#include "zypp/base/PtrTypes.h"
#include "zypp/Locale.h"
#include "zypp/PublicKey.h"
+#include "zypp/KeyContext.h"
///////////////////////////////////////////////////////////////////
namespace zypp
*/
struct KeyRingReport : public callback::ReportBase
{
-
/**
- * The file \ref filedesc is unsigned
- * \param filedesc Name of the file (repo alias) or filename if not available
- */
- virtual bool askUserToAcceptUnsignedFile( const std::string &filedesc );
-
- /**
- * we DONT know the key, only its id, but we have never seen it, the difference
- * with trust key is that if you dont have it, you can't import it later.
- * The answer means continue yes or no?
+ * User reply options for the askUserToTrustKey callback.
*
* \param filedes Name of the file (repo alias) or filename if not available
*/
- virtual bool askUserToAcceptUnknownKey( const std::string &filedesc, const std::string &id );
+ enum KeyTrust
+ {
+ /**
+ * User has chosen not to trust the key.
+ */
+ KEY_DONT_TRUST = 0,
+ /**
+ * This basically means, we knew the key, but it was not trusted. User
+ * has chosen to continue, but not import the key.
+ */
+ KEY_TRUST_TEMPORARILY,
+ /**
+ * Import the key.
+ * This means saving the key in the trusted database so next run it will appear as trusted.
+ * Nothing to do with KEY_TRUST_TEMPORARILY, as you CAN trust a key without importing it,
+ * basically you will be asked every time again.
+ * There are programs who prefer to manage the trust keyring on their own and use trustKey
+ * without importing it into rpm.
+ */
+ KEY_TRUST_AND_IMPORT
+ };
/**
- * This basically means, we know the key, but it is not trusted, Continue
- * yes or no?. Nothing else is performed (import, etc)
+ * Ask user to trust and/or import the key to trusted keyring.
+ * \see KeyTrust
*/
- virtual bool askUserToTrustKey( const PublicKey &key);
+ virtual KeyTrust askUserToAcceptKey( const PublicKey &key, const KeyContext &keycontext = KeyContext() );
+
+ /** Informal callback showing the trusted key that will be used for verification. */
+ virtual void infoVerify( const std::string & file_r, const PublicKeyData & keyData_r, const KeyContext &keycontext = KeyContext() );
+ virtual bool askUserToAcceptUnsignedFile( const std::string &file, const KeyContext &keycontext = KeyContext() );
/**
- * Import the key.
- * This means saving the key in the trusted database so next run it will appear as trusted.
- * Nothing to do with trustKey, as you CAN trust a key without importing it,
- * basically you will be asked every time again.
- * There are programs who prefer to manage the trust keyring on their own and use trustKey
- * without importing it into rpm.
+ * we DONT know the key, only its id, but we have never seen it, the difference
+ * with trust key is that if you dont have it, you can't import it later.
+ * The answer means continue yes or no?
*
*/
- virtual bool askUserToImportKey( const PublicKey &key);
+ virtual bool askUserToAcceptUnknownKey( const std::string &file, const std::string &id, const KeyContext &keycontext = KeyContext() );
/**
* The file \ref filedesc is signed but the verification failed
*
- * \param filedesc Name of the file (repo alias) or filename if not available
+ * \param filedesc Filename or its description.
*/
- virtual bool askUserToAcceptVerificationFailed( const std::string &filedesc, const PublicKey &key );
+ virtual bool askUserToAcceptVerificationFailed( const std::string &file, const PublicKey &key, const KeyContext &keycontext = KeyContext() );
};
/** \ref DefaultAccept flags (\see \ref base::Flags) are used to
* define the default callback answers during signature verification.
* \code
- * KeyRingReport::setDefaultAccept( KeyRing::ACCEPT_UNSIGNED_FILE | ACCEPT_VERIFICATION_FAILED );
+ * KeyRing::setDefaultAccept( KeyRing::ACCEPT_UNSIGNED_FILE | ACCEPT_VERIFICATION_FAILED );
* \endcode
* \see \ref KeyRingReport.
