diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2019-12-20 14:22:09 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@pep.foundation> | 2019-12-20 14:22:09 +0100 |
| commit | f078f93025b517609d25ce2cb2ebc41a01d81190 (patch) | |
| tree | 32766c92a0a6e7877b538d373cced9c9f0a97019 /openpgp/src | |
| parent | b3ba97146f534ac5cf67db7f72d8a633112d0a18 (diff) | |
openpgp: Simplify key iteration interface.
- Cert::keys_valid() is just a short-cut for
Cert::keys_all().alive().revoked(false).
- Remove Cert::keys_valid() and rename Cert::keys_all() to
Cert::keys().
Diffstat (limited to 'openpgp/src')
| -rw-r--r-- | openpgp/src/cert/bindings.rs | 8 | ||||
| -rw-r--r-- | openpgp/src/cert/builder.rs | 4 | ||||
| -rw-r--r-- | openpgp/src/cert/keyiter.rs | 34 | ||||
| -rw-r--r-- | openpgp/src/cert/mod.rs | 40 | ||||
| -rw-r--r-- | openpgp/src/crypto/keygrip.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/crypto/mpis.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/packet/signature/mod.rs | 2 | ||||
| -rw-r--r-- | openpgp/src/parse/stream.rs | 6 | ||||
| -rw-r--r-- | openpgp/src/serialize/cert.rs | 4 | ||||
| -rw-r--r-- | openpgp/src/serialize/stream.rs | 20 |
10 files changed, 55 insertions, 67 deletions
diff --git a/openpgp/src/cert/bindings.rs b/openpgp/src/cert/bindings.rs index d06dbfa6..70e80983 100644 --- a/openpgp/src/cert/bindings.rs +++ b/openpgp/src/cert/bindings.rs @@ -36,7 +36,9 @@ impl<P: key::KeyParts> Key<P, key::SubordinateRole> { /// /// // Let's add an encryption subkey. /// let flags = KeyFlags::default().set_storage_encryption(true); - /// assert_eq!(cert.keys_valid().key_flags(flags.clone()).count(), 0); + /// assert_eq!(cert.keys().alive().revoked(false) + /// .key_flags(flags.clone()).count(), + /// 0); /// /// // Generate a subkey and a binding signature. /// let subkey: Key<_, key::SubordinateRole> = @@ -51,7 +53,9 @@ impl<P: key::KeyParts> Key<P, key::SubordinateRole> { /// binding.into()])?; /// /// // Check that we have an encryption subkey. - /// assert_eq!(cert.keys_valid().key_flags(flags).count(), 1); + /// assert_eq!(cert.keys().alive().revoked(false) + /// .key_flags(flags).count(), + /// 1); /// # Ok(()) } pub fn bind<T>(&self, signer: &mut dyn Signer, cert: &Cert, signature: signature::Builder, diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index 24bc5fe7..511ddd2d 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -655,7 +655,7 @@ mod tests { assert!(sig.key_alive(key, now + 590 * s).is_ok()); assert!(! sig.key_alive(key, now + 610 * s).is_ok()); - let (sig, key) = cert.keys_valid().for_signing() + let (sig, key) = cert.keys().alive().revoked(false).for_signing() .nth(0).map(|ka| { (ka.binding_signature(None).unwrap(), ka.key()) }).unwrap(); @@ -663,7 +663,7 @@ mod tests { assert!(sig.key_alive(key, now + 290 * s).is_ok()); assert!(! sig.key_alive(key, now + 310 * s).is_ok()); - let (sig, key) = cert.keys_valid().for_authentication() + let (sig, key) = cert.keys().alive().revoked(false).for_authentication() .nth(0).map(|ka| { (ka.binding_signature(None).unwrap(), ka.key()) }).unwrap(); diff --git a/openpgp/src/cert/keyiter.rs b/openpgp/src/cert/keyiter.rs index 8c948f50..b4fbe725 100644 --- a/openpgp/src/cert/keyiter.rs +++ b/openpgp/src/cert/keyiter.rs @@ -391,7 +391,7 @@ mod test { fn key_iter_test() { let key = Cert::from_bytes(crate::tests::key("neal.pgp")).unwrap(); assert_eq!(1 + key.subkeys().count(), - key.keys_all().count()); + key.keys().count()); } #[test] @@ -400,7 +400,7 @@ mod test { .generate().unwrap(); let flags = KeyFlags::default().set_transport_encryption(true); - assert_eq!