diff options
author | Neal H. Walfield <neal@pep.foundation> | 2020-03-01 16:21:25 +0100 |
---|---|---|
committer | Neal H. Walfield <neal@pep.foundation> | 2020-03-01 16:21:25 +0100 |
commit | dd3a10e2cfde25c78445f8e9e5a81c2a356b061a (patch) | |
tree | 88dd902569c2af6488cd00032d8c2ba805f807a3 | |
parent | e36ff03381c7293f9f79eb2886a675c845041b46 (diff) |
openpgp: Only create a CertAmalgamation if it is valid.
- Change `Cert::with_policy` to only create a `CertAmalgamation` if
the certificate is valid for the given policy at the specified
reference time.
- These semantics match `Amalgamation::with_policy` and
`KeyAmalgmation::with_policy`.
- Fixes #445.
-rw-r--r-- | openpgp/src/cert/mod.rs | 23 | ||||
-rw-r--r-- | openpgp/src/policy.rs | 6 |
2 files changed, 19 insertions, 10 deletions
diff --git a/openpgp/src/cert/mod.rs b/openpgp/src/cert/mod.rs index be5078df..c0d16372 100644 --- a/openpgp/src/cert/mod.rs +++ b/openpgp/src/cert/mod.rs @@ -1391,15 +1391,21 @@ impl Cert { /// Fixes a time and policy for use with this certificate. /// /// If `time` is `None`, the current time is used. + /// + /// Returns an error if the certificate is not valid for the given + /// policy at the given time. pub fn with_policy<'a, T>(&'a self, policy: &'a dyn Policy, time: T) - -> CertAmalgamation<'a> + -> Result<CertAmalgamation<'a>> where T: Into<Option<time::SystemTime>>, { - CertAmalgamation { + let time = time.into().unwrap_or_else(time::SystemTime::now); + self.primary_key().with_policy(policy, time)?; + + Ok(CertAmalgamation { cert: self, policy, - time: time.into().unwrap_or_else(time::SystemTime::now), - } + time: time, + }) } } @@ -3392,7 +3398,8 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= let p = &P::new(); let cert_at = cert.with_policy(p, cert.primary_key().creation_time() - + time::Duration::new(60, 0)); + + time::Duration::new(60, 0)) + .unwrap(); assert_eq!(cert_at.userids().count(), 0); assert_eq!(cert_at.keys().count(), 2); @@ -3409,7 +3416,8 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= let cert_at = cert.with_policy(p, cert.primary_key().creation_time() - + time::Duration::new(60, 0)); + + time::Duration::new(60, 0)) + .unwrap(); assert_eq!(cert_at.userids().count(), 1); assert_eq!(cert_at.keys().count(), 2); Ok(()) @@ -3426,7 +3434,8 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= let mut p = P::new(); p.accept_hash(HashAlgorithm::SHA1); - let cert_at = cert.with_policy(&p, cert.primary_key().creation_time()); + let cert_at = cert.with_policy(&p, cert.primary_key().creation_time()) + .unwrap(); assert_eq!(cert_at.userids().count(), 1); assert_eq!(cert_at.keys().count(), 1); Ok(()) diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index cc056d5f..79e2da79 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -1842,11 +1842,11 @@ mod test { let p = &mut P::new(); let t = crate::frozen_time(); - assert_eq!(cert.with_policy(p, t).keys().count(), 4); + assert_eq!(cert.with_policy(p, t).unwrap().keys().count(), 4); p.reject_asymmetric_algo(AsymmetricAlgorithm::RSA1024); - assert_eq!(cert.with_policy(p, t).keys().count(), 4); + assert_eq!(cert.with_policy(p, t).unwrap().keys().count(), 4); p.reject_asymmetric_algo(AsymmetricAlgorithm::RSA2048); - assert_eq!(cert.with_policy(p, t).keys().count(), 1); + assert_eq!(cert.with_policy(p, t).unwrap().keys().count(), 1); Ok(()) } } |