diff options
author | Neal H. Walfield <neal@pep.foundation> | 2019-05-14 10:43:43 +0200 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2019-05-14 11:05:49 +0200 |
commit | 0e74cf1b42b239e26d21b531e6ba3694e6f9361c (patch) | |
tree | 9af9f135bf1682286e97ec074d52f659910ef056 | |
parent | ec19b193720cca4529dc0bb109e615dff7a5959f (diff) |
openpgp, openpgp-ffi: Normalize TPK::revoked()
- `TPK::revoked` returns a revocation status, not a boolean. Rename
it to `TPK::revocation_status()`, like it is called in the FFI.
- Like other methods, provide a `foo_at()` method and a `foo()`
method.
-rw-r--r-- | openpgp-ffi/include/sequoia/openpgp.h | 12 | ||||
-rw-r--r-- | openpgp-ffi/src/tpk.rs | 26 | ||||
-rw-r--r-- | openpgp/src/tpk/builder.rs | 6 | ||||
-rw-r--r-- | openpgp/src/tpk/mod.rs | 44 | ||||
-rw-r--r-- | sqv/src/sqv.rs | 4 | ||||
-rw-r--r-- | tool/src/commands/inspect.rs | 2 |
6 files changed, 71 insertions, 23 deletions
diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h index 141b5b7f..554a8306 100644 --- a/openpgp-ffi/include/sequoia/openpgp.h +++ b/openpgp-ffi/include/sequoia/openpgp.h @@ -698,7 +698,7 @@ pgp_tsk_t pgp_tpk_as_tsk (pgp_tpk_t tpk); pgp_key_t pgp_tpk_primary (pgp_tpk_t tpk); /*/ -/// Returns the TPK's revocation status. +/// Returns the TPK's current revocation status. /// /// Note: this only returns whether the TPK has been revoked, and does /// not reflect whether an individual user id, user attribute or @@ -707,6 +707,16 @@ pgp_key_t pgp_tpk_primary (pgp_tpk_t tpk); pgp_revocation_status_t pgp_tpk_revocation_status (pgp_tpk_t tpk); /*/ +/// Returns the TPK's revocation status at the specified time. +/// +/// Note: this only returns whether the TPK has been revoked, and does +/// not reflect whether an individual user id, user attribute or +/// subkey has been revoked. +/*/ +pgp_revocation_status_t pgp_tpk_revocation_status_at (pgp_tpk_t tpk, + time_t when); + +/*/ /// Writes a revocation certificate to the writer. /// /// This function consumes the writer. It does *not* consume tpk. diff --git a/openpgp-ffi/src/tpk.rs b/openpgp-ffi/src/tpk.rs index 2080e494..c8b70618 100644 --- a/openpgp-ffi/src/tpk.rs +++ b/openpgp-ffi/src/tpk.rs @@ -151,15 +151,35 @@ fn pgp_tpk_primary(tpk: *const TPK) -> *const Key { tpk.ref_raw().primary().move_into_raw() } -/// Returns the TPK's revocation status. +/// Returns the TPK's revocation status as of a given time. +/// +/// Note: this only returns whether the TPK has been revoked, and does +/// not reflect whether an individual user id, user attribute or +/// subkey has been revoked. +#[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" +fn pgp_tpk_revocation_status_at(tpk: *const TPK, when: time_t) + -> *mut RevocationStatus<'static> +{ + let when = when as i64; + let when = if when == 0 { + None + } else { + Some(time::at(time::Timespec::new(when, 0))) + }; + + tpk.ref_raw().revocation_status_at(when).move_into_raw() +} + +/// Returns the TPK's current revocation status. /// /// Note: this only returns whether the TPK has been revoked, and does /// not reflect whether an individual user id, user attribute or /// subkey has been revoked. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "C" fn pgp_tpk_revocation_status(tpk: *const TPK) - -> *mut RevocationStatus<'static> { - tpk.ref_raw().revoked(None).move_into_raw() + -> *mut RevocationStatus<'static> +{ + tpk.ref_raw().revocation_status().move_into_raw() } fn int_to_reason_for_revocation(code: c_int) -> ReasonForRevocation { diff --git a/openpgp/src/tpk/builder.rs b/openpgp/src/tpk/builder.rs index dc1a55e5..912ca97d 100644 --- a/openpgp/src/tpk/builder.rs +++ b/openpgp/src/tpk/builder.rs @@ -536,10 +536,12 @@ mod tests { let (tpk, revocation) = TPKBuilder::new() .set_cipher_suite(CipherSuite::Cv25519) .generate().unwrap(); - assert_eq!(tpk.revoked(None), RevocationStatus::NotAsFarAsWeKnow); + assert_eq!(tpk.revocation_status(), + RevocationStatus::NotAsFarAsWeKnow); let tpk = tpk.merge_packets(vec![revocation.clone().into()]).unwrap(); - assert_eq!(tpk.revoked(None), RevocationStatus::Revoked(&[revocation])); + assert_eq!(tpk.revocation_status(), + RevocationStatus::Revoked(&[revocation])); } #[test] diff --git a/openpgp/src/tpk/mod.rs b/openpgp/src/tpk/mod.rs index c00d6775..0eb85091 100644 --- a/openpgp/src/tpk/mod.rs +++ b/openpgp/src/tpk/mod.rs @@ -871,7 +871,7 @@ impl<'a> Iterator for KeyIter<'a> { self.primary = true; (tpk.primary_key_signature(), - tpk.revoked(None), + tpk.revocation_status(), tpk.primary()) } else { self.subkey_iter.next() @@ -1700,12 +1700,12 @@ impl TPK { &self.primary_other_revocations } - /// Returns the TPK's revocation status. + /// Returns the TPK's revocation status at the specified time. /// /// Note: this only returns whether the primary key is revoked. If you /// want to know whether a subkey, user id, etc., is revoked, then /// you need to query them separately. - pub fn revoked<T>(&self, t: T) -> RevocationStatus + pub fn revocation_status_at<T>(&self, t: T) -> RevocationStatus where T: Into<Option<time::Tm>> { let t = t.into().unwrap_or_else(time::now_utc); @@ -1728,6 +1728,15 @@ impl TPK { } } + /// Returns the TPK's current revocation status. + /// + /// Note: this only returns whether the primary key is revoked. If you + /// want to know whether a subkey, user id, etc., is revoked, then + /// you need to query them separately. + pub fn revocation_status(&self) -> RevocationStatus { + self.revocation_status_at(None) + } + /// Returns a revocation certificate for the TPK. /// /// # Example @@ -1746,7 +1755,8 @@ impl TPK { /// let (tpk, _) = TPKBuilder::new() /// .set_cipher_suite(CipherSuite::Cv25519) /// .generate()?; - /// assert_eq!(RevocationStatus::NotAsFarAsWeKnow, tpk.revoked(None)); + /// assert_eq!(RevocationStatus::NotAsFarAsWeKnow, + /// tpk.revocation_status()); /// /// let mut keypair = tpk.primary().clone().into_keypair()?; /// let sig = tpk.revoke(&mut keypair, ReasonForRevocation::KeyCompromised, @@ -1754,7 +1764,8 @@ impl TPK { /// assert_eq!(sig.sigtype(), SignatureType::KeyRevocation); /// /// let tpk = tpk.merge_packets(vec![sig.clone().into()])?; - /// assert_eq!(RevocationStatus::Revoked(&[sig]), tpk.revoked(None)); + /// assert_eq!(RevocationStatus::Revoked(&[sig]), + /// tpk.revocation_status()); /// # Ok(()) /// # } pub fn revoke(&self, primary_signer: &mut Signer, @@ -1798,13 +1809,14 @@ impl TPK { /// let (mut tpk, _) = TPKBuilder::new() /// .set_cipher_suite(CipherSuite::Cv25519) /// .generate()?; - /// assert_eq!(RevocationStatus::NotAsFarAsWeKnow, tpk.revoked(None)); + /// assert_eq!(RevocationStatus::NotAsFarAsWeKnow, + /// tpk.revocation_status()); /// /// let mut keypair = tpk.primary().clone().into_keypair()?; /// let tpk = tpk.revoke_in_place(&mut keypair, /// ReasonForRevocation::KeyCompromised, /// b"It was the maid :/")?; - /// if let RevocationStatus::Revoked(sigs) = tpk.revoked(None) { + /// if let RevocationStatus::Revoked(sigs) = tpk.revocation_status() { /// assert_eq!(sigs.len(), 1); /// assert_eq!(sigs[0].sigtype(), SignatureType::KeyRevocation); /// assert_eq!(sigs[0].reason_for_revocation(), @@ -3536,7 +3548,7 @@ mod test { assert_eq!(sigtype, SignatureType::PositiveCertificate, "{:#?}", tpk); - let revoked = tpk.revoked(None); + let revoked = tpk.revocation_status(); if direct_revoked { assert_match!(RevocationStatus::Revoked(_) = revoked, "{:#?}", tpk); @@ -3622,7 +3634,8 @@ mod test { fn revoke() { let (tpk, _) = TPKBuilder::autocrypt(None, Some("Test")) .generate().unwrap(); - assert_eq!(RevocationStatus::NotAsFarAsWeKnow, tpk.revoked(None)); + assert_eq!(RevocationStatus::NotAsFarAsWeKnow, + tpk.revocation_status()); let mut keypair = tpk.primary().clone().into_keypair().unwrap(); let sig = tpk.revoke(&mut keypair, @@ -3631,7 +3644,7 @@ mod test { assert_eq!(sig.sigtype(), SignatureType::KeyRevocation); let tpk = tpk.merge_packets(vec![sig.into()]).unwrap(); - assert_match!(RevocationStatus::Revoked(_) = tpk.revoked(None)); + assert_match!(RevocationStatus::Revoked(_) = tpk.revocation_status()); } #[test] @@ -3656,7 +3669,8 @@ mod test { }; assert_eq!(sig.sigtype(), SignatureType::CertificateRevocation); let tpk = tpk.merge_packets(vec![sig.into()]).unwrap(); - assert_eq!(RevocationStatus::NotAsFarAsWeKnow, tpk.revoked(None)); + assert_eq!(RevocationStatus::NotAsFarAsWeKnow, + tpk.revocation_status()); let uid = tpk.userids().skip(1).next().unwrap(); assert_match!(RevocationStatus::Revoked(_) = uid.revoked(None)); @@ -3734,13 +3748,13 @@ mod test { let te1 = t1 - time::Duration::days((300.0 * f1) as i64); let t12 = t1 + time::Duration::days((300.0 * f2) as i64); let t23 = t2 + time::Duration::days((300.0 * f3) as i64); - assert_eq!(tpk.revoked(te1), RevocationStatus::NotAsFarAsWeKnow); - assert_eq!(tpk.revoked(t12), RevocationStatus::NotAsFarAsWeKnow); - match tpk.revoked(t23) { + assert_eq!(tpk.revocation_status_at(te1), RevocationStatus::NotAsFarAsWeKnow); + assert_eq!(tpk.revocation_status_at(t12), RevocationStatus::NotAsFarAsWeKnow); + match tpk.revocation_status_at(t23) { RevocationStatus::Revoked(_) => {} _ => unreachable!(), } - assert_eq!(tpk.revoked(time::now_utc()), RevocationStatus::NotAsFarAsWeKnow); + assert_eq!(tpk.revocation_status_at(time::now_utc()), RevocationStatus::NotAsFarAsWeKnow); } #[test] diff --git a/sqv/src/sqv.rs b/sqv/src/sqv.rs index 1ab6568d..873ca9e8 100644 --- a/sqv/src/sqv.rs +++ b/sqv/src/sqv.rs @@ -273,7 +273,9 @@ fn real_main() -> Result<(), failure::Error> { } } - if tpk.revoked(t) != RevocationStatus::NotAsFarAsWeKnow { + if tpk.revocation_status_at(t) + != RevocationStatus::NotAsFarAsWeKnow + { eprintln!( "Primary key was revoked when the \ signature was created."); diff --git a/tool/src/commands/inspect.rs b/tool/src/commands/inspect.rs index 6578dfed..bb7257de 100644 --- a/tool/src/commands/inspect.rs +++ b/tool/src/commands/inspect.rs @@ -130,7 +130,7 @@ fn inspect_tpk(output: &mut io::Write, tpk: &openpgp::TPK, if tpk.is_tsk() { "Secret" } else { "Public" })?; writeln!(output)?; writeln!(output, " Fingerprint: {}", tpk.fingerprint())?; - inspect_revocation(output, "", tpk.revoked(None))?; + inspect_revocation(output, "", tpk.revocation_status())?; inspect_key(output, "", tpk.primary(), tpk.primary_key_signature(), tpk.certifications(), print_keygrips, print_certifications)?; |