gpgme-ffi 3.0.0

data/lib/gpgme/key.rb

@@ -0,0 +1,242 @@
+module GPGME
+
+  ##
+  # A ruby representation of a public or a secret key.
+  #
+  # Every key has two instances of {GPGME::SubKey}, accessible through
+  # {.subkeys}, and with a {.primary_subkey} where most attributes are
+  # derived from, like the +fingerprint+.
+  #
+  # Also, every key has at least a {GPGME::UserID}, accessible through
+  # {.uids}, with a {.primary_uid}, where other attributes are derived from,
+  # like +email+ or +name+
+  class Key
+    private_class_method :new
+
+    attr_reader :keylist_mode, :protocol, :owner_trust
+    attr_reader :issuer_serial, :issuer_name, :chain_id
+    attr_reader :subkeys, :uids
+
+    include KeyCommon
+
+    class << self
+
+      ##
+      # Returns an array of {GPGME::Key} objects that match the parameters.
+      # * +secret+ set to +:secret+ to get only secret keys, or to +:public+ to
+      #   get only public keys.
+      # * +keys_or_names+ an array or an item that can be either {GPGME::Key}
+      #   elements, or string identifiers like the email or the sha. Leave
+      #   blank to get all.
+      # * +purposes+ get only keys that are usable for any of these purposes.
+      #   See {GPGME::Key} for a list of possible key capabilities.
+      #
+      # @example
+      #   GPGME::Key.find :secret # => first secret key found
+      #
+      # @example
+      #   GPGME::Key.find(:public, "mrsimo@example.com")
+      #   # => return only public keys that match mrsimo@example.com
+      #
+      # @example
+      #   GPGME::Key.find(:public, "mrsimo@example.com", :sign)
+      #   # => return the public keys that match mrsimo@example.com and are
+      #   #    capable of signing
+      def find(secret, keys_or_names = nil, purposes = [])
+        secret = (secret == :secret)
+        keys_or_names = [""] if keys_or_names.nil? || (keys_or_names.is_a?(Array) && keys_or_names.empty?)
+        keys_or_names = [keys_or_names].flatten
+        purposes      = [purposes].flatten.compact.uniq
+
+        keys = []
+        keys_or_names.each do |key_or_name|
+          case key_or_name
+          when Key then keys << key_or_name
+          when String
+            GPGME::Ctx.new do |ctx|
+              keys += ctx.keys(key_or_name, secret).select do |k|
+                k.usable_for?(purposes)
+              end
+            end
+          end
+        end
+        keys
+      end
+
+      def get(fingerprint)
+        Ctx.new do |ctx|
+          ctx.get_key(fingerprint)
+        end
+      end
+
+      # Exports public keys
+      #
+      #   GPGME::Key.export pattern, options
+      #
+      # Private keys cannot be exported due to GPGME restrictions.
+      #
+      # @param pattern
+      #   Identifier of the key to export.
+      #
+      # @param [Hash] options
+      #   * +:output+ specify where to write the key to. It will be converted to
+      #     a {GPGME::Data}, so it could be a file, for example.
+      #   * Any other option accepted by {GPGME::Ctx.new}
+      #
+      # @return [GPGME::Data] the exported key.
+      #
+      # @example
+      #   key = GPGME::Key.export "mrsimo@example.com"
+      #
+      # @example writing to a file
+      #   out = File.open("my.key", "w+")
+      #   GPGME::Key.export "mrsimo@example.com", :output => out
+      #
+      def export(pattern, options = {})
+        output = Data.new(options[:output])
+
+        GPGME::Ctx.new(options) do |ctx|
+          ctx.export_keys(pattern, output)
+        end
+
+        output.seek(0)
+        output
+      end
+
+      # Imports a key
+      #
