Add namespace DeVSCompliance for helpers related to compliance

In the first step, gnupgUsesDeVsCompliance() and gnupgIsDeVsCompliant() are replaced with DeVSCompliance::isActive() and DeVSCompliance::isCompliant(). GnuPG-bug-id: 6073

Add namespace DeVSCompliance for helpers related to compliance
In the first step, gnupgUsesDeVsCompliance() and gnupgIsDeVsCompliant() are replaced with DeVSCompliance::isActive() and DeVSCompliance::isCompliant(). GnuPG-bug-id: 6073
24578a0c · Ingo Klöcker · 2e6cff7b · 24578a0c · 24578a0c · 24578a0c
Commit 24578a0c authored Jul 13, 2022 by Ingo Klöcker
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -79,6 +79,8 @@ target_sources(KF5Libkleo PRIVATE
   utils/classify.h
   utils/compat.cpp
   utils/compat.h
+   utils/compliance.cpp
+   utils/compliance.h
   utils/cryptoconfig.cpp
   utils/cryptoconfig.h
   utils/cryptoconfig_p.h
@@ -257,6 +259,7 @@ ecm_generate_headers(libkleo_CamelCase_utils_HEADERS
  Assuan
  Classify
  Compat
+  Compliance
  CryptoConfig
  FileSystemWatcher
  Formatting

--- a/src/kleo/keyfiltermanager.cpp
+++ b/src/kleo/keyfiltermanager.cpp
@@ -16,6 +16,7 @@
 #include "stl_util.h"

 #include <libkleo/algorithm.h>
+#include <libkleo/compliance.h>
 #include <libkleo/formatting.h>
 #include <libkleo/gnupg.h>

@@ -293,7 +294,7 @@ void KeyFilterManager::reload()
    KSharedConfigPtr config = KSharedConfig::openConfig(QStringLiteral("libkleopatrarc"));

    const QStringList groups = config->groupList().filter(QRegularExpression(QStringLiteral("^Key Filter #\\d+$")));
-    const bool ignoreDeVs = !Kleo::gnupgIsDeVsCompliant();
+    const bool ignoreDeVs = !DeVSCompliance::isCompliant();
    for (QStringList::const_iterator it = groups.begin(); it != groups.end(); ++it) {
        const KConfigGroup cfg(config, *it);
        if (cfg.hasKey("is-de-vs") && ignoreDeVs) {

--- a/src/kleo/keyresolvercore.cpp
+++ b/src/kleo/keyresolvercore.cpp
@@ -21,6 +21,7 @@
 #include "enum.h"
 #include "keygroup.h"

+#include <libkleo/compliance.h>
 #include <libkleo/formatting.h>
 #include <libkleo/gnupg.h>
 #include <libkleo/keycache.h>
@@ -158,7 +159,7 @@ bool KeyResolverCore::Private::isAcceptableSigningKey(const Key &key)
    if (!ValidSigningKey(key)) {
        return false;
    }
-    if (Kleo::gnupgIsDeVsCompliant()) {
+    if (DeVSCompliance::isCompliant()) {
        if (!Formatting::isKeyDeVs(key)) {
            qCDebug(LIBKLEO_LOG) << "Rejected sig key" << key.primaryFingerprint() << "because it is not de-vs compliant.";
            return false;
@@ -173,7 +174,7 @@ bool KeyResolverCore::Private::isAcceptableEncryptionKey(const Key &key, const Q
        return false;
    }

-    if (Kleo::gnupgIsDeVsCompliant()) {
+    if (DeVSCompliance::isCompliant()) {
        if (!Formatting::isKeyDeVs(key)) {
            qCDebug(LIBKLEO_LOG) << "Rejected enc key" << key.primaryFingerprint() << "because it is not de-vs compliant.";
            return false;

--- a/src/ui/cryptoconfigmodule.cpp
+++ b/src/ui/cryptoconfigmodule.cpp
@@ -16,6 +16,7 @@
 #include "directoryserviceswidget.h"
 #include "filenamerequester.h"

+#include <libkleo/compliance.h>
 #include <libkleo/formatting.h>
 #include <libkleo/gnupg.h>
 #include <libkleo/keyserverconfig.h>
@@ -386,7 +387,7 @@ bool offerEntryForConfiguration(QGpgME::CryptoConfigEntry *entry)
        }
    }

