" << windowTitle().toHtmlEscaped() << "

diff --git a/src/kleo/checksumdefinition.cpp b/src/kleo/checksumdefinition.cpp index e00cbef45..50660d3a0 100644 --- a/src/kleo/checksumdefinition.cpp +++ b/src/kleo/checksumdefinition.cpp @@ -1,431 +1,433 @@ /* -*- mode: c++; c-basic-offset:4 -*- checksumdefinition.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2010 Klarälvdalens Datakonsult AB SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "checksumdefinition.h" #include "kleoexception.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef stdin #undef stdin // pah.. #endif using namespace Kleo; static QMutex installPathMutex; Q_GLOBAL_STATIC(QString, _installPath) QString ChecksumDefinition::installPath() { const QMutexLocker locker(&installPathMutex); QString *const ip = _installPath(); if (ip->isEmpty()) { if (QCoreApplication::instance()) { *ip = QCoreApplication::applicationDirPath(); } else { qCWarning(LIBKLEO_LOG) << "checksumdefinition.cpp: installPath() called before QCoreApplication was constructed"; } } return *ip; } void ChecksumDefinition::setInstallPath(const QString &ip) { const QMutexLocker locker(&installPathMutex); *_installPath() = ip; } // Checksum Definition #N groups static const QLatin1String ID_ENTRY("id"); static const QLatin1String NAME_ENTRY("Name"); static const QLatin1String CREATE_COMMAND_ENTRY("create-command"); static const QLatin1String VERIFY_COMMAND_ENTRY("verify-command"); static const QLatin1String FILE_PATTERNS_ENTRY("file-patterns"); static const QLatin1String OUTPUT_FILE_ENTRY("output-file"); static const QLatin1String FILE_PLACEHOLDER("%f"); static const QLatin1String INSTALLPATH_PLACEHOLDER("%I"); static const QLatin1String NULL_SEPARATED_STDIN_INDICATOR("0|"); static const QLatin1Char NEWLINE_SEPARATED_STDIN_INDICATOR('|'); // ChecksumOperations group static const QLatin1String CHECKSUM_DEFINITION_ID_ENTRY("checksum-definition-id"); namespace { class ChecksumDefinitionError : public Kleo::Exception { const QString m_id; public: ChecksumDefinitionError(const QString &id, const QString &message) : Kleo::Exception(GPG_ERR_INV_PARAMETER, i18n("Error in checksum definition %1: %2", id, message), MessageOnly) , m_id(id) { } ~ChecksumDefinitionError() throw() override { } const QString &checksumDefinitionId() const { return m_id; } }; } static QString try_extensions(const QString &path) { static const char exts[][4] = { "", "exe", "bat", "bin", "cmd", }; static const size_t numExts = sizeof exts / sizeof *exts; for (unsigned int i = 0; i < numExts; ++i) { const QFileInfo fi(path + QLatin1Char('.') + QLatin1String(exts[i])); if (fi.exists()) { return fi.filePath(); } } return QString(); } static void parse_command(QString cmdline, const QString &id, const QString &whichCommand, QString *command, QStringList *prefix, QStringList *suffix, ChecksumDefinition::ArgumentPassingMethod *method) { Q_ASSERT(prefix); Q_ASSERT(suffix); Q_ASSERT(method); KShell::Errors errors; QStringList l; if (cmdline.startsWith(NULL_SEPARATED_STDIN_INDICATOR)) { *method = ChecksumDefinition::NullSeparatedInputFile; cmdline.remove(0, 2); } else if (cmdline.startsWith(NEWLINE_SEPARATED_STDIN_INDICATOR)) { *method = ChecksumDefinition::NewlineSeparatedInputFile; cmdline.remove(0, 1); } else { *method = ChecksumDefinition::CommandLine; } if (*method != ChecksumDefinition::CommandLine && cmdline.contains(FILE_PLACEHOLDER)) { throw ChecksumDefinitionError(id, i18n("Cannot use both %f and | in '%1'", whichCommand)); } cmdline .replace(FILE_PLACEHOLDER, QLatin1String("__files_go_here__")) // .replace(INSTALLPATH_PLACEHOLDER, QStringLiteral("__path_goes_here__")); l = KShell::splitArgs(cmdline, KShell::AbortOnMeta | KShell::TildeExpand, &errors); l = l.replaceInStrings(QStringLiteral("__files_go_here__"), FILE_PLACEHOLDER); static const QRegularExpression regExpression(QLatin1String(".*__path_goes_here__.*")); if (l.indexOf(regExpression) >= 0) { l = l.replaceInStrings(QStringLiteral("__path_goes_here__"), ChecksumDefinition::installPath()); } if (errors == KShell::BadQuoting) { throw ChecksumDefinitionError(id, i18n("Quoting error in '%1' entry", whichCommand)); } if (errors == KShell::FoundMeta) { throw ChecksumDefinitionError(id, i18n("'%1' too complex (would need shell)", whichCommand)); } qCDebug(LIBKLEO_LOG) << "ChecksumDefinition[" << id << ']' << l; if (l.empty()) { throw ChecksumDefinitionError(id, i18n("'%1' entry is empty/missing", whichCommand)); } const QFileInfo fi1(l.front()); if (fi1.isAbsolute()) { *command = try_extensions(l.front()); } else { *command = QStandardPaths::findExecutable(fi1.fileName()); } if (command->isEmpty()) { throw ChecksumDefinitionError(id, i18n("'%1' empty or not found", whichCommand)); } const int idx1 = l.indexOf(FILE_PLACEHOLDER); if (idx1 < 0) { // none -> append *prefix = l.mid(1); } else { *prefix = l.mid(1, idx1 - 1); *suffix = l.mid(idx1 + 1); } switch (*method) { case ChecksumDefinition::CommandLine: qCDebug(LIBKLEO_LOG) << "ChecksumDefinition[" << id << ']' << *command << *prefix << FILE_PLACEHOLDER << *suffix; break; case ChecksumDefinition::NewlineSeparatedInputFile: qCDebug(LIBKLEO_LOG) << "ChecksumDefinition[" << id << ']' << "find | " << *command << *prefix; break; case ChecksumDefinition::NullSeparatedInputFile: qCDebug(LIBKLEO_LOG) << "ChecksumDefinition[" << id << ']' << "find -print0 | " << *command << *prefix; break; case ChecksumDefinition::NumArgumentPassingMethods: Q_ASSERT(!"Should not happen"); break; } } namespace { class KConfigBasedChecksumDefinition : public ChecksumDefinition { public: explicit KConfigBasedChecksumDefinition(const KConfigGroup &group) : ChecksumDefinition(group.readEntryUntranslated(ID_ENTRY), group.readEntry(NAME_ENTRY), group.readEntry(OUTPUT_FILE_ENTRY), group.readEntry(FILE_PATTERNS_ENTRY, QStringList())) { if (id().isEmpty()) { throw ChecksumDefinitionError(group.name(), i18n("'id' entry is empty/missing")); } if (outputFileName().isEmpty()) { throw ChecksumDefinitionError(id(), i18n("'output-file' entry is empty/missing")); } if (patterns().empty()) { throw ChecksumDefinitionError(id(), i18n("'file-patterns' entry is empty/missing")); } // create-command ArgumentPassingMethod method; parse_command(group.readEntry(CREATE_COMMAND_ENTRY), id(), CREATE_COMMAND_ENTRY, &m_createCommand, &m_createPrefixArguments, &m_createPostfixArguments, &method); setCreateCommandArgumentPassingMethod(method); // verify-command parse_command(group.readEntry(VERIFY_COMMAND_ENTRY), id(), VERIFY_COMMAND_ENTRY, &m_verifyCommand, &m_verifyPrefixArguments, &m_verifyPostfixArguments, &method); setVerifyCommandArgumentPassingMethod(method); } private: QString doGetCreateCommand() const override { return m_createCommand; } QStringList doGetCreateArguments(const QStringList &files) const override { return m_createPrefixArguments + files + m_createPostfixArguments; } QString doGetVerifyCommand() const override { return m_verifyCommand; } QStringList doGetVerifyArguments(const QStringList &files) const override { return m_verifyPrefixArguments + files + m_verifyPostfixArguments; } private: QString m_createCommand, m_verifyCommand; QStringList m_createPrefixArguments, m_createPostfixArguments; QStringList m_verifyPrefixArguments, m_verifyPostfixArguments; }; } ChecksumDefinition::ChecksumDefinition(const QString &id, const QString &label, const QString &outputFileName, const QStringList &patterns) : m_id(id) , m_label(label.isEmpty() ? id : label) , m_outputFileName(outputFileName) , m_patterns(patterns) , m_createMethod(CommandLine) , m_verifyMethod(CommandLine) { } ChecksumDefinition::~ChecksumDefinition() { } QString ChecksumDefinition::createCommand() const { return doGetCreateCommand(); } QString ChecksumDefinition::verifyCommand() const { return doGetVerifyCommand(); } #if 0 QStringList ChecksumDefinition::createCommandArguments(const QStringList &files) const { return doGetCreateArguments(files); } QStringList ChecksumDefinition::verifyCommandArguments(const QStringList &files) const { return doGetVerifyArguments(files); } #endif static QByteArray make_input(const QStringList &files, char sep) { QByteArray result; for (const QString &file : files) { result += QFile::encodeName(file); result += sep; } return result; } static bool start_command(QProcess *p, const char *functionName, const QString &cmd, const QStringList &args, const QStringList &files, ChecksumDefinition::ArgumentPassingMethod method) { if (!p) { qCWarning(LIBKLEO_LOG) << functionName << ": process == NULL"; return false; } switch (method) { case ChecksumDefinition::NumArgumentPassingMethods: Q_ASSERT(!"Should not happen"); case ChecksumDefinition::CommandLine: qCDebug(LIBKLEO_LOG) << "Starting: " << cmd << " " << args.join(QLatin1Char(' ')); p->start(cmd, args, QIODevice::ReadOnly); return true; case ChecksumDefinition::NewlineSeparatedInputFile: case ChecksumDefinition::NullSeparatedInputFile: qCDebug(LIBKLEO_LOG) << "Starting: " << cmd << " " << args.join(QLatin1Char(' ')); p->start(cmd, args, QIODevice::ReadWrite); if (!p->waitForStarted()) { return false; } const char sep = method == ChecksumDefinition::NewlineSeparatedInputFile ? '\n' : '\0'; const QByteArray stdin = make_input(files, sep); if (p->write(stdin) != stdin.size()) { return false; } p->closeWriteChannel(); return true; } return false; // make compiler happy } bool ChecksumDefinition::startCreateCommand(QProcess *p, const QStringList &files) const { return start_command(p, Q_FUNC_INFO, doGetCreateCommand(), m_createMethod == CommandLine ? doGetCreateArguments(files) : doGetCreateArguments(QStringList()), files, m_createMethod); } bool ChecksumDefinition::startVerifyCommand(QProcess *p, const QStringList &files) const { return start_command(p, Q_FUNC_INFO, doGetVerifyCommand(), m_verifyMethod == CommandLine ? doGetVerifyArguments(files) : doGetVerifyArguments(QStringList()), files, m_verifyMethod); } // static std::vector> ChecksumDefinition::getChecksumDefinitions() { QStringList errors; return getChecksumDefinitions(errors); } // static std::vector> ChecksumDefinition::getChecksumDefinitions(QStringList &errors) { std::vector> result; KSharedConfigPtr config = KSharedConfig::openConfig(QStringLiteral("libkleopatrarc")); const QStringList groups = config->groupList().filter(QRegularExpression(QStringLiteral("^Checksum Definition #"))); result.reserve(groups.size()); for (const QString &group : groups) { try { const std::shared_ptr ad(new KConfigBasedChecksumDefinition(KConfigGroup(config, group))); result.push_back(ad); } catch (const std::exception &e) { qDebug() << e.what(); errors.push_back(QString::fromLocal8Bit(e.what())); } catch (...) { errors.push_back(i18n("Caught unknown exception in group %1", group)); } } return result; } // static std::shared_ptr ChecksumDefinition::getDefaultChecksumDefinition(const std::vector> &checksumDefinitions) { const KConfigGroup group(KSharedConfig::openConfig(), "ChecksumOperations"); const QString checksumDefinitionId = group.readEntry(CHECKSUM_DEFINITION_ID_ENTRY, QStringLiteral("sha256sum")); if (!checksumDefinitionId.isEmpty()) { for (const std::shared_ptr &cd : checksumDefinitions) { if (cd && cd->id() == checksumDefinitionId) { return cd; } } } if (!checksumDefinitions.empty()) { return checksumDefinitions.front(); } else { return std::shared_ptr(); } } // static void ChecksumDefinition::setDefaultChecksumDefinition(const std::shared_ptr &checksumDefinition) { if (!checksumDefinition) { return; } KConfigGroup group(KSharedConfig::openConfig(), "ChecksumOperations"); group.writeEntry(CHECKSUM_DEFINITION_ID_ENTRY, checksumDefinition->id()); group.sync(); } diff --git a/src/kleo/debug.cpp b/src/kleo/debug.cpp index 049b22359..adc6b2fcd 100644 --- a/src/kleo/debug.cpp +++ b/src/kleo/debug.cpp @@ -1,48 +1,50 @@ /* kleo/debug.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2021, 2022 g10 Code GmbH SPDX-FileContributor: Ingo Klöcker SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "debug.h" #include "keygroup.h" #include "utils/formatting.h" #include using namespace Kleo; QDebug operator<<(QDebug debug, const GpgME::Key &key) { const bool oldSetting = debug.autoInsertSpaces(); debug.nospace() << "GpgME::Key("; if (key.isNull()) { debug << "null"; } else if (key.primaryFingerprint()) { debug << Formatting::summaryLine(key) << ", fpr: " << key.primaryFingerprint(); } else { debug << Formatting::summaryLine(key) << ", id: " << key.keyID(); } debug << ')'; debug.setAutoInsertSpaces(oldSetting); return debug.maybeSpace(); } QDebug operator<<(QDebug debug, const Kleo::KeyGroup &group) { const bool oldSetting = debug.autoInsertSpaces(); if (group.isNull()) { debug << "Null"; } else { debug.nospace() << group.name() << " (id: " << group.id() << ", source: " << group.source() << ", keys: " << group.keys().size() << ", isImmutable: " << group.isImmutable() << ")"; } debug.setAutoInsertSpaces(oldSetting); return debug.maybeSpace(); } diff --git a/src/kleo/defaultkeyfilter.cpp b/src/kleo/defaultkeyfilter.cpp index 530f9425c..6cdf6f25a 100644 --- a/src/kleo/defaultkeyfilter.cpp +++ b/src/kleo/defaultkeyfilter.cpp @@ -1,529 +1,531 @@ /* defaultkeyfilter.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2004 Klarälvdalens Datakonsult AB SPDX-FileCopyrightText: 2016 Bundesamt für Sicherheit in der Informationstechnik SPDX-FileContributor: Intevation GmbH SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "defaultkeyfilter.h" #include "utils/formatting.h" #include #include using namespace GpgME; using namespace Kleo; static bool is_card_key(const Key &key) { const std::vector sks = key.subkeys(); return std::find_if(sks.begin(), sks.end(), std::mem_fn(&Subkey::isCardKey)) != sks.end(); } class DefaultKeyFilter::Private { public: Private() : mMatchContexts(AnyMatchContext) , mRevoked(DoesNotMatter) , mExpired(DoesNotMatter) , mInvalid(DoesNotMatter) , mDisabled(DoesNotMatter) , mRoot(DoesNotMatter) , mCanEncrypt(DoesNotMatter) , mCanSign(DoesNotMatter) , mCanCertify(DoesNotMatter) , mCanAuthenticate(DoesNotMatter) , mQualified(DoesNotMatter) , mCardKey(DoesNotMatter) , mHasSecret(DoesNotMatter) , mIsOpenPGP(DoesNotMatter) , mWasValidated(DoesNotMatter) , mIsDeVs(DoesNotMatter) , mBad(DoesNotMatter) , mOwnerTrust(LevelDoesNotMatter) , mOwnerTrustReferenceLevel(Key::Unknown) , mValidity(LevelDoesNotMatter) , mValidityReferenceLevel(UserID::Unknown) { } QColor mFgColor, mBgColor; QString mName; QString mIcon; QString mId; MatchContexts mMatchContexts; unsigned int mSpecificity = 0; bool mItalic = false; bool mBold = false; bool mStrikeOut = false; bool mUseFullFont = false; QFont mFont; TriState mRevoked; TriState mExpired; TriState mInvalid; TriState mDisabled; TriState mRoot; TriState mCanEncrypt; TriState mCanSign; TriState mCanCertify; TriState mCanAuthenticate; TriState mQualified; TriState mCardKey; TriState mHasSecret; TriState mIsOpenPGP; TriState mWasValidated; TriState mIsDeVs; TriState mBad; LevelState mOwnerTrust; GpgME::Key::OwnerTrust mOwnerTrustReferenceLevel; LevelState mValidity; GpgME::UserID::Validity mValidityReferenceLevel; }; DefaultKeyFilter::DefaultKeyFilter() : KeyFilter() , d_ptr(new Private()) { } DefaultKeyFilter::~DefaultKeyFilter() { } bool DefaultKeyFilter::matches(const Key &key, MatchContexts contexts) const { if (!