qt: Extend SignKeyJob to create trust signatures

* lang/qt/src/signkeyjob.h (SignKeyJob::setTrustSignature): New.
* lang/qt/src/qgpgmesignkeyjob.h, lang/qt/src/qgpgmesignkeyjob.cpp
(QGpgMESignKeyJob::setTrustSignature): New.
* lang/qt/src/qgpgmesignkeyjob.cpp (sign_key): Handle trust signatures.
(QGpgMESignKeyJob::start): Pass trust signature attributes to sign_key.
(QGpgMESignKeyJob::setTrustSignature): New.
--

This allows Kleopatra to create trust signatures for trusted
introducers.

GnuPG-bug-id: 5245, 5421

3 files changed, 59 insertions, 2 deletions

diff --git a/lang/qt/src/qgpgmesignkeyjob.cpp b/lang/qt/src/qgpgmesignkeyjob.cpp
index 73dd9a88..75ebeb04 100644
--- a/lang/qt/src/qgpgmesignkeyjob.cpp
+++ b/lang/qt/src/qgpgmesignkeyjob.cpp
@@ -51,6 +51,15 @@
 using namespace QGpgME;
 using namespace GpgME;
 
+namespace
+{
+struct TrustSignatureProperties {
+    TrustSignatureTrust trust = TrustSignatureTrust::None;
+    unsigned int depth = 0;
+    QString scope;
+};
+}
+
 class QGpgMESignKeyJob::Private
 {
 public:
@@ -64,6 +73,7 @@ public:
     bool m_started = false;
     bool m_dupeOk = false;
     QString m_remark;
+    TrustSignatureProperties m_trustSignature;
 };
 
 QGpgMESignKeyJob::QGpgMESignKeyJob(Context *context)
@@ -77,7 +87,8 @@ QGpgMESignKeyJob::~QGpgMESignKeyJob() {}
 
 static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, const std::vector<unsigned int> &uids,
                                               unsigned int checkLevel, const Key &signer, unsigned int opts,
-                                              bool dupeOk, const QString &remark)
+                                              bool dupeOk, const QString &remark,
+                                              const TrustSignatureProperties &trustSignature)
 {
     QGpgME::QByteArrayDataProvider dp;
     Data data(&dp);
@@ -97,6 +108,12 @@ static QGpgMESignKeyJob::result_type sign_key(Context *ctx, const Key &key, cons
         ctx->addSignatureNotation("[email protected]", remark.toUtf8().constData());
     }
 
+    if (opts & GpgSignKeyEditInteractor::Trust) {
+        skei->setTrustSignatureTrust(trustSignature.trust);
+        skei->setTrustSignatureDepth(trustSignature.depth);
+        skei->setTrustSignatureScope(trustSignature.scope.toUtf8().toStdString());
+    }
+
     if (!signer.isNull())
         if (const Error err = ctx->addSigningKey(signer)) {
             return std::make_tuple(err, QString(), Error());
@@ -116,8 +133,17 @@ Error QGpgMESignKeyJob::start(const Key &key)
     if (d->m_exportable) {
         opts |= GpgSignKeyEditInteractor::Exportable;
     }
+    switch (d->m_trustSignature.trust) {
+    case TrustSignatureTrust::Partial:
+    case TrustSignatureTrust::Complete:
+        opts |= GpgSignKeyEditInteractor::Trust;
+        break;
+    default:
+        opts &= ~GpgSignKeyEditInteractor::Trust;
+        break;
+    }
     run(std::bind(&sign_key, std::placeholders::_1, key, d->m_userIDsToSign, d->m_checkLevel, d->m_signingKey,
-                  opts, d->m_dupeOk, d->m_remark));
+                  opts, d->m_dupeOk, d->m_remark, d->m_trustSignature));
     d->m_started = true;
     return Error();
 }
@@ -163,4 +189,12 @@ void QGpgMESignKeyJob::setDupeOk(bool value)
     assert(!d->m_started);
     d->m_dupeOk = value;
 }
+
+void QGpgMESignKeyJob::setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope)
+{
+    assert(!d->m_started);
+    assert(depth <= 255);
+    d->m_trustSignature = {trust, depth, scope};
+}
+
 #include "qgpgmesignkeyjob.moc"
diff --git a/lang/qt/src/qgpgmesignkeyjob.h b/lang/qt/src/qgpgmesignkeyjob.h
index e8a65fe7..5332d543 100644
--- a/lang/qt/src/qgpgmesignkeyjob.h
+++ b/lang/qt/src/qgpgmesignkeyjob.h
@@ -84,6 +84,9 @@ public:
     /* from SignKeyJob */
     void setDupeOk(bool value) Q_DECL_OVERRIDE;
 
+    /* from SignKeyJob */
+    void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) Q_DECL_OVERRIDE;
+
 private:
     class Private;
     std::unique_ptr<Private> d;
diff --git a/lang/qt/src/signkeyjob.h b/lang/qt/src/signkeyjob.h
index e3ae75f7..461b9b3a 100644
--- a/lang/qt/src/signkeyjob.h
+++ b/lang/qt/src/signkeyjob.h
@@ -43,6 +43,7 @@ namespace GpgME
 {
 class Error;
 class Key;
+enum class TrustSignatureTrust : char;
 }
 
 class QString;
@@ -127,6 +128,25 @@ public:
      **/
     virtual void setRemark(const QString &) {};
 
+    /**
+     * If set, then the created signature will be a trust signature. By default,
+     * no trust signatures are created.
+     *
+     * @a trust is the amount of trust to put into the signed key, either
+     *          @c TrustSignatureTrust::Partial or @c TrustSignatureTrust::Complete.
+     * @a depth is the level of the trust signature. Values between 0 and 255 are
+     *          allowed. Level 0 has the same meaning as an ordinary validity signature.
+     *          Level 1 means that the signed key is asserted to be a valid trusted
+     *          introducer. Level n >= 2 means that the signed key is asserted to be
+     *          trusted to issue level n-1 trust signatures, i.e., that it is a "meta
+     *          introducer".
+     * @a scope is a domain name that limits the scope of trust of the signed key
+     *          to user IDs with email addresses matching the domain (or a subdomain).
+     *
+     * Not pure virtual for ABI compatibility.
+     **/
+    virtual void setTrustSignature(GpgME::TrustSignatureTrust trust, unsigned short depth, const QString &scope) { Q_UNUSED(trust); Q_UNUSED(depth); Q_UNUSED(scope); };
+
 Q_SIGNALS:
     void result(const GpgME::Error &result, const QString &auditLogAsHtml = QString(), const GpgME::Error &auditLogError = GpgME::Error());
 };