gpgme 1.0.8 → 2.0.0

data/lib/gpgme/key_common.rb

@@ -0,0 +1,43 @@
+module GPGME
+  module KeyCommon
+
+    ##
+    # Returns nil if the trust is valid.
+    # Returns one of +:revoked+, +:expired+, +:disabled+, +:invalid+
+    def trust
+      return :revoked if @revoked == 1
+      return :expired if @expired == 1
+      return :disabled if @disabled == 1
+      return :invalid if @invalid == 1
+    end
+
+    ##
+    # Array of capabilities for this key. It can contain any combination of
+    # +:encrypt+, +:sign+, +:certify+ or +:authenticate+
+    def capability
+      caps = []
+      caps << :encrypt if @can_encrypt
+      caps << :sign if @can_sign
+      caps << :certify if @can_certify
+      caps << :authenticate if @can_authenticate
+      caps
+    end
+
+    ##
+    # Checks if the key is capable of all of these actions. If empty array
+    # is passed then will return true.
+    #
+    # Returns false if the keys trust has been invalidated.
+    def usable_for?(purposes)
+      unless purposes.kind_of? Array
+        purposes = [purposes]
+      end
+      return false if [:revoked, :expired, :disabled, :invalid].include? trust
+      return (purposes - capability).empty?
+    end
+
+    def secret?
+      @secret == 1
+    end
+  end
+end

data/lib/gpgme/key_sig.rb

@@ -0,0 +1,35 @@
+module GPGME
+  class KeySig
+    private_class_method :new
+
+    attr_reader :pubkey_algo, :keyid
+
+    def revoked?
+      @revoked == 1
+    end
+
+    def expired?
+      @expired == 1
+    end
+
+    def invalid?
+      @invalid == 1
+    end
+
+    def exportable?
+      @exportable == 1
+    end
+
+    def timestamp
+      Time.at(@timestamp)
+    end
+
+    def expires
+      Time.at(@expires)
+    end
+
+    def inspect
+      "#<#{self.class} #{keyid} timestamp=#{timestamp}, expires=#{expires}>"
+    end
+  end
+end

data/lib/gpgme/misc.rb

@@ -0,0 +1,66 @@
+module GPGME
+  class EngineInfo
+    private_class_method :new
+
+    attr_reader :protocol, :file_name, :version, :req_version, :home_dir
+    alias required_version req_version
+  end
+
+  class VerifyResult
+    private_class_method :new
+
+    attr_reader :signatures
+  end
+
+  class DecryptResult
+    private_class_method :new
+
+    attr_reader :unsupported_algorithm, :wrong_key_usage
+  end
+
+  class SignResult
+    private_class_method :new
+
+    attr_reader :invalid_signers, :signatures
+  end
+
+  class EncryptResult
+    private_class_method :new
+
+    attr_reader :invalid_recipients
+  end
+
+  class InvalidKey
+    private_class_method :new
+
+    attr_reader :fpr, :reason
+    alias fingerprint fpr
+  end
+
+  class NewSignature
+    private_class_method :new
+
+    attr_reader :type, :pubkey_algo, :hash_algo, :sig_class, :fpr
+    alias fingerprint fpr
+
+    def timestamp
+      Time.at(@timestamp)
+    end
+  end
+
+  class ImportStatus
+    private_class_method :new
+
+    attr_reader :fpr, :result, :status
+    alias fingerprint fpr
+  end
+
+  class ImportResult
+    private_class_method :new
+
+    attr_reader :considered, :no_user_id, :imported, :imported_rsa, :unchanged
+    attr_reader :new_user_ids, :new_sub_keys, :new_signatures, :new_revocations
+    attr_reader :secret_read, :secret_imported, :secret_unchanged
+    attr_reader :not_imported, :imports
+  end
+end

