core: Add key capability flags has_encrypt etc.

* src/gpgme.h.in (struct _gpgme_key): Add flags has_encrypt, has_certify, has_sign, and has_authenticate. * src/keylist.c (finish_key): Set these flags. * tests/run-keylist.c (main): Print them. -- GnuPG-bug-id: 6748
2023-10-05 14:10:01 +02:00 · 2023-10-05 14:10:01 +02:00 · b63d203d3b
commit b63d203d3b
parent 349a69b5ea
5 changed files with 79 additions and 11 deletions
--- a/12
+++ b/12
@ -5,13 +5,19 @@ Noteworthy changes in version 1.23.0 (unreleased)

 * New keylist mode GPGME_KEYLIST_MODE_WITH_V5FPR.  [T6705]

+ * New key capability flags has_*.  [T6748]
+
 * qt: Support refreshing keys via WKD.  [T6672]

 * Interface changes relative to the 1.22.0 release:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- GPGME_KEYLIST_MODE_WITH_V5FPR              NEW.
- qt: Protocol::wkdRefreshJob                NEW.
- qt: WKDRefreshJob                          NEW.
+ GPGME_KEYLIST_MODE_WITH_V5FPR   NEW.
+ gpgme_key_t                     EXTENDED: New field has_encrypt.
+ gpgme_key_t                     EXTENDED: New field has_sign.
+ gpgme_key_t                     EXTENDED: New field has_certify.
+ gpgme_key_t                     EXTENDED: New field has_authenticate.
+ qt: Protocol::wkdRefreshJob     NEW.
+ qt: WKDRefreshJob               NEW.


 Noteworthy changes in version 1.22.0 (2023-08-21)
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@ -3461,22 +3461,47 @@ listings if the key could not be validated due to missing
 certificates or unmatched policies.

@item unsigned int can_encrypt : 1
-This is true if the key (ie one of its subkeys) can be used for
-encryption.
+This is true if the key or one of its subkeys can be used for
+encryption and the encryption will likely succeed.

@item unsigned int can_sign : 1
-This is true if the key (ie one of its subkeys) can be used to create
-data signatures.
+This is true if the key or one of its subkeys can be used to create
+data signatures and the signing will likely succeed.

@item unsigned int can_certify : 1
-This is true if the key (ie one of its subkeys) can be used to create
+This is true if the key or one of its subkeys can be used to create
 key certificates.

@item unsigned int can_authenticate : 1
@since{0.4.5}

 This is true if the key (ie one of its subkeys) can be used for
-authentication.
+authentication and the authentication will likely succeed.
+
+@item unsigned int has_encrypt : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of encryption.
+Note that this flag is set even if the key is expired.
+
+@item unsigned int has_sign : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of signing.
+Note that this flag is set even if the key is expired.
+
+@item unsigned int has_certify : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of signing.
+Note that this flag is set even if the key is expired.
+
+@item unsigned int has_authenticate : 1
+@since{1.23.0}
+
+This is true if the key or one of its subkeys is capable of
+authentication.  Note that this flag is set even if the key is
+expired.

@item unsigned int is_qualified : 1
@since{1.1.0}
--- a/src/gpgme.h.in
+++ b/src/gpgme.h.in
@ -800,8 +800,20 @@ struct _gpgme_key
  /* True if subkey is qualified for signatures according to German law.  */
  unsigned int is_qualified : 1;

+  /* True if key has at least one encryption subkey.  */
+  unsigned int has_encrypt : 1;
+
+  /* True if key has at least one signing subkey.  */
+  unsigned int has_sign : 1;
+
+  /* True if key has a certification capability.  */
+  unsigned int has_certify : 1;
+
+  /* True if key has at least one authentication subkey.  */
+  unsigned int has_authenticate : 1;
+
  /* Internal to GPGME, do not use.  */
-  unsigned int _unused : 17;
+  unsigned int _unused : 13;

  /* Origin of this key.  */
  unsigned int origin : 5;
--- a/src/keylist.c
+++ b/src/keylist.c
@ -563,6 +563,26 @@ static void
 finish_key (gpgme_ctx_t ctx, op_data_t opd)
 {
  gpgme_key_t key = opd->tmp_key;
+  gpgme_subkey_t subkey;
+
+  /* Set the has_foo flags from the subkey capabilities.  */
+  if (key)
+    {
+      /* Note that we could have set has_certify always for OpenPGP
+       * but for X.509 a key is often not allowed to certify and thus
+       * we better take it from the subkey capabilities.  */
+      for (subkey = key->subkeys; subkey; subkey = subkey->next)
+        {
+          if (subkey->can_encrypt)
+            key->has_encrypt = 1;
+          if (subkey->can_sign)
+            key->has_sign = 1;
+          if (subkey->can_certify)
+            key->has_certify = 1;
+          if (subkey->can_authenticate)
+            key->has_authenticate = 1;
+        }
+    }

  opd->tmp_key = NULL;
  opd->tmp_uid = NULL;
--- a/tests/run-keylist.c
+++ b/tests/run-keylist.c
@ -291,11 +291,16 @@ main (int argc, char **argv)
      int nsigs;

      printf ("keyid   : %s\n", key->subkeys?nonnull (key->subkeys->keyid):"?");
-      printf ("caps    : %s%s%s%s\n",
+      printf ("can_cap : %s%s%s%s\n",
              key->can_encrypt? "e":"",
              key->can_sign? "s":"",
              key->can_certify? "c":"",
              key->can_authenticate? "a":"");
+      printf ("has_cap : %s%s%s%s\n",
+              key->has_encrypt? "e":"",
+              key->has_sign? "s":"",
+              key->has_certify? "c":"",
+              key->has_authenticate? "a":"");
      printf ("flags   :%s%s%s%s%s%s%s%s\n",
              key->secret? " secret":"",
              key->revoked? " revoked":"",