comment change ;)

codegen/gen_codec.ysl2

@@ -152,8 +152,13 @@ tstylesheet {
 
             *msg = NULL;
             «@name»_t *_msg = NULL;
-            uper_decode_complete(NULL, &asn_DEF_«@name», (void **) &_msg, data, size);
-            if (!_msg)
+            asn_dec_rval_t rval = uper_decode_complete(NULL, &asn_DEF_«@name», (void **) &_msg, data, size);
+
+            // N.B: If you plan on having messages were the full message isn't consumed by decoding here,
+            // then please look into uper_decode_complete; we still may get a message, even if to contains
+            // nothing. RC_FAIL is an obvious case, but we also need to fail if RC_WMORE is the code, especially
+            // if rval.consumed == 0. Volker, please look into this and decide what you want.
+            if (!_msg || rval.code != RC_OK)
                 return PEP_«yml:ucase(@name)»_ILLEGAL_MESSAGE;
 
             *msg = _msg;

src/message_api.c

@@ -3931,6 +3931,38 @@ static PEP_STATUS pEp_version_upgrade_or_ignore(
     return status;    
 }
 
+/**
+ *   @internal
+ *
+ *   @param msg
+ *   @param keylist
+ *   @return
+ *
+ *   @note  Presupposes you've updated the msg->from identity somewhere so it contains the ident default.
+ */
+static bool sender_fpr_is_signer_fpr(message* msg, stringlist_t* keylist) {
+    if (!msg || EMPTYSTR(msg->_sender_fpr) || !keylist || EMPTYSTR(keylist->value))
+        return false;
+
+    return (strcmp(msg->_sender_fpr, keylist->value) == 0);
+}
+
+
+/**
+ *   @internal
+ *
+ *   @param msg
+ *   @return
+ *
+ *   @note  Presupposes you've updated the msg->from identity somewhere so it contains the ident default.
+ */
+static bool sender_fpr_is_from_default(message* msg) {
+    if (!msg || !msg->from || EMPTYSTR(msg->from->fpr) || EMPTYSTR(msg->_sender_fpr))
+        return false;
+
+    return (strcmp(msg->from->fpr, msg->_sender_fpr) == 0);
+}
+
 /**
  *  @internal
  *
@@ -3938,78 +3970,65 @@ static PEP_STATUS pEp_version_upgrade_or_ignore(
  *
  *  @brief            TODO
  *
- *  @param[in]    session        session handle
- *  @param[in]    *sender        pEp_identity
- *  @param[in]    *keylist        stringlist_t
- *  @param[in]    major        unsignedint
- *  @param[in]    minor        unsignedint
+ *  @param[in]    session       session handle
+ *  @param[in]    msg           the message we're doing this from
+ *  @param[in]    keylist       keylist containing signer during decrypt/verify
+ *  @param[in]    major         unsigned int
+ *  @param[in]    minor         unsigned int
  *
  *  @retval PEP_STATUS_OK
  *  @retval PEP_ILLEGAL_VALUE   illegal parameter values
  *  @retval PEP_OUT_OF_MEMORY   out of memory
  *  @retval PEP_CANNOT_SET_TRUST
  *  @retval any other value on error
+ *
+ *  @note   Only use on messages that were decrypted; unencrypted messages have a different path.
  */
 static PEP_STATUS update_sender_to_pEp_trust(
         PEP_SESSION session, 
-        pEp_identity* sender, 
+        message* msg,
         stringlist_t* keylist,
         unsigned int major,
         unsigned int minor) 
 {
     assert(session);
-    assert(sender);
-    assert(keylist && !EMPTYSTR(keylist->value));
+    assert(msg);
     
-    if (!session || !sender || !keylist || EMPTYSTR(keylist->value))
+    if (!session || !msg || !keylist)
         return PEP_ILLEGAL_VALUE;
-        
-    free(sender->fpr);
-    sender->fpr = NULL;
+
+    if (!msg->from)
+        return PEP_STATUS_OK;
+
+    pEp_identity* sender = msg->from;
 
