net: Drop the network policy mechanism.

  - This seems over-engineered in retrospect.

2 files changed, 19 insertions, 161 deletions

diff --git a/net/src/lib.rs b/net/src/lib.rs
index 14549413..d669e698 100644
--- a/net/src/lib.rs
+++ b/net/src/lib.rs
@@ -17,9 +17,9 @@
 //!
 //! ```no_run
 //! # use sequoia_openpgp::KeyID;
-//! # use sequoia_net::{KeyServer, Policy, Result};
+//! # use sequoia_net::{KeyServer, Result};
 //! # async fn f() -> Result<()> {
-//! let mut ks = KeyServer::keys_openpgp_org(Policy::Encrypted)?;
+//! let mut ks = KeyServer::keys_openpgp_org()?;
 //! let keyid: KeyID = "31855247603831FD".parse()?;
 //! println!("{:?}", ks.get(keyid).await?);
 //! # Ok(())
@@ -45,8 +45,6 @@ use hyper_tls::HttpsConnector;
 use native_tls::{Certificate, TlsConnector};
 use percent_encoding::{percent_encode, AsciiSet, CONTROLS};
 
-use std::convert::{From, TryFrom};
-use std::fmt;
 use std::io::Cursor;
 use url::Url;
 
@@ -76,87 +74,6 @@ const KEYSERVER_ENCODE_SET: &AsciiSet =
     // respect to the encoding.
     .add(b'-').add(b'+').add(b'/');
 
-/// Network policy for Sequoia.
-///
-/// With this policy you can control how Sequoia accesses remote
-/// systems.
-#[derive(PartialEq, PartialOrd, Debug, Copy, Clone)]
-pub enum Policy {
-    /// Do not contact remote systems.
-    Offline,
-
-    /// Only contact remote systems using anonymization techniques
-    /// like TOR.
-    Anonymized,
-
-    /// Only contact remote systems using transports offering
-    /// encryption and authentication like TLS.
-    Encrypted,
-
-    /// Contact remote systems even with insecure transports.
-    Insecure,
-}
-
-impl fmt::Display for Policy {
-    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        write!(f, "{}", match self {
-            Policy::Offline    => "Offline",
-            Policy::Anonymized => "Anonymized",
-            Policy::Encrypted  => "Encrypted",
-            Policy::Insecure   => "Insecure",
-        })
-    }
-}
-
-impl Policy {
-    /// Asserts that this policy allows an action requiring policy
-    /// `action`.
-    pub fn assert(&self, action: Policy) -> Result<()> {
-        if action > *self {
-            Err(Error::PolicyViolation(action).into())
-        } else {
-            Ok(())
-        }
-    }
-}
-
-impl<'a> From<&'a Policy> for u8 {
-    fn from(policy: &Policy) -> Self {
-        match policy {
-            Policy::Offline    => 0,
-            Policy::Anonymized => 1,
-            Policy::Encrypted  => 2,
-            Policy::Insecure   => 3,
-        }
-    }
-}
-
-impl TryFrom<u8> for Policy {
-    type Error = TryFromU8Error;
-
-    fn try_from(policy: u8) -> std::result::Result<Self, Self::Error> {
-        match policy {
-            0 => Ok(Policy::Offline),
-            1 => Ok(Policy::Anonymized),
-            2 => Ok(Policy::Encrypted),
-            3 => Ok(Policy::Insecure),
-            n => Err(TryFromU8Error(n)),
-        }
-    }
-}
-
-/// Indicates errors converting `u8` to `Policy`.
-#[derive(Debug)]
-pub struct TryFromU8Error(u8);
-
-impl fmt::Display for TryFromU8Error {
-    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
-        write!(f, "Bad network policy: {}", self.0)
-    }
-}
-
-impl std::error::Error for TryFromU8Error {}
-
 /// For accessing keyservers using HKP.
 pub struct KeyServer {
     client: Box<dyn AClient>,
@@ -167,7 +84,7 @@ assert_send_and_sync!(KeyServer);
 
 impl KeyServer {
     /// Returns a handle for the given URI.
-    pub fn new(p: Policy, uri: &str) -> Result<Self> {
+    pub fn new(uri: &str) -> Result<Self> {
         let uri: Url = uri.parse()
             .or_else(|_| format!("hkps://{}", uri).parse())?;
 
@@ -180,13 +97,13 @@ impl KeyServer {
             _ => return Err(Error::MalformedUri.into()),
         };
 
-        Self::make(p, client, uri)
+        Self::make(client, uri)
     }
 
     /// Returns a handle for the given URI.
     ///
     /// `cert` is used to authenticate the server.
-    pub fn with_cert(p: Policy, uri: &str, cert: Certificate)
+    pub fn with_cert(uri: &str, cert: Certificate)
                      -> Result<Self> {
         let uri: Url = uri.parse()?;
 
@@ -201,25 +118,26 @@ impl KeyServer {
                      .build(HttpsConnector::from((http, tls.into()))))
         };
 
-        Self::make(p, client, uri)
+        Self::make(client, uri)
     }
 
     /// Returns a handle for keys.openpgp.org.
     ///
     /// The server at `hkps://keys.openpgp.org` distributes updates
     /// for OpenPGP certificates.  It is a good default choice.
-    pub fn keys_openpgp_org(p: Policy) -> Result<Self> {
-        Self::new(p, "hkps://keys.openpgp.org")
+    pub fn keys_openpgp_org() -> Result<Self> {
+        Self::new("hkps://keys.openpgp.org")
     }
 
     /// Common code for the above functions.
-    fn make(p: Policy, client: Box<dyn AClient>, uri: Url) -> Result<Self> {
+    fn make(client: Box<dyn AClient>, uri: Url) -> Result<Self> {
         let s = uri.scheme();
         match s {
-            "hkp" => p.assert(Policy::Insecure),
-            "hkps" => p.assert(Policy::Encrypted),
-            _ => return Err(Error::MalformedUri.into())
-        }?;
+            "hkp" => (),
+            "hkps" => (),
+            _ => return Err(Error::MalformedUri.into()),
+        }
+
         let uri =
             format!("{}://{}:{}",
                     match s {"hkp" => "http", "hkps" => "https",
@@ -400,10 +318,6 @@ pub type Result<T> = ::std::result::Result<T, anyhow::Error>;
 #[derive(thiserror::Error, Debug)]
 /// Errors returned from the network routines.
 pub enum Error {
-    /// The network policy was violated by the given action.
-    #[error("Unmet network policy requirement: {0}")]
-    PolicyViolation(Policy),
-
     /// A requested key was not found.
     #[error("Key not found")]
     NotFound,
@@ -449,63 +363,10 @@ pub enum Error {
 mod tests {
     use super::*;
 
-    fn ok(policy: Policy, required: Policy) {
-        assert!(policy.assert(required).is_ok());
-    }
-
-    fn fail(policy: Policy, required: Policy) {
-        assert!(matches!(
-            policy.assert(required)
-                .err().unwrap().downcast::<Error>().unwrap(),
-            Error::PolicyViolation(_)));
-    }
-
-    #[test]
-    fn offline() {
-        let p = Policy::Offline;
-        ok(p, Policy::Offline);
-        fail(p, Policy::Anonymized);
-        fail(p, Policy::Encrypted);
-        fail(p, Policy::Insecure);
-    }
-
-    #[test]
-    fn anonymized() {
-        let p = Policy::Anonymized;
-        ok(p, Policy::Offline);
-        ok(p, Policy::Anonymized);
-        fail(p, Policy::Encrypted);
-        fail(p, Policy::Insecure);
-    }
-
-    #[test]
-    fn encrypted() {
-        let p = Policy::Encrypted;
-        ok(p, Policy::Offline);
-        ok(p, Policy::Anonymized);
-        ok(p, Policy::Encrypted);
-        fail(p, Policy::Insecure);
-    }
-
-    #[test]
-    fn insecure() {
-        let p = Policy::Insecure;
-        ok(p, Policy::Offline);
-        ok(p, Policy::Anonymized);
-        ok(p, Policy::Encrypted);
-        ok(p, Policy::Insecure);
-    }
-
     #[test]
     fn uris() {
-        let p = Policy::Insecure;
-        assert!(KeyServer::new(p, "keys.openpgp.org").is_ok());
-        assert!(KeyServer::new(p, "hkp://keys.openpgp.org").is_ok());
-        assert!(KeyServer::new(p, "hkps://keys.openpgp.org").is_ok());
-
-        let p = Policy::Encrypted;
-        assert!(KeyServer::new(p, "keys.openpgp.org").is_ok());
-        assert!(KeyServer::new(p, "hkp://keys.openpgp.org").is_err());
-        assert!(KeyServer::new(p, "hkps://keys.openpgp.org").is_ok());
+        assert!(KeyServer::new("keys.openpgp.org").is_ok());
+        assert!(KeyServer::new("hkp://keys.openpgp.org").is_ok());
+        assert!(KeyServer::new("hkps://keys.openpgp.org").is_ok());
     }
 }
diff --git a/net/tests/hkp.rs b/net/tests/hkp.rs
index 7a306ec5..99da791e 100644
--- a/net/tests/hkp.rs
+++ b/net/tests/hkp.rs
@@ -11,7 +11,6 @@ use sequoia_openpgp::KeyID;
 use sequoia_openpgp::armor::Reader;
 use sequoia_openpgp::Cert;
 use sequoia_openpgp::parse::Parse;
-use sequoia_net as net;
 use sequoia_net::KeyServer;
 
 const RESPONSE: &str = "-----BEGIN PGP PUBLIC KEY BLOCK-----
@@ -118,14 +117,12 @@ fn start_server() -> SocketAddr {
     addr
 }
 
-const P: net::Policy = net::Policy::Insecure;
-
 #[tokio::test]
 async fn get() -> anyhow::Result<()> {
     // Start server.
     let addr = start_server();
 
-    let mut keyserver = KeyServer::new(P, &format!("hkp://{}", addr))?;
+    let mut keyserver = KeyServer::new(&format!("hkp://{}", addr))?;
     let keyid: KeyID = ID.parse()?;
     let key = keyserver.get(keyid).await?;
 
@@ -140,7 +137,7 @@ async fn send() -> anyhow::Result<()> {
     let addr = start_server();
     eprintln!("{}", format!("hkp://{}", addr));
     let mut keyserver =
-        KeyServer::new(P, &format!("hkp://{}", addr))?;
+        KeyServer::new(&format!("hkp://{}", addr))?;
     let key = Cert::from_reader(Reader::from_reader(Cursor::new(RESPONSE), None))?;
     keyserver.send(&key).await?;