-    const bool de_vs = Kleo::gnupgUsesDeVsCompliance();
+    const bool de_vs = DeVSCompliance::isActive();
    // Skip "dangerous" expert options if we are running in CO_DE_VS.
    // Otherwise, skip any options beyond "invisible" (== expert + 1) level.
    const auto maxEntryLevel = de_vs ? QGpgME::CryptoConfigEntry::Level_Advanced //

--- a/src/ui/newkeyapprovaldialog.cpp
+++ b/src/ui/newkeyapprovaldialog.cpp
@@ -16,6 +16,7 @@
 #include "keyselectioncombo.h"
 #include "progressdialog.h"

+#include <libkleo/compliance.h>
 #include <libkleo/debug.h>
 #include <libkleo/defaultkeyfilter.h>
 #include <libkleo/formatting.h>
@@ -823,12 +824,12 @@ public:

        mOkButton->setText(isGenerate ? i18n("Generate") : origOkText);

-        if (!Kleo::gnupgUsesDeVsCompliance()) {
+        if (!DeVSCompliance::isActive()) {
            return;
        }

        // Handle compliance
-        bool de_vs = Kleo::gnupgIsDeVsCompliant();
+        bool de_vs = DeVSCompliance::isCompliant();

        if (de_vs) {
            const GpgME::Protocol protocol = currentProtocol();

--- a/src/utils/compliance.cpp
+++ b/src/utils/compliance.cpp
+/* -*- mode: c++; c-basic-offset:4 -*-
+    utils/compliance.cpp
+
+    This file is part of libkleopatra
+    SPDX-FileCopyrightText: 2022 g10 Code GmbH
+    SPDX-FileContributor: Ingo Klöcker <dev@ingo-kloecker.de>
+
+    SPDX-License-Identifier: GPL-2.0-or-later
+*/
+
+#include <config-libkleo.h>
+
+#include "compliance.h"
+
+#include "cryptoconfig.h"
+#include "gnupg.h"
+
+bool Kleo::DeVSCompliance::isActive()
+{
+    return getCryptoConfigStringValue("gpg", "compliance") == QLatin1String{"de-vs"};
+}
+
+bool Kleo::DeVSCompliance::isCompliant()
+{
+    if (!isActive()) {
+        return false;
+    }
+    // The pseudo option compliance_de_vs was fully added in 2.2.34;
+    // For versions between 2.2.28 and 2.2.33 there was a broken config
+    // value with a wrong type. So for them we add an extra check. This
+    // can be removed in future versions because for GnuPG we could assume
+    // non-compliance for older versions as versions of Kleopatra for
+    // which this matters are bundled with new enough versions of GnuPG anyway.
+    if (engineIsVersion(2, 2, 28) && !engineIsVersion(2, 2, 34)) {
+        return true;
+    }
+    return getCryptoConfigIntValue("gpg", "compliance_de_vs", 0) != 0;
+}
--- a/src/utils/compliance.h
+++ b/src/utils/compliance.h
+/* -*- mode: c++; c-basic-offset:4 -*-
+    utils/compliance.h
+
+    This file is part of libkleopatra
+    SPDX-FileCopyrightText: 2022 g10 Code GmbH
+    SPDX-FileContributor: Ingo Klöcker <dev@ingo-kloecker.de>
+
+    SPDX-License-Identifier: GPL-2.0-or-later
+*/
+
+#pragma once
+
+#include "kleo_export.h"
+
+namespace Kleo::DeVSCompliance
+{
+
+/**
+ * Returns true, if compliance mode "de-vs" is configured for GnuPG.
+ * Note: It does not check whether the used GnuPG is actually compliant.
+ */
+KLEO_EXPORT bool isActive();
+
+/**
+ * Returns true, if compliance mode "de-vs" is configured for GnuPG and if
+ * GnuPG passes a basic compliance check, i.e. at least libgcrypt and the used
+ * RNG are compliant.
+ */
+KLEO_EXPORT bool isCompliant();
+
+}
--- a/src/utils/formatting.cpp
+++ b/src/utils/formatting.cpp
@@ -13,6 +13,7 @@

 #include "formatting.h"

+#include "compliance.h"
 #include "cryptoconfig.h"
 #include "gnupg.h"

@@ -1154,7 +1155,7 @@ QString Formatting::complianceStringForKey(const GpgME::Key &key)
 {
    // There will likely be more in the future for other institutions
    // for now we only have DE-VS
-    if (Kleo::gnupgIsDeVsCompliant()) {
+    if (DeVSCompliance::isCompliant()) {
        if (uidsHaveFullValidity(key) && isKeyDeVs(key)) {
            return i18nc("%1 is a placeholder for the name of a compliance mode. E.g. NATO RESTRICTED compliant or VS-NfD compliant",
                         "May be used for %1 communication.",
@@ -1174,7 +1175,7 @@ QString Formatting::complianceStringShort(const GpgME::Key &key)
 {
    const bool keyValidityChecked = (key.keyListMode() & GpgME::Validate);
    if (keyValidityChecked && Formatting::uidsHaveFullValidity(key)) {
-        if (Kleo::gnupgIsDeVsCompliant() && Formatting::isKeyDeVs(key)) {
+        if (DeVSCompliance::isCompliant() && Formatting::isKeyDeVs(key)) {
            return QStringLiteral("★ ") + deVsString(true);
        }
        return i18nc("As in all user IDs are valid.", "certified");

--- a/src/utils/gnupg.cpp
+++ b/src/utils/gnupg.cpp
@@ -19,6 +19,7 @@

 #include "assuan.h"
 #include "compat.h"
+#include "compliance.h"
 #include "cryptoconfig.h"
 #include "hex.h"

@@ -467,24 +468,12 @@ bool Kleo::gpgComplianceP(const char *mode)

 bool Kleo::gnupgUsesDeVsCompliance()
 {
-    return getCryptoConfigStringValue("gpg", "compliance") == QLatin1String{"de-vs"};
+    return DeVSCompliance::isActive();
 }

 bool Kleo::gnupgIsDeVsCompliant()
 {
-    if (!gnupgUsesDeVsCompliance()) {
-        return false;
-    }
-    // The pseudo option compliance_de_vs was fully added in 2.2.34;
-    // For versions between 2.2.28 and 2.2.33 there was a broken config
-    // value with a wrong type. So for them we add an extra check. This
-    // can be removed in future versions because. For GnuPG we could assume
-    // non-compliance for older versions as versions of Kleopatra for
-    // which this matters are bundled with new enough versions of GnuPG anyway
-    if (engineIsVersion(2, 2, 28) && !engineIsVersion(2, 2, 34)) {
-        return true;
-    }
-    return getCryptoConfigIntValue("gpg", "compliance_de_vs", 0) != 0;
+    return DeVSCompliance::isCompliant();
 }

 enum GpgME::UserID::Validity Kleo::keyValidity(const GpgME::Key &key)

--- a/src/utils/gnupg.h
+++ b/src/utils/gnupg.h
@@ -80,16 +80,15 @@ KLEO_EXPORT bool haveX509DirectoryServerConfigured();
 /* Use gnupgUsesDeVsCompliance() or gnupgIsDeVsCompliant() instead. */
 KLEO_DEPRECATED_EXPORT bool gpgComplianceP(const char *mode);

-/** Returns true, if compliance mode "de-vs" is configured for GnuPG.
- *  Note: It does not check whether the used GnuPG is actually compliant.
+/**
+ * Use Kleo::DeVSCompliance::isActive() instead.
 */
-KLEO_EXPORT bool gnupgUsesDeVsCompliance();
+KLEO_DEPRECATED_EXPORT bool gnupgUsesDeVsCompliance();

-/** Returns true, if compliance mode "de-vs" is configured for GnuPG and if
- *  GnuPG passes a basic compliance check, i.e. at least libgcrypt and the used
- *  RNG are compliant.
+/**
+ * Use Kleo::DeVSCompliance::isCompliant() instead.
 */
-KLEO_EXPORT bool gnupgIsDeVsCompliant();
+KLEO_DEPRECATED_EXPORT bool gnupgIsDeVsCompliant();

 KLEO_EXPORT enum GpgME::UserID::Validity keyValidity(const GpgME::Key &key);