From f5ce791246394ee098ee824d034a0b1d497dea96 Mon Sep 17 00:00:00 2001 From: Marco Martin Date: Thu, 27 Feb 2014 13:19:00 +0100 Subject: [PATCH] Qt5::Network not used anymore --- src/plasma/CMakeLists.txt | 3 +- src/plasma/remote/authorizationmanager.cpp | 318 --------------------- src/plasma/remote/authorizationmanager.h | 124 -------- src/plasma/remote/credentials.cpp | 305 -------------------- src/plasma/remote/credentials.h | 135 --------- 5 files changed, 1 insertion(+), 884 deletions(-) delete mode 100644 src/plasma/remote/authorizationmanager.cpp delete mode 100644 src/plasma/remote/authorizationmanager.h delete mode 100644 src/plasma/remote/credentials.cpp delete mode 100644 src/plasma/remote/credentials.h diff --git a/src/plasma/CMakeLists.txt b/src/plasma/CMakeLists.txt index 0caeaa2cb..34d546445 100644 --- a/src/plasma/CMakeLists.txt +++ b/src/plasma/CMakeLists.txt @@ -114,14 +114,13 @@ PUBLIC KF5::ConfigWidgets # KConfigSkeleton KF5::Service # For kplugininfo.h and kservice.h PRIVATE - Qt5::Network Qt5::Sql Qt5::Quick # needed in service.cpp, remove? Qt5::Svg Qt5::DBus Qt5::Xml KF5::Archive - KF5::GuiAddons + KF5::GuiAddons #kimagecache KF5::IconThemes KF5::I18n KF5::KIOCore diff --git a/src/plasma/remote/authorizationmanager.cpp b/src/plasma/remote/authorizationmanager.cpp deleted file mode 100644 index 27d69fd4e..000000000 --- a/src/plasma/remote/authorizationmanager.cpp +++ /dev/null @@ -1,318 +0,0 @@ -/* - * Copyright 2009 by Rob Scheepmaker - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, - * Boston, MA 02110-1301 USA - */ - -#include "authorizationmanager.h" -#include "authorizationmanager_p.h" - -#include "authorizationinterface.h" -#include "authorizationrule.h" -#include "authorizationrule_p.h" -#include "denyallauthorization_p.h" -#include "credentials.h" -#include "pinpairingauthorization_p.h" -#include "service.h" -#include "servicejob.h" -#include "trustedonlyauthorization_p.h" - -#include "private/joliemessagehelper_p.h" - -#include -#include -#include -#include -#include - -#include - -#include -#include - -#include -#include -#include -#include - -#include - -namespace Plasma -{ - -class AuthorizationManagerSingleton -{ - public: - AuthorizationManager self; -}; - -Q_GLOBAL_STATIC(AuthorizationManagerSingleton, privateAuthorizationManagerSelf) - -AuthorizationManager *AuthorizationManager::self() -{ - return &privateAuthorizationManagerSelf()->self; -} - -AuthorizationManager::AuthorizationManager() - : QObject(), - d(new AuthorizationManagerPrivate(this)) -{ - qRegisterMetaTypeStreamOperators("Plasma::Credentials"); -} - -AuthorizationManager::~AuthorizationManager() -{ - delete d; -} - -void AuthorizationManager::setAuthorizationPolicy(AuthorizationPolicy policy) -{ - if (d->locked) { -#ifndef NDEBUG - // qDebug() << "Can't change AuthorizationPolicy: interface locked."; -#endif - return; - } - - if (policy == d->authorizationPolicy) { - return; - } - - d->authorizationPolicy = policy; - - if (d->authorizationInterface != d->customAuthorizationInterface) { - delete d->authorizationInterface; - } - - switch (policy) { - case DenyAll: - d->authorizationInterface = new DenyAllAuthorization(); - break; - case PinPairing: - d->authorizationInterface = new PinPairingAuthorization(); - break; - case TrustedOnly: - d->authorizationInterface = new TrustedOnlyAuthorization(); - break; - case Custom: - d->authorizationInterface = d->customAuthorizationInterface; - break; - } - - d->locked = true; -} - -void AuthorizationManager::setAuthorizationInterface(AuthorizationInterface *interface) -{ - if (d->authorizationInterface) { -#ifndef NDEBUG - // qDebug() << "Can't change AuthorizationInterface: interface locked."; -#endif - return; - } - - delete d->customAuthorizationInterface; - d->customAuthorizationInterface = interface; - - if (d->authorizationPolicy == Custom) { - d->authorizationInterface = interface; - } -} - -AuthorizationManagerPrivate::AuthorizationManagerPrivate(AuthorizationManager *manager) - : q(manager), - server(0), - authorizationPolicy(AuthorizationManager::DenyAll), - authorizationInterface(new DenyAllAuthorization()), - customAuthorizationInterface(0), - rulesConfig(KSharedConfig::openConfig("/etc/plasma-remotewidgets.conf")->group("Rules")), - locked(false) -{ -} - -AuthorizationManagerPrivate::~AuthorizationManagerPrivate() -{ - delete authorizationInterface; - delete customAuthorizationInterface; - delete server; -} - -void AuthorizationManagerPrivate::prepareForServiceAccess() -{ - if (myCredentials.isValid()) { - return; - } - - wallet = KWallet::Wallet::openWallet("kdewallet", 0, KWallet::Wallet::Asynchronous); - q->connect(wallet, SIGNAL(walletOpened(bool)), q, SLOT(slotWalletOpened())); - QTimer::singleShot(0, q, SLOT(slotLoadRules())); -} - -void AuthorizationManagerPrivate::prepareForServicePublication() -{ - if (!server) { - server = new Jolie::Server(4000); - } -} - -void AuthorizationManagerPrivate::saveRules() -{ -#ifndef NDEBUG - // qDebug() << "SAVE RULES"; -#endif - - QTemporaryFile tempFile; - tempFile.open(); - tempFile.setAutoRemove(false); - KConfigGroup rulesGroup = KSharedConfig::openConfig(tempFile.fileName())->group("Rules"); - - int i = 0; - foreach (AuthorizationRule *rule, rules) { - if (rule->persistence() == AuthorizationRule::Persistent) { -#ifndef NDEBUG - // qDebug() << "adding rule " << i; -#endif - rulesGroup.group(QString::number(i)).writeEntry("CredentialsID", rule->credentials().id()); - rulesGroup.group(QString::number(i)).writeEntry("serviceName", rule->serviceName()); - rulesGroup.group(QString::number(i)).writeEntry("Policy", (uint)rule->policy()); - rulesGroup.group(QString::number(i)).writeEntry("Targets", (uint)rule->targets()); - rulesGroup.group(QString::number(i)).writeEntry("Persistence", (uint)rule->persistence()); - i++; - } - } - rulesGroup.sync(); - tempFile.close(); - -#ifndef NDEBUG - // qDebug() << "tempfile = " << tempFile.fileName(); -#endif - - KAuth::Action action("org.kde.kcontrol.kcmremotewidgets.save"); - action.addArgument("source", tempFile.fileName()); - action.addArgument("filename", "/etc/plasma-remotewidgets.conf"); - KAuth::ExecuteJob *job = action.execute(); - - if (!job->exec()) { -#ifndef NDEBUG - // qDebug() << "KAuth failed.... YOU SUCK!"; -#endif - } -} - -void AuthorizationManagerPrivate::slotWalletOpened() -{ - QByteArray identity; - - if (!wallet->readEntry("Credentials", identity)) { -#ifndef NDEBUG - // qDebug() << "Existing identity found"; -#endif - QDataStream stream(&identity, QIODevice::ReadOnly); - stream >> myCredentials; - } - - if (!myCredentials.isValid()) { -#ifndef NDEBUG - // qDebug() << "Creating a new identity"; -#endif - myCredentials = Credentials::createCredentials(QHostInfo::localHostName()); - QDataStream stream(&identity, QIODevice::WriteOnly); - stream << myCredentials; - wallet->writeEntry("Credentials", identity); - } - - emit q->readyForRemoteAccess(); -} - -void AuthorizationManagerPrivate::slotLoadRules() -{ - foreach (const QString &groupName, rulesConfig.groupList()) { - QString identityID = rulesConfig.group(groupName).readEntry("CredentialsID", ""); - QString serviceName = rulesConfig.group(groupName).readEntry("serviceName", ""); - uint policy = rulesConfig.group(groupName).readEntry("Policy", 0); - uint targets = rulesConfig.group(groupName).readEntry("Targets", 0); - uint persistence = rulesConfig.group(groupName).readEntry("Persistence", 0); - //Credentials storedCredentials = identities[identityID]; - if (serviceName.isEmpty()) { -#ifndef NDEBUG - // qDebug() << "Invalid rule"; -#endif - } else { - AuthorizationRule *rule = new AuthorizationRule(serviceName, identityID); - rule->setPolicy(static_cast(policy)); - rule->setTargets(static_cast(targets)); - rule->setPersistence(static_cast(persistence)); - rules.append(rule); - } - } -} - -AuthorizationRule *AuthorizationManagerPrivate::matchingRule(const QString &serviceName, - const Credentials &identity) const -{ - AuthorizationRule *matchingRule = 0; - foreach (AuthorizationRule *rule, rules) { - if (rule->d->matches(serviceName, identity.id())) { - //a message can have multiple matching rules, consider priorities: the more specific the - //rule is, the higher it's priority - if (!matchingRule) { - matchingRule = rule; - } else { - if (!matchingRule->targets().testFlag(AuthorizationRule::AllServices) && - !matchingRule->targets().testFlag(AuthorizationRule::AllUsers)) { - matchingRule = rule; - } - } - } - } - - if (!matchingRule) { -#ifndef NDEBUG - // qDebug() << "no matching rule"; -#endif - } else { -#ifndef NDEBUG - // qDebug() << "matching rule found: " << matchingRule->description(); -#endif - } - return matchingRule; -} - -Credentials AuthorizationManagerPrivate::getCredentials(const QString &id) -{ - if (identities.contains(id)) { - return identities[id]; - } else { - return Credentials(); - } -} - -void AuthorizationManagerPrivate::addCredentials(const Credentials &identity) -{ - if (identities.contains(identity.id())) { - return; - } else if (identity.isValid()) { -#ifndef NDEBUG - // qDebug() << "Adding a new identity for " << identity.id(); -#endif - identities[identity.id()] = identity; - } -} - -} // Plasma namespace - - -#include "moc_authorizationmanager.cpp" diff --git a/src/plasma/remote/authorizationmanager.h b/src/plasma/remote/authorizationmanager.h deleted file mode 100644 index 2661568ee..000000000 --- a/src/plasma/remote/authorizationmanager.h +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Copyright 2009 by Rob Scheepmaker - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, - * Boston, MA 02110-1301 USA - */ - -#ifndef PLASMA_AUTHORIZATIONMANAGER_H -#define PLASMA_AUTHORIZATIONMANAGER_H - -#include "plasma_export.h" - -#include - -class QString; - -namespace Plasma -{ - -class AuthorizationInterface; -class AuthorizationManagerPrivate; -class ServiceAccessJob; -class ServiceJob; - -/** - * @class AuthorizationManager plasma/authorizationmanager.h - * - * @short Allows authorization of access to plasma services. - * - * This is the class where every message to or from another machine passes through. - * It's responsibilities are: - * - creating/keeping a credentials used for message signing. - * - verifying credentials of incoming messages. - * - testing whether or not the sender is allowed to access the requested resource by testing the - * request to a set of rules. - * - allowing the shell to respond to a remote request that doesn't match any of the rules that - * are in effect. - * Besides internal use in libplasma, the only moment you'll need to access this class is when you - * implement a plasma shell. - * - * @since 4.4 - */ -class PLASMA_EXPORT AuthorizationManager : public QObject -{ - Q_OBJECT - - public: - enum AuthorizationPolicy { - DenyAll= 0, /** < Don't allow any incoming connections */ - TrustedOnly= 1, /**< Standard PIN pairing for untrusted connections */ - PinPairing= 2, /** < Only allow connections from trusted machines */ - Custom= 256 /** < Specify a custom AuthorizationInterface */ - }; - - /** - * Singleton pattern accessor. - */ - static AuthorizationManager *self(); - - /** - * Set a policy used for authorizing incoming connections. You can either use one of the - * included policies, Default is to deny all incoming connections. This can only be set - * once to avoid that malicious plugins can change this. This means that you should ALWAYS - * call this function in any plasma shell, even if you like to use the default DenyAll - * policy. - */ - void setAuthorizationPolicy(AuthorizationPolicy policy); - - /** - * Register an implementation of AuthorizationInterface. Use this to make your shell - * handle authorization requests. This can only be set once to