Split up ATM parts of trust storage and refactor (#388)

QXmppTrustStorage is now the base class for all trust storages used by
end-to-end encryption managers.
QXmppAtmTrustStorage is used by QXmppAtmManager.

QXmppTrustMemoryStorage is now the base class for all trust storages
that use the memory for storing data.
QXmppAtmTrustMemoryStorage can be used by QXmppAtmManager.

Methods needed by the upcoming OMEMO implementation are added.
Some existing methods are refactored.

10 files changed, 476 insertions, 257 deletions

diff --git a/src/client/QXmppAtmManager.cpp b/src/client/QXmppAtmManager.cpp
index 4155e993..c4fe2cad 100644
--- a/src/client/QXmppAtmManager.cpp
+++ b/src/client/QXmppAtmManager.cpp
@@ -8,13 +8,11 @@
 #include "QXmppClient.h"
 #include "QXmppConstants_p.h"
 #include "QXmppFutureUtils_p.h"
+#include "QXmppMessage.h"
 #include "QXmppTrustMessageElement.h"
+#include "QXmppTrustMessageKeyOwner.h"
 #include "QXmppUtils.h"
 
-#include <QCoreApplication>
-#include <QDomElement>
-#include <QList>
-
 using namespace QXmpp::Private;
 
 ///
@@ -27,21 +25,10 @@ using namespace QXmpp::Private;
 /// storage interface must be added.
 /// That implementation has to be adapted to your storage such as a database.
 /// In case you only need memory and no peristent storage, you can use the
-/// existing implementation:
+/// existing implementation and add the storage with it:
 ///
 ///\code
-/// QXmppTrustStorage *trustStorage = new QXmppTrustMemoryStorage;
-/// \endcode
-///
-/// You can set a security policy used by ATM via the trust manager.
-/// Is is recommended to apply TOAKAFA for good security and usability when
-/// using \xep{0384, OMEMO Encryption}:
-/// \code
-/// trustStorage->setSecurityPolicy("urn:xmpp:omemo:2", QXmppTrustStorage::Toakafa);
-/// \endcode
-///
-/// Afterwards, this manager must be added with the storage:
-/// \code
+/// QXmppAtmTrustStorage *trustStorage = new QXmppAtmTrustMemoryStorage;
 /// QXmppAtmManager *manager = new QXmppAtmManager(trustStorage);
 /// client->addExtension(manager);
 /// \endcode
@@ -73,7 +60,7 @@ using namespace QXmpp::Private;
 ///
 /// \param trustStorage trust storage implementation
 ///
-QXmppAtmManager::QXmppAtmManager(QXmppTrustStorage *trustStorage)
+QXmppAtmManager::QXmppAtmManager(QXmppAtmTrustStorage *trustStorage)
 {
     m_trustStorage = trustStorage;
 }
diff --git a/src/client/QXmppAtmManager.h b/src/client/QXmppAtmManager.h
index 5c2dc1e7..042d1342 100644
--- a/src/client/QXmppAtmManager.h
+++ b/src/client/QXmppAtmManager.h
@@ -5,18 +5,19 @@
 #ifndef QXMPPATMMANAGER_H
 #define QXMPPATMMANAGER_H
 
+#include "QXmppAtmTrustStorage.h"
 #include "QXmppClientExtension.h"
-#include "QXmppMessage.h"
 #include "QXmppSendResult.h"
-#include "QXmppTrustMessageKeyOwner.h"
-#include "QXmppTrustStorage.h"
+
+class QXmppMessage;
+class QXmppTrustMessageKeyOwner;
 
 class QXMPP_EXPORT QXmppAtmManager : public QXmppClientExtension
 {
     Q_OBJECT
 
 public:
-    QXmppAtmManager(QXmppTrustStorage *trustStorage);
+    QXmppAtmManager(QXmppAtmTrustStorage *trustStorage);
     QFuture<void> makeTrustDecisions(const QString &encryption, const QString &keyOwnerJid, const QList<QByteArray> &keyIdsForAuthentication, const QList<QByteArray> &keyIdsForDistrusting = {});
 
     /// \cond
@@ -41,7 +42,7 @@ private:
 
     QFuture<QXmpp::SendResult> sendTrustMessage(const QString &encryption, const QList<QXmppTrustMessageKeyOwner> &keyOwners, const QString &recipientJid);
 
-    QXmppTrustStorage *m_trustStorage;
+    QXmppAtmTrustStorage *m_trustStorage;
 
     friend class tst_QXmppAtmManager;
 };
diff --git a/src/client/QXmppAtmTrustMemoryStorage.cpp b/src/client/QXmppAtmTrustMemoryStorage.cpp
new file mode 100644
index 00000000..404c5564
--- /dev/null
+++ b/src/client/QXmppAtmTrustMemoryStorage.cpp
@@ -0,0 +1,145 @@
+// SPDX-FileCopyrightText: 2022 Melvin Keskin <melvo@olomono.de>
+//
+// SPDX-License-Identifier: LGPL-2.1-or-later
+
+#include "QXmppAtmTrustMemoryStorage.h"
+
+#include "QXmppFutureUtils_p.h"
+#include "QXmppTrustMessageKeyOwner.h"
+
+using namespace QXmpp::Private;
+
+///
+/// \class QXmppAtmTrustMemoryStorage
+///
+/// \brief The QXmppAtmTrustMemoryStorage class stores trust data for
+/// \xep{0450, Automatic Trust Management (ATM)} in the memory.
+///
+/// \warning THIS API IS NOT FINALIZED YET!
+///
+/// \since QXmpp 1.5
+///
+
+struct UnprocessedKey
+{
+    QByteArray id;
+    QString ownerJid;
+    QByteArray senderKeyId;
+    bool trust;
+};
+
+class QXmppAtmTrustMemoryStoragePrivate
+{
+public:
+    // encryption protocols mapped to trust message data received from endpoints
+    // with unauthenticated keys
+    QMultiHash<QString, UnprocessedKey> keys;
+};
+
+///
+/// Constructs an ATM trust memory storage.
+///
+QXmppAtmTrustMemoryStorage::QXmppAtmTrustMemoryStorage()
+    : d(new QXmppAtmTrustMemoryStoragePrivate)
+{
+}
+
+QXmppAtmTrustMemoryStorage::~QXmppAtmTrustMemoryStorage() = default;
+
+/// \cond
+QFuture<void> QXmppAtmTrustMemoryStorage::addKeysForPostponedTrustDecisions(const QString &encryption, const QByteArray &senderKeyId, const QList<QXmppTrustMessageKeyOwner> &keyOwners)
+{
+    const auto addKeys = [&](const QXmppTrustMessageKeyOwner &keyOwner, bool trust, const QList<QByteArray> &keyIds) {
+        for (const auto &keyId : keyIds) {
+            auto isKeyFound = false;
+
+            for (auto itr = d->keys.find(encryption); itr != d->keys.end() && itr.key() == encryption; ++itr) {
+                auto &key = itr.value();
+                if (key.id == keyId && key.ownerJid == keyOwner.jid() && key.senderKeyId == senderKeyId) {
+                    // Update the stored trust if it differs from the new one.
+                    if (key.trust != trust) {
+                        key.trust = trust;
+                    }
+
+                    isKeyFound = true;
+                    break;
+                }
+            }
+
+            // Create a new entry and store it if there is no such entry yet.
+            if (!isKeyFound) {
+                UnprocessedKey key;
+                key.id = keyId;
+                key.ownerJid = keyOwner.jid();
+                key.senderKeyId = senderKeyId;
+                key.trust = trust;
+                d->keys.insert(encryption, key);
+            }
+        }
+    };
+
+    for (const auto &keyOwner : keyOwners) {
+        addKeys(keyOwner, true, keyOwner.trustedKeys());
+        addKeys(keyOwner, false, keyOwner.distrustedKeys());
+    }
+
+    return makeReadyFuture();
+}
+
+QFuture<void> QXmppAtmTrustMemoryStorage::removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &keyIdsForAuthentication, const QList<QByteArray> &keyIdsForDistrusting)
+{
+    for (auto itr = d->keys.find(encryption);
+         itr != d->keys.end() && itr.key() == encryption;) {
+        const auto &key = itr.value();
+        if ((key.trust && keyIdsForAuthentication.contains(key.id)) ||
+            (!key.trust && keyIdsForDistrusting.contains(key.id))) {
+            itr = d->keys.erase(itr);
+        } else {
+            ++itr;
+        }
+    }
+
+    return makeReadyFuture();
+}
+
+QFuture<void> QXmppAtmTrustMemoryStorage::removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds)
+{
+    for (auto itr = d->keys.find(encryption);
+         itr != d->keys.end() && itr.key() == encryption;) {
+        if (senderKeyIds.contains(itr.value().senderKeyId)) {
+            itr = d->keys.erase(itr);
+        } else {
+            ++itr;
+        }
+    }
+
+    return makeReadyFuture();
+}
+
+QFuture<void> QXmppAtmTrustMemoryStorage::removeKeysForPostponedTrustDecisions(const QString &encryption)
+{
+    d->keys.remove(encryption);
+    return makeReadyFuture();
+}
+
+QFuture<QHash<bool, QMultiHash<QString, QByteArray>>> QXmppAtmTrustMemoryStorage::keysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds)
+{
+    QHash<bool, QMultiHash<QString, QByteArray>> keys;
+
+    const auto storedKeys = d->keys.values(encryption);
+    for (const auto &key : storedKeys) {
+        if (senderKeyIds.contains(key.senderKeyId) || senderKeyIds.isEmpty()) {
+            keys[key.trust].insert(key.ownerJid, key.id);
+        }
+    }
+
+    return makeReadyFuture(std::move(keys));
+}
+
+QFuture<void> QXmppAtmTrustMemoryStorage::resetAll(const QString &encryption)
+{
+    QXmppTrustMemoryStorage::resetAll(encryption);
+    d->keys.remove(encryption);
+    return makeReadyFuture();
+}
+/// \endcond
diff --git a/src/client/QXmppAtmTrustMemoryStorage.h b/src/client/QXmppAtmTrustMemoryStorage.h
new file mode 100644
index 00000000..432c2058
--- /dev/null
+++ b/src/client/QXmppAtmTrustMemoryStorage.h
@@ -0,0 +1,33 @@
+// SPDX-FileCopyrightText: 2022 Melvin Keskin <melvo@olomono.de>
+//
+// SPDX-License-Identifier: LGPL-2.1-or-later
+
+#ifndef QXMPPATMTRUSTMEMORYSTORAGE_H
+#define QXMPPATMTRUSTMEMORYSTORAGE_H
+
+#include "QXmppAtmTrustStorage.h"
+#include "QXmppTrustMemoryStorage.h"
+
+class QXmppAtmTrustMemoryStoragePrivate;
+
+class QXMPP_EXPORT QXmppAtmTrustMemoryStorage : virtual public QXmppAtmTrustStorage, public QXmppTrustMemoryStorage
+{
+public:
+    QXmppAtmTrustMemoryStorage();
+    ~QXmppAtmTrustMemoryStorage();
+
+    /// \cond
+    QFuture<void> addKeysForPostponedTrustDecisions(const QString &encryption, const QByteArray &senderKeyId, const QList<QXmppTrustMessageKeyOwner> &keyOwners) override;
+    QFuture<void> removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &keyIdsForAuthentication, const QList<QByteArray> &keyIdsForDistrusting) override;
+    QFuture<void> removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds) override;
+    QFuture<void> removeKeysForPostponedTrustDecisions(const QString &encryption) override;
+    QFuture<QHash<bool, QMultiHash<QString, QByteArray>>> keysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds = {}) override;
+
+    QFuture<void> resetAll(const QString &encryption) override;
+    /// \endcond
+
+private:
+    std::unique_ptr<QXmppAtmTrustMemoryStoragePrivate> d;
+};
+
+#endif  // QXMPPATMTRUSTMEMORYSTORAGE_H
diff --git a/src/client/QXmppAtmTrustStorage.cpp b/src/client/QXmppAtmTrustStorage.cpp
new file mode 100644
index 00000000..70ce2822
--- /dev/null
+++ b/src/client/QXmppAtmTrustStorage.cpp
@@ -0,0 +1,80 @@
+// SPDX-FileCopyrightText: 2022 Melvin Keskin <melvo@olomono.de>
+//
+// SPDX-License-Identifier: LGPL-2.1-or-later
+
+///
+/// \class QXmppAtmTrustStorage
+///
+/// \brief The QXmppAtmTrustStorage class stores trust data for
+/// \xep{0450, Automatic Trust Management (ATM)}.
+///
+/// \warning THIS API IS NOT FINALIZED YET!
+///
+/// \since QXmpp 1.5
+///
+
+///
+/// \fn QXmppAtmTrustStorage::addKeysForPostponedTrustDecisions(const QString &encryption, const QByteArray &senderKeyId, const QList<QXmppTrustMessageKeyOwner> &keyOwners)
+///
+/// Adds keys that cannot be authenticated or distrusted directly because the
+/// key of the trust message's sender is not yet authenticated.
+///
+/// Those keys are being authenticated or distrusted once the sender's key is
+/// authenticated.
+/// Each element of keyOwners (i.e., keyOwner) can contain keys for postponed
+/// authentication as trustedKeys or for postponed distrusting as
+/// distrustedKeys.
+///
+/// If keys of keyOwner.trustedKeys() are already stored for postponed
+/// distrusting, they are changed to be used for postponed authentication.
+/// If keys of keyOwner.distrustedKeys() are already stored for postponed
+/// authentication, they are changed to be used for postponed distrusting.
+/// If the same keys are in keyOwner.trustedKeys() and
+/// keyOwner.distrustedKeys(), they are used for postponed distrusting.
+///
+/// \param encryption encryption protocol namespace
+/// \param senderKeyId key ID of the trust message's sender
+/// \param keyOwners key owners containing key IDs for postponed trust decisions
+///
+
+///
+/// \fn QXmppAtmTrustStorage::removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &keyIdsForAuthentication, const QList<QByteArray> &keyIdsForDistrusting)
+///
+/// Removes keys for postponed authentication or distrusting.
+///
+/// \param encryption encryption protocol namespace
+/// \param keyIdsForAuthentication IDs of the keys for postponed authentication
+/// \param keyIdsForDistrusting IDs of the keys for postponed distrusting
+///
+
+///
+/// \fn QXmppAtmTrustStorage::removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds)
+///
+/// Removes keys for postponed authentication or distrusting by the trust
+/// message sender's key ID.
+///
+/// \param encryption encryption protocol namespace
+/// \param senderKeyIds key IDs of the trust messages' senders
+///
+
+///
+/// \fn QXmppAtmTrustStorage::removeKeysForPostponedTrustDecisions(const QString &encryption)
+///
+/// Removes all keys for postponed authentication or distrusting for encryption.
+///
+/// \param encryption encryption protocol namespace
+///
+
+///
+/// \fn QXmppAtmTrustStorage::keysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds = {})
+///
+/// Returns the JIDs of key owners mapped to the IDs of their keys stored for
+/// postponed authentication (true) or postponed distrusting (false).
+///
+/// If senderKeyIds is empty, all keys for encryption are returned.
+///
+/// \param encryption encryption protocol namespace
+/// \param senderKeyIds key IDs of the trust messages' senders
+///
+/// \return the key owner JIDs mapped to their keys
+///
diff --git a/src/client/QXmppAtmTrustStorage.h b/src/client/QXmppAtmTrustStorage.h
new file mode 100644
index 00000000..e801c7df
--- /dev/null
+++ b/src/client/QXmppAtmTrustStorage.h
@@ -0,0 +1,24 @@
+// SPDX-FileCopyrightText: 2022 Melvin Keskin <melvo@olomono.de>
+//
+// SPDX-License-Identifier: LGPL-2.1-or-later
+
+#ifndef QXMPPATMTRUSTSTORAGE_H
+#define QXMPPATMTRUSTSTORAGE_H
+
+#include "QXmppTrustStorage.h"
+
+class QXmppTrustMessageKeyOwner;
+
+class QXMPP_EXPORT QXmppAtmTrustStorage : virtual public QXmppTrustStorage
+{
+public:
+    virtual ~QXmppAtmTrustStorage() = default;
+
+    virtual QFuture<void> addKeysForPostponedTrustDecisions(const QString &encryption, const QByteArray &senderKeyId, const QList<QXmppTrustMessageKeyOwner> &keyOwners) = 0;
+    virtual QFuture<void> removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &keyIdsForAuthentication, const QList<QByteArray> &keyIdsForDistrusting) = 0;
+    virtual QFuture<void> removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds) = 0;
+    virtual QFuture<void> removeKeysForPostponedTrustDecisions(const QString &encryption) = 0;
+    virtual QFuture<QHash<bool, QMultiHash<QString, QByteArray>>> keysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds = {}) = 0;
+};
+
+#endif  // QXMPPATMTRUSTSTORAGE_H
diff --git a/src/client/QXmppTrustMemoryStorage.cpp b/src/client/QXmppTrustMemoryStorage.cpp
index f5e99b33..5a1b6e61 100644
--- a/src/client/QXmppTrustMemoryStorage.cpp
+++ b/src/client/QXmppTrustMemoryStorage.cpp
@@ -5,7 +5,6 @@
 #include "QXmppTrustMemoryStorage.h"
 
