openpgp: Implement ComponentBundle::attestations, improve example.

  - See #335.

3 files changed, 43 insertions, 0 deletions

diff --git a/openpgp/NEWS b/openpgp/NEWS
index fd81ee24..188e6f33 100644
--- a/openpgp/NEWS
+++ b/openpgp/NEWS
@@ -4,6 +4,7 @@
 
 * Changes in 1.2.0
 ** New functionality
+   - ComponentBundle::attestations
    - Signature::verify_user_attribute_attestation
    - Signature::verify_userid_attestation
    - SignatureBuilder::pre_sign
diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs
index 12348ecf..f7f962ef 100644
--- a/openpgp/src/cert.rs
+++ b/openpgp/src/cert.rs
@@ -626,6 +626,7 @@ pub trait Preferences<'a>: seal::Sealed {
 ///     for c in cert.userids() {
 ///         acc.push(c.userid().clone().into());
 ///         for s in c.self_signatures()   { acc.push(s.clone().into()) }
+///         for s in c.attestations()      { acc.push(s.clone().into()) }
 ///         for s in c.certifications()    { acc.push(s.clone().into()) }
 ///         for s in c.self_revocations()  { acc.push(s.clone().into()) }
 ///         for s in c.other_revocations() { acc.push(s.clone().into()) }
@@ -635,6 +636,7 @@ pub trait Preferences<'a>: seal::Sealed {
 ///     for c in cert.user_attributes() {
 ///         acc.push(c.user_attribute().clone().into());
 ///         for s in c.self_signatures()   { acc.push(s.clone().into()) }
+///         for s in c.attestations()      { acc.push(s.clone().into()) }
 ///         for s in c.certifications()    { acc.push(s.clone().into()) }
 ///         for s in c.self_revocations()  { acc.push(s.clone().into()) }
 ///         for s in c.other_revocations() { acc.push(s.clone().into()) }
diff --git a/openpgp/src/cert/bundle.rs b/openpgp/src/cert/bundle.rs
index 2b7847fe..a24e9eb3 100644
--- a/openpgp/src/cert/bundle.rs
+++ b/openpgp/src/cert/bundle.rs
@@ -497,11 +497,51 @@ impl<C> ComponentBundle<C> {
         &self.other_revocations
     }
 
+    /// Returns all of the component's Attestation Key Signatures.
+    ///
+    /// This feature is [experimental](crate#experimental-features).
+    ///
+    /// The signatures are validated, and they are sorted by their
+    /// creation time, most recent first.
+    ///
+    /// A certificate owner can use Attestation Key Signatures to
+    /// attest to third party certifications.  Currently, only userid
+    /// and user attribute certifications can be attested.  See
+    /// [Section 5.2.3.30 of RFC 4880bis] for details.
+    ///
+    ///   [Section 5.2.3.30 of RFC 4880bis]: https://tools.ietf.org/html/draft-ietf-openpgp-rfc4880bis-10.html#section-5.2.3.30
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// # use sequoia_openpgp as openpgp;
+    /// # fn main() -> openpgp::Result<()> {
+    /// # use openpgp::cert::prelude::*;
+    /// use openpgp::policy::StandardPolicy;
+    /// let p = &StandardPolicy::new();
+    ///
+    /// # let (cert, _) =
+    /// #     CertBuilder::general_purpose(None, Some("alice@example.org"))
+    /// #     .generate()?;
+    /// for (i, uid) in cert.userids().enumerate() {
+    ///     eprintln!("UserID #{} ({:?}) has {:?} attestation key signatures",
+    ///               i, uid.email(),
+    ///               uid.attestations().count());
+    /// }
+    /// # Ok(()) }
+    /// ```
+    pub fn attestations(&self)
+                      -> impl Iterator<Item = &Signature> + Send + Sync
+    {
+        self.attestations.iter()
+    }
+
     /// Returns all of the component's signatures.
     ///
     /// Only the self-signatures are validated.  The signatures are
     /// sorted first by type, then by creation time.  The self
     /// revocations come first, then the self signatures,
+    /// then any key attestation signatures,
     /// certifications, and third-party revocations coming last.  This
     /// function may return additional types of signatures that could
     /// be associated to this component.