37 #undef ZYPP_BASE_LOGGER_LOGGROUP 38 #define ZYPP_BASE_LOGGER_LOGGROUP "zypp::KeyRing" 52 {
return _keyRingDefaultAccept; }
56 MIL <<
"Set new KeyRing::DefaultAccept: " << value_r << endl;
57 _keyRingDefaultAccept = value_r;
85 data.
set(
"PublicKey", key_r);
86 data.
set(
"KeyContext", keycontext_r);
90 return data.
get<
bool>(
"TrustKey");
97 data.
set(
"Keys", keys_r);
112 const std::list<PublicKeyData> & operator()(
const Pathname & keyring_r )
const 113 {
return getData( keyring_r ); }
115 void setDirty(
const Pathname & keyring_r )
129 void assertCache(
const Pathname & keyring_r )
138 bool hasChanged()
const 152 typedef std::map<Pathname,Cache> CacheMap;
154 const std::list<PublicKeyData> & getData(
const Pathname & keyring_r )
const 158 cache.assertCache( keyring_r );
159 return getData( keyring_r, cache );
162 const std::list<PublicKeyData> & getData(
const Pathname & keyring_r, Cache & cache_r )
const 164 if ( cache_r.hasChanged() ) {
167 if (ctx->setHomedir(keyring_r)) {
168 std::list<PublicKeyData> foundKeys = ctx->listKeys();
169 cache_r._data.swap(foundKeys);
172 MIL <<
"Found keys: " << cache_r._data << endl;
174 return cache_r._data;
194 MIL <<
"Current KeyRing::DefaultAccept: " << _keyRingDefaultAccept << endl;
199 void deleteKey(
const std::string &
id,
bool trusted );
218 void dumpPublicKey(
const std::string &
id,
bool trusted, std::ostream & stream )
282 struct ImportKeyCBHelper
284 void operator()(
const PublicKey & key_r )
292 ERR <<
"Could not import key into rpmdb: " << excp << endl;
308 MIL <<
"Imported key " << key <<
" to " << (trusted ?
"trustedKeyRing" :
"generalKeyRing" ) << endl;
312 ImportKeyCBHelper emitSignal;
329 importKey( keyfile_r, trusted_r ? trustedKeyRing() : generalKeyRing() );
334 PublicKeyData keyDataToDel( publicKeyExists(
id, trusted ? trustedKeyRing() : generalKeyRing() ) );
335 if ( ! keyDataToDel )
337 WAR <<
"Key to delete [" <<
id <<
"] is not in " << (trusted ?
"trustedKeyRing" :
"generalKeyRing" ) << endl;
340 deleteKey(
id, trusted ? trustedKeyRing() : generalKeyRing() );
341 MIL <<
"Deleted key [" <<
id <<
"] from " << (trusted ?
"trustedKeyRing" :
"generalKeyRing" ) << endl;
348 rpmdbEmitSignal->trustedKeyRemoved( key );
351 emitSignal->trustedKeyRemoved( key );
355 ERR <<
"Could not delete key from rpmmdb: " << excp << endl;
366 if ( key.providesKey(
id ) )
372 MIL << (ret ?
"Found" :
"No") <<
" key [" <<
id <<
"] in keyring " << keyring << endl;
378 return PublicKey( dumpPublicKeyToTmp( keyData.
id(), keyring ), keyData );
385 return PublicKey( dumpPublicKeyToTmp( keyData.
id(), keyring ), keyData );
388 WAR <<
"No key [" <<
id <<
"] to export from " << keyring << endl;
396 if (!ctx || !ctx->setHomedir(keyring))
398 ctx->exportKey(
id, stream);
404 MIL <<
"Going to export key [" <<
id <<
"] from " << keyring <<
" to " << tmpFile.
path() << endl;
406 std::ofstream os( tmpFile.
path().