(d_ptr->mMatchContexts & contexts)) { return false; } #ifdef MATCH #undef MATCH #endif #define MATCH(member, method) \ do { \ if (member != DoesNotMatter && key.method() != bool(member == Set)) { \ return false; \ } \ } while (false) #define IS_MATCH(what) MATCH(d_ptr->m##what, is##what) #define CAN_MATCH(what) MATCH(d_ptr->mCan##what, can##what) IS_MATCH(Revoked); IS_MATCH(Expired); IS_MATCH(Invalid); IS_MATCH(Disabled); IS_MATCH(Root); CAN_MATCH(Encrypt); CAN_MATCH(Sign); CAN_MATCH(Certify); CAN_MATCH(Authenticate); IS_MATCH(Qualified); if (d_ptr->mCardKey != DoesNotMatter) { if ((d_ptr->mCardKey == Set && !is_card_key(key)) || (d_ptr->mCardKey == NotSet && is_card_key(key))) { return false; } } MATCH(d_ptr->mHasSecret, hasSecret); #undef MATCH if (d_ptr->mIsOpenPGP != DoesNotMatter && bool(key.protocol() == GpgME::OpenPGP) != bool(d_ptr->mIsOpenPGP == Set)) { return false; } if (d_ptr->mWasValidated != DoesNotMatter && bool(key.keyListMode() & GpgME::Validate) != bool(d_ptr->mWasValidated == Set)) { return false; } if (d_ptr->mIsDeVs != DoesNotMatter && bool(Formatting::uidsHaveFullValidity(key) && Formatting::isKeyDeVs(key)) != bool(d_ptr->mIsDeVs == Set)) { return false; } if (d_ptr->mBad != DoesNotMatter && /* This is similar to GPGME::Key::isBad which was introduced in GPGME 1.13.0 */ bool(key.isNull() || key.isRevoked() || key.isExpired() || key.isDisabled() || key.isInvalid()) != bool(d_ptr->mBad == Set)) { return false; } switch (d_ptr->mOwnerTrust) { default: case LevelDoesNotMatter: break; case Is: if (key.ownerTrust() != d_ptr->mOwnerTrustReferenceLevel) { return false; } break; case IsNot: if (key.ownerTrust() == d_ptr->mOwnerTrustReferenceLevel) { return false; } break; case IsAtLeast: if (static_cast(key.ownerTrust()) < static_cast(d_ptr->mOwnerTrustReferenceLevel)) { return false; } break; case IsAtMost: if (static_cast(key.ownerTrust()) > static_cast(d_ptr->mOwnerTrustReferenceLevel)) { return false; } break; } const UserID uid = key.userID(0); switch (d_ptr->mValidity) { default: case LevelDoesNotMatter: break; case Is: if (uid.validity() != d_ptr->mValidityReferenceLevel) { return false; } break; case IsNot: if (uid.validity() == d_ptr->mValidityReferenceLevel) { return false; } break; case IsAtLeast: if (static_cast(uid.validity()) < static_cast(d_ptr->mValidityReferenceLevel)) { return false; } break; case IsAtMost: if (static_cast(uid.validity()) > static_cast(d_ptr->mValidityReferenceLevel)) { return false; } break; } return true; } KeyFilter::FontDescription DefaultKeyFilter::fontDescription() const { if (d_ptr->mUseFullFont) { return FontDescription::create(font(), bold(), italic(), strikeOut()); } else { return FontDescription::create(bold(), italic(), strikeOut()); } } void DefaultKeyFilter::setFgColor(const QColor &value) const { d_ptr->mFgColor = value; } void DefaultKeyFilter::setBgColor(const QColor &value) const { d_ptr->mBgColor = value; } void DefaultKeyFilter::setName(const QString &value) const { d_ptr->mName = value; } void DefaultKeyFilter::setIcon(const QString &value) const { d_ptr->mIcon = value; } void DefaultKeyFilter::setId(const QString &value) const { d_ptr->mId = value; } void DefaultKeyFilter::setMatchContexts(MatchContexts value) const { d_ptr->mMatchContexts = value; } void DefaultKeyFilter::setSpecificity(unsigned int value) const { d_ptr->mSpecificity = value; } void DefaultKeyFilter::setItalic(bool value) const { d_ptr->mItalic = value; } void DefaultKeyFilter::setBold(bool value) const { d_ptr->mBold = value; } void DefaultKeyFilter::setStrikeOut(bool value) const { d_ptr->mStrikeOut = value; } void DefaultKeyFilter::setUseFullFont(bool value) const { d_ptr->mUseFullFont = value; } void DefaultKeyFilter::setFont(const QFont &value) const { d_ptr->mFont = value; } void DefaultKeyFilter::setRevoked(DefaultKeyFilter::TriState value) const { d_ptr->mRevoked = value; } void DefaultKeyFilter::setExpired(DefaultKeyFilter::TriState value) const { d_ptr->mExpired = value; } void DefaultKeyFilter::setInvalid(DefaultKeyFilter::TriState value) const { d_ptr->mInvalid = value; } void DefaultKeyFilter::setDisabled(DefaultKeyFilter::TriState value) const { d_ptr->mDisabled = value; } void DefaultKeyFilter::setRoot(DefaultKeyFilter::TriState value) const { d_ptr->mRoot = value; } void DefaultKeyFilter::setCanEncrypt(DefaultKeyFilter::TriState value) const { d_ptr->mCanEncrypt = value; } void DefaultKeyFilter::setCanSign(DefaultKeyFilter::TriState value) const { d_ptr->mCanSign = value; } void DefaultKeyFilter::setCanCertify(DefaultKeyFilter::TriState value) const { d_ptr->mCanCertify = value; } void DefaultKeyFilter::setCanAuthenticate(DefaultKeyFilter::TriState value) const { d_ptr->mCanAuthenticate = value; } void DefaultKeyFilter::setQualified(DefaultKeyFilter::TriState value) const { d_ptr->mQualified = value; } void DefaultKeyFilter::setCardKey(DefaultKeyFilter::TriState value) const { d_ptr->mCardKey = value; } void DefaultKeyFilter::setHasSecret(DefaultKeyFilter::TriState value) const { d_ptr->mHasSecret = value; } void DefaultKeyFilter::setIsOpenPGP(DefaultKeyFilter::TriState value) const { d_ptr->mIsOpenPGP = value; } void DefaultKeyFilter::setWasValidated(DefaultKeyFilter::TriState value) const { d_ptr->mWasValidated = value; } void DefaultKeyFilter::setOwnerTrust(DefaultKeyFilter::LevelState value) const { d_ptr->mOwnerTrust = value; } void DefaultKeyFilter::setOwnerTrustReferenceLevel(GpgME::Key::OwnerTrust value) const { d_ptr->mOwnerTrustReferenceLevel = value; } void DefaultKeyFilter::setValidity(DefaultKeyFilter::LevelState value) const { d_ptr->mValidity = value; } void DefaultKeyFilter::setValidityReferenceLevel(GpgME::UserID::Validity value) const { d_ptr->mValidityReferenceLevel = value; } void DefaultKeyFilter::setIsDeVs(DefaultKeyFilter::TriState value) const { d_ptr->mIsDeVs = value; } void DefaultKeyFilter::setIsBad(DefaultKeyFilter::TriState value) const { d_ptr->mBad = value; } QColor DefaultKeyFilter::fgColor() const { return d_ptr->mFgColor; } QColor DefaultKeyFilter::bgColor() const { return d_ptr->mBgColor; } QString DefaultKeyFilter::name() const { return d_ptr->mName; } QString DefaultKeyFilter::icon() const { return d_ptr->mIcon; } QString DefaultKeyFilter::id() const { return d_ptr->mId; } QFont DefaultKeyFilter::font() const { return d_ptr->mFont; } KeyFilter::MatchContexts DefaultKeyFilter::availableMatchContexts() const { return d_ptr->mMatchContexts; } unsigned int DefaultKeyFilter::specificity() const { return d_ptr->mSpecificity; } bool DefaultKeyFilter::italic() const { return d_ptr->mItalic; } bool DefaultKeyFilter::bold() const { return d_ptr->mBold; } bool DefaultKeyFilter::strikeOut() const { return d_ptr->mStrikeOut; } bool DefaultKeyFilter::useFullFont() const { return d_ptr->mUseFullFont; } DefaultKeyFilter::TriState DefaultKeyFilter::revoked() const { return d_ptr->mRevoked; } DefaultKeyFilter::TriState DefaultKeyFilter::expired() const { return d_ptr->mExpired; } DefaultKeyFilter::TriState DefaultKeyFilter::invalid() const { return d_ptr->mInvalid; } DefaultKeyFilter::TriState DefaultKeyFilter::disabled() const { return d_ptr->mDisabled; } DefaultKeyFilter::TriState DefaultKeyFilter::root() const { return d_ptr->mRoot; } DefaultKeyFilter::TriState DefaultKeyFilter::canEncrypt() const { return d_ptr->mCanEncrypt; } DefaultKeyFilter::TriState DefaultKeyFilter::canSign() const { return d_ptr->mCanSign; } DefaultKeyFilter::TriState DefaultKeyFilter::canCertify() const { return d_ptr->mCanCertify; } DefaultKeyFilter::TriState DefaultKeyFilter::canAuthenticate() const { return d_ptr->mCanAuthenticate; } DefaultKeyFilter::TriState DefaultKeyFilter::qualified() const { return d_ptr->mQualified; } DefaultKeyFilter::TriState DefaultKeyFilter::cardKey() const { return d_ptr->mCardKey; } DefaultKeyFilter::TriState DefaultKeyFilter::hasSecret() const { return d_ptr->mHasSecret; } DefaultKeyFilter::TriState DefaultKeyFilter::isOpenPGP() const { return d_ptr->mIsOpenPGP; } DefaultKeyFilter::TriState DefaultKeyFilter::wasValidated() const { return d_ptr->mWasValidated; } DefaultKeyFilter::LevelState DefaultKeyFilter::ownerTrust() const { return d_ptr->mOwnerTrust; } GpgME::Key::OwnerTrust DefaultKeyFilter::ownerTrustReferenceLevel() const { return d_ptr->mOwnerTrustReferenceLevel; } DefaultKeyFilter::LevelState DefaultKeyFilter::validity() const { return d_ptr->mValidity; } GpgME::UserID::Validity DefaultKeyFilter::validityReferenceLevel() const { return d_ptr->mValidityReferenceLevel; } DefaultKeyFilter::TriState DefaultKeyFilter::isDeVS() const { return d_ptr->mIsDeVs; } DefaultKeyFilter::TriState DefaultKeyFilter::isBad() const { return d_ptr->mBad; } diff --git a/src/kleo/defaultkeygenerationjob.cpp b/src/kleo/defaultkeygenerationjob.cpp index 5c9a990e7..8365ef75e 100644 --- a/src/kleo/defaultkeygenerationjob.cpp +++ b/src/kleo/defaultkeygenerationjob.cpp @@ -1,121 +1,123 @@ /* This file is part of Kleopatra, the KDE keymanager SPDX-FileCopyrightText: 2016 Klarälvdalens Datakonsult AB SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "defaultkeygenerationjob.h" #include #include #include #include using namespace Kleo; namespace Kleo { class DefaultKeyGenerationJob::DefaultKeyGenerationJobPrivate { public: DefaultKeyGenerationJobPrivate() { } ~DefaultKeyGenerationJobPrivate() { if (job) { job->deleteLater(); } } QString passphrase; QPointer job; }; } DefaultKeyGenerationJob::DefaultKeyGenerationJob(QObject *parent) : Job(parent) , d(new DefaultKeyGenerationJob::DefaultKeyGenerationJobPrivate()) { } DefaultKeyGenerationJob::~DefaultKeyGenerationJob() = default; QString DefaultKeyGenerationJob::auditLogAsHtml() const { return d->job ? d->job->auditLogAsHtml() : QString(); } GpgME::Error DefaultKeyGenerationJob::auditLogError() const { return d->job ? d->job->auditLogError() : GpgME::Error(); } void DefaultKeyGenerationJob::slotCancel() { if (d->job) { d->job->slotCancel(); } } void DefaultKeyGenerationJob::setPassphrase(const QString &passphrase) { // null QString = ask for passphrase // empty QString = empty passphrase // non-empty QString = passphrase d->passphrase = passphrase.isNull() ? QLatin1String("") : passphrase; } namespace { QString passphraseParameter(const QString &passphrase) { if (passphrase.isNull()) { return QStringLiteral("%ask-passphrase"); } else if (passphrase.isEmpty()) { return QStringLiteral("%no-protection"); } else { return QStringLiteral("passphrase: %1").arg(passphrase); }; } } GpgME::Error DefaultKeyGenerationJob::start(const QString &email, const QString &name) { const QString passphrase = passphraseParameter(d->passphrase); const QString args = QStringLiteral( "\n" "key-type: RSA\n" "key-length: 2048\n" "key-usage: sign\n" "subkey-type: RSA\n" "subkey-length: 2048\n" "subkey-usage: encrypt\n" "%1\n" "name-email: %2\n" "name-real: %3\n" "") .arg(passphrase, email, name); d->job = QGpgME::openpgp()->keyGenerationJob(); d->job->installEventFilter(this); connect(d->job.data(), &QGpgME::KeyGenerationJob::result, this, &DefaultKeyGenerationJob::result); connect(d->job.data(), &QGpgME::KeyGenerationJob::done, this, &DefaultKeyGenerationJob::done); connect(d->job.data(), &QGpgME::KeyGenerationJob::done, this, &QObject::deleteLater); return d->job->start(args); } bool DefaultKeyGenerationJob::eventFilter(QObject *watched, QEvent *event) { // Intercept the KeyGenerationJob's deferred delete event. We want the job // to live at least as long as we do so we can delegate calls to it. We will // delete the job manually afterwards. if (watched == d->job && event->type() == QEvent::DeferredDelete) { return true; } return Job::eventFilter(watched, event); } diff --git a/src/kleo/dn.cpp b/src/kleo/dn.cpp index d464c69cd..d151a984f 100644 --- a/src/kleo/dn.cpp +++ b/src/kleo/dn.cpp @@ -1,549 +1,551 @@ /* dn.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2004 Klarälvdalens Datakonsult AB SPDX-FileCopyrightText: 2021 g10 Code GmbH SPDX-FileContributor: Ingo Klöcker DN parsing: SPDX-FileCopyrightText: 2002 g10 Code GmbH SPDX-FileCopyrightText: 2004 Klarälvdalens Datakonsult AB SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "dn.h" #include "oidmap.h" #include #include #ifdef _MSC_VER #include #define strcasecmp _stricmp #endif namespace { static const QStringList defaultOrder = { QStringLiteral("CN"), QStringLiteral("L"), QStringLiteral("_X_"), QStringLiteral("OU"), QStringLiteral("O"), QStringLiteral("C"), }; class DNAttributeOrderStore { DNAttributeOrderStore() : mAttributeOrder{defaultOrder} { } public: static DNAttributeOrderStore *instance() { static DNAttributeOrderStore *self = new DNAttributeOrderStore(); return self; } const QStringList &attributeOrder() const { return mAttributeOrder.empty() ? defaultOrder : mAttributeOrder; } void setAttributeOrder(const QStringList &order) { mAttributeOrder = order; } private: QStringList mAttributeOrder; }; } class Kleo::DN::Private { public: Private() : mRefCount(0) { } Private(const Private &other) : attributes(other.attributes) , reorderedAttributes(other.reorderedAttributes) , mRefCount(0) { } int ref() { return ++mRefCount; } int unref() { if (--mRefCount <= 0) { delete this; return 0; } else { return mRefCount; } } int refCount() const { return mRefCount; } DN::Attribute::List attributes; DN::Attribute::List reorderedAttributes; private: int mRefCount; }; namespace { struct DnPair { char *key; char *value; }; } // copied from CryptPlug and adapted to work on DN::Attribute::List: #define digitp(p) (*(p) >= '0' && *(p) <= '9') #define hexdigitp(a) (digitp(a) || (*(a) >= 'A' && *(a) <= 'F') || (*(a) >= 'a' && *(a) <= 'f')) #define xtoi_1(p) (*(p) <= '9' ? (*(p) - '0') : *(p) <= 'F' ? (*(p) - 'A' + 10) : (*(p) - 'a' + 10)) #define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p) + 1)) static char *trim_trailing_spaces(char *string) { char *p; char *mark; for (mark = nullptr, p = string; *p; p++) { if (isspace(*p)) { if (!mark) { mark = p; } } else { mark = nullptr; } } if (mark) { *mark = '\0'; } return string; } /* Parse a DN and return an array-ized one. This is not a validating parser and it does not support any old-stylish syntax; gpgme is expected to return only rfc2253 compatible strings. */ static const unsigned char *parse_dn_part(DnPair *array, const unsigned char *string) { const unsigned char *s; const unsigned char *s1; size_t n; char *p; /* parse attributeType */ for (s = string + 1; *s && *s != '='; s++) { ; } if (!*s) { return nullptr; /* error */ } n = s - string; if (!n) { return nullptr; /* empty key */ } p = (char *)malloc(n + 1); memcpy(p, string, n); p[n] = 0; trim_trailing_spaces((char *)p); // map OIDs to their names: if (const char *name = Kleo::attributeNameForOID(p)) { free(p); p = strdup(name); } array->key = p; string = s + 1; if (*string == '#') { /* hexstring */ string++; for (s = string; hexdigitp(s); s++) { s++; } n = s - string; if (!n || (n & 1)) { return nullptr; /* empty or odd number of digits */ } n /= 2; array->value = p = (char *)malloc(n + 1); for (s1 = string; n; s1 += 2, n--) { *p++ = xtoi_2(s1); } *p = 0; } else { /* regular v3 quoted string */ for (n = 0, s = string; *s; s++) { if (*s == '\\') { /* pair */ s++; if (*s == ',' || *s == '=' || *s == '+' || *s == '<' || *s == '>' || *s == '#' || *s == ';' || *s == '\\' || *s == '\"' || *s == ' ') { n++; } else if (hexdigitp(s) && hexdigitp(s + 1)) { s++; n++; } else { return nullptr; /* invalid escape sequence */ } } else if (*s == '\"') { return nullptr; /* invalid encoding */ } else if (*s == ',' || *s == '=' || *s == '+' || *s == '<' || *s == '>' || *s == '#' || *s == ';') { break; } else { n++; } } array->value = p = (char *)malloc(n + 1); for (s = string; n; s++, n--) { if (*s == '\\') { s++; if (hexdigitp(s)) { *p++ = xtoi_2(s); s++; } else { *p++ = *s; } } else { *p++ = *s; } } *p = 0; } return s; } /* Parse a DN and return an array-ized one. This is not a validating parser and it does not support any old-stylish syntax; gpgme is expected to return only rfc2253 compatible strings. */ static Kleo::DN::Attribute::List parse_dn(const unsigned char *string) { if (!string) { return QVector(); } QVector result; while (*string) { while (*string == ' ') { string++; } if (!*string) { break; /* ready */ } DnPair pair = {nullptr, nullptr}; string = parse_dn_part(&pair, string); if (!string) { goto failure; } if (pair.key && pair.value) { result.push_back(Kleo::DN::Attribute(QString::fromUtf8(pair.key), QString::fromUtf8(pair.value))); } free(pair.key); free(pair.value); while (*string == ' ') { string++; } if (*string && *string != ',' && *string != ';' && *string != '+') { goto failure; /* invalid delimiter */ } if (*string) { string++; } } return result; failure: return QVector(); } static QVector parse_dn(const QString &dn) { return parse_dn((const unsigned char *)dn.toUtf8().data()); } static QString dn_escape(const QString &s) { QString result; for (int i = 0, end = s.length(); i != end; ++i) { const QChar ch = s[i]; switch (ch.unicode()) { case ',': case '+': case '"': case '\\': case '<': case '>': case ';': result += QLatin1Char('\\'); // fall through Q_FALLTHROUGH(); default: result += ch; } } return result; } static QString serialise(const QVector &dn, const QString &sep) { QStringList result; for (QVector::const_iterator it = dn.begin(); it != dn.end(); ++it) { if (!(*it).name().isEmpty() && !