 #include "QXmppFutureUtils_p.h"
-#include "QXmppTrustMessageKeyOwner.h"
 
 using namespace QXmpp::Private;
 
@@ -20,21 +19,13 @@ using namespace QXmpp::Private;
 /// \since QXmpp 1.5
 ///
 
-struct ProcessedKey
+struct Key
 {
     QByteArray id;
     QString ownerJid;
     QXmppTrustStorage::TrustLevel trustLevel;
 };
 
-struct UnprocessedKey
-{
-    QByteArray id;
-    QString ownerJid;
-    QByteArray senderKeyId;
-    bool trust;
-};
-
 class QXmppTrustMemoryStoragePrivate
 {
 public:
@@ -45,11 +36,7 @@ public:
     QMap<QString, QByteArray> ownKeys;
 
     // encryption protocols mapped to keys with specified trust levels
-    QMultiHash<QString, ProcessedKey> processedKeys;
-
-    // encryption protocols mapped to trust message data received from endpoints
-    // with unauthenticated keys
-    QMultiHash<QString, UnprocessedKey> unprocessedKeys;
+    QMultiHash<QString, Key> keys;
 };
 
 ///
@@ -63,16 +50,15 @@ QXmppTrustMemoryStorage::QXmppTrustMemoryStorage()
 QXmppTrustMemoryStorage::~QXmppTrustMemoryStorage() = default;
 
 /// \cond
-QFuture<void> QXmppTrustMemoryStorage::setSecurityPolicies(const QString &encryption, const QXmppTrustStorage::SecurityPolicy securityPolicy)
+QFuture<void> QXmppTrustMemoryStorage::setSecurityPolicy(const QString &encryption, const QXmppTrustStorage::SecurityPolicy securityPolicy)
 {
-    if (encryption.isEmpty()) {
-        d->securityPolicies.clear();
-    } else if (securityPolicy == QXmppTrustStorage::NoSecurityPolicy) {
-        d->securityPolicies.remove(encryption);
-    } else {
-        d->securityPolicies.insert(encryption, securityPolicy);
-    }
+    d->securityPolicies.insert(encryption, securityPolicy);
+    return makeReadyFuture();
+}
 
+QFuture<void> QXmppTrustMemoryStorage::resetSecurityPolicy(const QString &encryption)
+{
+    d->securityPolicies.remove(encryption);
     return makeReadyFuture();
 }
 
@@ -81,13 +67,13 @@ QFuture<QXmppTrustStorage::SecurityPolicy> QXmppTrustMemoryStorage::securityPoli
     return makeReadyFuture(std::move(d->securityPolicies.value(encryption)));
 }
 
-QFuture<void> QXmppTrustMemoryStorage::addOwnKey(const QString &encryption, const QByteArray &keyId)
+QFuture<void> QXmppTrustMemoryStorage::setOwnKey(const QString &encryption, const QByteArray &keyId)
 {
     d->ownKeys.insert(encryption, keyId);
     return makeReadyFuture();
 }
 
-QFuture<void> QXmppTrustMemoryStorage::removeOwnKey(const QString &encryption)
+QFuture<void> QXmppTrustMemoryStorage::resetOwnKey(const QString &encryption)
 {
     d->ownKeys.remove(encryption);
     return makeReadyFuture();
@@ -102,11 +88,11 @@ QFuture<QByteArray> QXmppTrustMemoryStorage::ownKey(const QString &encryption)
 QFuture<void> QXmppTrustMemoryStorage::addKeys(const QString &encryption, const QString &keyOwnerJid, const QList<QByteArray> &keyIds, const QXmppTrustStorage::TrustLevel trustLevel)
 {
     for (const auto &keyId : keyIds) {
-        ProcessedKey key;
+        Key key;
         key.id = keyId;
         key.ownerJid = keyOwnerJid;
         key.trustLevel = trustLevel;
-        d->processedKeys.insert(encryption, key);
+        d->keys.insert(encryption, key);
     }
 
     return makeReadyFuture();
@@ -114,30 +100,44 @@ QFuture<void> QXmppTrustMemoryStorage::addKeys(const QString &encryption, const
 
 QFuture<void> QXmppTrustMemoryStorage::removeKeys(const QString &encryption, const QList<QByteArray> &keyIds)
 {
-    if (encryption.isEmpty()) {
-        d->processedKeys.clear();
-    } else if (keyIds.isEmpty()) {
-        d->processedKeys.remove(encryption);
-    } else {
-        for (auto itr = d->processedKeys.find(encryption);
-             itr != d->processedKeys.end() && itr.key() == encryption;) {
-            if (keyIds.contains(itr.value().id)) {
-                itr = d->processedKeys.erase(itr);
-            } else {
-                itr++;
-            }
+    for (auto itr = d->keys.find(encryption);
+         itr != d->keys.end() && itr.key() == encryption;) {
+        if (keyIds.contains(itr.value().id)) {
+            itr = d->keys.erase(itr);
+        } else {
+            ++itr;
         }
     }
 
     return makeReadyFuture();
 }
 
+QFuture<void> QXmppTrustMemoryStorage::removeKeys(const QString &encryption, const QString &keyOwnerJid)
+{
+    for (auto itr = d->keys.find(encryption);
+         itr != d->keys.end() && itr.key() == encryption;) {
+        if (itr.value().ownerJid == keyOwnerJid) {
+            itr = d->keys.erase(itr);
+        } else {
+            ++itr;
+        }
+    }
+
+    return makeReadyFuture();
+}
+
+QFuture<void> QXmppTrustMemoryStorage::removeKeys(const QString &encryption)
+{
+    d->keys.remove(encryption);
+    return makeReadyFuture();
+}
+
 QFuture<QHash<QXmppTrustStorage::TrustLevel, QMultiHash<QString, QByteArray>>> QXmppTrustMemoryStorage::keys(const QString &encryption, const TrustLevels trustLevels)
 {
     QHash<TrustLevel, QMultiHash<QString, QByteArray>> keys;
 
-    const auto processedKeys = d->processedKeys.values(encryption);
-    for (const auto &key : processedKeys) {
+    const auto storedKeys = d->keys.values(encryption);
+    for (const auto &key : storedKeys) {
         const auto trustLevel = key.trustLevel;
         if (trustLevels.testFlag(trustLevel) || !trustLevels) {
             keys[trustLevel].insert(key.ownerJid, key.id);
@@ -147,6 +147,34 @@ QFuture<QHash<QXmppTrustStorage::TrustLevel, QMultiHash<QString, QByteArray>>> Q
     return makeReadyFuture(std::move(keys));
 }
 
+QFuture<QHash<QString, QHash<QByteArray, QXmppTrustStorage::TrustLevel>>> QXmppTrustMemoryStorage::keys(const QString &encryption, const QList<QString> &keyOwnerJids, TrustLevels trustLevels)
+{
+    QHash<QString, QHash<QByteArray, QXmppTrustStorage::TrustLevel>> keys;
+
+    const auto storedKeys = d->keys.values(encryption);
+    for (const auto &key : storedKeys) {
+        const auto keyOwnerJid = key.ownerJid;
+        const auto trustLevel = key.trustLevel;
+        if (keyOwnerJids.contains(keyOwnerJid) && (trustLevels.testFlag(trustLevel) || !trustLevels)) {
+            keys[keyOwnerJid].insert(key.id, trustLevel);
+        }
+    }
+
+    return makeReadyFuture(std::move(keys));
+}
+
+QFuture<bool> QXmppTrustMemoryStorage::hasKey(const QString &encryption, const QString &keyOwnerJid, TrustLevels trustLevels)
+{
+    const auto storedKeys = d->keys.values(encryption);
+    for (const auto &key : storedKeys) {
+        if (key.ownerJid == keyOwnerJid && trustLevels.testFlag(key.trustLevel)) {
+            return makeReadyFuture(std::move(true));
+        }
+    }
+
+    return makeReadyFuture(std::move(false));
+}
+
 QFuture<void> QXmppTrustMemoryStorage::setTrustLevel(const QString &encryption, const QMultiHash<QString, QByteArray> &keyIds, const TrustLevel trustLevel)
 {
     for (auto itr = keyIds.constBegin(); itr != keyIds.constEnd(); ++itr) {
@@ -155,13 +183,13 @@ QFuture<void> QXmppTrustMemoryStorage::setTrustLevel(const QString &encryption,
 
         auto isKeyFound = false;
 
-        for (auto itrProcessedKeys = d->processedKeys.find(encryption);
-             itrProcessedKeys != d->processedKeys.end() && itrProcessedKeys.key() == encryption;
-             ++itrProcessedKeys) {
-            auto &key = itrProcessedKeys.value();
+        for (auto itrKeys = d->keys.find(encryption);
+             itrKeys != d->keys.end() && itrKeys.key() == encryption;
+             ++itrKeys) {
+            auto &key = itrKeys.value();
             if (key.id == keyId && key.ownerJid == keyOwnerJid) {
+                // Update the stored trust level if it differs from the new one.
                 if (key.trustLevel != trustLevel) {
-                    // Update the stored trust level if it differs from the new one.
                     key.trustLevel = trustLevel;
                 }
 
