alecs/plasma-framework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Qt5::Network not used anymore

Browse Source
This commit is contained in:
Marco Martin 2014-02-27 13:19:00 +01:00
parent 9253bc1cf0
commit f5ce791246
5 changed files with 1 additions and 884 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/plasma/CMakeLists.txt
View File

@ -114,14 +114,13 @@ PUBLIC
KF5::ConfigWidgets # KConfigSkeleton KF5::ConfigWidgets # KConfigSkeleton
KF5::Service # For kplugininfo.h and kservice.h KF5::Service # For kplugininfo.h and kservice.h
PRIVATE PRIVATE
Qt5::Network
Qt5::Sql Qt5::Sql
Qt5::Quick # needed in service.cpp, remove? Qt5::Quick # needed in service.cpp, remove?
Qt5::Svg Qt5::Svg
Qt5::DBus Qt5::DBus
Qt5::Xml Qt5::Xml
KF5::Archive KF5::Archive
KF5::GuiAddons KF5::GuiAddons #kimagecache
KF5::IconThemes KF5::IconThemes
KF5::I18n KF5::I18n
KF5::KIOCore KF5::KIOCore

318
src/plasma/remote/authorizationmanager.cpp
View File

@ -1,318 +0,0 @@
/*
* Copyright 2009 by Rob Scheepmaker <r.scheepmaker@student.utwente.nl>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor,
* Boston, MA 02110-1301 USA
*/
#include "authorizationmanager.h"
#include "authorizationmanager_p.h"
#include "authorizationinterface.h"
#include "authorizationrule.h"
#include "authorizationrule_p.h"
#include "denyallauthorization_p.h"
#include "credentials.h"
#include "pinpairingauthorization_p.h"
#include "service.h"
#include "servicejob.h"
#include "trustedonlyauthorization_p.h"
#include "private/joliemessagehelper_p.h"
#include <QtCore/QBuffer>
#include <QtCore/QMap>
#include <QtCore/QMetaType>
#include <QtCore/QTimer>
#include <qtemporaryfile.h>
#include <QtNetwork/QHostInfo>
#include <QtJolie/Message>
#include <QtJolie/Server>
#include <kauthaction.h>
#include <kauthexecutejob.h>
#include <kconfiggroup.h>
#include <QDebug>
#include <kwallet.h>
namespace Plasma
{
class AuthorizationManagerSingleton
{
public:
AuthorizationManager self;
};
Q_GLOBAL_STATIC(AuthorizationManagerSingleton, privateAuthorizationManagerSelf)
AuthorizationManager *AuthorizationManager::self()
{
return &privateAuthorizationManagerSelf()->self;
}
AuthorizationManager::AuthorizationManager()
: QObject(),
d(new AuthorizationManagerPrivate(this))
{
qRegisterMetaTypeStreamOperators<Plasma::Credentials>("Plasma::Credentials");
}
AuthorizationManager::~AuthorizationManager()
{
delete d;
}
void AuthorizationManager::setAuthorizationPolicy(AuthorizationPolicy policy)
{
if (d->locked) {
#ifndef NDEBUG
// qDebug() << "Can't change AuthorizationPolicy: interface locked.";
#endif
return;
}
if (policy == d->authorizationPolicy) {
return;
}
d->authorizationPolicy = policy;
if (d->authorizationInterface != d->customAuthorizationInterface) {
delete d->authorizationInterface;
}
switch (policy) {
case DenyAll:
d->authorizationInterface = new DenyAllAuthorization();
break;
case PinPairing:
d->authorizationInterface = new PinPairingAuthorization();
break;
case TrustedOnly:
d->authorizationInterface = new TrustedOnlyAuthorization();
break;
case Custom:
d->authorizationInterface = d->customAuthorizationInterface;
break;
}
d->locked = true;
}
void AuthorizationManager::setAuthorizationInterface(AuthorizationInterface *interface)
{
if (d->authorizationInterface) {
#ifndef NDEBUG
// qDebug() << "Can't change AuthorizationInterface: interface locked.";
#endif
return;
}
delete d->customAuthorizationInterface;
d->customAuthorizationInterface = interface;
if (d->authorizationPolicy == Custom) {
d->authorizationInterface = interface;
}
}
AuthorizationManagerPrivate::AuthorizationManagerPrivate(AuthorizationManager *manager)
: q(manager),
server(0),
authorizationPolicy(AuthorizationManager::DenyAll),
authorizationInterface(new DenyAllAuthorization()),
customAuthorizationInterface(0),
rulesConfig(KSharedConfig::openConfig("/etc/plasma-remotewidgets.conf")->group("Rules")),
locked(false)
{
}
AuthorizationManagerPrivate::~AuthorizationManagerPrivate()
{
delete authorizationInterface;
delete customAuthorizationInterface;
delete server;
}
void AuthorizationManagerPrivate::prepareForServiceAccess()
{
if (myCredentials.isValid()) {
return;
}
wallet = KWallet::Wallet::openWallet("kdewallet", 0, KWallet::Wallet::Asynchronous);
q->connect(wallet, SIGNAL(walletOpened(bool)), q, SLOT(slotWalletOpened()));
QTimer::singleShot(0, q, SLOT(slotLoadRules()));
}
void AuthorizationManagerPrivate::prepareForServicePublication()
{
if (!server) {
server = new Jolie::Server(4000);
}
}
void AuthorizationManagerPrivate::saveRules()
{
#ifndef NDEBUG
// qDebug() << "SAVE RULES";
#endif
QTemporaryFile tempFile;
tempFile.open();
tempFile.setAutoRemove(false);
KConfigGroup rulesGroup = KSharedConfig::openConfig(tempFile.fileName())->group("Rules");
int i = 0;
foreach (AuthorizationRule *rule, rules) {
if (rule->persistence() == AuthorizationRule::Persistent) {
#ifndef NDEBUG
// qDebug() << "adding rule " << i;
#endif
rulesGroup.group(QString::number(i)).writeEntry("CredentialsID", rule->credentials().id());
rulesGroup.group(QString::number(i)).writeEntry("serviceName", rule->serviceName());
rulesGroup.group(QString::number(i)).writeEntry("Policy", (uint)rule->policy());
rulesGroup.group(QString::number(i)).writeEntry("Targets", (uint)rule->targets());
rulesGroup.group(QString::number(i)).writeEntry("Persistence", (uint)rule->persistence());
i++;
}
}
rulesGroup.sync();
tempFile.close();
#ifndef NDEBUG
// qDebug() << "tempfile = " << tempFile.fileName();
#endif
KAuth::Action action("org.kde.kcontrol.kcmremotewidgets.save");
action.addArgument("source", tempFile.fileName());
action.addArgument("filename", "/etc/plasma-remotewidgets.conf");
KAuth::ExecuteJob *job = action.execute();
if (!job->exec()) {
#ifndef NDEBUG
// qDebug() << "KAuth failed.... YOU SUCK!";
#endif
}
}
void AuthorizationManagerPrivate::slotWalletOpened()
{
QByteArray identity;
if (!wallet->readEntry("Credentials", identity)) {
#ifndef NDEBUG
// qDebug() << "Existing identity found";
#endif
QDataStream stream(&identity, QIODevice::ReadOnly);
stream >> myCredentials;
}
if (!myCredentials.isValid()) {
#ifndef NDEBUG
// qDebug() << "Creating a new identity";
#endif
myCredentials = Credentials::createCredentials(QHostInfo::localHostName());
QDataStream stream(&identity, QIODevice::WriteOnly);
stream << myCredentials;
wallet->writeEntry("Credentials", identity);
}
emit q->readyForRemoteAccess();
}
void AuthorizationManagerPrivate::slotLoadRules()
{
foreach (const QString &groupName, rulesConfig.groupList()) {
QString identityID = rulesConfig.group(groupName).readEntry("CredentialsID", "");
QString serviceName = rulesConfig.group(groupName).readEntry("serviceName", "");
uint policy = rulesConfig.group(groupName).readEntry("Policy", 0);
uint targets = rulesConfig.group(groupName).readEntry("Targets", 0);
uint persistence = rulesConfig.group(groupName).readEntry("Persistence", 0);
//Credentials storedCredentials = identities[identityID];
if (serviceName.isEmpty()) {
#ifndef NDEBUG
// qDebug() << "Invalid rule";
#endif
} else {
AuthorizationRule *rule = new AuthorizationRule(serviceName, identityID);
rule->setPolicy(static_cast<AuthorizationRule::Policy>(policy));
rule->setTargets(static_cast<AuthorizationRule::Targets>(targets));
rule->setPersistence(static_cast<AuthorizationRule::Persistence>(persistence));
rules.append(rule);
}
}
}
AuthorizationRule *AuthorizationManagerPrivate::matchingRule(const QString &serviceName,
const Credentials &identity) const
{
AuthorizationRule *matchingRule = 0;
foreach (AuthorizationRule *rule, rules) {
if (rule->d->matches(serviceName, identity.id())) {
//a message can have multiple matching rules, consider priorities: the more specific the
//rule is, the higher it's priority
if (!matchingRule) {
matchingRule = rule;
} else {
if (!matchingRule->targets().testFlag(AuthorizationRule::AllServices) &&
!matchingRule->targets().testFlag(AuthorizationRule::AllUsers)) {
matchingRule = rule;
}
}
}
}
if (!matchingRule) {
#ifndef NDEBUG
// qDebug() << "no matching rule";
#endif
} else {
#ifndef NDEBUG
// qDebug() << "matching rule found: " << matchingRule->description();
#endif
}
return matchingRule;
}
Credentials AuthorizationManagerPrivate::getCredentials(const QString &id)
{
if (identities.contains(id)) {
return identities[id];
} else {
return Credentials();
}
}
void AuthorizationManagerPrivate::addCredentials(const Credentials &identity)
{
if (identities.contains(identity.id())) {
return;
} else if (identity.isValid()) {
#ifndef NDEBUG
// qDebug() << "Adding a new identity for " << identity.id();
#endif
identities[identity.id()] = identity;
}
}
} // Plasma namespace
#include "moc_authorizationmanager.cpp"

124
src/plasma/remote/authorizationmanager.h
View File

@ -1,124 +0,0 @@
/*
* Copyright 2009 by Rob Scheepmaker <r.scheepmaker@student.utwente.nl>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor,
* Boston, MA 02110-1301 USA
*/
#ifndef PLASMA_AUTHORIZATIONMANAGER_H
#define PLASMA_AUTHORIZATIONMANAGER_H
#include "plasma_export.h"
#include <QtCore/QObject>
class QString;
namespace Plasma
{
class AuthorizationInterface;
class AuthorizationManagerPrivate;
class ServiceAccessJob;
class ServiceJob;
/**
* @class AuthorizationManager plasma/authorizationmanager.h <Plasma/AccessManager>
*
* @short Allows authorization of access to plasma services.
*
* This is the class where every message to or from another machine passes through.
* It's responsibilities are:
* - creating/keeping a credentials used for message signing.
* - verifying credentials of incoming messages.
* - testing whether or not the sender is allowed to access the requested resource by testing the
* request to a set of rules.
* - allowing the shell to respond to a remote request that doesn't match any of the rules that
* are in effect.
* Besides internal use in libplasma, the only moment you'll need to access this class is when you
* implement a plasma shell.
*
* @since 4.4
*/
class PLASMA_EXPORT AuthorizationManager : public QObject
{
Q_OBJECT
public:
enum AuthorizationPolicy {
DenyAll= 0, /** < Don't allow any incoming connections */
TrustedOnly= 1, /**< Standard PIN pairing for untrusted connections */
PinPairing= 2, /** < Only allow connections from trusted machines */
Custom= 256 /** < Specify a custom AuthorizationInterface */
};
/**
* Singleton pattern accessor.
*/
static AuthorizationManager *self();
/**
* Set a policy used for authorizing incoming connections. You can either use one of the
* included policies, Default is to deny all incoming connections. This can only be set
* once to avoid that malicious plugins can change this. This means that you should ALWAYS
* call this function in any plasma shell, even if you like to use the default DenyAll
* policy.
