Git-Mirrors/keepassxc
1
0
Fork 0
mirror of https://github.com/keepassxreboot/keepassxc.git synced 2025-07-29 01:28:47 -04:00
Code Issues Projects Releases Packages Wiki Activity

Changed KeeShareSettings to explicitly ask

Browse source 
KeeShareSettings now allow to trust, untrust or ask on next import from
a specific publisher with a specific container
This commit is contained in:
Christian Kieschnick 2019-01-03 18:22:41 +01:00
parent 2e18388825
commit 3d02013513
7 changed files with 74 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/keeshare/KeeShareSettings.cpp
View file

@ -297,7 +297,7 @@ namespace KeeShareSettings
bool ScopedCertificate::operator==(const ScopedCertificate &other) const bool ScopedCertificate::operator==(const ScopedCertificate &other) const
{ {
return trusted == other.trusted && path == other.path && certificate == other.certificate; return trust == other.trust && path == other.path && certificate == other.certificate;
} }
bool ScopedCertificate::operator!=(const ScopedCertificate &other) const bool ScopedCertificate::operator!=(const ScopedCertificate &other) const
@ -308,7 +308,15 @@ namespace KeeShareSettings
void ScopedCertificate::serialize(QXmlStreamWriter& writer, const ScopedCertificate& scopedCertificate) void ScopedCertificate::serialize(QXmlStreamWriter& writer, const ScopedCertificate& scopedCertificate)
{ {
writer.writeAttribute("Path", scopedCertificate.path); writer.writeAttribute("Path", scopedCertificate.path);
writer.writeAttribute("Trusted", scopedCertificate.trusted ? "True" : "False"); if(scopedCertificate.trust == KeeShareSettings::Trust::Trusted) {
writer.writeAttribute("Trust", "Trusted");
}
else if(scopedCertificate.trust == KeeShareSettings::Trust::Untrusted){
writer.writeAttribute("Trust", "Untrusted");
}
else {
writer.writeAttribute("Trust", "Ask");
}
Certificate::serialize(writer, scopedCertificate.certificate); Certificate::serialize(writer, scopedCertificate.certificate);
} }
@ -316,7 +324,16 @@ namespace KeeShareSettings
{ {
ScopedCertificate scopedCertificate; ScopedCertificate scopedCertificate;
scopedCertificate.path = reader.attributes().value("Path").toString(); scopedCertificate.path = reader.attributes().value("Path").toString();
scopedCertificate.trusted = reader.attributes().value("Trusted") == "True"; auto trust = reader.attributes().value("Trusted").toString();
if(trust.compare("Trusted", Qt::CaseInsensitive)) {
scopedCertificate.trust = KeeShareSettings::Trust::Trusted;
}
if(trust.compare("Unrusted", Qt::CaseInsensitive)) {
scopedCertificate.trust = KeeShareSettings::Trust::Untrusted;
}
else {
scopedCertificate.trust = KeeShareSettings::Trust::Ask;
}
scopedCertificate.certificate = Certificate::deserialize(reader); scopedCertificate.certificate = Certificate::deserialize(reader);
return scopedCertificate; return scopedCertificate;
} }

7
src/keeshare/KeeShareSettings.h
View file

@ -99,11 +99,16 @@ namespace KeeShareSettings
static Own generate(); static Own generate();
}; };
enum class Trust {
Ask,
Untrusted,
Trusted
};
struct ScopedCertificate struct ScopedCertificate
{ {
QString path; QString path;
Certificate certificate; Certificate certificate;
bool trusted; Trust trust;
bool operator==(const ScopedCertificate& other) const; bool operator==(const ScopedCertificate& other) const;
bool operator!=(const ScopedCertificate& other) const; bool operator!=(const ScopedCertificate& other) const;

24
src/keeshare/SettingsWidgetKeeShare.cpp
View file

@ -46,6 +46,7 @@ SettingsWidgetKeeShare::SettingsWidgetKeeShare(QWidget* parent)
connect(m_ui->exportOwnCertificateButton, SIGNAL(clicked(bool)), SLOT(exportCertificate())); connect(m_ui->exportOwnCertificateButton, SIGNAL(clicked(bool)), SLOT(exportCertificate()));
connect(m_ui->trustImportedCertificateButton, SIGNAL(clicked(bool)), SLOT(trustSelectedCertificates())); connect(m_ui->trustImportedCertificateButton, SIGNAL(clicked(bool)), SLOT(trustSelectedCertificates()));
connect(m_ui->askImportedCertificateButton, SIGNAL(clicked(bool)), SLOT(askSelectedCertificates()));
connect(m_ui->untrustImportedCertificateButton, SIGNAL(clicked(bool)), SLOT(untrustSelectedCertificates())); connect(m_ui->untrustImportedCertificateButton, SIGNAL(clicked(bool)), SLOT(untrustSelectedCertificates()));
connect(m_ui->removeImportedCertificateButton, SIGNAL(clicked(bool)), SLOT(removeSelectedCertificates())); connect(m_ui->removeImportedCertificateButton, SIGNAL(clicked(bool)), SLOT(removeSelectedCertificates()));
} }
@ -79,11 +80,11 @@ void SettingsWidgetKeeShare::updateForeignCertificates()
for (const auto& scopedCertificate : m_foreign.certificates) { for (const auto& scopedCertificate : m_foreign.certificates) {
const auto items = QList<QStandardItem*>() const auto items = QList<QStandardItem*>()
<< new QStandardItem(scopedCertificate.path) << new QStandardItem(scopedCertificate.path)
<< new QStandardItem(scopedCertificate.trusted ? tr("Trusted") : tr("Untrusted")) << new QStandardItem(scopedCertificate.trust == KeeShareSettings::Trust::Ask ? tr("Ask")
: (scopedCertificate.trust == KeeShareSettings::Trust::Trusted ? tr("Trusted")
: tr("Untrusted")))
#if defined(WITH_XC_KEESHARE_SECURE) #if defined(WITH_XC_KEESHARE_SECURE)
<< new QStandardItem(scopedCertificate.isKnown() << new QStandardItem(scopedCertificate.isKnown() ? scopedCertificate.certificate.signer : tr("Unknown"))
? scopedCertificate.certificate.signer
: tr("Unknown"))
<< new QStandardItem(scopedCertificate.certificate.fingerprint()) << new QStandardItem(scopedCertificate.certificate.fingerprint())
<< new QStandardItem(scopedCertificate.certificate.publicKey()) << new QStandardItem(scopedCertificate.certificate.publicKey())
#endif #endif
@ -194,7 +195,18 @@ void SettingsWidgetKeeShare::trustSelectedCertificates()
const auto* selectionModel = m_ui->importedCertificateTableView->selectionModel(); const auto* selectionModel = m_ui->importedCertificateTableView->selectionModel();
Q_ASSERT(selectionModel); Q_ASSERT(selectionModel);
for (const auto& index : selectionModel->selectedRows()) { for (const auto& index : selectionModel->selectedRows()) {
m_foreign.certificates[index.row()].trusted = true; m_foreign.certificates[index.row()].trust = KeeShareSettings::Trust::Trusted;
}
updateForeignCertificates();
}
void SettingsWidgetKeeShare::askSelectedCertificates()
{
const auto* selectionModel = m_ui->importedCertificateTableView->selectionModel();
Q_ASSERT(selectionModel);
for (const auto& index : selectionModel->selectedRows()) {
m_foreign.certificates[index.row()].trust = KeeShareSettings::Trust::Ask;
} }
updateForeignCertificates(); updateForeignCertificates();
@ -205,7 +217,7 @@ void SettingsWidgetKeeShare::untrustSelectedCertificates()
const auto* selectionModel = m_ui->importedCertificateTableView->selectionModel(); const auto* selectionModel = m_ui->importedCertificateTableView->selectionModel();
Q_ASSERT(selectionModel); Q_ASSERT(selectionModel);
for (const auto& index : selectionModel->selectedRows()) { for (const auto& index : selectionModel->selectedRows()) {
m_foreign.certificates[index.row()].trusted = false; m_foreign.certificates[index.row()].trust = KeeShareSettings::Trust::Untrusted;
} }
updateForeignCertificates(); updateForeignCertificates();

1
src/keeshare/SettingsWidgetKeeShare.h
View file

@ -55,6 +55,7 @@ private slots:
void exportCertificate(); void exportCertificate();
void trustSelectedCertificates(); void trustSelectedCertificates();
void askSelectedCertificates();
void untrustSelectedCertificates(); void untrustSelectedCertificates();
void removeSelectedCertificates(); void removeSelectedCertificates();

9
src/keeshare/SettingsWidgetKeeShare.ui
View file

@ -7,7 +7,7 @@
<x>0</x> <x>0</x>
<y>0</y> <y>0</y>
<width>327</width> <width>327</width>
<height>423</height> <height>434</height>
</rect> </rect>
</property> </property>
<layout class="QVBoxLayout" name="verticalLayout" stretch="0,0,0,0"> <layout class="QVBoxLayout" name="verticalLayout" stretch="0,0,0,0">
@ -210,6 +210,13 @@
</property> </property>
</widget> </widget>
</item> </item>
<item>
<widget class="QPushButton" name="askImportedCertificateButton">
<property name="text">
<string>Ask</string>
</property>
</widget>
</item>
<item> <item>
<widget class="QPushButton" name="untrustImportedCertificateButton"> <widget class="QPushButton" name="untrustImportedCertificateButton">
<property name="text"> <property name="text">

22
src/keeshare/ShareObserver.cpp
View file

@ -92,22 +92,22 @@ QPair<Trust, KeeShareSettings::Certificate> check(QByteArray& data,
} }
enum Scope { Invalid, Global, Local }; enum Scope { Invalid, Global, Local };
Scope scope = Invalid; Scope scope = Invalid;
bool trusted = false; KeeShareSettings::Trust trusted = KeeShareSettings::Trust::Ask;
for (const auto& scopedCertificate : knownCertificates) { for (const auto& scopedCertificate : knownCertificates) {
if (scopedCertificate.certificate.key == certificate.key && scopedCertificate.path == reference.path) { if (scopedCertificate.certificate.key == certificate.key && scopedCertificate.path == reference.path) {
// Global scope is overwritten by local scope // Global scope is overwritten by local scope
scope = Global; scope = Global;
trusted = scopedCertificate.trusted; trusted = scopedCertificate.trust;
} }
if (scopedCertificate.certificate.key == certificate.key && scopedCertificate.path == reference.path) { if (scopedCertificate.certificate.key == certificate.key && scopedCertificate.path == reference.path) {
scope = Local; scope = Local;
trusted = scopedCertificate.trusted; trusted = scopedCertificate.trust;
break; break;
} }
} }
if (scope != Invalid){ if (scope != Invalid && trusted != KeeShareSettings::Trust::Ask){
// we introduce now scopes if there is a global // we introduce now scopes if there is a global
return {trusted ? TrustedForever : UntrustedForever, certificate}; return {trusted == KeeShareSettings::Trust::Trusted ? TrustedForever : UntrustedForever, certificate};
} }
QMessageBox warning; QMessageBox warning;
@ -352,12 +352,12 @@ ShareObserver::Result ShareObserver::importSecureContainerInto(const KeeShareSet
case UntrustedForever: case UntrustedForever:
case TrustedForever: { case TrustedForever: {
bool found = false; bool found = false;
bool trusted = trust.first == TrustedForever; const auto trusted = trust.first == TrustedForever ? KeeShareSettings::Trust::Trusted : KeeShareSettings::Trust::Untrusted;
for (KeeShareSettings::ScopedCertificate& scopedCertificate : foreign.certificates) { for (KeeShareSettings::ScopedCertificate& scopedCertificate : foreign.certificates) {
if (scopedCertificate.certificate.key == trust.second.key && scopedCertificate.path == reference.path) { if (scopedCertificate.certificate.key == trust.second.key && scopedCertificate.path == reference.path) {
scopedCertificate.certificate.signer = trust.second.signer; scopedCertificate.certificate.signer = trust.second.signer;
scopedCertificate.path = reference.path; scopedCertificate.path = reference.path;
scopedCertificate.trusted = trusted; scopedCertificate.trust = trusted;
found = true; found = true;
} }
} }
@ -366,7 +366,7 @@ ShareObserver::Result ShareObserver::importSecureContainerInto(const KeeShareSet
// we need to update with the new signer // we need to update with the new signer
KeeShare::setForeign(foreign); KeeShare::setForeign(foreign);
} }
if (trusted) { if (trust.first == TrustedForever) {
qDebug("Synchronize %s %s with %s", qDebug("Synchronize %s %s with %s",
qPrintable(reference.path), qPrintable(reference.path),
qPrintable(targetGroup->name()), qPrintable(targetGroup->name()),
@ -435,12 +435,12 @@ ShareObserver::Result ShareObserver::importInsecureContainerInto(const KeeShareS
case UntrustedForever: case UntrustedForever:
case TrustedForever: { case TrustedForever: {
bool found = false; bool found = false;
bool trusted = trust.first == TrustedForever; const auto trusted = trust.first == TrustedForever ? KeeShareSettings::Trust::Trusted : KeeShareSettings::Trust::Untrusted;
for (KeeShareSettings::ScopedCertificate& scopedCertificate : foreign.certificates) { for (KeeShareSettings::ScopedCertificate& scopedCertificate : foreign.certificates) {
if (scopedCertificate.certificate.key == trust.second.key && scopedCertificate.path == reference.path) { if (scopedCertificate.certificate.key == trust.second.key && scopedCertificate.path == reference.path) {
scopedCertificate.certificate.signer = trust.second.signer; scopedCertificate.certificate.signer = trust.second.signer;
scopedCertificate.path = reference.path; scopedCertificate.path = reference.path;
scopedCertificate.trusted = trusted; scopedCertificate.trust = trusted;
found = true; found = true;
} }
} }
@ -449,7 +449,7 @@ ShareObserver::Result ShareObserver::importInsecureContainerInto(const KeeShareS
// we need to update with the new signer // we need to update with the new signer
KeeShare::setForeign(foreign); KeeShare::setForeign(foreign);
} }
if (trusted) { if (trust.first == TrustedForever) {
qDebug("Synchronize %s %s with %s", qDebug("Synchronize %s %s with %s",
qPrintable(reference.path), qPrintable(reference.path),
qPrintable(targetGroup->name()), qPrintable(targetGroup->name()),