     PEP_STATUS status = is_me(session, sender) ? _myself(session, sender, false, false, false, true) : update_identity(session, sender);
 
     if (PASS_ERROR(status))
         return status;
 
-    if (EMPTYSTR(sender->fpr) || strcmp(sender->fpr, keylist->value) != 0) {
-        free(sender->fpr);
-        sender->fpr = strdup(keylist->value);
-        if (!sender->fpr)
-            return PEP_OUT_OF_MEMORY;
-        status = set_pgp_keypair(session, sender->fpr);
-        if (status != PEP_STATUS_OK)
-            return status;
-            
-        status = get_trust(session, sender);
-        
-        if (status == PEP_CANNOT_FIND_IDENTITY || sender->comm_type == PEP_ct_unknown) {
-            PEP_comm_type ct = PEP_ct_unknown;
-            status = get_key_rating(session, sender->fpr, &ct);
-            if (status != PEP_STATUS_OK)
-                return status;
-                
-            sender->comm_type = ct;    
-        }
-    }
-    
-    // Could be done elegantly, but we do this explicitly here for readability.
-    // This file's code is difficult enough to parse. But change at will.
-    switch (sender->comm_type) {            
+    // Ok, identity is updated.
+    // Now, let's find out if the sender_fpr on this message is the signer and if it is the sender default. If so, we can do this.
+    // If not? forget it.
+    if (!sender_fpr_is_signer_fpr(msg, keylist) || !sender_fpr_is_from_default(msg))
+        return PEP_STATUS_OK; // We don't return an error here because failing to satisfy the conditions isn't an error here, it's just a no-op.
+
+    switch (sender->comm_type) {
         case PEP_ct_OpenPGP_unconfirmed:
         case PEP_ct_OpenPGP:
             sender->comm_type = PEP_ct_pEp_unconfirmed | (sender->comm_type & PEP_ct_confirmed);
             status = set_trust(session, sender);
             if (status != PEP_STATUS_OK)
                 break;
+            // Fallthrough EXPLICIT here
         case PEP_ct_pEp:
         case PEP_ct_pEp_unconfirmed:
             // set version
             if (major == 0) {
                 major = 2;
-                minor = 0;
+                minor = 1;
             }
-            status = pEp_version_upgrade_or_ignore(session, sender, major, minor);    
+            status = pEp_version_upgrade_or_ignore(session, sender, major, minor);
             break;
         default:
             status = PEP_CANNOT_SET_TRUST;
@@ -5094,6 +5113,10 @@ static PEP_STATUS _decrypt_message(
                 if (!EMPTYSTR(key_claim_fpr))
                     status = _check_and_set_default_key(session, src->from, key_claim_fpr);
 
+                if (_keylist) {
+                    if (!EMPTYSTR(_keylist->value))
+                        msg->_sender_fpr = strdup(_keylist->value); // will be checked against sender info later
+                }
                 break;
 
             default:
@@ -5416,16 +5439,27 @@ static PEP_STATUS _decrypt_message(
         
         *rating = decrypt_rating(decrypt_status);
 
-        // Ok, so if it was signed and it's all verified, we can update
-        // eligible signer comm_types to PEP_ct_pEp_*
-        // This also sets and upgrades pEp version
-        if (decrypt_status == PEP_DECRYPTED_AND_VERIFIED && !is_deprecated_key_reset && is_pEp_msg && calculated_src->from)
-            status = update_sender_to_pEp_trust(session, msg->from, _keylist, major_ver, minor_ver);
+        // Now, if:
+        // 1. Message was signed and verified,
+        // 2. Message was signed with from user's *default* key (which may
+        //    have been set above, and
+        // 3. This is a pEp message,
+        // We can upgrade the user to being a pEp user. But we should actually check if this is necessary to begin
+        // with.
+        // Checks on fpr viability are done in the update_sender_to_pEp_trust function now.
+        if (msg && decrypt_status == PEP_DECRYPTED_AND_VERIFIED && !is_deprecated_key_reset && !EMPTYSTR(msg->_sender_fpr)) {
+            if (is_pEp_msg && msg->from && !EMPTYSTR(msg->from->user_id)) {
+                bool pEp_peep = false;
+                status = is_pEp_user(session, msg->from, &pEp_peep);
+                if (status == PEP_STATUS_OK && !pEp_peep)
+                    status = update_sender_to_pEp_trust(session, msg, _keylist, major_ver, minor_ver);
+            }
+        }
+
 
