7 files changed, 94 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 41e462df..ec89488d 100644
--- a/NEWS
+++ b/NEWS
@@ -13,6 +13,8 @@ Noteworthy changes in version 1.24.0 (unrelease)
 
  * New context flag "proc-all-sigs".  [T7261]
 
+ * New context flag "known-notations".  [T4060]
+
  * New function gpgme_op_setownertrust to make changing the owner trust
    easier and to allow enabling/disabling of keys (requires GnuPG 2.4.6).
    [T7239]
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index 70db653b..bb0fd38e 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3297,6 +3297,11 @@ signature checking of data after a bad signatures.  This option is
 ignored if the backend itself does not support the --proc-all-sigs
 option.
 
+@item "known-notations"
+@since{1.24.0}
+The @var{value} is a space or comma delimited list of notation names
+which will be used to create @option{--known-notation} options for gpg.
+
 
 @end table
 
diff --git a/src/context.h b/src/context.h
index 9cfd8653..ba9b83ef 100644
--- a/src/context.h
+++ b/src/context.h
@@ -192,6 +192,10 @@ struct gpgme_context
   /* The optional import options.  */
   char *import_options;
 
+  /* A comma or space delimited list to create gpg --known-notations
+   * options.  */
+  char *known_notations;
+
   /* The operation data hooked into the context.  */
   ctx_op_data_t op_data;
 
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index 318c0e35..0768ea74 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -144,6 +144,7 @@ struct engine_gpg
   char request_origin[10];
   char *auto_key_locate;
   char *trust_model;
+  char **known_notations;
 
   struct {
     unsigned int use_gpgtar : 1;
@@ -577,6 +578,7 @@ gpg_release (void *engine)
     free (gpg->cmd.keyword);
   free (gpg->auto_key_locate);
   free (gpg->trust_model);
+  free (gpg->known_notations);
 
   gpgme_data_release (gpg->override_session_key);
   gpgme_data_release (gpg->diagnostics);
@@ -763,6 +765,18 @@ gpg_set_engine_flags (void *engine, const gpgme_ctx_t ctx)
                                            ctx->trust_model, NULL);
     }
 
+  if (ctx->known_notations)
+    {
+      free (gpg->known_notations);
+      gpg->known_notations = _gpgme_strtokenize (ctx->known_notations,
+                                                 " \t,", 1);
+      /* Fixme: We have no way to return an error.  However in this
+       * case one would just get the usual verification error as if
+       * that option has not been used.  I think this is acceptable
+       * for now. */
+    }
+
+
   gpg->flags.no_symkey_cache = (ctx->no_symkey_cache
                                 && have_gpg_version (gpg, "2.2.7"));
   gpg->flags.offline = (ctx->offline && have_gpg_version (gpg, "2.1.23"));
@@ -1892,6 +1906,24 @@ add_input_size_hint (engine_gpg_t gpg, gpgme_data_t data)
 }
 
 
+/* Add the --known_notations option if requested.  */
+static gpgme_error_t
+add_known_notations (engine_gpg_t gpg)
+{
+  gpg_error_t err = 0;
+  int i;
+  const char *s;
+
+  if (gpg->known_notations)
+    {
+      for (i=0; !err && (s=gpg->known_notations[i]); i++)
+        if (*s)
+          err = add_gpg_arg_with_value (gpg, "--known-notation=", s, 0);
+    }
+  return err;
+}
+
+
 static gpgme_error_t
 gpg_decrypt (void *engine,
              gpgme_decrypt_flags_t flags,
@@ -1929,6 +1961,9 @@ gpg_decrypt (void *engine,
   if (!err && gpg->flags.auto_key_import)
     err = add_gpg_arg (gpg, "--auto-key-import");
 
+  if (!err)
+    err = add_known_notations (gpg);
+
   if (!err && override_session_key && *override_session_key)
     {
       if (have_gpg_version (gpg, "2.1.16") && !gpg->flags.use_gpgtar)
@@ -3927,6 +3962,9 @@ gpg_verify (void *engine, gpgme_verify_flags_t flags, gpgme_data_t sig,
   if (!err && ctx->auto_key_retrieve)
     err = add_gpg_arg (gpg, "--auto-key-retrieve");
 