18
tests/TestSharing.cpp
View file

@ -41,6 +41,7 @@ QTEST_GUILESS_MAIN(TestSharing)
Q_DECLARE_METATYPE(KeeShareSettings::Type) Q_DECLARE_METATYPE(KeeShareSettings::Type)
Q_DECLARE_METATYPE(KeeShareSettings::Key) Q_DECLARE_METATYPE(KeeShareSettings::Key)
Q_DECLARE_METATYPE(KeeShareSettings::Certificate) Q_DECLARE_METATYPE(KeeShareSettings::Certificate)
Q_DECLARE_METATYPE(KeeShareSettings::Trust)
Q_DECLARE_METATYPE(KeeShareSettings::ScopedCertificate) Q_DECLARE_METATYPE(KeeShareSettings::ScopedCertificate)
Q_DECLARE_METATYPE(QList<KeeShareSettings::ScopedCertificate>) Q_DECLARE_METATYPE(QList<KeeShareSettings::ScopedCertificate>)
@ -140,7 +141,7 @@ void TestSharing::testNullObjects()
void TestSharing::testCertificateSerialization() void TestSharing::testCertificateSerialization()
{ {
QFETCH(bool, trusted); QFETCH(KeeShareSettings::Trust, trusted);
const OpenSSHKey& key = stubkey(); const OpenSSHKey& key = stubkey();
KeeShareSettings::ScopedCertificate original; KeeShareSettings::ScopedCertificate original;
original.path = "/path"; original.path = "/path";
@ -149,7 +150,7 @@ void TestSharing::testCertificateSerialization()
OpenSSHKey::serializeToBinary(OpenSSHKey::Public, key), OpenSSHKey::serializeToBinary(OpenSSHKey::Public, key),
"Some <!> &#_\"\" weird string" "Some <!> &#_\"\" weird string"
}; };
original.trusted = trusted; original.trust = trusted;
QString buffer; QString buffer;
QXmlStreamWriter writer(&buffer); QXmlStreamWriter writer(&buffer);
@ -165,7 +166,7 @@ void TestSharing::testCertificateSerialization()
QCOMPARE(restored.certificate.key, original.certificate.key); QCOMPARE(restored.certificate.key, original.certificate.key);
QCOMPARE(restored.certificate.signer, original.certificate.signer); QCOMPARE(restored.certificate.signer, original.certificate.signer);
QCOMPARE(restored.trusted, original.trusted); QCOMPARE(restored.trust, original.trust);
QCOMPARE(restored.path, original.path); QCOMPARE(restored.path, original.path);
QCOMPARE(restored.certificate.sshKey().publicParts(), key.publicParts()); QCOMPARE(restored.certificate.sshKey().publicParts(), key.publicParts());
@ -173,9 +174,10 @@ void TestSharing::testCertificateSerialization()
void TestSharing::testCertificateSerialization_data() void TestSharing::testCertificateSerialization_data()
{ {
QTest::addColumn<bool>("trusted"); QTest::addColumn<KeeShareSettings::Trust>("trusted");
QTest::newRow("Trusted") << true; QTest::newRow("Ask") << KeeShareSettings::Trust::Ask;
QTest::newRow("Untrusted") << false; QTest::newRow("Trusted") << KeeShareSettings::Trust::Trusted;
QTest::newRow("Untrusted") << KeeShareSettings::Trust::Untrusted;
} }
void TestSharing::testKeySerialization() void TestSharing::testKeySerialization()
@ -280,7 +282,7 @@ void TestSharing::testSettingsSerialization_data()
OpenSSHKey::serializeToBinary(OpenSSHKey::Public, sshKey0), OpenSSHKey::serializeToBinary(OpenSSHKey::Public, sshKey0),
"Some <!> &#_\"\" weird string" "Some <!> &#_\"\" weird string"
}; };
certificate0.trusted = true; certificate0.trust = KeeShareSettings::Trust::Trusted;
KeeShareSettings::Key key0; KeeShareSettings::Key key0;
key0.key = OpenSSHKey::serializeToBinary(OpenSSHKey::Private, sshKey0); key0.key = OpenSSHKey::serializeToBinary(OpenSSHKey::Private, sshKey0);
@ -293,7 +295,7 @@ void TestSharing::testSettingsSerialization_data()
OpenSSHKey::serializeToBinary(OpenSSHKey::Public, sshKey1), OpenSSHKey::serializeToBinary(OpenSSHKey::Public, sshKey1),
"Another " "Another "
}; };
certificate1.trusted = false; certificate1.trust = KeeShareSettings::Trust::Untrusted;
QTest::addColumn<bool>("importing"); QTest::addColumn<bool>("importing");
QTest::addColumn<bool>("exporting"); QTest::addColumn<bool>("exporting");