GpgMEWorker.h

/* 
 * File:   GpgMEWorker.h
 * Author: Saleem Edah-Tally - nmset@yandex.com
 * License : LGPL v2.1
 * Copyright Saleem Edah-Tally - © 2019
 *
 * Created on 11 octobre 2019, 16:34
 */

#ifndef GPGMEWORKER_H
#define GPGMEWORKER_H

#include <gpgme++/context.h>
#include <gpgme++/error.h>
#include <gpgme++/key.h>
#include <gpgme++/gpgsetownertrusteditinteractor.h>
#include <gpgme++/gpgsignkeyeditinteractor.h>
#include <gpgme++/gpgsetexpirytimeeditinteractor.h>
#include <gpgme++/gpgadduserideditinteractor.h>
#include <vector>
#include "LoopbackPassphraseProvider.h"

using namespace std;
using namespace GpgME;

/**
 * Main class for GPGME OP, except deleting keys.
 */
class GpgMEWorker
{
public:
    GpgMEWorker();
    virtual ~GpgMEWorker();

    /**
     * Find keys corresponding to pattern. GPGME searches in many fields :
     * keyid, fingerprint, name, email...
     * @param pattern
     * @param hasSecret
     * @param e
     * @return 
     */
    vector<GpgME::Key> FindKeys(const char * pattern, bool hasSecret, Error& e) const;
    /**
     * Search for a single key fully identified : keyid, short keyid, fingerprint.
     * @param anyFullId
     * @param e
     * @param secret
     * @return 
     */
    GpgME::Key FindKey(const char * anyFullId, Error& e, bool secret = false) const;
    /**
     * Import a key from file.
     * @param filePath
     * @param e
     * @return : the fingerprint
     */
    const string ImportKey(const char * filePath, Error& e);
    /**
     * Inplace editing of owner trust if allowed
     * @param anyFullId
     * @param trustLevel : New trust level in key owner
     * @return 
     */
    const Error EditOwnerTrust(const char * anyFullId, GpgME::Key::OwnerTrust trustLevel);
    /**
     * Certify (sign) selected key.
     * @param fprSigningKey
     * @param fprKeyToSign
     * @param userIDsToSign : index of each user identity in a vector.
     * @param options : Exportable (1), Non revocable (2).
     * \nTrust(4) is not implemented.
     * @param passphrase
     * @return 
     */
    const Error CertifyKey(const char * fprSigningKey,
                           const char * fprKeyToSign,
                           vector<uint>& userIDsToSign, int options,
                           const string& passphrase);
    /**
     * Revoke UserID certifications.
     * \n Requires GnuPG >= 2.2.24
     * @param fprSigningKey
     * @param fprKeyToSign
     * @param userIDsToRevoke : vector of ::UserID
     * @param passphrase
     * @return 
     */
    const Error RevokeKeyCertifications(const char * fprSigningKey,
                                        const char * fprKeyToSign,
                                        vector<GpgME::UserID>& userIDsToRevoke,
                                        const string& passphrase);
    /**
     * Sets the expiry time of a single (sub)key. Requires GPGME >= 1.15.0.
     * \n If no subkey is found (wrong fpr) or not provided, the expiry time of 
     * key is set instead.
     * @param keyFpr
     * @param subkeyFpr
     * @param passphrase
     * @param expires : seconds from now. Use 0 for no expiry.
     * @return 
     */
    const Error SetKeyExpiryTime(const char * keyFpr,
                                 const char * subkeyFpr,
                                 const string& passphrase,
                                 ulong expires = 63072000);
    /**
     * Adds a user identity to a key.
     * \n The email parameter must have a valid email address format here, else
     * GPGME will refuse to create the identity. This is not the case when
     * creating a key, where any string is accepted.
     * @param keyFpr
     * @param passphrase
     * @param name
     * @param email : string with a valid email format
     * @param comment
     * @return 
     */
    const Error AddUserID(const char * keyFpr, const string& passphrase,
                          const string& name, const string& email,
                          const string& comment);
    /**
     * Revoke a user identity. Does not remove the identity.
     * \n N.B. : if the uid is revoked a second time, Error::code is 0.
     * @param keyFpr
     * @param passphrase
     * @param name
     * @param email
     * @param comment
     * @return 
     */
    const Error RevokeUserID(const char * keyFpr, const string& passphrase,
                             const string& name, const string& email,
                             const string& comment);
    /**
     * Creates a pair of secret and public keys with the default engine
     * algorithms. Default expiry time is 2 * 365 days.
     * @param k : must be a null key
     * @param name
     * @param email
     * @param comment
     * @param passphrase
     * @param expires : seconds ahead of creation time. Use 0 for no expiry.
     * @return 
     */
    const Error CreateKeyWithEngineDefaultAlgo(GpgME::Key& k,
                                               const string& name,
                                               const string& email,
                                               const string& comment,
                                               const string& passphrase,
                                               ulong expires = 63072000);
    /**
     * Creates a secret key with passed in algorithm name. Default expiry time
     * is 2 * 365 days.
     * @param k : must be a null key
     * @param name
     * @param email
     * @param comment
     * @param algo : a valid algorithm name for a secret key
     * @param passphrase
     * @param expires : seconds ahead of creation time. Use 0 for no expiry.
     * @return 
     */
    const Error CreateKey(GpgME::Key& k,
                          const string& name,
                          const string& email,
                          const string& comment,
                          const char * algo,
                          const string& passphrase,
                          ulong expires = 63072000);
    /**
     * Creates a public key with passed in algorithm name and adds it to secret
     * key k. Default expiry time is 2 * 365 days.
     * @param k : must be a secret key
     * @param algo : : a valid algorithm name for a public key
     * @param passphrase
     * @param expires : seconds ahead of creation time. Use 0 for no expiry.
     * @return 
     */
    const Error CreateSubKey(GpgME::Key& k,
                             const char * algo,
                             const string& passphrase,
                             ulong expires = 63072000);
    /**
     * Export a secret key.
     * @param pattern : a key fingerprint
     * @param buffer : returns data in armor mode
     * @return 
     */
    const Error ExportPrivateKey(const char * pattern, string& buffer,
                                 const string& passphrase = "");
    /**
     * Export a public key.
     * @param pattern : a key fingerprint
     * @param buffer : returns data in armor mode
     * @return 
     */
    const Error ExportPublicKey(const char * pattern, string& buffer);
private:
    Context * m_ctx;
    // GPG will fetch a password here.
    LoopbackPassphraseProvider * m_ppp;

