OpenPGP); + QVERIFY(ctx); + + // Get the signing key (alfa@example.net) + auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true); + QVERIFY(!err); + QVERIFY(!seckey.isNull()); + + // Get the target key (Bob / Bravo Test) + auto target = ctx->key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", err, false); + QVERIFY(!err); + QVERIFY(!target.isNull()); + QVERIFY(target.numUserIDs() > 0); + + // Create the job + auto job = std::unique_ptr{openpgp()->signKeyJob()}; + QVERIFY(job); + + // Hack in the passphrase provider + auto jobCtx = Job::context(job.get()); + TestPassphraseProvider provider; + jobCtx->setPassphraseProvider(&provider); + jobCtx->setPinentryMode(Context::PinentryLoopback); + + // Setup the job + job->setExportable(true); + job->setSigningKey(seckey); + job->setDupeOk(true); + job->setExpirationDate(QDate{2222, 2, 22}); + + connect(job.get(), &SignKeyJob::result, + this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) { + Q_EMIT asyncDone(); + if (err2) { + if (err2.code() == GPG_ERR_GENERAL) { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n" + "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString()))); + } else { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString()))); + } + } + }); + + QTest::ignoreMessage(QtWarningMsg, "Expiration of certification has been changed to QDate(\"2106-02-06\")"); + + job->start(target); + QSignalSpy spy{this, &TestVarious::asyncDone}; + QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT)); + + // At this point the signature should have been added. + target.update(); + const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1); + QVERIFY(!keySignature.neverExpires()); + const auto expirationDate = QDateTime::fromSecsSinceEpoch(keySignature.expirationTime()).date(); + QCOMPARE(expirationDate, QDate(2106, 2, 6)); // expiration date is capped at 2106-02-06 + } + void testVersion() { QVERIFY(EngineInfo::Version("2.1.0") < EngineInfo::Version("2.1.1")); @@ -285,6 +411,12 @@ private Q_SLOTS: const QString gpgHome = qgetenv("GNUPGHOME"); QVERIFY(copyKeyrings(gpgHome, mDir.path())); qputenv("GNUPGHOME", mDir.path().toUtf8()); + QFile conf(mDir.path() + QStringLiteral("/gpg.conf")); + QVERIFY(conf.open(QIODevice::WriteOnly)); + if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() >= "2.2.18") { + conf.write("allow-weak-key-signatures"); + } + conf.close(); } private: