/*
* Copyright (C) 2015 Red Hat, Inc.
*
* SPDX-License-Identifier: LGPL-2.0+
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the
* Free Software Foundation, Inc., 59 Temple Place - Suite 330,
* Boston, MA 02111-1307, USA.
*/
#pragma once
#include <gio/gio.h>
#include <ostree-types.h>
G_BEGIN_DECLS
#define OSTREE_TYPE_GPG_VERIFY_RESULT \
(ostree_gpg_verify_result_get_type ())
#define OSTREE_GPG_VERIFY_RESULT(obj) \
(G_TYPE_CHECK_INSTANCE_CAST ((obj), OSTREE_TYPE_GPG_VERIFY_RESULT, OstreeGpgVerifyResult))
#define OSTREE_IS_GPG_VERIFY_RESULT(obj) \
(G_TYPE_CHECK_INSTANCE_TYPE ((obj), OSTREE_TYPE_GPG_VERIFY_RESULT))
typedef struct OstreeGpgVerifyResult OstreeGpgVerifyResult;
/**
* OstreeGpgSignatureAttr:
* @OSTREE_GPG_SIGNATURE_ATTR_VALID:
* [#G_VARIANT_TYPE_BOOLEAN] Is the signature valid?
* @OSTREE_GPG_SIGNATURE_ATTR_SIG_EXPIRED:
* [#G_VARIANT_TYPE_BOOLEAN] Has the signature expired?
* @OSTREE_GPG_SIGNATURE_ATTR_KEY_EXPIRED:
* [#G_VARIANT_TYPE_BOOLEAN] Has the signing key expired?
* @OSTREE_GPG_SIGNATURE_ATTR_KEY_REVOKED:
* [#G_VARIANT_TYPE_BOOLEAN] Has the signing key been revoked?
* @OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING:
* [#G_VARIANT_TYPE_BOOLEAN] Is the signing key missing?
* @OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT:
* [#G_VARIANT_TYPE_STRING] Fingerprint of the signing key
* @OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP:
* [#G_VARIANT_TYPE_INT64] Signature creation Unix timestamp
* @OSTREE_GPG_SIGNATURE_ATTR_EXP_TIMESTAMP:
* [#G_VARIANT_TYPE_INT64] Signature expiration Unix timestamp (0 if no
* expiration)
* @OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME:
* [#G_VARIANT_TYPE_STRING] Name of the public key algorithm used to create
* the signature
* @OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME:
* [#G_VARIANT_TYPE_STRING] Name of the hash algorithm used to create the
* signature
* @OSTREE_GPG_SIGNATURE_ATTR_USER_NAME:
* [#G_VARIANT_TYPE_STRING] The name of the signing key's primary user
* @OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL:
* [#G_VARIANT_TYPE_STRING] The email address of the signing key's primary
* user
* @OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY:
* [#G_VARIANT_TYPE_STRING] Fingerprint of the signing key's primary key
* (will be the same as OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT if the
* the signature is already from the primary key rather than a subkey,
* and will be the empty string if the key is missing.)
* @OSTREE_GPG_SIGNATURE_ATTR_KEY_EXP_TIMESTAMP:
* [#G_VARIANT_TYPE_INT64] Key expiration Unix timestamp (0 if no
* expiration or if the key is missing)
* @OSTREE_GPG_SIGNATURE_ATTR_KEY_EXP_TIMESTAMP_PRIMARY:
* [#G_VARIANT_TYPE_INT64] Key expiration Unix timestamp of the signing key's
* primary key (will be the same as OSTREE_GPG_SIGNATURE_ATTR_KEY_EXP_TIMESTAMP
* if the signing key is the primary key and 0 if no expiration or if the key
* is missing)
*
* Signature attributes available from an #OstreeGpgVerifyResult.
* The attribute's #GVariantType is shown in brackets.
**/
typedef enum {
OSTREE_GPG_SIGNATURE_ATTR_VALID,
OSTREE_GPG_SIGNATURE_ATTR_SIG_EXPIRED,
OSTREE_GPG_SIGNATURE_ATTR_KEY_EXPIRED,
OSTREE_GPG_SIGNATURE_ATTR_KEY_REVOKED,
OSTREE_GPG_SIGNATURE_ATTR_KEY_MISSING,
OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT,
OSTREE_GPG_SIGNATURE_ATTR_TIMESTAMP,
OSTREE_GPG_SIGNATURE_ATTR_EXP_TIMESTAMP,
OSTREE_GPG_SIGNATURE_ATTR_PUBKEY_ALGO_NAME,
OSTREE_GPG_SIGNATURE_ATTR_HASH_ALGO_NAME,
OSTREE_GPG_SIGNATURE_ATTR_USER_NAME,
OSTREE_GPG_SIGNATURE_ATTR_USER_EMAIL,
OSTREE_GPG_SIGNATURE_ATTR_FINGERPRINT_PRIMARY,
OSTREE_GPG_SIGNATURE_ATTR_KEY_EXP_TIMESTAMP,
OSTREE_GPG_SIGNATURE_ATTR_KEY_EXP_TIMESTAMP_PRIMARY,
} OstreeGpgSignatureAttr;
_OSTREE_PUBLIC
GType ostree_gpg_verify_result_get_type (void);
_OSTREE_PUBLIC
guint ostree_gpg_verify_result_count_all (OstreeGpgVerifyResult *result);
_OSTREE_PUBLIC
guint ostree_gpg_verify_result_count_valid (OstreeGpgVerifyResult *result);
_OSTREE_PUBLIC
gboolean ostree_gpg_verify_result_lookup (OstreeGpgVerifyResult *result,
const gchar *key_id,
guint *out_signature_index);
_OSTREE_PUBLIC
GVariant * ostree_gpg_verify_result_get (OstreeGpgVerifyResult *result,
guint signature_index,
OstreeGpgSignatureAttr *attrs,
guint n_attrs);
_OSTREE_PUBLIC
GVariant * ostree_gpg_verify_result_get_all (OstreeGpgVerifyResult *result,
guint signature_index);
/**
* OstreeGpgSignatureFormatFlags:
* @OSTREE_GPG_SIGNATURE_FORMAT_DEFAULT:
* Use the default output format
*
* Formatting flags for ostree_gpg_verify_result_describe(). Currently
* there's only one possible output format, but this enumeration allows
* for future variations.
**/
typedef enum {
OSTREE_GPG_SIGNATURE_FORMAT_DEFAULT = (0 << 0),
} OstreeGpgSignatureFormatFlags;
_OSTREE_PUBLIC
void ostree_gpg_verify_result_describe (OstreeGpgVerifyResult *result,
guint signature_index,
GString *output_buffer,
const gchar *line_prefix,
OstreeGpgSignatureFormatFlags flags);
_OSTREE_PUBLIC
void ostree_gpg_verify_result_describe_variant (GVariant *variant,
GString *output_buffer,
const gchar *line_prefix,
OstreeGpgSignatureFormatFlags flags);
_OSTREE_PUBLIC
gboolean ostree_gpg_verify_result_require_valid_signature (OstreeGpgVerifyResult *result,
GError **error);
/**
* OstreeGpgError:
* @OSTREE_GPG_ERROR_NO_SIGNATURE: A signature was expected, but not found.
* @OSTREE_GPG_ERROR_INVALID_SIGNATURE: A signature was malformed.
* @OSTREE_GPG_ERROR_MISSING_KEY: A signature was found, but was created with a key not in the configured keyrings.
* @OSTREE_GPG_ERROR_EXPIRED_SIGNATURE: A signature was expired. Since: 2020.1.
* @OSTREE_GPG_ERROR_EXPIRED_KEY: A signature was found, but the key used to
* sign it has expired. Since: 2020.1.
* @OSTREE_GPG_ERROR_REVOKED_KEY: A signature was found, but the key used to
* sign it has been revoked. Since: 2020.1.
*
* Errors returned by signature creation and verification operations in OSTree.
* These may be returned by any API which creates or verifies signatures.
*
* Since: 2017.10
*/
typedef enum {
OSTREE_GPG_ERROR_NO_SIGNATURE = 0,
OSTREE_GPG_ERROR_INVALID_SIGNATURE,
OSTREE_GPG_ERROR_MISSING_KEY,
OSTREE_GPG_ERROR_EXPIRED_SIGNATURE,
OSTREE_GPG_ERROR_EXPIRED_KEY,
OSTREE_GPG_ERROR_REVOKED_KEY,
} OstreeGpgError;
/**
* ostree_gpg_error_quark:
*
* Since: 2017.10
*/
_OSTREE_PUBLIC
GQuark ostree_gpg_error_quark (void);
#define OSTREE_GPG_ERROR (ostree_gpg_error_quark ())
G_END_DECLS