summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWiktor Kwapisiewicz <wiktor@metacode.biz>2020-12-11 17:06:05 +0100
committerWiktor Kwapisiewicz <wiktor@metacode.biz>2020-12-11 17:12:57 +0100
commit981d0393a634c2b8b58be5772202a0da1951b854 (patch)
tree867004b5a927a34ee91816010bf117116fc379aa
parent90105c50559da50d7e601dca6a27040e03e430a1 (diff)
openpgp: Remove ComponentAmalgamation::revocation_keys.wiktor-k/issue-629-remove-ca-revocation-keys
- Remove the function. - Remove associated tests. - Cert::revocation_keys does examine all live self-signatures. - Fixes #629.
-rw-r--r--openpgp/src/cert/amalgamation.rs65
-rw-r--r--openpgp/src/cert/builder.rs18
-rw-r--r--openpgp/src/types/revocation_key.rs5
3 files changed, 2 insertions, 86 deletions
diff --git a/openpgp/src/cert/amalgamation.rs b/openpgp/src/cert/amalgamation.rs
index 786dcca7..50afb20c 100644
--- a/openpgp/src/cert/amalgamation.rs
+++ b/openpgp/src/cert/amalgamation.rs
@@ -244,7 +244,6 @@ use crate::{
Features,
HashAlgorithm,
KeyServerPreferences,
- RevocationKey,
RevocationStatus,
SymmetricAlgorithm,
},
@@ -855,70 +854,6 @@ impl<'a, C> ComponentAmalgamation<'a, C> {
pub fn other_revocations(&self) -> &'a [Signature] {
self.bundle().other_revocations()
}
-
- /// Returns a list of any designated revokers for this component.
- ///
- /// This function returns the designated revokers listed on both
- /// this component's binding signature and the certificate's
- /// direct key signature.
- ///
- /// Note: the returned list is deduplicated.
- ///
- /// # Examples
- ///
- /// ```
- /// # use sequoia_openpgp as openpgp;
- /// # use openpgp::Result;
- /// use openpgp::cert::prelude::*;
- /// use openpgp::policy::StandardPolicy;
- /// use openpgp::types::RevocationKey;
- ///
- /// # fn main() -> Result<()> {
- /// let p = &StandardPolicy::new();
- ///
- /// let (alice, _) =
- /// CertBuilder::general_purpose(None, Some("alice@example.org"))
- /// .generate()?;
- /// // Make Alice a designated revoker for Bob.
- /// let (bob, _) =
- /// CertBuilder::general_purpose(None, Some("bob@example.org"))
- /// .set_revocation_keys(vec![(&alice).into()])
- /// .generate()?;
- ///
- /// // Make sure Alice is listed as a designated revoker for Bob
- /// // on a component.
- /// assert_eq!(bob.with_policy(p, None)?.primary_userid()?.revocation_keys(p)
- /// .collect::<Vec<&RevocationKey>>(),
- /// vec![&(&alice).into()]);
- /// # Ok(()) }
- /// ```
- pub fn revocation_keys(&self, policy: &dyn Policy)
- -> Box<dyn Iterator<Item = &'a RevocationKey> + 'a>
- {
- let mut keys = std::collections::HashSet::new();
- for rk in self.self_signatures().iter()
- .filter(|sig| {
- policy
- .signature(sig, self.hash_algo_security)
- .is_ok()
- })
- .flat_map(|sig| sig.revocation_keys())
- {
- keys.insert(rk);
- }
- let pk_sec = self.cert().primary_key().hash_algo_security();
- for rk in self.cert().primary_key().self_signatures().iter()
- .filter(|sig| {
- policy
- .signature(sig, pk_sec)
- .is_ok()
- })
- .flat_map(|sig| sig.revocation_keys())
- {
- keys.insert(rk);
- }
- Box::new(keys.into_iter())
- }
}
macro_rules! impl_with_policy {
diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs
index 16a4339f..15d0a350 100644
--- a/openpgp/src/cert/builder.rs
+++ b/openpgp/src/cert/builder.rs
@@ -1381,17 +1381,6 @@ mod tests {
assert_eq!(cert.revocation_keys(p).collect::<HashSet<_>>(),
revokers.iter().collect::<HashSet<_>>());
- // The designated revokers on the direct signature should also
- // be returned when querying components for designated
- // revokers.
- assert_eq!(
- cert.primary_key().revocation_keys(p).collect::<HashSet<_>>(),
- revokers.iter().collect::<HashSet<_>>());
- assert_eq!(
- cert.primary_userid()?.revocation_keys(p).collect::<HashSet<_>>(),
- revokers.iter().collect::<HashSet<_>>());
-
-
// Do it again, with a key that has no User IDs.
let (cert,_) = CertBuilder::new()
.set_revocation_keys(revokers.clone())
@@ -1402,13 +1391,6 @@ mod tests {
assert_eq!(cert.revocation_keys(p).collect::<HashSet<_>>(),
revokers.iter().collect::<HashSet<_>>());
- // The designated revokers on the direct signature should also
- // be returned when querying components for designated
- // revokers.
- assert_eq!(
- cert.primary_key().revocation_keys(p).collect::<HashSet<_>>(),
- revokers.iter().collect::<HashSet<_>>());
-
// The designated revokers on all signatures should be
// considered.
let now = crate::types::Timestamp::now();
diff --git a/openpgp/src/types/revocation_key.rs b/openpgp/src/types/revocation_key.rs
index c0457b24..b55d65ce 100644
--- a/openpgp/src/types/revocation_key.rs
+++ b/openpgp/src/types/revocation_key.rs
@@ -45,9 +45,8 @@ use crate::{
/// .set_revocation_keys(vec![(&alice).into()])
/// .generate()?;
///
-/// // Make sure Alice is listed as a designated revoker for Bob
-/// // on a component.
-/// assert_eq!(bob.with_policy(p, None)?.primary_userid()?.revocation_keys(p)
+/// // Make sure Alice is listed as a designated revoker for Bob.
+/// assert_eq!(bob.with_policy(p, None)?.revocation_keys(p)
/// .collect::<Vec<&RevocationKey>>(),
/// vec![&(&alice).into()]);
/// # Ok(()) }