         /* Ok, now we have a keylist used for decryption/verification.
            now we need to update the message rating with the 
            sender and recipients in mind */
-           
         if (!is_deprecated_key_reset) { // key reset messages invalidate some of the ratings in the DB by now.
             status = amend_rating_according_to_sender_and_recipients(session,
                      rating, msg->from, _keylist);

src/rating_api.c

@@ -391,28 +391,26 @@ static PEP_STATUS message_rating_for_identities(
         PEP_rating *rating
     )
 {
-    assert(session && msg && msg->from && rating);
-    if (!(session && msg && msg->from && rating))
+    assert(session && msg && rating);
+    if (!(session && msg && rating))
         return PEP_ILLEGAL_VALUE;
 
     PEP_STATUS status = PEP_STATUS_OK;
     *rating = PEP_rating_undefined;
 
-    if (msg->dir == PEP_dir_incoming) {
-        if (is_me(session, msg->from))
+    if (msg->from) {
+        if (msg->dir == PEP_dir_incoming) {
+            if (is_me(session, msg->from))
+                status = myself(session, msg->from);
+            else
+                status = update_identity(session, msg->from);
+        } else {
             status = myself(session, msg->from);
-        else
-            status = update_identity(session, msg->from);
-    }
-    else {
-        status = myself(session, msg->from);
+        }
+        if (status)
+            return status;
     }
-    if (status)
-        return status;
-
-    PEP_rating from_rating = rating_from_comm_type(msg->from->comm_type);
-    if (!from_rating)
-        goto the_end;
+    PEP_rating from_rating = msg->from ? rating_from_comm_type(msg->from->comm_type) : PEP_rating_unreliable;
 
     PEP_rating _rating = PEP_rating_undefined;
     status = rating_sum(session, msg, rating_of_existing_channel, &_rating);
@@ -421,7 +419,7 @@ static PEP_STATUS message_rating_for_identities(
 
     *rating = add_rating(from_rating, _rating);
 
-    if (*rating == PEP_rating_have_no_key)
+    if (*rating == PEP_rating_have_no_key || *rating == PEP_rating_undefined)
         *rating = PEP_rating_unreliable;
 
 the_end:
@@ -738,10 +736,12 @@ DYNAMIC_API PEP_STATUS incoming_message_rating(
     }
 
     PEP_rating crypto_rating = PEP_rating_undefined;
-    if (src->from && is_me(session, src->from))
-        status = myself(session, src->from);
-    else
-        status = update_identity(session, src->from);
+    if (src->from) {
+        if (is_me(session, src->from))
+            status = myself(session, src->from);
+        else
+            status = update_identity(session, src->from);
+    }
 
     if (status)
         return status;

test/src/DecryptAttachPrivateKeyTrustedTest.cc

@@ -141,7 +141,7 @@ TEST_F(DecryptAttachPrivateKeyTrustedTest, check_decrypt_attach_private_key_trus
     ASSERT_TRUE(status == PEP_STATUS_OK || status == PEP_CANNOT_FIND_IDENTITY);
     ASSERT_NE(same_addr_same_uid->comm_type & PEP_ct_confirmed, PEP_ct_confirmed);
 
-    status = key_reset_trust(session, same_addr_same_uid);
+    status = key_reset_trust(session, same_addr_same_uid); // KB: WHY were we doing this?? We remove the key's trust entry here, fine, but... it's still an own key?
 
     output_stream << "Done!" << endl << endl;
 

test/src/DecryptAttachPrivateKeyUntrustedTest.cc

@@ -152,8 +152,6 @@ TEST_F(DecryptAttachPrivateKeyUntrustedTest, check_decrypt_attach_private_key_un
 
     output_stream << "Reading in message..." << endl;
 
-    output_stream << "Reading in message..." << endl;
-
     message* encoded_text = slurp_message_file_into_struct("test_mails/priv_key_attach.eml");
 
     output_stream << "Starting test..." << endl;
@@ -181,7 +179,8 @@ TEST_F(DecryptAttachPrivateKeyUntrustedTest, check_decrypt_attach_private_key_un
                                   &keylist_used, &rating, &flags);
 
     status = get_trust(session, same_addr_same_uid);
-    ASSERT_EQ(same_addr_same_uid->comm_type, PEP_ct_pEp_unconfirmed);
+    ASSERT_EQ(status, PEP_CANNOT_FIND_IDENTITY);
+    ASSERT_EQ(same_addr_same_uid->comm_type, PEP_ct_unknown);
 
     output_stream << "Case 1 Status: " << tl_status_string(status) << endl;
     output_stream << "Private key is not trusted for " << same_addr_same_uid->fpr << ", as desired, as the public key was not trusted." << endl;

test/src/DefaultFromEmailTest.cc

@@ -948,7 +948,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_bob_1_0_two_keys) {
 
 // Case 0: We already have a default key. Make sure we don't step on it.
 
-TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_reliable_bob_noclobber_no_pEp) {
+TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_reliable_channel_bob_noclobber_no_pEp) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -964,7 +964,7 @@ TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_reliable_bob_noclobber
     check_sender_default_key_status(sender_info2, PEP_ct_OpenPGP_unconfirmed);
 }
 
-TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_reliable_bob_noclobber_2_2) {
+TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_reliable_channel_bob_noclobber_2_2) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -973,62 +973,22 @@ TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_reliable_bob_noclobber
     force_sender_default_to_be_set(TestUtilsPreset::BOB2, false);
 
     // Ok, we now have a blank slate. Run the import mail fun.
-    read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_2.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
-
-    // Make sure import didn't overwrite default
-    check_sender_default_key_status(sender_info2, PEP_ct_pEp_unconfirmed);
-}
-
-TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_reliable_bob_noclobber_2_1) {
-    const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
-    const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
-
-    set_up_and_check_initial_identities(TestUtilsPreset::BOB, sender_info);
-
-    force_sender_default_to_be_set(TestUtilsPreset::BOB2, false);
-
-    // Ok, we now have a blank slate. Run the import mail fun.
-    read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_1.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
-
-    // Make sure import didn't overwrite default
-    check_sender_default_key_status(sender_info2, PEP_ct_pEp_unconfirmed);
-}
-
-TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_reliable_bob_noclobber_2_0) {
-    const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
-    const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
-
-    set_up_and_check_initial_identities(TestUtilsPreset::BOB, sender_info);
-
-    force_sender_default_to_be_set(TestUtilsPreset::BOB2, false);
-
-    // Ok, we now have a blank slate. Run the import mail fun.
-    read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_0.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+    read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAliceUnencrypted.eml",
+                                     PEP_rating_unencrypted, PEP_UNENCRYPTED);
 
     // Make sure import didn't overwrite default
     check_sender_default_key_status(sender_info2, PEP_ct_pEp_unconfirmed);
 }
 
-TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_reliable_bob_noclobber_1_0) {
-    const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
-    const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
+// FOR THE ENCRYPTED NO_CLOBBER TESTS:
+// We expect this to be unreliable now as of ENGINE-847, because the imported key on decryption is NOT associated with Bob;
+// he already has a default, and this ain't it, and we have no sense of "key claim" with OpenPGP.
+// Also note that the ONLY place the key attached to this message will be present at ALL is in the keys.db - we don't
+// even put it into the pgp_keypair list. So as far as pEp itself is concerned, that key doesn't exist until the
+// user tells us it does.
 
-    set_up_and_check_initial_identities(TestUtilsPreset::BOB, sender_info);
 
-    force_sender_default_to_be_set(TestUtilsPreset::BOB2, false);
-
-    // Ok, we now have a blank slate. Run the import mail fun.
-    read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_1_0.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
-
-    // Make sure import didn't overwrite default
-    check_sender_default_key_status(sender_info2, PEP_ct_pEp_unconfirmed);
-}
-
-TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_no_pep) {
+TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_channel_bob_noclobber_no_pep) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1038,14 +998,14 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_n
 
     // Ok, we now the desired state. Run the import mail fun.
     read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_1_0_wrong_key_filename_no_pEp.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+                                     PEP_rating_unreliable, PEP_STATUS_OK);
 
      // Check that the default key matches the canonical default key for this sender,
     // if expected to be present.
     check_sender_default_key_status(sender_info2, PEP_ct_OpenPGP_unconfirmed);
 }
 
-TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_2_2) {
+TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_channel_bob_noclobber_2_2) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1055,7 +1015,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_2
 
     // Ok, we now the desired state. Run the import mail fun.
     read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_2.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+                                     PEP_rating_unreliable, PEP_STATUS_OK);
 
     // Check that the default key matches the canonical default key for this sender,
     // if expected to be present.
@@ -1063,7 +1023,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_2
 
 }
 
-TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_2_1) {
+TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_channel_bob_noclobber_2_1) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1073,7 +1033,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_2
 
     // Ok, we now the desired state. Run the import mail fun.
     read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_1.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+                                     PEP_rating_unreliable, PEP_STATUS_OK);
 
     // Check that the default key matches the canonical default key for this sender,
     // if expected to be present.
@@ -1081,7 +1041,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_2
 
 }
 
-TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_2_0) {
+TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_channel_bob_noclobber_2_0) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1091,7 +1051,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_2
 
     // Ok, we now the desired state. Run the import mail fun.
     read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_0.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+                                     PEP_rating_unreliable, PEP_STATUS_OK);
 
     // Check that the default key matches the canonical default key for this sender,
     // if expected to be present.
@@ -1100,7 +1060,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_2
 }
 
 // We use the "wrong" filename version on purpose to ensure we aren't relying on 2.2 changes
-TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_1_0) {
+TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_channel_bob_noclobber_1_0) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1110,7 +1070,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_1
 
     // Ok, we now the desired state. Run the import mail fun.
     read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_1_0_wrong_key_filename_ModifiedVersion.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+                                     PEP_rating_unreliable, PEP_STATUS_OK);
     
     // Check that the default key matches the canonical default key for this sender,
     // if expected to be present.
@@ -1118,7 +1078,9 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_reliable_bob_noclobber_1
 
 }
 
-TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_trusted_bob_noclobber_no_pEp) {
+////////////////////////////
+
+TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_trusted_channel_bob_noclobber_no_pEp) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1135,7 +1097,7 @@ TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_trusted_bob_noclobber_
     check_sender_default_key_status(sender_info2, PEP_ct_OpenPGP);
 }
 
-TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_trusted_bob_noclobber_2_2) {
+TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_trusted_channel_bob_noclobber_2_2) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1144,62 +1106,15 @@ TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_trusted_bob_noclobber_
     force_sender_default_to_be_set(TestUtilsPreset::BOB2, true);
 
     // Ok, we now have a blank slate. Run the import mail fun.
-    read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_2.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
-
-    // Make sure import didn't overwrite default
-    check_sender_default_key_status(sender_info2, PEP_ct_pEp);
-}
-
-TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_trusted_bob_noclobber_2_1) {
-    const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
-    const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
-
-    set_up_and_check_initial_identities(TestUtilsPreset::BOB, sender_info);
-
-    force_sender_default_to_be_set(TestUtilsPreset::BOB2, true);
-
-    // Ok, we now have a blank slate. Run the import mail fun.
-    read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_1.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
-
-    // Make sure import didn't overwrite default
-    check_sender_default_key_status(sender_info2, PEP_ct_pEp);
-}
-
-TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_trusted_bob_noclobber_2_0) {
-    const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
-    const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
-
-    set_up_and_check_initial_identities(TestUtilsPreset::BOB, sender_info);
-
-    force_sender_default_to_be_set(TestUtilsPreset::BOB2, true);
-
-    // Ok, we now have a blank slate. Run the import mail fun.
-    read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_0.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
-
-    // Make sure import didn't overwrite default
-    check_sender_default_key_status(sender_info2, PEP_ct_pEp);
-}
-
-TEST_F(DefaultFromEmailTest, check_unencrypted_key_import_trusted_bob_noclobber_1_0) {
-    const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
-    const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
-
-    set_up_and_check_initial_identities(TestUtilsPreset::BOB, sender_info);
-
-    force_sender_default_to_be_set(TestUtilsPreset::BOB2, true);
-
-    // Ok, we now have a blank slate. Run the import mail fun.
-    read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_1_0.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+    read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAliceUnencrypted.eml",
+                                     PEP_rating_unencrypted, PEP_UNENCRYPTED);
 
     // Make sure import didn't overwrite default
     check_sender_default_key_status(sender_info2, PEP_ct_pEp);
 }
+//////////////////////////
 
-TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_no_pep) {
+TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_channel_bob_noclobber_no_pep) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1208,15 +1123,20 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_no
     force_sender_default_to_be_set(TestUtilsPreset::BOB2, true);
 
     // Ok, we now the desired state. Run the import mail fun.
+    // N.B.: We expect this to be unreliable now as of ENGINE-847, because the imported key on decryption is NOT associated with Bob;
+    //       he already has a default, and this ain't it, and we have no sense of "key claim" with OpenPGP.
+    //       Also note that the ONLY place the key attached to this message will be present at ALL is in the keys.db - we don't
+    //       even put it into the pgp_keypair list. So as far as pEp itself is concerned, that key doesn't exist until the
+    //       user tells us it does.
     read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_1_0_wrong_key_filename_no_pEp.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+                                     PEP_rating_unreliable, PEP_STATUS_OK);
 
      // Check that the default key matches the canonical default key for this sender,
     // if expected to be present.
     check_sender_default_key_status(sender_info2, PEP_ct_OpenPGP);
 }
 
-TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_2_2) {
+TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_channel_bob_noclobber_2_2) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1225,8 +1145,11 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_2_
     force_sender_default_to_be_set(TestUtilsPreset::BOB2, true);
 
     // Ok, we now the desired state. Run the import mail fun.
+    // NOTE: This behaves differently from the "no_pep" cases for one very important reason - in setting
+    // the user as a pEp user during the setup above, we actually set the initial imported key as a default before
+    // changing it in the previous line.
     read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_2.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+                                     PEP_rating_unreliable, PEP_STATUS_OK);
 
     // Check that the default key matches the canonical default key for this sender,
     // if expected to be present.
@@ -1234,7 +1157,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_2_
 
 }
 
-TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_2_1) {
+TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_channel_bob_noclobber_2_1) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1244,7 +1167,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_2_
 
     // Ok, we now the desired state. Run the import mail fun.
     read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_1.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+                                     PEP_rating_unreliable, PEP_STATUS_OK);
 
     // Check that the default key matches the canonical default key for this sender,
     // if expected to be present.
@@ -1252,7 +1175,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_2_
 
 }
 
-TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_2_0) {
+TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_channel_bob_noclobber_2_0) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1262,7 +1185,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_2_
 
     // Ok, we now the desired state. Run the import mail fun.
     read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_2_0.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+                                     PEP_rating_unreliable, PEP_STATUS_OK);
 
     // Check that the default key matches the canonical default key for this sender,
     // if expected to be present.
@@ -1271,7 +1194,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_2_
 }
 
 // We use the "wrong" filename version on purpose to ensure we aren't relying on 2.2 changes
-TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_1_0) {
+TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_channel_bob_noclobber_1_0) {
     const TestUtilsPreset::IdentityInfo& sender_info = TestUtilsPreset::presets[TestUtilsPreset::BOB];
     const TestUtilsPreset::IdentityInfo& sender_info2 = TestUtilsPreset::presets[TestUtilsPreset::BOB2];
 
@@ -1281,7 +1204,7 @@ TEST_F(DefaultFromEmailTest, check_encrypted_key_import_trusted_bob_noclobber_1_
 
     // Ok, we now the desired state. Run the import mail fun.
     read_decrypt_check_incoming_mail("test_mails/CanonicalFrom2.2BobToAlice_1_0_wrong_key_filename_ModifiedVersion.eml",
-                                     PEP_rating_reliable, PEP_STATUS_OK);
+                                     PEP_rating_unreliable, PEP_STATUS_OK);
     
     // Check that the default key matches the canonical default key for this sender,
     // if expected to be present.

test/src/ElevatedAttachmentsTest.cc

@@ -226,6 +226,8 @@ TEST_F(ElevatedAttachmentsTest, check_encrypt_decrypt_message) {
     msg->shortmsg = strdup("Yo Bob!");
     msg->longmsg = strdup("Look at my hot new sender fpr field!");
 
+    // Volker: This is a sloppy way to test - it got processed as a real distribution message because data has meaning
+    //         and happily exposed a bug in your generation code, but... well, you know better :)
     const char *distribution = "simulation of distribution data";
     msg->attachments = new_bloblist(strdup(distribution), strlen(distribution)
             + 1, "application/pEp.distribution", "distribution.pEp");

test/src/Engine463Test.cc

@@ -115,9 +115,13 @@ TEST_F(Engine463Test, check_engine_463_sender_expired_and_renewed) {
     ok = slurp_and_import_key(session, "test_keys/pub/inquisitor-0xA4728718_full_expired.pub.asc");
     ASSERT_TRUE(ok);
 
+    pEp_identity* alice = new_identity("pep.test.alice@pep-project.org", "4ABE3AAF59AC32CFE4F86500A9411D176FF00E97", "ME", "Alice Cooper");
+    PEP_STATUS status = set_own_key(session, alice, "4ABE3AAF59AC32CFE4F86500A9411D176FF00E97");
+    ASSERT_OK;
+
     const char* inq_fpr = "8E8D2381AE066ABE1FEE509821BA977CA4728718";
     pEp_identity* inquisitor = new_identity("inquisitor@darthmama.org", NULL, NULL, "Lady Claire Trevelyan");
-    PEP_STATUS status = set_fpr_preserve_ident(session, inquisitor, inq_fpr, false);
+    status = set_fpr_preserve_ident(session, inquisitor, inq_fpr, false);
     ASSERT_OK;
 
     // Ok, so I want to make sure we make an entry, so I'll try to decrypt the message WITH

test/src/LeastCommonDenomColorTest.cc

@@ -127,7 +127,7 @@ TEST_F(LeastCommonDenomColorTest, check_least_common_denom_color) {
     recip1->fpr = strdup("9F371BACD583EE26347899F21CCE13DE07B29090");
     status = set_identity(session, recip1);
     ASSERT_OK;
-    key_reset_trust(session, recip1);
+//    key_reset_trust(session, recip1);
 
     pEp_identity * recip2 = new_identity("banmetwice@kgrothoff.org", NULL, "TOFU_banmetwice@kgrothoff.org", "Ban Me Twice");
     recip2->me = false;
@@ -136,7 +136,7 @@ TEST_F(LeastCommonDenomColorTest, check_least_common_denom_color) {
     recip2->fpr = strdup("84A33862CC664EA1086B7E94ADF10A134080C3E7");
     status = set_identity(session, recip2);
     ASSERT_OK;
-    key_reset_trust(session, recip2);
+//    key_reset_trust(session, recip2);
 
     const string mailtext = slurp(mailfile);
 

test/src/VerifyTest.cc

@@ -307,7 +307,8 @@ TEST_F(VerifyTest, check_expired_signing_key) {
     msg->longmsg = strdup(ciphertext.c_str());
     msg->from = new_identity("1960@example.org", NULL, "MARY", "Mary Susan Maria Karen Lisa Linda Donna Patricia Smith");
     message* pt_msg = NULL;
-    decrypt_message(session, msg, &pt_msg, &keylist, &rating, &flags);
+    status = decrypt_message(session, msg, &pt_msg, &keylist, &rating, &flags);
+    ASSERT_OK;
     free_message(msg);
     free_message(pt_msg);
     ASSERT_EQ(rating, PEP_rating_unreliable);