(*it).value().isEmpty()) { result.push_back((*it).name().trimmed() + QLatin1Char('=') + dn_escape((*it).value().trimmed())); } } return result.join(sep); } static Kleo::DN::Attribute::List reorder_dn(const Kleo::DN::Attribute::List &dn) { const QStringList &attrOrder = Kleo::DN::attributeOrder(); Kleo::DN::Attribute::List unknownEntries; Kleo::DN::Attribute::List result; unknownEntries.reserve(dn.size()); result.reserve(dn.size()); // find all unknown entries in their order of appearance for (Kleo::DN::const_iterator it = dn.begin(); it != dn.end(); ++it) { if (!attrOrder.contains((*it).name())) { unknownEntries.push_back(*it); } } // process the known attrs in the desired order for (QStringList::const_iterator oit = attrOrder.begin(); oit != attrOrder.end(); ++oit) { if (*oit == QLatin1String("_X_")) { // insert the unknown attrs std::copy(unknownEntries.begin(), unknownEntries.end(), std::back_inserter(result)); unknownEntries.clear(); // don't produce dup's } else { for (Kleo::DN::const_iterator dnit = dn.begin(); dnit != dn.end(); ++dnit) { if ((*dnit).name() == *oit) { result.push_back(*dnit); } } } } return result; } // // // class DN // // Kleo::DN::DN() { d = new Private(); d->ref(); } Kleo::DN::DN(const QString &dn) { d = new Private(); d->ref(); d->attributes = parse_dn(dn); } Kleo::DN::DN(const char *utf8DN) { d = new Private(); d->ref(); if (utf8DN) { d->attributes = parse_dn((const unsigned char *)utf8DN); } } Kleo::DN::DN(const DN &other) : d(other.d) { if (d) { d->ref(); } } Kleo::DN::~DN() { if (d) { d->unref(); } } const Kleo::DN &Kleo::DN::operator=(const DN &that) { if (this->d == that.d) { return *this; } if (that.d) { that.d->ref(); } if (this->d) { this->d->unref(); } this->d = that.d; return *this; } // static QStringList Kleo::DN::attributeOrder() { return DNAttributeOrderStore::instance()->attributeOrder(); } // static void Kleo::DN::setAttributeOrder(const QStringList &order) { DNAttributeOrderStore::instance()->setAttributeOrder(order); } // static QStringList Kleo::DN::defaultAttributeOrder() { return defaultOrder; } QString Kleo::DN::prettyDN() const { if (!d) { return QString(); } if (d->reorderedAttributes.empty()) { d->reorderedAttributes = reorder_dn(d->attributes); } return serialise(d->reorderedAttributes, QStringLiteral(",")); } QString Kleo::DN::dn() const { return d ? serialise(d->attributes, QStringLiteral(",")) : QString(); } QString Kleo::DN::dn(const QString &sep) const { return d ? serialise(d->attributes, sep) : QString(); } // static QString Kleo::DN::escape(const QString &value) { return dn_escape(value); } void Kleo::DN::detach() { if (!d) { d = new Kleo::DN::Private(); d->ref(); } else if (d->refCount() > 1) { Kleo::DN::Private *d_save = d; d = new Kleo::DN::Private(*d); d->ref(); d_save->unref(); } } void Kleo::DN::append(const Attribute &attr) { detach(); d->attributes.push_back(attr); d->reorderedAttributes.clear(); } QString Kleo::DN::operator[](const QString &attr) const { if (!d) { return QString(); } const QString attrUpper = attr.toUpper(); for (QVector::const_iterator it = d->attributes.constBegin(); it != d->attributes.constEnd(); ++it) { if ((*it).name() == attrUpper) { return (*it).value(); } } return QString(); } static QVector empty; Kleo::DN::const_iterator Kleo::DN::begin() const { return d ? d->attributes.constBegin() : empty.constBegin(); } Kleo::DN::const_iterator Kleo::DN::end() const { return d ? d->attributes.constEnd() : empty.constEnd(); } ///////////////////// namespace { static const QMap attributeNamesAndLabels = { // clang-format off {QStringLiteral("CN"), kli18n("Common name") }, {QStringLiteral("SN"), kli18n("Surname") }, {QStringLiteral("GN"), kli18n("Given name") }, {QStringLiteral("L"), kli18n("Location") }, {QStringLiteral("T"), kli18n("Title") }, {QStringLiteral("OU"), kli18n("Organizational unit")}, {QStringLiteral("O"), kli18n("Organization") }, {QStringLiteral("PC"), kli18n("Postal code") }, {QStringLiteral("C"), kli18n("Country code") }, {QStringLiteral("SP"), kli18n("State or province") }, {QStringLiteral("DC"), kli18n("Domain component") }, {QStringLiteral("BC"), kli18n("Business category") }, {QStringLiteral("EMAIL"), kli18n("Email address") }, {QStringLiteral("MAIL"), kli18n("Mail address") }, {QStringLiteral("MOBILE"), kli18n("Mobile phone number")}, {QStringLiteral("TEL"), kli18n("Telephone number") }, {QStringLiteral("FAX"), kli18n("Fax number") }, {QStringLiteral("STREET"), kli18n("Street address") }, {QStringLiteral("UID"), kli18n("Unique ID") }, // clang-format on }; } // static QStringList Kleo::DN::attributeNames() { return attributeNamesAndLabels.keys(); } // static QString Kleo::DN::attributeNameToLabel(const QString &name) { return attributeNamesAndLabels.value(name.trimmed().toUpper()).toString(); } diff --git a/src/kleo/docaction.cpp b/src/kleo/docaction.cpp index 4257ea909..caab95ee0 100644 --- a/src/kleo/docaction.cpp +++ b/src/kleo/docaction.cpp @@ -1,60 +1,63 @@ /* kleo/docaction.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2022 g10 Code GmbH SPDX-FileContributor: Andre Heinecke SPDX-License-Identifier: GPL-2.0-or-later */ + +#include + #include "docaction.h" #include #include #include #include #include #include #include using namespace Kleo; class Kleo::DocAction::Private { public: explicit Private(const QString &filename, const QString &pathHint); ~Private() = default; QString path; bool isEnabled = false; }; DocAction::Private::Private(const QString &filename, const QString &pathHint) { QString tmp = pathHint; if (!tmp.startsWith(QLatin1Char('/'))) { tmp.prepend(QLatin1Char('/')); } QDir datadir(QCoreApplication::applicationDirPath() + (pathHint.isNull() ? QStringLiteral("/../share/kleopatra") : tmp)); path = datadir.filePath(filename); QFileInfo fi(path); isEnabled = fi.exists(); } DocAction::DocAction(const QIcon &icon, const QString &text, const QString &filename, const QString &pathHint, QObject *parent) : QAction(icon, text, parent) , d(new Private(filename, pathHint)) { setVisible(d->isEnabled); setEnabled(d->isEnabled); connect(this, &QAction::triggered, this, [this]() { if (d->isEnabled) { qCDebug(LIBKLEO_LOG) << "Opening file:" << d->path; QDesktopServices::openUrl(QUrl::fromLocalFile(d->path)); } }); } DocAction::~DocAction() = default; diff --git a/src/kleo/enum.cpp b/src/kleo/enum.cpp index 2c03d4200..c616dc477 100644 --- a/src/kleo/enum.cpp +++ b/src/kleo/enum.cpp @@ -1,308 +1,310 @@ /* kleo/enum.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2004 Klarälvdalens Datakonsult AB SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "enum.h" #include "models/keycache.h" #include #include #include #include #include #include #include #include static const struct { Kleo::CryptoMessageFormat format; const KLazyLocalizedString displayName; const char *configName; } cryptoMessageFormats[] = { // clang-format off {Kleo::InlineOpenPGPFormat, kli18n("Inline OpenPGP (deprecated)"), "inline openpgp"}, {Kleo::OpenPGPMIMEFormat, kli18n("OpenPGP/MIME"), "openpgp/mime" }, {Kleo::SMIMEFormat, kli18n("S/MIME"), "s/mime" }, {Kleo::SMIMEOpaqueFormat, kli18n("S/MIME Opaque"), "s/mime opaque" }, {Kleo::AnySMIME, kli18n("Any S/MIME"), "any s/mime" }, {Kleo::AnyOpenPGP, kli18n("Any OpenPGP"), "any openpgp" }, // clang-format on }; static const unsigned int numCryptoMessageFormats = sizeof cryptoMessageFormats / sizeof *cryptoMessageFormats; const char *Kleo::cryptoMessageFormatToString(Kleo::CryptoMessageFormat f) { if (f == AutoFormat) { return "auto"; } for (unsigned int i = 0; i < numCryptoMessageFormats; ++i) { if (f == cryptoMessageFormats[i].format) { return cryptoMessageFormats[i].configName; } } return nullptr; } QStringList Kleo::cryptoMessageFormatsToStringList(unsigned int f) { QStringList result; for (unsigned int i = 0; i < numCryptoMessageFormats; ++i) { if (f & cryptoMessageFormats[i].format) { result.push_back(QLatin1String(cryptoMessageFormats[i].configName)); } } return result; } QString Kleo::cryptoMessageFormatToLabel(Kleo::CryptoMessageFormat f) { if (f == AutoFormat) { return i18n("Any"); } for (unsigned int i = 0; i < numCryptoMessageFormats; ++i) { if (f == cryptoMessageFormats[i].format) { return KLocalizedString(cryptoMessageFormats[i].displayName).toString(); } } return QString(); } Kleo::CryptoMessageFormat Kleo::stringToCryptoMessageFormat(const QString &s) { const QString t = s.toLower(); for (unsigned int i = 0; i < numCryptoMessageFormats; ++i) { if (t == QLatin1String(cryptoMessageFormats[i].configName)) { return cryptoMessageFormats[i].format; } } return AutoFormat; } unsigned int Kleo::stringListToCryptoMessageFormats(const QStringList &sl) { unsigned int result = 0; for (QStringList::const_iterator it = sl.begin(); it != sl.end(); ++it) { result |= stringToCryptoMessageFormat(*it); } return result; } // For the config values used below, see also kaddressbook/editors/cryptowidget.cpp const char *Kleo::encryptionPreferenceToString(EncryptionPreference pref) { switch (pref) { case UnknownPreference: return nullptr; case NeverEncrypt: return "never"; case AlwaysEncrypt: return "always"; case AlwaysEncryptIfPossible: return "alwaysIfPossible"; case AlwaysAskForEncryption: return "askAlways"; case AskWheneverPossible: return "askWhenPossible"; } return nullptr; // keep the compiler happy } Kleo::EncryptionPreference Kleo::stringToEncryptionPreference(const QString &str) { if (str == QLatin1String("never")) { return NeverEncrypt; } if (str == QLatin1String("always")) { return AlwaysEncrypt; } if (str == QLatin1String("alwaysIfPossible")) { return AlwaysEncryptIfPossible; } if (str == QLatin1String("askAlways")) { return AlwaysAskForEncryption; } if (str == QLatin1String("askWhenPossible")) { return AskWheneverPossible; } return UnknownPreference; } QString Kleo::encryptionPreferenceToLabel(EncryptionPreference pref) { switch (pref) { case NeverEncrypt: return i18n("Never Encrypt"); case AlwaysEncrypt: return i18n("Always Encrypt"); case AlwaysEncryptIfPossible: return i18n("Always Encrypt If Possible"); case AlwaysAskForEncryption: return i18n("Ask"); case AskWheneverPossible: return i18n("Ask Whenever Possible"); default: return xi18nc("no specific preference", "none"); } } const char *Kleo::signingPreferenceToString(SigningPreference pref) { switch (pref) { case UnknownSigningPreference: return nullptr; case NeverSign: return "never"; case AlwaysSign: return "always"; case AlwaysSignIfPossible: return "alwaysIfPossible"; case AlwaysAskForSigning: return "askAlways"; case AskSigningWheneverPossible: return "askWhenPossible"; } return nullptr; // keep the compiler happy } Kleo::SigningPreference Kleo::stringToSigningPreference(const QString &str) { if (str == QLatin1String("never")) { return NeverSign; } if (str == QLatin1String("always")) { return AlwaysSign; } if (str == QLatin1String("alwaysIfPossible")) { return AlwaysSignIfPossible; } if (str == QLatin1String("askAlways")) { return AlwaysAskForSigning; } if (str == QLatin1String("askWhenPossible")) { return AskSigningWheneverPossible; } return UnknownSigningPreference; } QString Kleo::signingPreferenceToLabel(SigningPreference pref) { switch (pref) { case NeverSign: return i18n("Never Sign"); case AlwaysSign: return i18n("Always Sign"); case AlwaysSignIfPossible: return i18n("Always Sign If Possible"); case AlwaysAskForSigning: return i18n("Ask"); case AskSigningWheneverPossible: return i18n("Ask Whenever Possible"); default: return i18nc("no specific preference", ""); } } Kleo::TrustLevel Kleo::trustLevel(const GpgME::Key &key) { TrustLevel maxTl = Level0; for (int i = 0, c = key.numUserIDs(); i < c; ++i) { const auto tl = trustLevel(key.userID(i)); maxTl = qMax(maxTl, tl); if (maxTl == Level4) { break; } } return maxTl; } namespace { bool hasTrustedSignature(const GpgME::UserID &uid) { // lazily initialized cache static std::shared_ptr keyCache; if (!keyCache) { keyCache = Kleo::KeyCache::instance(); } if (!keyCache->initialized()) { QEventLoop el; QObject::connect(keyCache.get(), &Kleo::KeyCache::keyListingDone, &el, &QEventLoop::quit); el.exec(); } const auto signatures = uid.signatures(); std::vector sigKeyIDs; std::transform(signatures.cbegin(), signatures.cend(), std::back_inserter(sigKeyIDs), std::bind(&GpgME::UserID::Signature::signerKeyID, std::placeholders::_1)); const auto keys = keyCache->findByKeyIDOrFingerprint(sigKeyIDs); return std::any_of(keys.cbegin(), keys.cend(), [](const GpgME::Key &key) { return key.ownerTrust() == GpgME::Key::Ultimate; }); } } Kleo::TrustLevel Kleo::trustLevel(const GpgME::UserID &uid) { // Modelled after https://wiki.gnupg.org/EasyGpg2016/AutomatedEncryption, // but modified to cover all cases, unlike the pseudocode in the document. // // TODO: Check whether the key comes from a trusted source (Cert/PKA/DANE/WKD) switch (uid.validity()) { case GpgME::UserID::Unknown: case GpgME::UserID::Undefined: case GpgME::UserID::Never: // Not enough trust -> level 0 return Level0; case GpgME::UserID::Marginal: // Marginal trust without TOFU data means the key is still trusted // through the Web of Trust -> level 2 if (uid.tofuInfo().isNull()) { return Level2; } // Marginal trust with TOFU, level will depend on TOFU history switch (uid.tofuInfo().validity()) { case GpgME::TofuInfo::ValidityUnknown: case GpgME::TofuInfo::Conflict: case GpgME::TofuInfo::NoHistory: // Marginal trust, but not enough history -> level 0 return Level0; case GpgME::TofuInfo::LittleHistory: // Marginal trust, but too little history -> level 1 return Level1; case GpgME::TofuInfo::BasicHistory: case GpgME::TofuInfo::LargeHistory: // Marginal trust and enough history -> level 2 return Level2; } return Level2; // Not reached, but avoids fallthrough warnings case GpgME::UserID::Full: // Full trust, trust level depends whether the UserID is signed with // at least one key with Ultimate ownertrust. return hasTrustedSignature(uid) ? Level4 : Level3; case GpgME::UserID::Ultimate: // Ultimate trust -> leve 4 return Level4; } Q_UNREACHABLE(); } diff --git a/src/kleo/kconfigbasedkeyfilter.cpp b/src/kleo/kconfigbasedkeyfilter.cpp index 3a829d8dd..8d4d4aa98 100644 --- a/src/kleo/kconfigbasedkeyfilter.cpp +++ b/src/kleo/kconfigbasedkeyfilter.cpp @@ -1,237 +1,239 @@ /* kconfigbasedkeyfilter.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2004 Klarälvdalens Datakonsult AB SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "kconfigbasedkeyfilter.h" #include #include #include #include #include using namespace Kleo; using namespace GpgME; // // // FontDescription - intuitive font property resolving // (QFont::resolve doesn't work for us) // // struct KeyFilter::FontDescription::Private { bool bold, italic, strikeOut, fullFont; QFont font; }; KeyFilter::FontDescription::FontDescription() : d(new Private) { d->bold = d->italic = d->strikeOut = d->fullFont = false; } KeyFilter::FontDescription::FontDescription(const FontDescription &other) : d(new Private(*other.d)) { } KeyFilter::FontDescription::~FontDescription() = default; KeyFilter::FontDescription KeyFilter::FontDescription::create(bool b, bool i, bool s) { FontDescription fd; fd.d->bold = b; fd.d->italic = i; fd.d->strikeOut = s; return fd; } KeyFilter::FontDescription KeyFilter::FontDescription::create(const QFont &f, bool b, bool i, bool s) { FontDescription fd; fd.d->fullFont = true; fd.d->font = f; fd.d->bold = b; fd.d->italic = i; fd.d->strikeOut = s; return fd; } QFont KeyFilter::FontDescription::font(const QFont &base) const { QFont font; if (d->fullFont) { font = d->font; font.setPointSize(base.pointSize()); } else { font = base; } if (d->bold) { font.setBold(true); } if (d->italic) { font.setItalic(true); } if (d->strikeOut) { font.setStrikeOut(true); } return font; } KeyFilter::FontDescription KeyFilter::FontDescription::resolve(const FontDescription &other) const { FontDescription fd; fd.d->fullFont = this->d->fullFont || other.d->fullFont; if (fd.d->fullFont) { fd.d->font = this->d->fullFont ? this->d->font : other.d->font; } fd.d->bold = this->d->bold || other.d->bold; fd.d->italic = this->d->italic || other.d->italic; fd.d->strikeOut = this->d->strikeOut || other.d->strikeOut; return fd; } static const struct { const char *name; Key::OwnerTrust trust; UserID::Validity validity; } ownerTrustAndValidityMap[] = { // clang-format off {"unknown", Key::Unknown, UserID::Unknown }, {"undefined", Key::Undefined, UserID::Undefined}, {"never", Key::Never, UserID::Never }, {"marginal", Key::Marginal, UserID::Marginal }, {"full", Key::Full, UserID::Full }, {"ultimate", Key::Ultimate, UserID::Ultimate }, // clang-format on }; static Key::OwnerTrust map2OwnerTrust(const QString &s) { for (unsigned int i = 0; i < sizeof ownerTrustAndValidityMap / sizeof *ownerTrustAndValidityMap; ++i) { if (s.toLower() == QLatin1String(ownerTrustAndValidityMap[i].name)) { return ownerTrustAndValidityMap[i].trust; } } return ownerTrustAndValidityMap[0].trust; } static UserID::Validity map2Validity(const QString &s) { for (unsigned int i = 0; i < sizeof ownerTrustAndValidityMap / sizeof *ownerTrustAndValidityMap; ++i) { if (s.toLower() == QLatin1String(ownerTrustAndValidityMap[i].name)) { return ownerTrustAndValidityMap[i].validity; } } return ownerTrustAndValidityMap[0].validity; } KConfigBasedKeyFilter::KConfigBasedKeyFilter(const KConfigGroup &config) : DefaultKeyFilter() { setFgColor(config.readEntry("foreground-color", QColor())); setBgColor(config.readEntry("background-color", QColor())); setName(config.readEntry("Name", config.name())); setIcon(config.readEntry("icon")); setId(config.readEntry("id", config.name())); if (config.hasKey("font")) { setUseFullFont(true); setFont(config.readEntry("font")); } else { setUseFullFont(false); setItalic(config.readEntry("font-italic", false)); setBold(config.readEntry("font-bold", false)); } setStrikeOut(config.readEntry("font-strikeout", false)); #ifdef SET #undef SET #endif #define SET(member, key) \ if (config.hasKey(key)) { \ set##member(config.readEntry(key, false) ? Set : NotSet); \ setSpecificity(specificity() + 1); \ } SET(Revoked, "is-revoked"); SET(Expired, "is-expired"); SET(Disabled, "is-disabled"); SET(Root, "is-root-certificate"); SET(CanEncrypt, "can-encrypt"); SET(CanSign, "can-sign"); SET(CanCertify, "can-certify"); SET(CanAuthenticate, "can-authenticate"); SET(Qualified, "is-qualified"); SET(CardKey, "is-cardkey"); SET(HasSecret, "has-secret-key"); SET(IsOpenPGP, "is-openpgp-key"); SET(WasValidated, "was-validated"); SET(IsDeVs, "is-de-vs"); #undef SET static const struct { const char *prefix; LevelState state; } prefixMap[] = { {"is-", Is}, {"is-not-", IsNot}, {"is-at-least-", IsAtLeast}, {"is-at-most-", IsAtMost}, }; for (unsigned int i = 0; i < sizeof prefixMap / sizeof *prefixMap; ++i) { const QString key = QLatin1String(prefixMap[i].prefix) + QLatin1String("ownertrust"); if (config.hasKey(key)) { setOwnerTrust(prefixMap[i].state); setOwnerTrustReferenceLevel(map2OwnerTrust(config.readEntry(key, QString()))); setSpecificity(specificity() + 1); break; } } for (unsigned int i = 0; i < sizeof prefixMap / sizeof *prefixMap; ++i) { const QString key = QLatin1String(prefixMap[i].prefix) + QLatin1String("validity"); if (config.hasKey(key)) { setValidity(prefixMap[i].state); setValidityReferenceLevel(map2Validity(config.readEntry(key, QString()))); setSpecificity(specificity() + 1); break; } } static const struct { const char *key; MatchContext context; } matchMap[] = { {"any", AnyMatchContext}, {"appearance", Appearance}, {"filtering", Filtering}, }; static const QRegularExpression reg(QRegularExpression(QLatin1String("[^a-zA-Z0-9_-!]