*/
void setAuthorizationPolicy(AuthorizationPolicy policy);
/**
* Register an implementation of AuthorizationInterface. Use this to make your shell
* handle authorization requests. This can only be set once to avoid that malicious plugins
* can change this.
*/
void setAuthorizationInterface(AuthorizationInterface *interface);
Q_SIGNALS:
/**
* fires when the AuthorizationManager is ready for accesssing remote plasmoids, meaning the
* private key has been unlocked by the user.
*/
void readyForRemoteAccess();
private:
AuthorizationManager();
~AuthorizationManager();
AuthorizationManagerPrivate *const d;
Q_PRIVATE_SLOT(d, void slotLoadRules())
Q_PRIVATE_SLOT(d, void slotWalletOpened())
friend class AccessManager;
friend class AuthorizationManagerPrivate;
friend class AuthorizationManagerSingleton;
friend class AuthorizationRule;
friend class AuthorizationRulePrivate;
friend class Applet;
friend class AppletPrivate;
friend class Credentials;
friend class DataEngine;
friend class GetSource;
friend class PackagePrivate;
friend class PlasmoidServiceJob;
friend class RemoteService;
friend class RemoteServiceJob;
friend class ServicePrivate;
friend class ServiceProvider;
};
} // Plasma namespace
#endif

305
src/plasma/remote/credentials.cpp
View File

@ -1,305 +0,0 @@
/*
* Copyright © 2009 Rob Scheepmaker <r.scheepmaker@student.utwente.nl>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Library General Public License version 2 as
* published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details
*
* You should have received a copy of the GNU Library General Public
* License along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#include "credentials.h"
#include "config-plasma.h"
#include <QCryptographicHash>
#include <QObject>
#if ENABLE_REMOTE_WIDGETS
#include <QtCrypto>
#endif
#include <QDebug>
#include <kstandarddirs.h>
#include "authorizationmanager.h"
#define REQUIRED_FEATURES "rsa,sha1,pkey"
namespace Plasma {
class CredentialsPrivate {
public:
CredentialsPrivate()
{
}
CredentialsPrivate(const QString &id, const QString &name,
const QString &pemKey, bool isPrivateKey)
: id(id),
name(name)
{
#if ENABLE_REMOTE_WIDGETS
if (!QCA::isSupported(REQUIRED_FEATURES)) {
qWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
return;
}
if (isPrivateKey) {
privateKey = QCA::PrivateKey::fromPEM(pemKey);
publicKey = privateKey.toPublicKey();
} else {
publicKey = QCA::PublicKey::fromPEM(pemKey);
}
#endif
}
~CredentialsPrivate()
{
}
QString id;
QString name;
#if ENABLE_REMOTE_WIDGETS
QCA::PublicKey publicKey;
QCA::PrivateKey privateKey;
#endif
};
Credentials::Credentials(const QString &id, const QString &name,
const QString &key, bool isPrivateKey)
: d(new CredentialsPrivate(id, name, key, isPrivateKey))
{
}
Credentials::Credentials()
: d(new CredentialsPrivate())
{
}
Credentials::Credentials(const Credentials &other)
: d(new CredentialsPrivate())
{
*d = *other.d;
}
Credentials::~Credentials()
{
delete d;
}
Credentials &Credentials::operator=(const Credentials &other)
{
*d = *other.d;
return *this;
}
Credentials Credentials::createCredentials(const QString &name)
{
#if ENABLE_REMOTE_WIDGETS
if (!QCA::isSupported(REQUIRED_FEATURES)) {
qWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
return Credentials();
}
QCA::KeyGenerator generator;
QCA::PrivateKey key = generator.createRSA(2048);
QString pemKey(key.toPublicKey().toPEM());
QString id = QCryptographicHash::hash(pemKey.toLatin1(), QCryptographicHash::Sha1);
return Credentials(id, name, key.toPEM(), true);
#else
return Credentials();
#endif
}
TrustLevel Credentials::trustLevel() const
{
/**
QString pemFile = KStandardDirs::locate("trustedkeys", id());
if (!pemFile.isEmpty()) {
QCA::PublicKey pubKey = QCA::PublicKey::fromPEMFile(pemFile);
if (pubKey == d->publicKey) {
return true;
}
}
*/
//Trust no one ;)
return UnknownTrusted;
}
bool Credentials::isValid() const
{
#if ENABLE_REMOTE_WIDGETS
if (!QCA::isSupported(REQUIRED_FEATURES)) {
qWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
return false;
}
if (d->publicKey.isNull()) {
return false;
} else {
QString id = QCryptographicHash::hash(d->publicKey.toPEM().toLatin1(), QCryptographicHash::Sha1);
return (id == d->id);
}
#else
#ifndef NDEBUG
// qDebug() << "libplasma is compiled without support for remote widgets. Key invalid.";
#endif
return false;
#endif
}
QString Credentials::name() const
{
return d->name;
}
QString Credentials::id() const
{
return d->id;
}
bool Credentials::isValidSignature(const QByteArray &signature, const QByteArray &payload)
{
#if ENABLE_REMOTE_WIDGETS
if (!QCA::isSupported(REQUIRED_FEATURES)) {
qWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
return false;
}
if (d->publicKey.canVerify()) {
if (!isValid()) {
#ifndef NDEBUG
// qDebug() << "Key is null?";
#endif
}
QCA::PublicKey publicKey = QCA::PublicKey::fromPEM(d->publicKey.toPEM());
publicKey.startVerify( QCA::EMSA3_MD5 );
publicKey.update(payload);
return ( publicKey.validSignature( signature ) );
} else {
#ifndef NDEBUG
// qDebug() << "Can't verify?";
#endif
return false;
}
#else
return false;
#endif
}
bool Credentials::canSign() const
{
#if ENABLE_REMOTE_WIDGETS
if (!QCA::isSupported(REQUIRED_FEATURES)) {
qWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
return false;
}
return d->privateKey.canSign();
#else
return false;
#endif
}
QByteArray Credentials::signMessage(const QByteArray &message)
{
#if ENABLE_REMOTE_WIDGETS
if(!QCA::isSupported(REQUIRED_FEATURES)) {
#ifndef NDEBUG
// qDebug() << "RSA not supported";
#endif
return QByteArray();
} else if (canSign()) {
//QCA::PrivateKey privateKey = QCA::PrivateKey::fromPEM(d->privateKey.toPEM());
d->privateKey.startSign( QCA::EMSA3_MD5 );
d->privateKey.update( message );
QByteArray signature = d->privateKey.signature();
return signature;
} else {
return QByteArray();
}
#else
return QByteArray();
#endif
}
Credentials Credentials::toPublicCredentials() const
{
#if ENABLE_REMOTE_WIDGETS
Credentials result(*this);
result.d->privateKey = QCA::PrivateKey();
return result;
#else
return Credentials();
#endif
}
QDataStream &operator<<(QDataStream &out, const Credentials &myObj)
{
#if ENABLE_REMOTE_WIDGETS
if (!QCA::isSupported(REQUIRED_FEATURES)) {
qWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
return out;
}
QString privateKeyPem;
QString publicKeyPem;
if (!myObj.d->privateKey.isNull()) {
privateKeyPem = myObj.d->privateKey.toPEM();
}
if (!myObj.d->publicKey.isNull()) {
publicKeyPem = myObj.d->publicKey.toPEM();
}
out << 1 << myObj.d->id << myObj.d->name << privateKeyPem << publicKeyPem;
#endif
return out;
}
QDataStream &operator>>(QDataStream &in, Credentials &myObj)
{
#if ENABLE_REMOTE_WIDGETS
if (!QCA::isSupported(REQUIRED_FEATURES)) {
qWarning() << "QCA doesn't support " << REQUIRED_FEATURES;
return in;
}
QString privateKeyString;
QString publicKeyString;
uint version;
in >> version >> myObj.d->id >> myObj.d->name >> privateKeyString >> publicKeyString;
QCA::ConvertResult conversionResult;
if (!privateKeyString.isEmpty()) {
myObj.d->privateKey = QCA::PrivateKey::fromPEM(privateKeyString,
QByteArray(), &conversionResult);
}
if (!publicKeyString.isEmpty()) {
myObj.d->publicKey = QCA::PublicKey::fromPEM(publicKeyString, &conversionResult);
}
if (conversionResult != QCA::ConvertGood) {
#ifndef NDEBUG
// qDebug() << "Unsuccessfull conversion of key?";
#endif
}
#endif
return in;
}
}

135
src/plasma/remote/credentials.h
View File

@ -1,135 +0,0 @@
/*
* Copyright © 2009 Rob Scheepmaker <r.scheepmaker@student.utwente.nl>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU Library General Public License version 2 as
* published by the Free Software Foundation
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details
*
* You should have received a copy of the GNU Library General Public
* License along with this program; if not, write to the
* Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*/
#ifndef CREDENTIALS_H
#define CREDENTIALS_H
#include "plasma.h"
#include <QtCore/QObject>
#include <QtCore/QDataStream>
#include <QtCore/QMetaType>
namespace Plasma {
class CredentialsPrivate;
/**
* @class Credentials plasma/credentials.h <Plasma/Credentials>
*
* This class encapsules someone's identity.
* It contains a unique id that identifies the machine an incoming connection is coming from, it's
* name (which is not necesarily unique and/or trusted), a public key used to validate messages
* coming from the machine with this identity, and in the future the possibility to determine
* whether or not this identity can be trusted based on mechanisms different then pin pairing, e.g.
* a signature of the key that can be verified by a gpg trusted key.
*/
class Credentials
{
public:
/**
* Default constructor.
*/
Credentials();
/**
* Copy constructor.
*/
Credentials(const Credentials &other);
~Credentials();
Credentials &operator=(const Credentials &other);
/**
* Create a new identity with a new set of random public/private keys.
*/
static Credentials createCredentials(const QString &name);
/**
* @return whether or not this identity can be trusted based on e.g. having the key signed with
* a trusted GPG key (not yet implemented) or having the key in a designated folder on disk
* (about to be impl.). If this function returns false, your shell should always instatiate
* pin pairing before allowing a connection from an untrusted source
* (AuthorizationRule::PinRequired flag should be set on the rule with setRules).
*/
TrustLevel trustLevel() const;
/**
* @return whether or not this is a null identity or an invalid one (hash of key doesn't match
* id). Maybe isValid() is a better name?
*/
bool isValid() const;
/**
* @return the name of this identity. There's however no guarantee that if the name returns e.g.
* "Santa Claus", this message is actually from Mr. Claus, except if trustLevel returns a
* sufficiently high trust level.
*/
QString name() const;
/**
* @return an id to identify this identity. I use a Hash of the public key as ID. This way we
* don't have to send the complete public key with every message.
*/
QString id() const;
/**
* @return whether or not @p signature is correct for @p message.
*/
bool isValidSignature(const QByteArray &signature, const QByteArray &message);
/**
* @return whether or not this identity can be used for signing a message (whether or not it
* includes a public key)
*/
bool canSign() const;
/**
* @return the signature for the message.
*/
QByteArray signMessage(const QByteArray &message);
/**
* @return a Credentials stripped from any private key, so you can be sure it is save to send to
* somebody.
*/
Credentials toPublicCredentials() const;
friend QDataStream &operator<<(QDataStream &, const Credentials &);
friend QDataStream &operator>>(QDataStream &, Credentials &);
private:
Credentials(const QString &id, const QString &name, const QString &key,
bool privateKey = false);
CredentialsPrivate *const d;
friend class AuthorizationManagerPrivate;
friend class CredentialsPrivate;
};
/**
* Streaming operators for sending/storing identities.
*/
QDataStream &operator<<(QDataStream &, const Credentials &);
QDataStream &operator>>(QDataStream &, Credentials &);
}
#endif // IDENTITY_H