Commit da7567ea authored by Ingo Klöcker's avatar Ingo Klöcker
Browse files

Make de-vs compliance checks more rigid

Change using code of deprecated Kleo::gpgComplianceP() and
Kleo::Formatting::complianceMode() to use the new helpers
Kleo::gnupgUsesDeVsCompliance() or Kleo::gnupgIsDeVsCompliant().

The general rule is: If GnuPG doesn't pass the basic de-vs compliance
check, then it makes no sense to label anything as de-vs compliant.

GnuPG-bug-id: 5362
parent 2bc6ba82
......@@ -30,7 +30,7 @@ option(DISABLE_KWATCHGNUPG "Don't build the kwatchgnupg tool [default=OFF]" OFF)
# Standalone build. Find / include everything necessary.
set(KF5_MIN_VERSION "5.87.0")
set(KMIME_VERSION "5.18.40")
set(LIBKLEO_VERSION "5.18.42")
set(LIBKLEO_VERSION "5.18.43")
set(QT_REQUIRED_VERSION "5.15.2")
set(GPGME_REQUIRED_VERSION "1.13.1")
set(BOOST_REQUIRED_VERSION "1.58")
......
......@@ -269,7 +269,7 @@ static QString formatSigningInformation(const Signature &sig)
}
text += i18n("With certificate:") + QStringLiteral("<br>") + renderKey(key);
if (Kleo::gpgComplianceP("de-vs")) {
if (Kleo::gnupgIsDeVsCompliant()) {
text +=
(QStringLiteral("<br/>")
+ (IS_DE_VS(sig)
......@@ -573,7 +573,7 @@ static QString formatDecryptionResultDetails(const DecryptionResult &res, const
QString details;
if (Kleo::gpgComplianceP("de-vs")) {
if (Kleo::gnupgIsDeVsCompliant()) {
details += ((IS_DE_VS(res)
? i18nc("%1 is a placeholder for the name of a compliance mode. E.g. NATO RESTRICTED compliant or VS-NfD compliant",
"The decryption is %1.", Formatting::deVsString())
......
......@@ -246,6 +246,9 @@ private:
void updateComplianceStatus()
{
if (!Kleo::gnupgIsDeVsCompliant()) {
return;
}
if (q->selectedProtocol() == UnknownProtocol ||
(q->resolvedSigningKeys().empty() && q->resolvedEncryptionKeys().empty())) {
return;
......@@ -286,9 +289,7 @@ private:
void updateDialogStatus()
{
ui.setOkButtonEnabled(q->isComplete());
if (Kleo::gpgComplianceP("de-vs")) {
updateComplianceStatus();
}
updateComplianceStatus();
}
void slotCompleteChanged()
{
......
......@@ -354,8 +354,8 @@ private Q_SLOTS:
auto btn = mParent->button(QWizard::CommitButton);
if (!label.isEmpty()) {
mParent->setButtonText(QWizard::CommitButton, label);
if (Kleo::gpgComplianceP("de-vs")) {
bool de_vs = mWidget->isDeVsAndValid();
if (Kleo::gnupgUsesDeVsCompliance()) {
const bool de_vs = Kleo::gnupgIsDeVsCompliant() && mWidget->isDeVsAndValid();
btn->setIcon(QIcon::fromTheme(de_vs
? QStringLiteral("security-high")
: QStringLiteral("security-medium")));
......@@ -454,7 +454,7 @@ SignEncryptFilesWizard::SignEncryptFilesWizard(QWidget *parent, Qt::WindowFlags
{
readConfig();
bool de_vs = Kleo::gpgComplianceP("de-vs");
const bool de_vs = Kleo::gnupgUsesDeVsCompliance();
#ifdef Q_OS_WIN
// Enforce modern style to avoid vista style ugliness.
setWizardStyle(QWizard::ModernStyle);
......
......@@ -393,11 +393,12 @@ void NewSignEncryptEMailController::startResolveCertificates(const std::vector<M
d->dialog->pickProtocol();
d->dialog->setConflict(conflict);
const bool compliant = !Kleo::gpgComplianceP("de-vs") || is_de_vs_compliant(d->sign,
d->encrypt,
senders,
recipients,
d->presetProtocol);
const bool compliant = !Kleo::gnupgUsesDeVsCompliance() ||
(Kleo::gnupgIsDeVsCompliant() && is_de_vs_compliant(d->sign,
d->encrypt,
senders,
recipients,
d->presetProtocol));
if (quickMode && !conflict && compliant) {
QMetaObject::invokeMethod(this, "slotDialogAccepted", Qt::QueuedConnection);
......
......@@ -28,6 +28,7 @@
#include <Libkleo/Formatting>
#include <Libkleo/Dn>
#include <Libkleo/KeyCache>
#include <Libkleo/GnuPG>
#include <KLocalizedString>
......@@ -410,7 +411,7 @@ void CertificateDetailsWidget::Private::setupCommonProperties()
ui.type->setText(Kleo::Formatting::type(key));
ui.fingerprint->setText(Formatting::prettyID(key.primaryFingerprint()));
if (Kleo::Formatting::complianceMode().isEmpty()) {
if (!Kleo::gnupgIsDeVsCompliant()) {
HIDE_ROW(compliance)
} else {
ui.complianceLbl->setText(Kleo::Formatting::complianceStringForKey(key));
......
......@@ -1712,7 +1712,7 @@ void AdvancedSettingsDialog::fillKeySizeComboBoxen()
const KConfigGroup config(KSharedConfig::openConfig(), "CertificateCreationWizard");
QList<int> rsaKeySizes = config.readEntry(RSA_KEYSIZES_ENTRY, QList<int>() << 2048 << -3072 << 4096);
if (Kleo::gpgComplianceP("de-vs")) {
if (Kleo::gnupgUsesDeVsCompliance()) {
rsaKeySizes = config.readEntry(RSA_KEYSIZES_ENTRY, QList<int>() << -3072 << 4096);
}
const QList<int> dsaKeySizes = config.readEntry(DSA_KEYSIZES_ENTRY, QList<int>() << -2048);
......@@ -1860,7 +1860,7 @@ void AdvancedSettingsDialog::updateWidgetVisibility()
ui.ecdsaRB->setText(QStringLiteral("ECDSA/EdDSA"));
}
bool deVsHack = Kleo::gpgComplianceP("de-vs");
const bool deVsHack = Kleo::gnupgUsesDeVsCompliance();
if (deVsHack) {
// GnuPG Provides no API to query which keys are compliant for
......
......@@ -464,8 +464,8 @@ public:
mCryptBtn->setDisabled(true);
}
if (Kleo::gpgComplianceP("de-vs")) {
bool de_vs = mSigEncWidget->isDeVsAndValid();
if (Kleo::gnupgUsesDeVsCompliance()) {
const bool de_vs = Kleo::gnupgIsDeVsCompliant() && mSigEncWidget->isDeVsAndValid();
mCryptBtn->setIcon(QIcon::fromTheme(de_vs
? QStringLiteral("security-high")
: QStringLiteral("security-medium")));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment