libzypp  17.6.3
KeyRing.cc
Go to the documentation of this file.
1 /*---------------------------------------------------------------------\
2 | ____ _ __ __ ___ |
3 | |__ / \ / / . \ . \ |
4 | / / \ V /| _/ _/ |
5 | / /__ | | | | | | |
6 | /_____||_| |_| |_| |
7 | |
8 \---------------------------------------------------------------------*/
12 #include <iostream>
13 #include <fstream>
14 #include <sys/file.h>
15 #include <cstdio>
16 #include <unistd.h>
17 
18 #include "zypp/TmpPath.h"
19 #include "zypp/ZYppFactory.h"
20 #include "zypp/ZYpp.h"
21 
22 #include "zypp/base/LogTools.h"
23 #include "zypp/base/IOStream.h"
24 #include "zypp/base/String.h"
25 #include "zypp/base/Regex.h"
26 #include "zypp/base/Gettext.h"
27 #include "zypp/base/WatchFile.h"
28 #include "zypp/PathInfo.h"
29 #include "zypp/KeyRing.h"
30 #include "zypp/ExternalProgram.h"
31 #include "zypp/TmpPath.h"
32 #include "zypp/ZYppCallbacks.h" // JobReport::instance
33 #include "zypp/KeyManager.h"
34 
35 using std::endl;
36 
37 #undef ZYPP_BASE_LOGGER_LOGGROUP
38 #define ZYPP_BASE_LOGGER_LOGGROUP "zypp::KeyRing"
39 
41 namespace zypp
42 {
43 
44  IMPL_PTR_TYPE(KeyRing);
45 
46  namespace
47  {
48  KeyRing::DefaultAccept _keyRingDefaultAccept( KeyRing::ACCEPT_NOTHING );
49  }
50 
51  KeyRing::DefaultAccept KeyRing::defaultAccept()
52  { return _keyRingDefaultAccept; }
53 
54  void KeyRing::setDefaultAccept( DefaultAccept value_r )
55  {
56  MIL << "Set new KeyRing::DefaultAccept: " << value_r << endl;
57  _keyRingDefaultAccept = value_r;
58  }
59 
60  void KeyRingReport::infoVerify( const std::string & file_r, const PublicKeyData & keyData_r, const KeyContext & keycontext )
61  {}
62 
63  bool KeyRingReport::askUserToAcceptUnsignedFile( const std::string & file, const KeyContext & keycontext )
64  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNSIGNED_FILE ); }
65 
66  KeyRingReport::KeyTrust
67  KeyRingReport::askUserToAcceptKey( const PublicKey & key, const KeyContext & keycontext )
68  {
69  if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_KEY_TEMPORARILY ) )
70  return KEY_TRUST_TEMPORARILY;
71  if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_AND_IMPORT_KEY ) )
72  return KEY_TRUST_AND_IMPORT;
73  return KEY_DONT_TRUST;
74  }
75 
76  bool KeyRingReport::askUserToAcceptUnknownKey( const std::string & file, const std::string & id, const KeyContext & keycontext )
77  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNKNOWNKEY ); }
78 
79  bool KeyRingReport::askUserToAcceptVerificationFailed( const std::string & file, const PublicKey & key, const KeyContext & keycontext )
80  { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_VERIFICATION_FAILED ); }
81 
82  bool KeyRingReport::askUserToAcceptPackageKey(const PublicKey &key_r, const KeyContext &keycontext_r)
83  {
84  UserData data(ACCEPT_PACKAGE_KEY_REQUEST);
85  data.set("PublicKey", key_r);
86  data.set("KeyContext", keycontext_r);
87  report(data);
88 
89  if ( data.hasvalue("TrustKey") )
90  return data.get<bool>("TrustKey");
91  return false;
92  }
93 
94  void KeyRingReport::reportNonImportedKeys(const std::set<Edition> &keys_r)
95  {
96  UserData data(KEYS_NOT_IMPORTED_REPORT);
97  data.set("Keys", keys_r);
98  report(data);
99  }
100 
101  namespace
102  {
110  struct CachedPublicKeyData : private base::NonCopyable
111  {
112  const std::list<PublicKeyData> & operator()( const Pathname & keyring_r ) const
113  { return getData( keyring_r ); }
114 
115  void setDirty( const Pathname & keyring_r )
116  { _cacheMap[keyring_r].setDirty(); }
117 
118  private:
119  struct Cache
120  {
121  Cache() {}
122 
123  void setDirty()
124  {
125  _keyringK.reset();
126  _keyringP.reset();
127  }
128 
129  void assertCache( const Pathname & keyring_r )
130  {
131  // .kbx since gpg2-2.1
132  if ( !_keyringK )
133  _keyringK.reset( new WatchFile( keyring_r/"pubring.kbx", WatchFile::NO_INIT ) );
134  if ( !_keyringP )
135  _keyringP.reset( new WatchFile( keyring_r/"pubring.gpg", WatchFile::NO_INIT ) );
136  }
137 
138  bool hasChanged() const
139  {
140  bool k = _keyringK->hasChanged(); // be sure both files are checked
141  bool p = _keyringP->hasChanged();
142  return k || p;
143  }
144 
145  std::list<PublicKeyData> _data;
146 
147  private:
148  scoped_ptr<WatchFile> _keyringK;
149  scoped_ptr<WatchFile> _keyringP;
150  };
151 
152  typedef std::map<Pathname,Cache> CacheMap;
153 
154  const std::list<PublicKeyData> & getData( const Pathname & keyring_r ) const
155  {
156  Cache & cache( _cacheMap[keyring_r] );
157  // init new cache entry
158  cache.assertCache( keyring_r );
159  return getData( keyring_r, cache );
160  }
161 
162  const std::list<PublicKeyData> & getData( const Pathname & keyring_r, Cache & cache_r ) const
163  {
164  if ( cache_r.hasChanged() ) {
165  shared_ptr<KeyManagerCtx> ctx = KeyManagerCtx::createForOpenPGP();
166  if (ctx) {
167  if (ctx->setHomedir(keyring_r)) {
168  std::list<PublicKeyData> foundKeys = ctx->listKeys();
169  cache_r._data.swap(foundKeys);
170  }
171  }
172  MIL << "Found keys: " << cache_r._data << endl;
173  }
174  return cache_r._data;
175  }
176 
177  mutable CacheMap _cacheMap;
178  };
180  }
181 
183  //
184  // CLASS NAME : KeyRing::Impl
185  //
187  struct KeyRing::Impl
188  {
189  Impl( const Pathname & baseTmpDir )
190  : _trusted_tmp_dir( baseTmpDir, "zypp-trusted-kr" )
191  , _general_tmp_dir( baseTmpDir, "zypp-general-kr" )
192  , _base_dir( baseTmpDir )
193  {
194  MIL << "Current KeyRing::DefaultAccept: " << _keyRingDefaultAccept << endl;
195  }
196 
197  void importKey( const PublicKey & key, bool trusted = false );
198  void multiKeyImport( const Pathname & keyfile_r, bool trusted_r = false );
199  void deleteKey( const std::string & id, bool trusted );
200 
201  std::string readSignatureKeyId( const Pathname & signature );
202 
203  bool isKeyTrusted( const std::string & id )
204  { return bool(publicKeyExists( id, trustedKeyRing() )); }
205  bool isKeyKnown( const std::string & id )
206  { return publicKeyExists( id, trustedKeyRing() ) || publicKeyExists( id, generalKeyRing() ); }
207 
208  std::list<PublicKey> trustedPublicKeys()
209  { return publicKeys( trustedKeyRing() ); }
210  std::list<PublicKey> publicKeys()
211  { return publicKeys( generalKeyRing() ); }
212 
213  const std::list<PublicKeyData> & trustedPublicKeyData()
214  { return publicKeyData( trustedKeyRing() ); }
215  const std::list<PublicKeyData> & publicKeyData()
216  { return publicKeyData( generalKeyRing() ); }
217 
218  void dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
219  { dumpPublicKey( id, ( trusted ? trustedKeyRing() : generalKeyRing() ), stream ); }
220 
221  PublicKey exportPublicKey( const PublicKeyData & keyData )
222  { return exportKey( keyData, generalKeyRing() ); }
223  PublicKey exportTrustedPublicKey( const PublicKeyData & keyData )
224  { return exportKey( keyData, trustedKeyRing() ); }
225 
226  bool verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & keycontext = KeyContext());
227 
228  bool verifyFileSignature( const Pathname & file, const Pathname & signature )
229  { return verifyFile( file, signature, generalKeyRing() ); }
230  bool verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
231  { return verifyFile( file, signature, trustedKeyRing() ); }
232 
233  PublicKeyData trustedPublicKeyExists( const std::string & id )
234  { return publicKeyExists(id, trustedKeyRing());}
235 
236  private:
237  bool verifyFile( const Pathname & file, const Pathname & signature, const Pathname & keyring );
238  void importKey( const Pathname & keyfile, const Pathname & keyring );
239 
240  PublicKey exportKey( const std::string & id, const Pathname & keyring );
241  PublicKey exportKey( const PublicKeyData & keyData, const Pathname & keyring );
242  PublicKey exportKey( const PublicKey & key, const Pathname & keyring )
243  { return exportKey( key.keyData(), keyring ); }
244 
245  void dumpPublicKey( const std::string & id, const Pathname & keyring, std::ostream & stream );
246  filesystem::TmpFile dumpPublicKeyToTmp( const std::string & id, const Pathname & keyring );
247 
248  void deleteKey( const std::string & id, const Pathname & keyring );
249 
250  std::list<PublicKey> publicKeys( const Pathname & keyring);
251  const std::list<PublicKeyData> & publicKeyData( const Pathname & keyring )
252  { return cachedPublicKeyData( keyring ); }
253 
255  PublicKeyData publicKeyExists( const std::string & id, const Pathname & keyring );
256 
257  const Pathname generalKeyRing() const
258  { return _general_tmp_dir.path(); }
259  const Pathname trustedKeyRing() const
260  { return _trusted_tmp_dir.path(); }
261 
262  // Used for trusted and untrusted keyrings
263  filesystem::TmpDir _trusted_tmp_dir;
264  filesystem::TmpDir _general_tmp_dir;
265  Pathname _base_dir;
266 
267  private:
273  CachedPublicKeyData cachedPublicKeyData;
274  };
276 
277  namespace
278  {
280  struct ImportKeyCBHelper
281  {
282  void operator()( const PublicKey & key_r )
283  {
284  try {
285  _rpmdbEmitSignal->trustedKeyAdded( key_r );
286  _emitSignal->trustedKeyAdded( key_r );
287  }
288  catch ( const Exception & excp )
289  {
290  ERR << "Could not import key into rpmdb: " << excp << endl;
291  // TODO: JobReport as hotfix for bsc#1057188; should bubble up and go through some callback
292  JobReport::error( excp.asUserHistory() );
293  }
294  }
295 
296  private:
297  callback::SendReport<target::rpm::KeyRingSignals> _rpmdbEmitSignal;
298  callback::SendReport<KeyRingSignals> _emitSignal;
299  };
300  } // namespace
301 
302 
303  void KeyRing::Impl::importKey( const PublicKey & key, bool trusted )
304  {
305  importKey( key.path(), trusted ? trustedKeyRing() : generalKeyRing() );
306  MIL << "Imported key " << key << " to " << (trusted ? "trustedKeyRing" : "generalKeyRing" ) << endl;
307 
308  if ( trusted )
309  {
310  ImportKeyCBHelper emitSignal;
311  if ( key.hiddenKeys().empty() )
312  {
313  emitSignal( key );
314  }
315  else
316  {
317  // multiple keys: Export individual keys ascii armored to import in rpmdb
318  emitSignal( exportKey( key, trustedKeyRing() ) );
319  for ( const PublicKeyData & hkey : key.hiddenKeys() )
320  emitSignal( exportKey( hkey, trustedKeyRing() ) );
321  }
322  }
323  }
324 
325  void KeyRing::Impl::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
326  {
327  importKey( keyfile_r, trusted_r ? trustedKeyRing() : generalKeyRing() );
328  }
329 
330  void KeyRing::Impl::deleteKey( const std::string & id, bool trusted )
331  {
332  PublicKeyData keyDataToDel( publicKeyExists( id, trusted ? trustedKeyRing() : generalKeyRing() ) );
333  if ( ! keyDataToDel )
334  {
335  WAR << "Key to delete [" << id << "] is not in " << (trusted ? "trustedKeyRing" : "generalKeyRing" ) << endl;
336  return;
337  }
338  deleteKey( id, trusted ? trustedKeyRing() : generalKeyRing() );
339  MIL << "Deleted key [" << id << "] from " << (trusted ? "trustedKeyRing" : "generalKeyRing" ) << endl;
340 
341  if ( trusted )
342  try {
343  PublicKey key( keyDataToDel );
344 
345  callback::SendReport<target::rpm::KeyRingSignals> rpmdbEmitSignal;
346  rpmdbEmitSignal->trustedKeyRemoved( key );
347 
348  callback::SendReport<KeyRingSignals> emitSignal;
349  emitSignal->trustedKeyRemoved( key );
350  }
351  catch ( const Exception & excp )
352  {
353  ERR << "Could not delete key from rpmmdb: " << excp << endl;
354  // TODO: JobReport as hotfix for bsc#1057188; should bubble up and go through some callback
355  JobReport::error( excp.asUserHistory() );
356  }
357  }
358 
359  PublicKeyData KeyRing::Impl::publicKeyExists( const std::string & id, const Pathname & keyring )
360  {
361  PublicKeyData ret;
362  for ( const PublicKeyData & key : publicKeyData( keyring ) )
363  {
364  if ( key.providesKey( id ) )
365  {
366  ret = key;
367  break;
368  }
369  }
370  MIL << (ret ? "Found" : "No") << " key [" << id << "] in keyring " << keyring << endl;
371  return ret;
372  }
373 
374  PublicKey KeyRing::Impl::exportKey( const PublicKeyData & keyData, const Pathname & keyring )
375  {
376  return PublicKey( dumpPublicKeyToTmp( keyData.id(), keyring ), keyData );
377  }
378 
379  PublicKey KeyRing::Impl::exportKey( const std::string & id, const Pathname & keyring )
380  {
381  PublicKeyData keyData( publicKeyExists( id, keyring ) );
382  if ( keyData )
383  return PublicKey( dumpPublicKeyToTmp( keyData.id(), keyring ), keyData );
384 
385  // Here: key not found
386  WAR << "No key [" << id << "] to export from " << keyring << endl;
387  return PublicKey();
388  }
389 
390 
391  void KeyRing::Impl::dumpPublicKey( const std::string & id, const Pathname & keyring, std::ostream & stream )
392  {
393  KeyManagerCtx::Ptr ctx = KeyManagerCtx::createForOpenPGP();
394  if (!ctx || !ctx->setHomedir(keyring))
395  return;
396  ctx->exportKey(id, stream);
397  }
398 
399  filesystem::TmpFile KeyRing::Impl::dumpPublicKeyToTmp( const std::string & id, const Pathname & keyring )
400  {
401  filesystem::TmpFile tmpFile( _base_dir, "pubkey-"+id+"-" );
402  MIL << "Going to export key [" << id << "] from " << keyring << " to " << tmpFile.path() << endl;
403 
404  std::ofstream os( tmpFile.path().c_str() );
405  dumpPublicKey( id, keyring, os );
406  os.close();
407  return tmpFile;
408  }
409 
410  bool KeyRing::Impl::verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & context )
411  {
412  sigValid_r = false; // set true if signature is actually successfully validated!
413 
414  callback::SendReport<KeyRingReport> report;
415  MIL << "Going to verify signature for " << filedesc << " ( " << file << " ) with " << signature << endl;
416 
417  // if signature does not exists, ask user if he wants to accept unsigned file.
418  if( signature.empty() || (!PathInfo( signature ).isExist()) )
419  {
420  bool res = report->askUserToAcceptUnsignedFile( filedesc, context );
421  MIL << "askUserToAcceptUnsignedFile: " << res << endl;
422  return res;
423  }
424 
425  // get the id of the signature (it might be a subkey id!)
426  std::string id = readSignatureKeyId( signature );
427 
428  // does key exists in trusted keyring
429  PublicKeyData trustedKeyData( publicKeyExists( id, trustedKeyRing() ) );
430  if ( trustedKeyData )
431  {
432  MIL << "Key is trusted: " << trustedKeyData << endl;
433 
434  // lets look if there is an updated key in the
435  // general keyring
436  PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) );
437  if ( generalKeyData )
438  {
439  // bnc #393160: Comment #30: Compare at least the fingerprint
440  // in case an attacker created a key the the same id.
441  //
442  // FIXME: bsc#1008325: For keys using subkeys, we'd actually need
443  // to compare the subkey sets, to tell whether a key was updated.
444  // because created() remains unchanged if the primary key is not touched.
445  // For now we wait until a new subkey signs the data and treat it as a
446  // new key (else part below).
447  if ( trustedKeyData.fingerprint() == generalKeyData.fingerprint()
448  && trustedKeyData.created() < generalKeyData.created() )
449  {
450  MIL << "Key was updated. Saving new version into trusted keyring: " << generalKeyData << endl;
451  importKey( exportKey( generalKeyData, generalKeyRing() ), true );
452  trustedKeyData = publicKeyExists( id, trustedKeyRing() ); // re-read: invalidated by import?
453  }
454  }
455 
456  // it exists, is trusted, does it validate?
457  report->infoVerify( filedesc, trustedKeyData, context );
458  if ( verifyFile( file, signature, trustedKeyRing() ) )
459  {
460  return (sigValid_r=true); // signature is actually successfully validated!
461  }
462  else
463  {
464  bool res = report->askUserToAcceptVerificationFailed( filedesc, exportKey( trustedKeyData, trustedKeyRing() ), context );
465  MIL << "askUserToAcceptVerificationFailed: " << res << endl;
466  return res;
467  }
468  }
469  else
470  {
471  PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) );
472  if ( generalKeyData )
473  {
474  PublicKey key( exportKey( generalKeyData, generalKeyRing() ) );
475  MIL << "Key [" << id << "] " << key.name() << " is not trusted" << endl;
476 
477  // ok the key is not trusted, ask the user to trust it or not
478  KeyRingReport::KeyTrust reply = report->askUserToAcceptKey( key, context );
479  if ( reply == KeyRingReport::KEY_TRUST_TEMPORARILY ||
480  reply == KeyRingReport::KEY_TRUST_AND_IMPORT )
481  {
482  MIL << "User wants to trust key [" << id << "] " << key.name() << endl;
483 
484  Pathname whichKeyring;
485  if ( reply == KeyRingReport::KEY_TRUST_AND_IMPORT )
486  {
487  MIL << "User wants to import key [" << id << "] " << key.name() << endl;
488  importKey( key, true );
489  whichKeyring = trustedKeyRing();
490  }
491  else
492  whichKeyring = generalKeyRing();
493 
494  // does it validate?
495  report->infoVerify( filedesc, generalKeyData, context );
496  if ( verifyFile( file, signature, whichKeyring ) )
497  {
498  return (sigValid_r=true); // signature is actually successfully validated!
499  }
500  else
501  {
502  bool res = report->askUserToAcceptVerificationFailed( filedesc, key, context );
503  MIL << "askUserToAcceptVerificationFailed: " << res << endl;
504  return res;
505  }
506  }
507  else
508  {
509  MIL << "User does not want to trust key [" << id << "] " << key.name() << endl;
510  return false;
511  }
512  }
513  else
514  {
515  // signed with an unknown key...
516  MIL << "File [" << file << "] ( " << filedesc << " ) signed with unknown key [" << id << "]" << endl;
517  bool res = report->askUserToAcceptUnknownKey( filedesc, id, context );
518  MIL << "askUserToAcceptUnknownKey: " << res << endl;
519  return res;
520  }
521  }
522  return false;
523  }
524 
525  std::list<PublicKey> KeyRing::Impl::publicKeys( const Pathname & keyring )
526  {
527  const std::list<PublicKeyData> & keys( publicKeyData( keyring ) );
528  std::list<PublicKey> ret;
529 
530  for_( it, keys.begin(), keys.end() )
531  {
532  PublicKey key( exportKey( *it, keyring ) );
533  ret.push_back( key );
534  MIL << "Found key " << key << endl;
535  }
536  return ret;
537  }
538 
539  void KeyRing::Impl::importKey( const Pathname & keyfile, const Pathname & keyring )
540  {
541  if ( ! PathInfo( keyfile ).isExist() )
542  // TranslatorExplanation first %s is key name, second is keyring name
543  ZYPP_THROW(KeyRingException( str::Format(_("Tried to import not existent key %s into keyring %s"))
544  % keyfile.asString()
545  % keyring.asString() ));
546 
547  KeyManagerCtx::Ptr ctx = KeyManagerCtx::createForOpenPGP();
548  if(!ctx || !ctx->setHomedir(keyring))
549  ZYPP_THROW(KeyRingException(_("Failed to import key.")));
550 
551  cachedPublicKeyData.setDirty( keyring );
552  if(!ctx->importKey(keyfile))
553  ZYPP_THROW(KeyRingException(_("Failed to import key.")));
554  }
555 
556  void KeyRing::Impl::deleteKey( const std::string & id, const Pathname & keyring )
557  {
558  KeyManagerCtx::Ptr ctx = KeyManagerCtx::createForOpenPGP();
559  if(!ctx) {
560  ZYPP_THROW(KeyRingException(_("Failed to delete key.")));
561  }
562 
563  if(!ctx->setHomedir(keyring)) {
564  ZYPP_THROW(KeyRingException(_("Failed to delete key.")));
565  }
566 
567  if(!ctx->deleteKey(id)){
568  ZYPP_THROW(KeyRingException(_("Failed to delete key.")));
569  }
570 
571  cachedPublicKeyData.setDirty( keyring );
572  }
573 
574  std::string KeyRing::Impl::readSignatureKeyId( const Pathname & signature )
575  {
576  if ( ! PathInfo( signature ).isFile() )
577  ZYPP_THROW(KeyRingException( str::Format(_("Signature file %s not found")) % signature.asString() ));
578 
579  MIL << "Determining key id of signature " << signature << endl;
580 
581  KeyManagerCtx::Ptr ctx = KeyManagerCtx::createForOpenPGP();
582  if(!ctx) {
583  return std::string();
584  }
585 
586  std::list<std::string> fprs = ctx->readSignatureFingerprints(signature);
587  if (fprs.size()) {
588  std::string &id = fprs.back();
589  MIL << "Determined key id [" << id << "] for signature " << signature << endl;
590  return id;
591  }
592  return std::string();
593  }
594 
595  bool KeyRing::Impl::verifyFile( const Pathname & file, const Pathname & signature, const Pathname & keyring )
596  {
597  KeyManagerCtx::Ptr ctx = KeyManagerCtx::createForOpenPGP();
598  if (!ctx || !ctx->setHomedir(keyring))
599  return false;
600 
601  return ctx->verify(file, signature);
602  }
603 
605 
607  //
608  // CLASS NAME : KeyRing
609  //
611 
612  KeyRing::KeyRing( const Pathname & baseTmpDir )
613  : _pimpl( new Impl( baseTmpDir ) )
614  {}
615 
616  KeyRing::~KeyRing()
617  {}
618 
619 
620  void KeyRing::importKey( const PublicKey & key, bool trusted )
621  { _pimpl->importKey( key, trusted ); }
622 
623  void KeyRing::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
624  { _pimpl->multiKeyImport( keyfile_r, trusted_r ); }
625 
626  std::string KeyRing::readSignatureKeyId( const Pathname & signature )
627  { return _pimpl->readSignatureKeyId( signature ); }
628 
629  void KeyRing::deleteKey( const std::string & id, bool trusted )
630  { _pimpl->deleteKey( id, trusted ); }
631 
632  std::list<PublicKey> KeyRing::publicKeys()
633  { return _pimpl->publicKeys(); }
634 
635  std:: list<PublicKey> KeyRing::trustedPublicKeys()
636  { return _pimpl->trustedPublicKeys(); }
637 
638  std::list<PublicKeyData> KeyRing::publicKeyData()
639  { return _pimpl->publicKeyData(); }
640 
641  std::list<PublicKeyData> KeyRing::trustedPublicKeyData()
642  { return _pimpl->trustedPublicKeyData(); }
643 
644  PublicKeyData KeyRing::trustedPublicKeyData(const std::string &id_r)
645  { return _pimpl->trustedPublicKeyExists( id_r ); }
646 
647  bool KeyRing::verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & keycontext )
648  { return _pimpl->verifyFileSignatureWorkflow( file, filedesc, signature, sigValid_r, keycontext ); }
649 
650  bool KeyRing::verifyFileSignatureWorkflow( const Pathname & file, const std::string filedesc, const Pathname & signature, const KeyContext & keycontext )
651  { bool unused; return _pimpl->verifyFileSignatureWorkflow( file, filedesc, signature, unused, keycontext ); }
652 
653  bool KeyRing::verifyFileSignature( const Pathname & file, const Pathname & signature )
654  { return _pimpl->verifyFileSignature( file, signature ); }
655 
656  bool KeyRing::verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
657  { return _pimpl->verifyFileTrustedSignature( file, signature ); }
658 
659  void KeyRing::dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
660  { _pimpl->dumpPublicKey( id, trusted, stream ); }
661 
662  PublicKey KeyRing::exportPublicKey( const PublicKeyData & keyData )
663  { return _pimpl->exportPublicKey( keyData ); }
664 
665  PublicKey KeyRing::exportTrustedPublicKey( const PublicKeyData & keyData )
666  { return _pimpl->exportTrustedPublicKey( keyData ); }
667 
668  bool KeyRing::isKeyTrusted( const std::string & id )
669  { return _pimpl->isKeyTrusted( id ); }
670 
671  bool KeyRing::isKeyKnown( const std::string & id )
672  { return _pimpl->isKeyKnown( id ); }
673 
675 } // namespace zypp
zypp::KeyRing::importKey
void importKey(const PublicKey &key, bool trusted=false)
imports a key from a file.