c_str() );
417 MIL <<
"Going to verify signature for " << filedesc <<
" ( " << file <<
" ) with " << signature << endl;
422 bool res =
report->askUserToAcceptUnsignedFile( filedesc, context );
423 MIL <<
"askUserToAcceptUnsignedFile: " << res << endl;
436 PublicKeyData trustedKeyData( publicKeyExists(
id, trustedKeyRing() ) );
437 if ( trustedKeyData )
439 MIL <<
"Key is trusted: " << trustedKeyData << endl;
443 PublicKeyData generalKeyData( publicKeyExists(
id, generalKeyRing() ) );
444 if ( generalKeyData )
457 MIL <<
"Key was updated. Saving new version into trusted keyring: " << generalKeyData << endl;
458 importKey( exportKey( generalKeyData, generalKeyRing() ),
true );
459 trustedKeyData = publicKeyExists(
id, trustedKeyRing() );
463 foundKey = trustedKeyData;
464 whichKeyring = trustedKeyRing();
468 PublicKeyData generalKeyData( publicKeyExists(
id, generalKeyRing() ) );
469 if ( generalKeyData )
471 PublicKey key( exportKey( generalKeyData, generalKeyRing() ) );
472 MIL <<
"Key [" <<
id <<
"] " << key.
name() <<
" is not trusted" << endl;
479 MIL <<
"User wants to trust key [" <<
id <<
"] " << key.
name() << endl;
483 MIL <<
"User wants to import key [" <<
id <<
"] " << key.
name() << endl;
485 whichKeyring = trustedKeyRing();
488 whichKeyring = generalKeyRing();
490 foundKey = generalKeyData;
494 MIL <<
"User does not want to trust key [" <<
id <<
"] " << key.
name() << endl;
498 else if ( ! context.
empty() )
502 whichKeyring = trustedKeyRing();
503 foundKey =
PublicKeyData( publicKeyExists(
id, trustedKeyRing() ) );
511 report->infoVerify( filedesc, foundKey, context );
512 if ( verifyFile( file, signature, whichKeyring ) )
514 return (sigValid_r=
true);
518 bool res =
report->askUserToAcceptVerificationFailed( filedesc, exportKey( foundKey, whichKeyring ), context );
519 MIL <<
"askUserToAcceptVerificationFailed: " << res << endl;
524 MIL <<
"File [" << file <<
"] ( " << filedesc <<
" ) signed with unknown key [" <<
id <<
"]" << endl;
525 bool res =
report->askUserToAcceptUnknownKey( filedesc,
id, context );
526 MIL <<
"askUserToAcceptUnknownKey: " << res << endl;
557 ERR <<
"Key [" << id_r <<
"] from cache: " << cacheDir <<
" is not valid" << endl;
561 MIL <<
"Key [" << id_r <<
"] " << key.
name() <<
" loaded from cache" << endl;
565 if ( !
report->askUserToAcceptPackageKey( key, context ) ) {
569 MIL <<
"User wants to import key [" << id_r <<
"] " << key.
name() <<
" from cache" << endl;
574 ERR <<
"Failed to import key: "<<id_r;
583 const std::list<PublicKeyData> & keys(
publicKeyData( keyring ) );
584 std::list<PublicKey> ret;
586 for_( it, keys.begin(), keys.end() )
588 PublicKey key( exportKey( *it, keyring ) );
589 ret.push_back( key );
590 MIL <<
"Found key " << key << endl;
597 if ( !
PathInfo( keyfile ).isExist() )
604 if(!ctx || !ctx->setHomedir(keyring))
607 cachedPublicKeyData.setDirty( keyring );
608 if(!ctx->importKey(keyfile))
619 if(!ctx->setHomedir(keyring)) {
623 if(!ctx->deleteKey(
id)){
627 cachedPublicKeyData.setDirty( keyring );
632 if ( !
PathInfo( signature ).isFile() )
635 MIL <<
"Determining key id of signature " << signature << endl;
639 return std::string();
642 std::list<std::string> fprs = ctx->readSignatureFingerprints(signature);
644 std::string &
id = fprs.back();
645 MIL <<
"Determined key id [" <<
id <<
"] for signature " << signature << endl;
648 return std::string();
654 if (!ctx || !ctx->setHomedir(keyring))
657 return ctx->verify(file, signature);
void importKey(const PublicKey &key, bool trusted=false)
imports a key from a file.
const std::list< PublicKeyData > & publicKeyData()
static Ptr createForOpenPGP()
Creates a new KeyManagerCtx for PGP.
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
Export a trusted public key identified by its key data.
PublicKey exportPublicKey(const PublicKeyData &keyData)
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
void deleteKey(const std::string &id, bool trusted)
PublicKey exportKey(const std::string &id, const Pathname &keyring)
static bool error(const std::string &msg_r, const UserData &userData_r=UserData())
send error text
bool isKeyTrusted(const std::string &id)
const std::list< PublicKeyData > & hiddenKeys() const
Additional keys data in case the ASCII armored blob containes multiple keys.
#define ZYPP_THROW(EXCPT)
Drops a logline and throws the Exception.
const std::list< PublicKeyData > & trustedPublicKeyData()
const PublicKeyData & keyData() const
The public keys data (.
static ZConfig & instance()
Singleton ctor.
PublicKey exportKey(const PublicKey &key, const Pathname &keyring)
Pathname provideKey(const std::string &keyID_r, const Pathname &targetDirectory_r) const
downloads all configured gpg keys into the defined directory
This basically means, we knew the key, but it was not trusted.
PublicKey exportPublicKey(const PublicKeyData &keyData)
Export a public key identified by its key data.
Class representing one GPG Public Keys data.
Pathname pubkeyCachePath() const
Path where the pubkey caches.
bool isKeyKnown(const std::string &id)
void reportNonImportedKeys(const std::set< Edition > &keys_r)
Notify the user about keys that were not imported from the rpm key database into zypp keyring...
void dumpPublicKey(const std::string &id, bool trusted, std::ostream &stream)
PublicKeyData publicKeyExists(const std::string &id, const Pathname &keyring)
Get PublicKeyData for ID (false if ID is not found).
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
std::list< PublicKey > trustedPublicKeys()
Get a list of trusted public keys in the keyring (incl.
bool verifyFile(const Pathname &file, const Pathname &signature, const Pathname &keyring)
virtual bool askUserToAcceptUnsignedFile(const std::string &file, const KeyContext &keycontext=KeyContext())
const char * c_str() const
String representation.
KeyRing(const Pathname &baseTmpDir)
Default ctor.
What is known about a repository.
std::list< PublicKeyData > trustedPublicKeyData()
Get a list of trusted public key data in the keyring (key data only)
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
Follows a signature verification interacting with the user.
bool askUserToAcceptPackageKey(const PublicKey &key_r, const KeyContext &keycontext_r=KeyContext())
Ask user to trust and/or import the package key to trusted keyring, using ReportBase::report.
#define for_(IT, BEG, END)
Convenient for-loops using iterator.
Provide a new empty temporary file and delete it when no longer needed.
virtual bool askUserToAcceptUnknownKey(const std::string &file, const std::string &id, const KeyContext &keycontext=KeyContext())
we DONT know the key, only its id, but we have never seen it, the difference with trust key is that i...
CachedPublicKeyData cachedPublicKeyData
Functor returning the keyrings data (cached).
callback::SendReport< target::rpm::KeyRingSignals > _rpmdbEmitSignal
virtual void infoVerify(const std::string &file_r, const PublicKeyData &keyData_r, const KeyContext &keycontext=KeyContext())
Informal callback showing the trusted key that will be used for verification.
Pathname repoManagerRoot() const
The RepoManager root directory.
bool provideAndImportKeyFromRepositoryWorkflow(const std::string &id_r, const RepoInfo &info_r)
PublicKey exportTrustedPublicKey(const PublicKeyData &keyData)
virtual void report(const UserData &userData_r=UserData())
The most generic way of sending/receiving data.
KeyTrust
User reply options for the askUserToTrustKey callback.
bool empty() const
Test for an empty path.
boost::noncopyable NonCopyable
Ensure derived classes cannot be copied.
Date created() const
Creation / last modification date (latest selfsig).
PublicKeyData trustedPublicKeyExists(const std::string &id)
static void setDefaultAccept(DefaultAccept value_r)
Set the active accept bits.
