11 files changed, 70 insertions, 6 deletions

diff --git a/NEWS b/NEWS
index 1331c13a..e57637d5 100644
--- a/NEWS
+++ b/NEWS
@@ -3,12 +3,15 @@ Noteworthy changes in version 1.16.1 (unreleased)
 
  * New context flag "key-origin".  [#5733]
 
+ * New context flag "import-filter".  [#5739]
+
  * qt: Extend ChangeExpiryJob to change expiration of primary key
    and of subkeys at the same time. [#4717]
 
  * Interface changes relative to the 1.16.0 release:
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  gpgme_set_ctx_flag                    EXTENDED: New flag 'key-origin'.
+ gpgme_set_ctx_flag                    EXTENDED: New flag 'import-filter'.
  qt: ChangeExpiryJob::Option                NEW.
  qt: ChangeExpiryJob::Options               NEW.
  qt: ChangeExpiryJob::setOptions            NEW.
diff --git a/doc/gpgme.texi b/doc/gpgme.texi
index c37141a0..cc8ff5e5 100644
--- a/doc/gpgme.texi
+++ b/doc/gpgme.texi
@@ -3207,6 +3207,12 @@ The string given in @var{value} is passed to the GnuPG engine to set
 the origin of imported keys.  Valid values are documented in the GnuPG
 manual and the gpg man page under the option @option{--key-origin}.
 
+@item "import-filter"
+@since{1.16.1}
+The string given in @var{value} is passed to the GnuPG engine to use as
+filter when importing keys.  Valid values are documented in the GnuPG
+manual and the gpg man page under the option @option{--import-filter}.
+
 @end table
 
 This function returns @code{0} on success.
diff --git a/src/context.h b/src/context.h
index 10d297f6..e976ba3f 100644
--- a/src/context.h
+++ b/src/context.h
@@ -180,6 +180,9 @@ struct gpgme_context
   /* The optional key origin.  */
   char *key_origin;
 
+  /* The optional import filter.  */
+  char *import_filter;
+
   /* The operation data hooked into the context.  */
   ctx_op_data_t op_data;
 
diff --git a/src/engine-backend.h b/src/engine-backend.h
index d4047fbf..d5d44a57 100644
--- a/src/engine-backend.h
+++ b/src/engine-backend.h
@@ -96,6 +96,7 @@ struct engine_ops
 			   gpgme_data_t pubkey, gpgme_data_t seckey);
   gpgme_error_t (*import) (void *engine, gpgme_data_t keydata,
                            gpgme_key_t *keyarray,
+                           const char *import_filter,
                            const char *key_origin);
   gpgme_error_t (*keylist) (void *engine, const char *pattern,
 			    int secret_only, gpgme_keylist_mode_t mode,
diff --git a/src/engine-gpg.c b/src/engine-gpg.c
index fe9ff101..fd39ad76 100644
--- a/src/engine-gpg.c
+++ b/src/engine-gpg.c
@@ -2767,7 +2767,7 @@ string_from_data (gpgme_data_t data, int delim,
 
 static gpgme_error_t
 gpg_import (void *engine, gpgme_data_t keydata, gpgme_key_t *keyarray,
-            const char *key_origin)
+            const char *import_filter, const char *key_origin)
 {
   engine_gpg_t gpg = engine;
   gpgme_error_t err;
@@ -2782,6 +2782,12 @@ gpg_import (void *engine, gpgme_data_t keydata, gpgme_key_t *keyarray,
   if (keyarray)
     {
       err = add_arg (gpg, "--recv-keys");
+      if (!err && import_filter && have_gpg_version (gpg, "2.1.14"))
+        {
+          err = add_arg (gpg, "--import-filter");
+          if (!err)
+            err = add_arg (gpg, import_filter);
+        }
       if (!err)
         err = add_arg (gpg, "--");
       for (idx=0; !err && keyarray[idx]; idx++)
@@ -2813,6 +2819,12 @@ gpg_import (void *engine, gpgme_data_t keydata, gpgme_key_t *keyarray,
          should use an option to gpg to modify such commands (ala
          --multifile).  */
       err = add_arg (gpg, "--fetch-keys");
+      if (!err && import_filter && have_gpg_version (gpg, "2.1.14"))
+        {
+          err = add_arg (gpg, "--import-filter");
+          if (!err)
+            err = add_arg (gpg, import_filter);
+        }
       if (!err)
         err = add_arg (gpg, "--");
       helpptr = NULL;
@@ -2831,6 +2843,12 @@ gpg_import (void *engine, gpgme_data_t keydata, gpgme_key_t *keyarray,
   else
     {
       err = add_arg (gpg, "--import");
+      if (!err && import_filter && have_gpg_version (gpg, "2.1.14"))
+        {
+          err = add_arg (gpg, "--import-filter");
+          if (!err)
+            err = add_arg (gpg, import_filter);
+        }
       if (!err && key_origin && have_gpg_version (gpg, "2.1.22"))
         {
           err = add_arg (gpg, "--key-origin");
diff --git a/src/engine-gpgsm.c b/src/engine-gpgsm.c
index 647734fe..0347f640 100644
--- a/src/engine-gpgsm.c
+++ b/src/engine-gpgsm.c
@@ -1696,13 +1696,15 @@ gpgsm_genkey (void *engine,
 
 
 static gpgme_error_t
-gpgsm_import (void *engine, gpgme_data_t keydata, gpgme_key_t *keyarray, const char *key_origin)
+gpgsm_import (void *engine, gpgme_data_t keydata, gpgme_key_t *keyarray,
+              const char *import_filter, const char *key_origin)
 {
   engine_gpgsm_t gpgsm = engine;
   gpgme_error_t err;
   gpgme_data_encoding_t dataenc;
   int idx;
 
+  (void)import_filter;
   (void)key_origin;
 
   if (!gpgsm)
diff --git a/src/engine.c b/src/engine.c
index 6baf1842..0b90d5b4 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -850,7 +850,8 @@ _gpgme_engine_op_tofu_policy (engine_t engine,
 
 gpgme_error_t
 _gpgme_engine_op_import (engine_t engine, gpgme_data_t keydata,
-                         gpgme_key_t *keyarray, const char *key_origin)
+                         gpgme_key_t *keyarray, const char *import_filter,
+                         const char *key_origin)
 {
   if (!engine)
     return gpg_error (GPG_ERR_INV_VALUE);
@@ -858,7 +859,8 @@ _gpgme_engine_op_import (engine_t engine, gpgme_data_t keydata,
   if (!engine->ops->import)
     return gpg_error (GPG_ERR_NOT_IMPLEMENTED);
 
-  return (*engine->ops->import) (engine->engine, keydata, keyarray, key_origin);
+  return (*engine->ops->import) (engine->engine, keydata, keyarray, import_filter,
+                                 key_origin);
 }
 
 
diff --git a/src/engine.h b/src/engine.h
index 038c67cc..087f3586 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -142,6 +142,7 @@ gpgme_error_t _gpgme_engine_op_tofu_policy (engine_t engine,
 gpgme_error_t _gpgme_engine_op_import (engine_t engine,
 				       gpgme_data_t keydata,
                                        gpgme_key_t *keyarray,
+                                       const char *import_filter,
                                        const char *key_origin);
 gpgme_error_t _gpgme_engine_op_keylist (engine_t engine,
 					const char *pattern,
diff --git a/src/gpgme.c b/src/gpgme.c
index 2703cd72..6a5232e1 100644
--- a/src/gpgme.c
+++ b/src/gpgme.c
@@ -255,6 +255,7 @@ gpgme_release (gpgme_ctx_t ctx)
   free (ctx->trust_model);
   free (ctx->cert_expire);
   free (ctx->key_origin);
+  free (ctx->import_filter);
   _gpgme_engine_info_release (ctx->engine_info);
   ctx->engine_info = NULL;
   DESTROY_LOCK (ctx->lock);
@@ -594,6 +595,13 @@ gpgme_set_ctx_flag (gpgme_ctx_t ctx, const char *name, const char *value)
       if (!ctx->key_origin)
         err = gpg_error_from_syserror ();
     }
+  else if (!strcmp (name, "import-filter"))
+    {
+      free (ctx->import_filter);
+      ctx->import_filter = strdup (value);
+      if (!ctx->import_filter)
+        err = gpg_error_from_syserror ();
+    }
   else
     err = gpg_error (GPG_ERR_UNKNOWN_NAME);
 
@@ -671,6 +679,10 @@ gpgme_get_ctx_flag (gpgme_ctx_t ctx, const char *name)
     {
       return ctx->key_origin? ctx->key_origin : "";
     }
+  else if (!strcmp (name, "import-filter"))
+    {
+      return ctx->import_filter? ctx->import_filter : "";
+    }
   else
     return NULL;
 }
diff --git a/src/import.c b/src/import.c
index 5dc74907..9874b698 100644
--- a/src/import.c
+++ b/src/import.c
@@ -282,7 +282,8 @@ _gpgme_op_import_start (gpgme_ctx_t ctx, int synchronous, gpgme_data_t keydata)
 
   _gpgme_engine_set_status_handler (ctx->engine, import_status_handler, ctx);
 
-  return _gpgme_engine_op_import (ctx->engine, keydata, NULL, ctx->key_origin);
+  return _gpgme_engine_op_import (ctx->engine, keydata, NULL, ctx->import_filter,
+                                  ctx->key_origin);
 }
 
 
@@ -365,7 +366,8 @@ _gpgme_op_import_keys_start (gpgme_ctx_t ctx, int synchronous,
 
   _gpgme_engine_set_status_handler (ctx->engine, import_status_handler, ctx);
 
-  return _gpgme_engine_op_import (ctx->engine, NULL, keys, ctx->key_origin);
+  return _gpgme_engine_op_import (ctx->engine, NULL, keys, ctx->import_filter,
+                                  ctx->key_origin);
 }
 
 
diff --git a/tests/run-import.c b/tests/run-import.c
index 0ddf158d..931a8d6e 100644
--- a/tests/run-import.c
+++ b/tests/run-import.c
@@ -64,6 +64,7 @@ main (int argc, char **argv)
   gpgme_import_result_t impres;
   gpgme_data_t data;
   gpgme_protocol_t protocol = GPGME_PROTOCOL_OpenPGP;
+  char *import_filter = NULL;
   char *key_origin = NULL;
 
   if (argc)
@@ -103,6 +104,14 @@ main (int argc, char **argv)
           protocol = GPGME_PROTOCOL_CMS;
           argc--; argv++;
         }
+      else if (!strcmp (*argv, "--import-filter"))
+        {
+          argc--; argv++;
+          if (!argc)
+            show_usage (1);
+          import_filter = strdup (*argv);
+          argc--; argv++;
+        }
       else if (!strcmp (*argv, "--key-origin"))
         {
           argc--; argv++;
@@ -125,6 +134,11 @@ main (int argc, char **argv)
   fail_if_err (err);
   gpgme_set_protocol (ctx, protocol);
 
+  if (import_filter)
+    {
+      err = gpgme_set_ctx_flag (ctx, "import-filter", import_filter);
+      fail_if_err (err);
+    }
   if (key_origin)
     {
       err = gpgme_set_ctx_flag (ctx, "key-origin", key_origin);