Definition: KeyRing.cc:620
zypp::KeyRing::Impl::publicKeyData
const std::list< PublicKeyData > & publicKeyData()
Definition: KeyRing.cc:215
Gettext.h
Interface to gettext.
zypp::KeyManagerCtx::createForOpenPGP
static Ptr createForOpenPGP()
Creates a new KeyManagerCtx for PGP.
Definition: KeyManager.cc:193
MIL
#define MIL
Definition: Logger.h:64
zypp::KeyRing::exportTrustedPublicKey
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Export a trusted public key identified by its key data.
Definition: KeyRing.cc:665
zypp::KeyRing::Impl::exportPublicKey
PublicKey exportPublicKey(const PublicKeyData &keyData)
Definition: KeyRing.cc:221
zypp::KeyRing::Impl::dumpPublicKey
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
Definition: KeyRing.cc:218
zypp::KeyRing::Impl::deleteKey
void deleteKey(const std::string &id, bool trusted)
Definition: KeyRing.cc:330
zypp::KeyRing::Impl::exportKey
PublicKey exportKey(const std::string &id, const Pathname &keyring)
Definition: KeyRing.cc:379
zypp::JobReport::error
static bool error(const std::string &msg_r, const UserData &userData_r=UserData())
send error text
Definition: ZYppCallbacks.h:823
zypp::KeyRing::Impl::isKeyTrusted
bool isKeyTrusted(const std::string &id)
Definition: KeyRing.cc:203
zypp::PublicKey::hiddenKeys
const std::list< PublicKeyData > & hiddenKeys() const
Additional keys data in case the ASCII armored blob containes multiple keys.
Definition: PublicKey.cc:515
ZYPP_THROW
#define ZYPP_THROW(EXCPT)
Drops a logline and throws the Exception.
Definition: Exception.h:392
zypp::KeyRing::Impl::trustedPublicKeyData
const std::list< PublicKeyData > & trustedPublicKeyData()
Definition: KeyRing.cc:213
zypp::PublicKey::keyData
const PublicKeyData & keyData() const
The public keys data (.
Definition: PublicKey.cc:509
zypp::PublicKey::name
std::string name() const
Definition: PublicKey.cc:521
zypp::KeyRing::Impl::exportKey
PublicKey exportKey(const PublicKey &key, const Pathname &keyring)
Definition: KeyRing.cc:242
zypp::KeyRingReport::KEY_TRUST_TEMPORARILY
This basically means, we knew the key, but it was not trusted.
Definition: KeyRing.h:61
zypp::KeyRing::exportPublicKey
PublicKey exportPublicKey(const PublicKeyData &keyData)
Export a public key identified by its key data.
Definition: KeyRing.cc:662
zypp::PublicKeyData
Class representing one GPG Public Keys data.
Definition: PublicKey.h:139
zypp::KeyRing::Impl::isKeyKnown
bool isKeyKnown(const std::string &id)
Definition: KeyRing.cc:205
zypp::KeyRingReport::reportNonImportedKeys
void reportNonImportedKeys(const std::set< Edition > &keys_r)
Notify the user about keys that were not imported from the rpm key database into zypp keyring...
Definition: KeyRing.cc:94
zypp::KeyRing::dumpPublicKey
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
Definition: KeyRing.cc:659
zypp::KeyRing::Impl::publicKeyExists
PublicKeyData publicKeyExists(const std::string &id, const Pathname &keyring)
Get PublicKeyData for ID (false if ID is not found).
Definition: KeyRing.cc:359
zypp::KeyRing::Impl::multiKeyImport
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Definition: KeyRing.cc:325
zypp::KeyRing::trustedPublicKeys
std::list< PublicKey > trustedPublicKeys()
Get a list of trusted public keys in the keyring (incl.
Definition: KeyRing.cc:635
zypp::KeyRing::Impl::verifyFile
bool verifyFile(const Pathname &file, const Pathname &signature, const Pathname &keyring)
Definition: KeyRing.cc:595
zypp::KeyRingReport::askUserToAcceptUnsignedFile
virtual bool askUserToAcceptUnsignedFile(const std::string &file, const KeyContext &keycontext=KeyContext())
Definition: KeyRing.cc:63
zypp::filesystem::Pathname::c_str
const char * c_str() const
String representation.
Definition: Pathname.h:109
zypp::KeyRing::KeyRing
KeyRing(const Pathname &baseTmpDir)
Default ctor.
