openpgp: Simplify key iteration interface.

  - Cert::keys_valid() is just a short-cut for
    Cert::keys_all().alive().revoked(false).

  - Remove Cert::keys_valid() and rename Cert::keys_all() to
    Cert::keys().

5 files changed, 11 insertions, 57 deletions

diff --git a/openpgp-ffi/examples/decrypt-with.c b/openpgp-ffi/examples/decrypt-with.c
index 423106bd..c85b96f8 100644
--- a/openpgp-ffi/examples/decrypt-with.c
+++ b/openpgp-ffi/examples/decrypt-with.c
@@ -155,7 +155,7 @@ decrypt_cb (void *cookie_opaque,
     pgp_pkesk_t pkesk = pkesks[i];
     pgp_keyid_t keyid = pgp_pkesk_recipient (pkesk);
 
-    pgp_cert_key_iter_t key_iter = pgp_cert_key_iter_all (cookie->key);
+    pgp_cert_key_iter_t key_iter = pgp_cert_key_iter (cookie->key);
     pgp_key_t key;
     while ((key = pgp_cert_key_iter_next (key_iter, NULL, NULL))) {
       pgp_keyid_t this_keyid = pgp_key_keyid (key);
diff --git a/openpgp-ffi/examples/encrypt-for.c b/openpgp-ffi/examples/encrypt-for.c
index 8303f8ee..65bd8a45 100644
--- a/openpgp-ffi/examples/encrypt-for.c
+++ b/openpgp-ffi/examples/encrypt-for.c
@@ -36,7 +36,9 @@ main (int argc, char **argv)
   if (cert == NULL)
     error (1, 0, "pgp_cert_from_file: %s", pgp_error_to_string (err));
 
-  pgp_cert_key_iter_t iter = pgp_cert_key_iter_valid (cert);
+  pgp_cert_key_iter_t iter = pgp_cert_key_iter (cert);
+  pgp_cert_key_iter_alive (iter);
+  pgp_cert_key_iter_revoked (iter, false);
   pgp_cert_key_iter_for_storage_encryption (iter);
   pgp_cert_key_iter_for_transport_encryption (iter);
   size_t recipients_len;
diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h
index 4d6d8416..4468ccb5 100644
--- a/openpgp-ffi/include/sequoia/openpgp.h
+++ b/openpgp-ffi/include/sequoia/openpgp.h
@@ -912,30 +912,9 @@ pgp_user_id_binding_iter_t pgp_cert_user_id_binding_iter (pgp_cert_t cert);
 /// Returns an iterator over all `Key`s in a Cert.
 ///
 /// That is, this returns an iterator over the primary key and any
-/// subkeys, along with the corresponding signatures.
-///
-/// Note: since a primary key is different from a subkey, the iterator
-/// is over `Key`s and not `SubkeyBindings`.  Since the primary key
-/// has no binding signature, the signature carrying the primary key's
-/// key flags is returned (either a direct key signature, or the
-/// self-signature on the primary User ID).  There are corner cases
-/// where no such signature exists (e.g. partial Certs), therefore this
-/// iterator may return `None` for the primary key's signature.
-///
-/// A valid `Key` has at least one good self-signature.
-///
-/// Compare with `pgp_cert_key_iter_valid`, which filters out expired and
-/// revoked keys.
-/*/
-pgp_cert_key_iter_t pgp_cert_key_iter_all (pgp_cert_t cert);
-
-/*/
-/// Returns an iterator over the live and unrevoked `Key`s in a Cert.
-///
-/// Compare with `pgp_cert_key_iter_all`, which doesn't filter out
-/// expired and revoked keys by default.
+/// subkeys.
 /*/
-pgp_cert_key_iter_t pgp_cert_key_iter_valid (pgp_cert_t cert);
+pgp_cert_key_iter_t pgp_cert_key_iter (pgp_cert_t cert);
 
 /*/
 /// Returns the Cert's primary user id (if any).
diff --git a/openpgp-ffi/src/cert.rs b/openpgp-ffi/src/cert.rs
index 2791ad1c..0c91dd88 100644
--- a/openpgp-ffi/src/cert.rs
+++ b/openpgp-ffi/src/cert.rs
@@ -436,44 +436,17 @@ pub struct KeyIterWrapper<'a> {
     next_called: bool,
 }
 
-/// Returns an iterator over the Cert's live, non-revoked keys.
-///
-/// That is, this returns an iterator over the primary key and any
-/// subkeys, along with the corresponding signatures.
-///
-/// Note: since a primary key is different from a subkey, the iterator
-/// is over `Key`s and not `SubkeyBindings`.  Since the primary key
-/// has no binding signature, the signature carrying the primary key's
-/// key flags is returned (either a direct key signature, or the
-/// self-signature on the primary User ID).  There are corner cases
-/// where no such signature exists (e.g. partial Certs), therefore this
-/// iterator may return `None` for the primary key's signature.
-///
-/// A valid `Key` has at least one good self-signature.
-///
-/// To return all keys, use `pgp_cert_key_iter_all()`.
-#[::sequoia_ffi_macros::extern_fn] #[no_mangle]
-pub extern "C" fn pgp_cert_key_iter_valid(cert: *const Cert)
-    -> *mut KeyIterWrapper<'static>
-{
-    let cert = cert.ref_raw();
-    box_raw!(KeyIterWrapper {
-        iter: cert.keys_valid(),
-        next_called: false,
-    })
-}
-
 /// Returns an iterator over all `Key`s in a Cert.
 ///
-/// Compare with `pgp_cert_key_iter_valid`, which filters out expired
-/// and revoked keys by default.
+/// That is, this returns an iterator over the primary key and any
+/// subkeys.
 #[::sequoia_ffi_macros::extern_fn] #[no_mangle]
-pub extern "C" fn pgp_cert_key_iter_all(cert: *const Cert)
+pub extern "C" fn pgp_cert_key_iter(cert: *const Cert)
     -> *mut KeyIterWrapper<'static>
 {
     let cert = cert.ref_raw();
     box_raw!(KeyIterWrapper {
-        iter: cert.keys_all(),
+        iter: cert.keys(),
         next_called: false,
     })
 }
diff --git a/openpgp-ffi/src/parse/stream.rs b/openpgp-ffi/src/parse/stream.rs
index f3b5b32f..3478b141 100644
--- a/openpgp-ffi/src/parse/stream.rs
+++ b/openpgp-ffi/src/parse/stream.rs
@@ -816,7 +816,7 @@ impl DecryptionHelper for DHelper {
 ///     pgp_pkesk_t pkesk = pkesks[i];
 ///     pgp_keyid_t keyid = pgp_pkesk_recipient (pkesk);
 ///
-///     pgp_cert_key_iter_t key_iter = pgp_cert_key_iter_all (cookie->key);
+///     pgp_cert_key_iter_t key_iter = pgp_cert_key_iter (cookie->key);
 ///     pgp_key_t key;
 ///     while ((key = pgp_cert_key_iter_next (key_iter, NULL, NULL))) {
 ///       pgp_keyid_t this_keyid = pgp_key_keyid (key);