1 /*---------------------------------------------------------------------\
3 | |__ / \ / / . \ . \ |
8 \---------------------------------------------------------------------*/
9 /** \file zypp/KeyRing.h
12 #ifndef ZYPP_KEYRING_H
13 #define ZYPP_KEYRING_H
21 #include "zypp/base/ReferenceCounted.h"
22 #include "zypp/base/Flags.h"
23 #include "zypp/Callback.h"
24 #include "zypp/base/PtrTypes.h"
25 #include "zypp/Locale.h"
26 #include "zypp/PublicKey.h"
27 #include "zypp/KeyContext.h"
29 ///////////////////////////////////////////////////////////////////
31 { /////////////////////////////////////////////////////////////////
33 DEFINE_PTR_TYPE(KeyRing);
35 /** Callbacks from signature verification workflow.
37 * Per default all methods answer \c false. This may be canged
38 * by calling \ref KeyRing::setDefaultAccept.
40 * KeyRing::setDefaultAccept( KeyRing::ACCEPT_UNSIGNED_FILE | KeyRing::ACCEPT_VERIFICATION_FAILED );
44 struct KeyRingReport : public callback::ReportBase
47 * User reply options for the askUserToTrustKey callback.
49 * \param filedes Name of the file (repo alias) or filename if not available
54 * User has chosen not to trust the key.
58 * This basically means, we knew the key, but it was not trusted. User
59 * has chosen to continue, but not import the key.
61 KEY_TRUST_TEMPORARILY,
64 * This means saving the key in the trusted database so next run it will appear as trusted.
65 * Nothing to do with KEY_TRUST_TEMPORARILY, as you CAN trust a key without importing it,
66 * basically you will be asked every time again.
67 * There are programs who prefer to manage the trust keyring on their own and use trustKey
68 * without importing it into rpm.
74 * Ask user to trust and/or import the key to trusted keyring.
77 virtual KeyTrust askUserToAcceptKey( const PublicKey &key, const KeyContext &keycontext = KeyContext() );
79 virtual bool askUserToAcceptUnsignedFile( const std::string &file, const KeyContext &keycontext = KeyContext() );
82 * we DONT know the key, only its id, but we have never seen it, the difference
83 * with trust key is that if you dont have it, you can't import it later.
84 * The answer means continue yes or no?
87 virtual bool askUserToAcceptUnknownKey( const std::string &file, const std::string &id, const KeyContext &keycontext = KeyContext() );
90 * The file \ref filedesc is signed but the verification failed
92 * \param filedesc Filename or its description.
94 virtual bool askUserToAcceptVerificationFailed( const std::string &file, const PublicKey &key, const KeyContext &keycontext = KeyContext() );
98 struct KeyRingSignals : public callback::ReportBase
100 virtual void trustedKeyAdded( const PublicKey &/*key*/ )
102 virtual void trustedKeyRemoved( const PublicKey &/*key*/ )
106 class KeyRingException : public Exception
109 /** Ctor taking message.
110 * Use \ref ZYPP_THROW to throw exceptions.
113 : Exception( "Bad Key Exception" )
115 /** Ctor taking message.
116 * Use \ref ZYPP_THROW to throw exceptions.
118 KeyRingException( const std::string & msg_r )
122 virtual ~KeyRingException() throw() {};
125 ///////////////////////////////////////////////////////////////////
127 // CLASS NAME : KeyRing
129 /** Gpg key handling.
132 class KeyRing : public base::ReferenceCounted, private base::NonCopyable
134 friend std::ostream & operator<<( std::ostream & str, const KeyRing & obj );
137 /** \name Default answers in verification workflow.
138 * Per default all answers are \c false.
141 /** \ref DefaultAccept flags (\see \ref base::Flags) are used to
142 * define the default callback answers during signature verification.
144 * KeyRing::setDefaultAccept( KeyRing::ACCEPT_UNSIGNED_FILE | ACCEPT_VERIFICATION_FAILED );
146 * \see \ref KeyRingReport.