    string MakeUidString(const string& name, const string& email,
                         const string& comment);
};

/**
 * Edit trust in key owner
 */
class SetOwnerTrustEditInteractor : public GpgSetOwnerTrustEditInteractor
{
public:

    /**
     * 
     * @param ownerTrust : New trust level
     */
    SetOwnerTrustEditInteractor(GpgME::Key::OwnerTrust ownerTrust)
    : GpgSetOwnerTrustEditInteractor(ownerTrust)
    {
    }

    virtual ~SetOwnerTrustEditInteractor()
    {
    }

};

/**
 * Passed to GPG engine to certify (sign) a key.
 */
class SetSignKeyEditInteractor : public GpgSignKeyEditInteractor
{
public:

    SetSignKeyEditInteractor() : GpgSignKeyEditInteractor()
    {
    };

    virtual ~SetSignKeyEditInteractor()
    {
    };

};

class AddUserIDEditInteractor : public GpgAddUserIDEditInteractor
{
public:

    AddUserIDEditInteractor()
    : GpgAddUserIDEditInteractor()
    {
    }

    virtual ~AddUserIDEditInteractor()
    {
    };
};

#endif /* GPGMEWORKER_H */
Initial commit 2019-10-25 20:16:43 +02:00			`/*`
			`* File: GpgMEWorker.h`
Expand developer string. 2022-11-19 15:56:56 +01:00			`* Author: Saleem Edah-Tally - nmset@yandex.com`
Initial commit 2019-10-25 20:16:43 +02:00			`* License : LGPL v2.1`
Expand developer string. 2022-11-19 15:56:56 +01:00			`* Copyright Saleem Edah-Tally - © 2019`
Initial commit 2019-10-25 20:16:43 +02:00			`*`
			`* Created on 11 octobre 2019, 16:34`
			`*/`

			`#ifndef GPGMEWORKER_H`
			`#define GPGMEWORKER_H`

			`#include <gpgme++/context.h>`
			`#include <gpgme++/error.h>`
			`#include <gpgme++/key.h>`
Edit owner trust level. Inplace editing with a combobox if user is allowed. in app config file. 2020-10-25 17:28:47 +01:00			`#include <gpgme++/gpgsetownertrusteditinteractor.h>`
Certify key. In-place editing with a popup if user is allowed in app config file. User must of course manage at least a private key. User identities of target key may be selectively chosen. Optionally, certification may be exportable and non-revocable. 2020-11-03 11:06:25 +01:00			`#include <gpgme++/gpgsignkeyeditinteractor.h>`
Allow to change key expiry date. Select new date in a popup. Controlled by a specific configuration flag. 2020-11-07 22:17:44 +01:00			`#include <gpgme++/gpgsetexpirytimeeditinteractor.h>`
Add function to add a new user identity to a key. The email parameter must have a valid email address format here, else GPGME will refuse to create the identity. This is not the case when creating a key, where any string is accepted. 2020-11-16 15:58:50 +01:00			`#include <gpgme++/gpgadduserideditinteractor.h>`
Initial commit 2019-10-25 20:16:43 +02:00			`#include <vector>`
Certify key. In-place editing with a popup if user is allowed in app config file. User must of course manage at least a private key. User identities of target key may be selectively chosen. Optionally, certification may be exportable and non-revocable. 2020-11-03 11:06:25 +01:00			`#include "LoopbackPassphraseProvider.h"`
Initial commit 2019-10-25 20:16:43 +02:00
			`using namespace std;`
			`using namespace GpgME;`
Edit owner trust level. Inplace editing with a combobox if user is allowed. in app config file. 2020-10-25 17:28:47 +01:00
Initial commit 2019-10-25 20:16:43 +02:00			`/**`
			`* Main class for GPGME OP, except deleting keys.`
			`*/`
			`class GpgMEWorker`
			`{`
			`public:`
			`GpgMEWorker();`
			`virtual ~GpgMEWorker();`

			`/**`
			`* Find keys corresponding to pattern. GPGME searches in many fields :`
			`* keyid, fingerprint, name, email...`
			`* @param pattern`
			`* @param hasSecret`
			`* @param e`
			`* @return`
			`*/`
			`vector<GpgME::Key> FindKeys(const char * pattern, bool hasSecret, Error& e) const;`
			`/**`
			`* Search for a single key fully identified : keyid, short keyid, fingerprint.`
			`* @param anyFullId`
			`* @param e`
			`* @param secret`
			`* @return`
			`*/`
			`GpgME::Key FindKey(const char * anyFullId, Error& e, bool secret = false) const;`
			`/**`
			`* Import a key from file.`
			`* @param filePath`
			`* @param e`
Use fingerprint instead of keyid when importing and deleting keys. 2020-11-11 21:09:43 +01:00			`* @return : the fingerprint`
Initial commit 2019-10-25 20:16:43 +02:00			`*/`
			`const string ImportKey(const char * filePath, Error& e);`
Edit owner trust level. Inplace editing with a combobox if user is allowed. in app config file. 2020-10-25 17:28:47 +01:00			`/**`
			`* Inplace editing of owner trust if allowed`
			`* @param anyFullId`
			`* @param trustLevel : New trust level in key owner`
			`* @return`
			`*/`
			`const Error EditOwnerTrust(const char * anyFullId, GpgME::Key::OwnerTrust trustLevel);`
Certify key. In-place editing with a popup if user is allowed in app config file. User must of course manage at least a private key. User identities of target key may be selectively chosen. Optionally, certification may be exportable and non-revocable. 2020-11-03 11:06:25 +01:00			`/**`
			`* Certify (sign) selected key.`
			`* @param fprSigningKey`
			`* @param fprKeyToSign`
			`* @param userIDsToSign : index of each user identity in a vector.`
			`* @param options : Exportable (1), Non revocable (2).`
			`* \nTrust(4) is not implemented.`
			`* @param passphrase`
			`* @return`
			`*/`
			`const Error CertifyKey(const char * fprSigningKey,`
			`const char * fprKeyToSign,`
			`vector<uint>& userIDsToSign, int options,`
			`const string& passphrase);`
Allow to change key expiry date. Select new date in a popup. Controlled by a specific configuration flag. 2020-11-07 22:17:44 +01:00			`/**`
Allow revoking key certifications. Certified user identities in keys can be revoked using the same popup for certification. Requires GnuPG 2.2.24 (not available in distro's repository, not fully tested to date). 2020-11-22 14:22:08 +01:00			`* Revoke UserID certifications.`
			`* \n Requires GnuPG >= 2.2.24`
			`* @param fprSigningKey`
			`* @param fprKeyToSign`
			`* @param userIDsToRevoke : vector of ::UserID`
			`* @param passphrase`
Allow to change key expiry date. Select new date in a popup. Controlled by a specific configuration flag. 2020-11-07 22:17:44 +01:00			`* @return`
			`*/`
Allow revoking key certifications. Certified user identities in keys can be revoked using the same popup for certification. Requires GnuPG 2.2.24 (not available in distro's repository, not fully tested to date). 2020-11-22 14:22:08 +01:00			`const Error RevokeKeyCertifications(const char * fprSigningKey,`
Allow to export private keys. Using a workaround that validates passphrase for a secret key. With GnuPG 2.2.23 and GpgME 1.1.15, a secret key can be exported when the right passphrase is provided. With a bad passphrase, application crashes. See https://dev.gnupg.org/T5151 Application may validate a passphrase before invoking engine. Until it is hopefully fixed in upstream and available in mainstream. 2020-11-24 22:15:46 +01:00			`const char * fprKeyToSign,`
			`vector<GpgME::UserID>& userIDsToRevoke,`
			`const string& passphrase);`
Document changing subkey expiry time. 2020-11-22 09:21:38 +01:00			`/**`
Use new Context::setExpire to set expiration dates. If no subkey is found (wrong fpr) or not provided, the expiry time of the key is set instead. setExpire() allows to expire all subkeys at once. Not implemented here. Requires GPGME >= 1.15.0. 2020-11-23 11:45:33 +01:00			`* Sets the expiry time of a single (sub)key. Requires GPGME >= 1.15.0.`
			`* \n If no subkey is found (wrong fpr) or not provided, the expiry time of`
			`* key is set instead.`
Document changing subkey expiry time. 2020-11-22 09:21:38 +01:00			`* @param keyFpr`
			`* @param subkeyFpr`
			`* @param passphrase`
			`* @param expires : seconds from now. Use 0 for no expiry.`
			`* @return`
			`*/`
Use new Context::setExpire to set expiration dates. If no subkey is found (wrong fpr) or not provided, the expiry time of the key is set instead. setExpire() allows to expire all subkeys at once. Not implemented here. Requires GPGME >= 1.15.0. 2020-11-23 11:45:33 +01:00			`const Error SetKeyExpiryTime(const char * keyFpr,`
Allow to export private keys. Using a workaround that validates passphrase for a secret key. With GnuPG 2.2.23 and GpgME 1.1.15, a secret key can be exported when the right passphrase is provided. With a bad passphrase, application crashes. See https://dev.gnupg.org/T5151 Application may validate a passphrase before invoking engine. Until it is hopefully fixed in upstream and available in mainstream. 2020-11-24 22:15:46 +01:00			`const char * subkeyFpr,`
			`const string& passphrase,`
			`ulong expires = 63072000);`
Add function to add a new user identity to a key. The email parameter must have a valid email address format here, else GPGME will refuse to create the identity. This is not the case when creating a key, where any string is accepted. 2020-11-16 15:58:50 +01:00			`/**`
			`* Adds a user identity to a key.`
			`* \n The email parameter must have a valid email address format here, else`
