openpgp: Rework Cert::revoke_in_place.

- Rename `Cert::revoke_in_place` to `Cert::revoke`. - Return the revocation certificate; don't merge it. - Fixes #485.
author: Neal H. Walfield <neal@pep.foundation> 2020-04-28 09:11:58 +0200
committer: Neal H. Walfield <neal@pep.foundation> 2020-04-28 09:26:50 +0200
commit: cd05b15f1cd0517fa9ad4129fdaed3e0a3f21169 (patch)
tree: f8fe34c46768e527144407ecdc101e5ba10d8adc
parent: 22a777c7c5db1d35642bfb9d2ab44b4833937956 (diff)
4 files changed, 16 insertions, 92 deletions
diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h
index 42591a4a..d6a7b219 100644
--- a/openpgp-ffi/include/sequoia/openpgp.h
+++ b/openpgp-ffi/include/sequoia/openpgp.h
@@ -958,22 +958,11 @@ pgp_revocation_status_t pgp_cert_revocation_status (pgp_cert_t cert,
                                                     pgp_policy_t policy, time_t when);
 
 /*/
-/// Writes a revocation certificate to the writer.
+/// Returns a new revocation certificate for the Cert.
 ///
-/// This function consumes the writer.  It does *not* consume cert.
+/// This function does *not* consume `cert`.
 /*/
 pgp_signature_t pgp_cert_revoke (pgp_error_t *errp,
-                              pgp_cert_t cert,
-                              pgp_signer_t primary_signer,
-                              pgp_reason_for_revocation_t code,
-                              const char *reason);
-
-/*/
-/// Adds a revocation certificate to the cert.
-///
-/// This function consumes the cert.
-/*/
-pgp_cert_t pgp_cert_revoke_in_place (pgp_error_t *errp,
                                  pgp_cert_t cert,
                                  pgp_signer_t primary_signer,
                                  pgp_reason_for_revocation_t code,
diff --git a/openpgp-ffi/src/cert.rs b/openpgp-ffi/src/cert.rs
index 3237e126..16350cd1 100644
--- a/openpgp-ffi/src/cert.rs
+++ b/openpgp-ffi/src/cert.rs
@@ -253,70 +253,6 @@ fn pgp_cert_revoke(errp: Option<&mut *mut crate::error::Error>,
     sig.move_into_raw(errp)
 }
 
-/// Adds a revocation certificate to the cert.
-///
-/// This function consumes the cert.
-///
-/// # Example
-///
-/// ```c
-/// #include <assert.h>
-/// #include <sequoia/openpgp.h>
-///
-/// pgp_cert_builder_t builder;
-/// pgp_cert_t cert;
-/// pgp_signature_t revocation;
-/// pgp_key_t primary_key;
-/// pgp_key_pair_t primary_keypair;
-/// pgp_signer_t primary_signer;
-/// pgp_policy_t policy = pgp_standard_policy ();
-///
-/// builder = pgp_cert_builder_new ();
-/// pgp_cert_builder_set_cipher_suite (&builder, PGP_CERT_CIPHER_SUITE_CV25519);
-/// pgp_cert_builder_generate (NULL, builder, &cert, &revocation);
-/// assert (cert);
-/// assert (revocation);
-/// pgp_signature_free (revocation);    /* Free the generated one.  */
-///
-/// primary_key = pgp_cert_primary_key (cert);
-/// primary_keypair = pgp_key_into_key_pair (NULL, pgp_key_clone (primary_key));
-/// pgp_key_free (primary_key);
-/// assert (primary_keypair);
-/// primary_signer = pgp_key_pair_as_signer (primary_keypair);
-/// cert = pgp_cert_revoke_in_place (NULL, cert, primary_signer,
-///                               PGP_REASON_FOR_REVOCATION_KEY_COMPROMISED,
-///                               "It was the maid :/");
-/// assert (cert);
-/// pgp_signer_free (primary_signer);
-/// pgp_key_pair_free (primary_keypair);
-///
-/// pgp_revocation_status_t rs = pgp_cert_revocation_status (cert, policy, 0);
-/// assert (pgp_revocation_status_variant (rs) == PGP_REVOCATION_STATUS_REVOKED);
-/// pgp_revocation_status_free (rs);
-///
-/// pgp_cert_free (cert);
-/// pgp_policy_free (policy);
-/// ```
-#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C"
-fn pgp_cert_revoke_in_place(errp: Option<&mut *mut crate::error::Error>,
-                           cert: *mut Cert,
-                           primary_signer: *mut Box<dyn crypto::Signer>,
-                           code: c_int,
-                           reason: Option<&c_char>)
-                           -> Maybe<Cert>
-{
-    let cert = cert.move_from_raw();
-    let signer = ffi_param_ref_mut!(primary_signer);
-    let code = int_to_reason_for_revocation(code);
-    let reason = if let Some(reason) = reason {
-        ffi_param_cstr!(reason as *const c_char).to_bytes()
-    } else {
-        b""
-    };
-
-    cert.revoke_in_place(signer.as_mut(), code, reason).move_into_raw(errp)
-}
-
 /// Returns whether the Cert is alive at the specified time.
 ///
 /// If `when` is 0, then the current time is used.
diff --git a/openpgp/src/cert/mod.rs b/openpgp/src/cert/mod.rs
index e2e54219..4ace6639 100644
--- a/openpgp/src/cert/mod.rs
+++ b/openpgp/src/cert/mod.rs
@@ -829,11 +829,9 @@ impl Cert {
 
     /// Revokes the certificate in place.
     ///
-    /// This is a convenience function to generate a revocation
-    /// certificate and merge it into the certificate.
-    ///
-    /// To just generate a revocation certificate, use
-    /// [`CertRevocationBuilder`].
+    /// This is a convenience function around
+    /// [`CertRevocationBuilder`] to generate a revocation
+    /// certificate.
     ///
     /// [`CertRevocationBuilder`]: struct.CertRevocationBuilder.html
     ///
@@ -875,9 +873,10 @@ impl Cert {
     /// // Create a revocation to explain what *really* happened.
     /// let mut keypair = cert.primary_key()
     ///     .key().clone().parts_into_secret()?.into_keypair()?;
-    /// let cert = cert.revoke_in_place(&mut keypair,
-    ///                                 ReasonForRevocation::KeyCompromised,
-    ///                                 b"It was the maid :/")?;
+    /// let rev = cert.revoke(&mut keypair,
+    ///                       ReasonForRevocation::KeyCompromised,
+    ///                       b"It was the maid :/")?;
+    /// let cert = cert.merge_packets(vec![ rev.into() ])?;
     /// if let RevocationStatus::Revoked(revs) = cert.revocation_status(p, None) {
     ///     assert_eq!(revs.len(), 1);
     ///     let rev = revs[0];
@@ -892,14 +891,13 @@ impl Cert {
     /// # Ok(())
     /// # }
     /// ```
-    pub fn revoke_in_place(self, primary_signer: &mut dyn Signer,
-                           code: ReasonForRevocation, reason: &[u8])
-        -> Result<Cert>
+    pub fn revoke(&self, primary_signer: &mut dyn Signer,
+                  code: ReasonForRevocation, reason: &[u8])
+        -> Result<Signature>
     {
-        let sig = CertRevocationBuilder::new()
+        CertRevocationBuilder::new()
             .set_reason_for_revocation(code, reason)?
-            .build(primary_signer, &self, None)?;
-        self.merge_packets(vec![sig.into()])
+            .build(primary_signer, &self, None)
     }
 
     /// Sets the key to expire in delta seconds.
diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs
index 0de62f51..046dfbf6 100644
--- a/openpgp/src/policy.rs
+++ b/openpgp/src/policy.rs
@@ -1390,10 +1390,11 @@ mod test {
         // Create a revoked version.
         let mut keypair = cert.primary_key().key().clone()
             .parts_into_secret()?.into_keypair()?;
-        let cert_revoked = cert.clone().revoke_in_place(
+        let rev = cert.revoke(
             &mut keypair,
             ReasonForRevocation::KeyCompromised,
             b"It was the maid :/")?;
+        let cert_revoked = cert.clone().merge_packets(vec![ rev.into() ])?;
 
         match cert_revoked.revocation_status(&DEFAULT, None) {
             RevocationStatus::Revoked(sigs) => {
author	Neal H. Walfield <neal@pep.foundation>	2020-04-28 09:11:58 +0200
committer	Neal H. Walfield <neal@pep.foundation>	2020-04-28 09:26:50 +0200
commit	cd05b15f1cd0517fa9ad4129fdaed3e0a3f21169 (patch)
tree	f8fe34c46768e527144407ecdc101e5ba10d8adc
parent	22a777c7c5db1d35642bfb9d2ab44b4833937956 (diff)