6 files changed, 90 insertions, 233 deletions
diff --git a/framework/src/domain/mime/mimetreeparser/CMakeLists.txt b/framework/src/domain/mime/mimetreeparser/CMakeLists.txt
index b35bd958..c3f317ee 100644
--- a/framework/src/domain/mime/mimetreeparser/CMakeLists.txt
+++ b/framework/src/domain/mime/mimetreeparser/CMakeLists.txt
@@ -2,9 +2,8 @@ set(CMAKE_CXX_VISIBILITY_PRESET default)
 find_package(Qt5 COMPONENTS REQUIRED Core Gui)
 find_package(KF5Mime 4.87.0 CONFIG REQUIRED)
-find_package(QGpgme CONFIG REQUIRED)
-find_package(Gpgmepp CONFIG REQUIRED)
 find_package(KF5Codecs CONFIG REQUIRED)
+find_package(Gpgme REQUIRED)
 # target_include_directories does not handle empty include paths
 include_directories(${GPGME_INCLUDES})
@@ -49,8 +48,8 @@ target_link_libraries(kube_otp
 target_link_libraries(kube_otp
    PRIVATE
-    QGpgme
+    gpgme
-    Gpgmepp
+    mailcrypto
    KF5::Codecs
    Qt5::Gui
 )
diff --git a/framework/src/domain/mime/mimetreeparser/autotests/CMakeLists.txt b/framework/src/domain/mime/mimetreeparser/autotests/CMakeLists.txt
index f0b1f5f5..e67884e0 100644
--- a/framework/src/domain/mime/mimetreeparser/autotests/CMakeLists.txt
+++ b/framework/src/domain/mime/mimetreeparser/autotests/CMakeLists.txt
@@ -15,7 +15,7 @@ macro(add_mimetreeparser_unittest _source)
    ecm_add_test(${_source} util.cpp setupenv.cpp
        TEST_NAME ${_name}
        NAME_PREFIX "mimetreeparser-"
-        LINK_LIBRARIES kube_otp Qt5::Test KF5::Mime Gpgmepp
+        LINK_LIBRARIES kube_otp Qt5::Test KF5::Mime gpgme
    )
 endmacro ()
@@ -24,7 +24,7 @@ macro(add_mimetreeparser_class_unittest _source _additionalSource)
    ecm_add_test(${_source} ${_additionalSource}
        TEST_NAME ${_name}
        NAME_PREFIX "mimetreeparser-"
-        LINK_LIBRARIES kube_otp Qt5::Test KF5::Mime Gpgmepp
+        LINK_LIBRARIES kube_otp Qt5::Test KF5::Mime gpgme
    )
 endmacro ()
@@ -37,7 +37,7 @@ macro(add_mimetreeparser_crypto_unittest _source)
        kube_otp
        Qt5::Test
        KF5::Mime
-        Gpgmepp
+        gpgme
    )
    add_gpg_crypto_test(${_name} mimetreeparser-${_name})
 endmacro ()
diff --git a/framework/src/domain/mime/mimetreeparser/messagepart.cpp b/framework/src/domain/mime/mimetreeparser/messagepart.cpp
index 2fd4f496..4bed80da 100644
--- a/framework/src/domain/mime/mimetreeparser/messagepart.cpp
+++ b/framework/src/domain/mime/mimetreeparser/messagepart.cpp
@@ -27,102 +27,12 @@
 #include <KMime/Content>
-#include <QGpgME/DN>
+#include <crypto.h>
-#include <QGpgME/DataProvider>
-#include <gpgme++/context.h>
-#include <gpgme++/data.h>
-#include <gpgme++/verificationresult.h>
-#include <gpgme++/key.h>
-#include <gpgme++/keylistresult.h>
-#include <gpgme++/decryptionresult.h>
-#include <gpgme++/importresult.h>
-#include <gpgme.h>
 #include <QTextCodec>
-#include <sstream>
 using namespace MimeTreeParser;
+using namespace Crypto;
-static GpgME::Data fromBA(const QByteArray &ba)
-{
-    return {ba.data(), static_cast<size_t>(ba.size()), false};
-}
-static GpgME::Protocol toGpgMe(CryptoProtocol p)
-{
-    switch (p) {
-        case UnknownProtocol:
-            return GpgME::UnknownProtocol;
-        case CMS:
-            return GpgME::CMS;
-        case OpenPGP:
-            return GpgME::OpenPGP;
-    }
-    return GpgME::UnknownProtocol;
-}
-static QSharedPointer<GpgME::Context> gpgContext(CryptoProtocol protocol)
-{
-    GpgME::initializeLibrary();