Definition: KeyRing.cc:612
scoped_ptr
zypp::KeyRing::trustedPublicKeyData
std::list< PublicKeyData > trustedPublicKeyData()
Get a list of trusted public key data in the keyring (key data only)
Definition: KeyRing.cc:641
zypp::KeyRing::verifyFileSignatureWorkflow
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
Follows a signature verification interacting with the user.
Definition: KeyRing.cc:647
zypp::KeyRingReport::askUserToAcceptPackageKey
bool askUserToAcceptPackageKey(const PublicKey &key_r, const KeyContext &keycontext_r=KeyContext())
Ask user to trust and/or import the package key to trusted keyring, using ReportBase::report.
Definition: KeyRing.cc:82
for_
#define for_(IT, BEG, END)
Convenient for-loops using iterator.
Definition: Easy.h:27
zypp::filesystem::TmpPath::path
Pathname path() const
Definition: TmpPath.cc:146
zypp::str::Format
Convenient building of std::string with boost::format.
Definition: String.h:251
zypp::filesystem::TmpFile
Provide a new empty temporary file and delete it when no longer needed.
Definition: TmpPath.h:127
zypp::KeyRingReport::askUserToAcceptUnknownKey
virtual bool askUserToAcceptUnknownKey(const std::string &file, const std::string &id, const KeyContext &keycontext=KeyContext())
we DONT know the key, only its id, but we have never seen it, the difference with trust key is that i...
Definition: KeyRing.cc:76
zypp::KeyRing::Impl::cachedPublicKeyData
CachedPublicKeyData cachedPublicKeyData
Functor returning the keyrings data (cached).
Definition: KeyRing.cc:273
ERR
#define ERR
Definition: Logger.h:66
_rpmdbEmitSignal
callback::SendReport< target::rpm::KeyRingSignals > _rpmdbEmitSignal
Definition: KeyRing.cc:297
zypp::WatchFile
Remember a files attributes to detect content changes.
Definition: WatchFile.h:49
zypp::KeyRingReport::infoVerify
virtual void infoVerify(const std::string &file_r, const PublicKeyData &keyData_r, const KeyContext &keycontext=KeyContext())
Informal callback showing the trusted key that will be used for verification.
Definition: KeyRing.cc:60
zypp::KeyRing::Impl::exportTrustedPublicKey
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Definition: KeyRing.cc:223
zypp::KeyRingReport::KeyTrust
KeyTrust
User reply options for the askUserToTrustKey callback.
Definition: KeyRing.h:51
zypp::filesystem::Pathname::empty
bool empty() const
Test for an empty path.
Definition: Pathname.h:113
zypp::KeyRing::~KeyRing
~KeyRing()
Dtor.
Definition: KeyRing.cc:616
zypp::base::NonCopyable
boost::noncopyable NonCopyable
Ensure derived classes cannot be copied.
Definition: NonCopyable.h:26
zypp::PublicKeyData::created
Date created() const
Creation / last modification date (latest selfsig).
Definition: PublicKey.cc:301
zypp::KeyRing::Impl::trustedPublicKeyExists
PublicKeyData trustedPublicKeyExists(const std::string &id)
Definition: KeyRing.cc:233
zypp::KeyRing::setDefaultAccept
static void setDefaultAccept(DefaultAccept value_r)
Set the active accept bits.
Definition: KeyRing.cc:54
zypp::filesystem::TmpDir
Provide a new empty temporary directory and recursively delete it when no longer needed.
Definition: TmpPath.h:177
zypp::KeyRing::Impl::_trusted_tmp_dir
filesystem::TmpDir _trusted_tmp_dir
Definition: KeyRing.cc:263
zypp::KeyRing::Impl::verifyFileSignature
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:228
_data
std::list< PublicKeyData > _data
Definition: KeyRing.cc:145
zypp::callback::UserData::set
bool set(const std::string &key_r, AnyType val_r)
Set the value for key (nonconst version always returns true).
Definition: UserData.h:118
zypp::filesystem::Pathname::asString
const std::string & asString() const
String representation.
Definition: Pathname.h:90
zypp::KeyRing::Impl::verifyFileSignatureWorkflow
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
Definition: KeyRing.cc:410
zypp::filesystem::PathInfo::isExist
bool isExist() const
Return whether valid stat info exists.
Definition: PathInfo.h:281
zypp::Exception::asUserHistory
std::string asUserHistory() const
A single (multiline) string composed of asUserString and historyAsString.
Definition: Exception.cc:91
zypp::KeyRing::Impl::generalKeyRing
const Pathname generalKeyRing() const
Definition: KeyRing.cc:257
zypp::KeyRing::Impl::dumpPublicKeyToTmp
filesystem::TmpFile dumpPublicKeyToTmp(const std::string &id, const Pathname &keyring)
Definition: KeyRing.cc:399
WAR
#define WAR
Definition: Logger.h:65
zypp::IMPL_PTR_TYPE
IMPL_PTR_TYPE(Application)
zypp::KeyRing::Impl
KeyRing implementation.
Definition: KeyRing.cc:187
zypp::KeyRing::Impl::trustedPublicKeys
std::list< PublicKey > trustedPublicKeys()
Definition: KeyRing.cc:208
_keyringP
scoped_ptr< WatchFile > _keyringP
Definition: KeyRing.cc:149
zypp::KeyRing::Impl::importKey
void importKey(const PublicKey &key, bool trusted=false)
Definition: KeyRing.cc:303
shared_ptr
_
#define _(MSG)
Definition: Gettext.h:29
zypp::KeyRing::Impl::Impl
Impl(const Pathname &baseTmpDir)
Definition: KeyRing.cc:189
zypp::KeyRing::isKeyKnown
bool isKeyKnown(const std::string &id)
true if the key id is knows, that means at least exist on the untrusted keyring
Definition: KeyRing.cc:671
zypp::KeyRing::Impl::_base_dir
Pathname _base_dir
Definition: KeyRing.cc:265
zypp::KeyRing::multiKeyImport
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Initial import from RpmDb.
Definition: KeyRing.cc:623
zypp::PublicKeyData::fingerprint
std::string fingerprint() const
Key fingerprint.
Definition: PublicKey.cc:298
zypp::KeyRingReport::askUserToAcceptKey
virtual KeyTrust askUserToAcceptKey(const PublicKey &key, const KeyContext &keycontext=KeyContext())
Ask user to trust and/or import the key to trusted keyring.
Definition: KeyRing.cc:67
_keyringK
scoped_ptr< WatchFile > _keyringK
Definition: KeyRing.cc:148
zypp::KeyRing::defaultAccept
static DefaultAccept defaultAccept()
Get the active accept bits.
Definition: KeyRing.cc:51
zypp::KeyRing::_pimpl
RW_pointer< Impl > _pimpl
Pointer to implementation.
Definition: KeyRing.h:329
zypp::PublicKey
Class representing one GPG Public Key (PublicKeyData + ASCII armored in a tempfile).
Definition: PublicKey.h:272
zypp::KeyRing::publicKeyData
std::list< PublicKeyData > publicKeyData()
Get a list of public key data in the keyring (key data only)
Definition: KeyRing.cc:638
zypp::Exception
Base class for Exception.
Definition: Exception.h:145
zypp::PublicKey::path
Pathname path() const
File containig the ASCII armored key.
Definition: PublicKey.cc:512
zypp::PublicKeyData::id
std::string id() const
Key ID.
Definition: PublicKey.cc:292
zypp::callback::UserData::get
const Tp & get(const std::string &key_r) const
Pass back a const Tp & reference to key_r value.
Definition: UserData.h:175
zypp::KeyRing::Impl::trustedKeyRing
const Pathname trustedKeyRing() const
Definition: KeyRing.cc:259
report
callback::SendReport< DownloadProgressReport > * report
Definition: MediaCurl.cc:203
zypp::KeyRing::Impl::publicKeys
std::list< PublicKey > publicKeys()
Definition: KeyRing.cc:210
zypp::callback::UserData
Typesafe passing of user data via callbacks.
Definition: UserData.h:38
zypp::KeyRing::deleteKey
void deleteKey(const std::string &id, bool trusted=false)
removes a key from the keyring.
Definition: KeyRing.cc:629
zypp::KeyRing::verifyFileTrustedSignature
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:656
zypp::KeyRing::Impl::verifyFileTrustedSignature
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
Definition: KeyRing.cc:230
zypp::KeyManagerCtx::Ptr
shared_ptr< KeyManagerCtx > Ptr
Definition: KeyManager.h:34
zypp::filesystem::PathInfo
Wrapper class for ::stat/::lstat.
Definition: PathInfo.h:220
zypp::KeyRing::Impl::publicKeyData
const std::list< PublicKeyData > & publicKeyData(const Pathname &keyring)
Definition: KeyRing.cc:251
_cacheMap
CacheMap _cacheMap
Definition: KeyRing.cc:177
zypp::callback::UserData::hasvalue
bool hasvalue(const std::string &key_r) const
Whether key_r is in data and value is not empty.
Definition: UserData.h:101
zypp::KeyRing::isKeyTrusted
bool isKeyTrusted(const std::string &id)
true if the key id is trusted
Definition: KeyRing.cc:668
zypp
Easy-to use interface to the ZYPP dependency resolver.
Definition: CodePitfalls.doc:1
_emitSignal
callback::SendReport< KeyRingSignals > _emitSignal
Definition: KeyRing.cc:298
zypp::KeyRing::readSignatureKeyId
std::string readSignatureKeyId(const Pathname &signature)
reads the public key id from a signature
Definition: KeyRing.cc:626
zypp::KeyRing::verifyFileSignature
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Verifies a file against a signature, with no user interaction.
Definition: KeyRing.cc:653
zypp::KeyRing::Impl::readSignatureKeyId
std::string readSignatureKeyId(const Pathname &signature)
Definition: KeyRing.cc:574
zypp::KeyRingReport::askUserToAcceptVerificationFailed
virtual bool askUserToAcceptVerificationFailed(const std::string &file, const PublicKey &key, const KeyContext &keycontext=KeyContext())
The file filedesc is signed but the verification failed.
Definition: KeyRing.cc:79
zypp::KeyRing::publicKeys
std::list< PublicKey > publicKeys()
Get a list of public keys in the keyring (incl.
Definition: KeyRing.cc:632
zypp::KeyRing::Impl::_general_tmp_dir
filesystem::TmpDir _general_tmp_dir
Definition: KeyRing.cc:264