(cert.keys_all().key_flags(flags).count(), 0); + assert_eq!(cert.keys().key_flags(flags).count(), 0); } #[test] @@ -410,7 +410,7 @@ mod test { .generate().unwrap(); let flags = KeyFlags::default().set_transport_encryption(true); - assert_eq!(cert.keys_all().key_flags(flags).count(), 1); + assert_eq!(cert.keys().key_flags(flags).count(), 1); } #[test] @@ -421,7 +421,7 @@ mod test { .generate().unwrap(); let flags = KeyFlags::default().set_transport_encryption(true); - assert_eq!(cert.keys_all().key_flags(flags).count(), 1); + assert_eq!(cert.keys().key_flags(flags).count(), 1); } #[test] @@ -433,7 +433,7 @@ mod test { let now = std::time::SystemTime::now() - std::time::Duration::new(52 * 7 * 24 * 60 * 60, 0); - assert_eq!(cert.keys_all().key_flags(flags).alive_at(now).count(), 0); + assert_eq!(cert.keys().key_flags(flags).alive_at(now).count(), 0); } #[test] @@ -443,7 +443,7 @@ mod test { .generate().unwrap(); let flags = KeyFlags::default().set_certification(true); - assert_eq!(cert.keys_all().key_flags(flags).count(), 2); + assert_eq!(cert.keys().key_flags(flags).count(), 2); } #[test] @@ -455,12 +455,22 @@ mod test { .add_storage_encryption_subkey() .add_authentication_subkey() .generate().unwrap(); - assert_eq!(cert.keys_valid().for_certification().count(), 2); - assert_eq!(cert.keys_valid().for_transport_encryption().count(), + assert_eq!(cert.keys().alive().revoked(false) + .for_certification().count(), + 2); + assert_eq!(cert.keys().alive().revoked(false) + .for_transport_encryption().count(), + 1); + assert_eq!(cert.keys().alive().revoked(false) + .for_storage_encryption().count(), + 1); + + assert_eq!(cert.keys().alive().revoked(false) + .for_signing().count(), + 1); + assert_eq!(cert.keys().alive().revoked(false) + .key_flags(KeyFlags::default().set_authentication(true)) + .count(), 1); - assert_eq!(cert.keys_valid().for_storage_encryption().count(), 1); - assert_eq!(cert.keys_valid().for_signing().count(), 1); - assert_eq!(cert.keys_valid().key_flags( - KeyFlags::default().set_authentication(true)).count(), 1); } } diff --git a/openpgp/src/cert/mod.rs b/openpgp/src/cert/mod.rs index 45e22271..029e8182 100644 --- a/openpgp/src/cert/mod.rs +++ b/openpgp/src/cert/mod.rs @@ -1210,37 +1210,11 @@ impl Cert { &self.bad } - /// Returns an iterator over the Cert's valid keys (live and - /// not-revoked). + /// Returns an iterator over the certificate's keys. /// /// That is, this returns an iterator over the primary key and any - /// subkeys, along with the corresponding signatures. - /// - /// Note: since a primary key is different from a binding, the - /// iterator is over `Key`s and not `KeyBindings`. - /// Furthermore, the primary key has no binding signature. Here, - /// the signature carrying the primary key's key flags is - /// returned. There are corner cases where no such signature - /// exists (e.g. partial Certs), therefore this iterator may return - /// `None` for the primary key's signature. - /// - /// A valid `Key` has at least one good self-signature. - /// - /// To return all keys, do `keys_all()`. See the - /// documentation of `keys` for how to control what keys are - /// returned. - pub fn keys_valid(&self) - -> KeyIter<key::PublicParts, key::UnspecifiedRole> - { - KeyIter::new(self).alive().revoked(false) - } - - /// Returns an iterator over the Cert's keys. - /// - /// Unlike `Cert::keys_valid()`, this iterator also returns expired - /// and revoked keys. - pub fn keys_all(&self) - -> KeyIter<key::PublicParts, key::UnspecifiedRole> + /// subkeys. + pub fn keys(&self) -> KeyIter<key::PublicParts, key::UnspecifiedRole> { KeyIter::new(self) } @@ -3487,8 +3461,8 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= .add_transport_encryption_subkey() .set_password(Some(String::from("streng geheim").into())) .generate().unwrap(); - assert_eq!(cert.keys_all().secret().count(), 2); - assert_eq!(cert.keys_all().unencrypted_secret().count(), 0); + assert_eq!(cert.keys().secret().count(), 2); + assert_eq!(cert.keys().unencrypted_secret().count(), 0); let mut primary = cert.primary().clone(); let algo = primary.pk_algo(); @@ -3498,7 +3472,7 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= primary.mark_parts_secret().unwrap().mark_role_primary().into() ]).unwrap(); - assert_eq!(cert.keys_all().secret().count(), 2); - assert_eq!(cert.keys_all().unencrypted_secret().count(), 1); + assert_eq!(cert.keys().secret().count(), 2); + assert_eq!(cert.keys().unencrypted_secret().count(), 1); } } diff --git a/openpgp/src/crypto/keygrip.rs b/openpgp/src/crypto/keygrip.rs index ecc1d4e7..cff25e6f 100644 --- a/openpgp/src/crypto/keygrip.rs +++ b/openpgp/src/crypto/keygrip.rs @@ -340,7 +340,7 @@ mod tests { .iter().map(|n| (n, crate::Cert::from_bytes(crate::tests::key(n)).unwrap())) { eprintln!("{}", name); - for key in cert.keys_all().map(|ka| ka.key()) { + for key in cert.keys().map(|ka| ka.key()) { let fp = key.fingerprint(); eprintln!("(sub)key: {}", fp); assert_eq!(&key.mpis().keygrip().unwrap(), diff --git a/openpgp/src/crypto/mpis.rs b/openpgp/src/crypto/mpis.rs index 2c62a82b..37f75213 100644 --- a/openpgp/src/crypto/mpis.rs +++ b/openpgp/src/crypto/mpis.rs @@ -1047,7 +1047,7 @@ mod tests { ("erika-corinna-daniela-simone-antonia-nistp521.pgp", 0, 521), ] { let cert = crate::Cert::from_bytes(crate::tests::key(name)).unwrap(); - let key = cert.keys_all().nth(*key_no).unwrap().key(); + let key = cert.keys().nth(*key_no).unwrap().key(); assert_eq!(key.mpis().bits().unwrap(), *bits, "Cert {}, key no {}", name, *key_no); } diff --git a/openpgp/src/packet/signature/mod.rs b/openpgp/src/packet/signature/mod.rs index 02b256c1..e47e744c 100644 --- a/openpgp/src/packet/signature/mod.rs +++ b/openpgp/src/packet/signature/mod.rs @@ -1483,7 +1483,7 @@ mod test { let test1 = Cert::from_bytes( crate::tests::key("test1-certification-key.pgp")).unwrap(); - let cert_key1 = test1.keys_all() + let cert_key1 = test1.keys() .for_certification() .nth(0) .map(|ka| ka.key()) diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index fe0d7dd5..ee7cd39b 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -699,7 +699,7 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { if let Some((i, j)) = self.keys.get(&issuer) { let cert = &self.certs[*i]; - let ka = cert.keys_all().nth(*j).unwrap(); + let ka = cert.keys().nth(*j).unwrap(); let binding = ka.binding_signature(self.time); let revoked = ka.revoked(self.time); let key = ka.key(); @@ -1596,7 +1596,7 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { if let Some((i, j)) = self.keys.get(&issuer) { let cert = &self.certs[*i]; - let ka = cert.keys_all().nth(*j).unwrap(); + let ka = cert.keys().nth(*j).unwrap(); let binding = ka.binding_signature(self.time); let revoked = ka.revoked(self.time); let key = ka.key(); @@ -2063,7 +2063,7 @@ mod test { // sign 30MiB message let mut buf = vec![]; { - let key = cert.keys_all().for_signing().nth(0).unwrap().key(); + let key = cert.keys().for_signing().nth(0).unwrap().key(); let keypair = key.clone().mark_parts_secret().unwrap() .into_keypair().unwrap(); diff --git a/openpgp/src/serialize/cert.rs b/openpgp/src/serialize/cert.rs index 98b3e542..773606a6 100644 --- a/openpgp/src/serialize/cert.rs +++ b/openpgp/src/serialize/cert.rs @@ -316,7 +316,7 @@ impl<'a> TSK<'a> { /// # f().unwrap(); /// # fn f() -> Result<()> { /// let (cert, _) = CertBuilder::new().add_signing_subkey().generate()?; - /// assert_eq!