*/
ACCEPT_NOTHING = 0x0000,
ACCEPT_UNSIGNED_FILE = 0x0001,
ACCEPT_UNKNOWNKEY = 0x0002,
- TRUST_KEY = 0x0004,
- IMPORT_KEY = 0x0008,
+ TRUST_KEY_TEMPORARILY = 0x0004,
+ TRUST_AND_IMPORT_KEY = 0x0008,
ACCEPT_VERIFICATION_FAILED = 0x0010,
};
ZYPP_DECLARE_FLAGS( DefaultAccept, DefaultAcceptBits );
public:
/** Default ctor */
KeyRing(const Pathname &baseTmpDir);
- //explicit
- //KeyRing(const Pathname &general_kr, const Pathname &trusted_kr);
/**
* imports a key from a file.
*/
void importKey( const PublicKey &key, bool trusted = false);
+ /** Initial import from \ref RpmDb. */
+ void multiKeyImport( const Pathname & keyfile_r, bool trusted_r = false );
+
void dumpTrustedPublicKey( const std::string &id, std::ostream &stream )
{ dumpPublicKey(id, true, stream); }
void dumpPublicKey( const std::string &id, bool trusted, std::ostream &stream );
+ /** Export a public key identified by its key data. */
+ PublicKey exportPublicKey( const PublicKeyData & keyData );
+
+ /** Export a trusted public key identified by its key data. */
+ PublicKey exportTrustedPublicKey( const PublicKeyData & keyData );
+
/**
* reads the public key id from a signature
*/
/**
* true if the key id is trusted
*/
- bool isKeyTrusted( const std::string &id);
+ bool isKeyTrusted( const std::string &id );
/**
* true if the key id is knows, that means
* removes a key from the keyring.
* If trusted is true, Remove it from trusted keyring too.
*/
- void deleteKey( const std::string &id, bool trusted = false);
+ void deleteKey( const std::string &id, bool trusted = false );
/**
- * Get a list of public keys in the keyring
+ * Get a list of public keys in the keyring (incl. ASCII armored keys in tmpfiles)
*/
std::list<PublicKey> publicKeys();
/**
- * Get a list of trusted public keys in the keyring
+ * Get a list of trusted public keys in the keyring (incl. ASCII armored keys in tmpfiles)
*/
std::list<PublicKey> trustedPublicKeys();
/**
- * Get a list of public key ids in the keyring
+ * Get a list of public key data in the keyring (key data only)
*/
- std::list<std::string> publicKeyIds();
+ std::list<PublicKeyData> publicKeyData();
/**
- * Get a list of trusted public key ids in the keyring
+ * Get a list of trusted public key data in the keyring (key data only)
*/
- std::list<std::string> trustedPublicKeyIds();
+ std::list<PublicKeyData> trustedPublicKeyData();
/**
* Follows a signature verification interacting with the user.
*
* \see \ref KeyRingReport
*/
- bool verifyFileSignatureWorkflow( const Pathname &file, const std::string filedesc, const Pathname &signature);
+ bool verifyFileSignatureWorkflow(
+ const Pathname &file,
+ const std::string filedesc,
+ const Pathname &signature,
+ const KeyContext &keycontext = KeyContext());
+
/**
* Verifies a file against a signature, with no user interaction
* \param file Path of the file to be verified
* \param signature Signature to verify the file against
*/
- bool verifyFileSignature( const Pathname &file, const Pathname &signature);
+ bool verifyFileSignature( const Pathname &file, const Pathname &signature );
- bool verifyFileTrustedSignature( const Pathname &file, const Pathname &signature);
+ bool verifyFileTrustedSignature( const Pathname &file, const Pathname &signature );
/** Dtor */
~KeyRing();
private:
/** Pointer to implementation */
- RWCOW_pointer<Impl> _pimpl;
+ RW_pointer<Impl> _pimpl;
};
///////////////////////////////////////////////////////////////////