diff options
author | Wiktor Kwapisiewicz <wiktor@metacode.biz> | 2020-09-10 10:09:20 +0200 |
---|---|---|
committer | Wiktor Kwapisiewicz <wiktor@metacode.biz> | 2020-12-11 16:22:17 +0100 |
commit | 54babeba8b7d4758f17f450d80092eed19bcfb56 (patch) | |
tree | 3dd77f02b51e46bd7f9776705d8c1bbcc7a84c44 | |
parent | 9d2be868385689fc02b7e0c67763cf2740ff8072 (diff) |
openpgp: Add functions that only return valid signatures.
- Fixes #622.
-rw-r--r-- | openpgp/src/cert/amalgamation.rs | 45 | ||||
-rw-r--r-- | openpgp/src/packet/signature.rs | 2 |
2 files changed, 44 insertions, 3 deletions
diff --git a/openpgp/src/cert/amalgamation.rs b/openpgp/src/cert/amalgamation.rs index 7e065e4d..786dcca7 100644 --- a/openpgp/src/cert/amalgamation.rs +++ b/openpgp/src/cert/amalgamation.rs @@ -233,7 +233,10 @@ use crate::{ UserID, }, Result, - policy::Policy, + policy::{ + HashAlgoSecurity, + Policy, + }, seal, types::{ AEADAlgorithm, @@ -1134,7 +1137,7 @@ impl<'a, C: 'a> From<ValidComponentAmalgamation<'a, C>> } impl<'a, C> ValidComponentAmalgamation<'a, C> - where C: Ord + where C: Ord + Send + Sync { /// Returns the amalgamated primary component at time `time` /// @@ -1245,6 +1248,44 @@ impl<'a, C> ValidComponentAmalgamation<'a, C> .and_then(|c| ComponentAmalgamation::new(cert, (c.0).0) .with_policy_relaxed(policy, t, valid_cert)) } + + /// The component's self-signatures. + /// + /// This method only returns signatures that are valid under the current policy. + pub fn self_signatures(&self) -> impl Iterator<Item=&Signature> + Send + Sync { + std::ops::Deref::deref(self).self_signatures().iter() + .filter(move |sig| self.cert.policy().signature(sig, + HashAlgoSecurity::SecondPreImageResistance).is_ok()) + } + + /// The component's third-party certifications. + /// + /// This method only returns signatures that are valid under the current policy. + pub fn certifications(&self) -> impl Iterator<Item=&Signature> + Send + Sync { + std::ops::Deref::deref(self).certifications().iter() + .filter(move |sig| self.cert.policy().signature(sig, + HashAlgoSecurity::CollisionResistance).is_ok()) + } + + /// The component's revocations that were issued by the + /// certificate holder. + /// + /// This method only returns signatures that are valid under the current policy. + pub fn self_revocations(&self) -> impl Iterator<Item=&Signature> + Send + Sync { + std::ops::Deref::deref(self).self_revocations().iter() + .filter(move |sig|self.cert.policy().signature(sig, + HashAlgoSecurity::SecondPreImageResistance).is_ok()) + } + + /// The component's revocations that were issued by other + /// certificates. + /// + /// This method only returns signatures that are valid under the current policy. + pub fn other_revocations(&self) -> impl Iterator<Item=&Signature> + Send + Sync { + std::ops::Deref::deref(self).other_revocations().iter() + .filter(move |sig| self.cert.policy().signature(sig, + HashAlgoSecurity::CollisionResistance).is_ok()) + } } impl<'a, C> seal::Sealed for ValidComponentAmalgamation<'a, C> {} diff --git a/openpgp/src/packet/signature.rs b/openpgp/src/packet/signature.rs index ab388738..5b903114 100644 --- a/openpgp/src/packet/signature.rs +++ b/openpgp/src/packet/signature.rs @@ -3240,7 +3240,7 @@ mod test { let test2 = Cert::from_bytes( crate::tests::key("test2-signed-by-test1.pgp")).unwrap(); let uid = test2.userids().with_policy(p, None).nth(0).unwrap(); - let mut cert = uid.certifications()[0].clone(); + let mut cert = uid.certifications().nth(0).unwrap().clone(); cert.verify_userid_binding(cert_key1, test2.primary_key().key(), |