python: Support manipulating the TOFU policy.

* NEWS: Update. * doc/gpgme.texi: Fix typos. * lang/python/gpg/constants/__init__.py: Import new files. * lang/python/gpg/constants/tofu/__init__.py: New file. * lang/python/gpg/constants/tofu/policy.py: New file. * lang/python/gpg/core.py (Context.key_tofu_policy): New function. * lang/python/gpgme.i: Nice reprs for gpgme_tofu_info_t. * lang/python/setup.py.in: Install new package. * lang/python/tests/t-quick-key-manipulation.py: Extend test. Signed-off-by: Justus Winter <[email protected]>
author: Justus Winter <[email protected]> 2017-02-17 16:07:05 +0000
committer: Justus Winter <[email protected]> 2017-02-17 16:08:03 +0000
commit: 15fbac9e72a4d1bff9a3b9e9822f9175b09fbcd5 (patch)
tree: cee4dfffa19f9ad95b51afb3e33b73d2b69fa9da
parent: python: Support quick key signing. (diff)
download: gpgme-15fbac9e72a4d1bff9a3b9e9822f9175b09fbcd5.tar.gz
gpgme-15fbac9e72a4d1bff9a3b9e9822f9175b09fbcd5.zip
9 files changed, 103 insertions, 5 deletions
diff --git a/NEWS b/NEWS
index 617d1d37..d1042c60 100644
--- a/NEWS
+++ b/NEWS
@@ -26,6 +26,7 @@ Noteworthy changes in version 1.8.1 (unreleased)
  py: Context.key_add_uid     NEW.
  py: Context.key_revoke_uid  NEW.
  py: Context.key_sign        NEW.
+ py: Context.key_tofu_policy NEW.
  py: core.pubkey_algo_string NEW.
  py: core.addrspec_from_uid  NEW.
 
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 78225d58..1e2cde7d 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -4489,7 +4489,7 @@ could not be started.
 @cindex validity, TOFU
 
 The OpenPGP engine features a Trust-On-First-Use (TOFU) key validation
-model.  For resolving clonflics it is necessary to declare the policy
+model.  For resolving conflicts it is necessary to declare the policy
 for a key.  See the GnuPG manual for details on the TOFU
 implementation.
 
@@ -4502,7 +4502,7 @@ policy values that are supported by @acronym{GPGME}:
 @item GPGME_TOFU_POLICY_AUTO
 Set the policy to ``auto''.
 @item GPGME_TOFU_POLICY_GOOD
-Set the policy to ``goog''.
+Set the policy to ``good''.
 @item GPGME_TOFU_POLICY_BAD
 Set the policy to ``bad''.
 @item GPGME_TOFU_POLICY_ASK
diff --git a/lang/python/gpg/constants/__init__.py b/lang/python/gpg/constants/__init__.py
index 79d1fbc1..484ffd29 100644
--- a/lang/python/gpg/constants/__init__.py
+++ b/lang/python/gpg/constants/__init__.py
@@ -25,7 +25,7 @@ util.process_constants('GPGME_', globals())
 del util
 
 # For convenience, we import the modules here.
-from . import data, keylist, sig # The subdirs.
+from . import data, keylist, sig, tofu # The subdirs.
 from . import create, event, keysign, md, pk, protocol, sigsum, status, validity
 
 # A complication arises because 'import' is a reserved keyword.
@@ -34,7 +34,7 @@ globals()['Import'] = getattr(__import__('', globals(), locals(),
                                          [str('import')], 1), "import")
 
 __all__ = ['data', 'event', 'import', 'keysign', 'keylist', 'md', 'pk',
-           'protocol', 'sig', 'sigsum', 'status', 'validity', 'create']
+           'protocol', 'sig', 'sigsum', 'status', 'tofu', 'validity', 'create']
 
 # GPGME 1.7 replaced gpgme_op_edit with gpgme_op_interact.  We
 # implement gpg.Context.op_edit using gpgme_op_interact, so the
diff --git a/lang/python/gpg/constants/tofu/__init__.py b/lang/python/gpg/constants/tofu/__init__.py
new file mode 100644
index 00000000..819a58bb
--- /dev/null
+++ b/lang/python/gpg/constants/tofu/__init__.py
@@ -0,0 +1,24 @@
+# TOFU
+#
+# Copyright (C) 2017 g10 Code GmbH
+#
+# This file is part of GPGME.
+#
+# GPGME is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2.1 of the
+# License, or (at your option) any later version.
+#
+# GPGME is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General
+# Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import absolute_import, print_function, unicode_literals
+del absolute_import, print_function, unicode_literals
+
+from . import policy
+__all__ = ['policy']
diff --git a/lang/python/gpg/constants/tofu/policy.py b/lang/python/gpg/constants/tofu/policy.py
new file mode 100644
index 00000000..5a61f067
--- /dev/null
+++ b/lang/python/gpg/constants/tofu/policy.py
@@ -0,0 +1,25 @@
+# TOFU policies
+#
+# Copyright (C) 2017 g10 Code GmbH
+#
+# This file is part of GPGME.
+#
+# GPGME is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2.1 of the
+# License, or (at your option) any later version.
+#
+# GPGME is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General
+# Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import absolute_import, print_function, unicode_literals
+del absolute_import, print_function, unicode_literals
+
+from gpg import util
+util.process_constants('GPGME_TOFU_POLICY_', globals())
+del util
diff --git a/lang/python/gpg/core.py b/lang/python/gpg/core.py
index cb4ccf73..fe0ba81c 100644
--- a/lang/python/gpg/core.py
+++ b/lang/python/gpg/core.py
@@ -716,6 +716,18 @@ class Context(GpgmeWrapper):
 
         self.op_keysign(key, uids, expires_in, flags)
 
+    def key_tofu_policy(self, key, policy):
+        """Set a keys' TOFU policy
+
+        Set the TOFU policy associated with KEY to POLICY.  Calling
+        this function is only valid for the OpenPGP protocol.
+
+        Raises:
+        GPGMEError   -- as signaled by the underlying library
+
+        """
+        self.op_tofu_policy(key, policy)
+
     def assuan_transact(self, command,
                         data_cb=None, inquire_cb=None, status_cb=None):
         """Issue a raw assuan command
diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i
index 3e89bb11..fa9caf66 100644
--- a/lang/python/gpgme.i
+++ b/lang/python/gpgme.i
@@ -687,3 +687,7 @@ _gpg_unwrap_gpgme_ctx_t(PyObject *wrapped)
 %extend _gpgme_user_id {
   genericrepr(UID)
 };
+
+%extend _gpgme_tofu_info {
+  genericrepr(TofuInfo)
+};
diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in
index e32237dd..bf4efa31 100755
--- a/lang/python/setup.py.in
+++ b/lang/python/setup.py.in
@@ -172,7 +172,8 @@ setup(name="gpg",
       url='https://www.gnupg.org',
       ext_modules=[swige],
       packages = ['gpg', 'gpg.constants', 'gpg.constants.data',
-                  'gpg.constants.keylist', 'gpg.constants.sig'],
+                  'gpg.constants.keylist', 'gpg.constants.sig',
+                  'gpg.constants.tofu'],
       license="LGPL2.1+ (the library), GPL2+ (tests and examples)",
       classifiers=[
           'Development Status :: 4 - Beta',
diff --git a/lang/python/tests/t-quick-key-manipulation.py b/lang/python/tests/t-quick-key-manipulation.py
index 12c18ce5..d7d2bd4f 100755
--- a/lang/python/tests/t-quick-key-manipulation.py
+++ b/lang/python/tests/t-quick-key-manipulation.py
@@ -90,3 +90,34 @@ with support.EphemeralContext() as ctx:
         assert False, "Expected an error but got none"
     except gpg.errors.GpgError:
         pass
+
+    # Check setting the TOFU policy.
+    with open("gpg.conf", "a") as handle:
+        handle.write("trust-model tofu+pgp\n")
+
+    for name, policy in [(name, getattr(gpg.constants.tofu.policy, name))
+                         for name in filter(lambda x: not x.startswith('__'),
+                                            dir(gpg.constants.tofu.policy))]:
+        if policy == gpg.constants.tofu.policy.NONE:
+            # We must not set the policy to NONE.
+            continue
+
+        ctx.key_tofu_policy(key, policy)
+
+        keys = list(ctx.keylist(key.uids[0].uid,
+                                mode=(gpg.constants.keylist.mode.LOCAL
+                                      |gpg.constants.keylist.mode.WITH_TOFU)))
+        assert len(keys) == 1
+
+        if policy == gpg.constants.tofu.policy.AUTO:
+            # We cannot check that it is set to AUTO.
+            continue
+
+        for uid in keys[0].uids:
+            if uid.uid == alpha:
+                # TOFU information of revoked UIDs is not updated.
+                # XXX: Is that expected?
+                continue
+            assert uid.tofu[0].policy == policy, \
+                "Expected policy {0} ({1}), got {2}".format(policy, name,
+                                                            uid.tofu[0].policy)
author	Justus Winter <[email protected]>	2017-02-17 16:07:05 +0000
committer	Justus Winter <[email protected]>	2017-02-17 16:08:03 +0000
commit	15fbac9e72a4d1bff9a3b9e9822f9175b09fbcd5 (patch)
tree	cee4dfffa19f9ad95b51afb3e33b73d2b69fa9da
parent	python: Support quick key signing. (diff)
download	gpgme-15fbac9e72a4d1bff9a3b9e9822f9175b09fbcd5.tar.gz gpgme-15fbac9e72a4d1bff9a3b9e9822f9175b09fbcd5.zip