1 /*---------------------------------------------------------------------\
3 | |__ / \ / / . \ . \ |
8 \---------------------------------------------------------------------*/
9 /** \file zypp/KeyRing.cc
18 #include "zypp/TmpPath.h"
19 #include "zypp/ZYppFactory.h"
20 #include "zypp/ZYpp.h"
22 #include "zypp/base/LogTools.h"
23 #include "zypp/base/IOStream.h"
24 #include "zypp/base/String.h"
25 #include "zypp/base/Regex.h"
26 #include "zypp/base/Gettext.h"
27 #include "zypp/base/WatchFile.h"
28 #include "zypp/PathInfo.h"
29 #include "zypp/KeyRing.h"
30 #include "zypp/ExternalProgram.h"
31 #include "zypp/TmpPath.h"
35 #undef ZYPP_BASE_LOGGER_LOGGROUP
36 #define ZYPP_BASE_LOGGER_LOGGROUP "zypp::KeyRing"
38 /** \todo Fix duplicate define in PublicKey/KeyRing */
39 #define GPG_BINARY "/usr/bin/gpg2"
41 ///////////////////////////////////////////////////////////////////
43 { /////////////////////////////////////////////////////////////////
45 IMPL_PTR_TYPE(KeyRing);
49 KeyRing::DefaultAccept _keyRingDefaultAccept( KeyRing::ACCEPT_NOTHING );
52 KeyRing::DefaultAccept KeyRing::defaultAccept()
53 { return _keyRingDefaultAccept; }
55 void KeyRing::setDefaultAccept( DefaultAccept value_r )
57 MIL << "Set new KeyRing::DefaultAccept: " << value_r << endl;
58 _keyRingDefaultAccept = value_r;
61 void KeyRingReport::infoVerify( const std::string & file_r, const PublicKeyData & keyData_r, const KeyContext & keycontext )
64 bool KeyRingReport::askUserToAcceptUnsignedFile( const std::string & file, const KeyContext & keycontext )
65 { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNSIGNED_FILE ); }
67 KeyRingReport::KeyTrust
68 KeyRingReport::askUserToAcceptKey( const PublicKey & key, const KeyContext & keycontext )
70 if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_KEY_TEMPORARILY ) )
71 return KEY_TRUST_TEMPORARILY;
72 if ( _keyRingDefaultAccept.testFlag( KeyRing::TRUST_AND_IMPORT_KEY ) )
73 return KEY_TRUST_AND_IMPORT;
74 return KEY_DONT_TRUST;
77 bool KeyRingReport::askUserToAcceptUnknownKey( const std::string & file, const std::string & id, const KeyContext & keycontext )
78 { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_UNKNOWNKEY ); }
80 bool KeyRingReport::askUserToAcceptVerificationFailed( const std::string & file, const PublicKey & key, const KeyContext & keycontext )
81 { return _keyRingDefaultAccept.testFlag( KeyRing::ACCEPT_VERIFICATION_FAILED ); }
85 ///////////////////////////////////////////////////////////////////
86 /// \class CachedPublicKeyData
87 /// \brief Functor returning the keyrings data (cached).
89 /// const std::list<PublicKeyData> & cachedPublicKeyData( const Pathname & keyring );
91 ///////////////////////////////////////////////////////////////////
92 struct CachedPublicKeyData // : private base::NonCopyable - but KeyRing uses RWCOW though also NonCopyable :(
94 const std::list<PublicKeyData> & operator()( const Pathname & keyring_r ) const
95 { return getData( keyring_r ); }
100 // Empty copy ctor to allow insert into std::map as
101 // scoped_ptr is noncopyable.