(cert.keys_valid().secret().count(), 2); + /// assert_eq!(cert.keys().alive().revoked(false).secret().count(), 2); /// /// // Only write out the primary key's secret. /// let mut buf = Vec::new(); @@ -328,7 +328,7 @@ impl<'a> TSK<'a> { /// .serialize(&mut buf)?; /// /// let cert_ = Cert::from_bytes(&buf)?; - /// assert_eq!(cert_.keys_valid().secret().count(), 1); + /// assert_eq!(cert_.keys().alive().revoked(false).secret().count(), 1); /// assert!(cert_.primary().secret().is_some()); /// # Ok(()) } pub fn set_filter<P>(mut self, predicate: P) -> Self diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index a3204bca..ba2c91a7 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -228,7 +228,7 @@ impl<'a> Signer<'a> { /// # let tsk = Cert::from_bytes(&include_bytes!( /// # "../../tests/data/keys/testy-new-private.pgp")[..]) /// # .unwrap(); - /// # let keypair = tsk.keys_valid().for_signing().nth(0).unwrap().key() + /// # let keypair = tsk.keys().alive().revoked(false).for_signing().nth(0).unwrap().key() /// # .clone().mark_parts_secret().unwrap().into_keypair().unwrap(); /// # f(tsk, keypair).unwrap(); /// # fn f(cert: Cert, mut signing_keypair: KeyPair) @@ -331,8 +331,10 @@ impl<'a> Signer<'a> { /// # let tsk = Cert::from_bytes(&include_bytes!( /// # "../../tests/data/keys/testy-new-private.pgp")[..]) /// # .unwrap(); - /// # let keypair = tsk.keys_valid().for_signing().nth(0).unwrap().key() - /// # .clone().mark_parts_secret().unwrap().into_keypair().unwrap(); + /// # let keypair + /// # = tsk.keys().alive().revoked(false).for_signing().nth(0).unwrap() + /// # .key().clone().mark_parts_secret().unwrap().into_keypair() + /// # .unwrap(); /// # f(tsk, keypair).unwrap(); /// # fn f(cert: Cert, mut signing_keypair: KeyPair) /// # -> Result<()> { @@ -983,7 +985,7 @@ impl<'a> Encryptor<'a> { /// /// // Build a vector of recipients to hand to Encryptor. /// let recipient = - /// cert.keys_valid() + /// cert.keys().alive().revoked(false) /// .key_flags(KeyFlags::default() /// .set_storage_encryption(true) /// .set_transport_encryption(true)) @@ -1468,8 +1470,7 @@ mod test { Cert::from_bytes(crate::tests::key("testy-private.pgp")).unwrap(), Cert::from_bytes(crate::tests::key("testy-new-private.pgp")).unwrap(), ] { - for key in tsk.keys_all().for_signing().map(|ka| ka.key()) - { + for key in tsk.keys().for_signing().map(|ka| ka.key()) { keys.insert(key.fingerprint(), key.clone()); } } @@ -1673,10 +1674,9 @@ mod test { mut decrypt: D) -> Result<Option<crate::Fingerprint>> where D: FnMut(SymmetricAlgorithm, &SessionKey) -> Result<()> { - let mut keypair = self.tsk.keys_all() + let mut keypair = self.tsk.keys() .key_flags( - KeyFlags::default() - .set_transport_encryption(true)) + KeyFlags::default().set_transport_encryption(true)) .map(|ka| ka.key()).next().unwrap() .clone().mark_parts_secret().unwrap() .into_keypair().unwrap(); @@ -1702,7 +1702,7 @@ mod test { { let m = Message::new(&mut msg); let recipient = - tsk.keys_all() + tsk.keys() .key_flags(KeyFlags::default() .set_storage_encryption(true) .set_transport_encryption(true)) |