openpgp: Pass a timestamp to the KeyIter instead of each filter.

  - KeyIter::revoked and KeyIter::key_flags (and its variants) didn't
    take a time stamp so they could only be used for filtering keys
    based on their current state, not their state at some time in the
    past.  Adding a time stamp to each of the filters would have fixed
    the problem, but it would have made the interface ugly: callers
    always want the same time stamp for all filters.

  - Split KeyIter into two structures: a KeyIter and a ValidKeyIter.

  - Add KeyIter::policy.  It takes a time stamp, which is then used
    for filters like `alive` and `revoked`, and it returns a
    ValidKeyIter, which exposes filters that require a time stamp.

1 files changed, 4 insertions, 3 deletions

diff --git a/ipc/examples/gpg-agent-sign.rs b/ipc/examples/gpg-agent-sign.rs
index b5f32a9c..a80f3935 100644
--- a/ipc/examples/gpg-agent-sign.rs
+++ b/ipc/examples/gpg-agent-sign.rs
@@ -39,9 +39,10 @@ fn main() {
 
     // Construct a KeyPair for every signing-capable (sub)key.
     let mut signers = certs.iter().flat_map(|cert| {
-        cert.keys().alive().revoked(false).for_signing().filter_map(|ka| {
-            KeyPair::new(&ctx, ka.key()).ok()
-        })
+        cert.keys().policy(None).alive().revoked(false).for_signing()
+            .filter_map(|ka| {
+                KeyPair::new(&ctx, ka.key()).ok()
+            })
     }).collect::<Vec<KeyPair>>();
 
     // Compose a writer stack corresponding to the output format and