35 #undef ZYPP_BASE_LOGGER_LOGGROUP
36 #define ZYPP_BASE_LOGGER_LOGGROUP "zypp::KeyRing"
39 #define GPG_BINARY "/usr/bin/gpg2"
53 {
return _keyRingDefaultAccept; }
57 MIL <<
"Set new KeyRing::DefaultAccept: " << value_r << endl;
58 _keyRingDefaultAccept = value_r;
92 struct CachedPublicKeyData
94 const std::list<PublicKeyData> & operator()(
const Pathname & keyring_r )
const
95 {
return getData( keyring_r ); }
103 Cache(
const Cache & rhs ) {}
105 void assertCache(
const Pathname & keyring_r )
114 bool hasChanged()
const
128 typedef std::map<Pathname,Cache> CacheMap;
130 const std::list<PublicKeyData> & getData(
const Pathname & keyring_r )
const
134 cache.assertCache( keyring_r );
135 return getData( keyring_r, cache );
138 const std::list<PublicKeyData> & getData(
const Pathname & keyring_r, Cache & cache_r )
const
140 if ( cache_r.hasChanged() )
145 "--list-public-keys",
146 "--homedir", keyring_r.c_str(),
147 "--no-default-keyring",
151 "--with-fingerprint",
160 PublicKeyScanner scanner;
162 for( std::string line = prog.receiveLine(); !line.empty(); line = prog.receiveLine() )
164 scanner.scan( line );
168 cache_r._data.swap( scanner._keys );
169 MIL <<
"Found keys: " << cache_r._data << endl;
171 return cache_r._data;
186 Impl(
const Pathname & baseTmpDir )
191 MIL <<
"Current KeyRing::DefaultAccept: " << _keyRingDefaultAccept << endl;
195 void multiKeyImport(
const Pathname & keyfile_r,
bool trusted_r =
false );
196 void deleteKey(
const std::string &
id,
bool trusted );
215 void dumpPublicKey(
const std::string &
id,
bool trusted, std::ostream & stream )
231 bool verifyFile(
const Pathname & file,
const Pathname & signature,
const Pathname & keyring );
232 void importKey(
const Pathname & keyfile,
const Pathname & keyring );
237 void dumpPublicKey(
const std::string &
id,
const Pathname & keyring, std::ostream & stream );
240 void deleteKey(
const std::string &
id,
const Pathname & keyring );
242 std::list<PublicKey>
publicKeys(
const Pathname & keyring);
279 rpmdbEmitSignal->trustedKeyAdded( key );
280 emitSignal->trustedKeyAdded( key );
286 importKey( keyfile_r, trusted_r ? trustedKeyRing() : generalKeyRing() );
295 key = exportKey(
id, trustedKeyRing() );
298 deleteKey(
id, trusted ? trustedKeyRing() : generalKeyRing() );
305 rpmdbEmitSignal->trustedKeyRemoved( key );
306 emitSignal->trustedKeyRemoved( key );
312 MIL <<
"Searching key [" <<
id <<
"] in keyring " << keyring << endl;
316 if ( key.providesKey(
id ) )
327 return PublicKey( dumpPublicKeyToTmp( keyData.
id(), keyring ), keyData );
334 return PublicKey( dumpPublicKeyToTmp( keyData.
id(), keyring ), keyData );
337 WAR <<
"No key " <<
id <<
" to export from " << keyring << endl;
349 "--homedir", keyring.asString().c_str(),
350 "--no-default-keyring",
354 "--no-permission-warning",
370 MIL <<
"Going to export key " <<
id <<
" from " << keyring <<
" to " << tmpFile.
path() << endl;
372 std::ofstream os( tmpFile.
path().
c_str() );
383 MIL <<
"Going to verify signature for " << filedesc <<
" ( " << file <<
" ) with " << signature << endl;
386 if( signature.empty() || (!PathInfo( signature ).isExist()) )
388 bool res = report->askUserToAcceptUnsignedFile( filedesc, context );
389 MIL <<
"askUserToAcceptUnsignedFile: " << res << endl;
397 PublicKeyData trustedKeyData( publicKeyExists(
id, trustedKeyRing() ) );
398 if ( trustedKeyData )
400 MIL <<
"Key is trusted: " << trustedKeyData << endl;
404 PublicKeyData generalKeyData( publicKeyExists(
id, generalKeyRing() ) );
405 if ( generalKeyData )
418 MIL <<
"Key was updated. Saving new version into trusted keyring: " << generalKeyData << endl;
419 importKey( exportKey( generalKeyData, generalKeyRing() ),
true );
420 trustedKeyData = publicKeyExists(
id, trustedKeyRing() );
425 report->infoVerify( filedesc, trustedKeyData, context );
426 if ( verifyFile( file, signature, trustedKeyRing() ) )
428 return (sigValid_r=
true);
432 bool res = report->askUserToAcceptVerificationFailed( filedesc, exportKey( trustedKeyData, trustedKeyRing() ), context );
433 MIL <<
"askUserToAcceptVerificationFailed: " << res << endl;
439 PublicKeyData generalKeyData( publicKeyExists(
id, generalKeyRing() ) );
440 if ( generalKeyData )
442 PublicKey key( exportKey( generalKeyData, generalKeyRing() ) );
443 MIL <<
"Exported key " <<
id <<
" to " << key.
path() << endl;
444 MIL <<
"Key " <<
id <<
" " << key.
name() <<
" is not trusted" << endl;
451 MIL <<
"User wants to trust key " <<
id <<
" " << key.
name() << endl;
453 Pathname whichKeyring;
456 MIL <<
"User wants to import key " <<
id <<
" " << key.
name() << endl;
458 whichKeyring = trustedKeyRing();
461 whichKeyring = generalKeyRing();
464 report->infoVerify( filedesc, generalKeyData, context );
465 if ( verifyFile( file, signature, whichKeyring ) )
467 return (sigValid_r=
true);
471 bool res = report->askUserToAcceptVerificationFailed( filedesc, key, context );
472 MIL <<
"askUserToAcceptVerificationFailed: " << res << endl;
478 MIL <<
"User does not want to trust key " <<
id <<
" " << key.
name() << endl;
485 MIL <<
"File [" << file <<
"] ( " << filedesc <<
" ) signed with unknown key [" <<
id <<
"]" << endl;
486 bool res = report->askUserToAcceptUnknownKey( filedesc,
id, context );
487 MIL <<
"askUserToAcceptUnknownKey: " << res << endl;
496 const std::list<PublicKeyData> & keys(
publicKeyData( keyring ) );
497 std::list<PublicKey> ret;
499 for_( it, keys.begin(), keys.end() )
501 PublicKey key( exportKey( *it, keyring ) );
502 ret.push_back( key );
503 MIL <<
"Found key " << key << endl;
510 if ( ! PathInfo( keyfile ).isExist() )
514 % keyring.asString() ));
520 "--homedir", keyring.asString().c_str(),
521 "--no-default-keyring",
525 "--no-permission-warning",
527 keyfile.asString().c_str(),
541 "--homedir", keyring.asString().c_str(),
542 "--no-default-keyring",
554 int code = prog.
close();
558 MIL <<
"Deleted key " <<
id <<
" from keyring " << keyring << endl;
563 if ( ! PathInfo( signature ).isFile() )
566 MIL <<
"Determining key id of signature " << signature << endl;
571 signature.asString().c_str(),
587 static const str::regex rxKeyId(
" keyid +([0-9A-Z]+)" );
594 MIL <<
"Determined key id [" <<
id <<
"] for signature " << signature << endl;
605 "--homedir", keyring.asString().c_str(),
606 "--no-default-keyring",
612 signature.asString().c_str(),
613 file.asString().c_str(),
629 return ( prog.
close() == 0 ) ?
true :
false;
void importKey(const PublicKey &key, bool trusted=false)
imports a key from a file.
const std::list< PublicKeyData > & publicKeyData()
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Export a trusted public key identified by its key data.
PublicKey exportPublicKey(const PublicKeyData &keyData)
const Pathname trustedKeyRing() const
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
void deleteKey(const std::string &id, bool trusted)
PublicKey exportKey(const std::string &id, const Pathname &keyring)
bool isKeyTrusted(const std::string &id)
#define ZYPP_THROW(EXCPT)
Drops a logline and throws the Exception.
const std::list< PublicKeyData > & trustedPublicKeyData()
This basically means, we knew the key, but it was not trusted.
PublicKey exportPublicKey(const PublicKeyData &keyData)
Export a public key identified by its key data.
Class representing one GPG Public Keys data.
bool isKeyKnown(const std::string &id)
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
PublicKeyData publicKeyExists(const std::string &id, const Pathname &keyring)
Get PublicKeyData for ID (false if ID is not found).
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
std::list< PublicKey > trustedPublicKeys()
Get a list of trusted public keys in the keyring (incl.
bool verifyFile(const Pathname &file, const Pathname &signature, const Pathname &keyring)
virtual bool askUserToAcceptUnsignedFile(const std::string &file, const KeyContext &keycontext=KeyContext())
KeyRing(const Pathname &baseTmpDir)
Default ctor.
std::list< PublicKeyData > trustedPublicKeyData()
Get a list of trusted public key data in the keyring (key data only)
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
Follows a signature verification interacting with the user.
#define for_(IT, BEG, END)
Convenient for-loops using iterator.
Provide a new empty temporary file and delete it when no longer needed.
virtual bool askUserToAcceptUnknownKey(const std::string &file, const std::string &id, const KeyContext &keycontext=KeyContext())
we DONT know the key, only its id, but we have never seen it, the difference with trust key is that i...
CachedPublicKeyData cachedPublicKeyData
Functor returning the keyrings data (cached).
virtual void infoVerify(const std::string &file_r, const PublicKeyData &keyData_r, const KeyContext &keycontext=KeyContext())
Informal callback showing the trusted key that will be used for verification.
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
KeyTrust
User reply options for the askUserToTrustKey callback.
Pathname path() const
File containig the ASCII armored key.
static void setDefaultAccept(DefaultAccept value_r)
Set the active accept bits.
Provide a new empty temporary directory and recursively delete it when no longer needed.
filesystem::TmpDir _trusted_tmp_dir
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Execute a program and give access to its io An object of this class encapsulates the execution of an ...
std::list< PublicKeyData > _data
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
filesystem::TmpFile dumpPublicKeyToTmp(const std::string &id, const Pathname &keyring)
const char * c_str() const
String representation.
std::string fingerprint() const
Key fingerprint.
IMPL_PTR_TYPE(Application)
std::list< PublicKey > trustedPublicKeys()
scoped_ptr< WatchFile > _keyringP
bool startsWith(const C_Str &str_r, const C_Str &prefix_r)
alias for hasPrefix
void importKey(const PublicKey &key, bool trusted=false)
std::string receiveLine()
Read one line from the input stream.
Impl(const Pathname &baseTmpDir)
bool isKeyKnown(const std::string &id)
true if the key id is knows, that means at least exist on the untrusted keyring
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Initial import from RpmDb.
const Pathname generalKeyRing() const
User has chosen not to trust the key.
int close()
Wait for the progamm to complete.
virtual KeyTrust askUserToAcceptKey(const PublicKey &key, const KeyContext &keycontext=KeyContext())
Ask user to trust and/or import the key to trusted keyring.
scoped_ptr< WatchFile > _keyringK
static DefaultAccept defaultAccept()
Get the active accept bits.
RW_pointer< Impl > _pimpl
Pointer to implementation.
Regular expression match result.
Class representing one GPG Public Key (PublicKeyData + ASCII armored in a tempfile).
std::list< PublicKeyData > publicKeyData()
Get a list of public key data in the keyring (key data only)
Base class for Exception.
std::list< PublicKey > publicKeys()
std::string id() const
Key ID.
void deleteKey(const std::string &id, bool trusted=false)
removes a key from the keyring.
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
bool regex_match(const std::string &s, smatch &matches, const regex ®ex)
regex ZYPP_STR_REGEX regex ZYPP_STR_REGEX
const std::list< PublicKeyData > & publicKeyData(const Pathname &keyring)
bool isKeyTrusted(const std::string &id)
true if the key id is trusted
Date created() const
Creation / last modification date (latest selfsig).
std::string readSignatureKeyId(const Pathname &signature)
reads the public key id from a signature
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Verifies a file against a signature, with no user interaction.
std::string readSignatureKeyId(const Pathname &signature)
virtual bool askUserToAcceptVerificationFailed(const std::string &file, const PublicKey &key, const KeyContext &keycontext=KeyContext())
The file filedesc is signed but the verification failed.
std::list< PublicKey > publicKeys()
Get a list of public keys in the keyring (incl.
filesystem::TmpDir _general_tmp_dir