-    auto error = GpgME::checkEngine(toGpgMe(protocol));
-    if (error) {
-        qWarning() << "Engine check failed: " << error.asString();
-    }
-    auto ctx = QSharedPointer<GpgME::Context>(GpgME::Context::createForProtocol(toGpgMe(protocol)));
-    Q_ASSERT(ctx);
-    return ctx;
-}
-static GpgME::VerificationResult verifyDetachedSignature(CryptoProtocol protocol, const QByteArray &signature, const QByteArray &text)
-{
-    return gpgContext(protocol)->verifyDetachedSignature(fromBA(signature), fromBA(text));
-}
-static GpgME::VerificationResult verifyOpaqueSignature(CryptoProtocol protocol, const QByteArray &signature, QByteArray &outdata)
-{
-    QGpgME::QByteArrayDataProvider out;
-    GpgME::Data wrapper(&out);
-    const auto result = gpgContext(protocol)->verifyOpaqueSignature(fromBA(signature), wrapper);
-    outdata = out.data();
-    return result;
-}
-static std::pair<GpgME::DecryptionResult,GpgME::VerificationResult> decryptAndVerify(CryptoProtocol protocol, const QByteArray &ciphertext, QByteArray &outdata)
-{
-    QGpgME::QByteArrayDataProvider out;
-    GpgME::Data wrapper(&out);
-    const std::pair<GpgME::DecryptionResult,GpgME::VerificationResult> res = gpgContext(protocol)->decryptAndVerify(fromBA(ciphertext), wrapper);
-    outdata = out.data();
-    return res;
-}
-static void importKeys(CryptoProtocol protocol, const QByteArray &certData)
-{
-    gpgContext(protocol)->importKeys(fromBA(certData));
-}
-static GpgME::KeyListResult listKeys(CryptoProtocol protocol, const char *pattern, bool secretOnly, std::vector<GpgME::Key> &keys) {
-    auto ctx = gpgContext(protocol);
-    if (const GpgME::Error err = ctx->startKeyListing(pattern, secretOnly)) {
-        return GpgME::KeyListResult( 0, err );
-    }
-    GpgME::Error err;
-    do {
-        keys.push_back( ctx->nextKey(err));
-    } while ( !err );
-    keys.pop_back();
-    const GpgME::KeyListResult result = ctx->endKeyListing();
-    ctx->cancelPendingOperation();
-    return result;
-}
 //------MessagePart-----------------------
 MessagePart::MessagePart(ObjectTreeParser *otp, const QString &text, KMime::Content *node)
@@ -771,10 +681,7 @@ SignedMessagePart::SignedMessagePart(ObjectTreeParser *otp,
 {
    mMetaData.isSigned = true;
    mMetaData.isGoodSignature = false;
-    //FIXME
-    // mMetaData.keyTrust = GpgME::Signature::Unknown;
    mMetaData.status = tr("Wrong Crypto Plug-In.");
-    mMetaData.status_code = GPGME_SIG_STAT_NONE;
 }
 SignedMessagePart::~SignedMessagePart()
@@ -792,99 +699,65 @@ bool SignedMessagePart::isSigned() const
    return mMetaData.isSigned;
 }
-static int signatureToStatus(const GpgME::Signature &sig)
-{
-    switch (sig.status().code()) {
-    case GPG_ERR_NO_ERROR:
-        return GPGME_SIG_STAT_GOOD;
-    case GPG_ERR_BAD_SIGNATURE:
-        return GPGME_SIG_STAT_BAD;
-    case GPG_ERR_NO_PUBKEY:
-        return GPGME_SIG_STAT_NOKEY;
-    case GPG_ERR_NO_DATA:
-        return GPGME_SIG_STAT_NOSIG;
-    case GPG_ERR_SIG_EXPIRED:
-        return GPGME_SIG_STAT_GOOD_EXP;
-    case GPG_ERR_KEY_EXPIRED:
-        return GPGME_SIG_STAT_GOOD_EXPKEY;
-    default:
-        return GPGME_SIG_STAT_ERROR;
-    }
-}
-QString prettifyDN(const char *uid)
+static QString prettifyDN(const char *uid)
 {
-    return QGpgME::DN(uid).prettyDN();
+    // We used to use QGpgME::DN::prettyDN here. But I'm not sure what we actually need it for.
+    return QString::fromUtf8(uid);
 }
-void SignedMessagePart::sigStatusToMetaData(const GpgME::Signature &signature)
+void SignedMessagePart::sigStatusToMetaData(const Signature &signature)
 {
-    GpgME::Key key;
+    mMetaData.isGoodSignature = signature.status & GPG_ERR_NO_ERROR;
-    mMetaData.status_code = signatureToStatus(signature);
-    mMetaData.isGoodSignature = mMetaData.status_code & GPGME_SIG_STAT_GOOD;
    // save extended signature status flags
-    auto summary = signature.summary();
+    auto summary = signature.summary;
-    mMetaData.keyMissing = summary & GpgME::Signature::KeyMissing;
+    mMetaData.keyMissing = summary & GPGME_SIGSUM_KEY_MISSING;
-    mMetaData.keyExpired = summary & GpgME::Signature::KeyExpired;
+    mMetaData.keyExpired = summary & GPGME_SIGSUM_KEY_EXPIRED;
-    mMetaData.keyRevoked = summary & GpgME::Signature::KeyRevoked;
+    mMetaData.keyRevoked = summary & GPGME_SIGSUM_KEY_REVOKED;
-    mMetaData.sigExpired = summary & GpgME::Signature::SigExpired;
+    mMetaData.sigExpired = summary & GPGME_SIGSUM_SIG_EXPIRED;
-    mMetaData.crlMissing = summary & GpgME::Signature::CrlMissing;
+    mMetaData.crlMissing = summary & GPGME_SIGSUM_CRL_MISSING;
-    mMetaData.crlTooOld = summary & GpgME::Signature::CrlTooOld;
+    mMetaData.crlTooOld = summary & GPGME_SIGSUM_CRL_TOO_OLD;
-    if (mMetaData.isGoodSignature && !key.keyID()) {
+    Key key;
+    if (mMetaData.isGoodSignature) {
        // Search for the key by its fingerprint so that we can check for trust etc.
-        std::vector<GpgME::Key> found_keys;
+        const auto keys =  findKeys({signature.fingerprint});
-        auto res = listKeys(mProtocol, signature.fingerprint(), false, found_keys);
+        if (keys.size() > 1) {
-        if (res.error()) {
-            qCDebug(MIMETREEPARSER_LOG) << "Error while searching key for Fingerprint: " << signature.fingerprint();
-        }
-        if (found_keys.size() > 1) {
            // Should not happen
-            qCDebug(MIMETREEPARSER_LOG) << "Oops: Found more then one Key for Fingerprint: " << signature.fingerprint();
+            qCDebug(MIMETREEPARSER_LOG) << "Oops: Found more then one Key for Fingerprint: " << signature.fingerprint;
        }
-        if (found_keys.empty()) {
+        if (keys.empty()) {
            // Should not happen at this point
-            qCWarning(MIMETREEPARSER_LOG) << "Oops: Found no Key for Fingerprint: " << signature.fingerprint();
+            qCWarning(MIMETREEPARSER_LOG) << "Oops: Found no Key for Fingerprint: " << signature.fingerprint;
        } else {
-            key = found_keys[0];
+            key = keys[0];
        }
    }
-    if (key.keyID()) {
+    mMetaData.keyId = key.keyId;
-        mMetaData.keyId = key.keyID();
-    }
    if (mMetaData.keyId.isEmpty()) {
-        mMetaData.keyId = signature.fingerprint();
+        mMetaData.keyId = signature.fingerprint;
-    }
+    }
-    auto keyTrust = signature.validity();
+    mMetaData.keyIsTrusted = signature.validity == GPGME_VALIDITY_FULL || signature.validity == GPGME_VALIDITY_ULTIMATE;
-    mMetaData.keyIsTrusted = keyTrust & GpgME::Signature::Full || keyTrust & GpgME::Signature::Ultimate;
+    if (!key.userIds.empty()) {
-    if (key.numUserIDs() > 0 && key.userID(0).id()) {
+        mMetaData.signer = prettifyDN(key.userIds[0].id);
-        mMetaData.signer = prettifyDN(key.userID(0).id());
+    }
-    }
+    for (const auto &userId : key.userIds) {
-    for (uint iMail = 0; iMail < key.numUserIDs(); ++iMail) {
+        QString email = QString::fromUtf8(userId.email);
-        // The following if /should/ always result in TRUE but we
+        // ### work around gpgme 0.3.QString text() const Q_DECL_OVERRIDE;x / cryptplug bug where the
-        // won't trust implicitely the plugin that gave us these data.
+        // ### email addresses are specified as angle-addr, not addr-spec:
-        if (key.userID(iMail).email()) {
+        if (email.startsWith(QLatin1Char('<')) && email.endsWith(QLatin1Char('>'))) {
-            QString email = QString::fromUtf8(key.userID(iMail).email());
+            email = email.mid(1, email.length() - 2);
-            // ### work around gpgme 0.3.QString text() const Q_DECL_OVERRIDE;x / cryptplug bug where the
+        }
-            // ### email addresses are specified as angle-addr, not addr-spec:
+        if (!email.isEmpty()) {
-            if (email.startsWith(QLatin1Char('<')) && email.endsWith(QLatin1Char('>'))) {
+            mMetaData.signerMailAddresses.append(email);
-                email = email.mid(1, email.length() - 2);
-            }
-            if (!email.isEmpty()) {
-                mMetaData.signerMailAddresses.append(email);
-            }
        }
    }
-    if (signature.creationTime()) {
+    mMetaData.creationTime = signature.creationTime;
-        mMetaData.creationTime.setTime_t(signature.creationTime());
-    } else {
-        mMetaData.creationTime = QDateTime();
-    }
    if (mMetaData.signer.isEmpty()) {
-        if (key.numUserIDs() > 0 && key.userID(0).name()) {
+        if (!key.userIds.empty()) {
-            mMetaData.signer = prettifyDN(key.userID(0).name());
+            mMetaData.signer = prettifyDN(key.userIds[0].name);
        }
        if (!mMetaData.signerMailAddresses.empty()) {
            if (mMetaData.signer.isEmpty()) {
@@ -924,18 +797,13 @@ void SignedMessagePart::startVerificationDetached(const QByteArray &text, KMime:
    }
    mMetaData.isSigned = false;
-    //FIXME
-    // mMetaData.keyTrust = GpgME::Signature::Unknown;
    mMetaData.status = tr("Wrong Crypto Plug-In.");
-    mMetaData.status_code = GPGME_SIG_STAT_NONE;
    if (!signature.isEmpty()) {
-        auto result = verifyDetachedSignature(mProtocol, signature, text);
+        setVerificationResult(verifyDetachedSignature(mProtocol, signature, text), false, text);
-        setVerificationResult(result, false, text);
    } else {
        QByteArray outdata;
-        auto result = verifyOpaqueSignature(mProtocol, text, outdata);
+        setVerificationResult(verifyOpaqueSignature(mProtocol, text, outdata), false, outdata);
-        setVerificationResult(result, false, outdata);
    }
    if (!mMetaData.isSigned) {
@@ -943,11 +811,11 @@ void SignedMessagePart::startVerificationDetached(const QByteArray &text, KMime:
    }
 }
-void SignedMessagePart::setVerificationResult(const GpgME::VerificationResult &result, bool parseText, const QByteArray &plainText)
+void SignedMessagePart::setVerificationResult(const VerificationResult &result, bool parseText, const QByteArray &plainText)
 {
-    auto signatures = result.signatures();
+    auto signatures = result.signatures;
    // FIXME
-    // mMetaData.auditLogError = result.error();
+    // mMetaData.auditLogError = result.error;
    if (!signatures.empty()) {
        mMetaData.isSigned = true;
        sigStatusToMetaData(signatures.front());
@@ -994,10 +862,7 @@ EncryptedMessagePart::EncryptedMessagePart(ObjectTreeParser *otp,
    mMetaData.isGoodSignature = false;
    mMetaData.isEncrypted = false;
    mMetaData.isDecryptable = false;
-    //FIXME
-    // mMetaData.keyTrust = GpgME::Signature::Unknown;
    mMetaData.status = tr("Wrong Crypto Plug-In.");
-    mMetaData.status_code = GPGME_SIG_STAT_NONE;
 }
 EncryptedMessagePart::~EncryptedMessagePart()
@@ -1055,59 +920,61 @@ bool EncryptedMessagePart::okDecryptMIME(KMime::Content &data)
    const QByteArray ciphertext = data.decodedContent();
    QByteArray plainText;
-    const auto res = decryptAndVerify(mProtocol, ciphertext, plainText);
+    DecryptionResult decryptResult;
-    const GpgME::DecryptionResult &decryptResult = res.first;
+    VerificationResult verifyResult;
-    const GpgME::VerificationResult &verifyResult = res.second;
+    std::tie(decryptResult, verifyResult) = decryptAndVerify(mProtocol, ciphertext, plainText);
-    mMetaData.isSigned = verifyResult.signatures().size() > 0;
+    mMetaData.isSigned = verifyResult.signatures.size() > 0;
-    if (verifyResult.signatures().size() > 0) {
+    if (verifyResult.signatures.size() > 0) {
        //We simply attach a signed message part to indicate that this content is also signed
        auto subPart = SignedMessagePart::Ptr(new SignedMessagePart(mOtp, QString::fromUtf8(plainText), mProtocol, mFromAddress, nullptr, nullptr));
        subPart->setVerificationResult(verifyResult, true, plainText);
        appendSubPart(subPart);
    }
-    if (decryptResult.error() && mMetaData.isSigned) {
+    if (decryptResult.error && mMetaData.isSigned) {
        //Only a signed part
        mMetaData.isEncrypted = false;
        mDecryptedData = plainText;
        return true;
    }
-    if (mMetaData.isEncrypted && decryptResult.numRecipients() > 0) {
+    if (mMetaData.isEncrypted && decryptResult.recipients.size()) {
-        mMetaData.keyId = decryptResult.recipient(0).keyID();
+        mMetaData.keyId = decryptResult.recipients.at(0).keyId;
    }
-    if (!decryptResult.error()) {
+    if (!decryptResult.error) {
        mDecryptedData = plainText;
        setText(QString::fromUtf8(mDecryptedData.constData()));
    } else {
-        mMetaData.isEncrypted = decryptResult.error().code() != GPG_ERR_NO_DATA;
+        const auto errorCode = decryptResult.error.errorCode();
-        mMetaData.errorText = QString::fromLocal8Bit(decryptResult.error().asString());
+        mMetaData.isEncrypted = errorCode != GPG_ERR_NO_DATA;
+        qWarning() << "Failed to decrypt : " << decryptResult.error;
-        std::stringstream ss;
-        ss << decryptResult << '\n' << verifyResult;
+        const bool noSecretKeyAvilable = [&] {
-        qWarning() << "Decryption failed: " << ss.str().c_str();
+            foreach (const auto &recipient, decryptResult.recipients) {
+                if (!(recipient.status.errorCode() == GPG_ERR_NO_SECKEY)) {
-        bool passphraseError =  decryptResult.error().isCanceled() || decryptResult.error().code() == GPG_ERR_NO_SECKEY;
+                    return false;
+                }
-        auto noSecKey = true;
+            }
-        foreach (const GpgME::DecryptionResult::Recipient &recipient, decryptResult.recipients()) {
+            return true;
-            noSecKey &= (recipient.status().code() == GPG_ERR_NO_SECKEY);
+        }();
-        }
+        bool passphraseError = errorCode == GPG_ERR_CANCELED || errorCode == GPG_ERR_NO_SECKEY;
-        if (!passphraseError && !noSecKey) {          // GpgME do not detect passphrase error correctly
+        //We only get a decryption failed error when we enter the wrong passphrase....
+        if (!passphraseError && !noSecretKeyAvilable) {
            passphraseError = true;
        }
-        if(noSecKey) {
+        if(noSecretKeyAvilable) {
            mError = NoKeyError;
            mMetaData.errorText = tr("Could not decrypt the data. ") + tr("No key found for recepients.");
        } else if (passphraseError) {
            mError = PassphraseError;
+            // mMetaData.errorText = QString::fromLocal8Bit(decryptResult.error().asString());
        } else {
            mError = UnknownError;
-            mMetaData.errorText = tr("Could not decrypt the data. ")
+            mMetaData.errorText = tr("Could not decrypt the data. ");
-                                  + tr("Error: %1").arg(mMetaData.errorText);
+            //                         + tr("Error: %1").arg(QString::fromLocal8Bit(decryptResult.error().asString()));
        }
        return false;
    }
diff --git a/framework/src/domain/mime/mimetreeparser/messagepart.h b/framework/src/domain/mime/mimetreeparser/messagepart.h
index 3c07ca88..c576699e 100644
--- a/framework/src/domain/mime/mimetreeparser/messagepart.h
+++ b/framework/src/domain/mime/mimetreeparser/messagepart.h
@@ -23,6 +23,7 @@
 #include "util.h"
 #include "enums.h"
 #include "partmetadata.h"
+#include <crypto.h>
 #include <KMime/Message>
@@ -32,13 +33,6 @@
 class QTextCodec;
 class PartPrivate;
-namespace GpgME
-{
-class ImportResult;
-class VerificationResult;
-class Signature;
-}
 namespace KMime
 {
 class Content;
@@ -55,11 +49,10 @@ class MultiPartAlternativeBodyPartFormatter;
 class SignedMessagePart;
 class EncryptedMessagePart;
-enum CryptoProtocol {
+using Crypto::CryptoProtocol;
-    UnknownProtocol,
+using Crypto::CryptoProtocol::CMS;
-    OpenPGP,
+using Crypto::CryptoProtocol::OpenPGP;
-    CMS
+using Crypto::CryptoProtocol::UnknownProtocol;
-};
 class MessagePart : public QObject
 {
@@ -366,8 +359,8 @@ public:
    QString htmlContent() const Q_DECL_OVERRIDE;
 private:
-    void sigStatusToMetaData(const GpgME::Signature &signature);
+    void sigStatusToMetaData(const Crypto::Signature &signature);
-    void setVerificationResult(const GpgME::VerificationResult &result, bool parseText, const QByteArray &plainText);
+    void setVerificationResult(const Crypto::VerificationResult &result, bool parseText, const QByteArray &plainText);
 protected:
    CryptoProtocol mProtocol;
diff --git a/framework/src/domain/mime/mimetreeparser/partmetadata.h b/framework/src/domain/mime/mimetreeparser/partmetadata.h
index 44a9cf7e..583eb454 100644
--- a/framework/src/domain/mime/mimetreeparser/partmetadata.h
+++ b/framework/src/domain/mime/mimetreeparser/partmetadata.h
@@ -37,7 +37,6 @@ public:
    QByteArray keyId;
    bool keyIsTrusted = false;
    QString status;  // to be used for unknown plug-ins
-    int status_code; // to be used for i18n of OpenPGP and S/MIME CryptPlugs
    QString errorText;
    QDateTime creationTime;
    QString decryptionError;
diff --git a/framework/src/domain/mime/mimetreeparser/tests/CMakeLists.txt b/framework/src/domain/mime/mimetreeparser/tests/CMakeLists.txt
index 9937ab06..fcb1988a 100644
--- a/framework/src/domain/mime/mimetreeparser/tests/CMakeLists.txt
+++ b/framework/src/domain/mime/mimetreeparser/tests/CMakeLists.txt
@@ -15,12 +15,11 @@ target_link_libraries(mimetreeparsertest
    Qt5::Core
    Qt5::Test
    KF5::Mime
-    Gpgmepp
+    gpgme
-    QGpgme
 )
 ecm_add_test(gpgerrortest.cpp
    TEST_NAME "gpgerrortest"
    NAME_PREFIX "mimetreeparser-"
-    LINK_LIBRARIES Qt5::Core Qt5::Test kube_otp Gpgmepp QGpgme
+    LINK_LIBRARIES Qt5::Core Qt5::Test kube_otp gpgme
 )