GpgFrontend/gpgme
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of ssh+git://playfair.gnupg.org/git/gpgme

Browse Source
This commit is contained in:
Ben McGinnes 2018-12-06 01:53:08 +11:00
commit ad030234b4
2 changed files with 44 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
lang/python/src/core.py
View File

@ -342,7 +342,10 @@ class Context(GpgmeWrapper):
Decrypt the given ciphertext and verify any signatures. If Decrypt the given ciphertext and verify any signatures. If
VERIFY is an iterable of keys, the ciphertext must be signed VERIFY is an iterable of keys, the ciphertext must be signed
by all those keys, otherwise an error is raised. by all those keys, otherwise an error is raised. Note: if
VERIFY is an empty iterable, that is treated the same as
passing verify=True (that is, do verify signatures, but no
specific keys are required).
If the ciphertext is symmetrically encrypted using a If the ciphertext is symmetrically encrypted using a
passphrase, that passphrase can be given as parameter, using a passphrase, that passphrase can be given as parameter, using a
@ -352,7 +355,8 @@ class Context(GpgmeWrapper):
Keyword arguments: Keyword arguments:
sink -- write result to sink instead of returning it sink -- write result to sink instead of returning it
passphrase -- for symmetric decryption passphrase -- for symmetric decryption
verify -- check signatures (default True) verify -- check signatures (boolean or iterable of keys,
see above) (default True)
Returns: Returns:
plaintext -- the decrypted data (or None if sink is given) plaintext -- the decrypted data (or None if sink is given)
@ -366,8 +370,8 @@ class Context(GpgmeWrapper):
GPGMEError -- as signaled by the underlying library GPGMEError -- as signaled by the underlying library
""" """
sink_result = None do_sig_verification = False
verify_sigs = None required_keys = None
plaintext = sink if sink else Data() plaintext = sink if sink else Data()
if passphrase is not None: if passphrase is not None:
@ -381,26 +385,25 @@ class Context(GpgmeWrapper):
self.set_passphrase_cb(passphrase_cb) self.set_passphrase_cb(passphrase_cb)
try: try:
if verify is not None: if isinstance(verify, bool):
if isinstance(verify, bool) is True: do_sig_verification = verify
if verify is False: elif verify is None:
verify = True warnings.warn(
sink_result = True "ctx.decrypt called with verify=None, should be bool or iterable (treating as False).",
category=DeprecationWarning)
do_sig_verification = False
else: else:
pass # we hope this is an iterable:
elif isinstance(verify, list) is True: required_keys = verify
if len(verify) > 0: do_sig_verification = True
verify_sigs = True
else: if do_sig_verification:
pass
else:
verify = True
self.op_decrypt_verify(ciphertext, plaintext) self.op_decrypt_verify(ciphertext, plaintext)
else: else:
self.op_decrypt(ciphertext, plaintext) self.op_decrypt(ciphertext, plaintext)
except errors.GPGMEError as e: except errors.GPGMEError as e:
result = self.op_decrypt_result() result = self.op_decrypt_result()
if verify is not None and sink_result is None: if do_sig_verification:
verify_result = self.op_verify_result() verify_result = self.op_verify_result()
else: else:
verify_result = None verify_result = None
@ -415,7 +418,7 @@ class Context(GpgmeWrapper):
result = self.op_decrypt_result() result = self.op_decrypt_result()
if verify is not None and sink_result is None: if do_sig_verification:
verify_result = self.op_verify_result() verify_result = self.op_verify_result()
else: else:
verify_result = None verify_result = None
@ -426,14 +429,17 @@ class Context(GpgmeWrapper):
raise errors.UnsupportedAlgorithm(result.unsupported_algorithm, raise errors.UnsupportedAlgorithm(result.unsupported_algorithm,
results=results) results=results)
if verify: if do_sig_verification:
# FIXME: should we really throw BadSignature, even if
# we've encountered some good signatures? as above, once
# we hit this error, there is no way to accept it and
# continue to process the remaining signatures.
if any(s.status != errors.NO_ERROR if any(s.status != errors.NO_ERROR
for s in verify_result.signatures): for s in verify_result.signatures):
raise errors.BadSignatures(verify_result, results=results) raise errors.BadSignatures(verify_result, results=results)
if required_keys is not None:
if verify_sigs is not None:
missing = [] missing = []
for key in verify: for key in required_keys:
ok = False ok = False
for subkey in key.subkeys: for subkey in key.subkeys:
for sig in verify_result.signatures: for sig in verify_result.signatures:
@ -447,29 +453,8 @@ class Context(GpgmeWrapper):
if not ok: if not ok:
missing.append(key) missing.append(key)
if missing: if missing:
try:
raise errors.MissingSignatures(verify_result, missing, raise errors.MissingSignatures(verify_result, missing,
results=results) results=results)
except errors.MissingSignatures as e:
raise e
# mse = e
# mserr = "gpg.errors.MissingSignatures:"
# print(mserr, miss_e, "\n")
# # The full details can then be found in mse.results,
# # mse.result, mse.missing if necessary.
# mse_list = []
# msp = "Missing signatures from: \n".format()
# print(msp)
# for key in mse.missing:
# mse_list.append(key.fpr)
# msl = []
# msl.append(key.fpr)
# for user in key.uids:
# msl.append(user.name)
# msl.append(user.email)
# # msl.append(user.uid)
# print(" ".join(msl))
# raise mse
return results return results

2
lang/python/tests/t-decrypt.py
View File

@ -38,7 +38,7 @@ support.print_data(sink)
# Idiomatic interface. # Idiomatic interface.
with gpg.Context() as c: with gpg.Context() as c:
plaintext, _, _ = c.decrypt(open(support.make_filename("cipher-1.asc"))) plaintext, _, _ = c.decrypt(open(support.make_filename("cipher-1.asc")), verify=False)
assert len(plaintext) > 0 assert len(plaintext) > 0
assert plaintext.find(b'Wenn Sie dies lesen k') >= 0, \ assert plaintext.find(b'Wenn Sie dies lesen k') >= 0, \
'Plaintext not found' 'Plaintext not found'