17 #include <boost/thread/once.hpp>
18 #include <boost/interprocess/smart_ptr/scoped_ptr.hpp>
24 #undef ZYPP_BASE_LOGGER_LOGGROUP
25 #define ZYPP_BASE_LOGGER_LOGGROUP "zypp::gpg"
37 boost::once_flag gpgme_init_once = BOOST_ONCE_INIT;
41 const char *version = gpgme_check_version(NULL);
44 MIL <<
"Initialized libgpgme version: " << version << endl;
48 MIL <<
"Initialized libgpgme with unknown version" << endl;
53 typedef boost::interprocess::scoped_ptr<gpgme_data, boost::function<void (gpgme_data_t)>> GpgmeDataPtr;
54 typedef boost::interprocess::scoped_ptr<_gpgme_key, boost::function<void (gpgme_key_t)>> GpgmeKeyPtr;
55 typedef boost::interprocess::scoped_ptr<FILE, boost::function<int (FILE *)>> FILEPtr;
59 GpgmeErr( gpgme_error_t err_r = GPG_ERR_NO_ERROR )
62 operator gpgme_error_t()
const {
return _err; }
67 std::ostream &
operator<<( std::ostream &
str,
const GpgmeErr & obj )
68 {
return str <<
"<" << gpgme_strsource(obj) <<
"> " << gpgme_strerror(obj); }
71 std::ostream &
operator<<( std::ostream &
str,
const _gpgme_op_import_result & obj )
73 str <<
"gpgme_op_import_result {" << endl;
74 str <<
" " << obj.considered <<
" The total number of considered keys." << endl;
75 str <<
" " << obj.no_user_id <<
" The number of keys without user ID." << endl;
76 str <<
" " << obj.imported <<
" The total number of imported keys." << endl;
77 str <<
" " << obj.imported_rsa <<
" imported RSA keys." << endl;
78 str <<
" " << obj.unchanged <<
" unchanged keys." << endl;
79 str <<
" " << obj.new_user_ids <<
" new user IDs." << endl;
80 str <<
" " << obj.new_sub_keys <<
" new sub keys." << endl;
81 str <<
" " << obj.new_signatures <<
" new signatures." << endl;
82 str <<
" " << obj.new_revocations <<
" new revocations." << endl;
83 str <<
" " << obj.secret_read <<
" secret keys read." << endl;
84 str <<
" " << obj.secret_imported <<
" imported secret keys." << endl;
85 str <<
" " << obj.secret_unchanged <<
" unchanged secret keys." << endl;
86 str <<
" " << obj.not_imported <<
" keys not imported." << endl;
87 for ( gpgme_import_status_t p = obj.imports; p; p = p->next )
89 str <<
" - " << p->fpr <<
": " << p->result << endl;
108 { boost::call_once( gpgme_init_once, initGpgme ); }
111 {
if (
_ctx ) gpgme_release(
_ctx ); }
145 if (!
PathInfo( signature_r ).isExist())
146 return std::list<std::string>();
148 FILEPtr dataFile(fopen(file_r.
c_str(),
"rb"), fclose);
150 return std::list<std::string>();
152 GpgmeDataPtr fileData(
nullptr, gpgme_data_release);
153 GpgmeErr err = gpgme_data_new_from_stream (&fileData.get(), dataFile.get());
156 return std::list<std::string>();
159 FILEPtr sigFile(fopen(signature_r.
c_str(),
"rb"), fclose);
161 ERR <<
"Unable to open signature file '" << signature_r <<
"'" <<endl;
162 return std::list<std::string>();
165 GpgmeDataPtr sigData(
nullptr, gpgme_data_release);
166 err = gpgme_data_new_from_stream (&sigData.get(), sigFile.get());
169 return std::list<std::string>();
172 err = gpgme_op_verify(
_ctx, sigData.get(), fileData.get(), NULL);
173 if (err != GPG_ERR_NO_ERROR) {
175 return std::list<std::string>();
178 gpgme_verify_result_t res = gpgme_op_verify_result(
_ctx);
179 if (!res || !res->signatures) {
180 ERR <<
"Unable to read signature fingerprints" <<endl;
181 return std::list<std::string>();
184 bool foundBadSignature =
false;
185 bool foundGoodSignature =
false;
186 std::list<std::string> signatures;
187 for ( gpgme_signature_t sig = res->signatures; sig; sig = sig->next ) {
195 std::string id( sig->fpr );
196 if (
id.size() > 16 )
197 id =
id.substr(
id.size()-16 );
199 DBG <<
"Found signature with ID: " <<
id <<
" in " << file_r << std::endl;
200 signatures.push_back( std::move(
id) );
203 if ( verify_r && sig->status != GPG_ERR_NO_ERROR ) {
204 const auto status = gpgme_err_code(sig->status);
210 if ( status != GPG_ERR_KEY_EXPIRED && status != GPG_ERR_NO_PUBKEY )
212 WAR <<
"Failed signature check: " << file_r <<
" " << GpgmeErr(sig->status) << endl;
213 if ( !foundBadSignature )
214 foundBadSignature =
true;
218 WAR <<
"Legacy: Ignore expired or unknown key: " << file_r <<
" " << GpgmeErr(sig->status) << endl;
220 if ( status == GPG_ERR_KEY_EXPIRED )
221 foundGoodSignature =
true;
224 foundGoodSignature =
true;
229 *verify_r = (!foundBadSignature) && foundGoodSignature;
250 DBG <<
"createForOpenPGP(" << keyring_r <<
")" << endl;
256 GpgmeErr err = gpgme_new( &ctx );
257 if ( err != GPG_ERR_NO_ERROR )
261 err = gpgme_set_protocol( ctx, GPGME_PROTOCOL_OpenPGP );
262 if ( err != GPG_ERR_NO_ERROR )
265 if ( !keyring_r.
empty() ) {
267 gpgme_engine_info_t enginfo = gpgme_ctx_get_engine_info( ctx );
271 err = gpgme_ctx_set_engine_info( ctx, GPGME_PROTOCOL_OpenPGP, enginfo->file_name, keyring_r.
c_str() );
272 if ( err != GPG_ERR_NO_ERROR )
282 if ( gpgme_engine_info_t enginfo = gpgme_ctx_get_engine_info(
_pimpl->
_ctx ) )
283 ret = enginfo->home_dir;
289 std::list<PublicKeyData> ret;
290 GpgmeErr err = GPG_ERR_NO_ERROR;
295 if ( (err = gpgme_set_keylist_mode(
_pimpl->
_ctx, GPGME_KEYLIST_MODE_LOCAL | GPGME_KEYLIST_MODE_SIGS )) != GPG_ERR_NO_ERROR ) {
296 ERR <<
"gpgme_set_keylist_mode: " << err << endl;
300 if ( (err = gpgme_op_keylist_start(
_pimpl->
_ctx, NULL, 0 )) != GPG_ERR_NO_ERROR ) {
301 ERR <<
"gpgme_op_keylist_start: " << err << endl;
308 for ( ; gpgme_op_keylist_next(
_pimpl->
_ctx, &(*key) ) == GPG_ERR_NO_ERROR; key.getDispose()( key ) ) {
311 ret.push_back( data );
326 std::list<PublicKeyData> ret;
343 std::list<PublicKeyData> ret;
344 GpgmeErr err = GPG_ERR_NO_ERROR;
347 if ( (err = gpgme_data_new_from_file( &(*data), file_r.