+"))); const QStringList contexts = config.readEntry("match-contexts", "any").toLower().split(reg, Qt::SkipEmptyParts); setMatchContexts(NoMatchContext); for (const QString &ctx : contexts) { bool found = false; for (unsigned int i = 0; i < sizeof matchMap / sizeof *matchMap; ++i) { if (ctx == QLatin1String(matchMap[i].key)) { setMatchContexts(availableMatchContexts() |= matchMap[i].context); found = true; break; } else if (ctx.startsWith(QLatin1Char('!')) && ctx.mid(1) == QLatin1String(matchMap[i].key)) { setMatchContexts(availableMatchContexts() &= matchMap[i].context); found = true; break; } } if (!found) { qWarning() << QStringLiteral("KConfigBasedKeyFilter: found unknown match context '%1' in group '%2'").arg(ctx, config.name()); } } if (availableMatchContexts() == NoMatchContext) { qWarning() << QStringLiteral( "KConfigBasedKeyFilter: match context in group '%1' evaluates to NoMatchContext, " "replaced by AnyMatchContext") .arg(config.name()); setMatchContexts(AnyMatchContext); } } diff --git a/src/kleo/keyfiltermanager.cpp b/src/kleo/keyfiltermanager.cpp index 1d1e03b0f..d9298771f 100644 --- a/src/kleo/keyfiltermanager.cpp +++ b/src/kleo/keyfiltermanager.cpp @@ -1,456 +1,458 @@ /* keyfiltermanager.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2004 Klarälvdalens Datakonsult AB SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "keyfiltermanager.h" #include "defaultkeyfilter.h" #include "kconfigbasedkeyfilter.h" #include "stl_util.h" #include "utils/algorithm.h" #include "utils/formatting.h" #include "utils/gnupg.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include using namespace Kleo; using namespace GpgME; namespace { class Model : public QAbstractListModel { KeyFilterManager::Private *m_keyFilterManagerPrivate; public: explicit Model(KeyFilterManager::Private *p) : QAbstractListModel(nullptr) , m_keyFilterManagerPrivate(p) { } int rowCount(const QModelIndex &) const override; QVariant data(const QModelIndex &idx, int role) const override; /* upgrade to public */ using QAbstractListModel::beginResetModel; /* upgrade to public */ using QAbstractListModel::endResetModel; }; class AllCertificatesKeyFilter : public DefaultKeyFilter { public: AllCertificatesKeyFilter() : DefaultKeyFilter() { setSpecificity(UINT_MAX); // overly high for ordering setName(i18n("All Certificates")); setId(QStringLiteral("all-certificates")); setMatchContexts(Filtering); } }; class MyCertificatesKeyFilter : public DefaultKeyFilter { public: MyCertificatesKeyFilter() : DefaultKeyFilter() { setHasSecret(Set); setSpecificity(UINT_MAX - 1); // overly high for ordering setName(i18n("My Certificates")); setId(QStringLiteral("my-certificates")); setMatchContexts(AnyMatchContext); setBold(true); } }; class TrustedCertificatesKeyFilter : public DefaultKeyFilter { public: TrustedCertificatesKeyFilter() : DefaultKeyFilter() { setRevoked(NotSet); setValidity(IsAtLeast); setValidityReferenceLevel(UserID::Marginal); setSpecificity(UINT_MAX - 2); // overly high for ordering setName(i18n("Trusted Certificates")); setId(QStringLiteral("trusted-certificates")); setMatchContexts(Filtering); } }; class FullCertificatesKeyFilter : public DefaultKeyFilter { public: FullCertificatesKeyFilter() : DefaultKeyFilter() { setRevoked(NotSet); setValidity(IsAtLeast); setValidityReferenceLevel(UserID::Full); setSpecificity(UINT_MAX - 3); setName(i18n("Fully Trusted Certificates")); setId(QStringLiteral("full-certificates")); setMatchContexts(Filtering); } }; class OtherCertificatesKeyFilter : public DefaultKeyFilter { public: OtherCertificatesKeyFilter() : DefaultKeyFilter() { setHasSecret(NotSet); setValidity(IsAtMost); setValidityReferenceLevel(UserID::Never); setSpecificity(UINT_MAX - 4); // overly high for ordering setName(i18n("Other Certificates")); setId(QStringLiteral("other-certificates")); setMatchContexts(Filtering); } }; /* This filter selects uncertified OpenPGP keys, i.e. "good" OpenPGP keys with * unrevoked user IDs that are not fully valid. */ class UncertifiedOpenPGPKeysFilter : public DefaultKeyFilter { public: UncertifiedOpenPGPKeysFilter() : DefaultKeyFilter() { setSpecificity(UINT_MAX - 6); // overly high for ordering setName(i18n("Not Certified Certificates")); setId(QStringLiteral("not-certified-certificates")); setMatchContexts(Filtering); setIsOpenPGP(Set); setIsBad(NotSet); } bool matches(const Key &key, MatchContexts contexts) const override { return DefaultKeyFilter::matches(key, contexts) && !Formatting::uidsHaveFullValidity(key); } }; /* This filter selects only invalid keys (i.e. those where not all * UIDs are at least fully valid). */ class KeyNotValidFilter : public DefaultKeyFilter { public: KeyNotValidFilter() : DefaultKeyFilter() { setSpecificity(UINT_MAX - 7); // overly high for ordering setName(i18n("Not Validated Certificates")); setId(QStringLiteral("not-validated-certificates")); setMatchContexts(Filtering); } bool matches(const Key &key, MatchContexts contexts) const override { return DefaultKeyFilter::matches(key, contexts) && !Formatting::uidsHaveFullValidity(key); } }; } static std::vector> defaultFilters() { std::vector> result; result.reserve(6); result.push_back(std::shared_ptr(new MyCertificatesKeyFilter)); result.push_back(std::shared_ptr(new TrustedCertificatesKeyFilter)); result.push_back(std::shared_ptr(new FullCertificatesKeyFilter)); result.push_back(std::shared_ptr(new OtherCertificatesKeyFilter)); result.push_back(std::shared_ptr(new AllCertificatesKeyFilter)); result.push_back(std::shared_ptr(new UncertifiedOpenPGPKeysFilter)); result.push_back(std::shared_ptr(new KeyNotValidFilter)); return result; } class KeyFilterManager::Private { public: Private() : filters() , model(this) { } void clear() { model.beginResetModel(); filters.clear(); model.endResetModel(); } std::vector> filters; Model model; GpgME::Protocol protocol = GpgME::UnknownProtocol; }; KeyFilterManager *KeyFilterManager::mSelf = nullptr; KeyFilterManager::KeyFilterManager(QObject *parent) : QObject(parent) , d(new Private) { mSelf = this; // ### DF: doesn't a KStaticDeleter work more reliably? if (QCoreApplication *app = QCoreApplication::instance()) { connect(app, &QCoreApplication::aboutToQuit, this, &QObject::deleteLater); } reload(); } KeyFilterManager::~KeyFilterManager() { mSelf = nullptr; if (d) { d->clear(); } } KeyFilterManager *KeyFilterManager::instance() { if (!mSelf) { mSelf = new KeyFilterManager(); } return mSelf; } void KeyFilterManager::alwaysFilterByProtocol(GpgME::Protocol protocol) { if (protocol != d->protocol) { d->protocol = protocol; reload(); } } const std::shared_ptr &KeyFilterManager::filterMatching(const Key &key, KeyFilter::MatchContexts contexts) const { const auto it = std::find_if(d->filters.cbegin(), d->filters.cend(), [&key, contexts](const std::shared_ptr &filter) { return filter->matches(key, contexts); }); if (it != d->filters.cend()) { return *it; } static const std::shared_ptr null; return null; } std::vector> KeyFilterManager::filtersMatching(const Key &key, KeyFilter::MatchContexts contexts) const { std::vector> result; result.reserve(d->filters.size()); std::remove_copy_if(d->filters.begin(), d->filters.end(), std::back_inserter(result), [&key, contexts](const std::shared_ptr &filter) { return !filter->matches(key, contexts); }); return result; } namespace { static const auto byDecreasingSpecificity = [](const std::shared_ptr &lhs, const std::shared_ptr &rhs) { return lhs->specificity() > rhs->specificity(); }; } void KeyFilterManager::reload() { d->clear(); d->filters = defaultFilters(); KSharedConfigPtr config = KSharedConfig::openConfig(QStringLiteral("libkleopatrarc")); const QStringList groups = config->groupList().filter(QRegularExpression(QStringLiteral("^Key Filter #\\d+$"))); const bool ignoreDeVs = !Kleo::gnupgIsDeVsCompliant(); for (QStringList::const_iterator it = groups.begin(); it != groups.end(); ++it) { const KConfigGroup cfg(config, *it); if (cfg.hasKey("is-de-vs") && ignoreDeVs) { /* Don't show de-vs filters in other compliance modes */ continue; } d->filters.push_back(std::shared_ptr(new KConfigBasedKeyFilter(cfg))); } std::stable_sort(d->filters.begin(), d->filters.end(), byDecreasingSpecificity); if (d->protocol != GpgME::UnknownProtocol) { // remove filters with conflicting isOpenPGP rule const auto conflictingValue = (d->protocol == GpgME::OpenPGP) ? DefaultKeyFilter::NotSet : DefaultKeyFilter::Set; Kleo::erase_if(d->filters, [conflictingValue](const auto &f) { const auto filter = std::dynamic_pointer_cast(f); Q_ASSERT(filter); return filter->isOpenPGP() == conflictingValue; }); // add isOpenPGP rule to all filters const auto isOpenPGPValue = (d->protocol == GpgME::OpenPGP) ? DefaultKeyFilter::Set : DefaultKeyFilter::NotSet; std::for_each(std::begin(d->filters), std::end(d->filters), [isOpenPGPValue](auto &f) { const auto filter = std::dynamic_pointer_cast(f); Q_ASSERT(filter); return filter->setIsOpenPGP(isOpenPGPValue); }); } qCDebug(LIBKLEO_LOG) << "KeyFilterManager::" << __func__ << "final filter count is" << d->filters.size(); } QAbstractItemModel *KeyFilterManager::model() const { return &d->model; } const std::shared_ptr &KeyFilterManager::keyFilterByID(const QString &id) const { const auto it = std::find_if(d->filters.begin(), d->filters.end(), [id](const std::shared_ptr &filter) { return filter->id() == id; }); if (it != d->filters.end()) { return *it; } static const std::shared_ptr null; return null; } const std::shared_ptr &KeyFilterManager::fromModelIndex(const QModelIndex &idx) const { if (!idx.isValid() || idx.model() != &d->model || idx.row() < 0 || static_cast(idx.row()) >= d->filters.size()) { static const std::shared_ptr null; return null; } return d->filters[idx.row()]; } QModelIndex KeyFilterManager::toModelIndex(const std::shared_ptr &kf) const { if (!kf) { return {}; } const auto pair = std::equal_range(d->filters.cbegin(), d->filters.cend(), kf, byDecreasingSpecificity); const auto it = std::find(pair.first, pair.second, kf); if (it != pair.second) { return d->model.index(it - d->filters.begin()); } else { return QModelIndex(); } } int Model::rowCount(const QModelIndex &) const { return m_keyFilterManagerPrivate->filters.size(); } QVariant Model::data(const QModelIndex &idx, int role) const { if (!idx.isValid() || idx.model() != this || idx.row() < 0 || static_cast(idx.row()) > m_keyFilterManagerPrivate->filters.size()) { return QVariant(); } const auto filter = m_keyFilterManagerPrivate->filters[idx.row()]; switch (role) { case Qt::DecorationRole: return filter->icon(); case Qt::DisplayRole: case Qt::EditRole: case Qt::ToolTipRole: /* Most useless tooltip ever. */ return filter->name(); case KeyFilterManager::FilterIdRole: return filter->id(); case KeyFilterManager::FilterMatchContextsRole: return QVariant::fromValue(filter->availableMatchContexts()); default: return QVariant(); } } static KeyFilter::FontDescription get_fontdescription(const std::vector> &filters, const Key &key, const KeyFilter::FontDescription &initial) { return kdtools::accumulate_if( filters.begin(), filters.end(), [&key](const std::shared_ptr &filter) { return filter->matches(key, KeyFilter::Appearance); }, initial, [](const KeyFilter::FontDescription &lhs, const std::shared_ptr &rhs) { return lhs.resolve(rhs->fontDescription()); }); } QFont KeyFilterManager::font(const Key &key, const QFont &baseFont) const { const KeyFilter::FontDescription fd = get_fontdescription(d->filters, key, KeyFilter::FontDescription()); return fd.font(baseFont); } static QColor get_color(const std::vector> &filters, const Key &key, QColor (KeyFilter::*fun)() const) { const auto it = std::find_if(filters.cbegin(), filters.cend(), [&fun, &key](const std::shared_ptr &filter) { return filter->matches(key, KeyFilter::Appearance) && (filter.get()->*fun)().isValid(); }); if (it == filters.cend()) { return {}; } else { return (it->get()->*fun)(); } } static QString get_string(const std::vector> &filters, const Key &key, QString (KeyFilter::*fun)() const) { const auto it = std::find_if(filters.cbegin(), filters.cend(), [&fun, &key](const std::shared_ptr &filter) { return filter->matches(key, KeyFilter::Appearance) && !(filter.get()->*fun)().isEmpty(); }); if (it == filters.cend()) { return QString(); } else { return (*it)->icon(); } } QColor KeyFilterManager::bgColor(const Key &key) const { return get_color(d->filters, key, &KeyFilter::bgColor); } QColor KeyFilterManager::fgColor(const Key &key) const { return get_color(d->filters, key, &KeyFilter::fgColor); } QIcon KeyFilterManager::icon(const Key &key) const { const QString icon = get_string(d->filters, key, &KeyFilter::icon); return icon.isEmpty() ? QIcon() : QIcon::fromTheme(icon); } diff --git a/src/kleo/keygroup.cpp b/src/kleo/keygroup.cpp index ec29361f4..51c13ad63 100644 --- a/src/kleo/keygroup.cpp +++ b/src/kleo/keygroup.cpp @@ -1,140 +1,142 @@ /* kleo/keygroup.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2021 g10 Code GmbH SPDX-FileContributor: Ingo Klöcker SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "keygroup.h" #include #include using namespace Kleo; using namespace GpgME; class KeyGroup::Private { public: explicit Private(const Id &id, const QString &name, const std::vector &keys, Source source); Id id; QString name; Keys keys; Source source; bool isImmutable = true; }; KeyGroup::Private::Private(const Id &id, const QString &name, const std::vector &keys, Source source) : id(id) , name(name) , keys(keys.cbegin(), keys.cend()) , source(source) { } KeyGroup::KeyGroup() : KeyGroup(QString(), QString(), {}, UnknownSource) { } KeyGroup::~KeyGroup() = default; KeyGroup::KeyGroup(const Id &id, const QString &name, const std::vector &keys, Source source) : d(new Private(id, name, keys, source)) { } KeyGroup::KeyGroup(const KeyGroup &other) : d(new Private(*other.d)) { } KeyGroup &KeyGroup::operator=(const KeyGroup &other) { *d = *other.d; return *this; } KeyGroup::KeyGroup(KeyGroup &&other) = default; KeyGroup &KeyGroup::operator=(KeyGroup &&other) = default; bool KeyGroup::isNull() const { return !d || d->id.isEmpty(); } KeyGroup::Id KeyGroup::id() const { return d ? d->id : QString(); } void KeyGroup::setName(const QString &name) { if (d) { d->name = name; } } QString KeyGroup::name() const { return d ? d->name : QString(); } void KeyGroup::setKeys(const KeyGroup::Keys &keys) { if (d) { d->keys = keys; } } void KeyGroup::setKeys(const std::vector &keys) { if (d) { d->keys = Keys(keys.cbegin(), keys.cend()); } } const KeyGroup::Keys &KeyGroup::keys() const { static const Keys empty; return d ? d->keys : empty; } KeyGroup::Source KeyGroup::source() const { return d ? d->source : UnknownSource; } void KeyGroup::setIsImmutable(bool isImmutable) { if (d) { d->isImmutable = isImmutable; } } bool KeyGroup::isImmutable() const { return d ? d->isImmutable : true; } bool KeyGroup::insert(const GpgME::Key &key) { if (!d || key.isNull()) { return false; } return d->keys.insert(key).second; } bool KeyGroup::erase(const GpgME::Key &key) { if (!d || key.isNull()) { return false; } return d->keys.erase(key) > 0; } diff --git a/src/kleo/keygroupconfig.cpp b/src/kleo/keygroupconfig.cpp index f0ee1c612..b151468ed 100644 --- a/src/kleo/keygroupconfig.cpp +++ b/src/kleo/keygroupconfig.cpp @@ -1,175 +1,177 @@ /* kleo/keygroupconfig.