Commit a556440d authored by Ingo Klöcker's avatar Ingo Klöcker
Browse files

Make de-vs compliance checks more rigid

Deprecate Formatting::complianceMode() and make all using code use one
of the new helpers for checking de-vs compliance of GnuPG.

The general rule is: If GnuPG doesn't pass the basic de-vs compliance
check, then it makes no sense to label anything as de-vs compliant.

GnuPG-bug-id: 5362
parent d430be63
......@@ -910,6 +910,7 @@ private Q_SLOTS:
const KeyResolver::Solution alternativeSolution = {};
Tests::FakeCryptoConfigStringValue fakeCompliance{"gpg", "compliance", QStringLiteral("de-vs")};
Tests::FakeCryptoConfigIntValue fakeDeVsCompliance{"gpg", "compliance_de_vs", 1};
const auto dialog = std::make_unique<NewKeyApprovalDialog>(true,
true,
sender,
......@@ -941,6 +942,7 @@ private Q_SLOTS:
const KeyResolver::Solution alternativeSolution = {};
Tests::FakeCryptoConfigStringValue fakeCompliance{"gpg", "compliance", QStringLiteral("de-vs")};
Tests::FakeCryptoConfigIntValue fakeDeVsCompliance{"gpg", "compliance_de_vs", 1};
const auto dialog = std::make_unique<NewKeyApprovalDialog>(true,
true,
sender,
......@@ -972,6 +974,7 @@ private Q_SLOTS:
const KeyResolver::Solution alternativeSolution = {};
Tests::FakeCryptoConfigStringValue fakeCompliance{"gpg", "compliance", QStringLiteral("de-vs")};
Tests::FakeCryptoConfigIntValue fakeDeVsCompliance{"gpg", "compliance_de_vs", 1};
const auto dialog = std::make_unique<NewKeyApprovalDialog>(true,
true,
sender,
......
......@@ -15,6 +15,7 @@
#include "libkleo_debug.h"
#include "utils/formatting.h"
#include "utils/gnupg.h"
#include <KConfig>
#include <KConfigGroup>
......@@ -251,7 +252,7 @@ void KeyFilterManager::reload()
KSharedConfigPtr config = KSharedConfig::openConfig(QStringLiteral("libkleopatrarc"));
const QStringList groups = config->groupList().filter(QRegularExpression(QStringLiteral("^Key Filter #\\d+$")));
bool ignoreDeVs = Formatting::complianceMode() != QLatin1String("de-vs");
const bool ignoreDeVs = !Kleo::gnupgIsDeVsCompliant();
for (QStringList::const_iterator it = groups.begin(); it != groups.end(); ++it) {
const KConfigGroup cfg(config, *it);
if (cfg.hasKey("is-de-vs") && ignoreDeVs) {
......
......@@ -20,6 +20,7 @@
#include "kleo/keygroup.h"
#include "models/keycache.h"
#include "utils/formatting.h"
#include "utils/gnupg.h"
#include <gpgme++/key.h>
......@@ -103,7 +104,6 @@ public:
, mCache(KeyCache::instance())
, mPreferredProtocol(UnknownProtocol)
, mMinimumValidity(UserID::Marginal)
, mCompliance(Formatting::complianceMode())
{
}
......@@ -143,7 +143,6 @@ public:
bool mAllowMixed = true;
Protocol mPreferredProtocol;
int mMinimumValidity;
QString mCompliance;
};
bool KeyResolverCore::Private::isAcceptableSigningKey(const Key &key)
......@@ -151,7 +150,7 @@ bool KeyResolverCore::Private::isAcceptableSigningKey(const Key &key)
if (!ValidSigningKey(key)) {
return false;
}
if (mCompliance == QLatin1String("de-vs")) {
if (Kleo::gnupgIsDeVsCompliant()) {
if (!Formatting::isKeyDeVs(key)) {
qCDebug(LIBKLEO_LOG) << "Rejected sig key" << key.primaryFingerprint()
<< "because it is not de-vs compliant.";
......@@ -167,7 +166,7 @@ bool KeyResolverCore::Private::isAcceptableEncryptionKey(const Key &key, const Q
return false;
}
if (mCompliance == QLatin1String("de-vs")) {
if (Kleo::gnupgIsDeVsCompliant()) {
if (!Formatting::isKeyDeVs(key)) {
qCDebug(LIBKLEO_LOG) << "Rejected enc key" << key.primaryFingerprint()
<< "because it is not de-vs compliant.";
......
......@@ -14,6 +14,7 @@
#include "filenamerequester.h"
#include "kleo/keyserverconfig.h"
#include "utils/gnupg.h"
#include <qgpgme/cryptoconfig.h>
......@@ -412,7 +413,7 @@ Kleo::CryptoConfigGroupGUI::CryptoConfigGroupGUI(
QGridLayout *glay, QWidget *widget)
: QObject(module), mGroup(group)
{
const bool de_vs = Kleo::Formatting::complianceMode() == QLatin1String("de-vs");
const bool de_vs = Kleo::gnupgUsesDeVsCompliance();
const int startRow = glay->rowCount();
const QStringList entries = mGroup->entryList();
for (QStringList::const_iterator it = entries.begin(), end = entries.end(); it != end; ++it) {
......
......@@ -15,6 +15,7 @@
#include "progressdialog.h"
#include "kleo/defaultkeyfilter.h"
#include "utils/formatting.h"
#include "utils/gnupg.h"
#include <KLocalizedString>
#include <KMessageBox>
......@@ -815,29 +816,31 @@ public:
mOkButton->setText(isGenerate ? i18n("Generate") : origOkText);
if (Formatting::complianceMode() != QLatin1String("de-vs")) {
if (!Kleo::gnupgUsesDeVsCompliance()) {
return;
}
// Handle compliance
bool de_vs = true;
bool de_vs = Kleo::gnupgIsDeVsCompliant();
const Protocol protocol = currentProtocol();
if (de_vs) {
const Protocol protocol = currentProtocol();
for (const auto combo: std::as_const(mAllCombos)) {
if (!combo->isVisible()) {
continue;
}
const auto key = combo->currentKey();
if (key.isNull()) {
continue;
}
if (protocol != UnknownProtocol && key.protocol() != protocol) {
continue;
}
if (!Formatting::isKeyDeVs(key) || keyValidity(key) < GpgME::UserID::Validity::Full) {
de_vs = false;
break;
for (const auto combo: std::as_const(mAllCombos)) {
if (!combo->isVisible()) {
continue;
}
const auto key = combo->currentKey();
if (key.isNull()) {
continue;
}
if (protocol != UnknownProtocol && key.protocol() != protocol) {
continue;
}
if (!Formatting::isKeyDeVs(key) || keyValidity(key) < GpgME::UserID::Validity::Full) {
de_vs = false;
break;
}
}
}
......
......@@ -17,6 +17,7 @@
#include "kleo/keygroup.h"
#include "utils/cryptoconfig.h"
#include "utils/gnupg.h"
#include <gpgme++/key.h>
#include <gpgme++/importresult.h>
......@@ -1114,7 +1115,7 @@ QString Formatting::complianceStringForKey(const GpgME::Key &key)
{
// There will likely be more in the future for other institutions
// for now we only have DE-VS
if (complianceMode() == QLatin1String("de-vs")) {
if (Kleo::gnupgIsDeVsCompliant()) {
if (uidsHaveFullValidity(key) && isKeyDeVs(key)) {
return i18nc("%1 is a placeholder for the name of a compliance mode. E.g. NATO RESTRICTED compliant or VS-NfD compliant",
"May be used for %1 communication.", deVsString());
......@@ -1130,8 +1131,7 @@ QString Formatting::complianceStringShort(const GpgME::Key &key)
{
const bool keyValidityChecked = (key.keyListMode() & GpgME::Validate);
if (keyValidityChecked && Formatting::uidsHaveFullValidity(key)) {
if (complianceMode() == QLatin1String("de-vs")
&& Formatting::isKeyDeVs(key)) {
if (Kleo::gnupgIsDeVsCompliant() && Formatting::isKeyDeVs(key)) {
return QStringLiteral("★ ") + deVsString(true);
}
return i18nc("As in all user IDs are valid.", "certified");
......
......@@ -130,8 +130,10 @@ KLEO_EXPORT QIcon iconForUid(const GpgME::UserID &uid);
KLEO_EXPORT bool uidsHaveFullValidity(const GpgME::Key &key);
/* The compliance mode of the gnupg system. Empty if compliance
* mode is not set. */
KLEO_EXPORT QString complianceMode();
* mode is not set.
* Use Kleo::gnupgComplianceMode() instead.
*/
KLEO_DEPRECATED_EXPORT QString complianceMode();
/* Is the given key in compliance with CO_DE_VS? */
KLEO_EXPORT bool isKeyDeVs(const GpgME::Key &key);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment