1#!/usr/bin/env gpgscm
2
3;; Copyright (C) 2017 Damien Goutte-Gattat
4;;
5;; This file is part of GnuPG.
6;;
7;;
8;; GnuPG is free software; you can redistribute it and/or modify
9;; it under the terms of the GNU General Public License as published by
10;; the Free Software Foundation; either version 3 of the License, or
11;; (at your option) any later version.
12;;
13;; GnuPG is distributed in the hope that it will be useful,
14;; but WITHOUT ANY WARRANTY; without even the implied warranty of
15;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16;; GNU General Public License for more details.
17;;
18;; You should have received a copy of the GNU General Public License
19;; along with this program; if not, see <http://www.gnu.org/licenses/>.
20
21(load (in-srcdir "tests" "openpgp" "trust-pgp" "common.scm"))
22
23(display "Checking basic WoT (classic trust model)...\n")
24
25(initscenario "scenario1")
26
27;; Check initial state.
28(checktrust BOBBY "f")	;; Directly signed by Alice's key.
29(checktrust CAROL "q")	;; Signed by Bobby, whose key has
30			;; no explicit ownertrust.
31(checktrust DAVID "q")	;; Likewise.
32(checktrust FRANK "q")	;; Likewise.
33(checktrust GRACE "-")	;; Signed by the previous three keys;
34			;; not evaluated since they are not valid.
35
36;; Let's trust Bobby.
37;; This should make Carol's, David's, and Frank's keys valid.
38(setownertrust BOBBY FULLTRUST)
39(updatetrustdb)
40(checktrust CAROL "f")
41(checktrust DAVID "f")
42(checktrust FRANK "f")
43(checktrust GRACE "q")	;; Now evaluated, but validity still unknown.
44
45;; Let's trust (marginally) Carol and David.
46;; This should not be enough to make Grace's key fully valid
47;; since marginals-needed defaults to 3.
48(setownertrust CAROL MARGINALTRUST)
49(setownertrust DAVID MARGINALTRUST)
50(updatetrustdb)
51(checktrust GRACE "m")
52
53;; Add marginal ownertrust to Frank's key.
54;; This should make Grace's key fully valid.
55(setownertrust FRANK MARGINALTRUST)
56(updatetrustdb)
57(checktrust GRACE "f")
58
59;; Now let's play with the length of certification chains.
60;; Setting max-cert-length to 2 should put Grace's key
61;; one step too far from Alice's key.
62(let ((max-cert-depth (gpg-config 'gpg "max-cert-depth")))
63  (max-cert-depth::update 2))
64(updatetrustdb)
65(checktrust GRACE "-")
66
67;; Raise the bar for assigning full validity.
68;; Bobby's key should be the only one retaining full validity.
69(let ((completes-needed (gpg-config 'gpg "completes-needed")))
70  (completes-needed::update 2))
71(updatetrustdb)
72(checktrust BOBBY "f")
73(checktrust CAROL "m")
74(checktrust DAVID "m")
75(checktrust FRANK "m")
76(checktrust GRACE "-")
77