securityeval: Add support for account config checks

Also:

 * Properly split the checks for accounts and certiticates
 * Fix account checks description
 * Define severity and security level for certificates checks

Refs #69834

src/certificate.h

@@ -93,27 +93,27 @@ public:
    *
    */
    enum class Checks {
-      HAS_PRIVATE_KEY                   , /** This certificate has a build in private key                          */
-      EXPIRED                           , /** This certificate is past its expiration date                         */
-      STRONG_SIGNING                    , /** This certificate has been signed with a brute-force-able method      */
-      NOT_SELF_SIGNED                   , /** This certificate has been self signed                                */
-      KEY_MATCH                         , /** The public and private keys provided don't match                     */
-      PRIVATE_KEY_STORAGE_PERMISSION    , /** The file hosting the private key isn't correctly secured             */
-      PUBLIC_KEY_STORAGE_PERMISSION     , /** The file hosting the public key isn't correctly secured              */
-      PRIVATE_KEY_DIRECTORY_PERMISSIONS , /** The folder storing the private key isn't correctly secured           */
-      PUBLIC_KEY_DIRECTORY_PERMISSIONS  , /** The folder storing the public key isn't correctly secured            */
-      PRIVATE_KEY_STORAGE_LOCATION      , /** Some operating systems have extra policies for certificate storage   */
-      PUBLIC_KEY_STORAGE_LOCATION       , /** Some operating systems have extra policies for certificate storage   */
-      PRIVATE_KEY_SELINUX_ATTRIBUTES    , /** Some operating systems require keys to have extra attributes         */
-      PUBLIC_KEY_SELINUX_ATTRIBUTES     , /** Some operating systems require keys to have extra attributes         */
-      EXIST                             , /** The certificate file doesn't exist or is not accessible              */
-      VALID                             , /** The file is not a certificate                                        */
-      VALID_AUTHORITY                   , /** The claimed authority did not sign the certificate                   */
-      KNOWN_AUTHORITY                   , /** Some operating systems provide a list of trusted authorities, use it */
-      NOT_REVOKED                       , /** The certificate has been revoked by the authority                    */
-      AUTHORITY_MATCH                   , /** The certificate and authority mismatch                               */
-      EXPECTED_OWNER                    , /** The certificate has an expected owner                                */
-      ACTIVATED                         , /** The certificate has not been activated yet                           */
+      HAS_PRIVATE_KEY                   , /*!< This certificate has a build in private key                          */
+      EXPIRED                           , /*!< This certificate is past its expiration date                         */
+      STRONG_SIGNING                    , /*!< This certificate has been signed with a brute-force-able method      */
+      NOT_SELF_SIGNED                   , /*!< This certificate has been self signed                                */
+      KEY_MATCH                         , /*!< The public and private keys provided don't match                     */
+      PRIVATE_KEY_STORAGE_PERMISSION    , /*!< The file hosting the private key isn't correctly secured             */
+      PUBLIC_KEY_STORAGE_PERMISSION     , /*!< The file hosting the public key isn't correctly secured              */
+      PRIVATE_KEY_DIRECTORY_PERMISSIONS , /*!< The folder storing the private key isn't correctly secured           */
+      PUBLIC_KEY_DIRECTORY_PERMISSIONS  , /*!< The folder storing the public key isn't correctly secured            */
+      PRIVATE_KEY_STORAGE_LOCATION      , /*!< Some operating systems have extra policies for certificate storage   */
+      PUBLIC_KEY_STORAGE_LOCATION       , /*!< Some operating systems have extra policies for certificate storage   */
+      PRIVATE_KEY_SELINUX_ATTRIBUTES    , /*!< Some operating systems require keys to have extra attributes         */
+      PUBLIC_KEY_SELINUX_ATTRIBUTES     , /*!< Some operating systems require keys to have extra attributes         */
+      EXIST                             , /*!< The certificate file doesn't exist or is not accessible              */
+      VALID                             , /*!< The file is not a certificate                                        */
+      VALID_AUTHORITY                   , /*!< The claimed authority did not sign the certificate                   */
+      KNOWN_AUTHORITY                   , /*!< Some operating systems provide a list of trusted authorities, use it */
+      NOT_REVOKED                       , /*!< The certificate has been revoked by the authority                    */
+      AUTHORITY_MATCH                   , /*!< The certificate and authority mismatch                               */
+      EXPECTED_OWNER                    , /*!< The certificate has an expected owner                                */
+      ACTIVATED                         , /*!< The certificate has not been activated yet                           */
       COUNT__,
    };
 
@@ -121,9 +121,9 @@ public:
    * @enum Details Informative fields about a certificate
    */
    enum class Details {
-      EXPIRATION_DATE                , /** The certificate expiration date                                      */
-      ACTIVATION_DATE                , /** The certificate activation date                                      */
-      REQUIRE_PRIVATE_KEY_PASSWORD   , /** Does the private key require a password                              */
+      EXPIRATION_DATE                , /*!< The certificate expiration date                                      */
+      ACTIVATION_DATE                , /*!< The certificate activation date                                      */
+      REQUIRE_PRIVATE_KEY_PASSWORD   , /*!< Does the private key require a password                              */
       PUBLIC_SIGNATURE               ,
       VERSION_NUMBER                 ,
       SERIAL_NUMBER                  ,
@@ -138,7 +138,7 @@ public:
       PUBLIC_KEY_ID                  ,
       ISSUER_DN                      ,
       NEXT_EXPECTED_UPDATE_DATE      ,
-      OUTGOING_SERVER                , /** The hostname/outgoing server used for this certificate               */
+      OUTGOING_SERVER                , /*!< The hostname/outgoing server used for this certificate               */
 
       COUNT__
    };
@@ -165,9 +165,9 @@ public:
    * new validated types are required.
    */
    enum class CheckValues {
-      FAILED     , /** Equivalent of a boolean "false"                                   */
-      PASSED     , /** Equivalent of a boolean "true"                                    */
-      UNSUPPORTED, /** The operating system doesn't support or require the check         */
+      FAILED     , /*!< Equivalent of a boolean "false"                                   */
+      PASSED     , /*!< Equivalent of a boolean "true"                                    */
+      UNSUPPORTED, /*!< The operating system doesn't support or require the check         */
       COUNT__,
    };
    Q_ENUMS(CheckValues)
@@ -244,5 +244,7 @@ Q_SIGNALS:
 };
 Q_DECLARE_METATYPE(Certificate*)
 Q_DECLARE_METATYPE(Certificate::CheckValues)
+Q_DECLARE_METATYPE(Certificate::Checks)
+Q_DECLARE_METATYPE(Certificate::Details)
 
 #endif

src/certificatemodel.cpp

@@ -34,6 +34,13 @@
 #include "account.h"
 #include "delegates/certificateserializationdelegate.h"
 
+enum class DetailType : uchar
+{
+   NONE  ,
+   DETAIL,
+   CHECK ,
+};
+
 struct CertificateNode {
 
    CertificateNode(int index, CertificateModel::NodeType level, CertificateNode* parent, Certificate* cert);
@@ -44,7 +51,9 @@ struct CertificateNode {
    CertificateNode*           m_pParent        ;
    Certificate*               m_pCertificate   ;
    CertificateModel::NodeType m_Level          ;
+   DetailType                 m_DetailType     ;
    int                        m_Index          ;
+   int                        m_EnumClassDetail;
    QString                    m_Col1           ;
    QVariant                   m_Col2           ;
    QString                    m_ToolTip        ;
@@ -142,7 +151,8 @@ CertificateModelPrivate::~CertificateModelPrivate()
 }
 
 CertificateNode::CertificateNode(int index, CertificateModel::NodeType level, CertificateNode* parent, Certificate* cert) :
-   m_pParent(parent), m_pCertificate(cert), m_Level(level), m_Index(index), m_IsLoaded(true)
+   m_pParent(parent), m_pCertificate(cert), m_Level(level), m_Index(index), m_IsLoaded(true),m_DetailType(DetailType::NONE),
+   m_EnumClassDetail(0)
 {
    CertificateModel::instance()->d_ptr->m_hNodes[cert] = this;
 }
@@ -213,6 +223,11 @@ QHash<int,QByteArray> CertificateModel::roleNames() const
          }
          roles[static_cast<int>(Role::DetailRoleBase)+static_cast<int>(d)] = name.toLatin1();
       }
+
+      roles[static_cast<int>(Role::isDetail)] = "isDetail";
+      roles[static_cast<int>(Role::isCheck )] = "isCheck" ;
+      roles[static_cast<int>(Role::detail  )] = "detail"  ;
+      roles[static_cast<int>(Role::check   )] = "check"   ;
    }
    return roles;
 }
@@ -316,6 +331,8 @@ CertificateNode* CertificateModelPrivate::addToTree(Certificate* cert, Certifica
       for (const Certificate::Details detail : EnumIterator<Certificate::Details>()) {
          CertificateNode* d = new CertificateNode(details->m_lChildren.size(), CertificateModel::NodeType::DETAILS, details, nullptr);
          d->setStrings(cert->getName(detail),cert->detailResult(detail),cert->getDescription(detail)       );
+         d->m_DetailType = DetailType::DETAIL;
+         d->m_EnumClassDetail = static_cast<int>(detail);
          details->m_lChildren << d;
       }
       q_ptr->endInsertRows();
@@ -327,6 +344,8 @@ CertificateNode* CertificateModelPrivate::addToTree(Certificate* cert, Certifica
          if (cert->checkResult(check) != Certificate::CheckValues::UNSUPPORTED) {
             CertificateNode* d = new CertificateNode(checks->m_lChildren.size(), CertificateModel::NodeType::DETAILS, checks, nullptr);
             d->setStrings(cert->getName(check),static_cast<bool>(cert->checkResult(check)),cert->getDescription(check));
+            d->m_DetailType = DetailType::CHECK;
+            d->m_EnumClassDetail = static_cast<int>(check);
             checks->m_lChildren << d;
          }
       }
@@ -353,6 +372,10 @@ QVariant CertificateModel::data( const QModelIndex& index, int role) const
       return QVariant();
    const CertificateNode* node = static_cast<CertificateNode*>(index.internalPointer());
 
+   if (!node)
+      return QVariant();
+
+
    switch(role) {
       case Qt::DisplayRole:
       case Qt::EditRole:
@@ -364,13 +387,38 @@ QVariant CertificateModel::data( const QModelIndex& index, int role) const
    };
 
    //Add the details as roles for certificates
-   if (node && node->m_Level == NodeType::CERTIFICATE && role >= static_cast<int>(Role::DetailRoleBase) && role < static_cast<int>(Role::DetailRoleBase)+enum_class_size<Certificate::Details>()) {
+   if (node->m_Level == NodeType::CERTIFICATE && role >= static_cast<int>(Role::DetailRoleBase) && role < static_cast<int>(Role::DetailRoleBase)+enum_class_size<Certificate::Details>()) {
       Certificate* cert = node->m_pCertificate;
       if (cert) {
          return cert->detailResult(static_cast<Certificate::Details>(role - static_cast<int>(Role::DetailRoleBase)));
       }
    }
 
+   switch (node->m_Level) {
+      case CertificateModel::NodeType::DETAILS         :
+         switch(role) {
+            case (int)Role::isDetail:
+               return node->m_DetailType == DetailType::DETAIL;
+               break;
+            case (int)Role::isCheck:
+               return node->m_DetailType == DetailType::CHECK;
+               break;
+            case (int)Role::detail:
+               if (node->m_DetailType == DetailType::DETAIL)
+                  return QVariant::fromValue(static_cast<Certificate::Details>(node->m_EnumClassDetail));
+               break;
+            case (int)Role::check:
+               if (node->m_DetailType == DetailType::CHECK)
+                  return QVariant::fromValue(static_cast<Certificate::Checks>(node->m_EnumClassDetail));
+               break;
+         }
+         break;
+      case CertificateModel::NodeType::CERTIFICATE     :
+      case CertificateModel::NodeType::DETAILS_CATEGORY:
+      case CertificateModel::NodeType::CATEGORY        :
+         break;
+   }
+
    return QVariant();
 }
 

src/certificatemodel.h

@@ -35,6 +35,10 @@ public:
 
    enum class Role {
       NodeType       = 100,
+      isDetail       = 101,
+      isCheck        = 102,
+      detail         = 103,
+      check          = 104,
       DetailRoleBase = 1000,
    };
 

src/delegates/pixmapmanipulationdelegate.cpp

@@ -65,7 +65,7 @@ PixmapManipulationDelegate* PixmapManipulationDelegate::instance()
    return m_spInstance;
 }
 
-QVariant PixmapManipulationDelegate::serurityIssueIcon(const QModelIndex& index)
+QVariant PixmapManipulationDelegate::securityIssueIcon(const QModelIndex& index)
 {
    Q_UNUSED(index)
    return QVariant();

src/delegates/pixmapmanipulationdelegate.h

@@ -61,7 +61,7 @@ public:
    virtual QVariant   callPhoto(Call* c, const QSize& size, bool displayPresence = true);
    virtual QVariant   callPhoto(const ContactMethod* n, const QSize& size, bool displayPresence = true);
    virtual QVariant   numberCategoryIcon(const QVariant& p, const QSize& size, bool displayPresence = false, bool isPresent = false);
-   virtual QVariant   serurityIssueIcon(const QModelIndex& index);
+   virtual QVariant   securityIssueIcon(const QModelIndex& index);
    virtual QByteArray toByteArray(const QVariant& pxm);
    virtual QVariant   profilePhoto(const QByteArray& data, const QString& type = "PNG");
    virtual QVariant   collectionIcon(const CollectionInterface* interface, PixmapManipulationDelegate::CollectionIconHint hint = PixmapManipulationDelegate::CollectionIconHint::NONE) const;

src/private/securityvalidationmodel_p.h

@@ -22,6 +22,8 @@ class SecurityFlaw;
 class Account;
 class Certificate;
 
+#include <certificate.h>
+
 class SecurityValidationModelPrivate
 {
 public:
@@ -46,6 +48,9 @@ public:
    static const TypedStateMachine< SecurityValidationModel::SecurityLevel , SecurityValidationModel::AccountSecurityFlaw > maximumSecurityLevel;
    static const TypedStateMachine< SecurityValidationModel::Severity      , SecurityValidationModel::AccountSecurityFlaw > flawSeverity        ;
 
+   static const TypedStateMachine< SecurityValidationModel::SecurityLevel , Certificate::Checks > maximumCertificateSecurityLevel;
+   static const TypedStateMachine< SecurityValidationModel::Severity      , Certificate::Checks > certificateFlawSeverity        ;
+
    SecurityValidationModel* q_ptr;
 };
 

src/private/vcardutils.h

@@ -23,7 +23,7 @@
 #include <QStringList>
 #include "person.h"
 
-class LIB_EXPORT VCardUtils
+class VCardUtils
 {
 public:
 

src/securityvalidationmodel.h

@@ -89,23 +89,15 @@ public:
 
    ///Every supported flaws
    enum class AccountSecurityFlaw {
-      SRTP_DISABLED                  ,
-      TLS_DISABLED                   ,
-      CERTIFICATE_EXPIRED            ,
-      CERTIFICATE_SELF_SIGNED        ,
-      CA_CERTIFICATE_MISSING         ,
-      END_CERTIFICATE_MISSING        ,
-      PRIVATE_KEY_MISSING            ,
-      CERTIFICATE_MISMATCH           ,
-      CERTIFICATE_STORAGE_PERMISSION ,
-      CERTIFICATE_STORAGE_FOLDER     ,
-      CERTIFICATE_STORAGE_LOCATION   ,
-      OUTGOING_SERVER_MISMATCH       ,
-      VERIFY_INCOMING_DISABLED       ,
-      VERIFY_ANSWER_DISABLED         ,
-      REQUIRE_CERTIFICATE_DISABLED   ,
-      MISSING_CERTIFICATE            ,
-      MISSING_AUTHORITY              ,
+      SRTP_ENABLED                ,
+      TLS_ENABLED                 ,
+      CERTIFICATE_MATCH           ,
+      OUTGOING_SERVER_MATCH       ,
+      VERIFY_INCOMING_ENABLED     ,
+      VERIFY_ANSWER_ENABLED       ,
+      REQUIRE_CERTIFICATE_ENABLED ,
+      NOT_MISSING_CERTIFICATE     ,
+      NOT_MISSING_AUTHORITY       ,
       COUNT__
    };
 

src/typedefs.h

@@ -92,6 +92,7 @@ struct Matrix1D
 {
 
    Matrix1D(std::initializer_list< std::initializer_list<Value> > s);
+   explicit Matrix1D();
 
