Libkleo

keyhelpers.h
1/*
2 utils/keyhelpers.h
3
4 This file is part of libkleopatra, the KDE keymanagement library
5 SPDX-FileCopyrightText: 2021-2022 g10 Code GmbH
6 SPDX-FileContributor: Ingo Klöcker <dev@ingo-kloecker.de>
7
8 SPDX-License-Identifier: GPL-2.0-or-later
9*/
10
11#pragma once
12
13#include "kleo_export.h"
14
15#include <QStringList>
16
17#include <gpgme++/key.h>
18
19#include <algorithm>
20#include <set>
21#include <vector>
22
23namespace Kleo
24{
25
26template<typename KeyContainer>
27QStringList getFingerprints(const KeyContainer &keys)
28{
29 QStringList fingerprints;
30
31 fingerprints.reserve(keys.size());
32 std::transform(std::begin(keys), std::end(keys), std::back_inserter(fingerprints), [](const auto &key) {
33 return QString::fromLatin1(key.primaryFingerprint());
34 });
35
36 return fingerprints;
37}
38
39KLEO_EXPORT std::set<QString> getMissingSignerKeyIds(const std::vector<GpgME::UserID> &userIds);
40
41KLEO_EXPORT std::set<QString> getMissingSignerKeyIds(const std::vector<GpgME::Key> &keys);
42
43/**
44 * Returns true, if the key \p key is the result of a lookup which is not present
45 * in the local key ring.
46 */
47KLEO_EXPORT bool isRemoteKey(const GpgME::Key &key);
48
49KLEO_EXPORT GpgME::UserID::Validity minimalValidityOfNotRevokedUserIDs(const GpgME::Key &key);
50
51KLEO_EXPORT GpgME::UserID::Validity maximalValidityOfUserIDs(const GpgME::Key &key);
52
53/* Is the key valid i.e. are all not revoked uids fully trusted? */
54KLEO_EXPORT bool allUserIDsHaveFullValidity(const GpgME::Key &key);
55
56template<typename RangeOfKeys>
57bool allKeysHaveProtocol(const RangeOfKeys &keys, GpgME::Protocol protocol)
58{
59 return std::all_of(std::begin(keys), std::end(keys), [protocol](const auto &key) {
60 return key.protocol() == protocol;
61 });
62}
63
64template<typename RangeOfKeys>
65bool anyKeyHasProtocol(const RangeOfKeys &keys, GpgME::Protocol protocol)
66{
67 return std::any_of(std::begin(keys), std::end(keys), [protocol](const auto &key) {
68 return key.protocol() == protocol;
69 });
70}
71
72/** Returns true if \p signature is a self-signature. */
73KLEO_EXPORT bool isSelfSignature(const GpgME::UserID::Signature &signature);
74
75/**
76 * Returns true if the most recent self-signature of \p userId is a revocation
77 * signature or if it has expired.
78 */
79KLEO_EXPORT bool isRevokedOrExpired(const GpgME::UserID &userId);
80
81/** Returns true if the most recent self-signature of \p userId has expired. */
82KLEO_EXPORT bool isExpired(const GpgME::UserID &userId);
83
84/**
85 * Returns true if \p key can be used to certify user IDs, i.e. if the key
86 * has the required capability and if the secret key of the (primary)
87 * certification subkey is available in the keyring or on a smart card.
88 */
89KLEO_EXPORT bool canCreateCertifications(const GpgME::Key &key);
90
91/**
92 * Returns true if the key \p key can be certified, i.e. it is an OpenPGP key
93 * which is neither revoked nor expired and which has at least one user ID
94 * that is neither revoked nor expired.
95 */
96KLEO_EXPORT bool canBeCertified(const GpgME::Key &key);
97
98/**
99 * Returns true if the certificate \p key can be used for encryption, i.e. if
100 * it has at least one encryption subkey that is neither expired nor revoked
101 * nor otherwise invalid.
102 */
103KLEO_EXPORT bool canBeUsedForEncryption(const GpgME::Key &key);
104
105/**
106 * Returns true if the certificate \p key can be used for signing data, i.e. if
107 * it has at least one signing subkey that is neither expired nor revoked
108 * nor otherwise invalid and for which the secret key is available.
109 */
110KLEO_EXPORT bool canBeUsedForSigning(const GpgME::Key &key);
111
112/**
113 * Returns true if \p key can be used for operations requiring the secret key,
114 * i.e. if the secret key of the primary key pair is available in the keyring
115 * or on a smart card.
116 *
117 * \note Key::hasSecret() also returns true if a secret key stub, e.g. of an
118 * offline key, is available in the keyring.
119 */
120KLEO_EXPORT bool canBeUsedForSecretKeyOperations(const GpgME::Key &key);
121
122/**
123 * Returns true if \p userId can be revoked, i.e. if it isn't the last valid
124 * user ID of an OpenPGP key.
125 */
126KLEO_EXPORT bool canRevokeUserID(const GpgME::UserID &userId);
127
128/**
129 * Returns true if the secret key of the primary key pair of \p key is stored
130 * in the keyring.
131 */
132KLEO_EXPORT bool isSecretKeyStoredInKeyRing(const GpgME::Key &key);
133
134/**
135 * Returns true if any keys suitable for certifying user IDs are available in
136 * the keyring or on a smart card.
137 *
138 * \sa canCreateCertifications
139 */
140KLEO_EXPORT bool userHasCertificationKey();
141
142enum CertificationRevocationFeasibility {
143 CertificationCanBeRevoked = 0,
144 CertificationNotMadeWithOwnKey,
145 CertificationIsSelfSignature,
146 CertificationIsRevocation,
147 CertificationIsExpired,
148 CertificationIsInvalid,
149 CertificationKeyNotAvailable,
150};
151
152/**
153 * Checks if the user can revoke the given \p certification.
154 */
155KLEO_EXPORT CertificationRevocationFeasibility userCanRevokeCertification(const GpgME::UserID::Signature &certification);
156
157/**
158 * Returns true if the user can revoke any of the certifications of the \p userId.
159 *
160 * \sa userCanRevokeCertification
161 */
162KLEO_EXPORT bool userCanRevokeCertifications(const GpgME::UserID &userId);
163
164/**
165 * Returns true, if the user ID \p userID belongs to the key \p key.
166 */
167KLEO_EXPORT bool userIDBelongsToKey(const GpgME::UserID &userID, const GpgME::Key &key);
168
169/**
170 * Returns a unary predicate to check if a user ID belongs to the key \p key.
171 */
172inline auto userIDBelongsToKey(const GpgME::Key &key)
173{
174 return [key](const GpgME::UserID &userID) {
175 return userIDBelongsToKey(userID, key);
176 };
177}
178
179/**
180 * Returns true, if the two user IDs \p lhs and \p rhs are equal.
181 *
182 * Equality means that both user IDs belong to the same key, contain identical
183 * text, and have the same creation date (i.e. the creation date of the first
184 * self-signature is the same).
185 */
186KLEO_EXPORT bool userIDsAreEqual(const GpgME::UserID &lhs, const GpgME::UserID &rhs);
187
188/**
189 * Returns true, if the user ID \p userId has a valid, exportable certification
190 * that was made with one of the available ultimately trusted OpenPGP keys.
191 */
192KLEO_EXPORT bool userIDIsCertifiedByUser(const GpgME::UserID &userId);
193
194struct KLEO_EXPORT KeysByProtocol {
195 std::vector<GpgME::Key> openpgp;
196 std::vector<GpgME::Key> cms;
197};
198
199/**
200 * Partitions the keys \p keys into OpenPGP keys and CMS certificates.
201 */
202template<typename KeyContainer>
203KeysByProtocol partitionKeysByProtocol(const KeyContainer &keys)
204{
205 KeysByProtocol result;
206 std::partition_copy(std::begin(keys), std::end(keys), std::back_inserter(result.openpgp), std::back_inserter(result.cms), [](const auto &key) {
207 return key.protocol() == GpgME::OpenPGP;
208 });
209 return result;
210}
211}
void reserve(qsizetype size)
QString fromLatin1(QByteArrayView str)
This file is part of the KDE documentation.
Documentation copyright © 1996-2024 The KDE developers.
Generated on Fri Jun 14 2024 11:51:59 by doxygen 1.10.0 written by Dimitri van Heesch, © 1997-2006

KDE's Doxygen guidelines are available online.