qt: Extend SignKeyJob to create trust signatures
* lang/qt/src/signkeyjob.h (SignKeyJob::setTrustSignature): New. * lang/qt/src/qgpgmesignkeyjob.h, lang/qt/src/qgpgmesignkeyjob.cpp (QGpgMESignKeyJob::setTrustSignature): New. * lang/qt/src/qgpgmesignkeyjob.cpp (sign_key): Handle trust signatures. (QGpgMESignKeyJob::start): Pass trust signature attributes to sign_key. (QGpgMESignKeyJob::setTrustSignature): New. -- This allows Kleopatra to create trust signatures for trusted introducers. GnuPG-bug-id: 5245, 5421
This commit is contained in:
parent
dae01f8185
commit
f0858e45b0
@ -51,6 +51,15 @@
|
|||||||
using namespace QGpgME;
|
using namespace QGpgME;
|
||||||
using namespace GpgME;
|
using namespace GpgME;
|
||||||
|
|
||||||
|
namespace
|
||||||
|
{
|
||||||
|
struct TrustSignatureProperties {
|
||||||
|
TrustSignatureTrust trust = TrustSignatureTrust::None;
|
||||||
|
unsigned int depth = 0;
|
||||||
|
QString scope;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
class QGpgMESignKeyJob::Private
|
class QGpgMESignKeyJob::Private
|
||||||
{
|
{
|
||||||
public:
|
public:
|
||||||
@ -64,6 +73,7 @@ public:
|
|||||||
bool m_started = false;
|
bool m_started = false;
|
||||||
bool m_dupeOk = false;
|
bool m_dupeOk = false;
|
||||||
QString m_remark;
|
QString m_remark;
|
||||||
|
TrustSignatureProperties m_trustSignature;
|
||||||
};
|
};
|
||||||
|
|
||||||
QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context)
|
QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context)
|
||||||
@ -77,7 +87,8 @@ QGpgMESignKeyJob::~QGpgMESignKeyJob() {}
|
|||||||
|
|
||||||
static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector<unsigned int> &uids,
|
static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector<unsigned int> &uids,
|
||||||
unsigned int checkLevel, const Key &signer, unsigned int opts,
|
unsigned int checkLevel, const Key &signer, unsigned int opts,
|
||||||
bool dupeOk, const QString &remark)
|
bool dupeOk, const QString &remark,
|
||||||
|
const TrustSignatureProperties &trustSignature)
|
||||||
{
|
{
|
||||||
QGpgME::QByteArrayDataProvider dp;
|
QGpgME::QByteArrayDataProvider dp;
|
||||||
Data data(&dp);
|
Data data(&dp);
|
||||||
@ -97,6 +108,12 @@ static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, cons
|
|||||||
ctx->addSignatureNotation("rem@gnupg.org", remark.toUtf8().constData());
|
ctx->addSignatureNotation("rem@gnupg.org", remark.toUtf8().constData());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (opts & GpgSignKeyEditInteractor::Trust) {
|
||||||
|
skei->setTrustSignatureTrust(trustSignature.trust);
|
||||||
|
skei->setTrustSignatureDepth(trustSignature.depth);
|
||||||
|
skei->setTrustSignatureScope(trustSignature.scope.toUtf8().toStdString());
|
||||||
|
}
|
||||||
|
|
||||||
if (!signer.isNull())
|
if (!signer.isNull())
|
||||||
if (const Error err = ctx->addSigningKey(signer)) {
|
if (const Error err = ctx->addSigningKey(signer)) {
|
||||||
return std::make_tuple(err, QString(), Error());
|
return std::make_tuple(err, QString(), Error());
|
||||||
@ -116,8 +133,17 @@ Error QGpgMESignKeyJob::start(const Key &key)
|
|||||||
if (d->m_exportable) {
|
if (d->m_exportable) {
|
||||||