+  if (!err)
+    err = add_known_notations (gpg);
+
   if (err)
     ;
   else if (gpg->flags.use_gpgtar)
diff --git a/src/gpgme.c b/src/gpgme.c
index 086e680b..4f63cc4f 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -262,6 +262,7 @@ gpgme_release (gpgme_ctx_t ctx)
   free (ctx->key_origin);
   free (ctx->import_filter);
   free (ctx->import_options);
+  free (ctx->known_notations);
   _gpgme_engine_info_release (ctx->engine_info);
   ctx->engine_info = NULL;
   DESTROY_LOCK (ctx->lock);
@@ -623,6 +624,13 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
     {
       ctx->proc_all_sigs = abool;
     }
+  else if (!strcmp (name, "known-notations"))
+    {
+      free (ctx->known_notations);
+      ctx->known_notations = strdup (value);
+      if (!ctx->known_notations)
+        err = gpg_error_from_syserror ();
+    }
   else
     err = gpg_error (GPG_ERR_UNKNOWN_NAME);
 
@@ -716,6 +724,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
     {
       return ctx->proc_all_sigs? "1":"";
     }
+  else if (!strcmp (name, "known-notations"))
+    {
+      return ctx->known_notations? ctx->known_notations: "";
+    }
   else
     return NULL;
 }
diff --git a/tests/run-decrypt.c b/tests/run-decrypt.c
index 6869f4d5..c724e407 100644
--- a/tests/run-decrypt.c
+++ b/tests/run-decrypt.c
@@ -97,6 +97,7 @@ show_usage (int ex)
          "  --directory DIR  extract the files into the directory DIR\n"
          "  --diagnostics    print diagnostics\n"
          "  --direct-file-io pass FILE instead of stream with content of FILE to backend\n"
+         "  --known-notations STRING  Parse STRING and pass to gpg\n"
          , stderr);
   exit (ex);
 }
@@ -120,6 +121,7 @@ main (int argc, char **argv)
   const char *request_origin = NULL;
   const char *output = NULL;
   const char *directory = NULL;
+  const char *known_notations = NULL;
   int no_symkey_cache = 0;
   int ignore_mdc_error = 0;
   int raw_output = 0;
@@ -239,6 +241,14 @@ main (int argc, char **argv)
           direct_file_io = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--known-notations"))
+        {
+          argc--; argv++;
+          if (!argc)
+            show_usage (1);
+          known_notations = *argv;
+          argc--; argv++;
+        }
       else if (!strncmp (*argv, "--", 2))
         show_usage (1);
 
@@ -324,6 +334,13 @@ main (int argc, char **argv)
         }
     }
 
+  if (known_notations)
+    {
+      err = gpgme_set_ctx_flag (ctx, "known-notations", known_notations);
+      fail_if_err (err);
+    }
+
+
   if (direct_file_io)
     err = gpgme_data_new (&in);
   else
diff --git a/tests/run-verify.c b/tests/run-verify.c
index 13efd89f..b4f2e06f 100644
--- a/tests/run-verify.c
+++ b/tests/run-verify.c
@@ -242,6 +242,7 @@ show_usage (int ex)
          "  --diagnostics    print diagnostics\n"
          "  --direct-file-io pass file names instead of streams with content of files to backend\n"
          "  --proc-all-sigs  pass this option to gpg\n"
+         "  --known-notations STRING  Parse STRING and pass to gpg\n"
          , stderr);
   exit (ex);
 }
@@ -258,6 +259,7 @@ main (int argc, char **argv)
   const char *sender = NULL;
   const char *output = NULL;
   const char *directory = NULL;
+  const char *known_notations = NULL;
   int auto_key_retrieve = 0;
   int auto_key_import = 0;
   gpgme_data_encoding_t encoding = GPGME_DATA_ENCODING_NONE;
@@ -367,6 +369,14 @@ main (int argc, char **argv)
           proc_all_sigs = 1;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--known-notations"))
+        {
+          argc--; argv++;
+          if (!argc)
+            show_usage (1);
+          known_notations = *argv;
+          argc--; argv++;
+        }
       else if (!strncmp (*argv, "--", 2))
         show_usage (1);
 
@@ -441,6 +451,12 @@ main (int argc, char **argv)
             }
         }
 
+      if (known_notations)
+        {
+          err = gpgme_set_ctx_flag (ctx, "known-notations", known_notations);
+          fail_if_err (err);
+        }
+
       if (auto_key_import)
         {
           gpgme_set_ctx_flag (ctx, "auto-key-import", "1");