diff options
Diffstat (limited to 'lang/python')
| -rw-r--r-- | lang/python/src/core.py | 22 | ||||
| -rw-r--r-- | lang/python/tests/Makefile.am | 2 | ||||
| -rwxr-xr-x | lang/python/tests/t-decrypt-verify.py | 12 | ||||
| -rwxr-xr-x | lang/python/tests/t-decrypt.py | 10 |
4 files changed, 32 insertions, 14 deletions
diff --git a/lang/python/src/core.py b/lang/python/src/core.py index c096ee73..11af7027 100644 --- a/lang/python/src/core.py +++ b/lang/python/src/core.py @@ -342,10 +342,12 @@ class Context(GpgmeWrapper): Decrypt the given ciphertext and verify any signatures. If VERIFY is an iterable of keys, the ciphertext must be signed - by all those keys, otherwise an error is raised. Note: if - VERIFY is an empty iterable, that is treated the same as - passing verify=True (that is, do verify signatures, but no - specific keys are required). + by all those keys, otherwise a MissingSignatures error is + raised. Note: if VERIFY is an empty iterable, that is treated + the same as passing verify=True (that is, verify signatures + and return data about any valid signatures found, but no + signatures are required and no MissingSignatures error will be + raised). If the ciphertext is symmetrically encrypted using a passphrase, that passphrase can be given as parameter, using a @@ -361,11 +363,10 @@ class Context(GpgmeWrapper): Returns: plaintext -- the decrypted data (or None if sink is given) result -- additional information about the decryption - verify_result -- additional information about the signature(s) + verify_result -- additional information about the valid signature(s) found Raises: UnsupportedAlgorithm -- if an unsupported algorithm was used - BadSignatures -- if a bad signature is encountered MissingSignatures -- if expected signatures are missing or bad GPGMEError -- as signaled by the underlying library @@ -430,13 +431,8 @@ class Context(GpgmeWrapper): results=results) if do_sig_verification: - # FIXME: should we really throw BadSignature, even if - # we've encountered some good signatures? as above, once - # we hit this error, there is no way to accept it and - # continue to process the remaining signatures. - if any(s.status != errors.NO_ERROR - for s in verify_result.signatures): - raise errors.BadSignatures(verify_result, results=results) + # filter out all invalid signatures + verify_result.signatures = list(filter(lambda s: s.status == errors.NO_ERROR, verify_result.signatures)) if required_keys is not None: missing = [] for key in required_keys: diff --git a/lang/python/tests/Makefile.am b/lang/python/tests/Makefile.am index d5b6e001..2c2324e8 100644 --- a/lang/python/tests/Makefile.am +++ b/lang/python/tests/Makefile.am @@ -28,7 +28,7 @@ TESTS_ENVIRONMENT = GNUPGHOME=$(GNUPGHOME) \ srcdir=$(srcdir) \ LD_LIBRARY_PATH="../../../src/.libs:$(LD_LIBRARY_PATH)" -py_tests = t-wrapper.py \ +py_tests ?= t-wrapper.py \ t-callbacks.py \ t-data.py \ t-encrypt.py \ diff --git a/lang/python/tests/t-decrypt-verify.py b/lang/python/tests/t-decrypt-verify.py index a0049a02..300fc713 100755 --- a/lang/python/tests/t-decrypt-verify.py +++ b/lang/python/tests/t-decrypt-verify.py @@ -75,3 +75,15 @@ with gpg.Context() as c: assert e.missing[0] == bob else: assert False, "Expected an error, got none" + + plaintext, _, verify_result = c.decrypt(open(support.make_filename("cipher-no-sig.asc"))) + assert len(plaintext) > 0 + assert len(verify_result.signatures) == 0 + assert plaintext.find(b'Viscosity Dispersal Thimble Saturday Flaxseed Deflected') >= 0, \ + 'unsigned Plaintext was not found' + + plaintext, _, verify_result = c.decrypt(open(support.make_filename("cipher-3.asc"))) + assert len(plaintext) > 0 + assert len(verify_result.signatures) == 1 + assert plaintext.find(b'Reenact Studied Thermos Bonehead Unclasp Opposing') >= 0, \ + 'second Plaintext not found' diff --git a/lang/python/tests/t-decrypt.py b/lang/python/tests/t-decrypt.py index c72b51ab..99002749 100755 --- a/lang/python/tests/t-decrypt.py +++ b/lang/python/tests/t-decrypt.py @@ -42,3 +42,13 @@ with gpg.Context() as c: assert len(plaintext) > 0 assert plaintext.find(b'Wenn Sie dies lesen k') >= 0, \ 'Plaintext not found' + + plaintext, _, _ = c.decrypt(open(support.make_filename("cipher-3.asc")), verify=False) + assert len(plaintext) > 0 + assert plaintext.find(b'Reenact Studied Thermos Bonehead Unclasp Opposing') >= 0, \ + 'second Plaintext not found' + + plaintext, _, _ = c.decrypt(open(support.make_filename("cipher-no-sig.asc")), verify=False) + assert len(plaintext) > 0 + assert plaintext.find(b'Viscosity Dispersal Thimble Saturday Flaxseed Deflected') >= 0, \ + 'third Plaintext was not found' |