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2021 g10 Code GmbH SPDX-FileContributor: Ingo Klöcker SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "keygroupconfig.h" #include "debug.h" #include "keygroup.h" #include "models/keycache.h" #include "utils/keyhelpers.h" #include "utils/qtstlhelpers.h" #include #include #include #include #include using namespace Kleo; using namespace GpgME; static const QString groupNamePrefix = QStringLiteral("Group-"); class KeyGroupConfig::Private { public: explicit Private(const QString &filename); std::vector readGroups() const; KeyGroup writeGroup(const KeyGroup &group); bool removeGroup(const KeyGroup &group); private: KeyGroup readGroup(const KSharedConfigPtr &groupsConfig, const QString &groupId) const; private: QString filename; }; KeyGroupConfig::Private::Private(const QString &filename) : filename{filename} { if (filename.isEmpty()) { qCWarning(LIBKLEO_LOG) << __func__ << "Warning: name of configuration file is empty"; } } KeyGroup KeyGroupConfig::Private::readGroup(const KSharedConfigPtr &groupsConfig, const QString &groupId) const { const KConfigGroup configGroup = groupsConfig->group(groupNamePrefix + groupId); const QString groupName = configGroup.readEntry("Name", QString()); const auto fingerprints = toStdStrings(configGroup.readEntry("Keys", QStringList())); const std::vector groupKeys = KeyCache::instance()->findByFingerprint(fingerprints); // treat group as immutable if any of its entries is immutable const QStringList entries = configGroup.keyList(); const bool isImmutable = (configGroup.isImmutable() // || std::any_of(entries.begin(), entries.end(), [configGroup](const QString &entry) { return configGroup.isEntryImmutable(entry); })); KeyGroup g(groupId, groupName, groupKeys, KeyGroup::ApplicationConfig); g.setIsImmutable(isImmutable); qCDebug(LIBKLEO_LOG) << "Read group" << g; return g; } std::vector KeyGroupConfig::Private::readGroups() const { std::vector groups; if (filename.isEmpty()) { return groups; } const KSharedConfigPtr groupsConfig = KSharedConfig::openConfig(filename); const QStringList configGroups = groupsConfig->groupList(); for (const QString &configGroupName : configGroups) { qCDebug(LIBKLEO_LOG) << "Reading config group" << configGroupName; if (configGroupName.startsWith(groupNamePrefix)) { const QString keyGroupId = configGroupName.mid(groupNamePrefix.size()); if (keyGroupId.isEmpty()) { qCWarning(LIBKLEO_LOG) << "Config group" << configGroupName << "has empty group id"; continue; } KeyGroup group = readGroup(groupsConfig, keyGroupId); groups.push_back(group); } } return groups; } KeyGroup KeyGroupConfig::Private::writeGroup(const KeyGroup &group) { if (filename.isEmpty()) { return {}; } if (group.isNull()) { qCDebug(LIBKLEO_LOG) << __func__ << "Error: group is null"; return group; } KSharedConfigPtr groupsConfig = KSharedConfig::openConfig(filename); KConfigGroup configGroup = groupsConfig->group(groupNamePrefix + group.id()); qCDebug(LIBKLEO_LOG) << __func__ << "Writing config group" << configGroup.name(); configGroup.writeEntry("Name", group.name()); configGroup.writeEntry("Keys", Kleo::getFingerprints(group.keys())); // reread group to ensure that it reflects the saved group in case of immutable entries return readGroup(groupsConfig, group.id()); } bool KeyGroupConfig::Private::removeGroup(const KeyGroup &group) { if (filename.isEmpty()) { return false; } if (group.isNull()) { qCDebug(LIBKLEO_LOG) << __func__ << "Error: group is null"; return false; } KSharedConfigPtr groupsConfig = KSharedConfig::openConfig(filename); KConfigGroup configGroup = groupsConfig->group(groupNamePrefix + group.id()); qCDebug(LIBKLEO_LOG) << __func__ << "Removing config group" << configGroup.name(); configGroup.deleteGroup(); return true; } KeyGroupConfig::KeyGroupConfig(const QString &filename) : d{std::make_unique(filename)} { } KeyGroupConfig::~KeyGroupConfig() = default; std::vector KeyGroupConfig::readGroups() const { return d->readGroups(); } KeyGroup KeyGroupConfig::writeGroup(const KeyGroup &group) { return d->writeGroup(group); } void KeyGroupConfig::writeGroups(const std::vector &groups) { std::for_each(std::begin(groups), std::end(groups), [this](const auto &group) { d->writeGroup(group); }); } bool KeyGroupConfig::removeGroup(const KeyGroup &group) { return d->removeGroup(group); } diff --git a/src/kleo/keyresolver.cpp b/src/kleo/keyresolver.cpp index 534aab437..e6a70e208 100644 --- a/src/kleo/keyresolver.cpp +++ b/src/kleo/keyresolver.cpp @@ -1,162 +1,164 @@ /* -*- c++ -*- keyresolver.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2004 Klarälvdalens Datakonsult AB SPDX-FileCopyrightText: 2018 Intevation GmbH SPDX-FileCopyrightText: 2021 g10 Code GmbH SPDX-FileContributor: Ingo Klöcker Based on kpgp.cpp SPDX-FileCopyrightText: 2001, 2002 the KPGP authors See file libkdenetwork/AUTHORS.kpgp for details SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "keyresolver.h" #include "keyresolvercore.h" #include "models/keycache.h" #include "ui/newkeyapprovaldialog.h" #include "utils/formatting.h" #include #include using namespace Kleo; using namespace GpgME; class KeyResolver::Private { public: Private(KeyResolver *qq, bool enc, bool sig, Protocol fmt, bool allowMixed) : q(qq) , mCore(enc, sig, fmt) , mFormat(fmt) , mEncrypt(enc) , mSign(sig) , mAllowMixed(allowMixed) , mCache(KeyCache::instance()) , mDialogWindowFlags(Qt::WindowFlags()) , mPreferredProtocol(UnknownProtocol) { mCore.setAllowMixedProtocols(allowMixed); } ~Private() = default; void showApprovalDialog(KeyResolverCore::Result result, QWidget *parent); void dialogAccepted(); KeyResolver *const q; KeyResolverCore mCore; Solution mResult; Protocol mFormat; bool mEncrypt; bool mSign; bool mAllowMixed; // The cache is needed as a member variable to avoid rebuilding // it between calls if we are the only user. std::shared_ptr mCache; std::unique_ptr mDialog; Qt::WindowFlags mDialogWindowFlags; Protocol mPreferredProtocol; }; void KeyResolver::Private::showApprovalDialog(KeyResolverCore::Result result, QWidget *parent) { const QString sender = mCore.normalizedSender(); mDialog = std::make_unique(mEncrypt, mSign, sender, std::move(result.solution), std::move(result.alternative), mAllowMixed, mFormat, parent, mDialogWindowFlags); connect(mDialog.get(), &QDialog::accepted, q, [this]() { dialogAccepted(); }); connect(mDialog.get(), &QDialog::rejected, q, [this]() { Q_EMIT q->keysResolved(false, false); }); mDialog->open(); } void KeyResolver::Private::dialogAccepted() { mResult = mDialog->result(); Q_EMIT q->keysResolved(true, false); } void KeyResolver::start(bool showApproval, QWidget *parentWidget) { qCDebug(LIBKLEO_LOG) << "Starting "; if (!d->mSign && !d->mEncrypt) { // nothing to do return Q_EMIT keysResolved(true, true); } const auto result = d->mCore.resolve(); const bool success = (result.flags & KeyResolverCore::AllResolved); if (success && !showApproval) { d->mResult = std::move(result.solution); Q_EMIT keysResolved(true, false); return; } else if (success) { qCDebug(LIBKLEO_LOG) << "No need for the user showing approval anyway."; } d->showApprovalDialog(std::move(result), parentWidget); } KeyResolver::KeyResolver(bool encrypt, bool sign, Protocol fmt, bool allowMixed) : d(new Private(this, encrypt, sign, fmt, allowMixed)) { } Kleo::KeyResolver::~KeyResolver() = default; void KeyResolver::setRecipients(const QStringList &addresses) { d->mCore.setRecipients(addresses); } void KeyResolver::setSender(const QString &address) { d->mCore.setSender(address); } void KeyResolver::setOverrideKeys(const QMap> &overrides) { d->mCore.setOverrideKeys(overrides); } void KeyResolver::setSigningKeys(const QStringList &fingerprints) { d->mCore.setSigningKeys(fingerprints); } KeyResolver::Solution KeyResolver::result() const { return d->mResult; } void KeyResolver::setDialogWindowFlags(Qt::WindowFlags flags) { d->mDialogWindowFlags = flags; } void KeyResolver::setPreferredProtocol(Protocol proto) { d->mCore.setPreferredProtocol(proto); } void KeyResolver::setMinimumValidity(int validity) { d->mCore.setMinimumValidity(validity); } diff --git a/src/kleo/keyresolvercore.cpp b/src/kleo/keyresolvercore.cpp index 70c137191..96edc12c0 100644 --- a/src/kleo/keyresolvercore.cpp +++ b/src/kleo/keyresolvercore.cpp @@ -1,785 +1,787 @@ /* -*- c++ -*- kleo/keyresolvercore.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2004 Klarälvdalens Datakonsult AB SPDX-FileCopyrightText: 2018 Intevation GmbH SPDX-FileCopyrightText: 2021 g10 Code GmbH SPDX-FileContributor: Ingo Klöcker Based on kpgp.cpp SPDX-FileCopyrightText: 2001, 2002 the KPGP authors See file libkdenetwork/AUTHORS.kpgp for details SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "keyresolvercore.h" #include "kleo/enum.h" #include "kleo/keygroup.h" #include "models/keycache.h" #include "utils/formatting.h" #include "utils/gnupg.h" #include #include using namespace Kleo; using namespace GpgME; namespace { QDebug operator<<(QDebug debug, const GpgME::Key &key) { if (key.isNull()) { debug << "Null"; } else { debug << Formatting::summaryLine(key); } return debug.maybeSpace(); } static inline bool ValidEncryptionKey(const Key &key) { if (key.isNull() || key.isRevoked() || key.isExpired() || key.isDisabled() || !key.canEncrypt()) { return false; } return true; } static inline bool ValidSigningKey(const Key &key) { if (key.isNull() || key.isRevoked() || key.isExpired() || key.isDisabled() || !key.canSign() || !key.hasSecret()) { return false; } return true; } static int keyValidity(const Key &key, const QString &address) { // returns the validity of the UID matching the address or, if no UID matches, the maximal validity of all UIDs int overallValidity = UserID::Validity::Unknown; for (const auto &uid : key.userIDs()) { if (QString::fromStdString(uid.addrSpec()).toLower() == address.toLower()) { return uid.validity(); } overallValidity = std::max(overallValidity, static_cast(uid.validity())); } return overallValidity; } static int minimumValidity(const std::vector &keys, const QString &address) { const int minValidity = std::accumulate(keys.cbegin(), // keys.cend(), UserID::Ultimate + 1, [address](int validity, const Key &key) { return std::min(validity, keyValidity(key, address)); }); return minValidity <= UserID::Ultimate ? static_cast(minValidity) : UserID::Unknown; } bool allKeysHaveProtocol(const std::vector &keys, Protocol protocol) { return std::all_of(keys.cbegin(), keys.cend(), [protocol](const Key &key) { return key.protocol() == protocol; }); } bool anyKeyHasProtocol(const std::vector &keys, Protocol protocol) { return std::any_of(std::begin(keys), std::end(keys), [protocol](const Key &key) { return key.protocol() == protocol; }); } } // namespace class KeyResolverCore::Private { public: Private(KeyResolverCore *qq, bool enc, bool sig, Protocol fmt) : q(qq) , mFormat(fmt) , mEncrypt(enc) , mSign(sig) , mCache(KeyCache::instance()) , mPreferredProtocol(UnknownProtocol) , mMinimumValidity(UserID::Marginal) { } ~Private() = default; bool isAcceptableSigningKey(const Key &key); bool isAcceptableEncryptionKey(const Key &key, const QString &address = QString()); void setSender(const QString &address); void addRecipients(const QStringList &addresses); void setOverrideKeys(const QMap> &overrides); void resolveOverrides(); std::vector resolveRecipientWithGroup(const QString &address, Protocol protocol); void resolveEncryptionGroups(); std::vector resolveSenderWithGroup(const QString &address, Protocol protocol); void resolveSigningGroups(); void resolveSign(Protocol proto); void setSigningKeys(const QStringList &fingerprints); std::vector resolveRecipient(const QString &address, Protocol protocol); void resolveEnc(Protocol proto); void mergeEncryptionKeys(); Result resolve(); KeyResolverCore *const q; QString mSender; QStringList mRecipients; QMap> mSigKeys; QMap>> mEncKeys; QMap> mOverrides; Protocol mFormat; QStringList mFatalErrors; bool mEncrypt; bool mSign; // The cache is needed as a member variable to avoid rebuilding // it between calls if we are the only user. std::shared_ptr mCache; bool mAllowMixed = true; Protocol mPreferredProtocol; int mMinimumValidity; }; bool KeyResolverCore::Private::isAcceptableSigningKey(const Key &key) { if (!ValidSigningKey(key)) { return false; } if (Kleo::gnupgIsDeVsCompliant()) { if (!Formatting::isKeyDeVs(key)) { qCDebug(LIBKLEO_LOG) << "Rejected sig key" << key.primaryFingerprint() << "because it is not de-vs compliant."; return false; } } return true; } bool KeyResolverCore::Private::isAcceptableEncryptionKey(const Key &key, const QString &address) { if (!ValidEncryptionKey(key)) { return false; } if (Kleo::gnupgIsDeVsCompliant()) { if (!Formatting::isKeyDeVs(key)) { qCDebug(LIBKLEO_LOG) << "Rejected enc key" << key.primaryFingerprint() << "because it is not de-vs compliant."; return false; } } if (address.isEmpty()) { return true; } for (const auto &uid : key.userIDs()) { if (uid.addrSpec() == address.toStdString()) { if (uid.validity() >= mMinimumValidity) { return true; } } } return false; } void KeyResolverCore::Private::setSender(const QString &address) { const auto normalized = UserID::addrSpecFromString(address.toUtf8().constData()); if (normalized.empty()) { // should not happen bug in the caller, non localized // error for bug reporting. mFatalErrors << QStringLiteral("The sender address '%1' could not be extracted").arg(address); return; } const auto normStr = QString::fromUtf8(normalized.c_str()); mSender = normStr; addRecipients({address}); } void KeyResolverCore::Private::addRecipients(const QStringList &addresses) { if (!mEncrypt) { return; } // Internally we work with normalized addresses. Normalization // matches the gnupg one. for (const auto &addr : addresses) { // PGP Uids are defined to be UTF-8 (RFC 4880 §5.11) const auto normalized = UserID::addrSpecFromString(addr.toUtf8().constData()); if (normalized.empty()) { // should not happen bug in the caller, non localized // error for bug reporting. mFatalErrors << QStringLiteral("The mail address for '%1' could not be extracted").arg(addr); continue; } const QString normStr = QString::fromUtf8(normalized.c_str()); mRecipients << normStr; // Initially add empty lists of keys for both protocols mEncKeys[normStr] = {{CMS, {}}, {OpenPGP, {}}}; } } void KeyResolverCore::Private::setOverrideKeys(const QMap> &overrides) { for (auto protocolIt = overrides.cbegin(); protocolIt != overrides.cend(); ++protocolIt) { const Protocol &protocol = protocolIt.key(); const auto &addressFingerprintMap = protocolIt.value(); for (auto addressIt = addressFingerprintMap.cbegin(); addressIt != addressFingerprintMap.cend(); ++addressIt) { const QString &address = addressIt.key(); const QStringList &fingerprints = addressIt.value(); const QString normalizedAddress = QString::fromUtf8(UserID::addrSpecFromString(address.toUtf8().constData()).c_str()); mOverrides[normalizedAddress][protocol] = fingerprints; } } } namespace { std::vector resolveOverride(const QString &address, Protocol protocol, const QStringList &fingerprints) { std::vector keys; for (const auto &fprOrId : fingerprints) { const Key key = KeyCache::instance()->findByKeyIDOrFingerprint(fprOrId.toUtf8().constData()); if (key.isNull()) { // FIXME: Report to caller qCDebug(LIBKLEO_LOG) << "Failed to find override key for:" << address << "fpr:" << fprOrId; continue; } if (protocol != UnknownProtocol && key.protocol() != protocol) { qCDebug(LIBKLEO_LOG) << "Ignoring key" << Formatting::summaryLine(key) << "given as" << Formatting::displayName(protocol) << "override for" << address; continue; } qCDebug(LIBKLEO_LOG) << "Using key" << Formatting::summaryLine(key) << "as" << Formatting::displayName(protocol) << "override for" << address; keys.push_back(key); } return keys; } } void KeyResolverCore::Private::resolveOverrides() { if (!mEncrypt) { // No encryption we are done. return; } for (auto addressIt = mOverrides.cbegin(); addressIt != mOverrides.cend(); ++addressIt) { const QString &address = addressIt.key(); const auto &protocolFingerprintsMap = addressIt.value(); if (!mRecipients.contains(address)) { qCDebug(LIBKLEO_LOG) << "Overrides provided for an address that is " "neither sender nor recipient. Address:" << address; continue; } const QStringList commonOverride = protocolFingerprintsMap.value(UnknownProtocol); if (!commonOverride.empty()) { mEncKeys[address][UnknownProtocol] = resolveOverride(address, UnknownProtocol, commonOverride); if (protocolFingerprintsMap.contains(OpenPGP)) { qCDebug(LIBKLEO_LOG) << "Ignoring OpenPGP-specific override for" << address << "in favor of common override"; } if (protocolFingerprintsMap.contains(CMS)) { qCDebug(LIBKLEO_LOG) << "Ignoring S/MIME-specific override for" << address << "in favor of common override"; } } else { if (mFormat != CMS) { mEncKeys[address][OpenPGP] = resolveOverride(address, OpenPGP, protocolFingerprintsMap.value(OpenPGP)); } if (mFormat != OpenPGP) { mEncKeys[address][CMS] = resolveOverride(address, CMS, protocolFingerprintsMap.value(CMS)); } } } } std::vector KeyResolverCore::Private::resolveSenderWithGroup(const QString &address, Protocol protocol) { // prefer single-protocol groups over mixed-protocol groups auto group = mCache->findGroup(address, protocol, KeyCache::KeyUsage::Sign); if (group.isNull()) { group = mCache->findGroup(address, UnknownProtocol, KeyCache::KeyUsage::Sign); } if (group.isNull()) { return {}; } // take the first key matching the protocol const auto &keys = group.keys(); const auto it = std::find_if(std::begin(keys), std::end(keys), [protocol](const auto &key) { return key.protocol() == protocol; }); if (it == std::end(keys)) { qCDebug(LIBKLEO_LOG) << "group" << group.name() << "has no" << Formatting::displayName(protocol) << "signing key"; return {}; } const auto key = *it; if (!isAcceptableSigningKey(key)) { qCDebug(LIBKLEO_LOG) << "group" << group.name() << "has unacceptable signing key" << key; return {}; } return {key}; } void KeyResolverCore::Private::resolveSigningGroups() { auto &protocolKeysMap = mSigKeys; if (!protocolKeysMap[UnknownProtocol].empty()) { // already resolved by common override return; } if (mFormat == OpenPGP) { if (!protocolKeysMap[OpenPGP].empty()) { // already resolved by override return; } protocolKeysMap[OpenPGP] = resolveSenderWithGroup(mSender, OpenPGP); } else if (mFormat == CMS) { if (!protocolKeysMap[CMS].empty()) { // already resolved by override return; } protocolKeysMap[CMS] = resolveSenderWithGroup(mSender, CMS); } else { protocolKeysMap[OpenPGP] = resolveSenderWithGroup(mSender, OpenPGP); protocolKeysMap[CMS] = resolveSenderWithGroup(mSender, CMS); } } void KeyResolverCore::Private::resolveSign(Protocol proto) { if (!mSigKeys[proto].empty()) { // Explicitly set return; } const auto key = mCache->findBestByMailBox(mSender.toUtf8().constData(), proto, KeyCache::KeyUsage::Sign); if (key.isNull()) { qCDebug(LIBKLEO_LOG) << "Failed to find" << Formatting::displayName(proto) << "signing key for" << mSender; return; } if (!isAcceptableSigningKey(key)) { qCDebug(LIBKLEO_LOG) << "Unacceptable signing key" << key.primaryFingerprint() << "for" << mSender; return; } mSigKeys.insert(proto, {key}); } void KeyResolverCore::Private::setSigningKeys(const QStringList &fingerprints) { if (mSign) { for (const auto &fpr : fingerprints) { const auto key = mCache->findByKeyIDOrFingerprint(fpr.toUtf8().constData()); if (key.isNull()) { qCDebug(LIBKLEO_LOG) << "Failed to find signing key with fingerprint" << fpr; continue; } mSigKeys[key.protocol()].push_back(key); } } } std::vector KeyResolverCore::Private::resolveRecipientWithGroup(const QString &address, Protocol protocol) { const auto group = mCache->findGroup(address, protocol, KeyCache::KeyUsage::Encrypt); if (group.isNull()) { return {}; } // If we have one unacceptable group key we reject the // whole group to avoid the situation where one key is // skipped or the operation fails. // // We are in Autoresolve land here. In the GUI we // will also show unacceptable group keys so that the // user can see which key is not acceptable. const auto &keys = group.keys(); const bool allKeysAreAcceptable = std::all_of(std::begin(keys), std::end(keys), [this](const auto &key) { return isAcceptableEncryptionKey(key); }); if (!allKeysAreAcceptable) { qCDebug(LIBKLEO_LOG) << "group" << group.name() << "has at least one unacceptable key"; return {}; } for (const auto &k : keys) { qCDebug(LIBKLEO_LOG) << "Resolved encrypt to" << address << "with key" << k.primaryFingerprint(); } std::vector result; std::copy(std::begin(keys), std::end(keys), std::back_inserter(result)); return result; } void KeyResolverCore::Private::resolveEncryptionGroups() { for (auto it = mEncKeys.begin(); it != mEncKeys.end(); ++it) { const QString &address = it.key(); auto &protocolKeysMap = it.value(); if (!protocolKeysMap[UnknownProtocol].empty()) { // already resolved by common override continue; } if (mFormat == OpenPGP) { if (!protocolKeysMap[OpenPGP].empty()) { // already resolved by override continue; } protocolKeysMap[OpenPGP] = resolveRecipientWithGroup(address, OpenPGP); } else if (mFormat == CMS) { if (!protocolKeysMap[CMS].empty()) { // already resolved by override continue; } protocolKeysMap[CMS] = resolveRecipientWithGroup(address, CMS); } else { // prefer single-protocol groups over mixed-protocol groups const auto openPGPGroupKeys = resolveRecipientWithGroup(address, OpenPGP); const auto smimeGroupKeys = resolveRecipientWithGroup(address, CMS); if (!openPGPGroupKeys.empty() && !smimeGroupKeys.empty()) { protocolKeysMap[OpenPGP] = openPGPGroupKeys; protocolKeysMap[CMS] = smimeGroupKeys; } else if (openPGPGroupKeys.empty() && smimeGroupKeys.empty()) { // no single-protocol groups found; // if mixed protocols are allowed, then look for any group with encryption keys if (mAllowMixed) { protocolKeysMap[UnknownProtocol] = resolveRecipientWithGroup(address, UnknownProtocol); } } else { // there is a single-protocol group only for one protocol; use this group for all protocols protocolKeysMap[UnknownProtocol] = !openPGPGroupKeys.empty() ? openPGPGroupKeys : smimeGroupKeys; } } } } std::vector KeyResolverCore::Private::resolveRecipient(const QString &address, Protocol protocol) { const auto key = mCache->findBestByMailBox(address.toUtf8().constData(), protocol, KeyCache::KeyUsage::Encrypt); if (key.isNull()) { qCDebug(LIBKLEO_LOG) << "Failed to find any" << Formatting::displayName(protocol) << "key for:" << address; return {}; } if (!isAcceptableEncryptionKey(key, address)) { qCDebug(LIBKLEO_LOG) << "key for:" << address << key.primaryFingerprint() << "has not enough validity"; return {}; } qCDebug(LIBKLEO_LOG) << "Resolved encrypt to" << address << "with key" << key.primaryFingerprint(); return {key}; } // Try to find matching keys in the provided protocol for the unresolved addresses void KeyResolverCore::Private::resolveEnc(Protocol proto) { for (auto it = mEncKeys.begin(); it != mEncKeys.end(); ++it) { const QString &address = it.key(); auto &protocolKeysMap = it.value(); if (!protocolKeysMap[proto].empty()) { // already resolved for current protocol (by override or group) continue; } const std::vector &commonOverrideOrGroup = protocolKeysMap[UnknownProtocol]; if (!commonOverrideOrGroup.empty()) { // there is a common override or group; use it for current protocol if possible if (allKeysHaveProtocol(commonOverrideOrGroup, proto)) { protocolKeysMap[proto] = commonOverrideOrGroup; continue; } else { qCDebug(LIBKLEO_LOG) << "Common override/group for" << address << "is unusable for" << Formatting::displayName(proto); continue; } } protocolKeysMap[proto] = resolveRecipient(address, proto); } } auto getBestEncryptionKeys(const QMap>> &encryptionKeys, Protocol preferredProtocol) { QMap> result; for (auto it = encryptionKeys.begin(); it != encryptionKeys.end(); ++it) { const QString &address = it.key(); auto &protocolKeysMap = it.value(); const std::vector &overrideKeys = protocolKeysMap[UnknownProtocol]; if (!overrideKeys.empty()) { result.insert(address, overrideKeys); continue; } const std::vector &keysOpenPGP = protocolKeysMap[OpenPGP]; const std::vector &keysCMS = protocolKeysMap[CMS]; if (keysOpenPGP.empty() && keysCMS.empty()) { result.insert(address, {}); } else if (!keysOpenPGP.empty() && keysCMS.empty()) { result.insert(address, keysOpenPGP); } else if (keysOpenPGP.empty() && !keysCMS.empty()) { result.insert(address, keysCMS); } else { // check whether OpenPGP keys or S/MIME keys have higher validity const int validityPGP = minimumValidity(keysOpenPGP, address); const int validityCMS = minimumValidity(keysCMS, address); if ((validityCMS > validityPGP) || (validityCMS == validityPGP && preferredProtocol == CMS)) { result.insert(address, keysCMS); } else { result.insert(address, keysOpenPGP); } } } return result; } namespace { bool hasUnresolvedSender(const QMap> &signingKeys, Protocol protocol) { return signingKeys.value(protocol).empty(); } bool hasUnresolvedRecipients(const QMap>> &encryptionKeys, Protocol protocol) { return std::any_of(std::cbegin(encryptionKeys), std::cend(encryptionKeys), [protocol](const auto &protocolKeysMap) { return protocolKeysMap.value(protocol).empty(); }); } bool anyCommonOverrideHasKeyOfType(const QMap>> &encryptionKeys, Protocol protocol) { return std::any_of(std::cbegin(encryptionKeys), std::cend(encryptionKeys), [protocol](const auto &protocolKeysMap) { return anyKeyHasProtocol(protocolKeysMap.value(UnknownProtocol), protocol); }); } auto keysForProtocol(const QMap>> &encryptionKeys, Protocol protocol) { QMap> keys; for (auto it = std::begin(encryptionKeys), end = std::end(encryptionKeys); it != end; ++it) { const QString &address = it.key(); const auto &protocolKeysMap = it.value(); keys.insert(address, protocolKeysMap.value(protocol)); } return keys; } template auto concatenate(std::vector v1, const std::vector &v2) { v1.reserve(v1.size() + v2.size()); v1.insert(std::end(v1), std::begin(v2), std::end(v2)); return v1; } } KeyResolverCore::Result KeyResolverCore::Private::resolve() { qCDebug(LIBKLEO_LOG) << "Starting "; if (!mSign && !mEncrypt) { // nothing to do return {AllResolved, {}, {}}; } // First resolve through overrides resolveOverrides(); // check protocols needed for overrides const bool commonOverridesNeedOpenPGP = anyCommonOverrideHasKeyOfType(mEncKeys, OpenPGP); const bool commonOverridesNeedCMS = anyCommonOverrideHasKeyOfType(mEncKeys, CMS); if ((mFormat == OpenPGP && commonOverridesNeedCMS) // || (mFormat == CMS && commonOverridesNeedOpenPGP) // || (!mAllowMixed && commonOverridesNeedOpenPGP && commonOverridesNeedCMS)) { // invalid protocol requirements -> clear intermediate result and abort resolution mEncKeys.clear(); return {Error, {}, {}}; } // Next look for matching groups of keys if (mSign) { resolveSigningGroups(); } if (mEncrypt) { resolveEncryptionGroups(); } // Then look for signing / encryption keys if (mFormat == OpenPGP || mFormat == UnknownProtocol) { resolveSign(OpenPGP); resolveEnc(OpenPGP); } const bool pgpOnly = ((!mEncrypt || !hasUnresolvedRecipients(mEncKeys, OpenPGP)) // && (!mSign || !hasUnresolvedSender(mSigKeys, OpenPGP))); if (mFormat == OpenPGP) { return { SolutionFlags((pgpOnly ? AllResolved : SomeUnresolved) | OpenPGPOnly), {OpenPGP, mSigKeys.value(OpenPGP), keysForProtocol(mEncKeys, OpenPGP)}, {}, }; } if (mFormat == CMS || mFormat == UnknownProtocol) { resolveSign(CMS); resolveEnc(CMS); } const bool cmsOnly = ((!mEncrypt || !hasUnresolvedRecipients(mEncKeys, CMS)) // && (!mSign || !hasUnresolvedSender(mSigKeys, CMS))); if (mFormat == CMS) { return { SolutionFlags((cmsOnly ? AllResolved : SomeUnresolved) | CMSOnly), {CMS, mSigKeys.value(CMS), keysForProtocol(mEncKeys, CMS)}, {}, }; } // check if single-protocol solution has been found if (cmsOnly && (!pgpOnly || mPreferredProtocol == CMS)) { if (!mAllowMixed) { return { SolutionFlags(AllResolved | CMSOnly), {CMS, mSigKeys.value(CMS), keysForProtocol(mEncKeys, CMS)}, {OpenPGP, mSigKeys.value(OpenPGP), keysForProtocol(mEncKeys, OpenPGP)}, }; } else { return { SolutionFlags(AllResolved | CMSOnly), {CMS, mSigKeys.value(CMS), keysForProtocol(mEncKeys, CMS)}, {}, }; } } if (pgpOnly) { if (!mAllowMixed) { return { SolutionFlags(AllResolved | OpenPGPOnly), {OpenPGP, mSigKeys.value(OpenPGP), keysForProtocol(mEncKeys, OpenPGP)}, {CMS, mSigKeys.value(CMS), keysForProtocol(mEncKeys, CMS)}, }; } else { return { SolutionFlags(AllResolved | OpenPGPOnly), {OpenPGP, mSigKeys.value(OpenPGP), keysForProtocol(mEncKeys, OpenPGP)}, {}, }; } } if (!mAllowMixed) { // return incomplete single-protocol solution if (mPreferredProtocol == CMS) { return { SolutionFlags(SomeUnresolved | CMSOnly), {CMS, mSigKeys.value(CMS), keysForProtocol(mEncKeys, CMS)}, {OpenPGP, mSigKeys.value(OpenPGP), keysForProtocol(mEncKeys, OpenPGP)}, }; } else { return { SolutionFlags(SomeUnresolved | OpenPGPOnly), {OpenPGP, mSigKeys.value(OpenPGP), keysForProtocol(mEncKeys, OpenPGP)}, {CMS, mSigKeys.value(CMS), keysForProtocol(mEncKeys, CMS)}, }; } } const auto bestEncryptionKeys = getBestEncryptionKeys(mEncKeys, mPreferredProtocol); // we are in mixed mode, i.e. we need an OpenPGP signing key and an S/MIME signing key const bool senderIsResolved = (!mSign || (!hasUnresolvedSender(mSigKeys, OpenPGP) && !hasUnresolvedSender(mSigKeys, CMS))); const bool allRecipientsAreResolved = std::all_of(std::begin(bestEncryptionKeys), std::end(bestEncryptionKeys), [](const auto &keys) { return !keys.empty(); }); if (senderIsResolved && allRecipientsAreResolved) { return { SolutionFlags(AllResolved | MixedProtocols), {UnknownProtocol, concatenate(mSigKeys.value(OpenPGP), mSigKeys.value(CMS)), bestEncryptionKeys}, {}, }; } const bool allKeysAreOpenPGP = std::all_of(std::begin(bestEncryptionKeys), std::end(bestEncryptionKeys), [](const auto &keys) { return allKeysHaveProtocol(keys, OpenPGP); }); if (allKeysAreOpenPGP) { return { SolutionFlags(SomeUnresolved | OpenPGPOnly), {OpenPGP, mSigKeys.value(OpenPGP), bestEncryptionKeys}, {}, }; } const bool allKeysAreCMS = std::all_of(std::begin(bestEncryptionKeys), std::end(bestEncryptionKeys), [](const auto &keys) { return allKeysHaveProtocol(keys, CMS); }); if (allKeysAreCMS) { return { SolutionFlags(SomeUnresolved | CMSOnly), {CMS, mSigKeys.value(CMS), bestEncryptionKeys}, {}, }; } return { SolutionFlags(SomeUnresolved | MixedProtocols), {UnknownProtocol, concatenate(mSigKeys.value(OpenPGP), mSigKeys.value(CMS)), bestEncryptionKeys}, {}, }; } KeyResolverCore::KeyResolverCore(bool encrypt, bool sign, Protocol fmt) : d(new Private(this, encrypt, sign, fmt)) { } KeyResolverCore::~KeyResolverCore() = default; void KeyResolverCore::setSender(const QString &address) { d->setSender(address); } QString KeyResolverCore::normalizedSender() const { return d->mSender; } void KeyResolverCore::setRecipients(const QStringList &addresses) { d->addRecipients(addresses); } void KeyResolverCore::setSigningKeys(const QStringList &fingerprints) { d->setSigningKeys(fingerprints); } void KeyResolverCore::setOverrideKeys(const QMap> &overrides) { d->setOverrideKeys(overrides); } void KeyResolverCore::setAllowMixedProtocols(bool allowMixed) { d->mAllowMixed = allowMixed; } void KeyResolverCore::setPreferredProtocol(Protocol proto) { d->mPreferredProtocol = proto; } void KeyResolverCore::setMinimumValidity(int validity) { d->mMinimumValidity = validity; } KeyResolverCore::Result KeyResolverCore::resolve() { return d->resolve(); } diff --git a/src/kleo/keyserverconfig.cpp b/src/kleo/keyserverconfig.cpp index 1d3c4d0c2..9b66d9127 100644 --- a/src/kleo/keyserverconfig.cpp +++ b/src/kleo/keyserverconfig.cpp @@ -1,219 +1,221 @@ /* kleo/keyserverconfig.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2021 g10 Code GmbH SPDX-FileContributor: Ingo Klöcker SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "keyserverconfig.h" #include "utils/algorithm.h" #include #include using namespace Kleo; class KeyserverConfig::Private { public: explicit Private(); QString host; int port = -1; // -1 == use default port KeyserverAuthentication authentication = KeyserverAuthentication::Anonymous; QString user; QString password; KeyserverConnection connection = KeyserverConnection::Default; QString baseDn; QStringList additionalFlags; }; KeyserverConfig::Private::Private() { } KeyserverConfig::KeyserverConfig() : d{std::make_unique()} { } KeyserverConfig::~KeyserverConfig() = default; KeyserverConfig::KeyserverConfig(const KeyserverConfig &other) : d{std::make_unique(*other.d)} { } KeyserverConfig &KeyserverConfig::operator=(const KeyserverConfig &other) { *d = *other.d; return *this; } KeyserverConfig::KeyserverConfig(KeyserverConfig &&other) = default; KeyserverConfig &KeyserverConfig::operator=(KeyserverConfig &&other) = default; KeyserverConfig KeyserverConfig::fromUrl(const QUrl &url) { KeyserverConfig config; config.d->host = url.host(); config.d->port = url.port(); config.d->user = url.userName(); config.d->password = url.password(); if (!config.d->user.isEmpty()) { config.d->authentication = KeyserverAuthentication::Password; } if (url.hasFragment()) { const auto flags = transformInPlace(url.fragment().split(QLatin1Char{','}, Qt::SkipEmptyParts), [](const auto &flag) { return flag.trimmed().toLower(); }); for (const auto &flag : flags) { if (flag == QLatin1String{"starttls"}) { config.d->connection = KeyserverConnection::UseSTARTTLS; } else if (flag == QLatin1String{"ldaptls"}) { config.d->connection = KeyserverConnection::TunnelThroughTLS; } else if (flag == QLatin1String{"plain"}) { config.d->connection = KeyserverConnection::Plain; } else if (flag == QLatin1String{"ntds"}) { config.d->authentication = KeyserverAuthentication::ActiveDirectory; } else { config.d->additionalFlags.push_back(flag); } } } if (url.hasQuery()) { config.d->baseDn = url.query(); } return config; } QUrl KeyserverConfig::toUrl() const { QUrl url; url.setScheme(QStringLiteral("ldap")); // set host to empty string if it's a null string; this ensures that the URL has an authority and always gets a "//" after the scheme url.setHost(d->host.isNull() ? QStringLiteral("") : d->host); if (d->port != -1) { url.setPort(d->port); } if (!d->user.isEmpty()) { url.setUserName(d->user); } if (!d->password.isEmpty()) { url.setPassword(d->password); } if (!d->baseDn.isEmpty()) { url.setQuery(d->baseDn); } QStringList flags; switch (d->connection) { case KeyserverConnection::UseSTARTTLS: flags.push_back(QStringLiteral("starttls")); break; case KeyserverConnection::TunnelThroughTLS: flags.push_back(QStringLiteral("ldaptls")); break; case KeyserverConnection::Plain: flags.push_back(QStringLiteral("plain")); break; case KeyserverConnection::Default:; // omit connection flag to use default } if (d->authentication == KeyserverAuthentication::ActiveDirectory) { flags.push_back(QStringLiteral("ntds")); } std::copy(std::cbegin(d->additionalFlags), std::cend(d->additionalFlags), std::back_inserter(flags)); if (!flags.isEmpty()) { url.setFragment(flags.join(QLatin1Char{','})); } return url; } QString KeyserverConfig::host() const { return d->host; } void KeyserverConfig::setHost(const QString &host) { d->host = host; } int KeyserverConfig::port() const { return d->port; } void KeyserverConfig::setPort(int port) { d->port = port; } KeyserverAuthentication KeyserverConfig::authentication() const { return d->authentication; } void KeyserverConfig::setAuthentication(KeyserverAuthentication authentication) { d->authentication = authentication; } QString KeyserverConfig::user() const { return d->user; } void KeyserverConfig::setUser(const QString &user) { d->user = user; } QString KeyserverConfig::password() const { return d->password; } void KeyserverConfig::setPassword(const QString &password) { d->password = password; } KeyserverConnection KeyserverConfig::connection() const { return d->connection; } void KeyserverConfig::setConnection(KeyserverConnection connection) { d->connection = connection; } QString KeyserverConfig::ldapBaseDn() const { return d->baseDn; } void KeyserverConfig::setLdapBaseDn(const QString &baseDn) { d->baseDn = baseDn; } QStringList KeyserverConfig::additionalFlags() const { return d->additionalFlags; } void KeyserverConfig::setAdditionalFlags(const QStringList &flags) { d->additionalFlags = flags; } diff --git a/src/kleo/kleoexception.cpp b/src/kleo/kleoexception.cpp index 939469021..571f8b09d 100644 --- a/src/kleo/kleoexception.cpp +++ b/src/kleo/kleoexception.cpp @@ -1,14 +1,16 @@ /* -*- mode: c++; c-basic-offset:4 -*- exception.cpp This file is part of libkleopatra, the KDE keymanagement library SPDX-FileCopyrightText: 2008 Klarälvdalens Datakonsult AB SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "kleoexception.h" Kleo::Exception::~Exception() throw() { } diff --git a/src/kleo/oidmap.cpp b/src/kleo/oidmap.cpp index a27b7264f..00810d27f 100644 --- a/src/kleo/oidmap.cpp +++ b/src/kleo/oidmap.cpp @@ -1,62 +1,64 @@ /* oidmap.cpp This file is part of libkleo, the KDE keymanagement library SPDX-FileCopyrightText: 2008 Klarälvdalens Datakonsult AB SPDX-FileCopyrightText: 2022 Ingo Klöcker SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "oidmap.h" #include #include namespace { struct NameAndOID { const char *name; const char *oid; }; static const std::vector oidmap = { // clang-format off // keep them ordered by oid: {"SP", "ST" }, // hack to show the Sphinx-required/desired SP for // StateOrProvince, otherwise known as ST or even S {"NameDistinguisher", "0.2.262.1.10.7.20" }, {"EMAIL", "1.2.840.113549.1.9.1"}, {"SN", "2.5.4.4" }, {"SerialNumber", "2.5.4.5" }, {"T", "2.5.4.12" }, {"D", "2.5.4.13" }, {"BC", "2.5.4.15" }, {"ADDR", "2.5.4.16" }, {"PC", "2.5.4.17" }, {"GN", "2.5.4.42" }, {"Pseudo", "2.5.4.65" }, // clang-format on }; } const char *Kleo::oidForAttributeName(const QString &attr) { QByteArray attrUtf8 = attr.toUtf8(); for (const auto &m : oidmap) { if (qstricmp(attrUtf8.constData(), m.name) == 0) { return m.oid; } } return nullptr; } const char *Kleo::attributeNameForOID(const char *oid) { for (const auto &m : oidmap) { if (qstricmp(oid, m.oid) == 0) { return m.name; } } return nullptr; } diff --git a/src/models/keycache.cpp b/src/models/keycache.cpp index 7172379df..dd4623156 100644 --- a/src/models/keycache.cpp +++ b/src/models/keycache.cpp @@ -1,1739 +1,1741 @@ /* -*- mode: c++; c-basic-offset:4 -*- models/keycache.cpp This file is part of Kleopatra, the KDE keymanager SPDX-FileCopyrightText: 2007, 2008 Klarälvdalens Datakonsult AB SPDX-FileCopyrightText: 2018 Intevation GmbH SPDX-FileCopyrightText: 2020, 2021 g10 Code GmbH SPDX-FileContributor: Ingo Klöcker SPDX-License-Identifier: GPL-2.0-or-later */ +#include + #include "keycache.h" #include "keycache_p.h" #include "kleo/dn.h" #include "kleo/enum.h" #include "kleo/keygroup.h" #include "kleo/keygroupconfig.h" #include "kleo/predicates.h" #include "kleo/stl_util.h" #include "utils/algorithm.h" #include "utils/compat.h" #include "utils/filesystemwatcher.h" #include "utils/qtstlhelpers.h" #include #include #include #include #include #include #include #include #include #include #include #include #include //#include #include #include #include #include #include #include #include #include "kleo/debug.h" #include using namespace std::chrono_literals; using namespace Kleo; using namespace GpgME; using namespace KMime::Types; static const unsigned int hours2ms = 1000 * 60 * 60; // // // KeyCache // // namespace { make_comparator_str(ByEMail, .first.c_str()); } class Kleo::KeyCacheAutoRefreshSuspension { KeyCacheAutoRefreshSuspension() { qCDebug(LIBKLEO_LOG) << __func__; auto cache = KeyCache::mutableInstance(); cache->enableFileSystemWatcher(false); m_refreshInterval = cache->refreshInterval(); cache->setRefreshInterval(0); cache->cancelKeyListing(); m_cache = cache; } public: ~KeyCacheAutoRefreshSuspension() { qCDebug(LIBKLEO_LOG) << __func__; if (auto cache = m_cache.lock()) { cache->enableFileSystemWatcher(true); cache->setRefreshInterval(m_refreshInterval); } } static std::shared_ptr instance() { static std::weak_ptr self; if (auto s = self.lock()) { return s; } else { s = std::shared_ptr{new KeyCacheAutoRefreshSuspension{}}; self = s; return s; } } private: std::weak_ptr m_cache; int m_refreshInterval = 0; }; class KeyCache::Private { friend class ::Kleo::KeyCache; KeyCache *const q; public: explicit Private(KeyCache *qq) : q(qq) , m_refreshInterval(1) , m_initalized(false) , m_pgpOnly(true) , m_remarks_enabled(false) { connect(&m_autoKeyListingTimer, &QTimer::timeout, q, [this]() { q->startKeyListing(); }); updateAutoKeyListingTimer(); } ~Private() { if (m_refreshJob) { m_refreshJob->cancel(); } } template class Op> class Comp> std::vector::const_iterator find(const std::vector &keys, const char *key) const { ensureCachePopulated(); const auto it = std::lower_bound(keys.begin(), keys.end(), key, Comp()); if (it == keys.end() || Comp()(*it, key)) { return it; } else { return keys.end(); } } template class Op> class Comp> std::vector::const_iterator find(const std::vector &keys, const char *key) const { ensureCachePopulated(); const auto it = std::lower_bound(keys.begin(), keys.end(), key, Comp()); if (it == keys.end() || Comp()(*it, key)) { return it; } else { return keys.end(); } } std::vector::const_iterator find_fpr(const char *fpr) const { return find<_detail::ByFingerprint>(by.fpr, fpr); } std::pair>::const_iterator, std::vector>::const_iterator> find_email(const char *email) const { ensureCachePopulated(); return std::equal_range(by.email.begin(), by.email.end(), email, ByEMail()); } std::vector find_mailbox(const QString &email, bool sign) const; std::vector::const_iterator find_keygrip(const char *keygrip) const { return find<_detail::ByKeyGrip>(by.keygrip, keygrip); } std::vector::const_iterator find_subkeyid(const char *subkeyid) const { return find<_detail::ByKeyID>(by.subkeyid, subkeyid); } std::vector::const_iterator find_keyid(const char *keyid) const { return find<_detail::ByKeyID>(by.keyid, keyid); } std::vector::const_iterator find_shortkeyid(const char *shortkeyid) const { return find<_detail::ByShortKeyID>(by.shortkeyid, shortkeyid); } std::pair::const_iterator, std::vector::const_iterator> find_subjects(const char *chain_id) const { ensureCachePopulated(); return std::equal_range(by.chainid.begin(), by.chainid.end(), chain_id, _detail::ByChainID()); } void refreshJobDone(const KeyListResult &result); void setRefreshInterval(int interval) { m_refreshInterval = interval; updateAutoKeyListingTimer(); } int refreshInterval() const { return m_refreshInterval; } void updateAutoKeyListingTimer() { setAutoKeyListingInterval(hours2ms * m_refreshInterval); } void setAutoKeyListingInterval(int ms) { m_autoKeyListingTimer.stop(); m_autoKeyListingTimer.setInterval(ms); if (ms != 0) { m_autoKeyListingTimer.start(); } } void ensureCachePopulated() const; void readGroupsFromGpgConf() { // According to Werner Koch groups are more of a hack to solve // a valid usecase (e.g. several keys defined for an internal mailing list) // that won't make it in the proper keylist interface. And using gpgconf // was the suggested way to support groups. auto conf = QGpgME::cryptoConfig(); if (!conf) { return; } auto entry = getCryptoConfigEntry(conf, "gpg", "group"); if (!entry) { return; } // collect the key fingerprints for all groups read from the configuration QMap fingerprints; const auto stringValueList = entry->stringValueList(); for (const QString &value : stringValueList) { const QStringList split = value.split(QLatin1Char('=')); if (split.size() != 2) { qCDebug(LIBKLEO_LOG) << "Ignoring invalid group config:" << value; continue; } const QString groupName = split[0]; const QString fingerprint = split[1]; fingerprints[groupName].push_back(fingerprint); } // add all groups read from the configuration to the list of groups for (auto it = fingerprints.cbegin(); it != fingerprints.cend(); ++it) { const QString groupName = it.key(); const std::vector groupKeys = q->findByFingerprint(toStdStrings(it.value())); KeyGroup g(groupName, groupName, groupKeys, KeyGroup::GnuPGConfig); m_groups.push_back(g); } } void readGroupsFromGroupsConfig() { Q_ASSERT(m_groupConfig); if (!m_groupConfig) { qCWarning(LIBKLEO_LOG) << __func__ << "group config not set"; return; } m_groups = m_groupConfig->readGroups(); } KeyGroup writeGroupToGroupsConfig(const KeyGroup &group) { Q_ASSERT(m_groupConfig); if (!m_groupConfig) { qCWarning(LIBKLEO_LOG) << __func__ << "group config not set"; return {}; } Q_ASSERT(!group.isNull()); Q_ASSERT(group.source() == KeyGroup::ApplicationConfig); if (group.isNull() || group.source() != KeyGroup::ApplicationConfig) { qCDebug(LIBKLEO_LOG) << __func__ << "group cannot be written to application configuration:" << group; return group; } return m_groupConfig->writeGroup(group); } bool removeGroupFromGroupsConfig(const KeyGroup &group) { Q_ASSERT(m_groupConfig); if (!m_groupConfig) { qCWarning(LIBKLEO_LOG) << __func__ << "group config not set"; return false; } Q_ASSERT(!group.isNull()); Q_ASSERT(group.source() == KeyGroup::ApplicationConfig); if (group.isNull() || group.source() != KeyGroup::ApplicationConfig) { qCDebug(LIBKLEO_LOG) << __func__ << "group cannot be removed from application configuration:" << group; return false; } return m_groupConfig->removeGroup(group); } void updateGroupCache() { // Update Group Keys // this is a quick thing as it only involves reading the config // so no need for a job. m_groups.clear(); if (m_groupsEnabled) { readGroupsFromGpgConf(); readGroupsFromGroupsConfig(); } } bool insert(const KeyGroup &group) { Q_ASSERT(!group.isNull()); Q_ASSERT(group.source() == KeyGroup::ApplicationConfig); if (group.isNull() || group.source() != KeyGroup::ApplicationConfig) { qCDebug(LIBKLEO_LOG) << "KeyCache::Private::insert - Invalid group:" << group; return false; } const auto it = std::find_if(m_groups.cbegin(), m_groups.cend(), [group](const auto &g) { return g.source() == group.source() && g.id() == group.id(); }); if (it != m_groups.cend()) { qCDebug(LIBKLEO_LOG) << "KeyCache::Private::insert - Group already present in list of groups:" << group; return false; } const KeyGroup savedGroup = writeGroupToGroupsConfig(group); if (savedGroup.isNull()) { qCDebug(LIBKLEO_LOG) << "KeyCache::Private::insert - Writing group" << group.id() << "to config file failed"; return false; } m_groups.push_back(savedGroup); Q_EMIT q->groupAdded(savedGroup); return true; } bool update(const KeyGroup &group) { Q_ASSERT(!group.isNull()); Q_ASSERT(group.source() == KeyGroup::ApplicationConfig); if (group.isNull() || group.source() != KeyGroup::ApplicationConfig) { qCDebug(LIBKLEO_LOG) << "KeyCache::Private::update - Invalid group:" << group; return false; } const auto it = std::find_if(m_groups.cbegin(), m_groups.cend(), [group](const auto &g) { return g.source() == group.source() && g.id() == group.id(); }); if (it == m_groups.cend()) { qCDebug(LIBKLEO_LOG) << "KeyCache::Private::update - Group not found in list of groups:" << group; return false; } const auto groupIndex = std::distance(m_groups.cbegin(), it); const KeyGroup savedGroup = writeGroupToGroupsConfig(group); if (savedGroup.isNull()) { qCDebug(LIBKLEO_LOG) << "KeyCache::Private::update - Writing group" << group.id() << "to config file failed"; return false; } m_groups[groupIndex] = savedGroup; Q_EMIT q->groupUpdated(savedGroup); return true; } bool remove(const KeyGroup &group) { Q_ASSERT(!group.isNull()); Q_ASSERT(group.source() == KeyGroup::ApplicationConfig); if (group.isNull() || group.source() != KeyGroup::ApplicationConfig) { qCDebug(LIBKLEO_LOG) << "KeyCache::Private::remove - Invalid group:" << group; return false; } const auto it = std::find_if(m_groups.cbegin(), m_groups.cend(), [group](const auto &g) { return g.source() == group.source() && g.id() == group.id(); }); if (it == m_groups.cend()) { qCDebug(LIBKLEO_LOG) << "KeyCache::Private::remove - Group not found in list of groups:" << group; return false; } const bool success = removeGroupFromGroupsConfig(group); if (!success) { qCDebug(LIBKLEO_LOG) << "KeyCache::Private::remove - Removing group" << group.id() << "from config file failed"; return false; } m_groups.erase(it); Q_EMIT q->groupRemoved(group); return true; } private: QPointer m_refreshJob; std::vector> m_fsWatchers; QTimer m_autoKeyListingTimer; int m_refreshInterval; struct By { std::vector fpr, keyid, shortkeyid, chainid; std::vector> email; std::vector subkeyid, keygrip; } by; bool m_initalized; bool m_pgpOnly; bool m_remarks_enabled; bool m_groupsEnabled = false; std::shared_ptr m_groupConfig; std::vector m_groups; }; std::shared_ptr KeyCache::instance() { return mutableInstance(); } std::shared_ptr KeyCache::mutableInstance() { static std::weak_ptr self; try { return std::shared_ptr(self); } catch (const std::bad_weak_ptr &) { const std::shared_ptr s(new KeyCache); self = s; return s; } } KeyCache::KeyCache() : QObject() , d(new Private(this)) { } KeyCache::~KeyCache() { } void KeyCache::setGroupsEnabled(bool enabled) { d->m_groupsEnabled = enabled; if (d->m_initalized) { d->updateGroupCache(); } } void KeyCache::setGroupConfig(const std::shared_ptr &groupConfig) { d->m_groupConfig = groupConfig; } void KeyCache::enableFileSystemWatcher(bool enable) { for (const auto &i : std::as_const(d->m_fsWatchers)) { i->setEnabled(enable); } } void KeyCache::setRefreshInterval(int hours) { d->setRefreshInterval(hours); } int KeyCache::refreshInterval() const { return d->refreshInterval(); } std::shared_ptr KeyCache::suspendAutoRefresh() { return KeyCacheAutoRefreshSuspension::instance(); } void KeyCache::reload(GpgME::Protocol /*proto*/) { if (d->m_refreshJob) { return; } d->updateAutoKeyListingTimer(); enableFileSystemWatcher(false); d->m_refreshJob = new RefreshKeysJob(this); connect(d->m_refreshJob.data(), &RefreshKeysJob::done, this, [this](const GpgME::KeyListResult &r) { d->refreshJobDone(r); }); connect(d->m_refreshJob.data(), &RefreshKeysJob::canceled, this, [this]() { d->m_refreshJob.clear(); }); d->m_refreshJob->start(); } void KeyCache::cancelKeyListing() { if (!d->m_refreshJob) { return; } d->m_refreshJob->cancel(); } void KeyCache::addFileSystemWatcher(const std::shared_ptr &watcher) { if (!watcher) { return; } d->m_fsWatchers.push_back(watcher); connect(watcher.get(), &FileSystemWatcher::directoryChanged, this, [this]() { startKeyListing(); }); connect(watcher.get(), &FileSystemWatcher::fileChanged, this, [this]() { startKeyListing(); }); watcher->setEnabled(d->m_refreshJob.isNull()); } void KeyCache::enableRemarks(bool value) { if (!d->m_remarks_enabled && value) { d->m_remarks_enabled = value; if (d->m_initalized && !d->m_refreshJob) { qCDebug(LIBKLEO_LOG) << "Reloading keycache with remarks enabled"; reload(); } else { connect(d->m_refreshJob.data(), &RefreshKeysJob::done, this, [this](const GpgME::KeyListResult &) { qCDebug(LIBKLEO_LOG) << "Reloading keycache with remarks enabled"; QTimer::singleShot(1s, this, [this]() { reload(); }); }); } } else { d->m_remarks_enabled = value; } } bool KeyCache::remarksEnabled() const { return d->m_remarks_enabled; } void KeyCache::Private::refreshJobDone(const KeyListResult &result) { m_refreshJob.clear(); q->enableFileSystemWatcher(true); m_initalized = true; updateGroupCache(); Q_EMIT q->keyListingDone(result); } const Key &KeyCache::findByFingerprint(const char *fpr) const { const std::vector::const_iterator it = d->find_fpr(fpr); if (it == d->by.fpr.end()) { static const Key null; return null; } else { return *it; } } const Key &KeyCache::findByFingerprint(const std::string &fpr) const { return findByFingerprint(fpr.c_str()); } std::vector KeyCache::findByFingerprint(const std::vector &fprs) const { std::vector keys; keys.reserve(fprs.size()); for (const auto &fpr : fprs) { const Key key = findByFingerprint(fpr.c_str()); if (key.isNull()) { qCDebug(LIBKLEO_LOG) << __func__ << "Ignoring unknown key with fingerprint:" << fpr.c_str(); continue; } keys.push_back(key); } return keys; } std::vector KeyCache::findByEMailAddress(const char *email) const { const auto pair = d->find_email(email); std::vector result; result.reserve(std::distance(pair.first, pair.second)); std::transform(pair.first, pair.second, std::back_inserter(result), [](const std::pair &pair) { return pair.second; }); return result; } std::vector KeyCache::findByEMailAddress(const std::string &email) const { return findByEMailAddress(email.c_str()); } const Key &KeyCache::findByShortKeyID(const char *id) const { const std::vector::const_iterator it = d->find_shortkeyid(id); if (it != d->by.shortkeyid.end()) { return *it; } static const Key null; return null; } const Key &KeyCache::findByShortKeyID(const std::string &id) const { return findByShortKeyID(id.c_str()); } const Key &KeyCache::findByKeyIDOrFingerprint(const char *id) const { { // try by.fpr first: const std::vector::const_iterator it = d->find_fpr(id); if (it != d->by.fpr.end()) { return *it; } } { // try by.keyid next: const std::vector::const_iterator it = d->find_keyid(id); if (it != d->by.keyid.end()) { return *it; } } static const Key null; return null; } const Key &KeyCache::findByKeyIDOrFingerprint(const std::string &id) const { return findByKeyIDOrFingerprint(id.c_str()); } std::vector KeyCache::findByKeyIDOrFingerprint(const std::vector &ids) const { std::vector keyids; std::remove_copy_if(ids.begin(), ids.end(), std::back_inserter(keyids), [](const std::string &str) { return !str.c_str() || !*str.c_str(); }); // this is just case-insensitive string search: std::sort(keyids.begin(), keyids.end(), _detail::ByFingerprint()); std::vector result; result.reserve(keyids.size()); // dups shouldn't happen d->ensureCachePopulated(); kdtools::set_intersection(d->by.fpr.begin(), d->by.fpr.end(), keyids.begin(), keyids.end(), std::back_inserter(result), _detail::ByFingerprint()); if (result.size() < keyids.size()) { // note that By{Fingerprint,KeyID,ShortKeyID} define the same // order for _strings_ kdtools::set_intersection(d->by.keyid.begin(), d->by.keyid.end(), keyids.begin(), keyids.end(), std::back_inserter(result), _detail::ByKeyID()); } // duplicates shouldn't happen, but make sure nonetheless: std::sort(result.begin(), result.end(), _detail::ByFingerprint()); result.erase(std::unique(result.begin(), result.end(), _detail::ByFingerprint()), result.end()); // we skip looking into short key ids here, as it's highly // unlikely they're used for this purpose. We might need to revise // this decision, but only after testing. return result; } const Subkey &KeyCache::findSubkeyByKeyGrip(const char *grip, Protocol protocol) const { static const Subkey null; d->ensureCachePopulated(); const auto range = std::equal_range(d->by.keygrip.begin(), d->by.keygrip.end(), grip, _detail::ByKeyGrip()); if (range.first == range.second) { return null; } else if (protocol == UnknownProtocol) { return *range.first; } else { for (auto it = range.first; it != range.second; ++it) { if (it->parent().protocol() == protocol) { return *it; } } } return null; } const Subkey &KeyCache::findSubkeyByKeyGrip(const std::string &grip, Protocol protocol) const { return findSubkeyByKeyGrip(grip.c_str(), protocol); } std::vector KeyCache::findSubkeysByKeyID(const std::vector &ids) const { std::vector sorted; sorted.reserve(ids.size()); std::remove_copy_if(ids.begin(), ids.end(), std::back_inserter(sorted), [](const std::string &str) { return !str.c_str() || !*str.c_str(); }); std::sort(sorted.begin(), sorted.end(), _detail::ByKeyID()); std::vector result; d->ensureCachePopulated(); kdtools::set_intersection(d->by.subkeyid.begin(), d->by.subkeyid.end(), sorted.begin(), sorted.end(), std::back_inserter(result), _detail::ByKeyID()); return result; } std::vector KeyCache::findRecipients(const DecryptionResult &res) const { std::vector keyids; const auto recipients = res.recipients(); for (const DecryptionResult::Recipient &r : recipients) { if (const char *kid = r.keyID()) { keyids.push_back(kid); } } const std::vector subkeys = findSubkeysByKeyID(keyids); std::vector result; result.reserve(subkeys.size()); std::transform(subkeys.begin(), subkeys.end(), std::back_inserter(result), std::mem_fn(&Subkey::parent)); std::sort(result.begin(), result.end(), _detail::ByFingerprint()); result.erase(std::unique(result.begin(), result.end(), _detail::ByFingerprint()), result.end()); return result; } std::vector KeyCache::findSigners(const VerificationResult &res) const { std::vector fprs; const auto signatures = res.signatures(); for (const Signature &s : signatures) { if (const char *fpr = s.fingerprint()) { fprs.push_back(fpr); } } return findByKeyIDOrFingerprint(fprs); } std::vector KeyCache::findSigningKeysByMailbox(const QString &mb) const { return d->find_mailbox(mb, true); } std::vector KeyCache::findEncryptionKeysByMailbox(const QString &mb) const { return d->find_mailbox(mb, false); } namespace { #define DO(op, meth, meth2) \ if (op key.meth()) { \ } else { \ qDebug("rejecting for signing: %s: %s", #meth2, key.primaryFingerprint()); \ return false; \ } #define ACCEPT(meth) DO(!!, meth, !meth) #define REJECT(meth) DO(!, meth, meth) struct ready_for_signing { bool operator()(const Key &key) const { #if 1 ACCEPT(hasSecret); ACCEPT(canReallySign); REJECT(isRevoked); REJECT(isExpired); REJECT(isDisabled); REJECT(isInvalid); return true; #else return key.hasSecret() && key.canReallySign() && !key.isRevoked() && !key.isExpired() && !key.isDisabled() && !key.isInvalid(); #endif #undef DO } }; #define DO(op, meth, meth2) \ if (op key.meth()) { \ } else { \ qDebug("rejecting for encrypting: %s: %s", #meth2, key.primaryFingerprint()); \ return false; \ } struct ready_for_encryption { bool operator()(const Key &key) const { #if 1 ACCEPT(canEncrypt); REJECT(isRevoked); REJECT(isExpired); REJECT(isDisabled); REJECT(isInvalid); return true; #else return key.canEncrypt() && !key.isRevoked() && !key.isExpired() && !key.isDisabled() && !key.isInvalid(); #endif } #undef DO #undef ACCEPT #undef REJECT }; } std::vector KeyCache::Private::find_mailbox(const QString &email, bool sign) const { if (email.isEmpty()) { return std::vector(); } const auto pair = find_email(email.toUtf8().constData()); std::vector result; result.reserve(std::distance(pair.first, pair.second)); if (sign) { kdtools::copy_2nd_if(pair.first, pair.second, std::back_inserter(result), ready_for_signing()); } else { kdtools::copy_2nd_if(pair.first, pair.second, std::back_inserter(result), ready_for_encryption()); } return result; } std::vector KeyCache::findSubjects(const GpgME::Key &key, Options options) const { return findSubjects(std::vector(1, key), options); } std::vector KeyCache::findSubjects(const std::vector &keys, Options options) const { return findSubjects(keys.begin(), keys.end(), options); } std::vector KeyCache::findSubjects(std::vector::const_iterator first, std::vector::const_iterator last, Options options) const { if (first == last) { return std::vector(); } std::vector result; while (first != last) { const auto pair = d->find_subjects(first->primaryFingerprint()); result.insert(result.end(), pair.first, pair.second); ++first; } std::sort(result.begin(), result.end(), _detail::ByFingerprint()); result.erase(std::unique(result.begin(), result.end(), _detail::ByFingerprint()), result.end()); if (options & RecursiveSearch) { const std::vector furtherSubjects = findSubjects(result, options); std::vector combined; combined.reserve(result.size() + furtherSubjects.size()); std::merge(result.begin(), result.end(), furtherSubjects.begin(), furtherSubjects.end(), std::back_inserter(combined), _detail::ByFingerprint()); combined.erase(std::unique(combined.begin(), combined.end(), _detail::ByFingerprint()), combined.end()); result.swap(combined); } return result; } std::vector KeyCache::findIssuers(const Key &key, Options options) const { std::vector result; if (key.isNull()) { return result; } if (options & IncludeSubject) { result.push_back(key); } if (key.isRoot()) { return result; } const Key &issuer = findByFingerprint(key.chainID()); if (issuer.isNull()) { return result; } result.push_back(issuer); if (!(options & RecursiveSearch)) { return result; } while (true) { const Key &issuer = findByFingerprint(result.back().chainID()); if (issuer.isNull()) { break; } const bool chainAlreadyContainsIssuer = Kleo::contains_if(result, [issuer](const auto &key) { return _detail::ByFingerprint()(issuer, key); }); // we also add the issuer if the chain already contains it, so that // the user can spot the recursion result.push_back(issuer); if (issuer.isRoot() || chainAlreadyContainsIssuer) { break; } } return result; } static std::string email(const UserID &uid) { // Prefer the gnupg normalized one const std::string addr = uid.addrSpec(); if (!addr.empty()) { return addr; } const std::string email = uid.email(); if (email.empty()) { return DN(uid.id())[QStringLiteral("EMAIL")].trimmed().toUtf8().constData(); } if (email[0] == '<' && email[email.size() - 1] == '>') { return email.substr(1, email.size() - 2); } else { return email; } } static std::vector emails(const Key &key) { std::vector emails; const auto userIDs = key.userIDs(); for (const UserID &uid : userIDs) { const std::string e = email(uid); if (!e.empty()) { emails.push_back(e); } } std::sort(emails.begin(), emails.end(), ByEMail()); emails.erase(std::unique(emails.begin(), emails.end(), ByEMail()), emails.end()); return emails; } void KeyCache::remove(const Key &key) { if (key.isNull()) { return; } const char *fpr = key.primaryFingerprint(); if (!fpr) { return; } Q_EMIT aboutToRemove(key); { const auto range = std::equal_range(d->by.fpr.begin(), d->by.fpr.end(), fpr, _detail::ByFingerprint()); d->by.fpr.erase(range.first, range.second); } if (const char *keyid = key.keyID()) { const auto range = std::equal_range(d->by.keyid.begin(), d->by.keyid.end(), keyid, _detail::ByKeyID()); const auto it = std::remove_if(range.first, range.second, [fpr](const GpgME::Key &key) { return _detail::ByFingerprint()(fpr, key); }); d->by.keyid.erase(it, range.second); } if (const char *shortkeyid = key.shortKeyID()) { const auto range = std::equal_range(d->by.shortkeyid.begin(), d->by.shortkeyid.end(), shortkeyid, _detail::ByShortKeyID()); const auto it = std::remove_if(range.first, range.second, [fpr](const GpgME::Key &key) { return _detail::ByFingerprint()(fpr, key); }); d->by.shortkeyid.erase(it, range.second); } if (const char *chainid = key.chainID()) { const auto range = std::equal_range(d->by.chainid.begin(), d->by.chainid.end(), chainid, _detail::ByChainID()); const auto range2 = std::equal_range(range.first, range.second, fpr, _detail::ByFingerprint()); d->by.chainid.erase(range2.first, range2.second); } const auto emailsKey{emails(key)}; for (const std::string &email : emailsKey) { const auto range = std::equal_range(d->by.email.begin(), d->by.email.end(), email, ByEMail()); const auto it = std::remove_if(range.first, range.second, [fpr](const std::pair &pair) { return qstricmp(fpr, pair.second.primaryFingerprint()) == 0; }); d->by.email.erase(it, range.second); } const auto keySubKeys{key.subkeys()}; for (const Subkey &subkey : keySubKeys) { if (const char *keyid = subkey.keyID()) { const auto range = std::equal_range(d->by.subkeyid.begin(), d->by.subkeyid.end(), keyid, _detail::ByKeyID()); const auto it = std::remove_if(range.first, range.second, [fpr](const Subkey &subkey) { return !qstricmp(fpr, subkey.parent().primaryFingerprint()); }); d->by.subkeyid.erase(it, range.second); } if (const char *keygrip = subkey.keyGrip()) { const auto range = std::equal_range(d->by.keygrip.begin(), d->by.keygrip.end(), keygrip, _detail::ByKeyGrip()); const auto it = std::remove_if(range.first, range.second, [fpr](const Subkey &subkey) { return !qstricmp(fpr, subkey.parent().primaryFingerprint()); }); d->by.keygrip.erase(it, range.second); } } } void KeyCache::remove(const std::vector &keys) { for (const Key &key : keys) { remove(key); } } const std::vector &KeyCache::keys() const { d->ensureCachePopulated(); return d->by.fpr; } std::vector KeyCache::secretKeys() const { std::vector keys = this->keys(); keys.erase(std::remove_if(keys.begin(), keys.end(), [](const Key &key) { return !key.hasSecret(); }), keys.end()); return keys; } KeyGroup KeyCache::group(const QString &id) const { KeyGroup result{}; const auto it = std::find_if(std::cbegin(d->m_groups), std::cend(d->m_groups), [id](const auto &g) { return g.id() == id; }); if (it != std::cend(d->m_groups)) { result = *it; } return result; } std::vector KeyCache::groups() const { d->ensureCachePopulated(); return d->m_groups; } std::vector KeyCache::configurableGroups() const { std::vector groups; groups.reserve(d->m_groups.size()); std::copy_if(d->m_groups.cbegin(), d->m_groups.cend(), std::back_inserter(groups), [](const KeyGroup &group) { return group.source() == KeyGroup::ApplicationConfig; }); return groups; } namespace { bool compareById(const KeyGroup &lhs, const KeyGroup &rhs) { return lhs.id() < rhs.id(); } std::vector sortedById(std::vector groups) { std::sort(groups.begin(), groups.end(), &compareById); return groups; } } void KeyCache::saveConfigurableGroups(const std::vector &groups) { const std::vector oldGroups = sortedById(configurableGroups()); const std::vector newGroups = sortedById(groups); { std::vector removedGroups; std::set_difference(oldGroups.begin(), oldGroups.end(), newGroups.begin(), newGroups.end(), std::back_inserter(removedGroups), &compareById); for (const auto &group : std::as_const(removedGroups)) { qCDebug(LIBKLEO_LOG) << "Removing group" << group; d->remove(group); } } { std::vector updatedGroups; std::set_intersection(newGroups.begin(), newGroups.end(), oldGroups.begin(), oldGroups.end(), std::back_inserter(updatedGroups), &compareById); for (const auto &group : std::as_const(updatedGroups)) { qCDebug(LIBKLEO_LOG) << "Updating group" << group; d->update(group); } } { std::vector addedGroups; std::set_difference(newGroups.begin(), newGroups.end(), oldGroups.begin(), oldGroups.end(), std::back_inserter(addedGroups), &compareById); for (const auto &group : std::as_const(addedGroups)) { qCDebug(LIBKLEO_LOG) << "Adding group" << group; d->insert(group); } } Q_EMIT keysMayHaveChanged(); } bool KeyCache::insert(const KeyGroup &group) { if (!d->insert(group)) { return false; } Q_EMIT keysMayHaveChanged(); return true; } bool KeyCache::update(const KeyGroup &group) { if (!d->update(group)) { return false; } Q_EMIT keysMayHaveChanged(); return true; } bool KeyCache::remove(const KeyGroup &group) { if (!d->remove(group)) { return false; } Q_EMIT keysMayHaveChanged(); return true; } void KeyCache::refresh(const std::vector &keys) { // make this better... clear(); insert(keys); } void KeyCache::insert(const Key &key) { insert(std::vector(1, key)); } namespace { template class Op> class T1, template class Op> class T2> struct lexicographically { using result_type = bool; template bool operator()(const U &lhs, const V &rhs) const { return T1()(lhs, rhs) // || (T1()(lhs, rhs) && T2()(lhs, rhs)); } }; } void KeyCache::insert(const std::vector &keys) { // 1. remove those with empty fingerprints: std::vector sorted; sorted.reserve(keys.size()); std::remove_copy_if(keys.begin(), keys.end(), std::back_inserter(sorted), [](const Key &key) { auto fp = key.primaryFingerprint(); return !fp || !*fp; }); Q_FOREACH (const Key &key, sorted) { remove(key); // this is sub-optimal, but makes implementation from here on much easier } // 2. sort by fingerprint: std::sort(sorted.begin(), sorted.end(), _detail::ByFingerprint()); // 2a. insert into fpr index: std::vector by_fpr; by_fpr.reserve(sorted.size() + d->by.fpr.size()); std::merge(sorted.begin(), sorted.end(), d->by.fpr.begin(), d->by.fpr.end(), std::back_inserter(by_fpr), _detail::ByFingerprint()); // 3. build email index: std::vector> pairs; pairs.reserve(sorted.size()); for (const Key &key : std::as_const(sorted)) { const std::vector emails = ::emails(key); for (const std::string &e : emails) { pairs.push_back(std::make_pair(e, key)); } } std::sort(pairs.begin(), pairs.end(), ByEMail()); // 3a. insert into email index: std::vector> by_email; by_email.reserve(pairs.size() + d->by.email.size()); std::merge(pairs.begin(), pairs.end(), d->by.email.begin(), d->by.email.end(), std::back_inserter(by_email), ByEMail()); // 3.5: stable-sort by chain-id (effectively lexicographically) std::stable_sort(sorted.begin(), sorted.end(), _detail::ByChainID()); // 3.5a: insert into chain-id index: std::vector nonroot; nonroot.reserve(sorted.size()); std::vector by_chainid; by_chainid.reserve(sorted.size() + d->by.chainid.size()); std::copy_if(sorted.cbegin(), sorted.cend(), std::back_inserter(nonroot), [](const Key &key) { return !key.isRoot(); }); std::merge(nonroot.cbegin(), nonroot.cend(), d->by.chainid.cbegin(), d->by.chainid.cend(), std::back_inserter(by_chainid), lexicographically<_detail::ByChainID, _detail::ByFingerprint>()); // 4. sort by key id: std::sort(sorted.begin(), sorted.end(), _detail::ByKeyID()); // 4a. insert into keyid index: std::vector by_keyid; by_keyid.reserve(sorted.size() + d->by.keyid.size()); std::merge(sorted.begin(), sorted.end(), d->by.keyid.begin(), d->by.keyid.end(), std::back_inserter(by_keyid), _detail::ByKeyID