avoid that malicious plugins - * can change this. - */ - void setAuthorizationInterface(AuthorizationInterface *interface); - - Q_SIGNALS: - /** - * fires when the AuthorizationManager is ready for accesssing remote plasmoids, meaning the - * private key has been unlocked by the user. - */ - void readyForRemoteAccess(); - - private: - AuthorizationManager(); - ~AuthorizationManager(); - - AuthorizationManagerPrivate *const d; - - Q_PRIVATE_SLOT(d, void slotLoadRules()) - Q_PRIVATE_SLOT(d, void slotWalletOpened()) - - friend class AccessManager; - friend class AuthorizationManagerPrivate; - friend class AuthorizationManagerSingleton; - friend class AuthorizationRule; - friend class AuthorizationRulePrivate; - friend class Applet; - friend class AppletPrivate; - friend class Credentials; - friend class DataEngine; - friend class GetSource; - friend class PackagePrivate; - friend class PlasmoidServiceJob; - friend class RemoteService; - friend class RemoteServiceJob; - friend class ServicePrivate; - friend class ServiceProvider; -}; -} // Plasma namespace - -#endif - diff --git a/src/plasma/remote/credentials.cpp b/src/plasma/remote/credentials.cpp deleted file mode 100644 index 3ebe9bcd0..000000000 --- a/src/plasma/remote/credentials.cpp +++ /dev/null @@ -1,305 +0,0 @@ -/* - * Copyright © 2009 Rob Scheepmaker - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU Library General Public License version 2 as - * published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details - * - * You should have received a copy of the GNU Library General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ - -#include "credentials.h" -#include "config-plasma.h" - -#include -#include - -#if ENABLE_REMOTE_WIDGETS -#include -#endif - -#include -#include - -#include "authorizationmanager.h" - -#define REQUIRED_FEATURES "rsa,sha1,pkey" - -namespace Plasma { - -class CredentialsPrivate { -public: - CredentialsPrivate() - { - } - - CredentialsPrivate(const QString &id, const QString &name, - const QString &pemKey, bool isPrivateKey) - : id(id), - name(name) - { - #if ENABLE_REMOTE_WIDGETS - if (!QCA::isSupported(REQUIRED_FEATURES)) { - qWarning() << "QCA doesn't support " << REQUIRED_FEATURES; - return; - } - - if (isPrivateKey) { - privateKey = QCA::PrivateKey::fromPEM(pemKey); - publicKey = privateKey.toPublicKey(); - } else { - publicKey = QCA::PublicKey::fromPEM(pemKey); - } - #endif - } - - ~CredentialsPrivate() - { - } - - QString id; - QString name; - -#if ENABLE_REMOTE_WIDGETS - QCA::PublicKey publicKey; - QCA::PrivateKey privateKey; -#endif -}; - -Credentials::Credentials(const QString &id, const QString &name, - const QString &key, bool isPrivateKey) - : d(new CredentialsPrivate(id, name, key, isPrivateKey)) -{ -} - -Credentials::Credentials() - : d(new CredentialsPrivate()) -{ -} - -Credentials::Credentials(const Credentials &other) - : d(new CredentialsPrivate()) -{ - *d = *other.d; -} - -Credentials::~Credentials() -{ - delete d; -} - -Credentials &Credentials::operator=(const Credentials &other) -{ - *d = *other.d; - return *this; -} - -Credentials Credentials::createCredentials(const QString &name) -{ -#if ENABLE_REMOTE_WIDGETS - if (!QCA::isSupported(REQUIRED_FEATURES)) { - qWarning() << "QCA doesn't support " << REQUIRED_FEATURES; - return Credentials(); - } - - QCA::KeyGenerator generator; - QCA::PrivateKey key = generator.createRSA(2048); - QString pemKey(key.toPublicKey().toPEM()); - QString id = QCryptographicHash::hash(pemKey.toLatin1(), QCryptographicHash::Sha1); - return Credentials(id, name, key.toPEM(), true); -#else - return Credentials(); -#endif -} - -TrustLevel Credentials::trustLevel() const -{ - /** - QString pemFile = KStandardDirs::locate("trustedkeys", id()); - - if (!pemFile.isEmpty()) { - QCA::PublicKey pubKey = QCA::PublicKey::fromPEMFile(pemFile); - if (pubKey == d->publicKey) { - return true; - } - } - */ - //Trust no one ;) - return UnknownTrusted; -} - -bool Credentials::isValid() const -{ -#if ENABLE_REMOTE_WIDGETS - if (!QCA::isSupported(REQUIRED_FEATURES)) { - qWarning() << "QCA doesn't support " << REQUIRED_FEATURES; - return false; - } - - if (d->publicKey.isNull()) { - return false; - } else { - QString id = QCryptographicHash::hash(d->publicKey.toPEM().toLatin1(), QCryptographicHash::Sha1); - return (id == d->id); - } -#else -#ifndef NDEBUG - // qDebug() << "libplasma is compiled without support for remote widgets. Key invalid."; -#endif - return false; -#endif -} - -QString Credentials::name() const -{ - return d->name; -} - -QString Credentials::id() const -{ - return d->id; -} - -bool Credentials::isValidSignature(const QByteArray &signature, const QByteArray &payload) -{ -#if ENABLE_REMOTE_WIDGETS - if (!QCA::isSupported(REQUIRED_FEATURES)) { - qWarning() << "QCA doesn't support " << REQUIRED_FEATURES; - return false; - } - - if (d->publicKey.canVerify()) { - if (!isValid()) { -#ifndef NDEBUG - // qDebug() << "Key is null?"; -#endif - } - QCA::PublicKey publicKey = QCA::PublicKey::fromPEM(d->publicKey.toPEM()); - publicKey.startVerify( QCA::EMSA3_MD5 ); - publicKey.update(payload); - return ( publicKey.validSignature( signature ) ); - } else { -#ifndef NDEBUG - // qDebug() << "Can't verify?"; -#endif - return false; - } -#else - return false; -#endif -} - -bool Credentials::canSign() const -{ -#if ENABLE_REMOTE_WIDGETS - if (!QCA::isSupported(REQUIRED_FEATURES)) { - qWarning() << "QCA doesn't support " << REQUIRED_FEATURES; - return false; - } - - return d->privateKey.canSign(); -#else - return false; -#endif -} - -QByteArray Credentials::signMessage(const QByteArray &message) -{ -#if ENABLE_REMOTE_WIDGETS - if(!QCA::isSupported(REQUIRED_FEATURES)) { -#ifndef NDEBUG - // qDebug() << "RSA not supported"; -#endif - return QByteArray(); - } else if (canSign()) { - //QCA::PrivateKey privateKey = QCA::PrivateKey::fromPEM(d->privateKey.toPEM()); - d->privateKey.startSign( QCA::EMSA3_MD5 ); - d->privateKey.update( message ); - QByteArray signature = d->privateKey.signature(); - return signature; - } else { - return QByteArray(); - } -#else - return QByteArray(); -#endif -} - -Credentials Credentials::toPublicCredentials() const -{ -#if ENABLE_REMOTE_WIDGETS - Credentials result(*this); - result.d->privateKey = QCA::PrivateKey(); - return result; -#else - return Credentials(); -#endif -} - -QDataStream &operator<<(QDataStream &out, const Credentials &myObj) -{ -#if ENABLE_REMOTE_WIDGETS - if (!QCA::isSupported(REQUIRED_FEATURES)) { - qWarning() << "QCA doesn't support " << REQUIRED_FEATURES; - return out; - } - - QString privateKeyPem; - QString publicKeyPem; - - if (!myObj.d->privateKey.isNull()) { - privateKeyPem = myObj.d->privateKey.toPEM(); - } - if (!myObj.d->publicKey.isNull()) { - publicKeyPem = myObj.d->publicKey.toPEM(); - } - - out << 1 << myObj.d->id << myObj.d->name << privateKeyPem << publicKeyPem; -#endif - - return out; -} - -QDataStream &operator>>(QDataStream &in, Credentials &myObj) -{ -#if ENABLE_REMOTE_WIDGETS - if (!QCA::isSupported(REQUIRED_FEATURES)) { - qWarning() << "QCA doesn't support " << REQUIRED_FEATURES; - return in; - } - - QString privateKeyString; - QString publicKeyString; - uint version; - - in >> version >> myObj.d->id >> myObj.d->name >> privateKeyString >> publicKeyString; - QCA::ConvertResult conversionResult; - - if (!privateKeyString.isEmpty()) { - myObj.d->privateKey = QCA::PrivateKey::fromPEM(privateKeyString, - QByteArray(), &conversionResult); - } - - if (!publicKeyString.isEmpty()) { - myObj.d->publicKey = QCA::PublicKey::fromPEM(publicKeyString, &conversionResult); - } - - if (conversionResult != QCA::ConvertGood) { -#ifndef NDEBUG - // qDebug() << "Unsuccessfull conversion of key?"; -#endif - } -#endif - - return in; -} - -} diff --git a/src/plasma/remote/credentials.h b/src/plasma/remote/credentials.h deleted file mode 100644 index 1a12dade0..000000000 --- a/src/plasma/remote/credentials.h +++ /dev/null @@ -1,135 +0,0 @@ -/* - * Copyright © 2009 Rob Scheepmaker - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU Library General Public License version 2 as - * published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details - * - * You should have received a copy of the GNU Library General Public - * License along with this program; if not, write to the - * Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - */ - -#ifndef CREDENTIALS_H -#define CREDENTIALS_H - -#include "plasma.h" - -#include -#include -#include - -namespace Plasma { - -class CredentialsPrivate; - -/** - * @class Credentials plasma/credentials.h - * - * This class encapsules someone's identity. - * It contains a unique id that identifies the machine an incoming connection is coming from, it's - * name (which is not necesarily unique and/or trusted), a public key used to validate messages - * coming from the machine with this identity, and in the future the possibility to determine - * whether or not this identity can be trusted based on mechanisms different then pin pairing, e.g. - * a signature of the key that can be verified by a gpg trusted key. - */ -class Credentials -{ -public: - /** - * Default constructor. - */ - Credentials(); - - /** - * Copy constructor. - */ - Credentials(const Credentials &other); - - ~Credentials(); - - Credentials &operator=(const Credentials &other); - - /** - * Create a new identity with a new set of random public/private keys. - */ - static Credentials createCredentials(const QString &name); - - /** - * @return whether or not this identity can be trusted based on e.g. having the key signed with - * a trusted GPG key (not yet implemented) or having the key in a designated folder on disk - * (about to be impl.). If this function returns false, your shell should always instatiate - * pin pairing before allowing a connection from an untrusted source - * (AuthorizationRule::PinRequired flag should be set on the rule with setRules). - */ - TrustLevel trustLevel() const; - - /** - * @return whether or not this is a null identity or an invalid one (hash of key doesn't match - * id). Maybe isValid() is a better name? - */ - bool isValid() const; - - /** - * @return the name of this identity. There's however no guarantee that if the name returns e.g. - * "Santa Claus", this message is actually from Mr. Claus, except if trustLevel returns a - * sufficiently high trust level. - */ - QString name() const; - - /** - * @return an id to identify this identity. I use a Hash of the public key as ID. This way we - * don't have to send the complete public key with every message. - */ - QString id() const; - - /** - * @return whether or not @p signature is correct for @p message. - */ - bool isValidSignature(const QByteArray &signature, const QByteArray &message); - - /** - * @return whether or not this identity can be used for signing a message (whether or not it - * includes a public key) - */ - bool canSign() const; - - /** - * @return the signature for the message. - */ - QByteArray signMessage(const QByteArray &message); - - /** - * @return a Credentials stripped from any private key, so you can be sure it is save to send to - * somebody. - */ - Credentials toPublicCredentials() const; - - friend QDataStream &operator<<(QDataStream &, const Credentials &); - friend QDataStream &operator>>(QDataStream &, Credentials &); - -private: - Credentials(const QString &id, const QString &name, const QString &key, - bool privateKey = false); - - CredentialsPrivate *const d; - - friend class AuthorizationManagerPrivate; - friend class CredentialsPrivate; -}; - -/** - * Streaming operators for sending/storing identities. - */ -QDataStream &operator<<(QDataStream &, const Credentials &); -QDataStream &operator>>(QDataStream &, Credentials &); - -} - -#endif // IDENTITY_H