+      #   GPGME::Key.import keydata, options
+      #
+      # @param keydata
+      #   The key to import. It will be converted to a {GPGME::Data} object,
+      #   so could be a file, for example.
+      # @param options
+      #   Any other option accepted by {GPGME::Ctx.new}
+      #
+      # @example
+      #   GPGME::Key.import(File.open("my.key"))
+      #
+      def import(keydata, options = {})
+        GPGME::Ctx.new(options) do |ctx|
+          ctx.import_keys(Data.new(keydata))
+          ctx.import_result
+        end
+      end
+    end
+
+    ##
+    # Exports this key. Accepts the same options as {GPGME::Ctx.new}, and
+    # +options[:output]+, where you can specify something that can become a
+    # {GPGME::Data}, where the output will go.
+    #
+    # @example
+    #   key.export(:armor => true)
+    #   # => GPGME::Data you can read with ASCII armored format
+    #
+    # @example
+    #   file = File.open("key.asc", "w+")
+    #   key.export(:output => file)
+    #   # => the key will be written to the file.
+    #
+    def export(options = {})
+      Key.export self.sha, options
+    end
+
+    ##
+    # Delete this key. If it's public, and has a secret one it will fail unless
+    # +allow_secret+ is specified as true.
+    def delete!(allow_secret = false)
+      GPGME::Ctx.new do |ctx|
+        ctx.delete_key self, allow_secret
+      end
+    end
+
+    ##
+    # Returns the expiry date for this key
+    def expires
+      primary_subkey.expires
+    end
+
+    ##
+    # Returns true if the key is expired
+    def expired
+      subkeys.any?(&:expired)
+    end
+
+    def primary_subkey
+      @primary_subkey ||= subkeys.first
+    end
+
+    ##
+    # Short descriptive value. Can be used to identify the key.
+    def sha
+      primary_subkey.sha
+    end
+
+    ##
+    # Longer descriptive value. Can be used to identify the key.
+    def fingerprint
+      primary_subkey.fingerprint
+    end
+
+    ##
+    # Returns the main {GPGME::UserID} for this key.
+    def primary_uid
+      uids.first
+    end
+
+    ##
+    # Returns the email for this key.
+    def email
+      primary_uid.email
+    end
+
+    ##
+    # Returns the issuer name for this key.
+    def name
+      primary_uid.name
+    end
+
+    ##
+    # Returns the issuer comment for this key.
+    def comment
+      primary_uid.comment
+    end
+
+    def ==(another_key)
+      self.class === another_key and fingerprint == another_key.fingerprint
+    end
+
+    def inspect
+      sprintf("#<#{self.class} %s %4d%s/%s %s trust=%s, owner_trust=%s, \
+capability=%s, subkeys=%s, uids=%s>",
+              primary_subkey.secret? ? 'sec' : 'pub',
+              primary_subkey.length,
+              primary_subkey.pubkey_algo_letter,
+              primary_subkey.fingerprint[-8 .. -1],
+              primary_subkey.timestamp.strftime('%Y-%m-%d'),
+              trust.inspect,
+              VALIDITY_NAMES[@owner_trust].inspect,
+              capability.inspect,
+              subkeys.inspect,
+              uids.inspect)
+    end
+
+    def to_s
+      primary_subkey = subkeys[0]
+      s = sprintf("%s   %4d%s/%s %s\n",
+                  primary_subkey.secret? ? 'sec' : 'pub',
+                  primary_subkey.length,
+                  primary_subkey.pubkey_algo_letter,
+                  primary_subkey.fingerprint[-8 .. -1],
+                  primary_subkey.timestamp.strftime('%Y-%m-%d'))
+      uids.each do |user_id|
+        s << "uid\t\t#{user_id.name} <#{user_id.email}>\n"
+      end
+      subkeys.each do |subkey|
+        s << subkey.to_s
+      end
+      s
+    end
+  end
+end