    // Row is a built-in type ("int" by default)
    Value operator[](Row v);
@@ -101,15 +102,18 @@ struct Matrix1D
    /**
    * An Iterator for enum classes
    */
-   class EnumClassIter
+   class Matrix1DEnumClassIter
    {
    public:
-      EnumClassIter (const Matrix1D<Row, Value, A>* p_vec, int pos)
+      Matrix1DEnumClassIter (const Matrix1D<Row, Value, A>* p_vec, int pos)
          : pos_( pos ), p_vec_( p_vec ) {}
 
-      bool operator!= (const EnumClassIter& other) const;
-      Row operator* () const;
-      const EnumClassIter& operator++ ();
+      bool operator!= (const Matrix1DEnumClassIter& other) const;
+      bool operator== (const Matrix1DEnumClassIter& other) const;
+      void operator=  (Value& other              )      ;
+      void operator=  (Value& other              ) const;
+      //Row operator* () const;
+      //const Matrix1DEnumClassIter& operator++ ();
 
    private:
       int pos_;
@@ -117,16 +121,19 @@ struct Matrix1D
    };
 
    //Iterators
-   EnumClassIter begin();
-   EnumClassIter end();
+   Matrix1DEnumClassIter begin();
+   Matrix1DEnumClassIter end();
 
    // Only use for single reverse mappable arrays, will ASSERT otherwise
    Row fromValue(const Value& value) const;
 
    static void setReverseMapping(Matrix1D<Row,const char *> names);
 
+   //Setter
+   void setAt(Row,Value);
+
 private:
-   const QVector<Value> m_lData;
+   QVector<Value> m_lData;
    static QMap<A, Row> m_hReverseMapping;
 };
 

src/typedefs.hpp

@@ -58,6 +58,12 @@ typename EnumIterator<EnumClass>::EnumClassIter EnumIterator<EnumClass>::end()
 
 
 
+template<class Row, typename Value, typename Accessor>
+Matrix1D<Row,Value,Accessor>::Matrix1D()
+{
+   m_lData.resize(enum_class_size<Row>());
+}
+
 template<class Row, typename Value, typename Accessor>
 Matrix1D<Row,Value,Accessor>::Matrix1D(std::initializer_list< std::initializer_list<Value>> s)
 : m_lData(*std::begin(s)) {
@@ -113,3 +119,33 @@ Row Matrix1D<Row,Value,Accessor>::fromValue(const Value& value) const {
     }
     return m_hReverseMapping[value];
 }
+
+template<class Row, typename Value, typename Accessor>
+bool Matrix1D<Row,Value,Accessor>::Matrix1DEnumClassIter::operator!= (const Matrix1DEnumClassIter& other) const
+{
+   return pos_ != other.pos_;
+}
+
+template<class Row, typename Value, typename Accessor>
+bool Matrix1D<Row,Value,Accessor>::Matrix1DEnumClassIter::operator== (const Matrix1DEnumClassIter& other) const
+{
+   return pos_ == other.pos_;
+}
+
+template<class Row, typename Value, typename Accessor>
+void Matrix1D<Row,Value,Accessor>::Matrix1DEnumClassIter::operator= (Value& other) const
+{
+   m_lData[pos_] = other;
+}
+
+template<class Row, typename Value, typename Accessor>
+void Matrix1D<Row,Value,Accessor>::Matrix1DEnumClassIter::operator= (Value& other)
+{
+   m_lData[pos_] = other;
+}
+
+template<class Row, typename Value, typename Accessor>
+void Matrix1D<Row,Value,Accessor>::setAt(Row row,Value value)
+{
+   m_lData[(int)row] = value;
+}