103 Cache( const Cache & rhs ) {}
105 void assertCache( const Pathname & keyring_r )
107 // .kbx since gpg2-2.1
109 _keyringK.reset( new WatchFile( keyring_r/"pubring.kbx", WatchFile::NO_INIT ) );
111 _keyringP.reset( new WatchFile( keyring_r/"pubring.gpg", WatchFile::NO_INIT ) );
114 bool hasChanged() const
116 bool k = _keyringK->hasChanged(); // be sure both files are checked
117 bool p = _keyringP->hasChanged();
121 std::list<PublicKeyData> _data;
124 scoped_ptr<WatchFile> _keyringK;
125 scoped_ptr<WatchFile> _keyringP;
128 typedef std::map<Pathname,Cache> CacheMap;
130 const std::list<PublicKeyData> & getData( const Pathname & keyring_r ) const
132 Cache & cache( _cacheMap[keyring_r] );
133 // init new cache entry
134 cache.assertCache( keyring_r );
135 return getData( keyring_r, cache );
138 const std::list<PublicKeyData> & getData( const Pathname & keyring_r, Cache & cache_r ) const
140 if ( cache_r.hasChanged() )
145 "--list-public-keys",
146 "--homedir", keyring_r.c_str(),
147 "--no-default-keyring",
151 "--with-fingerprint",
160 PublicKeyScanner scanner;
161 ExternalProgram prog( argv ,ExternalProgram::Discard_Stderr, false, -1, true );
162 for( std::string line = prog.receiveLine(); !line.empty(); line = prog.receiveLine() )
164 scanner.scan( line );
168 cache_r._data.swap( scanner._keys );
169 MIL << "Found keys: " << cache_r._data << endl;
171 return cache_r._data;
174 mutable CacheMap _cacheMap;
176 ///////////////////////////////////////////////////////////////////
179 ///////////////////////////////////////////////////////////////////
181 // CLASS NAME : KeyRing::Impl
183 /** KeyRing implementation. */
186 Impl( const Pathname & baseTmpDir )
187 : _trusted_tmp_dir( baseTmpDir, "zypp-trusted-kr" )
188 , _general_tmp_dir( baseTmpDir, "zypp-general-kr" )
189 , _base_dir( baseTmpDir )
191 MIL << "Current KeyRing::DefaultAccept: " << _keyRingDefaultAccept << endl;
194 void importKey( const PublicKey & key, bool trusted = false );
195 void multiKeyImport( const Pathname & keyfile_r, bool trusted_r = false );
196 void deleteKey( const std::string & id, bool trusted );
198 std::string readSignatureKeyId( const Pathname & signature );
200 bool isKeyTrusted( const std::string & id )
201 { return bool(publicKeyExists( id, trustedKeyRing() )); }
202 bool isKeyKnown( const std::string & id )
203 { return publicKeyExists( id, trustedKeyRing() ) || publicKeyExists( id, generalKeyRing() ); }
205 std::list<PublicKey> trustedPublicKeys()
206 { return publicKeys( trustedKeyRing() ); }
207 std::list<PublicKey> publicKeys()
208 { return publicKeys( generalKeyRing() ); }
210 const std::list<PublicKeyData> & trustedPublicKeyData()
211 { return publicKeyData( trustedKeyRing() ); }
212 const std::list<PublicKeyData> & publicKeyData()
213 { return publicKeyData( generalKeyRing() ); }
215 void dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
216 { dumpPublicKey( id, ( trusted ? trustedKeyRing() : generalKeyRing() ), stream ); }
218 PublicKey exportPublicKey( const PublicKeyData & keyData )
219 { return exportKey( keyData, generalKeyRing() ); }
220 PublicKey exportTrustedPublicKey( const PublicKeyData & keyData )
221 { return exportKey( keyData, trustedKeyRing() ); }
223 bool verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & keycontext = KeyContext());
225 bool verifyFileSignature( const Pathname & file, const Pathname & signature )
226 { return verifyFile( file, signature, generalKeyRing() ); }
227 bool verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
228 { return verifyFile( file, signature, trustedKeyRing() ); }
231 bool verifyFile( const Pathname & file, const Pathname & signature, const Pathname & keyring );
232 void importKey( const Pathname & keyfile, const Pathname & keyring );
234 PublicKey exportKey( const std::string & id, const Pathname & keyring );
235 PublicKey exportKey( const PublicKeyData & keyData, const Pathname & keyring );
237 void dumpPublicKey( const std::string & id, const Pathname & keyring, std::ostream & stream );
238 filesystem::TmpFile dumpPublicKeyToTmp( const std::string & id, const Pathname & keyring );
240 void deleteKey( const std::string & id, const Pathname & keyring );
242 std::list<PublicKey> publicKeys( const Pathname & keyring);
243 const std::list<PublicKeyData> & publicKeyData( const Pathname & keyring )
244 { return cachedPublicKeyData( keyring ); }
246 /** Get \ref PublicKeyData for ID (\c false if ID is not found). */
247 PublicKeyData publicKeyExists( const std::string & id, const Pathname & keyring );
249 const Pathname generalKeyRing() const
250 { return _general_tmp_dir.path(); }
251 const Pathname trustedKeyRing() const
252 { return _trusted_tmp_dir.path(); }
254 // Used for trusted and untrusted keyrings
255 filesystem::TmpDir _trusted_tmp_dir;
256 filesystem::TmpDir _general_tmp_dir;
260 /** Functor returning the keyrings data (cached).
262 * const std::list<PublicKeyData> & cachedPublicKeyData( const Pathname & keyring );
265 CachedPublicKeyData cachedPublicKeyData;
267 ///////////////////////////////////////////////////////////////////
270 void KeyRing::Impl::importKey( const PublicKey & key, bool trusted )
272 importKey( key.path(), trusted ? trustedKeyRing() : generalKeyRing() );
276 callback::SendReport<target::rpm::KeyRingSignals> rpmdbEmitSignal;
277 callback::SendReport<KeyRingSignals> emitSignal;
279 rpmdbEmitSignal->trustedKeyAdded( key );
280 emitSignal->trustedKeyAdded( key );
284 void KeyRing::Impl::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
286 importKey( keyfile_r, trusted_r ? trustedKeyRing() : generalKeyRing() );
289 void KeyRing::Impl::deleteKey( const std::string & id, bool trusted )
295 key = exportKey( id, trustedKeyRing() );
298 deleteKey( id, trusted ? trustedKeyRing() : generalKeyRing() );
302 callback::SendReport<target::rpm::KeyRingSignals> rpmdbEmitSignal;
303 callback::SendReport<KeyRingSignals> emitSignal;
305 rpmdbEmitSignal->trustedKeyRemoved( key );
306 emitSignal->trustedKeyRemoved( key );
310 PublicKeyData KeyRing::Impl::publicKeyExists( const std::string & id, const Pathname & keyring )
312 MIL << "Searching key [" << id << "] in keyring " << keyring << endl;
313 const std::list<PublicKeyData> & keys( publicKeyData( keyring ) );
314 for_( it, keys.begin(), keys.end() )
316 if ( id == (*it).id() )
321 return PublicKeyData();
324 PublicKey KeyRing::Impl::exportKey( const PublicKeyData & keyData, const Pathname & keyring )
326 return PublicKey( dumpPublicKeyToTmp( keyData.id(), keyring ), keyData );
329 PublicKey KeyRing::Impl::exportKey( const std::string & id, const Pathname & keyring )
331 PublicKeyData keyData( publicKeyExists( id, keyring ) );
333 return PublicKey( dumpPublicKeyToTmp( keyData.id(), keyring ), keyData );
335 // Here: key not found
336 WAR << "No key " << id << " to export from " << keyring << endl;
341 void KeyRing::Impl::dumpPublicKey( const std::string & id, const Pathname & keyring, std::ostream & stream )
348 "--homedir", keyring.asString().c_str(),
349 "--no-default-keyring",
353 "--no-permission-warning",
358 ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
359 for ( std::string line = prog.receiveLine(); !line.empty(); line = prog.receiveLine() )
366 filesystem::TmpFile KeyRing::Impl::dumpPublicKeyToTmp( const std::string & id, const Pathname & keyring )
368 filesystem::TmpFile tmpFile( _base_dir, "pubkey-"+id+"-" );
369 MIL << "Going to export key " << id << " from " << keyring << " to " << tmpFile.path() << endl;
371 std::ofstream os( tmpFile.path().c_str() );
372 dumpPublicKey( id, keyring, os );
377 bool KeyRing::Impl::verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & context )
379 sigValid_r = false; // set true if signature is actually successfully validated!
381 callback::SendReport<KeyRingReport> report;
382 MIL << "Going to verify signature for " << filedesc << " ( " << file << " ) with " << signature << endl;
384 // if signature does not exists, ask user if he wants to accept unsigned file.
385 if( signature.empty() || (!PathInfo( signature ).isExist()) )
387 bool res = report->askUserToAcceptUnsignedFile( filedesc, context );
388 MIL << "User decision on unsigned file: " << res << endl;
392 // get the id of the signature
393 std::string id = readSignatureKeyId( signature );
395 // doeskey exists in trusted keyring
396 PublicKeyData trustedKeyData( publicKeyExists( id, trustedKeyRing() ) );
397 if ( trustedKeyData )
399 MIL << "Key is trusted: " << trustedKeyData << endl;
401 // lets look if there is an updated key in the
403 PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) );
404 if ( generalKeyData )
406 // bnc #393160: Comment #30: Compare at least the fingerprint
407 // in case an attacker created a key the the same id.
408 if ( trustedKeyData.fingerprint() == generalKeyData.fingerprint()
409 && trustedKeyData.created() < generalKeyData.created() )
411 MIL << "Key was updated. Saving new version into trusted keyring: " << generalKeyData << endl;
412 importKey( exportKey( generalKeyData, generalKeyRing() ), true );
413 trustedKeyData = generalKeyData = PublicKeyData(); // invalidated by import.
417 if ( ! trustedKeyData ) // invalidated by previous import
418 trustedKeyData = publicKeyExists( id, trustedKeyRing() );
419 report->infoVerify( filedesc, trustedKeyData, context );
421 // it exists, is trusted, does it validates?
422 if ( verifyFile( file, signature, trustedKeyRing() ) )
424 return (sigValid_r=true); // signature is actually successfully validated!
428 return report->askUserToAcceptVerificationFailed( filedesc, exportKey( trustedKeyData, trustedKeyRing() ), context );
433 PublicKeyData generalKeyData( publicKeyExists( id, generalKeyRing() ) );
434 if ( generalKeyData )
436 PublicKey key( exportKey( generalKeyData, generalKeyRing() ) );
437 MIL << "Exported key " << id << " to " << key.path() << endl;
438 MIL << "Key " << id << " " << key.name() << " is not trusted" << endl;
440 // ok the key is not trusted, ask the user to trust it or not
441 KeyRingReport::KeyTrust reply = report->askUserToAcceptKey( key, context );
442 if ( reply == KeyRingReport::KEY_TRUST_TEMPORARILY ||
443 reply == KeyRingReport::KEY_TRUST_AND_IMPORT )
445 MIL << "User wants to trust key " << id << " " << key.name() << endl;
446 //dumpFile( unKey.path() );
448 Pathname whichKeyring;
449 if ( reply == KeyRingReport::KEY_TRUST_AND_IMPORT )
451 MIL << "User wants to import key " << id << " " << key.name() << endl;
452 importKey( key, true );
453 whichKeyring = trustedKeyRing();
456 whichKeyring = generalKeyRing();
459 if ( verifyFile( file, signature, whichKeyring ) )
461 MIL << "File signature is verified" << endl;
462 return (sigValid_r=true); // signature is actually successfully validated!
466 MIL << "File signature check fails" << endl;
467 if ( report->askUserToAcceptVerificationFailed( filedesc, key, context ) )
469 MIL << "User continues anyway." << endl;
474 MIL << "User does not want to continue" << endl;
481 MIL << "User does not want to trust key " << id << " " << key.name() << endl;
488 MIL << "File [" << file << "] ( " << filedesc << " ) signed with unknown key [" << id << "]" << endl;
489 if ( report->askUserToAcceptUnknownKey( filedesc, id, context ) )
491 MIL << "User wants to accept unknown key " << id << endl;
496 MIL << "User does not want to accept unknown key " << id << endl;
504 std::list<PublicKey> KeyRing::Impl::publicKeys( const Pathname & keyring )
506 const std::list<PublicKeyData> & keys( publicKeyData( keyring ) );
507 std::list<PublicKey> ret;
509 for_( it, keys.begin(), keys.end() )
511 PublicKey key( exportKey( *it, keyring ) );
512 ret.push_back( key );
513 MIL << "Found key " << key << endl;
518 void KeyRing::Impl::importKey( const Pathname & keyfile, const Pathname & keyring )
520 if ( ! PathInfo( keyfile ).isExist() )
521 // TranslatorExplanation first %s is key name, second is keyring name
522 ZYPP_THROW(KeyRingException( str::Format(_("Tried to import not existent key %s into keyring %s"))
524 % keyring.asString() ));
530 "--homedir", keyring.asString().c_str(),
531 "--no-default-keyring",
535 "--no-permission-warning",
537 keyfile.asString().c_str(),
541 ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
545 void KeyRing::Impl::deleteKey( const std::string & id, const Pathname & keyring )
551 "--homedir", keyring.asString().c_str(),
552 "--no-default-keyring",
562 ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
564 int code = prog.close();
566 ZYPP_THROW(Exception(_("Failed to delete key.")));
568 MIL << "Deleted key " << id << " from keyring " << keyring << endl;
572 std::string KeyRing::Impl::readSignatureKeyId( const Pathname & signature )
574 if ( ! PathInfo( signature ).isFile() )
575 ZYPP_THROW(Exception( str::Format(_("Signature file %s not found")) % signature.asString() ));
577 MIL << "Determining key id if signature " << signature << endl;
578 // HACK create a tmp keyring with no keys
579 filesystem::TmpDir dir( _base_dir, "fake-keyring" );
584 "--homedir", dir.path().asString().c_str(),
585 "--no-default-keyring",
591 signature.asString().c_str(),
595 ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
600 str::regex rxNoKey( "^\\[GNUPG:\\] NO_PUBKEY (.+)\n$" );
602 for( line = prog.receiveLine(), count=0; !line.empty(); line = prog.receiveLine(), count++ )
604 //MIL << "[" << line << "]" << endl;
