Commit 24578a0c authored by Ingo Klöcker's avatar Ingo Klöcker
Browse files

Add namespace DeVSCompliance for helpers related to compliance

In the first step, gnupgUsesDeVsCompliance() and gnupgIsDeVsCompliant()
are replaced with DeVSCompliance::isActive() and
DeVSCompliance::isCompliant().

GnuPG-bug-id: 6073
parent 2e6cff7b
......@@ -79,6 +79,8 @@ target_sources(KF5Libkleo PRIVATE
utils/classify.h
utils/compat.cpp
utils/compat.h
utils/compliance.cpp
utils/compliance.h
utils/cryptoconfig.cpp
utils/cryptoconfig.h
utils/cryptoconfig_p.h
......@@ -257,6 +259,7 @@ ecm_generate_headers(libkleo_CamelCase_utils_HEADERS
Assuan
Classify
Compat
Compliance
CryptoConfig
FileSystemWatcher
Formatting
......
......@@ -16,6 +16,7 @@
#include "stl_util.h"
#include <libkleo/algorithm.h>
#include <libkleo/compliance.h>
#include <libkleo/formatting.h>
#include <libkleo/gnupg.h>
......@@ -293,7 +294,7 @@ void KeyFilterManager::reload()
KSharedConfigPtr config = KSharedConfig::openConfig(QStringLiteral("libkleopatrarc"));
const QStringList groups = config->groupList().filter(QRegularExpression(QStringLiteral("^Key Filter #\\d+$")));
const bool ignoreDeVs = !Kleo::gnupgIsDeVsCompliant();
const bool ignoreDeVs = !DeVSCompliance::isCompliant();
for (QStringList::const_iterator it = groups.begin(); it != groups.end(); ++it) {
const KConfigGroup cfg(config, *it);
if (cfg.hasKey("is-de-vs") && ignoreDeVs) {
......
......@@ -21,6 +21,7 @@
#include "enum.h"
#include "keygroup.h"
#include <libkleo/compliance.h>
#include <libkleo/formatting.h>
#include <libkleo/gnupg.h>
#include <libkleo/keycache.h>
......@@ -158,7 +159,7 @@ bool KeyResolverCore::Private::isAcceptableSigningKey(const Key &key)
if (!ValidSigningKey(key)) {
return false;
}
if (Kleo::gnupgIsDeVsCompliant()) {
if (DeVSCompliance::isCompliant()) {
if (!Formatting::isKeyDeVs(key)) {
qCDebug(LIBKLEO_LOG) << "Rejected sig key" << key.primaryFingerprint() << "because it is not de-vs compliant.";
return false;
......@@ -173,7 +174,7 @@ bool KeyResolverCore::Private::isAcceptableEncryptionKey(const Key &key, const Q
return false;
}
if (Kleo::gnupgIsDeVsCompliant()) {
if (DeVSCompliance::isCompliant()) {
if (!Formatting::isKeyDeVs(key)) {
qCDebug(LIBKLEO_LOG) << "Rejected enc key" << key.primaryFingerprint() << "because it is not de-vs compliant.";
return false;
......
......@@ -16,6 +16,7 @@
#include "directoryserviceswidget.h"
#include "filenamerequester.h"
#include <libkleo/compliance.h>
#include <libkleo/formatting.h>
#include <libkleo/gnupg.h>
#include <libkleo/keyserverconfig.h>
......@@ -386,7 +387,7 @@ bool offerEntryForConfiguration(QGpgME::CryptoConfigEntry *entry)
}
}
const bool de_vs = Kleo::gnupgUsesDeVsCompliance();
const bool de_vs = DeVSCompliance::isActive();
// Skip "dangerous" expert options if we are running in CO_DE_VS.
// Otherwise, skip any options beyond "invisible" (== expert + 1) level.
const auto maxEntryLevel = de_vs ? QGpgME::CryptoConfigEntry::Level_Advanced //
......
......@@ -16,6 +16,7 @@
#include "keyselectioncombo.h"
#include "progressdialog.h"
#include <libkleo/compliance.h>
#include <libkleo/debug.h>
#include <libkleo/defaultkeyfilter.h>
#include <libkleo/formatting.h>
......@@ -823,12 +824,12 @@ public:
mOkButton->setText(isGenerate ? i18n("Generate") : origOkText);
if (!Kleo::gnupgUsesDeVsCompliance()) {
if (!DeVSCompliance::isActive()) {
return;
}
// Handle compliance
bool de_vs = Kleo::gnupgIsDeVsCompliant();
bool de_vs = DeVSCompliance::isCompliant();
if (de_vs) {
const GpgME::Protocol protocol = currentProtocol();
......
/* -*- mode: c++; c-basic-offset:4 -*-
utils/compliance.cpp
This file is part of libkleopatra
SPDX-FileCopyrightText: 2022 g10 Code GmbH
SPDX-FileContributor: Ingo Klöcker <dev@ingo-kloecker.de>
SPDX-License-Identifier: GPL-2.0-or-later
*/
#include <config-libkleo.h>
#include "compliance.h"
#include "cryptoconfig.h"
#include "gnupg.h"
bool Kleo::DeVSCompliance::isActive()
{
return getCryptoConfigStringValue("gpg", "compliance") == QLatin1String{"de-vs"};
}
bool Kleo::DeVSCompliance::isCompliant()
{
if (!isActive()) {
return false;
}
// The pseudo option compliance_de_vs was fully added in 2.2.34;
// For versions between 2.2.28 and 2.2.33 there was a broken config
// value with a wrong type. So for them we add an extra check. This
// can be removed in future versions because for GnuPG we could assume
// non-compliance for older versions as versions of Kleopatra for
// which this matters are bundled with new enough versions of GnuPG anyway.
if (engineIsVersion(2, 2, 28) && !engineIsVersion(2, 2, 34)) {
return true;
}
return getCryptoConfigIntValue("gpg", "compliance_de_vs", 0) != 0;
}
/* -*- mode: c++; c-basic-offset:4 -*-
utils/compliance.h
This file is part of libkleopatra
SPDX-FileCopyrightText: 2022 g10 Code GmbH
SPDX-FileContributor: Ingo Klöcker <dev@ingo-kloecker.de>
SPDX-License-Identifier: GPL-2.0-or-later
*/
#pragma once
#include "kleo_export.h"
namespace Kleo::DeVSCompliance
{
/**
* Returns true, if compliance mode "de-vs" is configured for GnuPG.
* Note: It does not check whether the used GnuPG is actually compliant.
*/
KLEO_EXPORT bool isActive();
/**
* Returns true, if compliance mode "de-vs" is configured for GnuPG and if
* GnuPG passes a basic compliance check, i.e. at least libgcrypt and the used
* RNG are compliant.
*/
KLEO_EXPORT bool isCompliant();
}
......@@ -13,6 +13,7 @@
#include "formatting.h"
#include "compliance.h"
#include "cryptoconfig.h"
#include "gnupg.h"
......@@ -1154,7 +1155,7 @@ QString Formatting::complianceStringForKey(const GpgME::Key &key)
{
// There will likely be more in the future for other institutions
// for now we only have DE-VS
if (Kleo::gnupgIsDeVsCompliant()) {
if (DeVSCompliance::isCompliant()) {
if (uidsHaveFullValidity(key) && isKeyDeVs(key)) {
return i18nc("%1 is a placeholder for the name of a compliance mode. E.g. NATO RESTRICTED compliant or VS-NfD compliant",
"May be used for %1 communication.",
......@@ -1174,7 +1175,7 @@ QString Formatting::complianceStringShort(const GpgME::Key &key)
{
const bool keyValidityChecked = (key.keyListMode() & GpgME::Validate);
if (keyValidityChecked && Formatting::uidsHaveFullValidity(key)) {
if (Kleo::gnupgIsDeVsCompliant() && Formatting::isKeyDeVs(key)) {
if (DeVSCompliance::isCompliant() && Formatting::isKeyDeVs(key)) {
return QStringLiteral("★ ") + deVsString(true);
}
return i18nc("As in all user IDs are valid.", "certified");
......
......@@ -19,6 +19,7 @@
#include "assuan.h"
#include "compat.h"
#include "compliance.h"
#include "cryptoconfig.h"
#include "hex.h"
......@@ -467,24 +468,12 @@ bool Kleo::gpgComplianceP(const char *mode)
bool Kleo::gnupgUsesDeVsCompliance()
{
return getCryptoConfigStringValue("gpg", "compliance") == QLatin1String{"de-vs"};
return DeVSCompliance::isActive();
}
bool Kleo::gnupgIsDeVsCompliant()
{
if (!gnupgUsesDeVsCompliance()) {
return false;
}
// The pseudo option compliance_de_vs was fully added in 2.2.34;
// For versions between 2.2.28 and 2.2.33 there was a broken config
// value with a wrong type. So for them we add an extra check. This
// can be removed in future versions because. For GnuPG we could assume
// non-compliance for older versions as versions of Kleopatra for
// which this matters are bundled with new enough versions of GnuPG anyway
if (engineIsVersion(2, 2, 28) && !engineIsVersion(2, 2, 34)) {
return true;
}
return getCryptoConfigIntValue("gpg", "compliance_de_vs", 0) != 0;
return DeVSCompliance::isCompliant();
}
enum GpgME::UserID::Validity Kleo::keyValidity(const GpgME::Key &key)
......
......@@ -80,16 +80,15 @@ KLEO_EXPORT bool haveX509DirectoryServerConfigured();
/* Use gnupgUsesDeVsCompliance() or gnupgIsDeVsCompliant() instead. */
KLEO_DEPRECATED_EXPORT bool gpgComplianceP(const char *mode);
/** Returns true, if compliance mode "de-vs" is configured for GnuPG.
* Note: It does not check whether the used GnuPG is actually compliant.
/**
* Use Kleo::DeVSCompliance::isActive() instead.
*/
KLEO_EXPORT bool gnupgUsesDeVsCompliance();
KLEO_DEPRECATED_EXPORT bool gnupgUsesDeVsCompliance();
/** Returns true, if compliance mode "de-vs" is configured for GnuPG and if
* GnuPG passes a basic compliance check, i.e. at least libgcrypt and the used
* RNG are compliant.
/**
* Use Kleo::DeVSCompliance::isCompliant() instead.
*/
KLEO_EXPORT bool gnupgIsDeVsCompliant();
KLEO_DEPRECATED_EXPORT bool gnupgIsDeVsCompliant();
KLEO_EXPORT enum GpgME::UserID::Validity keyValidity(const GpgME::Key &key);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment