Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-04-10 18:29:23 -04:00
Code Issues Packages Projects Releases Wiki Activity

Changed KeeShareSettings to explicitly ask

Browse Source 
KeeShareSettings now allow to trust, untrust or ask on next import from
a specific publisher with a specific container
This commit is contained in:
Christian Kieschnick 2019-01-03 18:22:41 +01:00
parent 2e18388825
commit 3d02013513
7 changed files with 74 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/keeshare/KeeShareSettings.cpp
View File

@ -297,7 +297,7 @@ namespace KeeShareSettings
bool ScopedCertificate::operator==(const ScopedCertificate &other) const
{
return trusted == other.trusted && path == other.path && certificate == other.certificate;
return trust == other.trust && path == other.path && certificate == other.certificate;
}
bool ScopedCertificate::operator!=(const ScopedCertificate &other) const
@ -308,7 +308,15 @@ namespace KeeShareSettings
void ScopedCertificate::serialize(QXmlStreamWriter& writer, const ScopedCertificate& scopedCertificate)
{
writer.writeAttribute("Path", scopedCertificate.path);
writer.writeAttribute("Trusted", scopedCertificate.trusted ? "True" : "False");
if(scopedCertificate.trust == KeeShareSettings::Trust::Trusted) {
writer.writeAttribute("Trust", "Trusted");
}
else if(scopedCertificate.trust == KeeShareSettings::Trust::Untrusted){
writer.writeAttribute("Trust", "Untrusted");
}
else {
writer.writeAttribute("Trust", "Ask");
}
Certificate::serialize(writer, scopedCertificate.certificate);
}
@ -316,7 +324,16 @@ namespace KeeShareSettings
{
ScopedCertificate scopedCertificate;
scopedCertificate.path = reader.attributes().value("Path").toString();
scopedCertificate.trusted = reader.attributes().value("Trusted") == "True";
auto trust = reader.attributes().value("Trusted").toString();
if(trust.compare("Trusted", Qt::CaseInsensitive)) {
scopedCertificate.trust = KeeShareSettings::Trust::Trusted;
}
if(trust.compare("Unrusted", Qt::CaseInsensitive)) {
scopedCertificate.trust = KeeShareSettings::Trust::Untrusted;
}
else {
scopedCertificate.trust = KeeShareSettings::Trust::Ask;
}
scopedCertificate.certificate = Certificate::deserialize(reader);
return scopedCertificate;
}

7
src/keeshare/KeeShareSettings.h
View File

@ -99,11 +99,16 @@ namespace KeeShareSettings
static Own generate();
};
enum class Trust {
Ask,
Untrusted,
Trusted
};
struct ScopedCertificate
{
QString path;
Certificate certificate;
bool trusted;
Trust trust;
bool operator==(const ScopedCertificate& other) const;
bool operator!=(const ScopedCertificate& other) const;

24
src/keeshare/SettingsWidgetKeeShare.cpp
View File

@ -46,6 +46,7 @@ SettingsWidgetKeeShare::SettingsWidgetKeeShare(QWidget* parent)
connect(m_ui->exportOwnCertificateButton, SIGNAL(clicked(bool)), SLOT(exportCertificate()));
connect(m_ui->trustImportedCertificateButton, SIGNAL(clicked(bool)), SLOT(trustSelectedCertificates()));
connect(m_ui->askImportedCertificateButton, SIGNAL(clicked(bool)), SLOT(askSelectedCertificates()));
connect(m_ui->untrustImportedCertificateButton, SIGNAL(clicked(bool)), SLOT(untrustSelectedCertificates()));
connect(m_ui->removeImportedCertificateButton, SIGNAL(clicked(bool)), SLOT(removeSelectedCertificates()));
}
@ -79,11 +80,11 @@ void SettingsWidgetKeeShare::updateForeignCertificates()
for (const auto& scopedCertificate : m_foreign.certificates) {
const auto items = QList<QStandardItem*>()
<< new QStandardItem(scopedCertificate.path)
<< new QStandardItem(scopedCertificate.trusted ? tr("Trusted") : tr("Untrusted"))
<< new QStandardItem(scopedCertificate.trust == KeeShareSettings::Trust::Ask ? tr("Ask")
: (scopedCertificate.trust == KeeShareSettings::Trust::Trusted ? tr("Trusted")
: tr("Untrusted")))
#if defined(WITH_XC_KEESHARE_SECURE)
<< new QStandardItem(scopedCertificate.isKnown()
? scopedCertificate.certificate.signer
: tr("Unknown"))
<< new QStandardItem(scopedCertificate.isKnown() ? scopedCertificate.certificate.signer : tr("Unknown"))
<< new QStandardItem(scopedCertificate.certificate.fingerprint())
<< new QStandardItem(scopedCertificate.certificate.publicKey())
#endif
@ -194,7 +195,18 @@ void SettingsWidgetKeeShare::trustSelectedCertificates()
const auto* selectionModel = m_ui->importedCertificateTableView->selectionModel();
Q_ASSERT(selectionModel);
for (const auto& index : selectionModel->selectedRows()) {
m_foreign.certificates[index.row()].trusted = true;
m_foreign.certificates[index.row()].trust = KeeShareSettings::Trust::Trusted;
}
updateForeignCertificates();
}
void SettingsWidgetKeeShare::askSelectedCertificates()
{
const auto* selectionModel = m_ui->importedCertificateTableView->selectionModel();
Q_ASSERT(selectionModel);
for (const auto& index : selectionModel->selectedRows()) {
m_foreign.certificates[index.row()].trust = KeeShareSettings::Trust::Ask;
}
updateForeignCertificates();
@ -205,7 +217,7 @@ void SettingsWidgetKeeShare::untrustSelectedCertificates()
const auto* selectionModel = m_ui->importedCertificateTableView->selectionModel();
Q_ASSERT(selectionModel);
for (const auto& index : selectionModel->selectedRows()) {
m_foreign.certificates[index.row()].trusted = false;
m_foreign.certificates[index.row()].trust = KeeShareSettings::Trust::Untrusted;
}
updateForeignCertificates();