opts |= GpgSignKeyEditInteractor::Exportable;
|
opts |= GpgSignKeyEditInteractor::Exportable;
|
||||||
}
|
}
|
||||||
|
switch (d->m_trustSignature.trust) {
|
||||||
|
case TrustSignatureTrust::Partial:
|
||||||
|
case TrustSignatureTrust::Complete:
|
||||||
|
opts |= GpgSignKeyEditInteractor::Trust;
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
opts &= ~GpgSignKeyEditInteractor::Trust;
|
||||||
|
break;
|
||||||
|
}
|
||||||
run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey,
|
run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey,
|
||||||
opts, d->m_dupeOk, d->m_remark));
|
opts, d->m_dupeOk, d->m_remark, d->m_trustSignature));
|
||||||
d->m_started = true;
|
d->m_started = true;
|
||||||
return Error();
|
return Error();
|
||||||
}
|
}
|
||||||
@ -163,4 +189,12 @@ void QGpgMESignKeyJob::setDupeOk(bool value)
|
|||||||
assert(!d->m_started);
|
assert(!d->m_started);
|
||||||
d->m_dupeOk = value;
|
d->m_dupeOk = value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void QGpgMESignKeyJob::setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope)
|
||||||
|
{
|
||||||
|
assert(!d->m_started);
|
||||||
|
assert(depth <= 255);
|
||||||
|
d->m_trustSignature = {trust, depth, scope};
|
||||||
|
}
|
||||||
|
|
||||||
#include "qgpgmesignkeyjob.moc"
|
#include "qgpgmesignkeyjob.moc"
|
||||||
|
@ -84,6 +84,9 @@ public:
|
|||||||
/* from SignKeyJob */
|
/* from SignKeyJob */
|
||||||
void setDupeOk(bool value) Q_DECL_OVERRIDE;
|
void setDupeOk(bool value) Q_DECL_OVERRIDE;
|
||||||
|
|
||||||
|
/* from SignKeyJob */
|
||||||
|
void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) Q_DECL_OVERRIDE;
|
||||||
|
|
||||||
private:
|
private:
|
||||||
class Private;
|
class Private;
|
||||||
std::unique_ptr<Private> d;
|
std::unique_ptr<Private> d;
|
||||||
|
@ -43,6 +43,7 @@ namespace GpgME
|
|||||||
{
|
{
|
||||||
class Error;
|
class Error;
|
||||||
class Key;
|
class Key;
|
||||||
|
enum class TrustSignatureTrust : char;
|
||||||
}
|
}
|
||||||
|
|
||||||
class QString;
|
class QString;
|
||||||
@ -127,6 +128,25 @@ public:
|
|||||||
**/
|
**/
|
||||||
virtual void setRemark(const QString &) {};
|
virtual void setRemark(const QString &) {};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* If set, then the created signature will be a trust signature. By default,
|
||||||
|
* no trust signatures are created.
|
||||||
|
*
|
||||||
|
* @a trust is the amount of trust to put into the signed key, either
|
||||||
|
* @c TrustSignatureTrust::Partial or @c TrustSignatureTrust::Complete.
|
||||||
|
* @a depth is the level of the trust signature. Values between 0 and 255 are
|
||||||
|
* allowed. Level 0 has the same meaning as an ordinary validity signature.
|
||||||
|
* Level 1 means that the signed key is asserted to be a valid trusted
|
||||||
|
* introducer. Level n >= 2 means that the signed key is asserted to be
|
||||||
|
* trusted to issue level n-1 trust signatures, i.e., that it is a "meta
|
||||||
|
* introducer".
|
||||||
|
* @a scope is a domain name that limits the scope of trust of the signed key
|
||||||
|
* to user IDs with email addresses matching the domain (or a subdomain).
|
||||||
|
*
|
||||||
|
* Not pure virtual for ABI compatibility.
|
||||||
|
**/
|
||||||
|
virtual void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) { Q_UNUSED(trust); Q_UNUSED(depth); Q_UNUSED(scope); };
|
||||||
|
|
||||||
Q_SIGNALS:
|
Q_SIGNALS:
|
||||||
void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error());
|
void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error());
|
||||||
};
|
};
|
||||||
|
@ -27,11 +27,11 @@ TESTS_ENVIRONMENT = GNUPGHOME=$(GNUPGHOME)
|
|||||||
EXTRA_DIST = initial.test
|
EXTRA_DIST = initial.test
|
||||||
|
|
||||||
TESTS = initial.test t-keylist t-keylocate t-ownertrust t-tofuinfo \
|
TESTS = initial.test t-keylist t-keylocate t-ownertrust t-tofuinfo \
|
||||||
t-encrypt t-verify t-various t-config t-remarks
|
t-encrypt t-verify t-various t-config t-remarks t-trustsignatures
|
||||||
|
|
||||||
moc_files = t-keylist.moc t-keylocate.moc t-ownertrust.moc t-tofuinfo.moc \
|
moc_files = t-keylist.moc t-keylocate.moc t-ownertrust.moc t-tofuinfo.moc \
|
||||||
t-encrypt.moc t-support.hmoc t-wkspublish.moc t-verify.moc \
|
t-encrypt.moc t-support.hmoc t-wkspublish.moc t-verify.moc \
|
||||||
t-various.moc t-config.moc t-remarks.moc
|
t-various.moc t-config.moc t-remarks.moc t-trustsignatures.moc
|
||||||
|
|
||||||
AM_LDFLAGS = -no-install
|
AM_LDFLAGS = -no-install
|
||||||
|
|
||||||
@ -57,6 +57,7 @@ t_verify_SOURCES = t-verify.cpp $(support_src)
|
|||||||
t_various_SOURCES = t-various.cpp $(support_src)
|
t_various_SOURCES = t-various.cpp $(support_src)
|
||||||
t_config_SOURCES = t-config.cpp $(support_src)
|
t_config_SOURCES = t-config.cpp $(support_src)
|
||||||
t_remarks_SOURCES = t-remarks.cpp $(support_src)
|
t_remarks_SOURCES = t-remarks.cpp $(support_src)
|
||||||
|
t_trustsignatures_SOURCES = t-trustsignatures.cpp $(support_src)
|
||||||
run_keyformailboxjob_SOURCES = run-keyformailboxjob.cpp
|
run_keyformailboxjob_SOURCES = run-keyformailboxjob.cpp
|
||||||
|
|
||||||
nodist_t_keylist_SOURCES = $(moc_files)
|
nodist_t_keylist_SOURCES = $(moc_files)
|
||||||
@ -64,7 +65,8 @@ nodist_t_keylist_SOURCES = $(moc_files)
|
|||||||
BUILT_SOURCES = $(moc_files) pubring-stamp
|
BUILT_SOURCES = $(moc_files) pubring-stamp
|
||||||
|
|
||||||
noinst_PROGRAMS = t-keylist t-keylocate t-ownertrust t-tofuinfo t-encrypt \
|
noinst_PROGRAMS = t-keylist t-keylocate t-ownertrust t-tofuinfo t-encrypt \
|
||||||
run-keyformailboxjob t-wkspublish t-verify t-various t-config t-remarks
|
run-keyformailboxjob t-wkspublish t-verify t-various t-config t-remarks \
|
||||||
|
t-trustsignatures
|
||||||
|
|
||||||
CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \
|
CLEANFILES = secring.gpg pubring.gpg pubring.kbx trustdb.gpg dirmngr.conf \
|
||||||
gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \
|
gpg-agent.conf pubring.kbx~ S.gpg-agent gpg.conf pubring.gpg~ \
|
||||||
|
565
lang/qt/tests/t-trustsignatures.cpp
Normal file
565
lang/qt/tests/t-trustsignatures.cpp
Normal file
@ -0,0 +1,565 @@
|
|||||||
|
/* t-remarks.cpp
|
||||||
|
|
||||||
|
This file is part of qgpgme, the Qt API binding for gpgme
|
||||||
|
Copyright (c) 2021 g10 Code GmbH
|
||||||
|
Software engineering by Ingo Klöcker <dev@ingo-kloecker.de>
|
||||||
|
|
||||||
|
QGpgME is free software; you can redistribute it and/or
|
||||||
|
modify it under the terms of the GNU General Public License as
|
||||||
|
published by the Free Software Foundation; either version 2 of the
|
||||||
|
License, or (at your option) any later version.
|
||||||
|
|
||||||
|
QGpgME is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
|
||||||
|
In addition, as a special exception, the copyright holders give
|
||||||
|
permission to link the code of this program with any edition of
|
||||||
|
the Qt library by Trolltech AS, Norway (or with modified versions
|
||||||
|
of Qt that use the same license as Qt), and distribute linked
|
||||||
|
combinations including the two. You must obey the GNU General
|
||||||
|
Public License in all respects for all of the code used other than
|
||||||
|
Qt. If you modify this file, you may extend this exception to
|
||||||
|
your version of the file, but you are not obligated to do so. If
|
||||||
|
you do not wish to do so, delete this exception statement from
|
||||||
|
your version.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifdef HAVE_CONFIG_H
|
||||||
|
#include "config.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "t-support.h"
|
||||||
|
|
||||||
|
#include "context.h"
|
||||||
|
#include "engineinfo.h"
|
||||||
|
#include "protocol.h"
|
||||||
|
#include "signkeyjob.h"
|
||||||
|
|
||||||
|
#include <QSignalSpy>
|
||||||
|
#include <QTemporaryDir>
|
||||||
|
#include <QTest>
|
||||||
|
|
||||||
|
using namespace QGpgME;
|
||||||
|
using namespace GpgME;
|
||||||
|
|
||||||
|
class TestTrustSignatures: public QGpgMETest
|
||||||
|
{
|
||||||
|
Q_OBJECT
|
||||||
|
|
||||||
|
Q_SIGNALS:
|
||||||
|
void asyncDone();
|
||||||
|
|
||||||
|
private Q_SLOTS:
|
||||||
|
void test_tsign_single_uid_key_and_then_tsign_it_again()
|
||||||
|
{
|
||||||
|
Error err;
|
||||||
|
|
||||||
|
if (!loopbackSupported()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
auto ctx = Context::create(OpenPGP);
|
||||||
|
QVERIFY(ctx);
|
||||||
|
|
||||||
|
// Get the signing key (alfa@example.net)
|
||||||
|
auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!seckey.isNull());
|
||||||
|
|
||||||
|
// Get the target key (victor@example.org)
|
||||||
|
auto target = ctx->key("E8143C489C8D41124DC40D0B47AF4B6961F04784", err, false);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!target.isNull());
|
||||||
|
QVERIFY(target.numUserIDs() > 0);
|
||||||
|
|
||||||
|
// Create first trust signature
|
||||||
|
{
|
||||||
|
// Create the job
|
||||||
|
auto job = std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
|
||||||
|
QVERIFY(job);
|
||||||
|
|
||||||
|
// Hack in the passphrase provider
|
||||||
|
auto jobCtx = Job::context(job.get());
|
||||||
|
TestPassphraseProvider provider;
|
||||||
|
jobCtx->setPassphraseProvider(&provider);
|
||||||
|
jobCtx->setPinentryMode(Context::PinentryLoopback);
|
||||||
|
|
||||||
|
// Setup the job
|
||||||
|
job->setExportable(true);
|
||||||
|
job->setSigningKey(seckey);
|
||||||
|
job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org"));
|
||||||
|
|
||||||
|
connect(job.get(), &SignKeyJob::result,
|
||||||
|
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
|
||||||
|
Q_EMIT asyncDone();
|
||||||
|
if (err2) {
|
||||||
|
if (err2.code() == GPG_ERR_GENERAL) {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
|
||||||
|
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
|
||||||
|
} else {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
job->start(target);
|
||||||
|
QSignalSpy spy (this, SIGNAL(asyncDone()));
|
||||||
|
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
|
||||||
|
|
||||||
|
// At this point the trust signature should have been added.
|
||||||
|
target.update();
|
||||||
|
const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
|
||||||
|
QVERIFY(trustSignature.isTrustSignature());
|
||||||
|
QCOMPARE(trustSignature.trustDepth(), 1u);
|
||||||
|
QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete);
|
||||||
|
QVERIFY(trustSignature.trustScope());
|
||||||
|
const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
|
||||||
|
QVERIFY(!trustScope.isEmpty());
|
||||||
|
const QRegExp regex{trustScope};
|
||||||
|
QVERIFY(regex.isValid());
|
||||||
|
QVERIFY(regex.indexIn(QStringLiteral("Foo <foo@example.org>")) != -1);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create second trust signature
|
||||||
|
{
|
||||||
|
// Create the job
|
||||||
|
auto job = std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
|
||||||
|
QVERIFY(job);
|
||||||
|
|
||||||
|
// Hack in the passphrase provider
|
||||||
|
auto jobCtx = Job::context(job.get());
|
||||||
|
TestPassphraseProvider provider;
|
||||||
|
jobCtx->setPassphraseProvider(&provider);
|
||||||
|
jobCtx->setPinentryMode(Context::PinentryLoopback);
|
||||||
|
|
||||||
|
// Setup the job
|
||||||
|
job->setExportable(true);
|
||||||
|
job->setSigningKey(seckey);
|
||||||
|
job->setDupeOk(true);
|
||||||
|
job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net"));
|
||||||
|
|
||||||
|
connect(job.get(), &SignKeyJob::result,
|
||||||
|
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
|
||||||
|
Q_EMIT asyncDone();
|
||||||
|
if (err2) {
|
||||||
|
if (err2.code() == GPG_ERR_GENERAL) {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
|
||||||
|
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
|
||||||
|
} else {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
err = job->start(target);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QSignalSpy spy (this, SIGNAL(asyncDone()));
|
||||||
|
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
|
||||||
|
|
||||||
|
// At this point the trust signature should have been added.
|
||||||
|
target.update();
|
||||||
|
const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
|
||||||
|
QVERIFY(trustSignature.isTrustSignature());
|
||||||
|
QCOMPARE(trustSignature.trustDepth(), 2u);
|
||||||
|
QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial);
|
||||||
|
QVERIFY(trustSignature.trustScope());
|
||||||
|
const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
|
||||||
|
QVERIFY(!trustScope.isEmpty());
|
||||||
|
const QRegExp regex{trustScope};
|
||||||
|
QVERIFY(regex.isValid());
|
||||||
|
QVERIFY(regex.indexIn(QStringLiteral("Foo <foo@example.net>")) != -1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void test_tsign_multi_uid_key_and_then_tsign_it_again()
|
||||||
|
{
|
||||||
|
Error err;
|
||||||
|
|
||||||
|
if (!loopbackSupported()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
auto ctx = Context::create(OpenPGP);
|
||||||
|
QVERIFY(ctx);
|
||||||
|
|
||||||
|
// Get the signing key (alfa@example.net)
|
||||||
|
auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!seckey.isNull());
|
||||||
|
|
||||||
|
// Get the target key (Bob / Bravo Test)
|
||||||
|
auto target = ctx->key("D695676BDCEDCC2CDD6152BCFE180B1DA9E3B0B2", err, false);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!target.isNull());
|
||||||
|
QVERIFY(target.numUserIDs() > 0);
|
||||||
|
|
||||||
|
// Create first trust signature
|
||||||
|
{
|
||||||
|
// Create the job
|
||||||
|
auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
|
||||||
|
QVERIFY(job);
|
||||||
|
|
||||||
|
// Hack in the passphrase provider
|
||||||
|
auto jobCtx = Job::context(job);
|
||||||
|
TestPassphraseProvider provider;
|
||||||
|
jobCtx->setPassphraseProvider(&provider);
|
||||||
|
jobCtx->setPinentryMode(Context::PinentryLoopback);
|
||||||
|
|
||||||
|
// Setup the job
|
||||||
|
job->setExportable(true);
|
||||||
|
job->setSigningKey(seckey);
|
||||||
|
job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org"));
|
||||||
|
|
||||||
|
connect(job, &SignKeyJob::result,
|
||||||
|
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
|
||||||
|
Q_EMIT asyncDone();
|
||||||
|
if (err2) {
|
||||||
|
if (err2.code() == GPG_ERR_GENERAL) {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
|
||||||
|
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
|
||||||
|
} else {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
job->start(target);
|
||||||
|
QSignalSpy spy (this, SIGNAL(asyncDone()));
|
||||||
|
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
|
||||||
|
|
||||||
|
// At this point the trust signature should have been added.
|
||||||
|
target.update();
|
||||||
|
const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
|
||||||
|
QVERIFY(trustSignature.isTrustSignature());
|
||||||
|
QCOMPARE(trustSignature.trustDepth(), 1u);
|
||||||
|
QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete);
|
||||||
|
QVERIFY(trustSignature.trustScope());
|
||||||
|
const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
|
||||||
|
QVERIFY(!trustScope.isEmpty());
|
||||||
|
const QRegExp regex{trustScope};
|
||||||
|
QVERIFY(regex.isValid());
|
||||||
|
QVERIFY(regex.indexIn(QStringLiteral("Foo <foo@example.org>")) != -1);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create second trust signature
|
||||||
|
{
|
||||||
|
// Create the job
|
||||||
|
auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
|
||||||
|
QVERIFY(job);
|
||||||
|
|
||||||
|
// Hack in the passphrase provider
|
||||||
|
auto jobCtx = Job::context(job);
|
||||||
|
TestPassphraseProvider provider;
|
||||||
|
jobCtx->setPassphraseProvider(&provider);
|
||||||
|
jobCtx->setPinentryMode(Context::PinentryLoopback);
|
||||||
|
|
||||||
|
// Setup the job
|
||||||
|
job->setExportable(true);
|
||||||
|
job->setSigningKey(seckey);
|
||||||
|
job->setDupeOk(true);
|
||||||
|
job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net"));
|
||||||
|
|
||||||
|
connect(job, &SignKeyJob::result,
|
||||||
|
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
|
||||||
|
Q_EMIT asyncDone();
|
||||||
|
if (err2) {
|
||||||
|
if (err2.code() == GPG_ERR_GENERAL) {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
|
||||||
|
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
|
||||||
|
} else {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
err = job->start(target);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QSignalSpy spy (this, SIGNAL(asyncDone()));
|
||||||
|
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
|
||||||
|
|
||||||
|
// At this point the trust signature should have been added.
|
||||||
|
target.update();
|
||||||
|
const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
|
||||||
|
QVERIFY(trustSignature.isTrustSignature());
|
||||||
|
QCOMPARE(trustSignature.trustDepth(), 2u);
|
||||||
|
QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial);
|
||||||
|
QVERIFY(trustSignature.trustScope());
|
||||||
|
const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
|
||||||
|
QVERIFY(!trustScope.isEmpty());
|
||||||
|
const QRegExp regex{trustScope};
|
||||||
|
QVERIFY(regex.isValid());
|
||||||
|
QVERIFY(regex.indexIn(QStringLiteral("Foo <foo@example.net>")) != -1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void test_tsign_first_uid_and_then_tsign_both_uids()
|
||||||
|
{
|
||||||
|
Error err;
|
||||||
|
|
||||||
|
if (!loopbackSupported()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
auto ctx = Context::create(OpenPGP);
|
||||||
|
QVERIFY(ctx);
|
||||||
|
|
||||||
|
// Get the signing key (alfa@example.net)
|
||||||
|
auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!seckey.isNull());
|
||||||
|
|
||||||
|
// Get the target key (Mallory / Mike Test)
|
||||||
|
auto target = ctx->key("2686AA191A278013992C72EBBE794852BE5CF886", err, false);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!target.isNull());
|
||||||
|
QVERIFY(target.numUserIDs() > 0);
|
||||||
|
|
||||||
|
// Create first trust signature
|
||||||
|
{
|
||||||
|
// Create the job
|
||||||
|
auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
|
||||||
|
QVERIFY(job);
|
||||||
|
|
||||||
|
// Hack in the passphrase provider
|
||||||
|
auto jobCtx = Job::context(job);
|
||||||
|
TestPassphraseProvider provider;
|
||||||
|
jobCtx->setPassphraseProvider(&provider);
|
||||||
|
jobCtx->setPinentryMode(Context::PinentryLoopback);
|
||||||
|
|
||||||
|
// Setup the job
|
||||||
|
job->setExportable(true);
|
||||||
|
job->setSigningKey(seckey);
|
||||||
|
job->setUserIDsToSign({0});
|
||||||
|
job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org"));
|
||||||
|
|
||||||
|
connect(job, &SignKeyJob::result,
|
||||||
|
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
|
||||||
|
Q_EMIT asyncDone();
|
||||||
|
if (err2) {
|
||||||
|
if (err2.code() == GPG_ERR_GENERAL) {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
|
||||||
|
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
|
||||||
|
} else {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
job->start(target);
|
||||||
|
QSignalSpy spy (this, SIGNAL(asyncDone()));
|
||||||
|
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
|
||||||
|
|
||||||
|
// At this point the trust signature should have been added.
|
||||||
|
target.update();
|
||||||
|
const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
|
||||||
|
QVERIFY(trustSignature.isTrustSignature());
|
||||||
|
QCOMPARE(trustSignature.trustDepth(), 1u);
|
||||||
|
QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete);
|
||||||
|
QVERIFY(trustSignature.trustScope());
|
||||||
|
const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
|
||||||
|
QVERIFY(!trustScope.isEmpty());
|
||||||
|
const QRegExp regex{trustScope};
|
||||||
|
QVERIFY(regex.isValid());
|
||||||
|
QVERIFY(regex.indexIn(QStringLiteral("Foo <foo@example.org>")) != -1);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create second trust signature
|
||||||
|
{
|
||||||
|
// Create the job
|
||||||
|
auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
|
||||||
|
QVERIFY(job);
|
||||||
|
|
||||||
|
// Hack in the passphrase provider
|
||||||
|
auto jobCtx = Job::context(job);
|
||||||
|
TestPassphraseProvider provider;
|
||||||
|
jobCtx->setPassphraseProvider(&provider);
|
||||||
|
jobCtx->setPinentryMode(Context::PinentryLoopback);
|
||||||
|
|
||||||
|
// Setup the job
|
||||||
|
job->setExportable(true);
|
||||||
|
job->setSigningKey(seckey);
|
||||||
|
job->setDupeOk(true);
|
||||||
|
job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net"));
|
||||||
|
|
||||||
|
connect(job, &SignKeyJob::result,
|
||||||
|
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
|
||||||
|
Q_EMIT asyncDone();
|
||||||
|
if (err2) {
|
||||||
|
if (err2.code() == GPG_ERR_GENERAL) {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
|
||||||
|
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
|
||||||
|
} else {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
err = job->start(target);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QSignalSpy spy (this, SIGNAL(asyncDone()));
|
||||||
|
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
|
||||||
|
|
||||||
|
// At this point the trust signature should have been added.
|
||||||
|
target.update();
|
||||||
|
const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
|
||||||
|
QVERIFY(trustSignature.isTrustSignature());
|
||||||
|
QCOMPARE(trustSignature.trustDepth(), 2u);
|
||||||
|
QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial);
|
||||||
|
QVERIFY(trustSignature.trustScope());
|
||||||
|
const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
|
||||||
|
QVERIFY(!trustScope.isEmpty());
|
||||||
|
const QRegExp regex{trustScope};
|
||||||
|
QVERIFY(regex.isValid());
|
||||||
|
QVERIFY(regex.indexIn(QStringLiteral("Foo <foo@example.net>")) != -1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void test_tsign_all_uids_and_then_tsign_first_uid()
|
||||||
|
{
|
||||||
|
Error err;
|
||||||
|
|
||||||
|
if (!loopbackSupported()) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
auto ctx = Context::create(OpenPGP);
|
||||||
|
QVERIFY(ctx);
|
||||||
|
|
||||||
|
// Get the signing key (alfa@example.net)
|
||||||
|
auto seckey = ctx->key("A0FF4590BB6122EDEF6E3C542D727CC768697734", err, true);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!seckey.isNull());
|
||||||
|
|
||||||
|
// Get the target key (Echelon / Echo Test / Eve)
|
||||||
|
auto target = ctx->key("3531152DE293E26A07F504BC318C1FAEFAEF6D1B", err, false);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QVERIFY(!target.isNull());
|
||||||
|
QVERIFY(target.numUserIDs() > 0);
|
||||||
|
|
||||||
|
// Create first trust signature
|
||||||
|
{
|
||||||
|
// Create the job
|
||||||
|
auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
|
||||||
|
QVERIFY(job);
|
||||||
|
|
||||||
|
// Hack in the passphrase provider
|
||||||
|
auto jobCtx = Job::context(job);
|
||||||
|
TestPassphraseProvider provider;
|
||||||
|
jobCtx->setPassphraseProvider(&provider);
|
||||||
|
jobCtx->setPinentryMode(Context::PinentryLoopback);
|
||||||
|
|
||||||
|
// Setup the job
|
||||||
|
job->setExportable(true);
|
||||||
|
job->setSigningKey(seckey);
|
||||||
|
job->setTrustSignature(TrustSignatureTrust::Complete, 1, QStringLiteral("example.org"));
|
||||||
|
|
||||||
|
connect(job, &SignKeyJob::result,
|
||||||
|
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
|
||||||
|
Q_EMIT asyncDone();
|
||||||
|
if (err2) {
|
||||||
|
if (err2.code() == GPG_ERR_GENERAL) {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
|
||||||
|
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
|
||||||
|
} else {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
job->start(target);
|
||||||
|
QSignalSpy spy (this, SIGNAL(asyncDone()));
|
||||||
|
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
|
||||||
|
|
||||||
|
// At this point the trust signature should have been added.
|
||||||
|
target.update();
|
||||||
|
const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
|
||||||
|
QVERIFY(trustSignature.isTrustSignature());
|
||||||
|
QCOMPARE(trustSignature.trustDepth(), 1u);
|
||||||
|
QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Complete);
|
||||||
|
QVERIFY(trustSignature.trustScope());
|
||||||
|
const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
|
||||||
|
QVERIFY(!trustScope.isEmpty());
|
||||||
|
const QRegExp regex{trustScope};
|
||||||
|
QVERIFY(regex.isValid());
|
||||||
|
QVERIFY(regex.indexIn(QStringLiteral("Foo <foo@example.org>")) != -1);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create second trust signature
|
||||||
|
{
|
||||||
|
// Create the job
|
||||||
|
auto job = openpgp()->signKeyJob();//std::unique_ptr<SignKeyJob>{openpgp()->signKeyJob()};
|
||||||
|
QVERIFY(job);
|
||||||
|
|
||||||
|
// Hack in the passphrase provider
|
||||||
|
auto jobCtx = Job::context(job);
|
||||||
|
TestPassphraseProvider provider;
|
||||||
|
jobCtx->setPassphraseProvider(&provider);
|
||||||
|
jobCtx->setPinentryMode(Context::PinentryLoopback);
|
||||||
|
|
||||||
|
// Setup the job
|
||||||
|
job->setExportable(true);
|
||||||
|
job->setSigningKey(seckey);
|
||||||
|
job->setUserIDsToSign({0});
|
||||||
|
job->setDupeOk(true);
|
||||||
|
job->setTrustSignature(TrustSignatureTrust::Partial, 2, QStringLiteral("example.net"));
|
||||||
|
|
||||||
|
connect(job, &SignKeyJob::result,
|
||||||
|
this, [this] (const GpgME::Error &err2, const QString &, const GpgME::Error &) {
|
||||||
|
Q_EMIT asyncDone();
|
||||||
|
if (err2) {
|
||||||
|
if (err2.code() == GPG_ERR_GENERAL) {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.\n"
|
||||||
|
"Hint: Run with GPGMEPP_INTERACTOR_DEBUG=stderr to debug the edit interaction.").arg(err2.asString())));
|
||||||
|
} else {
|
||||||
|
QFAIL(qPrintable(QString("The SignKeyJob failed with '%1'.").arg(err2.asString())));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
err = job->start(target);
|
||||||
|
QVERIFY(!err);
|
||||||
|
QSignalSpy spy (this, SIGNAL(asyncDone()));
|
||||||
|
QVERIFY(spy.wait(QSIGNALSPY_TIMEOUT));
|
||||||
|
|
||||||
|
// At this point the trust signature should have been added.
|
||||||
|
target.update();
|
||||||
|
const auto trustSignature = target.userID(0).signature(target.userID(0).numSignatures() - 1);
|
||||||
|
QVERIFY(trustSignature.isTrustSignature());
|
||||||
|
QCOMPARE(trustSignature.trustDepth(), 2u);
|
||||||
|
QCOMPARE(trustSignature.trustValue(), TrustSignatureTrust::Partial);
|
||||||
|
QVERIFY(trustSignature.trustScope());
|
||||||
|
const auto trustScope = QString::fromUtf8(trustSignature.trustScope());
|
||||||
|
QVERIFY(!trustScope.isEmpty());
|
||||||
|
const QRegExp regex{trustScope};
|
||||||
|
QVERIFY(regex.isValid());
|
||||||
|
QVERIFY(regex.indexIn(QStringLiteral("Foo <foo@example.net>")) != -1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void initTestCase()
|
||||||
|
{
|
||||||
|
QGpgMETest::initTestCase();
|
||||||
|
const QString gpgHome = qgetenv("GNUPGHOME");
|
||||||
|
QVERIFY(copyKeyrings(gpgHome, mDir.path()));
|
||||||
|
qputenv("GNUPGHOME", mDir.path().toUtf8());
|
||||||
|
QFile conf(mDir.path() + QStringLiteral("/gpg.conf"));
|
||||||
|
QVERIFY(conf.open(QIODevice::WriteOnly));
|
||||||
|
if (GpgME::engineInfo(GpgME::GpgEngine).engineVersion() >= "2.2.18") {
|
||||||
|
conf.write("allow-weak-key-signatures");
|
||||||
|
}
|
||||||
|
conf.close();
|
||||||
|
}
|
||||||
|
|
||||||
|
private:
|
||||||
|
QTemporaryDir mDir;
|
||||||
|
};
|
||||||
|
|
||||||
|
QTEST_MAIN(TestTrustSignatures)
|
||||||
|
|
||||||
|
#include "t-trustsignatures.moc"
|
Loading…
Reference in New Issue
Block a user