606 if( str::regex_match( line, what, rxNoKey ) )
608 if ( what.size() >= 1 )
613 //dumpRegexpResults( what );
619 MIL << "no output" << endl;
622 MIL << "Determined key id [" << id << "] for signature " << signature << endl;
627 bool KeyRing::Impl::verifyFile( const Pathname & file, const Pathname & signature, const Pathname & keyring )
633 "--homedir", keyring.asString().c_str(),
634 "--no-default-keyring",
640 signature.asString().c_str(),
641 file.asString().c_str(),
645 // no need to parse output for now
646 // [GNUPG:] SIG_ID yCc4u223XRJnLnVAIllvYbUd8mQ 2006-03-29 1143618744
647 // [GNUPG:] GOODSIG A84EDAE89C800ACA SuSE Package Signing Key <build@suse.de>
648 // gpg: Good signature from "SuSE Package Signing Key <build@suse.de>"
649 // [GNUPG:] VALIDSIG 79C179B2E1C820C1890F9994A84EDAE89C800ACA 2006-03-29 1143618744 0 3 0 17 2 00 79C179B2E1C820C1890F9994A84EDAE89C800ACA
650 // [GNUPG:] TRUST_UNDEFINED
652 // [GNUPG:] ERRSIG A84EDAE89C800ACA 17 2 00 1143618744 9
653 // [GNUPG:] NO_PUBKEY A84EDAE89C800ACA
655 ExternalProgram prog( argv,ExternalProgram::Discard_Stderr, false, -1, true );
657 return ( prog.close() == 0 ) ? true : false;
660 ///////////////////////////////////////////////////////////////////
662 ///////////////////////////////////////////////////////////////////
664 // CLASS NAME : KeyRing
666 ///////////////////////////////////////////////////////////////////
668 KeyRing::KeyRing( const Pathname & baseTmpDir )
669 : _pimpl( new Impl( baseTmpDir ) )
676 void KeyRing::importKey( const PublicKey & key, bool trusted )
677 { _pimpl->importKey( key, trusted ); }
679 void KeyRing::multiKeyImport( const Pathname & keyfile_r, bool trusted_r )
680 { _pimpl->multiKeyImport( keyfile_r, trusted_r ); }
682 std::string KeyRing::readSignatureKeyId( const Pathname & signature )
683 { return _pimpl->readSignatureKeyId( signature ); }
685 void KeyRing::deleteKey( const std::string & id, bool trusted )
686 { _pimpl->deleteKey( id, trusted ); }
688 std::list<PublicKey> KeyRing::publicKeys()
689 { return _pimpl->publicKeys(); }
691 std:: list<PublicKey> KeyRing::trustedPublicKeys()
692 { return _pimpl->trustedPublicKeys(); }
694 std::list<PublicKeyData> KeyRing::publicKeyData()
695 { return _pimpl->publicKeyData(); }
697 std::list<PublicKeyData> KeyRing::trustedPublicKeyData()
698 { return _pimpl->trustedPublicKeyData(); }
700 bool KeyRing::verifyFileSignatureWorkflow( const Pathname & file, const std::string & filedesc, const Pathname & signature, bool & sigValid_r, const KeyContext & keycontext )
701 { return _pimpl->verifyFileSignatureWorkflow( file, filedesc, signature, sigValid_r, keycontext ); }
703 bool KeyRing::verifyFileSignatureWorkflow( const Pathname & file, const std::string filedesc, const Pathname & signature, const KeyContext & keycontext )
704 { bool unused; return _pimpl->verifyFileSignatureWorkflow( file, filedesc, signature, unused, keycontext ); }
706 bool KeyRing::verifyFileSignature( const Pathname & file, const Pathname & signature )
707 { return _pimpl->verifyFileSignature( file, signature ); }
709 bool KeyRing::verifyFileTrustedSignature( const Pathname & file, const Pathname & signature )
710 { return _pimpl->verifyFileTrustedSignature( file, signature ); }
712 void KeyRing::dumpPublicKey( const std::string & id, bool trusted, std::ostream & stream )
713 { _pimpl->dumpPublicKey( id, trusted, stream ); }
715 PublicKey KeyRing::exportPublicKey( const PublicKeyData & keyData )
716 { return _pimpl->exportPublicKey( keyData ); }
718 PublicKey KeyRing::exportTrustedPublicKey( const PublicKeyData & keyData )
719 { return _pimpl->exportTrustedPublicKey( keyData ); }
721 bool KeyRing::isKeyTrusted( const std::string & id )
722 { return _pimpl->isKeyTrusted( id ); }
724 bool KeyRing::isKeyKnown( const std::string & id )
725 { return _pimpl->isKeyKnown( id ); }
727 /////////////////////////////////////////////////////////////////
729 ///////////////////////////////////////////////////////////////////