7 files changed, 100 insertions, 3 deletions
diff --git a/lang/python/gpg/constants/__init__.py b/lang/python/gpg/constants/__init__.py
index 79d1fbc1..484ffd29 100644
--- a/lang/python/gpg/constants/__init__.py
+++ b/lang/python/gpg/constants/__init__.py
@@ -25,7 +25,7 @@ util.process_constants('GPGME_', globals())
 del util
 
 # For convenience, we import the modules here.
-from . import data, keylist, sig # The subdirs.
+from . import data, keylist, sig, tofu # The subdirs.
 from . import create, event, keysign, md, pk, protocol, sigsum, status, validity
 
 # A complication arises because 'import' is a reserved keyword.
@@ -34,7 +34,7 @@ globals()['Import'] = getattr(__import__('', globals(), locals(),
                                          [str('import')], 1), "import")
 
 __all__ = ['data', 'event', 'import', 'keysign', 'keylist', 'md', 'pk',
-           'protocol', 'sig', 'sigsum', 'status', 'validity', 'create']
+           'protocol', 'sig', 'sigsum', 'status', 'tofu', 'validity', 'create']
 
 # GPGME 1.7 replaced gpgme_op_edit with gpgme_op_interact.  We
 # implement gpg.Context.op_edit using gpgme_op_interact, so the
diff --git a/lang/python/gpg/constants/tofu/__init__.py b/lang/python/gpg/constants/tofu/__init__.py
new file mode 100644
index 00000000..819a58bb
--- /dev/null
+++ b/lang/python/gpg/constants/tofu/__init__.py
@@ -0,0 +1,24 @@
+# TOFU
+#
+# Copyright (C) 2017 g10 Code GmbH
+#
+# This file is part of GPGME.
+#
+# GPGME is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2.1 of the
+# License, or (at your option) any later version.
+#
+# GPGME is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General
+# Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import absolute_import, print_function, unicode_literals
+del absolute_import, print_function, unicode_literals
+
+from . import policy
+__all__ = ['policy']
diff --git a/lang/python/gpg/constants/tofu/policy.py b/lang/python/gpg/constants/tofu/policy.py
new file mode 100644
index 00000000..5a61f067
--- /dev/null
+++ b/lang/python/gpg/constants/tofu/policy.py
@@ -0,0 +1,25 @@
+# TOFU policies
+#
+# Copyright (C) 2017 g10 Code GmbH
+#
+# This file is part of GPGME.
+#
+# GPGME is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as
+# published by the Free Software Foundation; either version 2.1 of the
+# License, or (at your option) any later version.
+#
+# GPGME is distributed in the hope that it will be useful, but WITHOUT
+# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Lesser General
+# Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this program; if not, see <http://www.gnu.org/licenses/>.
+
+from __future__ import absolute_import, print_function, unicode_literals
+del absolute_import, print_function, unicode_literals
+
+from gpg import util
+util.process_constants('GPGME_TOFU_POLICY_', globals())
+del util
diff --git a/lang/python/gpg/core.py b/lang/python/gpg/core.py
index cb4ccf73..fe0ba81c 100644
--- a/lang/python/gpg/core.py
+++ b/lang/python/gpg/core.py
@@ -716,6 +716,18 @@ class Context(GpgmeWrapper):
 
         self.op_keysign(key, uids, expires_in, flags)
 
+    def key_tofu_policy(self, key, policy):
+        """Set a keys' TOFU policy
+
+        Set the TOFU policy associated with KEY to POLICY.  Calling
+        this function is only valid for the OpenPGP protocol.
+
+        Raises:
+        GPGMEError   -- as signaled by the underlying library
+
+        """
+        self.op_tofu_policy(key, policy)
+
     def assuan_transact(self, command,
                         data_cb=None, inquire_cb=None, status_cb=None):
         """Issue a raw assuan command
diff --git a/lang/python/gpgme.i b/lang/python/gpgme.i
index 3e89bb11..fa9caf66 100644
--- a/lang/python/gpgme.i
+++ b/lang/python/gpgme.i
@@ -687,3 +687,7 @@ _gpg_unwrap_gpgme_ctx_t(PyObject *wrapped)
 %extend _gpgme_user_id {
   genericrepr(UID)
 };
+
+%extend _gpgme_tofu_info {
+  genericrepr(TofuInfo)
+};
diff --git a/lang/python/setup.py.in b/lang/python/setup.py.in
index e32237dd..bf4efa31 100755
--- a/lang/python/setup.py.in
+++ b/lang/python/setup.py.in
@@ -172,7 +172,8 @@ setup(name="gpg",
       url='https://www.gnupg.org',
       ext_modules=[swige],
       packages = ['gpg', 'gpg.constants', 'gpg.constants.data',
-                  'gpg.constants.keylist', 'gpg.constants.sig'],
+                  'gpg.constants.keylist', 'gpg.constants.sig',
+                  'gpg.constants.tofu'],
       license="LGPL2.1+ (the library), GPL2+ (tests and examples)",
       classifiers=[
           'Development Status :: 4 - Beta',
diff --git a/lang/python/tests/t-quick-key-manipulation.py b/lang/python/tests/t-quick-key-manipulation.py
index 12c18ce5..d7d2bd4f 100755
--- a/lang/python/tests/t-quick-key-manipulation.py
+++ b/lang/python/tests/t-quick-key-manipulation.py
@@ -90,3 +90,34 @@ with support.EphemeralContext() as ctx:
         assert False, "Expected an error but got none"
     except gpg.errors.GpgError:
         pass
+
+    # Check setting the TOFU policy.
+    with open("gpg.conf", "a") as handle:
+        handle.write("trust-model tofu+pgp\n")
+
+    for name, policy in [(name, getattr(gpg.constants.tofu.policy, name))
+                         for name in filter(lambda x: not x.startswith('__'),
+                                            dir(gpg.constants.tofu.policy))]:
+        if policy == gpg.constants.tofu.policy.NONE:
+            # We must not set the policy to NONE.
+            continue
+
+        ctx.key_tofu_policy(key, policy)
+
+        keys = list(ctx.keylist(key.uids[0].uid,
+                                mode=(gpg.constants.keylist.mode.LOCAL
+                                      |gpg.constants.keylist.mode.WITH_TOFU)))
+        assert len(keys) == 1
+
+        if policy == gpg.constants.tofu.policy.AUTO:
+            # We cannot check that it is set to AUTO.
+            continue
+
+        for uid in keys[0].uids:
+            if uid.uid == alpha:
+                # TOFU information of revoked UIDs is not updated.
+                # XXX: Is that expected?
+                continue
+            assert uid.tofu[0].policy == policy, \
+                "Expected policy {0} ({1}), got {2}".format(policy, name,
+                                                            uid.tofu[0].policy)