X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir_gpg.py;h=456833301e624c36afcbf9939d9220c13ab3faa3;hb=849e0e4b017eea17d7a7451878ccce018ece129d;hp=c883d140939ce7ecbb9c349790b3512df0afd146;hpb=ad01f23258ec16be62e092ab4deb4a31fc3163d5;p=mirror%2Fuserdir-ldap.git

diff --git a/userdir_gpg.py b/userdir_gpg.py
index c883d14..4568333 100644
--- a/userdir_gpg.py
+++ b/userdir_gpg.py
@@ -52,6 +52,9 @@ CleanCutOff = 7*24*60*60;
 AgeCutOff = 4*24*60*60;
 FutureCutOff = 3*24*60*60;
 
+def ClearKeyrings():
+   del GPGKeyRings[:]
+
 # Set the keyrings, the input is a list of keyrings
 def SetKeyrings(Rings):
    for x in Rings:
@@ -254,11 +257,20 @@ def GPGWriteFilter(Program,Options,Message):
 # It is best if the recipient is specified using the hex key fingerprint
 # of the target, ie 0x64BE1319CCF6D393BF87FF9358A6D4EE
 def GPGEncrypt(Message,To,PGP2):
+   Error = "KeyringError"
    # Encrypt using the PGP5 block encoding and with the PGP5 option set.
    # This will handle either RSA or DSA/DH asymetric keys.
    # In PGP2 compatible mode IDEA and rfc1991 encoding are used so that
    # PGP2 can read the result. RSA keys do not need PGP2 to be set, as GPG
    # can read a message encrypted with blowfish and RSA.
+   searchkey = GPGKeySearch(To);
+   if len(searchkey) == 0:
+      raise Error, "No key found matching %s"%(To);
+   elif len(searchkey) > 1:
+      raise Error, "Multiple keys found matching %s"%(To);
+   if searchkey[0][4].find("E") < 0:
+      raise Error, "Key %s has no encryption capability - are all encryption subkeys expired or revoked?  Are there any encryption subkeys?"%(To);
+
    if PGP2 == 0:
       try:
          Res = None;
@@ -414,7 +426,7 @@ def GPGCheckSig(Message):
       # A gpg failure is an automatic bad signature
       if Exit[1] != 0 and Why == None:
          GoodSig = 0;
-         Why = "GPG execution failed " + str(Exit[0]);
+         Why = "GPG execution returned non-zero exit status: " + str(Exit[1]);
 
       if GoodSig == 0 and (Why == None or len(Why) == 0):
          Why = "Checking Failed";
@@ -443,6 +455,7 @@ def GPGKeySearch(SearchCriteria):
    Result = [];
    Owner = "";
    KeyID = "";
+   Capabilities = ""
    Expired = None;
    Hits = {};
 
@@ -464,7 +477,8 @@ def GPGKeySearch(SearchCriteria):
          if Split[0] == 'pub':
             KeyID = Split[4];
             Owner = Split[9];
-            Length = int(Split[2]);
+            Length = int(Split[2])
+            Capabilities = Split[11]
             Expired = Split[1] == 'e'
 
          # Output the key
@@ -473,7 +487,7 @@ def GPGKeySearch(SearchCriteria):
                continue;
             Hits[Split[9]] = None;
             if not Expired:
-               Result.append( (KeyID,Split[9],Owner,Length) );
+               Result.append( (KeyID,Split[9],Owner,Length,Capabilities) );
    finally:
       if Strm != None:
          Strm.close();