1
src/keeshare/SettingsWidgetKeeShare.h
View File

@ -55,6 +55,7 @@ private slots:
void exportCertificate();
void trustSelectedCertificates();
void askSelectedCertificates();
void untrustSelectedCertificates();
void removeSelectedCertificates();

9
src/keeshare/SettingsWidgetKeeShare.ui
View File

@ -7,7 +7,7 @@
<x>0</x>
<y>0</y>
<width>327</width>
<height>423</height>
<height>434</height>
</rect>
</property>
<layout class="QVBoxLayout" name="verticalLayout" stretch="0,0,0,0">
@ -210,6 +210,13 @@
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="askImportedCertificateButton">
<property name="text">
<string>Ask</string>
</property>
</widget>
</item>
<item>
<widget class="QPushButton" name="untrustImportedCertificateButton">
<property name="text">

22
src/keeshare/ShareObserver.cpp
View File

@ -92,22 +92,22 @@ QPair<Trust, KeeShareSettings::Certificate> check(QByteArray& data,
}
enum Scope { Invalid, Global, Local };
Scope scope = Invalid;
bool trusted = false;
KeeShareSettings::Trust trusted = KeeShareSettings::Trust::Ask;
for (const auto& scopedCertificate : knownCertificates) {
if (scopedCertificate.certificate.key == certificate.key && scopedCertificate.path == reference.path) {
// Global scope is overwritten by local scope
scope = Global;
trusted = scopedCertificate.trusted;
trusted = scopedCertificate.trust;
}
if (scopedCertificate.certificate.key == certificate.key && scopedCertificate.path == reference.path) {
scope = Local;
trusted = scopedCertificate.trusted;
trusted = scopedCertificate.trust;
break;
}
}
if (scope != Invalid){
if (scope != Invalid && trusted != KeeShareSettings::Trust::Ask){
// we introduce now scopes if there is a global
return {trusted ? TrustedForever : UntrustedForever, certificate};
return {trusted == KeeShareSettings::Trust::Trusted ? TrustedForever : UntrustedForever, certificate};
}
QMessageBox warning;
@ -352,12 +352,12 @@ ShareObserver::Result ShareObserver::importSecureContainerInto(const KeeShareSet
case UntrustedForever:
case TrustedForever: {
bool found = false;
bool trusted = trust.first == TrustedForever;
const auto trusted = trust.first == TrustedForever ? KeeShareSettings::Trust::Trusted : KeeShareSettings::Trust::Untrusted;
for (KeeShareSettings::ScopedCertificate& scopedCertificate : foreign.certificates) {
if (scopedCertificate.certificate.key == trust.second.key && scopedCertificate.path == reference.path) {
scopedCertificate.certificate.signer = trust.second.signer;
scopedCertificate.path = reference.path;
scopedCertificate.trusted = trusted;
scopedCertificate.trust = trusted;
found = true;
}
}
@ -366,7 +366,7 @@ ShareObserver::Result ShareObserver::importSecureContainerInto(const KeeShareSet
// we need to update with the new signer
KeeShare::setForeign(foreign);
}
if (trusted) {
if (trust.first == TrustedForever) {
qDebug("Synchronize %s %s with %s",
qPrintable(reference.path),
qPrintable(targetGroup->name()),
@ -435,12 +435,12 @@ ShareObserver::Result ShareObserver::importInsecureContainerInto(const KeeShareS
case UntrustedForever:
case TrustedForever: {
bool found = false;
bool trusted = trust.first == TrustedForever;
const auto trusted = trust.first == TrustedForever ? KeeShareSettings::Trust::Trusted : KeeShareSettings::Trust::Untrusted;
for (KeeShareSettings::ScopedCertificate& scopedCertificate : foreign.certificates) {
if (scopedCertificate.certificate.key == trust.second.key && scopedCertificate.path == reference.path) {
scopedCertificate.certificate.signer = trust.second.signer;
scopedCertificate.path = reference.path;
scopedCertificate.trusted = trusted;
scopedCertificate.trust = trusted;
found = true;
}
}
@ -449,7 +449,7 @@ ShareObserver::Result ShareObserver::importInsecureContainerInto(const KeeShareS
// we need to update with the new signer
KeeShare::setForeign(foreign);
}
if (trusted) {
if (trust.first == TrustedForever) {
qDebug("Synchronize %s %s with %s",
qPrintable(reference.path),
qPrintable(targetGroup->name()),

18
tests/TestSharing.cpp
View File

@ -41,6 +41,7 @@ QTEST_GUILESS_MAIN(TestSharing)
Q_DECLARE_METATYPE(KeeShareSettings::Type)
Q_DECLARE_METATYPE(KeeShareSettings::Key)
Q_DECLARE_METATYPE(KeeShareSettings::Certificate)
Q_DECLARE_METATYPE(KeeShareSettings::Trust)
Q_DECLARE_METATYPE(KeeShareSettings::ScopedCertificate)
Q_DECLARE_METATYPE(QList<KeeShareSettings::ScopedCertificate>)
@ -140,7 +141,7 @@ void TestSharing::testNullObjects()
void TestSharing::testCertificateSerialization()
{
QFETCH(bool, trusted);
QFETCH(KeeShareSettings::Trust, trusted);
const OpenSSHKey& key = stubkey();
KeeShareSettings::ScopedCertificate original;
original.path = "/path";
@ -149,7 +150,7 @@ void TestSharing::testCertificateSerialization()
OpenSSHKey::serializeToBinary(OpenSSHKey::Public, key),
"Some <!> &#_\"\" weird string"
};
original.trusted = trusted;
original.trust = trusted;
QString buffer;
QXmlStreamWriter writer(&buffer);
@ -165,7 +166,7 @@ void TestSharing::testCertificateSerialization()
QCOMPARE(restored.certificate.key, original.certificate.key);
QCOMPARE(restored.certificate.signer, original.certificate.signer);
QCOMPARE(restored.trusted, original.trusted);
QCOMPARE(restored.trust, original.trust);
QCOMPARE(restored.path, original.path);
QCOMPARE(restored.certificate.sshKey().publicParts(), key.publicParts());
@ -173,9 +174,10 @@ void TestSharing::testCertificateSerialization()
void TestSharing::testCertificateSerialization_data()
{
QTest::addColumn<bool>("trusted");
QTest::newRow("Trusted") << true;
QTest::newRow("Untrusted") << false;
QTest::addColumn<KeeShareSettings::Trust>("trusted");
QTest::newRow("Ask") << KeeShareSettings::Trust::Ask;
QTest::newRow("Trusted") << KeeShareSettings::Trust::Trusted;
QTest::newRow("Untrusted") << KeeShareSettings::Trust::Untrusted;
}
void TestSharing::testKeySerialization()
@ -280,7 +282,7 @@ void TestSharing::testSettingsSerialization_data()
OpenSSHKey::serializeToBinary(OpenSSHKey::Public, sshKey0),
"Some <!> &#_\"\" weird string"
};
certificate0.trusted = true;
certificate0.trust = KeeShareSettings::Trust::Trusted;
KeeShareSettings::Key key0;
key0.key = OpenSSHKey::serializeToBinary(OpenSSHKey::Private, sshKey0);
@ -293,7 +295,7 @@ void TestSharing::testSettingsSerialization_data()
OpenSSHKey::serializeToBinary(OpenSSHKey::Public, sshKey1),
"Another "
};
certificate1.trusted = false;
certificate1.trust = KeeShareSettings::Trust::Untrusted;
QTest::addColumn<bool>("importing");
QTest::addColumn<bool>("exporting");