validate key before adding to encryption list

we check whether a key is
 - revoked
 - expired
 - invalid
 - unable to encrypt
 - unable to sign

2 files changed, 17 insertions, 1 deletions

diff --git a/alot/commands/envelope.py b/alot/commands/envelope.py
index 26b87381..b462e0bc 100644
--- a/alot/commands/envelope.py
+++ b/alot/commands/envelope.py
@@ -515,13 +515,17 @@ class EncryptCommand(Command):
                 keys = dict()
                 for keyid in self.encrypt_keys:
                     tmp_key = crypto.get_key(keyid)
+                    crypto.validate_key(tmp_key, encrypt=True)
                     keys[crypto.hash_key(tmp_key)] = tmp_key
 
                 envelope.encrypt_keys.update(keys)
             except gpgme.GpgmeError as e:
                 if e.code == gpgme.ERR_INV_VALUE or e.code == gpgme.ERR_EOF:
-                    raise GPGProblem("Can not find key to encrypt.")
+                    ui.notify("Can not find key to encrypt.", priority='error')
                 raise GPGProblem(str(e))
+            except GPGProblem, e:
+                ui.notify(e.message, priority='error')
+                return
 
         #reload buffer
         ui.current_buffer.rebuild()
diff --git a/alot/crypto.py b/alot/crypto.py
index 55b9e30c..9000d15b 100644
--- a/alot/crypto.py
+++ b/alot/crypto.py
@@ -198,3 +198,15 @@ def hash_key(key):
     for tmp_key in key.subkeys:
         hash_str += tmp_key.keyid
     return hash_str
+
+def validate_key(key, sign=False, encrypt=False):
+    if key.revoked:
+        raise GPGProblem("The key \"" + key.uids[0].uid + "\" is revoked.")
+    elif key.expired:
+        raise GPGProblem("The key \"" + key.uids[0].uid + "\" is expired.")
+    elif key.invalid:
+        raise GPGProblem("The key \"" + key.uids[0].uid + "\" is invalid.")
+    if encrypt and not key.can_encrypt:
+        raise GPGProblem("The key \"" + key.uids[0].uid + "\" can not encrypt.")
+    if sign and not key.can_sign:
+        raise GPGProblem("The key \"" + key.uids[0].uid + "\" can not sign.")