data/lib/gpgme/key_common.rb

@@ -0,0 +1,43 @@
+module GPGME
+  module KeyCommon
+
+    ##
+    # Returns nil if the trust is valid.
+    # Returns one of +:revoked+, +:expired+, +:disabled+, +:invalid+
+    def trust
+      return :revoked if @revoked == 1
+      return :expired if @expired == 1
+      return :disabled if @disabled == 1
+      return :invalid if @invalid == 1
+    end
+
+    ##
+    # Array of capabilities for this key. It can contain any combination of
+    # +:encrypt+, +:sign+, +:certify+ or +:authenticate+
+    def capability
+      caps = []
+      caps << :encrypt if @can_encrypt
+      caps << :sign if @can_sign
+      caps << :certify if @can_certify
+      caps << :authenticate if @can_authenticate
+      caps
+    end
+
+    ##
+    # Checks if the key is capable of all of these actions. If empty array
+    # is passed then will return true.
+    #
+    # Returns false if the keys trust has been invalidated.
+    def usable_for?(purposes)
+      unless purposes.kind_of? Array
+        purposes = [purposes]
+      end
+      return false if [:revoked, :expired, :disabled, :invalid].include? trust
+      return (purposes - capability).empty?
+    end
+
+    def secret?
+      @secret == 1
+    end
+  end
+end

data/lib/gpgme/key_sig.rb

@@ -0,0 +1,35 @@
+module GPGME
+  class KeySig
+    private_class_method :new
+
+    attr_reader :pubkey_algo, :keyid
+
+    def revoked?
+      @revoked == 1
+    end
+
+    def expired?
+      @expired == 1
+    end
+
+    def invalid?
+      @invalid == 1
+    end
+
+    def exportable?
+      @exportable == 1
+    end
+
+    def timestamp
+      Time.at(@timestamp)
+    end
+
+    def expires
+      Time.at(@expires)
+    end
+
+    def inspect
+      "#<#{self.class} #{keyid} timestamp=#{timestamp}, expires=#{expires}>"
+    end
+  end
+end

data/lib/gpgme/misc.rb

@@ -0,0 +1,66 @@
+module GPGME
+  class EngineInfo
+    private_class_method :new
+
+    attr_reader :protocol, :file_name, :version, :req_version, :home_dir
+    alias required_version req_version
+  end
+
+  class VerifyResult
+    private_class_method :new
+
+    attr_reader :signatures
+  end
+
+  class DecryptResult
+    private_class_method :new
+
+    attr_reader :unsupported_algorithm, :wrong_key_usage
+  end
+
+  class SignResult
+    private_class_method :new
+
+    attr_reader :invalid_signers, :signatures
+  end
+
+  class EncryptResult
+    private_class_method :new
+
+    attr_reader :invalid_recipients
+  end
+
+  class InvalidKey
+    private_class_method :new
+
+    attr_reader :fpr, :reason
+    alias fingerprint fpr
+  end
+
+  class NewSignature
+    private_class_method :new
+
+    attr_reader :type, :pubkey_algo, :hash_algo, :sig_class, :fpr
+    alias fingerprint fpr
+
+    def timestamp
+      Time.at(@timestamp)
+    end
+  end
+
+  class ImportStatus
+    private_class_method :new
+
+    attr_reader :fpr, :result, :status
+    alias fingerprint fpr
+  end
+
+  class ImportResult
+    private_class_method :new
+
+    attr_reader :considered, :no_user_id, :imported, :imported_rsa, :unchanged
+    attr_reader :new_user_ids, :new_sub_keys, :new_signatures, :new_revocations
+    attr_reader :secret_read, :secret_imported, :secret_unchanged
+    attr_reader :not_imported, :imports
+  end
+end

data/lib/gpgme/signature.rb

@@ -0,0 +1,85 @@
+module GPGME
+  class Signature
+    private_class_method :new
+
+    attr_reader :summary, :fpr, :status, :notations, :wrong_key_usage
+    attr_reader :validity, :validity_reason
+    attr_reader :pka_trust, :pka_address
+    alias fingerprint fpr
+
+    ##
+    # Returns true if the signature is correct
+    def valid?
+      status_code == GPGME::GPG_ERR_NO_ERROR
+    end
+
+    def expired_signature?
+      status_code == GPGME::GPG_ERR_SIG_EXPIRED
+    end
+
+    def expired_key?
+      status_code == GPGME::GPG_ERR_KEY_EXPIRED
+    end
+
+    def revoked_key?
+      status_code == GPGME::GPG_ERR_CERT_REVOKED
+    end
+
+    def bad?
+      status_code == GPGME::GPG_ERR_BAD_SIGNATURE
+    end
+
+    def no_key?
+      status_code == GPGME::GPG_ERR_NO_PUBKEY
+    end
+
+    def status_code
+      GPGME::gpgme_err_code(status)
+    end
+
+    def from
+      @from ||= begin
+        Ctx.new do |ctx|
+          if from_key = ctx.get_key(fingerprint)
+            "#{from_key.subkeys[0].keyid} #{from_key.uids[0].uid}"
+          else
+            fingerprint
+          end
+        end
+      end
+    end
+
+    def key
+      @key ||= begin
+        Ctx.new do |ctx|
+          @key = ctx.get_key(fingerprint)
+        end
+      end
+    end
+
+    def timestamp
+      Time.at(@timestamp)
+    end
+
+    def exp_timestamp
+      Time.at(@exp_timestamp)
+    end
+
+    def to_s
+      case status_code
+      when GPGME::GPG_ERR_NO_ERROR
+        "Good signature from #{from}"
+      when GPGME::GPG_ERR_SIG_EXPIRED
+        "Expired signature from #{from}"
+      when GPGME::GPG_ERR_KEY_EXPIRED
+        "Signature made from expired key #{from}"
+      when GPGME::GPG_ERR_CERT_REVOKED
+        "Signature made from revoked key #{from}"
+      when GPGME::GPG_ERR_BAD_SIGNATURE
+        "Bad signature from #{from}"
+      when GPGME::GPG_ERR_NO_PUBKEY
+        "No public key for #{from}"
+      end
+    end
+  end
+end

data/lib/gpgme/sub_key.rb

@@ -0,0 +1,58 @@
+module GPGME
+  class SubKey
+    private_class_method :new
+
+    attr_reader :pubkey_algo, :length, :keyid, :fpr
+    alias fingerprint fpr
+
+    include KeyCommon
+
+    def timestamp
+      Time.at(@timestamp)
+    end
+
+    def expires
+      Time.at(@expires)
+    end
+
+    def expired
+      return false if @expires == 0
+      @expires < Time.now.to_i
+    end
+
+    def sha
+      (@fingerprint || @keyid)[-8 .. -1]
+    end
+
+    PUBKEY_ALGO_LETTERS = {
+      PK_RSA    => "R",
+      PK_ELG_E  => "g",
+      PK_ELG    => "G",
+      PK_DSA    => "D"
+    }
+
+    def pubkey_algo_letter
+      PUBKEY_ALGO_LETTERS[@pubkey_algo] || "?"
+    end
+
+    def inspect
+      sprintf("#<#{self.class} %s %4d%s/%s %s trust=%s, capability=%s>",
+              secret? ? 'ssc' : 'sub',
+              length,
+              pubkey_algo_letter,
+              (@fingerprint || @keyid)[-8 .. -1],
+              timestamp.strftime('%Y-%m-%d'),
+              trust.inspect,
+              capability.inspect)
+    end
+
+    def to_s
+      sprintf("%s   %4d%s/%s %s\n",
+              secret? ? 'ssc' : 'sub',
+              length,
+              pubkey_algo_letter,
+              (@fingerprint || @keyid)[-8 .. -1],
+              timestamp.strftime('%Y-%m-%d'))
+    end
+  end
+end

data/lib/gpgme/user_id.rb

@@ -0,0 +1,20 @@
+module GPGME
+  class UserID
+    private_class_method :new
+
+    attr_reader :validity, :uid, :name, :comment, :email, :signatures
+
+    def revoked?
+      @revoked == 1
+    end
+
+    def invalid?
+      @invalid == 1
+    end
+
+    def inspect
+      "#<#{self.class} #{name} <#{email}> \
+validity=#{VALIDITY_NAMES[validity]}, signatures=#{signatures.inspect}>"
+    end
+  end
+end

data/lib/gpgme/version.rb

@@ -0,0 +1,3 @@
+module GPGME
+  VERSION = "1.0.8"
+end

data/lib/gpgme.rb

@@ -0,0 +1,106 @@
+require 'gpgme/ffi'
+
+# TODO without this call one can't GPGME::Ctx.new, find out why
+GPGME::gpgme_check_version(nil)
+
+require 'gpgme/constants'
+require 'gpgme/ctx'
+require 'gpgme/data'
+require 'gpgme/error'
+require 'gpgme/io_callbacks'
+require 'gpgme/key_common'
+require 'gpgme/key'
+require 'gpgme/sub_key'
+require 'gpgme/key_sig'
+require 'gpgme/misc'
+require 'gpgme/signature'
+require 'gpgme/user_id'
+require 'gpgme/engine'
+require 'gpgme/crypto'
+
+module GPGME
+  class << self
+
+    # From the c extension
+    alias pubkey_algo_name gpgme_pubkey_algo_name
+    alias hash_algo_name gpgme_hash_algo_name
+
+    ##
+    # Auxiliary method used by all the library to generate exceptions
+    # from error codes returned by the C extension.
+    def error_to_exception(err)
+      case GPGME::gpgme_err_code(err)
+      when GPG_ERR_EOF
+        EOFError.new
+      when GPG_ERR_NO_ERROR
+        nil
+      when GPG_ERR_GENERAL
+        Error::General.new(err)
+      when GPG_ERR_ENOMEM
+        Errno::ENOMEM.new
+      when GPG_ERR_INV_VALUE
+        Error::InvalidValue.new(err)
+      when GPG_ERR_UNUSABLE_PUBKEY
+        Error::UnusablePublicKey.new(err)
+      when GPG_ERR_UNUSABLE_SECKEY
+        Error::UnusableSecretKey.new(err)
+      when GPG_ERR_NO_DATA
+        Error::NoData.new(err)
+      when GPG_ERR_CONFLICT
+        Error::Conflict.new(err)
+      when GPG_ERR_NOT_IMPLEMENTED
+        Error::NotImplemented.new(err)
+      when GPG_ERR_DECRYPT_FAILED
+        Error::DecryptFailed.new(err)
+      when GPG_ERR_BAD_PASSPHRASE
+        Error::BadPassphrase.new(err)
+      when GPG_ERR_CANCELED
+        Error::Canceled.new(err)
+      when GPG_ERR_INV_ENGINE
+        Error::InvalidEngine.new(err)
+      when GPG_ERR_AMBIGUOUS_NAME
+        Error::AmbiguousName.new(err)
+      when GPG_ERR_WRONG_KEY_USAGE
+        Error::WrongKeyUsage.new(err)
+      when GPG_ERR_CERT_REVOKED
+        Error::CertificateRevoked.new(err)
+      when GPG_ERR_CERT_EXPIRED
+        Error::CertificateExpired.new(err)
+      when GPG_ERR_NO_CRL_KNOWN
+        Error::NoCRLKnown.new(err)
+      when GPG_ERR_NO_POLICY_MATCH
+        Error::NoPolicyMatch.new(err)
+      when GPG_ERR_NO_SECKEY
+        Error::NoSecretKey.new(err)
+      when GPG_ERR_MISSING_CERT
+        Error::MissingCertificate.new(err)
+      when GPG_ERR_BAD_CERT_CHAIN
+        Error::BadCertificateChain.new(err)
+      when GPG_ERR_UNSUPPORTED_ALGORITHM
+        Error::UnsupportedAlgorithm.new(err)
+      when GPG_ERR_BAD_SIGNATURE
+        Error::BadSignature.new(err)
+      when GPG_ERR_NO_PUBKEY
+        Error::NoPublicKey.new(err)
+      else
+        Error.new(err)
+      end
+    end
+
+    ##
+    # TODO find out what it does, can't seem to find a proper parameter that
+    # returns something other than nil.
+    def check_version(options = nil)
+      version = nil
+      if options.kind_of?(String)
+        version = options
+      elsif options.include?(:version)
+        version = options[:version]
+      end
+      unless GPGME::gpgme_check_version(version)
+        raise Error::InvalidVersion.new
+      end
+    end
+
+  end
+end