diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2022-01-03 15:59:27 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@pep.foundation> | 2022-01-13 10:23:34 +0100 |
| commit | 14bcf8a292e8a5ace5462456a743ea00e0bc7ab9 (patch) | |
| tree | a229508f1eead9c142d6f0b9bc0cb6470c2738dd | |
| parent | 57f0aebec70feb838e825b7ae771054c64cb50c0 (diff) | |
sq: Refactor helper function.
- Generalize get_signing_keys to lookup other types of keys.
- Rename it to get_keys, take a `KeyFlags` parameter, and implement
get_signing_keys in terms of get_keys.
| -rw-r--r-- | sq/src/commands/mod.rs | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/sq/src/commands/mod.rs b/sq/src/commands/mod.rs index dc90477d..e4ae6482 100644 --- a/sq/src/commands/mod.rs +++ b/sq/src/commands/mod.rs @@ -29,6 +29,7 @@ use crate::openpgp::serialize::stream::{ padding::Padder, }; use crate::openpgp::policy::Policy; +use crate::openpgp::types::KeyFlags; use crate::{ Config, @@ -55,9 +56,10 @@ pub mod certify; /// Returns suitable signing keys from a given list of Certs. #[allow(clippy::never_loop)] -fn get_signing_keys<C>(certs: &[C], p: &dyn Policy, - private_key_store: Option<&str>, - timestamp: Option<SystemTime>) +fn get_keys<C>(certs: &[C], p: &dyn Policy, + private_key_store: Option<&str>, + timestamp: Option<SystemTime>, + flags: KeyFlags) -> Result<Vec<Box<dyn crypto::Signer + Send + Sync>>> where C: Borrow<Cert> { @@ -65,7 +67,7 @@ fn get_signing_keys<C>(certs: &[C], p: &dyn Policy, 'next_cert: for tsk in certs { let tsk = tsk.borrow(); for key in tsk.keys().with_policy(p, timestamp).alive().revoked(false) - .for_signing() + .key_flags(flags.clone()) .supported() .map(|ka| ka.key()) { @@ -93,7 +95,7 @@ fn get_signing_keys<C>(certs: &[C], p: &dyn Policy, keys.push(signer); break 'next_cert; }, - Err(error) => eprintln!("Could not unlock signer: {:?}", error), + Err(error) => eprintln!("Could not unlock key: {:?}", error), } } } @@ -105,6 +107,20 @@ fn get_signing_keys<C>(certs: &[C], p: &dyn Policy, Ok(keys) } +/// Returns suitable signing keys from a given list of Certs. +/// +/// This returns one key for each Cert. If a Cert doesn't have an +/// appropriate key, then this returns an error. +fn get_signing_keys<C>(certs: &[C], p: &dyn Policy, + private_key_store: Option<&str>, + timestamp: Option<SystemTime>) + -> Result<Vec<Box<dyn crypto::Signer + Send + Sync>>> + where C: Borrow<Cert> +{ + get_keys(certs, p, private_key_store, timestamp, + KeyFlags::empty().set_signing()) +} + pub struct EncryptOpts<'a> { pub policy: &'a dyn Policy, pub private_key_store: Option<&'a str>, |