c_str(), 1 )) != GPG_ERR_NO_ERROR ) {
348 ERR <<
"gpgme_data_new_from_file " << file_r <<
": " << err << endl;
353 AutoDispose<gpgme_keylist_mode_t> guard { gpgme_get_keylist_mode(
_pimpl->
_ctx ), bind( &gpgme_set_keylist_mode,
_pimpl->
_ctx, _1 ) };
355 if ( (err = gpgme_set_keylist_mode(
_pimpl->
_ctx, GPGME_KEYLIST_MODE_LOCAL | GPGME_KEYLIST_MODE_SIGS )) != GPG_ERR_NO_ERROR ) {
356 ERR <<
"gpgme_set_keylist_mode: " << err << endl;
360 if ( (err = gpgme_op_keylist_from_data_start(
_pimpl->
_ctx, data, 0 )) != GPG_ERR_NO_ERROR ) {
361 ERR <<
"gpgme_op_keylist_from_data_start " << file_r <<
": " << err << endl;
365 AutoDispose<gpgme_ctx_t> guard2 {
_pimpl->
_ctx, &gpgme_op_keylist_end };
367 AutoDispose<gpgme_key_t> key {
nullptr, &gpgme_key_release };
368 for ( ; gpgme_op_keylist_next(
_pimpl->
_ctx, &(*key) ) == GPG_ERR_NO_ERROR; key.getDispose()( key ) ) {
371 ret.push_back( data );
385 GpgmeErr err = GPG_ERR_NO_ERROR;
387 GpgmeKeyPtr foundKey;
391 gpgme_op_keylist_start(
_pimpl->
_ctx, NULL, 0);
392 while (!(err = gpgme_op_keylist_next(
_pimpl->
_ctx, &key))) {
393 if (key->subkeys &&
id ==
str::asString(key->subkeys->keyid)) {
394 GpgmeKeyPtr(key, gpgme_key_release).swap(foundKey);
397 gpgme_key_release(key);
402 WAR <<
"Key " <<
id <<
"not found" << endl;
407 gpgme_key_t keyarray[2];
408 keyarray[0] = foundKey.get();
411 GpgmeDataPtr out(
nullptr, gpgme_data_release);
412 err = gpgme_data_new (&out.get());
424 err = gpgme_op_export_keys (
_pimpl->
_ctx, keyarray, GPGME_EXPORT_MODE_MINIMAL, out.get());
426 int ret = gpgme_data_seek (out.get(), 0, SEEK_SET);
428 ERR <<
"Unable to seek in exported key data" << endl;
432 const int bufsize = 512;
433 char buf[bufsize + 1];
434 while ((ret = gpgme_data_read(out.get(), buf, bufsize)) > 0) {
435 stream.write(buf, ret);
440 ERR <<
"Unable to read exported key data" << endl;
444 ERR <<
"Error exporting key: "<< err << endl;
454 if ( !
PathInfo( keyfile ).isExist() ) {
455 ERR <<
"Keyfile '" << keyfile <<
"' does not exist.";
459 GpgmeDataPtr data(
nullptr, gpgme_data_release);
462 err = gpgme_data_new_from_file(&data.get(), keyfile.
c_str(), 1);
464 ERR <<
"Error importing key: "<< err << endl;
468 err = gpgme_op_import(
_pimpl->
_ctx, data.get());
470 ERR <<
"Error importing key: "<< err << endl;
476 if ( gpgme_import_result_t res = gpgme_op_import_result(
_pimpl->
_ctx) )
478 if ( ! res->considered &&
PathInfo(keyfile).size() )
481 ERR <<
"Error importing key: No keys considered (bsc#1127220, [libgpgme] signal received?)" << endl;
486 return (err == GPG_ERR_NO_ERROR);
492 GpgmeErr err = GPG_ERR_NO_ERROR;
494 gpgme_op_keylist_start(
_pimpl->
_ctx, NULL, 0);
496 while (!(err = gpgme_op_keylist_next(
_pimpl->
_ctx, &key))) {
497 if (key->subkeys &&
id ==
str::asString(key->subkeys->keyid)) {
500 gpgme_key_release(key);
504 ERR <<
"Error deleting key: "<< err << endl;
509 gpgme_key_release(key);
513 WAR <<
"Key: '"<<
id <<
"' not found." << endl;