diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2021-04-21 18:47:33 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2021-04-26 13:15:52 +0200 |
commit | 65624f499b30589a40c6f4fa87f34f0c0f407394 (patch) | |
tree | 62eabc1f6500541372f3fe16b16047f3727a41b5 | |
parent | ffb92c48d095fbe80b800795628318baeec6c958 (diff) |
openpgp: Implement ComponentBundle::attestations, improve example.
- See #335.
-rw-r--r-- | openpgp/NEWS | 1 | ||||
-rw-r--r-- | openpgp/src/cert.rs | 2 | ||||
-rw-r--r-- | openpgp/src/cert/bundle.rs | 40 |
3 files changed, 43 insertions, 0 deletions
diff --git a/openpgp/NEWS b/openpgp/NEWS index fd81ee24..188e6f33 100644 --- a/openpgp/NEWS +++ b/openpgp/NEWS @@ -4,6 +4,7 @@ * Changes in 1.2.0 ** New functionality + - ComponentBundle::attestations - Signature::verify_user_attribute_attestation - Signature::verify_userid_attestation - SignatureBuilder::pre_sign diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index 12348ecf..f7f962ef 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -626,6 +626,7 @@ pub trait Preferences<'a>: seal::Sealed { /// for c in cert.userids() { /// acc.push(c.userid().clone().into()); /// for s in c.self_signatures() { acc.push(s.clone().into()) } +/// for s in c.attestations() { acc.push(s.clone().into()) } /// for s in c.certifications() { acc.push(s.clone().into()) } /// for s in c.self_revocations() { acc.push(s.clone().into()) } /// for s in c.other_revocations() { acc.push(s.clone().into()) } @@ -635,6 +636,7 @@ pub trait Preferences<'a>: seal::Sealed { /// for c in cert.user_attributes() { /// acc.push(c.user_attribute().clone().into()); /// for s in c.self_signatures() { acc.push(s.clone().into()) } +/// for s in c.attestations() { acc.push(s.clone().into()) } /// for s in c.certifications() { acc.push(s.clone().into()) } /// for s in c.self_revocations() { acc.push(s.clone().into()) } /// for s in c.other_revocations() { acc.push(s.clone().into()) } diff --git a/openpgp/src/cert/bundle.rs b/openpgp/src/cert/bundle.rs index 2b7847fe..a24e9eb3 100644 --- a/openpgp/src/cert/bundle.rs +++ b/openpgp/src/cert/bundle.rs @@ -497,11 +497,51 @@ impl<C> ComponentBundle<C> { &self.other_revocations } + /// Returns all of the component's Attestation Key Signatures. + /// + /// This feature is [experimental](crate#experimental-features). + /// + /// The signatures are validated, and they are sorted by their + /// creation time, most recent first. + /// + /// A certificate owner can use Attestation Key Signatures to + /// attest to third party certifications. Currently, only userid + /// and user attribute certifications can be attested. See + /// [Section 5.2.3.30 of RFC 4880bis] for details. + /// + /// [Section 5.2.3.30 of RFC 4880bis]: https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10.html#section-5.2.3.30 + /// + /// # Examples + /// + /// ``` + /// # use sequoia_openpgp as openpgp; + /// # fn main() -> openpgp::Result<()> { + /// # use openpgp::cert::prelude::*; + /// use openpgp::policy::StandardPolicy; + /// let p = &StandardPolicy::new(); + /// + /// # let (cert, _) = + /// # CertBuilder::general_purpose(None, Some("alice@example.org")) + /// # .generate()?; + /// for (i, uid) in cert.userids().enumerate() { + /// eprintln!("UserID #{} ({:?}) has {:?} attestation key signatures", + /// i, uid.email(), + /// uid.attestations().count()); + /// } + /// # Ok(()) } + /// ``` + pub fn attestations(&self) + -> impl Iterator<Item = &Signature> + Send + Sync + { + self.attestations.iter() + } + /// Returns all of the component's signatures. /// /// Only the self-signatures are validated. The signatures are /// sorted first by type, then by creation time. The self /// revocations come first, then the self signatures, + /// then any key attestation signatures, /// certifications, and third-party revocations coming last. This /// function may return additional types of signatures that could /// be associated to this component. |