Provide a new empty temporary directory and recursively delete it when no longer needed.
filesystem::TmpDir _trusted_tmp_dir
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
std::list< PublicKeyData > _data
bool set(const std::string &key_r, AnyType val_r)
Set the value for key (nonconst version always returns true).
const std::string & asString() const
String representation.
bool verifyFileSignatureWorkflow(const Pathname &file, const std::string &filedesc, const Pathname &signature, bool &sigValid_r, const KeyContext &keycontext=KeyContext())
bool isExist() const
Return whether valid stat info exists.
std::string asUserHistory() const
A single (multiline) string composed of asUserString and historyAsString.
const Pathname generalKeyRing() const
filesystem::TmpFile dumpPublicKeyToTmp(const std::string &id, const Pathname &keyring)
Interim helper class to collect global options and settings.
IMPL_PTR_TYPE(Application)
std::list< PublicKey > trustedPublicKeys()
scoped_ptr< WatchFile > _keyringP
bool provideAndImportKeyFromRepositoryWorkflow(const std::string &id, const RepoInfo &info)
Try to find the id in key cache or repository specified in info.
void importKey(const PublicKey &key, bool trusted=false)
Impl(const Pathname &baseTmpDir)
bool isKeyKnown(const std::string &id)
true if the key id is knows, that means at least exist on the untrusted keyring
void multiKeyImport(const Pathname &keyfile_r, bool trusted_r=false)
Initial import from RpmDb.
User has chosen not to trust the key.
std::string fingerprint() const
Key fingerprint.
virtual KeyTrust askUserToAcceptKey(const PublicKey &key, const KeyContext &keycontext=KeyContext())
Ask user to trust and/or import the key to trusted keyring.
scoped_ptr< WatchFile > _keyringK
#define ZYPP_CAUGHT(EXCPT)
Drops a logline telling the Exception was caught (in order to handle it).
const RepoInfo repoInfo() const
static DefaultAccept defaultAccept()
Get the active accept bits.
RW_pointer< Impl > _pimpl
Pointer to implementation.
Class representing one GPG Public Key (PublicKeyData + ASCII armored in a tempfile).
std::list< PublicKeyData > publicKeyData()
Get a list of public key data in the keyring (key data only)
Base class for Exception.
Pathname path() const
File containig the ASCII armored key.
std::string id() const
Key ID.
bool empty() const
Is the context unknown?
const Tp & get(const std::string &key_r) const
Pass back a const Tp & reference to key_r value.
const Pathname trustedKeyRing() const
std::list< PublicKey > publicKeys()
Typesafe passing of user data via callbacks.
void deleteKey(const std::string &id, bool trusted=false)
removes a key from the keyring.
static constexpr const char * KEYS_NOT_IMPORTED_REPORT
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
bool verifyFileTrustedSignature(const Pathname &file, const Pathname &signature)
shared_ptr< KeyManagerCtx > Ptr
Wrapper class for ::stat/::lstat.
const std::list< PublicKeyData > & publicKeyData(const Pathname &keyring)
bool hasvalue(const std::string &key_r) const
Whether key_r is in data and value is not empty.
bool isKeyTrusted(const std::string &id)
true if the key id is trusted
void setRepoInfo(const RepoInfo &repoinfo)
Easy-to use interface to the ZYPP dependency resolver.
callback::SendReport< KeyRingSignals > _emitSignal
std::string readSignatureKeyId(const Pathname &signature)
reads the public key id from a signature
bool verifyFileSignature(const Pathname &file, const Pathname &signature)
Verifies a file against a signature, with no user interaction.
static constexpr const char * ACCEPT_PACKAGE_KEY_REQUEST
std::string readSignatureKeyId(const Pathname &signature)
virtual bool askUserToAcceptVerificationFailed(const std::string &file, const PublicKey &key, const KeyContext &keycontext=KeyContext())
The file filedesc is signed but the verification failed.
std::list< PublicKey > publicKeys()
Get a list of public keys in the keyring (incl.
filesystem::TmpDir _general_tmp_dir