diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-05-07 13:28:12 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-05-07 13:38:58 +0200 |
commit | bfb124b2e7bc3145d7aae4a26cf7cd75bbac8cc3 (patch) | |
tree | 5b7f0b9a68ac9503e72810d69a5dc9fe4f29e27d | |
parent | be79f087fd2a0e3634ca753d9bdc554d32be5ee4 (diff) |
openpgp: Use a builder to construct DetachedVerifier.
- See #498.
-rw-r--r-- | openpgp-ffi/src/parse/stream.rs | 7 | ||||
-rw-r--r-- | openpgp/src/parse/stream.rs | 125 | ||||
-rw-r--r-- | openpgp/src/policy.rs | 5 | ||||
-rw-r--r-- | openpgp/src/serialize/stream.rs | 4 | ||||
-rw-r--r-- | sop/src/main.rs | 3 | ||||
-rw-r--r-- | sqv/src/sqv.rs | 5 | ||||
-rw-r--r-- | tool/src/commands/mod.rs | 12 |
7 files changed, 74 insertions, 87 deletions
diff --git a/openpgp-ffi/src/parse/stream.rs b/openpgp-ffi/src/parse/stream.rs index da9d45c3..227b75a4 100644 --- a/openpgp-ffi/src/parse/stream.rs +++ b/openpgp-ffi/src/parse/stream.rs @@ -23,6 +23,7 @@ use self::openpgp::{ PKESK, SKESK, }, + parse::Parse, }; use self::openpgp::parse::stream::{ self, @@ -769,12 +770,14 @@ fn pgp_detached_verifier_new<'a>(errp: Option<&mut *mut crate::error::Error>, time: time_t) -> Maybe<DetachedVerifier> { + ffi_make_fry_from_errp!(errp); let policy = policy.ref_raw().as_ref(); let helper = VHelper::new(inspect, get_certs, check, cookie); - openpgp::parse::stream::DetachedVerifier::from_reader( - policy, signature_input.ref_mut_raw(), helper, maybe_time(time)) + ffi_try_or!(openpgp::parse::stream::DetachedVerifierBuilder::from_reader( + signature_input.ref_mut_raw()), None) + .with_policy(policy, maybe_time(time), helper) .move_into_raw(errp) } diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index cca81841..4894b0ea 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -140,6 +140,7 @@ use crate::parse::{ PacketParser, PacketParserBuilder, PacketParserResult, + Parse, }; /// Whether to trace execution by default (on stderr). @@ -884,7 +885,7 @@ impl<'a, H: VerificationHelper> io::Read for Verifier<'a, H> { /// use std::io::{self, Read}; /// use sequoia_openpgp as openpgp; /// use openpgp::{KeyHandle, Cert, Result}; -/// use openpgp::parse::stream::*; +/// use openpgp::parse::{Parse, stream::*}; /// use sequoia_openpgp::policy::StandardPolicy; /// /// let p = &StandardPolicy::new(); @@ -911,98 +912,84 @@ impl<'a, H: VerificationHelper> io::Read for Verifier<'a, H> { /// /// let data = b"Hello World!"; /// let h = Helper {}; -/// let mut v = DetachedVerifier::from_bytes(p, signature, h, None)?; +/// let mut v = DetachedVerifierBuilder::from_bytes(&signature[..])? +/// .with_policy(p, None, h)?; /// v.verify_bytes(data)?; /// # Ok(()) } pub struct DetachedVerifier<'a, H: VerificationHelper> { decryptor: Decryptor<'a, NoDecryptionHelper<H>>, } -impl<'a, H: VerificationHelper> DetachedVerifier<'a, H> { - /// Creates a `Verifier` from the given readers. - /// - /// Signature verifications are done relative to time `t`, or the - /// current time, if `t` is `None`. - pub fn from_reader<S, T>(policy: &'a dyn Policy, - signature_reader: S, - helper: H, t: T) - -> Result<DetachedVerifier<'a, H>> - where S: io::Read + 'a, - H: VerificationHelper, - T: Into<Option<time::SystemTime>> +/// A builder for `DetachedVerifier`. +/// +/// This allows the customization of [`DetachedVerifier`], which can +/// be built using [`DetachedVerifierBuilder::with_policy`]. +/// +/// [`DetachedVerifier`]: struct.DetachedVerifier.html +/// [`DetachedVerifierBuilder::with_policy`]: struct.DetachedVerifierBuilder.html#method.with_policy +pub struct DetachedVerifierBuilder<'a> { + signatures: Box<dyn BufferedReader<Cookie> + 'a>, +} + +impl<'a> Parse<'a, DetachedVerifierBuilder<'a>> + for DetachedVerifierBuilder<'a> +{ + fn from_reader<R>(reader: R) -> Result<DetachedVerifierBuilder<'a>> + where R: io::Read + 'a, { - // Do not eagerly map `t` to the current time. - let t = t.into(); - Self::from_buffered_reader( - policy, - Box::new(buffered_reader::Generic::with_cookie(signature_reader, None, - Default::default())), - helper, t) + DetachedVerifierBuilder::new(buffered_reader::Generic::with_cookie( + reader, None, Default::default())) } - /// Creates a `Verifier` from the given files. - /// - /// Signature verifications are done relative to time `t`, or the - /// current time, if `t` is `None`. - pub fn from_file<S, T>(policy: &'a dyn Policy, - signature_path: S, - helper: H, t: T) - -> Result<DetachedVerifier<'a, H>> - where S: AsRef<Path>, - H: VerificationHelper, - T: Into<Option<time::SystemTime>> + fn from_file<P>(path: P) -> Result<DetachedVerifierBuilder<'a>> + where P: AsRef<Path>, { - // Do not eagerly map `t` to the current time. - let t = t.into(); - Self::from_buffered_reader( - policy, - Box::new(buffered_reader::File::with_cookie(signature_path, - Default::default())?), - helper, t) + DetachedVerifierBuilder::new(buffered_reader::File::with_cookie( + path, Default::default())?) } - /// Creates a `Verifier` from the given buffers. - /// - /// Signature verifications are done relative to time `t`, or the - /// current time, if `t` is `None`. - pub fn from_bytes<T>(policy: &'a dyn Policy, - signature_bytes: &'a [u8], - helper: H, t: T) - -> Result<DetachedVerifier<'a, H>> - where H: VerificationHelper, T: Into<Option<time::SystemTime>> + fn from_bytes<D>(data: &'a D) -> Result<DetachedVerifierBuilder<'a>> + where D: AsRef<[u8]> + ?Sized, { - // Do not eagerly map `t` to the current time. - let t = t.into(); - Self::from_buffered_reader( - policy, - Box::new(buffered_reader::Memory::with_cookie(signature_bytes, - Default::default())), - helper, t) + DetachedVerifierBuilder::new(buffered_reader::Memory::with_cookie( + data.as_ref(), Default::default())) } +} - /// Creates the `Verifier`, and buffers the data up to `BUFFER_SIZE`. +impl<'a> DetachedVerifierBuilder<'a> { + fn new<B>(signatures: B) -> Result<Self> + where B: buffered_reader::BufferedReader<Cookie> + 'a + { + Ok(DetachedVerifierBuilder { + signatures: Box::new(signatures), + }) + } + + /// Creates the `DetachedVerifier`. /// - /// Signature verifications are done relative to time `t`, or the - /// current time, if `t` is `None`. - pub(crate) fn from_buffered_reader<T> - (policy: &'a dyn Policy, - signature_bio: Box<dyn BufferedReader<Cookie> + 'a>, - helper: H, t: T) - -> Result<DetachedVerifier<'a, H>> + /// Signature verifications are done under the given `policy` and + /// relative to time `time`, or the current time, if `time` is + /// `None`. `helper` is the [`VerificationHelper`] to use. + /// + /// [`VerificationHelper`]: trait.VerificationHelper.html + pub fn with_policy<T, H>(self, policy: &'a dyn Policy, time: T, helper: H) + -> Result<DetachedVerifier<'a, H>> where H: VerificationHelper, - T: Into<Option<time::SystemTime>> + T: Into<Option<time::SystemTime>>, { // Do not eagerly map `t` to the current time. - let t = t.into(); - Ok(Self { + let t = time.into(); + Ok(DetachedVerifier { decryptor: Decryptor::from_buffered_reader( policy, - signature_bio, + self.signatures, NoDecryptionHelper { v: helper, }, t, Mode::VerifyDetached)?, }) } +} +impl<'a, H: VerificationHelper> DetachedVerifier<'a, H> { /// Verifies the given data. pub fn verify_reader<R: io::Read>(&mut self, reader: R) -> Result<()> { self.verify(buffered_reader::Generic::with_cookie( @@ -2179,8 +2166,8 @@ mod test { let reference = test.reference; let h = VHelper::new(0, 0, 0, 0, keys.clone()); - let mut v = DetachedVerifier::from_bytes( - &p, sig, h, reference).unwrap(); + let mut v = DetachedVerifierBuilder::from_bytes(sig).unwrap() + .with_policy(&p, reference, h).unwrap(); v.verify_bytes(content).unwrap(); let h = v.into_helper(); diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index 22eb32ed..6aaedb64 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -978,7 +978,7 @@ mod test { use crate::parse::Parse; use crate::parse::stream::DecryptionHelper; use crate::parse::stream::Decryptor; - use crate::parse::stream::DetachedVerifier; + use crate::parse::stream::DetachedVerifierBuilder; use crate::parse::stream::MessageLayer; use crate::parse::stream::MessageStructure; use crate::parse::stream::VerificationHelper; @@ -1707,7 +1707,8 @@ mod test { }; let h = VHelper::new(vec![ cert.clone() ]); - let mut v = DetachedVerifier::from_bytes(p, &sig, h, None).unwrap(); + let mut v = DetachedVerifierBuilder::from_bytes(&sig).unwrap() + .with_policy(p, None, h).unwrap(); v.verify_bytes(msg).unwrap(); assert_eq!(v.helper_ref().good, if good { 1 } else { 0 }); assert_eq!(v.helper_ref().errors, if good { 0 } else { 1 }); diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index 598c213c..ba21f764 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -875,8 +875,8 @@ impl<'a> Signer<'a> { /// } /// } /// - /// let mut verifier = - /// DetachedVerifier::from_bytes(p, &sink, Helper(&cert), None)?; + /// let mut verifier = DetachedVerifierBuilder::from_bytes(&sink)? + /// .with_policy(p, None, Helper(&cert))?; /// /// verifier.verify_bytes(b"Make it so, number one!")?; /// # Ok(()) } diff --git a/sop/src/main.rs b/sop/src/main.rs index 54a27633..b9a4fe13 100644 --- a/sop/src/main.rs +++ b/sop/src/main.rs @@ -172,7 +172,8 @@ fn real_main() -> Result<()> { not_after.map(|d| d.into()), certs); let mut v = - DetachedVerifier::from_reader(p, signatures, helper, None)?; + DetachedVerifierBuilder::from_reader(signatures)? + .with_policy(p, None, helper)?; v.verify_reader(io::stdin())?; }, diff --git a/sqv/src/sqv.rs b/sqv/src/sqv.rs index 32d39e8a..8e9509e7 100644 --- a/sqv/src/sqv.rs +++ b/sqv/src/sqv.rs @@ -18,7 +18,7 @@ use crate::openpgp::{ parse::Parse, }; use crate::openpgp::parse::stream::{ - DetachedVerifier, + DetachedVerifierBuilder, MessageLayer, MessageStructure, VerificationHelper, @@ -281,7 +281,8 @@ fn main() -> Result<()> { let h = VHelper::new(good_threshold, not_before, not_after, keyrings); - let mut v = DetachedVerifier::from_file(p, sig_file, h, None)?; + let mut v = + DetachedVerifierBuilder::from_file(sig_file)?.with_policy(p, None, h)?; v.verify_file(file)?; let h = v.into_helper(); diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index 08219286..1639c087 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -19,14 +19,7 @@ use crate::openpgp::parse::{ Parse, PacketParserResult, }; -use crate::openpgp::parse::stream::{ - Verifier, DetachedVerifier, - GoodChecksum, - VerificationResult, - VerificationError, - VerificationHelper, - MessageStructure, MessageLayer, -}; +use crate::openpgp::parse::stream::*; use crate::openpgp::serialize::stream::{ Message, Signer, LiteralWriter, Encryptor, Recipient, Compressor, @@ -392,7 +385,8 @@ pub fn verify(ctx: &Context, policy: &dyn Policy, -> Result<()> { let helper = VHelper::new(ctx, mapping, signatures, certs); let helper = if let Some(dsig) = detached { - let mut v = DetachedVerifier::from_reader(policy, dsig, helper, None)?; + let mut v = DetachedVerifierBuilder::from_reader(dsig)? + .with_policy(policy, None, helper)?; v.verify_reader(input)?; v.into_helper() } else { |