diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2020-01-06 10:29:13 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@pep.foundation> | 2020-01-06 14:34:03 +0100 |
| commit | 7e78e716610ac3a9bff86035c52b344b437951a2 (patch) | |
| tree | 8897a006fd588a019c4beffabdf0050bdc1b8c5b /tool/src/commands/mod.rs | |
| parent | a01b070c9599be7f2be4dfaa25dd9ff01efe8a57 (diff) | |
openpgp: Pass a timestamp to the KeyIter instead of each filter.
- KeyIter::revoked and KeyIter::key_flags (and its variants) didn't
take a time stamp so they could only be used for filtering keys
based on their current state, not their state at some time in the
past. Adding a time stamp to each of the filters would have fixed
the problem, but it would have made the interface ugly: callers
always want the same time stamp for all filters.
- Split KeyIter into two structures: a KeyIter and a ValidKeyIter.
- Add KeyIter::policy. It takes a time stamp, which is then used
for filters like `alive` and `revoked`, and it returns a
ValidKeyIter, which exposes filters that require a time stamp.
Diffstat (limited to 'tool/src/commands/mod.rs')
| -rw-r--r-- | tool/src/commands/mod.rs | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index cde1e664..77b0d051 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -48,7 +48,7 @@ fn get_signing_keys(certs: &[openpgp::Cert]) { let mut keys = Vec::new(); 'next_cert: for tsk in certs { - for key in tsk.keys().alive().revoked(false) + for key in tsk.keys().policy(None).alive().revoked(false) .for_signing() .map(|ka| ka.key()) { @@ -112,7 +112,7 @@ pub fn encrypt(mapping: &mut store::Mapping, let mut recipient_subkeys: Vec<Recipient> = Vec::new(); for cert in certs.iter() { let mut count = 0; - for key in cert.keys().alive().revoked(false) + for key in cert.keys().policy(None).alive().revoked(false) .key_flags(&mode).map(|ka| ka.key()) { recipient_subkeys.push(key.into()); @@ -304,11 +304,11 @@ impl<'a> VHelper<'a> { impl<'a> VerificationHelper for VHelper<'a> { fn get_public_keys(&mut self, ids: &[openpgp::KeyHandle]) -> Result<Vec<Cert>> { let mut certs = self.certs.take().unwrap(); + // Get all keys. Even if a key is revoked or expired, we can + // still use it to verify a message. let seen: HashSet<_> = certs.iter() .flat_map(|cert| { - // Even if a key is revoked or expired, we can still - // use it to verify a message. - cert.keys().map(|ka| ka.key().fingerprint().into()) + cert.keys().map(|key| key.fingerprint().into()) }).collect(); // Explicitly provided keys are trusted. |