148 enum DefaultAcceptBits
150 ACCEPT_NOTHING = 0x0000,
151 ACCEPT_UNSIGNED_FILE = 0x0001,
152 ACCEPT_UNKNOWNKEY = 0x0002,
153 TRUST_KEY_TEMPORARILY = 0x0004,
154 TRUST_AND_IMPORT_KEY = 0x0008,
155 ACCEPT_VERIFICATION_FAILED = 0x0010,
157 ZYPP_DECLARE_FLAGS( DefaultAccept, DefaultAcceptBits );
159 /** Get the active accept bits. */
160 static DefaultAccept defaultAccept();
162 /** Set the active accept bits. */
163 static void setDefaultAccept( DefaultAccept value_r );
167 /** Implementation */
172 KeyRing(const Pathname &baseTmpDir);
175 * imports a key from a file.
176 * throw if key was not imported
178 void importKey( const PublicKey &key, bool trusted = false);
180 /** Initial import from \ref RpmDb. */
181 void multiKeyImport( const Pathname & keyfile_r, bool trusted_r = false );
183 void dumpTrustedPublicKey( const std::string &id, std::ostream &stream )
184 { dumpPublicKey(id, true, stream); }
186 void dumpUntrustedPublicKey( const std::string &id, std::ostream &stream )
187 { dumpPublicKey(id, false, stream); }
189 void dumpPublicKey( const std::string &id, bool trusted, std::ostream &stream );
191 /** Export a public key identified by its key data. */
192 PublicKey exportPublicKey( const PublicKeyData & keyData );
194 /** Export a trusted public key identified by its key data. */
195 PublicKey exportTrustedPublicKey( const PublicKeyData & keyData );
198 * reads the public key id from a signature
200 std::string readSignatureKeyId( const Pathname &signature );
203 * true if the key id is trusted
205 bool isKeyTrusted( const std::string &id );
208 * true if the key id is knows, that means
209 * at least exist on the untrusted keyring
211 bool isKeyKnown( const std::string &id );
214 * removes a key from the keyring.
215 * If trusted is true, Remove it from trusted keyring too.
217 void deleteKey( const std::string &id, bool trusted = false );
220 * Get a list of public keys in the keyring (incl. ASCII armored keys in tmpfiles)
222 std::list<PublicKey> publicKeys();
225 * Get a list of trusted public keys in the keyring (incl. ASCII armored keys in tmpfiles)
227 std::list<PublicKey> trustedPublicKeys();
230 * Get a list of public key data in the keyring (key data only)
232 std::list<PublicKeyData> publicKeyData();
235 * Get a list of trusted public key data in the keyring (key data only)
237 std::list<PublicKeyData> trustedPublicKeyData();
240 * Follows a signature verification interacting with the user.
241 * The bool returned depends on user decision to trust or not.
243 * To propagate user decisions, either connect to the \ref KeyRingReport
244 * or use its static methods to set the desired defaults.
247 * struct KeyRingReportReceive : public callback::ReceiveReport<KeyRingReport>
249 * KeyRingReportReceive() { connect(); }
251 * // Overload the virtual methods to return the appropriate values.
252 * virtual bool askUserToAcceptUnsignedFile( const std::string &file );
257 * \param file Path of the file to be verified
258 * \param filedesc Description of the file (to give the user some context)
259 * \param signature Signature to verify the file against
261 * \see \ref KeyRingReport
263 bool verifyFileSignatureWorkflow(
264 const Pathname &file,
265 const std::string filedesc,
266 const Pathname &signature,
267 const KeyContext &keycontext = KeyContext());
271 * Verifies a file against a signature, with no user interaction
273 * \param file Path of the file to be verified
274 * \param signature Signature to verify the file against
276 bool verifyFileSignature( const Pathname &file, const Pathname &signature );
278 bool verifyFileTrustedSignature( const Pathname &file, const Pathname &signature );
284 /** Pointer to implementation */
285 RWCOW_pointer<Impl> _pimpl;
287 ///////////////////////////////////////////////////////////////////
289 /** \relates KeyRing Stream output */
290 inline std::ostream & operator<<( std::ostream & str, const KeyRing & /*obj*/ )
292 //return str << obj.asString();
296 /** \relates KeyRing::DefaultAccept */
297 ZYPP_DECLARE_OPERATORS_FOR_FLAGS( KeyRing::DefaultAccept );
299 ///////////////////////////////////////////////////////////////////
305 /** Internal connection to rpm database. Not for public use. */
306 struct KeyRingSignals : public ::zypp::KeyRingSignals
311 /////////////////////////////////////////////////////////////////
313 ///////////////////////////////////////////////////////////////////
314 #endif // ZYPP_KEYRING_H