Go to the documentation of this file.
37 #undef ZYPP_BASE_LOGGER_LOGGROUP
38 #define ZYPP_BASE_LOGGER_LOGGROUP "zypp::KeyRing"
52 {
return _keyRingDefaultAccept; }
56 MIL <<
"Set new KeyRing::DefaultAccept: " << value_r << endl;
57 _keyRingDefaultAccept = value_r;
85 data.
set(
"PublicKey", key_r);
86 data.
set(
"KeyContext", keycontext_r);
90 return data.
get<
bool>(
"TrustKey");
97 data.
set(
"Keys", keys_r);
112 const std::list<PublicKeyData> & operator()(
const Pathname & keyring_r )
const
113 {
return getData( keyring_r ); }
115 void setDirty(
const Pathname & keyring_r )
129 void assertCache(
const Pathname & keyring_r )
138 bool hasChanged()
const
152 typedef std::map<Pathname,Cache> CacheMap;
154 const std::list<PublicKeyData> & getData(
const Pathname & keyring_r )
const
158 cache.assertCache( keyring_r );
159 return getData( keyring_r, cache );
162 const std::list<PublicKeyData> & getData(
const Pathname & keyring_r, Cache & cache_r )
const
164 if ( cache_r.hasChanged() ) {
166 MIL <<
"Found keys: " << cache_r._data << endl;
168 return cache_r._data;
188 MIL <<
"Current KeyRing::DefaultAccept: " << _keyRingDefaultAccept << endl;
193 void deleteKey(
const std::string &
id,
bool trusted );
212 void dumpPublicKey(
const std::string &
id,
bool trusted, std::ostream & stream )
276 struct ImportKeyCBHelper
278 void operator()(
const PublicKey & key_r )
286 ERR <<
"Could not import key into rpmdb: " << excp << endl;
302 MIL <<
"Imported key " << key <<
" to " << (trusted ?
"trustedKeyRing" :
"generalKeyRing" ) << endl;
306 ImportKeyCBHelper emitSignal;
323 importKey( keyfile_r, trusted_r ? trustedKeyRing() : generalKeyRing() );
328 PublicKeyData keyDataToDel( publicKeyExists(
id, trusted ? trustedKeyRing() : generalKeyRing() ) );
329 if ( ! keyDataToDel )
331 WAR <<
"Key to delete [" <<
id <<
"] is not in " << (trusted ?
"trustedKeyRing" :
"generalKeyRing" ) << endl;
334 deleteKey(
id, trusted ? trustedKeyRing() : generalKeyRing() );
335 MIL <<
"Deleted key [" <<
id <<
"] from " << (trusted ?
"trustedKeyRing" :
"generalKeyRing" ) << endl;
342 rpmdbEmitSignal->trustedKeyRemoved( key );
345 emitSignal->trustedKeyRemoved( key );
349 ERR <<
"Could not delete key from rpmmdb: " << excp << endl;
360 if ( key.providesKey(
id ) )
366 MIL << (ret ?
"Found" :
"No") <<
" key [" <<
id <<
"] in keyring " << keyring << endl;
372 return PublicKey( dumpPublicKeyToTmp( keyData.
id(), keyring ), keyData );
379 return PublicKey( dumpPublicKeyToTmp( keyData.
id(), keyring ), keyData );
382 WAR <<
"No key [" <<
id <<
"] to export from " << keyring << endl;
395 MIL <<
"Going to export key [" <<
id <<
"] from " << keyring <<
" to " << tmpFile.
path() << endl;
397 std::ofstream os( tmpFile.
path().
c_str() );
408 MIL <<
"Going to verify signature for " << filedesc <<
" ( " << file <<
" ) with " << signature << endl;
411 if( signature.
empty() || (!
PathInfo( signature ).isExist()) )
413 bool res =
report->askUserToAcceptUnsignedFile( filedesc, context );
414 MIL <<
"askUserToAcceptUnsignedFile: " << res << endl;
427 PublicKeyData trustedKeyData( publicKeyExists(
id, trustedKeyRing() ) );
428 if ( trustedKeyData )
430 MIL <<
"Key is trusted: " << trustedKeyData << endl;
434 PublicKeyData generalKeyData( publicKeyExists(
id, generalKeyRing() ) );
435 if ( generalKeyData )
448 MIL <<
"Key was updated. Saving new version into trusted keyring: " << generalKeyData << endl;
449 importKey( exportKey( generalKeyData, generalKeyRing() ),
true );
450 trustedKeyData = publicKeyExists(
id, trustedKeyRing() );
454 foundKey = trustedKeyData;
455 whichKeyring = trustedKeyRing();
459 PublicKeyData generalKeyData( publicKeyExists(
id, generalKeyRing() ) );
460 if ( generalKeyData )
462 PublicKey key( exportKey( generalKeyData, generalKeyRing() ) );
463 MIL <<
"Key [" <<
id <<
"] " << key.
name() <<
" is not trusted" << endl;
470 MIL <<
"User wants to trust key [" <<
id <<
"] " << key.
name() << endl;
474 MIL <<
"User wants to import key [" <<
id <<
"] " << key.
name() << endl;
476 whichKeyring = trustedKeyRing();
479 whichKeyring = generalKeyRing();
481 foundKey = generalKeyData;
485 MIL <<
"User does not want to trust key [" <<
id <<
"] " << key.
name() << endl;
489 else if ( ! context.
empty() )
493 whichKeyring = trustedKeyRing();
494 foundKey =
PublicKeyData( publicKeyExists(
id, trustedKeyRing() ) );
502 report->infoVerify( filedesc, foundKey, context );
503 if ( verifyFile( file, signature, whichKeyring ) )
505 return (sigValid_r=
true);
509 bool res =
report->askUserToAcceptVerificationFailed( filedesc, exportKey( foundKey, whichKeyring ), context );
510 MIL <<
"askUserToAcceptVerificationFailed: " << res << endl;
515 MIL <<
"File [" << file <<
"] ( " << filedesc <<
" ) signed with unknown key [" <<
id <<
"]" << endl;
516 bool res =
report->askUserToAcceptUnknownKey( filedesc,
id, context );
517 MIL <<
"askUserToAcceptUnknownKey: " << res << endl;
548 ERR <<
"Key [" << id_r <<
"] from cache: " << cacheDir <<
" is not valid" << endl;
552 MIL <<
"Key [" << id_r <<
"] " << key.
name() <<
" loaded from cache" << endl;
556 if ( !
report->askUserToAcceptPackageKey( key, context ) ) {
560 MIL <<
"User wants to import key [" << id_r <<
"] " << key.
name() <<
" from cache" << endl;
565 ERR <<
"Failed to import key: "<<id_r;
574 const std::list<PublicKeyData> & keys(
publicKeyData( keyring ) );
575 std::list<PublicKey> ret;
577 for_( it, keys.begin(), keys.end() )
579 PublicKey key( exportKey( *it, keyring ) );
580 ret.push_back( key );
581 MIL <<
"Found key " << key << endl;
588 if ( !
PathInfo( keyfile ).isExist() )
594 cachedPublicKeyData.setDirty( keyring );
601 cachedPublicKeyData.setDirty( keyring );
608 if ( !
PathInfo( signature ).isFile() )
611 MIL <<
"Determining key id of signature " << signature << endl;
614 if ( ! fprs.empty() ) {
615 std::string &
id = fprs.back();
616 MIL <<
"Determined key id [" <<
id <<
"] for signature " << signature << endl;
619 return std::string();
bool provideAndImportKeyFromRepositoryWorkflow(const std::string &id_r, const RepoInfo &info_r)
void deleteKey(const std::string &id, bool trusted=false)
removes a key from the keyring.
PublicKey exportPublicKey(const PublicKeyData &keyData)
Export a public key identified by its key data.
const Pathname generalKeyRing() const
std::list< PublicKey > publicKeys()
scoped_ptr< WatchFile > _keyringP
virtual void report(const UserData &userData_r=UserData())
The most generic way of sending/receiving data.
bool exportKey(const std::string &id, std::ostream &stream)
Exports the key with id into the given stream, returns true on success.
PublicKeyData trustedPublicKeyExists(const std::string &id)
Base class for Exception.
const std::list< PublicKeyData > & hiddenKeys() const
Additional keys data in case the ASCII armored blob containes multiple keys.
const PublicKeyData & keyData() const
The public keys data (.
What is known about a repository.
RW_pointer< Impl > _pimpl
Pointer to implementation.
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Initial import from RpmDb.
const Pathname trustedKeyRing() const
@ KEY_TRUST_TEMPORARILY
This basically means, we knew the key, but it was not trusted.
Class representing one GPG Public Keys data.
PublicKey exportKey(const PublicKey &key, const Pathname &keyring)
Impl(const Pathname &baseTmpDir)
KeyRing(const Pathname &baseTmpDir)
Default ctor.
const std::list< PublicKeyData > & trustedPublicKeyData()
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
std::list< PublicKey > trustedPublicKeys()
Get a list of trusted public keys in the keyring (incl.
@ KEY_TRUST_AND_IMPORT
Import the key.
Date created() const
Creation / last modification date (latest selfsig).
void reportNonImportedKeys(const std::set< Edition > &keys_r)
Notify the user about keys that were not imported from the rpm key database into zypp keyring.
#define ZYPP_THROW(EXCPT)
Drops a logline and throws the Exception.
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
const Tp & get(const std::string &key_r) const
Pass back a const Tp & reference to key_r value.
const std::list< PublicKeyData > & publicKeyData()
bool isKeyKnown(const std::string &id)
true if the key id is knows, that means at least exist on the untrusted keyring
scoped_ptr< WatchFile > _keyringK
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Export a trusted public key identified by its key data.
virtual void infoVerify(const std::string &file_r, const PublicKeyData &keyData_r, const KeyContext &keycontext=KeyContext())
Informal callback showing the trusted key that will be used for verification.
bool hasvalue(const std::string &key_r) const
Whether key_r is in data and value is not empty.
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
Typesafe passing of user data via callbacks.
Pathname repoManagerRoot() const
The RepoManager root directory.
static DefaultAccept defaultAccept()
Get the active accept bits.
virtual KeyTrust askUserToAcceptKey(const PublicKey &key, const KeyContext &keycontext=KeyContext())
Ask user to trust and/or import the key to trusted keyring.
Pathname provideKey(const std::string &keyID_r, const Pathname &targetDirectory_r) const
downloads all configured gpg keys into the defined directory
std::string readSignatureKeyId(const Pathname &signature)
reads the public key id from a signature
std::list< std::string > readSignatureFingerprints(const Pathname &signature)
Reads all fingerprints from the signature file , returns a list of all found fingerprints.
void setRepoInfo(const RepoInfo &repoinfo)
Wrapper class for ::stat/::lstat.
static KeyManagerCtx createForOpenPGP()
Creates a new KeyManagerCtx for PGP using a volatile temp.
const RepoInfo repoInfo() const
Provide a new empty temporary file and delete it when no longer needed.
std::string asUserHistory() const
A single (multiline) string composed of asUserString and historyAsString.
virtual bool askUserToAcceptUnknownKey(const std::string &file, const std::string &id, const KeyContext &keycontext=KeyContext())
we DONT know the key, only its id, but we have never seen it, the difference with trust key is that i...
Provide a new empty temporary directory and recursively delete it when no longer needed.
const char * c_str() const
String representation.
virtual bool askUserToAcceptUnsignedFile(const std::string &file, const KeyContext &keycontext=KeyContext())
bool verify(const Pathname &file, const Pathname &signature)
Tries to verify file using signature, returns true on success.
boost::noncopyable NonCopyable
Ensure derived classes cannot be copied.
void importKey(const PublicKey &key, bool trusted=false)
imports a key from a file.
bool empty() const
Is the context unknown?
constexpr static const char * ACCEPT_PACKAGE_KEY_REQUEST
generic reports UserData::type
static void setDefaultAccept(DefaultAccept value_r)
Set the active accept bits.
callback::SendReport< KeyRingSignals > _emitSignal
CachedPublicKeyData cachedPublicKeyData
Functor returning the keyrings data (cached).
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
Follows a signature verification interacting with the user.
static ZConfig & instance()
Singleton ctor.
Easy-to use interface to the ZYPP dependency resolver.
Interim helper class to collect global options and settings.
std::list< PublicKeyData > _data
std::string readSignatureKeyId(const Pathname &signature)
IMPL_PTR_TYPE(Application)
std::list< PublicKey > trustedPublicKeys()
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
std::list< PublicKeyData > listKeys()
Returns a list of all public keys found in the current keyring.
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
filesystem::TmpFile dumpPublicKeyToTmp(const std::string &id, const Pathname &keyring)
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Verifies a file against a signature, with no user interaction.
const std::list< PublicKeyData > & publicKeyData(const Pathname &keyring)
PublicKeyData publicKeyExists(const std::string &id, const Pathname &keyring)
Get PublicKeyData for ID (false if ID is not found).
std::list< PublicKey > publicKeys()
Get a list of public keys in the keyring (incl.
bool isKeyTrusted(const std::string &id)
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
Pathname pubkeyCachePath() const
Path where the pubkey caches.
PublicKey exportPublicKey(const PublicKeyData &keyData)
void importKey(const PublicKey &key, bool trusted=false)
Class representing one GPG Public Key (PublicKeyData + ASCII armored in a tempfile).
std::string fingerprint() const
Key fingerprint.
KeyTrust
User reply options for the askUserToTrustKey callback.
#define for_(IT, BEG, END)
Convenient for-loops using iterator.
Pathname path() const
File containig the ASCII armored key.
std::list< PublicKeyData > trustedPublicKeyData()
Get a list of trusted public key data in the keyring (key data only)
bool empty() const
Test for an empty path.
bool provideAndImportKeyFromRepositoryWorkflow(const std::string &id, const RepoInfo &info)
Try to find the id in key cache or repository specified in info.
@ ACCEPT_VERIFICATION_FAILED
@ KEY_DONT_TRUST
User has chosen not to trust the key.
bool isKeyKnown(const std::string &id)
bool isKeyTrusted(const std::string &id)
true if the key id is trusted
void deleteKey(const std::string &id, bool trusted)
#define ZYPP_CAUGHT(EXCPT)
Drops a logline telling the Exception was caught (in order to handle it).
const std::string & asString() const
String representation.
bool askUserToAcceptPackageKey(const PublicKey &key_r, const KeyContext &keycontext_r=KeyContext())
Ask user to trust and/or import the package key to trusted keyring, using ReportBase::report.
bool set(const std::string &key_r, AnyType val_r)
Set the value for key (nonconst version always returns true).
virtual bool askUserToAcceptVerificationFailed(const std::string &file, const PublicKey &key, const KeyContext &keycontext=KeyContext())
The file filedesc is signed but the verification failed.
filesystem::TmpDir _general_tmp_dir
std::list< PublicKeyData > publicKeyData()
Get a list of public key data in the keyring (key data only)
constexpr static const char * KEYS_NOT_IMPORTED_REPORT
generic reports UserData::type
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
filesystem::TmpDir _trusted_tmp_dir
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
PublicKey exportKey(const std::string &id, const Pathname &keyring)
static bool error(const std::string &msg_r, const UserData &userData_r=UserData())
send error text
std::string id() const
Key ID.
bool verifyFile(const Pathname &file, const Pathname &signature, const Pathname &keyring)
callback::SendReport< target::rpm::KeyRingSignals > _rpmdbEmitSignal