diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2021-06-28 14:37:47 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2021-07-16 11:57:22 +0200 |
commit | 33d4f9513627b22e4bc1c3ecf2fa22f1dd3b274f (patch) | |
tree | 95dd81756b0bcd9367fd6f43d8f09d7435f251a6 /openpgp | |
parent | 39cef59facba9d2da8b4768e2c99ac7d6de98fd2 (diff) |
openpgp: Add missing ValidCert::revocation_keys.
- The documentation refers to this function, however, until now it
was missing. Adding it is simple enough, but technically breaks
the API, because it breaks callers invoking
ValidCert::revocation_keys, which would previously deref to
Cert::revocation_keys.
- Avoid the breakage by adding an optional argument, which should be
None but can be Some(_) in order to appease existing users. See
#725.
Diffstat (limited to 'openpgp')
-rw-r--r-- | openpgp/src/cert.rs | 50 | ||||
-rw-r--r-- | openpgp/src/cert/builder.rs | 4 | ||||
-rw-r--r-- | openpgp/src/types/revocation_key.rs | 2 |
3 files changed, 53 insertions, 3 deletions
diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index d1231ad4..b4552086 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -3530,6 +3530,56 @@ impl<'a> ValidCert<'a> { pub fn user_attributes(&self) -> ValidUserAttributeAmalgamationIter<'a> { self.cert.user_attributes().with_policy(self.policy, self.time) } + + /// Returns a list of any designated revokers for this certificate. + /// + /// This function returns the designated revokers listed on the + /// primary key's binding signatures and the certificate's direct + /// key signatures. + /// + /// Note: the returned list is deduplicated. + /// + /// In order to preserve our API during the 1.x series, this + /// function takes an optional policy argument. It should be + /// `None`, but if it is `Some(_)`, it will be used instead of the + /// `ValidCert`'s policy. This makes the function signature + /// compatible with [`Cert::revocation_keys`]. + /// + /// # Examples + /// + /// ``` + /// use sequoia_openpgp as openpgp; + /// # use openpgp::Result; + /// use openpgp::cert::prelude::*; + /// use openpgp::policy::StandardPolicy; + /// use openpgp::types::RevocationKey; + /// + /// # fn main() -> Result<()> { + /// let p = &StandardPolicy::new(); + /// + /// let (alice, _) = + /// CertBuilder::general_purpose(None, Some("alice@example.org")) + /// .generate()?; + /// // Make Alice a designated revoker for Bob. + /// let (bob, _) = + /// CertBuilder::general_purpose(None, Some("bob@example.org")) + /// .set_revocation_keys(vec![(&alice).into()]) + /// .generate()?; + /// + /// // Make sure Alice is listed as a designated revoker for Bob. + /// assert_eq!(bob.with_policy(p, None)?.revocation_keys(None) + /// .collect::<Vec<&RevocationKey>>(), + /// vec![&(&alice).into()]); + /// # Ok(()) } + /// ``` + pub fn revocation_keys<P>(&self, policy: P) + -> Box<dyn Iterator<Item = &'a RevocationKey> + 'a> + where + P: Into<Option<&'a dyn Policy>>, + { + self.cert.revocation_keys( + policy.into().unwrap_or_else(|| self.policy())) + } } macro_rules! impl_pref { diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index e2d68a5e..66154555 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -1697,7 +1697,7 @@ mod tests { .generate()?; let cert = cert.with_policy(p, None)?; - assert_eq!(cert.revocation_keys(p).collect::<HashSet<_>>(), + assert_eq!(cert.revocation_keys(None).collect::<HashSet<_>>(), revokers.iter().collect::<HashSet<_>>()); // Do it again, with a key that has no User IDs. @@ -1707,7 +1707,7 @@ mod tests { let cert = cert.with_policy(p, None)?; assert!(cert.primary_userid().is_err()); - assert_eq!(cert.revocation_keys(p).collect::<HashSet<_>>(), + assert_eq!(cert.revocation_keys(None).collect::<HashSet<_>>(), revokers.iter().collect::<HashSet<_>>()); // The designated revokers on all signatures should be diff --git a/openpgp/src/types/revocation_key.rs b/openpgp/src/types/revocation_key.rs index b55d65ce..0643c264 100644 --- a/openpgp/src/types/revocation_key.rs +++ b/openpgp/src/types/revocation_key.rs @@ -46,7 +46,7 @@ use crate::{ /// .generate()?; /// /// // Make sure Alice is listed as a designated revoker for Bob. -/// assert_eq!(bob.with_policy(p, None)?.revocation_keys(p) +/// assert_eq!(bob.with_policy(p, None)?.revocation_keys(None) /// .collect::<Vec<&RevocationKey>>(), /// vec![&(&alice).into()]); /// # Ok(()) } |