@@ -170,13 +198,13 @@ QFuture<void> QXmppTrustMemoryStorage::setTrustLevel(const QString &encryption,
             }
         }
 
+        // Create a new entry and store it if there is no such entry yet.
         if (!isKeyFound) {
-            // Create a new entry and store it if there is no such entry yet.
-            ProcessedKey key;
+            Key key;
             key.id = keyId;
             key.ownerJid = keyOwnerJid;
             key.trustLevel = trustLevel;
-            d->processedKeys.insert(encryption, key);
+            d->keys.insert(encryption, key);
         }
     }
 
@@ -185,7 +213,7 @@ QFuture<void> QXmppTrustMemoryStorage::setTrustLevel(const QString &encryption,
 
 QFuture<void> QXmppTrustMemoryStorage::setTrustLevel(const QString &encryption, const QList<QString> &keyOwnerJids, const QXmppTrustStorage::TrustLevel oldTrustLevel, const QXmppTrustStorage::TrustLevel newTrustLevel)
 {
-    for (auto itr = d->processedKeys.find(encryption); itr != d->processedKeys.end() && itr.key() == encryption; ++itr) {
+    for (auto itr = d->keys.find(encryption); itr != d->keys.end() && itr.key() == encryption; ++itr) {
         auto &key = itr.value();
         if (keyOwnerJids.contains(key.ownerJid) && key.trustLevel == oldTrustLevel) {
             key.trustLevel = newTrustLevel;
@@ -197,101 +225,22 @@ QFuture<void> QXmppTrustMemoryStorage::setTrustLevel(const QString &encryption,
 
 QFuture<QXmppTrustStorage::TrustLevel> QXmppTrustMemoryStorage::trustLevel(const QString &encryption, const QByteArray &keyId)
 {
-    const auto processedKeys = d->processedKeys.values(encryption);
-    for (const auto &key : processedKeys) {
+    const auto keys = d->keys.values(encryption);
+    for (const auto &key : keys) {
         if (key.id == keyId) {
             return makeReadyFuture(std::move(QXmppTrustStorage::TrustLevel(key.trustLevel)));
         }
     }
 
-    return makeReadyFuture(std::move(TrustLevel::AutomaticallyDistrusted));
-}
-
-QFuture<void> QXmppTrustMemoryStorage::addKeysForPostponedTrustDecisions(const QString &encryption, const QByteArray &senderKeyId, const QList<QXmppTrustMessageKeyOwner> &keyOwners)
-{
-    const auto addKeys = [&](const QXmppTrustMessageKeyOwner &keyOwner, bool trust, const QList<QByteArray> &keyIds) {
-        for (const auto &keyId : keyIds) {
-            auto isKeyFound = false;
-
-            for (auto itr = d->unprocessedKeys.find(encryption); itr != d->unprocessedKeys.end() && itr.key() == encryption; ++itr) {
-                auto &key = itr.value();
-                if (key.id == keyId && key.ownerJid == keyOwner.jid() && key.senderKeyId == senderKeyId) {
-                    if (key.trust != trust) {
-                        // Update the stored trust if it differs from the new one.
-                        key.trust = trust;
-                    }
-
-                    isKeyFound = true;
-                    break;
-                }
-            }
-
-            if (!isKeyFound) {
-                // Create a new entry and store it if there is no such entry yet.
-                UnprocessedKey key;
-                key.id = keyId;
-                key.ownerJid = keyOwner.jid();
-                key.senderKeyId = senderKeyId;
-                key.trust = trust;
-                d->unprocessedKeys.insert(encryption, key);
-            }
-        }
-    };
-
-    for (const auto &keyOwner : keyOwners) {
-        addKeys(keyOwner, true, keyOwner.trustedKeys());
-        addKeys(keyOwner, false, keyOwner.distrustedKeys());
-    }
-
-    return makeReadyFuture();
-}
-
-QFuture<void> QXmppTrustMemoryStorage::removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &keyIdsForAuthentication, const QList<QByteArray> &keyIdsForDistrusting)
-{
-    for (auto itr = d->unprocessedKeys.find(encryption);
-         itr != d->unprocessedKeys.end() && itr.key() == encryption;) {
-        const auto &key = itr.value();
-        if ((key.trust && keyIdsForAuthentication.contains(key.id)) ||
-            (!key.trust && keyIdsForDistrusting.contains(key.id))) {
-            itr = d->unprocessedKeys.erase(itr);
-        } else {
-            ++itr;
-        }
-    }
-    return makeReadyFuture();
+    return makeReadyFuture(std::move(QXmppTrustStorage::Undecided));
 }
 
-QFuture<void> QXmppTrustMemoryStorage::removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds)
+QFuture<void> QXmppTrustMemoryStorage::resetAll(const QString &encryption)
 {
-    if (encryption.isEmpty()) {
-        d->unprocessedKeys.clear();
-    } else if (senderKeyIds.isEmpty()) {
-        d->unprocessedKeys.remove(encryption);
-    } else {
-        for (auto itr = d->unprocessedKeys.find(encryption);
-             itr != d->unprocessedKeys.end() && itr.key() == encryption;) {
-            if (senderKeyIds.contains(itr.value().senderKeyId)) {
-                itr = d->unprocessedKeys.erase(itr);
-            } else {
-                ++itr;
-            }
-        }
-    }
+    d->securityPolicies.remove(encryption);
+    d->ownKeys.remove(encryption);
+    d->keys.remove(encryption);
 
     return makeReadyFuture();
 }
-
-QFuture<QHash<bool, QMultiHash<QString, QByteArray>>> QXmppTrustMemoryStorage::keysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds)
-{
-    QHash<bool, QMultiHash<QString, QByteArray>> keys;
-
-    const auto unprocessedKeys = d->unprocessedKeys.values(encryption);
-    for (const auto &key : unprocessedKeys) {
-        if (senderKeyIds.contains(key.senderKeyId) || senderKeyIds.isEmpty()) {
-            keys[key.trust].insert(key.ownerJid, key.id);
-        }
-    }
-
-    return makeReadyFuture(std::move(keys));
-}
 /// \endcond
diff --git a/src/client/QXmppTrustMemoryStorage.h b/src/client/QXmppTrustMemoryStorage.h
index 63b8a14e..08696039 100644
--- a/src/client/QXmppTrustMemoryStorage.h
+++ b/src/client/QXmppTrustMemoryStorage.h
@@ -5,39 +5,40 @@
 #ifndef QXMPPTRUSTMEMORYSTORAGE_H
 #define QXMPPTRUSTMEMORYSTORAGE_H
 
-#include "QXmppGlobal.h"
 #include "QXmppTrustStorage.h"
 
 #include <memory>
 
 class QXmppTrustMemoryStoragePrivate;
 
