From f0858e45b0be260730e742643e741547123d4287 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ingo=20Kl=C3=B6cker?= Date: Wed, 5 May 2021 18:38:16 +0200 Subject: [PATCH] qt: Extend SignKeyJob to create trust signatures * lang/qt/src/signkeyjob.h (SignKeyJob::setTrustSignature): New. * lang/qt/src/qgpgmesignkeyjob.h, lang/qt/src/qgpgmesignkeyjob.cpp (QGpgMESignKeyJob::setTrustSignature): New. * lang/qt/src/qgpgmesignkeyjob.cpp (sign_key): Handle trust signatures. (QGpgMESignKeyJob::start): Pass trust signature attributes to sign_key. (QGpgMESignKeyJob::setTrustSignature): New. -- This allows Kleopatra to create trust signatures for trusted introducers. GnuPG-bug-id: 5245, 5421 --- lang/qt/src/qgpgmesignkeyjob.cpp | 38 +- lang/qt/src/qgpgmesignkeyjob.h | 3 + lang/qt/src/signkeyjob.h | 20 + lang/qt/tests/Makefile.am | 8 +- lang/qt/tests/t-trustsignatures.cpp | 565 ++++++++++++++++++++++++++++ 5 files changed, 629 insertions(+), 5 deletions(-) create mode 100644 lang/qt/tests/t-trustsignatures.cpp diff --git a/lang/qt/src/qgpgmesignkeyjob.cpp b/lang/qt/src/qgpgmesignkeyjob.cpp index 73dd9a88..75ebeb04 100644 --- a/lang/qt/src/qgpgmesignkeyjob.cpp +++ b/lang/qt/src/qgpgmesignkeyjob.cpp @@ -51,6 +51,15 @@ using namespace QGpgME; using namespace GpgME; +namespace +{ +struct TrustSignatureProperties { + TrustSignatureTrust trust = TrustSignatureTrust::None; + unsigned int depth = 0; + QString scope; +}; +} + class QGpgMESignKeyJob::Private { public: @@ -64,6 +73,7 @@ public: bool m_started = false; bool m_dupeOk = false; QString m_remark; + TrustSignatureProperties m_trustSignature; }; QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context) @@ -77,7 +87,8 @@ QGpgMESignKeyJob::~QGpgMESignKeyJob() {} static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector &uids, unsigned int checkLevel, const Key &signer, unsigned int opts, - bool dupeOk, const QString &remark) + bool dupeOk, const QString &remark, + const TrustSignatureProperties &trustSignature) { QGpgME::QByteArrayDataProvider dp; Data data(&dp); @@ -97,6 +108,12 @@ static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, cons ctx->addSignatureNotation("rem@gnupg.org", remark.toUtf8().constData()); } + if (opts & GpgSignKeyEditInteractor::Trust) { + skei->setTrustSignatureTrust(trustSignature.trust); + skei->setTrustSignatureDepth(trustSignature.depth); + skei->setTrustSignatureScope(trustSignature.scope.toUtf8().toStdString()); + } + if (!signer.isNull()) if (const Error err = ctx->addSigningKey(signer)) { return std::make_tuple(err, QString(), Error()); @@ -116,8 +133,17 @@ Error QGpgMESignKeyJob::start(const Key &key) if (d->m_exportable) { opts |= GpgSignKeyEditInteractor::Exportable; } + switch (d->m_trustSignature.trust) { + case TrustSignatureTrust::Partial: + case TrustSignatureTrust::Complete: + opts |= GpgSignKeyEditInteractor::Trust; + break; + default: + opts &= ~GpgSignKeyEditInteractor::Trust; + break; + } run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey, - opts, d->m_dupeOk, d->m_remark)); + opts, d->m_dupeOk, d->m_remark, d->m_trustSignature)); d->m_started = true; return Error(); } @@ -163,4 +189,12 @@ void QGpgMESignKeyJob::setDupeOk(bool value) assert(!d->m_started); d->m_dupeOk = value; } + +void QGpgMESignKeyJob::setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) +{ + assert(!d->m_started); + assert(depth <= 255); + d->m_trustSignature = {trust, depth, scope}; +} + #include "qgpgmesignkeyjob.moc" diff --git a/lang/qt/src/qgpgmesignkeyjob.h b/lang/qt/src/qgpgmesignkeyjob.h index e8a65fe7..5332d543 100644 --- a/lang/qt/src/qgpgmesignkeyjob.h +++ b/lang/qt/src/qgpgmesignkeyjob.h @@ -84,6 +84,9 @@ public: /* from SignKeyJob */ void setDupeOk(bool value) Q_DECL_OVERRIDE; + /* from SignKeyJob */ + void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) Q_DECL_OVERRIDE; + private: class Private; std::unique_ptr d; diff --git a/lang/qt/src/signkeyjob.h b/lang/qt/src/signkeyjob.h index e3ae75f7..461b9b3a 100644 --- a/lang/qt/src/signkeyjob.h +++ b/lang/qt/src/signkeyjob.h @@ -43,6 +43,7 @@ namespace GpgME { class Error; class Key; +enum class TrustSignatureTrust : char; } class QString; @@ -127,6 +128,25 @@ public: **/ virtual void setRemark(const QString &) {}; + /** + * If set, then the created signature will be a trust signature. By default, + * no trust signatures are created. + * + * @a trust is the amount of trust to put into the signed key, either + * @c TrustSignatureTrust::Partial or @c TrustSignatureTrust::Complete. + * @a depth is the level of the trust signature. Values between 0 and 255 are + * allowed. Level 0 has the same meaning as an ordinary validity signature. + * Level 1 means that the signed key is asserted to be a valid trusted + * introducer. Level n >= 2 means that the signed key is asserted to be + * trusted to issue level n-1 trust signatures, i.e., that it is a "meta + * introducer". + * @a scope is a domain name that limits the scope of trust of the signed key + * to user IDs with email addresses matching the domain (or a subdomain). + * + * Not pure virtual for ABI compatibility. + **/ + virtual void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) { Q_UNUSED(trust); Q_UNUSED(depth); Q_UNUSED(scope); }; + Q_SIGNALS: void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error()); }; diff --git a/lang/qt/tests/Makefile.am b/lang/qt/tests/Makefile.am index ace5082c..41ea8087 100644 --- a/lang/qt/tests/Makefile.am +++ b/lang/qt/tests/Makefile.am @@ -27,11 +27,11 @@ TESTS_ENVIRONMENT = GNUPGHOME=$(GNUPGHOME) EXTRA_DIST = initial.test TESTS = initial.test t-keylist t-keylocate t-ownertrust t-tofuinfo \ - t-encrypt t-verify t-various t-config t-remarks + t-encrypt t-verify t-various t-config t-remarks t-trustsignatures moc_files = t-keylist.moc t-keylocate.moc t-ownertrust.moc t-tofuinfo.moc \ t-encrypt.moc t-support.hmoc t-wkspublish.moc t-verify.moc \ - t-various.moc t-config.moc t-remarks.moc + t-various.moc t-config.moc t-remarks.moc t-trustsignatures.moc AM_LDFLAGS = -no-install @@ -57,6 +57,7 @@ t_verify_SOURCES = t-verify.cpp $(support_src) t_various_SOURCES = t-various.cpp $(support_src) t_config_SOURCES = t-config.cpp $(support_src) t_remarks_SOURCES = t-remarks.cpp $(support_src) +t_trustsignatures_SOURCES = t-trustsignatures.cpp $(support_src) run_keyformailboxjob_SOURCES = run-keyformailboxjob.cpp nodist_t_keylist_SOURCES = $(moc_files) @@ -64,7 +65,8 @@ nodist_t_keylist_SOURCES = $(moc_files) BUILT_SOURCES = $(moc_files) pubring-stamp noinst_PROGRAMS = t-keylist t-keylocate t-ownertrust t-tofuinfo t-encrypt \ - run-keyformailboxjob t-wkspublish t-verify t-various t-config t-remarks + run-keyformailboxjob t-wkspublish t-verify t-various t-config t-remarks \ + t-trustsignatures CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \ gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \ diff --git a/lang/qt/tests/t-trustsignatures.cpp b/lang/qt/tests/t-trustsignatures.cpp new file mode 100644 index 00000000..d392b2fb --- /dev/null +++ b/lang/qt/tests/t-trustsignatures.cpp @@ -0,0 +1,565 @@ +/* t-remarks.cpp + + This file is part of qgpgme, the Qt API binding for gpgme + Copyright (c) 2021 g10 Code GmbH + Software engineering by Ingo Klöcker + + QGpgME is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License as + published by the Free Software Foundation; either version 2 of the + License, or (at your option) any later version. + + QGpgME is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + + In addition, as a special exception, the copyright holders give + permission to link the code of this program with any edition of + the Qt library by Trolltech AS, Norway (or with modified versions + of Qt that use the same license as Qt), and distribute linked + combinations including the two. You must obey the GNU General + Public License in all respects for all of the code used other than + Qt. If you modify this file, you may extend this exception to + your version of the file, but you are not obligated to do so. If + you do not wish to do so, delete this exception statement from + your version. +*/ + +#ifdef HAVE_CONFIG_H + #include "config.h" +#endif + +#include "t-support.h" + +#include "context.h" +#include "engineinfo.h" +#include "protocol.h" +#include "signkeyjob.h" + +#include +#include +#include + +using namespace QGpgME; +using namespace GpgME; + +class TestTrustSignatures: public QGpgMETest +{ + Q_OBJECT + +Q_SIGNALS: + void asyncDone(); + +private Q_SLOTS: + void test_tsign_single_uid_key_and_then_tsign_it_again() + { + Error err; + + if (!loopbackSupported()) { + return; + } + + auto ctx = Context::create(OpenPGP); + QVERIFY(ctx); + + // Get the signing key (alfa@example.net) + auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true); + QVERIFY(!err); + QVERIFY(!seckey.isNull()); + + // Get the target key (victor@example.org) + auto target = ctx->key("E8143C489C8D41124DC40D0B47AF4B6961F04784", err, false); + QVERIFY(!err); + QVERIFY(!target.isNull()); + QVERIFY(target.numUserIDs() > 0); + + // Create first trust signature + { + // Create the job + auto job = std::unique_ptr{openpgp()->signKeyJob()}; + QVERIFY(job); + + // Hack in the passphrase provider + auto jobCtx = Job::context(job.get()); + TestPassphraseProvider provider; + jobCtx->setPassphraseProvider(&provider); + jobCtx->setPinentryMode(Context::PinentryLoopback); + + // Setup the job + job->setExportable(true); + job->setSigningKey(seckey); + job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org")); + + connect(job.get(), &SignKeyJob::result, + this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) { + Q_EMIT asyncDone(); + if (err2) { + if (err2.code() == GPG_ERR_GENERAL) { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n" + "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString()))); + } else { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString()))); + } + } + }); + + job->start(target); + QSignalSpy spy (this, SIGNAL(asyncDone())); + QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT)); + + // At this point the trust signature should have been added. + target.update(); + const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1); + QVERIFY(trustSignature.isTrustSignature()); + QCOMPARE(trustSignature.trustDepth(), 1u); + QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete); + QVERIFY(trustSignature.trustScope()); + const auto trustScope = QString::fromUtf8(trustSignature.trustScope()); + QVERIFY(!trustScope.isEmpty()); + const QRegExp regex{trustScope}; + QVERIFY(regex.isValid()); + QVERIFY(regex.indexIn(QStringLiteral("Foo ")) != -1); + } + + // Create second trust signature + { + // Create the job + auto job = std::unique_ptr{openpgp()->signKeyJob()}; + QVERIFY(job); + + // Hack in the passphrase provider + auto jobCtx = Job::context(job.get()); + TestPassphraseProvider provider; + jobCtx->setPassphraseProvider(&provider); + jobCtx->setPinentryMode(Context::PinentryLoopback); + + // Setup the job + job->setExportable(true); + job->setSigningKey(seckey); + job->setDupeOk(true); + job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net")); + + connect(job.get(), &SignKeyJob::result, + this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) { + Q_EMIT asyncDone(); + if (err2) { + if (err2.code() == GPG_ERR_GENERAL) { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n" + "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString()))); + } else { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString()))); + } + } + }); + + err = job->start(target); + QVERIFY(!err); + QSignalSpy spy (this, SIGNAL(asyncDone())); + QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT)); + + // At this point the trust signature should have been added. + target.update(); + const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1); + QVERIFY(trustSignature.isTrustSignature()); + QCOMPARE(trustSignature.trustDepth(), 2u); + QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial); + QVERIFY(trustSignature.trustScope()); + const auto trustScope = QString::fromUtf8(trustSignature.trustScope()); + QVERIFY(!trustScope.isEmpty()); + const QRegExp regex{trustScope}; + QVERIFY(regex.isValid()); + QVERIFY(regex.indexIn(QStringLiteral("Foo ")) != -1); + } + } + + void test_tsign_multi_uid_key_and_then_tsign_it_again() + { + Error err; + + if (!loopbackSupported()) { + return; + } + + auto ctx = Context::create(OpenPGP); + QVERIFY(ctx); + + // Get the signing key (alfa@example.net) + auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true); + QVERIFY(!err); + QVERIFY(!seckey.isNull()); + + // Get the target key (Bob / Bravo Test) + auto target = ctx->key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", err, false); + QVERIFY(!err); + QVERIFY(!target.isNull()); + QVERIFY(target.numUserIDs() > 0); + + // Create first trust signature + { + // Create the job + auto job = openpgp()->signKeyJob();//std::unique_ptr{openpgp()->signKeyJob()}; + QVERIFY(job); + + // Hack in the passphrase provider + auto jobCtx = Job::context(job); + TestPassphraseProvider provider; + jobCtx->setPassphraseProvider(&provider); + jobCtx->setPinentryMode(Context::PinentryLoopback); + + // Setup the job + job->setExportable(true); + job->setSigningKey(seckey); + job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org")); + + connect(job, &SignKeyJob::result, + this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) { + Q_EMIT asyncDone(); + if (err2) { + if (err2.code() == GPG_ERR_GENERAL) { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n" + "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString()))); + } else { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString()))); + } + } + }); + + job->start(target); + QSignalSpy spy (this, SIGNAL(asyncDone())); + QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT)); + + // At this point the trust signature should have been added. + target.update(); + const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1); + QVERIFY(trustSignature.isTrustSignature()); + QCOMPARE(trustSignature.trustDepth(), 1u); + QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete); + QVERIFY(trustSignature.trustScope()); + const auto trustScope = QString::fromUtf8(trustSignature.trustScope()); + QVERIFY(!trustScope.isEmpty()); + const QRegExp regex{trustScope}; + QVERIFY(regex.isValid()); + QVERIFY(regex.indexIn(QStringLiteral("Foo ")) != -1); + } + + // Create second trust signature + { + // Create the job + auto job = openpgp()->signKeyJob();//std::unique_ptr{openpgp()->signKeyJob()}; + QVERIFY(job); + + // Hack in the passphrase provider + auto jobCtx = Job::context(job); + TestPassphraseProvider provider; + jobCtx->setPassphraseProvider(&provider); + jobCtx->setPinentryMode(Context::PinentryLoopback); + + // Setup the job + job->setExportable(true); + job->setSigningKey(seckey); + job->setDupeOk(true); + job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net")); + + connect(job, &SignKeyJob::result, + this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) { + Q_EMIT asyncDone(); + if (err2) { + if (err2.code() == GPG_ERR_GENERAL) { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n" + "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString()))); + } else { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString()))); + } + } + }); + + err = job->start(target); + QVERIFY(!err); + QSignalSpy spy (this, SIGNAL(asyncDone())); + QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT)); + + // At this point the trust signature should have been added. + target.update(); + const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1); + QVERIFY(trustSignature.isTrustSignature()); + QCOMPARE(trustSignature.trustDepth(), 2u); + QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial); + QVERIFY(trustSignature.trustScope()); + const auto trustScope = QString::fromUtf8(trustSignature.trustScope()); + QVERIFY(!trustScope.isEmpty()); + const QRegExp regex{trustScope}; + QVERIFY(regex.isValid()); + QVERIFY(regex.indexIn(QStringLiteral("Foo ")) != -1); + } + } + + void test_tsign_first_uid_and_then_tsign_both_uids() + { + Error err; + + if (!loopbackSupported()) { + return; + } + + auto ctx = Context::create(OpenPGP); + QVERIFY(ctx); + + // Get the signing key (alfa@example.net) + auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true); + QVERIFY(!err); + QVERIFY(!seckey.isNull()); + + // Get the target key (Mallory / Mike Test) + auto target = ctx->key("2686AA191A278013992C72EBBE794852BE5CF886", err, false); + QVERIFY(!err); + QVERIFY(!target.isNull()); + QVERIFY(target.numUserIDs() > 0); + + // Create first trust signature + { + // Create the job + auto job = openpgp()->signKeyJob();//std::unique_ptr{openpgp()->signKeyJob()}; + QVERIFY(job); + + // Hack in the passphrase provider + auto jobCtx = Job::context(job); + TestPassphraseProvider provider; + jobCtx->setPassphraseProvider(&provider); + jobCtx->setPinentryMode(Context::PinentryLoopback); + + // Setup the job + job->setExportable(true); + job->setSigningKey(seckey); + job->setUserIDsToSign({0}); + job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org")); + + connect(job, &SignKeyJob::result, + this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) { + Q_EMIT asyncDone(); + if (err2) { + if (err2.code() == GPG_ERR_GENERAL) { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n" + "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString()))); + } else { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString()))); + } + } + }); + + job->start(target); + QSignalSpy spy (this, SIGNAL(asyncDone())); + QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT)); + + // At this point the trust signature should have been added. + target.update(); + const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1); + QVERIFY(trustSignature.isTrustSignature()); + QCOMPARE(trustSignature.trustDepth(), 1u); + QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete); + QVERIFY(trustSignature.trustScope()); + const auto trustScope = QString::fromUtf8(trustSignature.trustScope()); + QVERIFY(!trustScope.isEmpty()); + const QRegExp regex{trustScope}; + QVERIFY(regex.isValid()); + QVERIFY(regex.indexIn(QStringLiteral("Foo ")) != -1); + } + + // Create second trust signature + { + // Create the job + auto job = openpgp()->signKeyJob();//std::unique_ptr{openpgp()->signKeyJob()}; + QVERIFY(job); + + // Hack in the passphrase provider + auto jobCtx = Job::context(job); + TestPassphraseProvider provider; + jobCtx->setPassphraseProvider(&provider); + jobCtx->setPinentryMode(Context::PinentryLoopback); + + // Setup the job + job->setExportable(true); + job->setSigningKey(seckey); + job->setDupeOk(true); + job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net")); + + connect(job, &SignKeyJob::result, + this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) { + Q_EMIT asyncDone(); + if (err2) { + if (err2.code() == GPG_ERR_GENERAL) { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n" + "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString()))); + } else { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString()))); + } + } + }); + + err = job->start(target); + QVERIFY(!err); + QSignalSpy spy (this, SIGNAL(asyncDone())); + QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT)); + + // At this point the trust signature should have been added. + target.update(); + const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1); + QVERIFY(trustSignature.isTrustSignature()); + QCOMPARE(trustSignature.trustDepth(), 2u); + QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial); + QVERIFY(trustSignature.trustScope()); + const auto trustScope = QString::fromUtf8(trustSignature.trustScope()); + QVERIFY(!trustScope.isEmpty()); + const QRegExp regex{trustScope}; + QVERIFY(regex.isValid()); + QVERIFY(regex.indexIn(QStringLiteral("Foo ")) != -1); + } + } + + void test_tsign_all_uids_and_then_tsign_first_uid() + { + Error err; + + if (!loopbackSupported()) { + return; + } + + auto ctx = Context::create(OpenPGP); + QVERIFY(ctx); + + // Get the signing key (alfa@example.net) + auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true); + QVERIFY(!err); + QVERIFY(!seckey.isNull()); + + // Get the target key (Echelon / Echo Test / Eve) + auto target = ctx->key("3531152DE293E26A07F504BC318C1FAEFAEF6D1B", err, false); + QVERIFY(!err); + QVERIFY(!target.isNull()); + QVERIFY(target.numUserIDs() > 0); + + // Create first trust signature + { + // Create the job + auto job = openpgp()->signKeyJob();//std::unique_ptr{openpgp()->signKeyJob()}; + QVERIFY(job); + + // Hack in the passphrase provider + auto jobCtx = Job::context(job); + TestPassphraseProvider provider; + jobCtx->setPassphraseProvider(&provider); + jobCtx->setPinentryMode(Context::PinentryLoopback); + + // Setup the job + job->setExportable(true); + job->setSigningKey(seckey); + job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org")); + + connect(job, &SignKeyJob::result, + this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) { + Q_EMIT asyncDone(); + if (err2) { + if (err2.code() == GPG_ERR_GENERAL) { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n" + "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString()))); + } else { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString()))); + } + } + }); + + job->start(target); + QSignalSpy spy (this, SIGNAL(asyncDone())); + QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT)); + + // At this point the trust signature should have been added. + target.update(); + const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1); + QVERIFY(trustSignature.isTrustSignature()); + QCOMPARE(trustSignature.trustDepth(), 1u); + QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete); + QVERIFY(trustSignature.trustScope()); + const auto trustScope = QString::fromUtf8(trustSignature.trustScope()); + QVERIFY(!trustScope.isEmpty()); + const QRegExp regex{trustScope}; + QVERIFY(regex.isValid()); + QVERIFY(regex.indexIn(QStringLiteral("Foo ")) != -1); + } + + // Create second trust signature + { + // Create the job + auto job = openpgp()->signKeyJob();//std::unique_ptr{openpgp()->signKeyJob()}; + QVERIFY(job); + + // Hack in the passphrase provider + auto jobCtx = Job::context(job); + TestPassphraseProvider provider; + jobCtx->setPassphraseProvider(&provider); + jobCtx->setPinentryMode(Context::PinentryLoopback); + + // Setup the job + job->setExportable(true); + job->setSigningKey(seckey); + job->setUserIDsToSign({0}); + job->setDupeOk(true); + job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net")); + + connect(job, &SignKeyJob::result, + this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) { + Q_EMIT asyncDone(); + if (err2) { + if (err2.code() == GPG_ERR_GENERAL) { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n" + "Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString()))); + } else { + QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString()))); + } + } + }); + + err = job->start(target); + QVERIFY(!err); + QSignalSpy spy (this, SIGNAL(asyncDone())); + QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT)); + + // At this point the trust signature should have been added. + target.update(); + const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1); + QVERIFY(trustSignature.isTrustSignature()); + QCOMPARE(trustSignature.trustDepth(), 2u); + QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial); + QVERIFY(trustSignature.trustScope()); + const auto trustScope = QString::fromUtf8(trustSignature.trustScope()); + QVERIFY(!trustScope.isEmpty()); + const QRegExp regex{trustScope}; + QVERIFY(regex.isValid()); + QVERIFY(regex.indexIn(QStringLiteral("Foo ")) != -1); + } + } + + void initTestCase() + { + QGpgMETest::initTestCase(); + const QString gpgHome = qgetenv("GNUPGHOME"); + QVERIFY(copyKeyrings(gpgHome, mDir.path())); + qputenv("GNUPGHOME", mDir.path().toUtf8()); + QFile conf(mDir.path() + QStringLiteral("/gpg.conf")); + QVERIFY(conf.open(QIODevice::WriteOnly)); + if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() >= "2.2.18") { + conf.write("allow-weak-key-signatures"); + } + conf.close(); + } + +private: + QTemporaryDir mDir; +}; + +QTEST_MAIN(TestTrustSignatures) + +#include "t-trustsignatures.moc"