			`* GPGME will refuse to create the identity. This is not the case when`
			`* creating a key, where any string is accepted.`
			`* @param keyFpr`
			`* @param passphrase`
			`* @param name`
			`* @param email : string with a valid email format`
			`* @param comment`
			`* @return`
			`*/`
			`const Error AddUserID(const char * keyFpr, const string& passphrase,`
			`const string& name, const string& email,`
			`const string& comment);`
Add function to revoke a user identity. Done with Context::revUid, not with UserID::revoke. Does not remove the identity. N.B. : if the uid is revoked a second time, Error::code is 0. 2020-11-18 20:48:15 +01:00			`/**`
			`* Revoke a user identity. Does not remove the identity.`
			`* \n N.B. : if the uid is revoked a second time, Error::code is 0.`
			`* @param keyFpr`
			`* @param passphrase`
			`* @param name`
			`* @param email`
			`* @param comment`
			`* @return`
			`*/`
			`const Error RevokeUserID(const char * keyFpr, const string& passphrase,`
Allow changing subkey expiry time. Needs GPGME 1.15.0. Using the same UI for changing expiry time of the primary secret key. 2020-11-21 20:53:01 +01:00			`const string& name, const string& email,`
			`const string& comment);`
Add key creation functions. - create a pair of keys with default engine algorithms - create a secret key - create a subkey (public) and add it to a secret key. 2020-11-11 14:47:05 +01:00			`/**`
			`* Creates a pair of secret and public keys with the default engine`
			`* algorithms. Default expiry time is 2 * 365 days.`
			`* @param k : must be a null key`
			`* @param name`
			`* @param email`
			`* @param comment`
			`* @param passphrase`
			`* @param expires : seconds ahead of creation time. Use 0 for no expiry.`
			`* @return`
			`*/`
			`const Error CreateKeyWithEngineDefaultAlgo(GpgME::Key& k,`
			`const string& name,`
			`const string& email,`
			`const string& comment,`
			`const string& passphrase,`
			`ulong expires = 63072000);`
			`/**`
			`* Creates a secret key with passed in algorithm name. Default expiry time`
			`* is 2 * 365 days.`
			`* @param k : must be a null key`
			`* @param name`
			`* @param email`
			`* @param comment`
			`* @param algo : a valid algorithm name for a secret key`
			`* @param passphrase`
			`* @param expires : seconds ahead of creation time. Use 0 for no expiry.`
			`* @return`
			`*/`
			`const Error CreateKey(GpgME::Key& k,`
			`const string& name,`
			`const string& email,`
			`const string& comment,`
			`const char * algo,`
			`const string& passphrase,`
			`ulong expires = 63072000);`
			`/**`
			`* Creates a public key with passed in algorithm name and adds it to secret`
			`* key k. Default expiry time is 2 * 365 days.`
			`* @param k : must be a secret key`
			`* @param algo : : a valid algorithm name for a public key`
			`* @param passphrase`
			`* @param expires : seconds ahead of creation time. Use 0 for no expiry.`
			`* @return`
			`*/`
			`const Error CreateSubKey(GpgME::Key& k,`
			`const char * algo,`
			`const string& passphrase,`
			`ulong expires = 63072000);`
Test export private keys in C++. Result : fails. Reason : loopback passphrase provider is never called. With default pinentry mode, the passphrase is requested normally and the private key is exported. But this can't be done on a web server. Enclosed in #ifdef DEVTIME. 2020-11-15 11:47:30 +01:00			`/**`
Allow exporting secret keys. Requests the passphrase with a popup. As from GPGME 1.15.0, the loopback pinentry is functional when exporting secret keys. It works fine when the exact passphrase is provided. If it's a wrong passphrase, GPGME does not generate an ::Error, but the app crashes with 'free(): double free detected in tcache 2'. Hence, this patch cannot be committed to master. Status : dangerous Result : works and works not Reason : a wrong passphrase means a crash 2020-11-20 22:41:29 +01:00			`* Export a secret key.`
			`* @param pattern : a key fingerprint`
			`* @param buffer : returns data in armor mode`
Test export private keys in C++. Result : fails. Reason : loopback passphrase provider is never called. With default pinentry mode, the passphrase is requested normally and the private key is exported. But this can't be done on a web server. Enclosed in #ifdef DEVTIME. 2020-11-15 11:47:30 +01:00			`* @return`
			`*/`
			`const Error ExportPrivateKey(const char * pattern, string& buffer,`
Add function to export public keys. Expects a fingerprint to export a single public key in armor mode. 2020-11-15 11:58:07 +01:00			`const string& passphrase = "");`
			`/**`
			`* Export a public key.`
			`* @param pattern : a key fingerprint`
			`* @param buffer : returns data in armor mode`
			`* @return`
			`*/`
			`const Error ExportPublicKey(const char * pattern, string& buffer);`
Initial commit 2019-10-25 20:16:43 +02:00			`private:`
			`Context * m_ctx;`
Certify key. In-place editing with a popup if user is allowed in app config file. User must of course manage at least a private key. User identities of target key may be selectively chosen. Optionally, certification may be exportable and non-revocable. 2020-11-03 11:06:25 +01:00			`// GPG will fetch a password here.`
			`LoopbackPassphraseProvider * m_ppp;`
Format uid string correctly when creating keys. Correct format : name <email> (comment) Was : name <email> comment Though the 'comment' part was visible with the cli gpg app, it was not shown in kleopatra and in K7. 2020-11-16 14:39:57 +01:00
			`string MakeUidString(const string& name, const string& email,`
			`const string& comment);`
Initial commit 2019-10-25 20:16:43 +02:00			`};`

Edit owner trust level. Inplace editing with a combobox if user is allowed. in app config file. 2020-10-25 17:28:47 +01:00			`/**`
			`* Edit trust in key owner`
			`*/`
			`class SetOwnerTrustEditInteractor : public GpgSetOwnerTrustEditInteractor`
			`{`
			`public:`
Certify key. In-place editing with a popup if user is allowed in app config file. User must of course manage at least a private key. User identities of target key may be selectively chosen. Optionally, certification may be exportable and non-revocable. 2020-11-03 11:06:25 +01:00
Edit owner trust level. Inplace editing with a combobox if user is allowed. in app config file. 2020-10-25 17:28:47 +01:00			`/**`
			`*`
			`* @param ownerTrust : New trust level`
			`*/`
			`SetOwnerTrustEditInteractor(GpgME::Key::OwnerTrust ownerTrust)`
Certify key. In-place editing with a popup if user is allowed in app config file. User must of course manage at least a private key. User identities of target key may be selectively chosen. Optionally, certification may be exportable and non-revocable. 2020-11-03 11:06:25 +01:00			`: GpgSetOwnerTrustEditInteractor(ownerTrust)`
			`{`
			`}`
Edit owner trust level. Inplace editing with a combobox if user is allowed. in app config file. 2020-10-25 17:28:47 +01:00
Certify key. In-place editing with a popup if user is allowed in app config file. User must of course manage at least a private key. User identities of target key may be selectively chosen. Optionally, certification may be exportable and non-revocable. 2020-11-03 11:06:25 +01:00			`virtual ~SetOwnerTrustEditInteractor()`
			`{`
			`}`

			`};`

			`/**`
			`* Passed to GPG engine to certify (sign) a key.`
			`*/`
			`class SetSignKeyEditInteractor : public GpgSignKeyEditInteractor`
			`{`
			`public:`

			`SetSignKeyEditInteractor() : GpgSignKeyEditInteractor()`
			`{`
			`};`

			`virtual ~SetSignKeyEditInteractor()`
			`{`
			`};`
Edit owner trust level. Inplace editing with a combobox if user is allowed. in app config file. 2020-10-25 17:28:47 +01:00
			`};`

Add function to add a new user identity to a key. The email parameter must have a valid email address format here, else GPGME will refuse to create the identity. This is not the case when creating a key, where any string is accepted. 2020-11-16 15:58:50 +01:00			`class AddUserIDEditInteractor : public GpgAddUserIDEditInteractor`
			`{`
			`public:`

			`AddUserIDEditInteractor()`
			`: GpgAddUserIDEditInteractor()`
			`{`
			`}`

			`virtual ~AddUserIDEditInteractor()`
			`{`
			`};`
			`};`

Initial commit 2019-10-25 20:16:43 +02:00			`#endif /* GPGMEWORKER_H */`