diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2020-01-31 14:20:53 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@pep.foundation> | 2020-01-31 15:59:16 +0100 |
| commit | a464ce819ccd1fa07ff8c6d0be74cff5eec5cf34 (patch) | |
| tree | 31ed9d18b9c7802a93b4e4c8e6e85d1121b201d8 /tool/src/commands/mod.rs | |
| parent | b9b6533bd5394cd5cdb6b91b5c5ca7a02e3ea199 (diff) | |
openpgp: Add a policy object.
- Change all functions that need to evaluate the validity of a
signature (either directly or indirectly to take a policy object.
- Use the policy object to allow the user to place additional
constraints on a signature's validity.
- This addresses the first half of #274 (it introduces the policy
object, but does not yet implement any policy).
Diffstat (limited to 'tool/src/commands/mod.rs')
| -rw-r--r-- | tool/src/commands/mod.rs | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index 24ce3337..f4abe71f 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -30,6 +30,7 @@ use crate::openpgp::serialize::padding::{ Padder, padme, }; +use crate::openpgp::policy::Policy; extern crate sequoia_store as store; pub mod decrypt; @@ -44,12 +45,13 @@ pub use self::inspect::inspect; pub mod key; /// Returns suitable signing keys from a given list of Certs. -fn get_signing_keys(certs: &[openpgp::Cert], timestamp: Option<SystemTime>) +fn get_signing_keys(certs: &[openpgp::Cert], p: &dyn Policy, + timestamp: Option<SystemTime>) -> Result<Vec<crypto::KeyPair>> { let mut keys = Vec::new(); 'next_cert: for tsk in certs { - for key in tsk.keys().policy(timestamp).alive().revoked(false) + for key in tsk.keys().set_policy(p, timestamp).alive().revoked(false) .for_signing() .map(|ka| ka.key()) { @@ -78,7 +80,8 @@ fn get_signing_keys(certs: &[openpgp::Cert], timestamp: Option<SystemTime>) Ok(keys) } -pub fn encrypt(mapping: &mut store::Mapping, +pub fn encrypt(policy: &dyn Policy, + mapping: &mut store::Mapping, input: &mut dyn io::Read, output: &mut dyn io::Write, npasswords: usize, recipients: Vec<&str>, mut certs: Vec<openpgp::Cert>, signers: Vec<openpgp::Cert>, @@ -104,7 +107,7 @@ pub fn encrypt(mapping: &mut store::Mapping, "Neither recipient nor password given")); } - let mut signers = get_signing_keys(&signers, time)?; + let mut signers = get_signing_keys(&signers, policy, time)?; // Build a vector of references to hand to Signer. let recipients: Vec<&openpgp::Cert> = certs.iter().collect(); @@ -113,7 +116,7 @@ pub fn encrypt(mapping: &mut store::Mapping, let mut recipient_subkeys: Vec<Recipient> = Vec::new(); for cert in certs.iter() { let mut count = 0; - for key in cert.keys().policy(None).alive().revoked(false) + for key in cert.keys().set_policy(policy, None).alive().revoked(false) .key_flags(&mode).map(|ka| ka.key()) { recipient_subkeys.push(key.into()); @@ -396,7 +399,8 @@ impl<'a> VerificationHelper for VHelper<'a> { } } -pub fn verify(ctx: &Context, mapping: &mut store::Mapping, +pub fn verify(ctx: &Context, policy: &dyn Policy, + mapping: &mut store::Mapping, input: &mut dyn io::Read, detached: Option<&mut dyn io::Read>, output: &mut dyn io::Write, @@ -404,9 +408,9 @@ pub fn verify(ctx: &Context, mapping: &mut store::Mapping, -> Result<()> { let helper = VHelper::new(ctx, mapping, signatures, certs); let mut verifier = if let Some(dsig) = detached { - DetachedVerifier::from_reader(dsig, input, helper, None)? + DetachedVerifier::from_reader(policy, dsig, input, helper, None)? } else { - Verifier::from_reader(input, helper, None)? + Verifier::from_reader(policy, input, helper, None)? }; io::copy(&mut verifier, output) |