diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2020-01-06 10:29:13 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@pep.foundation> | 2020-01-06 14:34:03 +0100 |
| commit | 7e78e716610ac3a9bff86035c52b344b437951a2 (patch) | |
| tree | 8897a006fd588a019c4beffabdf0050bdc1b8c5b /openpgp/examples | |
| parent | a01b070c9599be7f2be4dfaa25dd9ff01efe8a57 (diff) | |
openpgp: Pass a timestamp to the KeyIter instead of each filter.
- KeyIter::revoked and KeyIter::key_flags (and its variants) didn't
take a time stamp so they could only be used for filtering keys
based on their current state, not their state at some time in the
past. Adding a time stamp to each of the filters would have fixed
the problem, but it would have made the interface ugly: callers
always want the same time stamp for all filters.
- Split KeyIter into two structures: a KeyIter and a ValidKeyIter.
- Add KeyIter::policy. It takes a time stamp, which is then used
for filters like `alive` and `revoked`, and it returns a
ValidKeyIter, which exposes filters that require a time stamp.
Diffstat (limited to 'openpgp/examples')
| -rw-r--r-- | openpgp/examples/decrypt-with.rs | 2 | ||||
| -rw-r--r-- | openpgp/examples/encrypt-for.rs | 3 | ||||
| -rw-r--r-- | openpgp/examples/generate-encrypt-decrypt.rs | 4 | ||||
| -rw-r--r-- | openpgp/examples/generate-sign-verify.rs | 4 | ||||
| -rw-r--r-- | openpgp/examples/notarize.rs | 5 | ||||
| -rw-r--r-- | openpgp/examples/pad.rs | 7 | ||||
| -rw-r--r-- | openpgp/examples/sign-detached.rs | 5 | ||||
| -rw-r--r-- | openpgp/examples/sign.rs | 5 |
8 files changed, 21 insertions, 14 deletions
diff --git a/openpgp/examples/decrypt-with.rs b/openpgp/examples/decrypt-with.rs index 27977048..b3feceb6 100644 --- a/openpgp/examples/decrypt-with.rs +++ b/openpgp/examples/decrypt-with.rs @@ -58,7 +58,7 @@ impl Helper { // Map (sub)KeyIDs to secrets. let mut keys = HashMap::new(); for cert in certs { - for ka in cert.keys() { + for ka in cert.keys().policy(None) { if ka.binding_signature(None) .map(|s| (s.key_flags().for_storage_encryption() || s.key_flags().for_transport_encryption())) diff --git a/openpgp/examples/encrypt-for.rs b/openpgp/examples/encrypt-for.rs index c76c7a1b..63e0e071 100644 --- a/openpgp/examples/encrypt-for.rs +++ b/openpgp/examples/encrypt-for.rs @@ -38,7 +38,8 @@ fn main() { let mut recipients = certs.iter() .flat_map(|cert| { - cert.keys().alive().revoked(false).key_flags(&mode) + cert.keys() + .policy(None).alive().revoked(false).key_flags(&mode) }) .map(|ka| ka.key().into()) .collect::<Vec<_>>(); diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs index 416a4b73..d431e99c 100644 --- a/openpgp/examples/generate-encrypt-decrypt.rs +++ b/openpgp/examples/generate-encrypt-decrypt.rs @@ -41,8 +41,8 @@ fn generate() -> openpgp::Result<openpgp::Cert> { fn encrypt(sink: &mut dyn Write, plaintext: &str, recipient: &openpgp::Cert) -> openpgp::Result<()> { // Build a vector of recipients to hand to Encryptor. - let mut recipients = - recipient.keys().alive().revoked(false) + let mut recipients = recipient + .keys().policy(None).alive().revoked(false) .for_transport_encryption() .map(|ka| ka.key().into()) .collect::<Vec<_>>(); diff --git a/openpgp/examples/generate-sign-verify.rs b/openpgp/examples/generate-sign-verify.rs index a51ff031..f238d368 100644 --- a/openpgp/examples/generate-sign-verify.rs +++ b/openpgp/examples/generate-sign-verify.rs @@ -40,7 +40,9 @@ fn generate() -> openpgp::Result<openpgp::Cert> { fn sign(sink: &mut dyn Write, plaintext: &str, tsk: &openpgp::Cert) -> openpgp::Result<()> { // Get the keypair to do the signing from the Cert. - let keypair = tsk.keys().alive().revoked(false).for_signing().nth(0).unwrap() + let keypair = tsk + .keys().policy(None).alive().revoked(false).for_signing() + .nth(0).unwrap() .key().clone().mark_parts_secret().unwrap().into_keypair()?; // Start streaming an OpenPGP message. diff --git a/openpgp/examples/notarize.rs b/openpgp/examples/notarize.rs index fec7419b..5d14ff9e 100644 --- a/openpgp/examples/notarize.rs +++ b/openpgp/examples/notarize.rs @@ -28,8 +28,9 @@ fn main() { .expect("Failed to read key"); let mut n = 0; - for key in tsk.keys().alive().revoked(false).for_signing().secret() - .map(|ka| ka.key()) + for key in tsk.keys() + .policy(None).alive().revoked(false).for_signing().secret() + .map(|ka| ka.key()) { keys.push({ let mut key = key.clone(); diff --git a/openpgp/examples/pad.rs b/openpgp/examples/pad.rs index 95625f51..f0792d4e 100644 --- a/openpgp/examples/pad.rs +++ b/openpgp/examples/pad.rs @@ -37,10 +37,11 @@ fn main() { }).collect(); // Build a vector of recipients to hand to Encryptor. - let mut recipients = - certs.iter() + let mut recipients = certs + .iter() .flat_map(|cert| { - cert.keys().alive().revoked(false).key_flags(mode.clone()) + cert.keys() + .policy(None).alive().revoked(false).key_flags(&mode) }) .map(|ka| Recipient::new(KeyID::wildcard(), ka.key())) .collect::<Vec<_>>(); diff --git a/openpgp/examples/sign-detached.rs b/openpgp/examples/sign-detached.rs index eea08f08..4d228f34 100644 --- a/openpgp/examples/sign-detached.rs +++ b/openpgp/examples/sign-detached.rs @@ -24,8 +24,9 @@ fn main() { .expect("Failed to read key"); let mut n = 0; - for key in tsk.keys().alive().revoked(false).for_signing().secret() - .map(|ka| ka.key()) + for key in tsk + .keys().policy(None).alive().revoked(false).for_signing().secret() + .map(|ka| ka.key()) { keys.push({ let mut key = key.clone(); diff --git a/openpgp/examples/sign.rs b/openpgp/examples/sign.rs index d8054fac..b6bedeb4 100644 --- a/openpgp/examples/sign.rs +++ b/openpgp/examples/sign.rs @@ -23,8 +23,9 @@ fn main() { .expect("Failed to read key"); let mut n = 0; - for key in tsk.keys().alive().revoked(false).for_signing().secret() - .map(|ka| ka.key()) + for key in tsk.keys() + .policy(None).alive().revoked(false).for_signing().secret() + .map(|ka| ka.key()) { keys.push({ let mut key = key.clone(); |