Commit db59674b authored by Ingo Klöcker's avatar Ingo Klöcker
Browse files

Allow certifying a key as trusted introducer for a domain

GnuPG-bug-id: 5245
parent 5bee1e13
......@@ -86,6 +86,9 @@ set(HAVE_QDBUS ${Qt5DBus_FOUND})
find_package(Gpgmepp ${GPGME_REQUIRED_VERSION} CONFIG REQUIRED)
find_package(QGpgme ${GPGME_REQUIRED_VERSION} CONFIG REQUIRED)
if (QGpgme_VERSION VERSION_GREATER_EQUAL "1.15.2")
set(QGPGME_SUPPORTS_TRUST_SIGNATURES 1)
endif()
# Kdepimlibs packages
find_package(KF5Libkleo ${LIBKLEO_VERSION} CONFIG REQUIRED)
......
......@@ -26,3 +26,6 @@
/* DBus available */
#cmakedefine01 HAVE_QDBUS
/* Defined if QGpgME supports trust signatures */
#cmakedefine QGPGME_SUPPORTS_TRUST_SIGNATURES 1
......@@ -88,7 +88,6 @@ CertifyCertificateCommand::Private::Private(CertifyCertificateCommand *qq, KeyLi
dialog(),
job()
{
}
CertifyCertificateCommand::Private::~Private()
......@@ -265,6 +264,12 @@ void CertifyCertificateCommand::Private::slotCertificationPrepared()
// This also came with 1.14.0
job->setDupeOk(true);
#endif
#ifdef QGPGME_SUPPORTS_TRUST_SIGNATURES
if (dialog->trustSignatureSelected() && !dialog->trustSignatureDomain().isEmpty()) {
// always create level 1 trust signatures with complete trust
job->setTrustSignature(TrustSignatureTrust::Complete, 1, dialog->trustSignatureDomain());
}
#endif
if (const Error err = job->start(key())) {
slotResult(err);
......
......@@ -89,9 +89,14 @@ bool CertifyCertificateDialog::exportableCertificationSelected() const
return mCertWidget->exportableSelected();
}
bool CertifyCertificateDialog::trustCertificationSelected() const
bool CertifyCertificateDialog::trustSignatureSelected() const
{
return false;
return mCertWidget->trustSignatureSelected();
}
QString CertifyCertificateDialog::trustSignatureDomain() const
{
return mCertWidget->trustSignatureDomain();
}
bool CertifyCertificateDialog::nonRevocableCertificationSelected() const
......
......@@ -31,7 +31,8 @@ public:
bool exportableCertificationSelected() const;
bool trustCertificationSelected() const;
bool trustSignatureSelected() const;
QString trustSignatureDomain() const;
bool nonRevocableCertificationSelected() const;
......
......@@ -6,6 +6,8 @@
SPDX-License-Identifier: GPL-2.0-or-later
*/
#include <config-kleopatra.h>
#include "certifywidget.h"
#include "kleopatra_debug.h"
......@@ -215,6 +217,8 @@ public:
Private(CertifyWidget *qq)
: q{qq}
, mFprLabel{new QLabel{q}}
, mTrustSignatureCB{new QCheckBox{q}}
, mTrustSignatureDomainLE{new QLineEdit{q}}
{
auto mainLay = new QVBoxLayout(q);
mainLay->addWidget(mFprLabel);
......@@ -281,6 +285,17 @@ public:
infoBtn->setVisible(false);
#endif
#ifndef QGPGME_SUPPORTS_TRUST_SIGNATURES
mTrustSignatureCB->setVisible(false);
mTrustSignatureDomainLE->setVisible(false);
#endif
mTrustSignatureCB->setText(i18n("Certify as trusted introducer"));
mTrustSignatureDomainLE->setPlaceholderText(i18n("Domain"));
mTrustSignatureDomainLE->setEnabled(mTrustSignatureCB->isChecked());
advLay->addWidget(mTrustSignatureCB);
advLay->addWidget(mTrustSignatureDomainLE);
expander->setContentLayout(advLay);
mPublishCB->setEnabled(false);
......@@ -298,6 +313,12 @@ public:
Q_EMIT q->changed();
});
connect(mTrustSignatureCB, &QCheckBox::toggled, q, [this] (bool on) {
mTrustSignatureDomainLE->setEnabled(on);
Q_EMIT q->changed();
});
connect(mTrustSignatureDomainLE, &QLineEdit::textChanged, q, &CertifyWidget::changed);
loadConfig();
}
......@@ -406,6 +427,9 @@ public:
bool isValid() const
{
static const QRegularExpression domainNameRegExp{QStringLiteral(R"(^\s*((xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}\s*$)"),
QRegularExpression::CaseInsensitiveOption};
// do not accept null keys
if (mTarget.isNull() || mSecKeySelect->currentKey().isNull()) {
return false;
......@@ -418,16 +442,21 @@ public:
if (_detail::ByFingerprint<std::equal_to>()(mTarget, mSecKeySelect->currentKey())) {
return false;
}
if (mTrustSignatureCB->isChecked() && !domainNameRegExp.match(mTrustSignatureDomainLE->text()).hasMatch()) {
return false;
}
return true;
}
private:
public:
CertifyWidget *const q;
QLabel *mFprLabel = nullptr;
KeySelectionCombo *mSecKeySelect = nullptr;
QCheckBox *mExportCB = nullptr;
QCheckBox *mPublishCB = nullptr;
QLineEdit *mTagsLE = nullptr;
QCheckBox *mTrustSignatureCB = nullptr;
QLineEdit *mTrustSignatureDomainLE = nullptr;
UserIDModel mUserIDModel;
GpgME::Key mTarget;
......@@ -481,6 +510,16 @@ bool CertifyWidget::publishSelected() const
return d->publishSelected();
}
bool CertifyWidget::trustSignatureSelected() const
{
return d->mTrustSignatureCB->isChecked();
}
QString CertifyWidget::trustSignatureDomain() const
{
return d->mTrustSignatureDomainLE->text().trimmed();
}
bool CertifyWidget::isValid() const
{
return d->isValid();
......
......@@ -53,6 +53,12 @@ public:
/* Should the signed key be be published */
bool publishSelected() const;
/* Whether a trust signature should be created */
bool trustSignatureSelected() const;
/* The domain to use to limit the scope of the trust signature */
QString trustSignatureDomain() const;
bool isValid() const;
Q_SIGNALS:
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment