Commit b31b915a authored by Ingo Klöcker's avatar Ingo Klöcker
Browse files

Abort resolution if mandatory overrides conflict with protocol requirement

GnuPG-bug-id: 5283
parent 62f126bd
......@@ -452,6 +452,49 @@ private Q_SLOTS:
QCOMPARE(resolver.encryptionKeys().value(UnknownProtocol).value("sender-smime@example.net")[0].primaryFingerprint(), override2);
}
void test_reports_failure_if_openpgp_is_requested_but_common_overrides_require_smime()
{
KeyResolverCore resolver(/*encrypt=*/ true, /*sign=*/ false, OpenPGP);
resolver.setRecipients({"sender-mixed@example.net"});
resolver.setOverrideKeys({{UnknownProtocol, {
{QStringLiteral("sender-mixed@example.net"), {testKey("prefer-smime@example.net", CMS).primaryFingerprint()}}
}}});
const bool success = resolver.resolve();
QVERIFY(!success);
QVERIFY(resolver.encryptionKeys().empty());
}
void test_reports_failure_if_smime_is_requested_but_common_overrides_require_openpgp()
{
KeyResolverCore resolver(/*encrypt=*/ true, /*sign=*/ false, CMS);
resolver.setRecipients({"sender-mixed@example.net"});
resolver.setOverrideKeys({{UnknownProtocol, {
{QStringLiteral("sender-mixed@example.net"), {testKey("prefer-openpgp@example.net", OpenPGP).primaryFingerprint()}}
}}});
const bool success = resolver.resolve();
QVERIFY(!success);
QVERIFY(resolver.encryptionKeys().empty());
}
void test_reports_failure_if_mixed_protocols_are_not_allowed_but_required_by_common_overrides()
{
KeyResolverCore resolver(/*encrypt=*/ true, /*sign=*/ false);
resolver.setAllowMixedProtocols(false);
resolver.setRecipients({"sender-mixed@example.net"});
resolver.setOverrideKeys({{UnknownProtocol, {
{QStringLiteral("sender-mixed@example.net"), {
testKey("prefer-openpgp@example.net", OpenPGP).primaryFingerprint(),
testKey("prefer-smime@example.net", CMS).primaryFingerprint()
}}
}}});
const bool success = resolver.resolve();
QVERIFY(!success);
QVERIFY(resolver.encryptionKeys().empty());
}
private:
Key testKey(const char *email, Protocol protocol = UnknownProtocol)
{
......
......@@ -73,6 +73,11 @@ bool allKeysHaveProtocol(const std::vector<Key> &keys, Protocol protocol)
return std::all_of(keys.cbegin(), keys.cend(), [protocol] (const Key &key) { return key.protocol() == protocol; });
}
bool anyKeyHasProtocol(const std::vector<Key> &keys, Protocol protocol)
{
return std::any_of(std::begin(keys), std::end(keys), [protocol] (const Key &key) { return key.protocol() == protocol; });
}
} // namespace
class KeyResolverCore::Private
......@@ -445,6 +450,14 @@ bool hasUnresolvedRecipients(const QMap<QString, QMap<Protocol, std::vector<Key>
return protocolKeysMap.value(protocol).empty();
});
}
bool anyCommonOverrideHasKeyOfType(const QMap<QString, QMap<Protocol, std::vector<Key>>> &encryptionKeys, Protocol protocol)
{
return std::any_of(std::cbegin(encryptionKeys), std::cend(encryptionKeys),
[protocol] (const auto &protocolKeysMap) {
return anyKeyHasProtocol(protocolKeysMap.value(UnknownProtocol), protocol);
});
}
}
bool KeyResolverCore::Private::resolve()
......@@ -458,6 +471,17 @@ bool KeyResolverCore::Private::resolve()
// First resolve through overrides
resolveOverrides();
// check protocols needed for overrides
const bool commonOverridesNeedOpenPGP = anyCommonOverrideHasKeyOfType(mEncKeys, OpenPGP);
const bool commonOverridesNeedCMS = anyCommonOverrideHasKeyOfType(mEncKeys, CMS);
if ((mFormat == OpenPGP && commonOverridesNeedCMS)
|| (mFormat == CMS && commonOverridesNeedOpenPGP)
|| (!mAllowMixed && commonOverridesNeedOpenPGP && commonOverridesNeedCMS)) {
// invalid protocol requirements -> clear intermediate result and abort resolution
mEncKeys.clear();
return false;
}
// Then look for signing / encryption keys
if (mFormat != CMS) {
resolveSign(OpenPGP);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment