openpgp: Use a Signer to set the expiry.

author: Justus Winter <justus@sequoia-pgp.org> 2019-02-12 10:27:30 +0100
committer: Justus Winter <justus@sequoia-pgp.org> 2019-02-12 10:27:30 +0100
commit: 605da7f5442617757d36a40434200e9ff3287f1b (patch)
tree: eaaa1d81e205b0ad2cc1160a950527b2c245df50
parent: e9be3b2e7bea44e7f877efe902ff8d5b10eaa53a (diff)
2 files changed, 21 insertions, 26 deletions
diff --git a/openpgp-ffi/src/tpk.rs b/openpgp-ffi/src/tpk.rs
index 039b5430..a816fb31 100644
--- a/openpgp-ffi/src/tpk.rs
+++ b/openpgp-ffi/src/tpk.rs
@@ -344,11 +344,14 @@ fn pgp_tpk_alive_at(tpk: *const TPK, when: time_t)
 /// This function consumes `tpk` and returns a new `TPK`.
 #[::sequoia_ffi_macros::extern_fn] #[no_mangle] pub extern "system"
 fn pgp_tpk_set_expiry(errp: Option<&mut *mut ::error::Error>,
-                      tpk: *mut TPK, expiry: u32)
+                      tpk: *mut TPK, primary_signer: *mut Box<crypto::Signer>,
+                      expiry: u32)
                       -> Maybe<TPK> {
     let tpk = tpk.move_from_raw();
+    let signer = ffi_param_ref_mut!(primary_signer);
 
-    tpk.set_expiry(Some(time::Duration::seconds(expiry as i64)))
+    tpk.set_expiry(signer.as_mut(),
+                   Some(time::Duration::seconds(expiry as i64)))
         .move_into_raw(errp)
 }
 
diff --git a/openpgp/src/tpk/mod.rs b/openpgp/src/tpk/mod.rs
index ce365982..57268888 100644
--- a/openpgp/src/tpk/mod.rs
+++ b/openpgp/src/tpk/mod.rs
@@ -18,7 +18,6 @@ use {
     SignatureType,
     HashAlgorithm,
     packet::Tag,
-    packet::key::SecretKey,
     packet::signature::{self, Signature},
     packet::Key,
     packet::UserID,
@@ -1634,7 +1633,8 @@ impl TPK {
     ///
     /// This function exists to facilitate testing, which is why it is
     /// not exported.
-    fn set_expiry_as_of(self, expiration: Option<time::Duration>,
+    fn set_expiry_as_of(self, primary_signer: &mut Signer,
+                        expiration: Option<time::Duration>,
                         now: time::Tm)
         -> Result<TPK>
     {
@@ -1647,32 +1647,18 @@ impl TPK {
             let hash_algo = HashAlgorithm::SHA512;
             let mut hash = hash_algo.context()?;
 
-            let pair = self.primary();
-
-            pair.hash(&mut hash);
+            self.primary().hash(&mut hash);
             if let Some(userid) = userid {
                 userid.userid().hash(&mut hash);
             } else {
                 assert_eq!(template.sigtype(), SignatureType::DirectKey);
             }
 
-            match pair.secret() {
-                Some(SecretKey::Unencrypted{ mpis: ref sec }) => {
-                    // Generate the signature.
-                    signature::Builder::from(template.clone())
-                        .set_key_expiration_time(expiration)?
-                        .set_signature_creation_time(now)?
-                        .sign_hash(
-                            &mut KeyPair::new(pair.clone(), sec.clone())?,
-                            hash_algo, hash)?
-                }
-                Some(_) =>
-                    return Err(Error::InvalidOperation(
-                        "Secret key is encrypted".into()) .into()),
-                None =>
-                    return Err(Error::InvalidOperation(
-                        "No secret key".into()).into()),
-            }
+            // Generate the signature.
+            signature::Builder::from(template.clone())
+                .set_key_expiration_time(expiration)?
+                .set_signature_creation_time(now)?
+                .sign_hash(primary_signer, hash_algo, hash)?
         };
 
         self.merge_packets(vec![sig.into()])
@@ -1682,10 +1668,11 @@ impl TPK {
     ///
     /// Note: the time is relative to the key's creation time, not the
     /// current time!
-    pub fn set_expiry(self, expiration: Option<time::Duration>)
+    pub fn set_expiry(self, primary_signer: &mut Signer,
+                      expiration: Option<time::Duration>)
         -> Result<TPK>
     {
-        self.set_expiry_as_of(expiration, time::now())
+        self.set_expiry_as_of(primary_signer, expiration, time::now())
     }
 
     /// Returns an iterator over the TPK's valid `UserIDBinding`s.
@@ -3391,8 +3378,11 @@ mod test {
             .key_expiration_time()
             .expect("Keys expire by default.");
 
+        let mut keypair = tpk.primary().clone().into_keypair().unwrap();
+
         // Clear the expiration.
         let tpk = tpk.set_expiry_as_of(
+            &mut keypair,
             None,
             now + time::Duration::seconds(10)).unwrap();
         {
@@ -3408,6 +3398,7 @@ mod test {
         assert!(expiry_expected > time::Duration::seconds(0));
 
         let tpk = tpk.set_expiry_as_of(
+            &mut keypair,
             Some(expiry_expected),
             now + time::Duration::seconds(20)).unwrap();
         {
@@ -3571,6 +3562,7 @@ mod test {
     #[test]
     fn revoked_time() {
         use packet::Features;
+        use packet::key::SecretKey;
         use constants::PublicKeyAlgorithm;
         use rand::{thread_rng, Rng, distributions::Open01};
         /*
author	Justus Winter <justus@sequoia-pgp.org>	2019-02-12 10:27:30 +0100
committer	Justus Winter <justus@sequoia-pgp.org>	2019-02-12 10:27:30 +0100
commit	605da7f5442617757d36a40434200e9ff3287f1b (patch)
tree	eaaa1d81e205b0ad2cc1160a950527b2c245df50
parent	e9be3b2e7bea44e7f877efe902ff8d5b10eaa53a (diff)