-class QXMPP_EXPORT QXmppTrustMemoryStorage : public QXmppTrustStorage
+class QXMPP_EXPORT QXmppTrustMemoryStorage : virtual public QXmppTrustStorage
 {
 public:
     QXmppTrustMemoryStorage();
     ~QXmppTrustMemoryStorage();
 
     /// \cond
-    QFuture<void> setSecurityPolicies(const QString &encryption = {}, SecurityPolicy securityPolicy = QXmppTrustStorage::NoSecurityPolicy) override;
+    QFuture<void> setSecurityPolicy(const QString &encryption, SecurityPolicy securityPolicy) override;
+    QFuture<void> resetSecurityPolicy(const QString &encryption) override;
     QFuture<SecurityPolicy> securityPolicy(const QString &encryption) override;
 
-    QFuture<void> addOwnKey(const QString &encryption, const QByteArray &keyId) override;
-    QFuture<void> removeOwnKey(const QString &encryption) override;
+    QFuture<void> setOwnKey(const QString &encryption, const QByteArray &keyId) override;
+    QFuture<void> resetOwnKey(const QString &encryption) override;
     QFuture<QByteArray> ownKey(const QString &encryption) override;
 
     QFuture<void> addKeys(const QString &encryption, const QString &keyOwnerJid, const QList<QByteArray> &keyIds, TrustLevel trustLevel = TrustLevel::AutomaticallyDistrusted) override;
-    QFuture<void> removeKeys(const QString &encryption = {}, const QList<QByteArray> &keyIds = {}) override;
+    QFuture<void> removeKeys(const QString &encryption, const QList<QByteArray> &keyIds) override;
+    QFuture<void> removeKeys(const QString &encryption, const QString &keyOwnerJid) override;
+    QFuture<void> removeKeys(const QString &encryption) override;
     QFuture<QHash<TrustLevel, QMultiHash<QString, QByteArray>>> keys(const QString &encryption, TrustLevels trustLevels = {}) override;
+    QFuture<QHash<QString, QHash<QByteArray, TrustLevel>>> keys(const QString &encryption, const QList<QString> &keyOwnerJids, TrustLevels trustLevels = {}) override;
+    QFuture<bool> hasKey(const QString &encryption, const QString &keyOwnerJid, TrustLevels trustLevels) override;
 
     QFuture<void> setTrustLevel(const QString &encryption, const QMultiHash<QString, QByteArray> &keyIds, const TrustLevel trustLevel) override;
     QFuture<void> setTrustLevel(const QString &encryption, const QList<QString> &keyOwnerJids, const TrustLevel oldTrustLevel, const TrustLevel newTrustLevel) override;
     QFuture<TrustLevel> trustLevel(const QString &encryption, const QByteArray &keyId) override;
 
-    QFuture<void> addKeysForPostponedTrustDecisions(const QString &encryption, const QByteArray &senderKeyId, const QList<QXmppTrustMessageKeyOwner> &keyOwners) override;
-    QFuture<void> removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &keyIdsForAuthentication, const QList<QByteArray> &keyIdsForDistrusting) override;
-    QFuture<void> removeKeysForPostponedTrustDecisions(const QString &encryption = {}, const QList<QByteArray> &senderKeyIds = {}) override;
-    QFuture<QHash<bool, QMultiHash<QString, QByteArray>>> keysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds = {}) override;
+    QFuture<void> resetAll(const QString &encryption) override;
     /// \endcond
 
 private:
diff --git a/src/client/QXmppTrustStorage.cpp b/src/client/QXmppTrustStorage.cpp
index dc26d1ed..149eccfe 100644
--- a/src/client/QXmppTrustStorage.cpp
+++ b/src/client/QXmppTrustStorage.cpp
@@ -8,26 +8,31 @@
 /// \brief The QXmppTrustStorage class stores trust data for end-to-end
 /// encryption.
 ///
+/// The term "key" is used for a public long-term key.
+///
 /// \warning THIS API IS NOT FINALIZED YET!
 ///
 /// \since QXmpp 1.5
 ///
 
 ///
-/// \fn QXmppTrustStorage::setSecurityPolicies(const QString &encryption = {}, SecurityPolicy securityPolicy = SecurityPolicy::NoSecurityPolicy)
-///
-/// Sets the security policy for an encryption protocol or resets the set
-/// security policies.
+/// \fn QXmppTrustStorage::setSecurityPolicy(const QString &encryption, SecurityPolicy securityPolicy)
 ///
-/// If securityPolicy is not passed, the set security policy for encryption is
-/// reset.
-/// If also encryption is not passed, all set security policies are reset.
+/// Sets the security policy for an encryption protocol.
 ///
 /// \param encryption encryption protocol namespace
 /// \param securityPolicy security policy being applied
 ///
 
 ///
+/// \fn QXmppTrustStorage::resetSecurityPolicy(const QString &encryption)
+///
+/// Resets the security policy for an encryption protocol.
+///
+/// \param encryption encryption protocol namespace
+///
+
+///
 /// \fn QXmppTrustStorage::securityPolicy(const QString &encryption)
 ///
 /// Returns the security policy for an encryption protocol.
@@ -38,18 +43,20 @@
 ///
 
 ///
-/// \fn QXmppTrustStorage::addOwnKey(const QString &encryption, const QByteArray &keyId)
+/// \fn QXmppTrustStorage::setOwnKey(const QString &encryption, const QByteArray &keyId)
 ///
-/// Adds an own key (i.e., the key used by this client instance).
+/// Sets the own key (i.e., the key used by this client instance) for an
+/// encryption protocol.
 ///
 /// \param encryption encryption protocol namespace
 /// \param keyId ID of the key
 ///
 
 ///
-/// \fn QXmppTrustStorage::removeOwnKey(const QString &encryption)
+/// \fn QXmppTrustStorage::resetOwnKey(const QString &encryption)
 ///
-/// Removes an own key (i.e., the key used by this client instance).
+/// Resets the own key (i.e., the key used by this client instance) for an
+/// encryption protocol.
 ///
 /// \param encryption encryption protocol namespace
 ///
@@ -57,7 +64,8 @@
 ///
 /// \fn QXmppTrustStorage::ownKey(const QString &encryption)
 ///
-/// Returns an own key (i.e., the key used by this client instance).
+/// Returns the own key (i.e., the key used by this client instance) for an
+/// encryption protocol.
 ///
 /// \param encryption encryption protocol namespace
 ///
@@ -80,120 +88,110 @@
 ///
 /// Removes keys.
 ///
-/// If keyIds is not passed, all keys for encryption are removed.
-/// If encryption is also not passed, all keys are removed.
-///
 /// \param encryption encryption protocol namespace
 /// \param keyIds IDs of the keys
 ///
 
 ///
-/// \fn QXmppTrustStorage::keys(const QString &encryption, TrustLevels trustLevels = {})
-///
-/// Returns the JIDs of the key owners mapped to the IDs of their keys with a
-/// specific trust level.
+/// \fn QXmppTrustStorage::removeKeys(const QString &encryption, const QString &keyOwnerJid)
 ///
-/// If no trust levels are passed, all keys are returned.
+/// Removes all keys of a key owner.
 ///
 /// \param encryption encryption protocol namespace
-/// \param trustLevels trust levels of the keys
+/// \param keyOwnerJid key owner's bare JID
+///
+
 ///
-/// \return the key owner JIDs mapped to their keys with a specific trust level
+/// \fn QXmppTrustStorage::removeKeys(const QString &encryption)
+///
+/// Removes all keys for encryption.
+///
+/// \param encryption encryption protocol namespace
 ///
 
 ///
-/// \fn QXmppTrustStorage::setTrustLevel(const QString &encryption, const QMultiHash<QString, QByteArray> &keyIds, TrustLevel trustLevel)
+/// \fn QXmppTrustStorage::keys(const QString &encryption, TrustLevels trustLevels = {})
 ///
-/// Sets the trust level of keys.
+/// Returns the JIDs of all key owners mapped to the IDs of their keys with
+/// specific trust levels.
 ///
-/// If a key is not stored, it is added to the storage.
+/// If no trust levels are passed, all keys for encryption are returned.
 ///
 /// \param encryption encryption protocol namespace
-/// \param keyIds key owners' bare JIDs mapped to the IDs of their keys
-/// \param trustLevel trust level being set
+/// \param trustLevels trust levels of the keys
+///
+/// \return the key owner JIDs mapped to their keys with specific trust levels
 ///
 
 ///
-/// \fn QXmppTrustStorage::setTrustLevel(const QString &encryption, const QList<QString> &keyOwnerJids, TrustLevel oldTrustLevel, TrustLevel newTrustLevel)
+/// \fn QXmppTrustStorage::keys(const QString &encryption, const QList<QString> &keyOwnerJids, TrustLevels trustLevels = {})
 ///
-/// Sets the trust level of keys specified by their key owner and trust level.
+/// Returns the IDs of keys mapped to their trust levels for specific key
+/// owners.
+///
+/// If no trust levels are passed, all keys for encryption and keyOwnerJids are
+/// returned.
 ///
 /// \param encryption encryption protocol namespace
 /// \param keyOwnerJids key owners' bare JIDs
-/// \param oldTrustLevel trust level being changed
-/// \param newTrustLevel trust level being set
+/// \param trustLevels trust levels of the keys
 ///
-
+/// \return the key IDs mapped to their trust levels for specific key owners
 ///
-/// \fn QXmppTrustStorage::trustLevel(const QString &encryption, const QByteArray &keyId)
+
 ///
-/// Returns the trust level of a key.
+/// \fn QXmppTrustStorage::hasKey(const QString &encryption, const QString &keyOwnerJid, TrustLevels trustLevels)
 ///
-/// If the key is not stored, it is seen as automatically distrusted.
+/// Returns whether at least one key of a key owner with a specific trust level
+/// is stored.
 ///
 /// \param encryption encryption protocol namespace
-/// \param keyId ID of the key
+/// \param keyOwnerJid key owner's bare JID
+/// \param trustLevels possible trust levels of the key
 ///
-/// \return the key's trust level
+/// \return whether a key of the key owner with a passed trust level is stored
 ///
 
 ///
-/// \fn QXmppTrustStorage::addKeysForPostponedTrustDecisions(const QString &encryption, const QByteArray &senderKeyId, const QList<QXmppTrustMessageKeyOwner> &keyOwners)
-///
-/// Adds keys that cannot be authenticated or distrusted directly because the
-/// key of the trust message's sender is not yet authenticated.
+/// \fn QXmppTrustStorage::setTrustLevel(const QString &encryption, const QMultiHash<QString, QByteArray> &keyIds, TrustLevel trustLevel)
 ///
-/// Those keys are being authenticated or distrusted once the sender's key is
-/// authenticated.
-/// Each element of keyOwners (i.e., keyOwner) can contain keys for postponed
-/// authentication as trustedKeys or for postponed distrusting as
-/// distrustedKeys.
+/// Sets the trust level of keys.
 ///
-/// If keys of keyOwner.trustedKeys() are already stored for postponed
-/// distrusting, they are changed to be used for postponed authentication.
-/// If keys of keyOwner.distrustedKeys() are already stored for postponed
-/// authentication, they are changed to be used for postponed distrusting.
-/// If the same keys are in keyOwner.trustedKeys() and
-/// keyOwner.distrustedKeys(), they are used for postponed distrusting.
+/// If a key is not stored, it is added to the storage.
 ///
 /// \param encryption encryption protocol namespace
-/// \param senderKeyId key ID of the trust message's sender
-/// \param keyOwners key owners containing key IDs for postponed trust decisions
+/// \param keyIds key owners' bare JIDs mapped to the IDs of their keys
+/// \param trustLevel trust level being set
 ///
 
 ///
-/// \fn QXmppTrustStorage::removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &keyIdsForAuthentication, const QList<QByteArray> &keyIdsForDistrusting)
+/// \fn QXmppTrustStorage::setTrustLevel(const QString &encryption, const QList<QString> &keyOwnerJids, TrustLevel oldTrustLevel, TrustLevel newTrustLevel)
 ///
-/// Removes keys for postponed authentication or distrusting.
+/// Sets the trust level of keys specified by their key owner and trust level.
 ///
 /// \param encryption encryption protocol namespace
-/// \param keyIdsForAuthentication IDs of the keys for postponed authentication
-/// \param keyIdsForDistrusting IDs of the keys for postponed distrusting
+/// \param keyOwnerJids key owners' bare JIDs
+/// \param oldTrustLevel trust level being changed
+/// \param newTrustLevel trust level being set
 ///
 
 ///
-/// \fn QXmppTrustStorage::removeKeysForPostponedTrustDecisions(const QString &encryption = {}, const QList<QByteArray> &senderKeyIds = {})
+/// \fn QXmppTrustStorage::trustLevel(const QString &encryption, const QByteArray &keyId)
 ///
-/// Removes keys for postponed authentication or distrusting by the trust
-/// message's sender's key ID.
+/// Returns the trust level of a key.
 ///
-/// If senderKeyIds is empty, all keys for encryption are removed.
-/// If encryption is empty too, all keys are removed.
+/// If the key is not stored, the trust in that key is undecided.
 ///
 /// \param encryption encryption protocol namespace
-/// \param senderKeyIds key IDs of the trust messages' senders
+/// \param keyId ID of the key
 ///
-
+/// \return the key's trust level
 ///
-/// \fn QXmppTrustStorage::keysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds = {})
+
 ///
-/// Returns the JIDs of key owners mapped to the IDs of their keys stored for
-/// postponed authentication (true) or postponed distrusting (false).
+/// \fn QXmppTrustStorage::resetAll(const QString &encryption)
 ///
-/// If senderKeyIds is empty, all keys for encryption are returned.
+/// Resets all data for encryption.
 ///
 /// \param encryption encryption protocol namespace
-/// \param senderKeyIds key IDs of the trust messages' senders
-///
-/// \return the key owner JIDs mapped to their keys
 ///
diff --git a/src/client/QXmppTrustStorage.h b/src/client/QXmppTrustStorage.h
index 2c7b593e..dffbcfae 100644
--- a/src/client/QXmppTrustStorage.h
+++ b/src/client/QXmppTrustStorage.h
@@ -9,8 +9,6 @@
 
 #include <QFuture>
 
-class QXmppTrustMessageKeyOwner;
-
 class QXMPP_EXPORT QXmppTrustStorage
 {
 public:
@@ -20,7 +18,7 @@ public:
     ///
     enum SecurityPolicy {
         NoSecurityPolicy,  ///< New keys must be trusted manually.
-        Toakafa,           ///< New keys are trusted automatically until the first authentication but automatically distrusted afterwards.
+        Toakafa,           ///< New keys are trusted automatically until the first authentication but automatically distrusted afterwards. \see \xep{0450, Automatic Trust Management (ATM)}
     };
 
     ///
@@ -28,35 +26,38 @@ public:
     /// protocols
     ///
     enum TrustLevel {
-        AutomaticallyDistrusted = 1,  ///< The key is automatically distrusted (e.g., by ATM's security policy).
-        ManuallyDistrusted = 2,       ///< The key is manually distrusted (e.g., by clicking a button or ATM).
-        AutomaticallyTrusted = 4,     ///< The key is automatically trusted (e.g., by the client for all keys of a bare JID until one of it is authenticated).
-        ManuallyTrusted = 8,          ///< The key is manually trusted (e.g., by clicking a button).
-        Authenticated = 16,           ///< The key is authenticated (e.g., by QR code scanning or ATM).
+        Undecided = 1,                ///< The key's trust is not decided.
+        AutomaticallyDistrusted = 2,  ///< The key is automatically distrusted (e.g., by the security policy TOAKAFA). \see SecurityPolicy
+        ManuallyDistrusted = 4,       ///< The key is manually distrusted (e.g., by clicking a button or \xep{0450, Automatic Trust Management (ATM)}).
+        AutomaticallyTrusted = 8,     ///< The key is automatically trusted (e.g., by the client for all keys of a bare JID until one of it is authenticated).
+        ManuallyTrusted = 16,         ///< The key is manually trusted (e.g., by clicking a button).
+        Authenticated = 32,           ///< The key is authenticated (e.g., by QR code scanning or \xep{0450, Automatic Trust Management (ATM)}).
     };
     Q_DECLARE_FLAGS(TrustLevels, TrustLevel)
 
     virtual ~QXmppTrustStorage() = default;
 
-    virtual QFuture<void> setSecurityPolicies(const QString &encryption = {}, SecurityPolicy securityPolicy = SecurityPolicy::NoSecurityPolicy) = 0;
+    virtual QFuture<void> setSecurityPolicy(const QString &encryption, SecurityPolicy securityPolicy) = 0;
+    virtual QFuture<void> resetSecurityPolicy(const QString &encryption) = 0;
     virtual QFuture<SecurityPolicy> securityPolicy(const QString &encryption) = 0;
 
-    virtual QFuture<void> addOwnKey(const QString &encryption, const QByteArray &keyId) = 0;
-    virtual QFuture<void> removeOwnKey(const QString &encryption) = 0;
+    virtual QFuture<void> setOwnKey(const QString &encryption, const QByteArray &keyId) = 0;
+    virtual QFuture<void> resetOwnKey(const QString &encryption) = 0;
     virtual QFuture<QByteArray> ownKey(const QString &encryption) = 0;
 
     virtual QFuture<void> addKeys(const QString &encryption, const QString &keyOwnerJid, const QList<QByteArray> &keyIds, TrustLevel trustLevel = TrustLevel::AutomaticallyDistrusted) = 0;
-    virtual QFuture<void> removeKeys(const QString &encryption = {}, const QList<QByteArray> &keyIds = {}) = 0;
+    virtual QFuture<void> removeKeys(const QString &encryption, const QList<QByteArray> &keyIds) = 0;
+    virtual QFuture<void> removeKeys(const QString &encryption, const QString &keyOwnerJid) = 0;
+    virtual QFuture<void> removeKeys(const QString &encryption) = 0;
     virtual QFuture<QHash<TrustLevel, QMultiHash<QString, QByteArray>>> keys(const QString &encryption, TrustLevels trustLevels = {}) = 0;
+    virtual QFuture<QHash<QString, QHash<QByteArray, TrustLevel>>> keys(const QString &encryption, const QList<QString> &keyOwnerJids, TrustLevels trustLevels = {}) = 0;
+    virtual QFuture<bool> hasKey(const QString &encryption, const QString &keyOwnerJid, TrustLevels trustLevels) = 0;
 
     virtual QFuture<void> setTrustLevel(const QString &encryption, const QMultiHash<QString, QByteArray> &keyIds, TrustLevel trustLevel) = 0;
     virtual QFuture<void> setTrustLevel(const QString &encryption, const QList<QString> &keyOwnerJids, TrustLevel oldTrustLevel, TrustLevel newTrustLevel) = 0;
     virtual QFuture<TrustLevel> trustLevel(const QString &encryption, const QByteArray &keyId) = 0;
 
-    virtual QFuture<void> addKeysForPostponedTrustDecisions(const QString &encryption, const QByteArray &senderKeyId, const QList<QXmppTrustMessageKeyOwner> &keyOwners) = 0;
-    virtual QFuture<void> removeKeysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &keyIdsForAuthentication, const QList<QByteArray> &keyIdsForDistrusting) = 0;
-    virtual QFuture<void> removeKeysForPostponedTrustDecisions(const QString &encryption = {}, const QList<QByteArray> &senderKeyIds = {}) = 0;
-    virtual QFuture<QHash<bool, QMultiHash<QString, QByteArray>>> keysForPostponedTrustDecisions(const QString &encryption, const QList<QByteArray> &senderKeyIds = {}) = 0;
+    virtual QFuture<void> resetAll(const QString &encryption) = 0;
 };
 
 Q_DECLARE_METATYPE(QXmppTrustStorage::SecurityPolicy)