qt: Extend SignKeyJob to create signatures with expiration date

* lang/qt/src/signkeyjob.h (SignKeyJob::setExpirationDate): New.
* lang/qt/src/qgpgmesignkeyjob.h, lang/qt/src/qgpgmesignkeyjob.cpp
(QGpgMESignKeyJob::setExpirationDate): New.
* lang/qt/src/qgpgmesignkeyjob.cpp (QGpgMESignKeyJob::Private): Add
member m_expiration.
(sign_key): Handle expiration date.
(QGpgMESignKeyJob::start): Pass expiration date to sign_key.

* lang/qt/tests/t-various.cpp
(TestVarious::testSignKeyWithoutExpiration,
TestVarious::testSignKeyWithExpiration): New.
(TestVarious::initTestCase): Add "allow-weak-key-signatures" to
gpg.conf.
--

This allows Kleopatra (and other users of QGpgme) to create key
signatures with expiration date.

GnuPG-bug-id: 5336, 5506
This commit is contained in:
Ingo Klöcker 2021-06-22 18:49:45 +02:00
parent 34d9defc42
commit ac4536990a
4 changed files with 181 additions and 3 deletions

View File

@ -38,6 +38,7 @@
#include "qgpgmesignkeyjob.h" #include "qgpgmesignkeyjob.h"
#include <QDate>
#include <QString> #include <QString>
#include "dataprovider.h" #include "dataprovider.h"
@ -46,6 +47,8 @@
#include "data.h" #include "data.h"
#include "gpgsignkeyeditinteractor.h" #include "gpgsignkeyeditinteractor.h"
#include "qgpgme_debug.h"
#include <cassert> #include <cassert>
using namespace QGpgME; using namespace QGpgME;
@ -74,6 +77,7 @@ public:
bool m_dupeOk = false; bool m_dupeOk = false;
QString m_remark; QString m_remark;
TrustSignatureProperties m_trustSignature; TrustSignatureProperties m_trustSignature;
QDate m_expiration;
}; };
QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context) QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context)
@ -88,7 +92,8 @@ QGpgMESignKeyJob::~QGpgMESignKeyJob() {}
static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector<unsigned int> &uids, static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector<unsigned int> &uids,
unsigned int checkLevel, const Key &signer, unsigned int opts, unsigned int checkLevel, const Key &signer, unsigned int opts,
bool dupeOk, const QString &remark, bool dupeOk, const QString &remark,
const TrustSignatureProperties &trustSignature) const TrustSignatureProperties &trustSignature,
const QDate &expirationDate)
{ {
QGpgME::QByteArrayDataProvider dp; QGpgME::QByteArrayDataProvider dp;
Data data(&dp); Data data(&dp);
@ -114,10 +119,32 @@ static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, cons
skei->setTrustSignatureScope(trustSignature.scope.toUtf8().toStdString()); skei->setTrustSignatureScope(trustSignature.scope.toUtf8().toStdString());
} }
if (!signer.isNull()) if (!signer.isNull()) {
if (const Error err = ctx->addSigningKey(signer)) { if (const Error err = ctx->addSigningKey(signer)) {
return std::make_tuple(err, QString(), Error()); return std::make_tuple(err, QString(), Error());
} }
}
if (expirationDate.isValid()) {
// on 2106-02-07, the Unix time will reach 0xFFFFFFFF; since gpg uses uint32 internally
// for the expiration date clip it at 2106-02-06
static const QDate maxAllowedDate{2106, 2, 6};
const auto clippedExpirationDate = expirationDate <= maxAllowedDate ? expirationDate : maxAllowedDate;
if (clippedExpirationDate != expirationDate) {
qCWarning(QGPGME_LOG) << "Expiration of certification has been changed to" << clippedExpirationDate;
}
// use the "days from now" format to specify the expiration date of the certification;
// this format is the most appropriate regardless of the local timezone
const auto daysFromNow = QDate::currentDate().daysTo(clippedExpirationDate);
if (daysFromNow > 0) {
const auto certExpire = std::to_string(daysFromNow) + "d";
ctx->setFlag("cert-expire", certExpire.c_str());
}
} else {
// explicitly set "cert-expire" to "0" (no expiration) to override default-cert-expire set in gpg.conf
ctx->setFlag("cert-expire", "0");
}
const Error err = ctx->edit(key, std::unique_ptr<EditInteractor> (skei), data); const Error err = ctx->edit(key, std::unique_ptr<EditInteractor> (skei), data);
Error ae; Error ae;
const QString log = _detail::audit_log_as_html(ctx, ae); const QString log = _detail::audit_log_as_html(ctx, ae);
@ -143,7 +170,7 @@ Error QGpgMESignKeyJob::start(const Key &key)
break; break;
} }
run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey, run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey,
opts, d->m_dupeOk, d->m_remark, d->m_trustSignature)); opts, d->m_dupeOk, d->m_remark, d->m_trustSignature, d->m_expiration));
d->m_started = true; d->m_started = true;
return Error(); return Error();
} }
@ -197,4 +224,10 @@ void QGpgMESignKeyJob::setTrustSignature(GpgME::TrustSignatureTrust trust, unsig
d->m_trustSignature = {trust, depth, scope}; d->m_trustSignature = {trust, depth, scope};
} }
void QGpgMESignKeyJob::setExpirationDate(const QDate &expiration)
{
assert(!d->m_started);
d->m_expiration = expiration;
}
#include "qgpgmesignkeyjob.moc" #include "qgpgmesignkeyjob.moc"