data/lib/gpgme/signature.rb

@@ -0,0 +1,85 @@
+module GPGME
+  class Signature
+    private_class_method :new
+
+    attr_reader :summary, :fpr, :status, :notations, :wrong_key_usage
+    attr_reader :validity, :validity_reason
+    attr_reader :pka_trust, :pka_address
+    alias fingerprint fpr
+
+    ##
+    # Returns true if the signature is correct
+    def valid?
+      status_code == GPGME::GPG_ERR_NO_ERROR
+    end
+
+    def expired_signature?
+      status_code == GPGME::GPG_ERR_SIG_EXPIRED
+    end
+
+    def expired_key?
+      status_code == GPGME::GPG_ERR_KEY_EXPIRED
+    end
+
+    def revoked_key?
+      status_code == GPGME::GPG_ERR_CERT_REVOKED
+    end
+
+    def bad?
+      status_code == GPGME::GPG_ERR_BAD_SIGNATURE
+    end
+
+    def no_key?
+      status_code == GPGME::GPG_ERR_NO_PUBKEY
+    end
+
+    def status_code
+      GPGME::gpgme_err_code(status)
+    end
+
+    def from
+      @from ||= begin
+        Ctx.new do |ctx|
+          if from_key = ctx.get_key(fingerprint)
+            "#{from_key.subkeys[0].keyid} #{from_key.uids[0].uid}"
+          else
+            fingerprint
+          end
+        end
+      end
+    end
+
+    def key
+      @key ||= begin
+        Ctx.new do |ctx|
+          @key = ctx.get_key(fingerprint)
+        end
+      end
+    end
+
+    def timestamp
+      Time.at(@timestamp)
+    end
+
+    def exp_timestamp
+      Time.at(@exp_timestamp)
+    end
+
+    def to_s
+      case status_code
+      when GPGME::GPG_ERR_NO_ERROR
+        "Good signature from #{from}"
+      when GPGME::GPG_ERR_SIG_EXPIRED
+        "Expired signature from #{from}"
+      when GPGME::GPG_ERR_KEY_EXPIRED
+        "Signature made from expired key #{from}"
+      when GPGME::GPG_ERR_CERT_REVOKED
+        "Signature made from revoked key #{from}"
+      when GPGME::GPG_ERR_BAD_SIGNATURE
+        "Bad signature from #{from}"
+      when GPGME::GPG_ERR_NO_PUBKEY
+        "No public key for #{from}"
+      end
+    end
+  end
+end

data/lib/gpgme/sub_key.rb

@@ -0,0 +1,58 @@
+module GPGME
+  class SubKey
+    private_class_method :new
+
+    attr_reader :pubkey_algo, :length, :keyid, :fpr
+    alias fingerprint fpr
+
+    include KeyCommon
+
+    def timestamp
+      Time.at(@timestamp)
+    end
+
+    def expires
+      Time.at(@expires)
+    end
+
+    def expired
+      return false if @expires == 0
+      @expires < Time.now.to_i
+    end
+
+    def sha
+      (@fingerprint || @keyid)[-8 .. -1]
+    end
+
+    PUBKEY_ALGO_LETTERS = {
+      PK_RSA    => "R",
+      PK_ELG_E  => "g",
+      PK_ELG    => "G",
+      PK_DSA    => "D"
+    }
+
+    def pubkey_algo_letter
+      PUBKEY_ALGO_LETTERS[@pubkey_algo] || "?"
+    end
+
+    def inspect
+      sprintf("#<#{self.class} %s %4d%s/%s %s trust=%s, capability=%s>",
+              secret? ? 'ssc' : 'sub',
+              length,
+              pubkey_algo_letter,
+              (@fingerprint || @keyid)[-8 .. -1],
+              timestamp.strftime('%Y-%m-%d'),
+              trust.inspect,
+              capability.inspect)
+    end
+
+    def to_s
+      sprintf("%s   %4d%s/%s %s\n",
+              secret? ? 'ssc' : 'sub',
+              length,
+              pubkey_algo_letter,
+              (@fingerprint || @keyid)[-8 .. -1],
+              timestamp.strftime('%Y-%m-%d'))
+    end
+  end
+end

data/lib/gpgme/user_id.rb

@@ -0,0 +1,20 @@
+module GPGME
+  class UserID
+    private_class_method :new
+
+    attr_reader :validity, :uid, :name, :comment, :email, :signatures
+
+    def revoked?
+      @revoked == 1
+    end
+
+    def invalid?
+      @invalid == 1
+    end
+
+    def inspect
+      "#<#{self.class} #{name} <#{email}> \
+validity=#{VALIDITY_NAMES[validity]}, signatures=#{signatures.inspect}>"
+    end
+  end
+end

data/lib/gpgme/version.rb

@@ -0,0 +1,3 @@
+module GPGME
+  VERSION = "1.0.8"
+end

data/test/crypto_test.rb

@@ -0,0 +1,242 @@
+# -*- encoding: utf-8 -*-
+require 'test_helper'
+require 'tempfile'
+
+describe GPGME::Crypto do
+  describe "default options functionality" do
+    it "allows operation from instances normally" do
+      crypto = GPGME::Crypto.new
+      encrypted = crypto.encrypt TEXT[:plain], :always_trust => true, :recipients => KEYS.first[:sha]
+      assert_equal TEXT[:plain], crypto.decrypt(encrypted).read
+    end
+
+    it "can set default options when using the instance way" do
+      crypto = GPGME::Crypto.new :always_trust => true
+      encrypted = crypto.encrypt TEXT[:plain], :recipients => KEYS.first[:sha]
+      assert_equal TEXT[:plain], crypto.decrypt(encrypted).read
+    end
+
+    it "but they can still be overwritten" do
+      crypto = GPGME::Crypto.new :always_trust => false
+      encrypted = crypto.encrypt TEXT[:plain], :always_trust => true, :recipients => KEYS.first[:sha]
+      assert_equal TEXT[:plain], crypto.decrypt(encrypted).read
+    end
+  end
+
+  describe "roundtrip encryption/decryption" do
+    it "does the roundtrip encrypting" do
+      crypto = GPGME::Crypto.new
+      encrypted = crypto.encrypt TEXT[:plain], :always_trust => true, :recipients => KEYS.first[:sha]
+      assert_equal TEXT[:plain], crypto.decrypt(encrypted).read
+    end
+
+    it "does so even with armored encrypted stuff" do
+      crypto = GPGME::Crypto.new
+      encrypted = crypto.encrypt TEXT[:plain], :always_trust => true, :armor => true
+      assert_equal TEXT[:plain], crypto.decrypt(encrypted).read
+    end
+  end
+
+  describe :encrypt do
+    it "should raise an error if the recipients aren't trusted" do
+      assert_raises GPGME::Error::General do
+        GPGME::Crypto.new.encrypt TEXT[:plain]
+      end
+    end
+
+    it "doesn't raise an error and returns something when encrypting nothing" do
+      data = GPGME::Crypto.new.encrypt nil, :always_trust => true
+      refute_empty data.read
+      data = GPGME::Crypto.new.encrypt "", :always_trust => true
+      refute_empty data.read
+    end
+
+    it "can specify which key(s) to use for encrypting with a string" do
+      crypto    = GPGME::Crypto.new :always_trust => true
+      key       = KEYS.last
+      encrypted = crypto.encrypt TEXT[:plain], :recipients => key[:sha]
+      assert_equal TEXT[:plain], crypto.decrypt(encrypted).read
+
+      remove_key key
+      encrypted.seek 0
+      assert_raises GPGME::Error::DecryptFailed do
+        crypto.decrypt(encrypted)
+      end
+      import_key key
+    end
+
+    it "can specify which key to use for encrypting with a Key object" do
+      crypto    = GPGME::Crypto.new :always_trust => true
+      key       = KEYS.last
+      real_key  = GPGME::Key.find(:public, key[:sha]).first
+
+      encrypted = crypto.encrypt TEXT[:plain], :recipients => real_key
+      assert_equal TEXT[:plain], crypto.decrypt(encrypted).read
+
+      remove_key key
+      encrypted.seek 0
+      assert_raises GPGME::Error::DecryptFailed do
+        crypto.decrypt(encrypted)
+      end
+      import_key key
+    end
+
+    it "can also sign at the same time" do
+      crypto      = GPGME::Crypto.new :always_trust => true
+      encrypted   = crypto.encrypt TEXT[:plain], :sign => true
+      signatures  = 0
+
+      crypto.verify(encrypted) do |signature|
+        assert_instance_of GPGME::Signature, signature
+        signatures += 1
+      end
+
+      assert_equal 1, signatures
+    end
+
+    it "can be signed by more than one person" do
+      crypto      = GPGME::Crypto.new :always_trust => true
+      encrypted   = crypto.encrypt TEXT[:plain], :sign => true, :signers => KEYS.map{|k| k[:sha]}
+      signatures  = 0
+
+      crypto.verify(encrypted) do |signature|
+        assert_instance_of GPGME::Signature, signature
+        signatures += 1
+      end
+
+      assert_equal 4, signatures
+    end
+
+    it "outputs to a file if specified" do
+      crypto    = GPGME::Crypto.new :always_trust => true
+      file      = Tempfile.new "test"
+      crypto.encrypt TEXT[:plain], :output => file
+      file_contents = file.read
+      file.seek 0
+
+      refute_empty file_contents
+      assert_equal TEXT[:plain], crypto.decrypt(file).read
+    end
+
+    # TODO find how to test
+    # it "raises GPGME::Error::UnusablePublicKey"
+    # it "raises GPGME::Error::UnusableSecretKey"
+  end
+
+  describe "symmetric encryption/decryption" do
+    it "requires a password to encrypt" do
+      assert_raises GPGME::Error::BadPassphrase do
+        GPGME::Crypto.new.encrypt TEXT[:plain], :symmetric => true
+      end
+    end
+
+    it "requires a password to decrypt" do
+      crypto = GPGME::Crypto.new
+      encrypted_data = crypto.encrypt TEXT[:plain],
+        :symmetric => true, :password => "gpgme"
+
+      assert_raises GPGME::Error::BadPassphrase do
+        crypto.decrypt encrypted_data
+      end
+    end
+
+    it "can encrypt and decrypt with the same password" do
+      crypto = GPGME::Crypto.new :symmetric => true, :password => "gpgme"
+      encrypted_data = crypto.encrypt TEXT[:plain]
+      plain = crypto.decrypt encrypted_data
+
+      assert_equal "Hi there", plain.read
+    end
+
+    it "but breaks with different ones" do
+      crypto = GPGME::Crypto.new
+      encrypted_data = crypto.encrypt TEXT[:plain],
+        :symmetric => true, :password => "gpgme"
+
+      assert_raises GPGME::Error::DecryptFailed do
+        crypto.decrypt encrypted_data, :password => "wrong one"
+      end
+    end
+  end
+
+  describe :decrypt do
+    it "decrypts encrypted stuff" do
+      assert_equal TEXT[:plain], GPGME::Crypto.new.decrypt(TEXT[:encrypted]).read
+    end
+
+    it "will not get into the signatures block if there's none" do
+      GPGME::Crypto.new.decrypt(TEXT[:encrypted]) do |signature|
+        flunk "If I'm here means there was some signature"
+      end
+      pass
+    end
+
+    it "will get signature elements if the encrypted thing was signed" do
+      signatures = 0
+      GPGME::Crypto.new.decrypt(TEXT[:signed]) do |signature|
+        assert_instance_of GPGME::Signature, signature
+        signatures += 1
+      end
+      assert_equal 1, signatures
+    end
+
+    it "writes to the output if passed" do
+      buffer = GPGME::Data.new
+      GPGME::Crypto.new.decrypt(TEXT[:encrypted], :output => buffer)
+      assert_equal TEXT[:plain], buffer.read
+    end
+
+    # TODO find ways to test this
+    # it "raises UnsupportedAlgorithm"
+    # it "raises WrongKeyUsage"
+
+    it "raises DecryptFailed when the decrypting key isn't available" do
+      assert_raises GPGME::Error::DecryptFailed do
+        GPGME::Crypto.new.decrypt(TEXT[:unavailable])
+      end
+    end
+  end
+
+  describe :sign do
+    it "signs normal strings" do
+      crypto = GPGME::Crypto.new
+      signatures = 0
+      sign = crypto.sign "Hi there"
+
+      crypto.verify(sign) do |signature|
+        assert_instance_of GPGME::Signature, signature
+        assert signature.valid?
+        signatures += 1
+      end
+
+      assert_equal 1, signatures
+    end
+
+    # TODO Find how to import an expired public key
+    # it "raises an error if trying to sign with an expired key" do
+    #   with_key EXPIRED_KEY do
+    #     crypto  = GPGME::Crypto.new
+    #     assert_raises GPGME::Error::General do
+    #       sign = crypto.sign "Hi there", :signer => EXPIRED_KEY[:sha]
+    #     end
+    #   end
+    # end
+
+    it "selects who to sign for" do
+      crypto  = GPGME::Crypto.new
+      sign    = crypto.sign "Hi there", :signer => KEYS.last[:sha]
+      key     = GPGME::Key.get(KEYS.last[:sha])
+
+      signatures = 0
+
+      crypto.verify(sign) do |signature|
+        assert_instance_of GPGME::Signature, signature
+        assert_equal key, signature.key
+        signatures += 1
+      end
+
+      assert_equal 1, signatures
+    end
+
+  end
+end