qt: Extend SignKeyJob to create signatures with expiration date
* lang/qt/src/signkeyjob.h (SignKeyJob::setExpirationDate): New. * lang/qt/src/qgpgmesignkeyjob.h, lang/qt/src/qgpgmesignkeyjob.cpp (QGpgMESignKeyJob::setExpirationDate): New. * lang/qt/src/qgpgmesignkeyjob.cpp (QGpgMESignKeyJob::Private): Add member m_expiration. (sign_key): Handle expiration date. (QGpgMESignKeyJob::start): Pass expiration date to sign_key. * lang/qt/tests/t-various.cpp (TestVarious::testSignKeyWithoutExpiration, TestVarious::testSignKeyWithExpiration): New. (TestVarious::initTestCase): Add "allow-weak-key-signatures" to gpg.conf. -- This allows Kleopatra (and other users of QGpgme) to create key signatures with expiration date. GnuPG-bug-id: 5336, 5506
This commit is contained in:
parent
34d9defc42
commit
ac4536990a
@ -38,6 +38,7 @@
|
|||||||
|
|
||||||
#include "qgpgmesignkeyjob.h"
|
#include "qgpgmesignkeyjob.h"
|
||||||
|
|
||||||
|
#include <QDate>
|
||||||
#include <QString>
|
#include <QString>
|
||||||
|
|
||||||
#include "dataprovider.h"
|
#include "dataprovider.h"
|
||||||
@ -46,6 +47,8 @@
|
|||||||
#include "data.h"
|
#include "data.h"
|
||||||
#include "gpgsignkeyeditinteractor.h"
|
#include "gpgsignkeyeditinteractor.h"
|
||||||
|
|
||||||
|
#include "qgpgme_debug.h"
|
||||||
|
|
||||||
#include <cassert>
|
#include <cassert>
|
||||||
|
|
||||||
using namespace QGpgME;
|
using namespace QGpgME;
|
||||||
@ -74,6 +77,7 @@ public:
|
|||||||
bool m_dupeOk = false;
|
bool m_dupeOk = false;
|
||||||
QString m_remark;
|
QString m_remark;
|
||||||
TrustSignatureProperties m_trustSignature;
|
TrustSignatureProperties m_trustSignature;
|
||||||
|
QDate m_expiration;
|
||||||
};
|
};
|
||||||
|
|
||||||
QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context)
|
QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context)
|
||||||
@ -88,7 +92,8 @@ QGpgMESignKeyJob::~QGpgMESignKeyJob() {}
|
|||||||
static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector<unsigned int> &uids,
|
static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector<unsigned int> &uids,
|
||||||
unsigned int checkLevel, const Key &signer, unsigned int opts,
|
unsigned int checkLevel, const Key &signer, unsigned int opts,
|
||||||
bool dupeOk, const QString &remark,
|
bool dupeOk, const QString &remark,
|
||||||
const TrustSignatureProperties &trustSignature)
|
const TrustSignatureProperties &trustSignature,
|
||||||
|
const QDate &expirationDate)
|
||||||
{
|
{
|
||||||
QGpgME::QByteArrayDataProvider dp;
|
QGpgME::QByteArrayDataProvider dp;
|
||||||
Data data(&dp);
|
Data data(&dp);
|
||||||
@ -114,10 +119,32 @@ static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, cons
|
|||||||
skei->setTrustSignatureScope(trustSignature.scope.toUtf8().toStdString());
|
skei->setTrustSignatureScope(trustSignature.scope.toUtf8().toStdString());
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!signer.isNull())
|
if (!signer.isNull()) {
|
||||||
if (const Error err = ctx->addSigningKey(signer)) {
|
if (const Error err = ctx->addSigningKey(signer)) {
|
||||||
return std::make_tuple(err, QString(), Error());
|
return std::make_tuple(err, QString(), Error());
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (expirationDate.isValid()) {
|
||||||
|
// on 2106-02-07, the Unix time will reach 0xFFFFFFFF; since gpg uses uint32 internally
|
||||||
|
// for the expiration date clip it at 2106-02-06
|
||||||
|
static const QDate maxAllowedDate{2106, 2, 6};
|
||||||
|
const auto clippedExpirationDate = expirationDate <= maxAllowedDate ? expirationDate : maxAllowedDate;
|
||||||
|
if (clippedExpirationDate != expirationDate) {
|
||||||
|
qCWarning(QGPGME_LOG) << "Expiration of certification has been changed to" << clippedExpirationDate;
|
||||||
|
}
|
||||||
|
// use the "days from now" format to specify the expiration date of the certification;
|
||||||
|
// this format is the most appropriate regardless of the local timezone
|
||||||
|
const auto daysFromNow = QDate::currentDate().daysTo(clippedExpirationDate);
|
||||||
|
if (daysFromNow > 0) {
|
||||||
|
const auto certExpire = std::to_string(daysFromNow) + "d";
|
||||||
|
ctx->setFlag("cert-expire", certExpire.c_str());
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// explicitly set "cert-expire" to "0" (no expiration) to override default-cert-expire set in gpg.conf
|
||||||
|
ctx->setFlag("cert-expire", "0");
|
||||||
|
}
|
||||||
|
|
||||||
const Error err = ctx->edit(key, std::unique_ptr<EditInteractor> (skei), data);
|
const Error err = ctx->edit(key, std::unique_ptr<EditInteractor> (skei), data);
|
||||||
Error ae;
|
Error ae;
|
||||||
const QString log = _detail::audit_log_as_html(ctx, ae);
|
const QString log = _detail::audit_log_as_html(ctx, ae);
|
||||||
@ -143,7 +170,7 @@ Error QGpgMESignKeyJob::start(const Key &key)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey,
|
run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey,
|
||||||
opts, d->m_dupeOk, d->m_remark, d->m_trustSignature));
|
opts, d->m_dupeOk, d->m_remark, d->m_trustSignature, d->m_expiration));
|
||||||
d->m_started = true;
|
d->m_started = true;
|
||||||
return Error();
|
return Error();
|
||||||
}
|
}
|
||||||
@ -197,4 +224,10 @@ void QGpgMESignKeyJob::setTrustSignature(GpgME::TrustSignatureTrust trust, unsig
|
|||||||
d->m_trustSignature = {trust, depth, scope};
|
d->m_trustSignature = {trust, depth, scope};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void QGpgMESignKeyJob::setExpirationDate(const QDate &expiration)
|
||||||
|
{
|
||||||
|
assert(!d->m_started);
|
||||||
|
d->m_expiration = expiration;
|
||||||
|
}
|
||||||
|
|
||||||
#include "qgpgmesignkeyjob.moc"
|
#include "qgpgmesignkeyjob.moc"
|
||||||
|
@ -87,6 +87,8 @@ public:
|
|||||||
/* from SignKeyJob */
|
/* from SignKeyJob */
|
||||||
void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) Q_DECL_OVERRIDE;
|
void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) Q_DECL_OVERRIDE;
|
||||||
|
|
||||||
|
void setExpirationDate(const QDate &expiration) override;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
class Private;
|
class Private;
|
||||||
std::unique_ptr<Private> d;
|
std::unique_ptr<Private> d;
|
||||||
|
@ -46,6 +46,7 @@ class Key;
|
|||||||
enum class TrustSignatureTrust : char;
|
enum class TrustSignatureTrust : char;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
class QDate;
|
||||||
class QString;
|
class QString;
|
||||||
|
|
||||||
namespace QGpgME
|
namespace QGpgME
|
||||||
@ -144,6 +145,16 @@ public:
|
|||||||
**/
|
**/
|
||||||
virtual void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) { Q_UNUSED(trust); Q_UNUSED(depth); Q_UNUSED(scope); };
|
virtual void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) { Q_UNUSED(trust); Q_UNUSED(depth); Q_UNUSED(scope); };
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Sets the expiration date of the key signature to @a expiration. By default,
|
||||||
|
* key signatures do not expire.
|
||||||
|
*
|
||||||
|
* Note: Expiration dates after 2106-02-06 will be set to 2106-02-06.
|
||||||
|
*
|
||||||
|
* Not pure virtual for ABI compatibility.
|
||||||
|
**/
|
||||||
|
virtual void setExpirationDate(const QDate &expiration) { Q_UNUSED(expiration); }
|
||||||
|
|
||||||
Q_SIGNALS:
|
Q_SIGNALS:
|
||||||
void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error());
|
void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error());
|
||||||
};
|
};
|
||||||
|
@ -46,6 +46,7 @@
|
|||||||
#include "dn.h"
|
#include "dn.h"
|
||||||
#include "data.h"
|
#include "data.h"
|
||||||
#include "dataprovider.h"
|
#include "dataprovider.h"
|
||||||
|
#include "signkeyjob.h"
|
||||||
|
|
||||||
#include "t-support.h"
|
#include "t-support.h"
|
||||||
|
|
||||||
@ -233,6 +234,131 @@ private Q_SLOTS:
|
|||||||
delete ctx;
|
delete ctx;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void testSignKeyWithoutExpiration()
|
||||||
|
{
|
||||||
|
Error err;
|
||||||
|
|
||||||
|
if (!loopbackSupported()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
auto ctx = Context::create(OpenPGP);
|
||||||
|
QVERIFY(ctx);
|
||||||
|
|
||||||
|
// Get the signing key (alfa@example.net)
|
||||||
|
auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!seckey.isNull());
|
||||||
|
|
||||||
|
// Get the target key (Bob / Bravo Test)
|
||||||
|
auto target = ctx->key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", err, false);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!target.isNull());
|
||||||
|
QVERIFY(target.numUserIDs() > 0);
|
||||||
|
|
||||||
|
// Create the job
|
||||||
|
auto job = std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
|
||||||
|
QVERIFY(job);
|
||||||
|
|
||||||
|
// Hack in the passphrase provider
|
||||||
|
auto jobCtx = Job::context(job.get());
|
||||||
|
TestPassphraseProvider provider;
|
||||||
|
jobCtx->setPassphraseProvider(&provider);
|
||||||
|
jobCtx->setPinentryMode(Context::PinentryLoopback);
|
||||||
|
|
||||||
|
// Setup the job
|
||||||
|
job->setExportable(true);
|
||||||
|
job->setSigningKey(seckey);
|
||||||
|
job->setDupeOk(true);
|
||||||
|
|
||||||
|
connect(job.get(), &SignKeyJob::result,
|
||||||
|
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
|
||||||
|
Q_EMIT asyncDone();
|
||||||
|
if (err2) {
|
||||||
|
if (err2.code() == GPG_ERR_GENERAL) {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
|
||||||
|
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
|
||||||
|
} else {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
job->start(target);
|
||||||
|
QSignalSpy spy{this, &TestVarious::asyncDone};
|
||||||
|
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
|
||||||
|
|
||||||
|
// At this point the signature should have been added.
|
||||||
|
target.update();
|
||||||
|
const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
|
||||||
|
QVERIFY(keySignature.neverExpires());
|
||||||
|
}
|
||||||
|
|
||||||
|
void testSignKeyWithExpiration()
|
||||||
|
{
|
||||||
|
Error err;
|
||||||
|
|
||||||
|
if (!loopbackSupported()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
auto ctx = Context::create(OpenPGP);
|
||||||
|
QVERIFY(ctx);
|
||||||
|
|
||||||
|
// Get the signing key (alfa@example.net)
|
||||||
|
auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!seckey.isNull());
|
||||||
|
|
||||||
|
// Get the target key (Bob / Bravo Test)
|
||||||
|
auto target = ctx->key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", err, false);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!target.isNull());
|
||||||
|
QVERIFY(target.numUserIDs() > 0);
|
||||||
|
|
||||||
|
// Create the job
|
||||||
|
auto job = std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
|
||||||
|
QVERIFY(job);
|
||||||
|
|
||||||
|
// Hack in the passphrase provider
|
||||||
|
auto jobCtx = Job::context(job.get());
|
||||||
|
TestPassphraseProvider provider;
|
||||||
|
jobCtx->setPassphraseProvider(&provider);
|
||||||
|
jobCtx->setPinentryMode(Context::PinentryLoopback);
|
||||||
|
|
||||||
|
// Setup the job
|
||||||
|
job->setExportable(true);
|
||||||
|
job->setSigningKey(seckey);
|
||||||
|
job->setDupeOk(true);
|
||||||
|
job->setExpirationDate(QDate{2222, 2, 22});
|
||||||
|
|
||||||
|
connect(job.get(), &SignKeyJob::result,
|
||||||
|
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
|
||||||
|
Q_EMIT asyncDone();
|
||||||
|
if (err2) {
|
||||||
|
if (err2.code() == GPG_ERR_GENERAL) {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
|
||||||
|
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
|
||||||
|
} else {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
QTest::ignoreMessage(QtWarningMsg, "Expiration of certification has been changed to QDate(\"2106-02-06\")");
|
||||||
|
|
||||||
|
job->start(target);
|
||||||
|
QSignalSpy spy{this, &TestVarious::asyncDone};
|
||||||
|
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
|
||||||
|
|
||||||
|
// At this point the signature should have been added.
|
||||||
|
target.update();
|
||||||
|
const auto keySignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
|
||||||
|
QVERIFY(!keySignature.neverExpires());
|
||||||
|
const auto expirationDate = QDateTime::fromSecsSinceEpoch(keySignature.expirationTime()).date();
|
||||||
|
QCOMPARE(expirationDate, QDate(2106, 2, 6)); // expiration date is capped at 2106-02-06
|
||||||
|
}
|
||||||
|
|
||||||
void testVersion()
|
void testVersion()
|
||||||
{
|
{
|
||||||
QVERIFY(EngineInfo::Version("2.1.0") < EngineInfo::Version("2.1.1"));
|
QVERIFY(EngineInfo::Version("2.1.0") < EngineInfo::Version("2.1.1"));
|
||||||
@ -285,6 +411,12 @@ private Q_SLOTS:
|
|||||||
const QString gpgHome = qgetenv("GNUPGHOME");
|
const QString gpgHome = qgetenv("GNUPGHOME");
|
||||||
QVERIFY(copyKeyrings(gpgHome, mDir.path()));
|
QVERIFY(copyKeyrings(gpgHome, mDir.path()));
|
||||||
qputenv("GNUPGHOME", mDir.path().toUtf8());
|
qputenv("GNUPGHOME", mDir.path().toUtf8());
|
||||||
|
QFile conf(mDir.path() + QStringLiteral("/gpg.conf"));
|
||||||
|
QVERIFY(conf.open(QIODevice::WriteOnly));
|
||||||
|
if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() >= "2.2.18") {
|
||||||
|
conf.write("allow-weak-key-signatures");
|
||||||
|
}
|
||||||
|
conf.close();
|
||||||
}
|
}
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
Loading…
Reference in New Issue
Block a user