View File

@ -87,6 +87,8 @@ public:
/* from SignKeyJob */ /* from SignKeyJob */
void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) Q_DECL_OVERRIDE; void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) Q_DECL_OVERRIDE;
void setExpirationDate(const QDate &expiration) override;
private: private:
class Private; class Private;
std::unique_ptr<Private> d; std::unique_ptr<Private> d;

View File

@ -46,6 +46,7 @@ class Key;
enum class TrustSignatureTrust : char; enum class TrustSignatureTrust : char;
} }
class QDate;
class QString; class QString;
namespace QGpgME namespace QGpgME
@ -144,6 +145,16 @@ public:
**/ **/
virtual void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) { Q_UNUSED(trust); Q_UNUSED(depth); Q_UNUSED(scope); }; virtual void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) { Q_UNUSED(trust); Q_UNUSED(depth); Q_UNUSED(scope); };
/**
* Sets the expiration date of the key signature to @a expiration. By default,
* key signatures do not expire.
*
* Note: Expiration dates after 2106-02-06 will be set to 2106-02-06.
*
* Not pure virtual for ABI compatibility.
**/
virtual void setExpirationDate(const QDate &expiration) { Q_UNUSED(expiration); }
Q_SIGNALS: Q_SIGNALS:
void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error()); void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error());
}; };

View File

@ -46,6 +46,7 @@
#include "dn.h" #include "dn.h"
#include "data.h" #include "data.h"
#include "dataprovider.h" #include "dataprovider.h"
#include "signkeyjob.h"
#include "t-support.h" #include "t-support.h"
@ -233,6 +234,131 @@ private Q_SLOTS:
delete ctx; delete ctx;
} }
void testSignKeyWithoutExpiration()
{
Error err;
if (!loopbackSupported()) {
return;
}
auto ctx = Context::create(OpenPGP);
QVERIFY(ctx);
// Get the signing key (alfa@example.net)
auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
QVERIFY(!err);
QVERIFY(!seckey.isNull());
// Get the target key (Bob / Bravo Test)
auto target = ctx->key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", err, false);
QVERIFY(!err);
QVERIFY(!target.isNull());
QVERIFY(target.numUserIDs() > 0);
// Create the job
auto job = std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
QVERIFY(job);
// Hack in the passphrase provider
auto jobCtx = Job::context(job.get());
TestPassphraseProvider provider;
jobCtx->setPassphraseProvider(&provider);
jobCtx->setPinentryMode(Context::PinentryLoopback);
// Setup the job
job->setExportable(true);
job->setSigningKey(seckey);
job->setDupeOk(true);
connect(job.get(), &SignKeyJob::result,
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
Q_EMIT asyncDone();
if (err2) {
if (err2.code() == GPG_ERR_GENERAL) {
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
} else {
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
}
}
});
job->start(target);
QSignalSpy spy{this, &TestVarious::asyncDone};
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
// At this point the signature should have been added.
target.update();
const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
QVERIFY(keySignature.neverExpires());
}
void testSignKeyWithExpiration()
{
Error err;
if (!loopbackSupported()) {
return;
}
auto ctx = Context::create(OpenPGP);
QVERIFY(ctx);
// Get the signing key (alfa@example.net)
auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
QVERIFY(!err);
QVERIFY(!seckey.isNull());
// Get the target key (Bob / Bravo Test)
auto target = ctx->key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", err, false);
QVERIFY(!err);
QVERIFY(!target.isNull());
QVERIFY(target.numUserIDs() > 0);
// Create the job
auto job = std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
QVERIFY(job);
// Hack in the passphrase provider
auto jobCtx = Job::context(job.get());
TestPassphraseProvider provider;
jobCtx->setPassphraseProvider(&provider);
jobCtx->setPinentryMode(Context::PinentryLoopback);
// Setup the job
job->setExportable(true);
job->setSigningKey(seckey);
job->setDupeOk(true);
job->setExpirationDate(QDate{2222, 2, 22});
connect(job.get(), &SignKeyJob::result,
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
Q_EMIT asyncDone();
if (err2) {
if (err2.code() == GPG_ERR_GENERAL) {
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
} else {
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
}
}
});
QTest::ignoreMessage(QtWarningMsg, "Expiration of certification has been changed to QDate(\"2106-02-06\")");
job->start(target);
QSignalSpy spy{this, &TestVarious::asyncDone};
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
// At this point the signature should have been added.
target.update();
const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
QVERIFY(!keySignature.neverExpires());
const auto expirationDate = QDateTime::fromSecsSinceEpoch(keySignature.expirationTime()).date();
QCOMPARE(expirationDate, QDate(2106, 2, 6)); // expiration date is capped at 2106-02-06
}
void testVersion() void testVersion()
{ {
QVERIFY(EngineInfo::Version("2.1.0") < EngineInfo::Version("2.1.1")); QVERIFY(EngineInfo::Version("2.1.0") < EngineInfo::Version("2.1.1"));
@ -285,6 +411,12 @@ private Q_SLOTS:
const QString gpgHome = qgetenv("GNUPGHOME"); const QString gpgHome = qgetenv("GNUPGHOME");
QVERIFY(copyKeyrings(gpgHome, mDir.path())); QVERIFY(copyKeyrings(gpgHome, mDir.path()));
qputenv("GNUPGHOME", mDir.path().toUtf8()); qputenv("GNUPGHOME", mDir.path().toUtf8());
QFile conf(mDir.path() + QStringLiteral("/gpg.conf"));
QVERIFY(conf.open(QIODevice::WriteOnly));
if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() >= "2.2.18") {
conf.write("allow-weak-key-signatures");
}
conf.close();
} }
private: private: