sq: Use the new armoring filter.

2 files changed, 24 insertions, 32 deletions

diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs
index a2c2e8cb..b1de8fa8 100644
--- a/tool/src/commands/mod.rs
+++ b/tool/src/commands/mod.rs
@@ -85,13 +85,13 @@ fn get_signing_keys(certs: &[openpgp::Cert], p: &dyn Policy,
     Ok(keys)
 }
 
-pub fn encrypt(policy: &dyn Policy,
-               input: &mut dyn io::Read, output: &mut dyn io::Write,
-               npasswords: usize, recipients: &[openpgp::Cert],
-               signers: Vec<openpgp::Cert>,
-               mode: openpgp::types::KeyFlags, compression: &str,
-               time: Option<SystemTime>)
-               -> Result<()> {
+pub fn encrypt<'a>(policy: &'a dyn Policy,
+                   input: &mut dyn io::Read, message: Message<'a>,
+                   npasswords: usize, recipients: &'a [openpgp::Cert],
+                   signers: Vec<openpgp::Cert>,
+                   mode: openpgp::types::KeyFlags, compression: &str,
+                   time: Option<SystemTime>)
+                   -> Result<()> {
     let mut passwords: Vec<crypto::Password> = Vec::with_capacity(npasswords);
     for n in 0..npasswords {
         let nprompt = format!("Enter password {}: ", n + 1);
@@ -126,9 +126,6 @@ pub fn encrypt(policy: &dyn Policy,
         }
     }
 
-    // Stream an OpenPGP message.
-    let message = Message::new(output);
-
     // We want to encrypt a literal data packet.
     let mut encryptor =
         Encryptor::for_recipients(message, recipient_subkeys);
diff --git a/tool/src/commands/sign.rs b/tool/src/commands/sign.rs
index a91ea54b..9bc2af4d 100644
--- a/tool/src/commands/sign.rs
+++ b/tool/src/commands/sign.rs
@@ -15,13 +15,12 @@ use crate::openpgp::parse::{
 };
 use crate::openpgp::serialize::Serialize;
 use crate::openpgp::serialize::stream::{
-    Message, Signer, LiteralWriter,
+    Message, Armorer, Signer, LiteralWriter,
 };
 use crate::openpgp::policy::Policy;
 use crate::{
     create_or_stdout,
     create_or_stdout_pgp,
-    Writer,
 };
 
 pub fn sign(policy: &dyn Policy,
@@ -45,7 +44,7 @@ fn sign_data(policy: &dyn Policy,
              secrets: Vec<openpgp::Cert>, detached: bool, binary: bool,
              append: bool, time: Option<SystemTime>, force: bool)
              -> Result<()> {
-    let (output, prepend_sigs, tmp_path):
+    let (mut output, prepend_sigs, tmp_path):
     (Box<dyn io::Write>, Vec<Signature>, Option<PathBuf>) =
         if detached && append && output_path.is_some() {
             // First, read the existing signatures.
@@ -78,32 +77,32 @@ fn sign_data(policy: &dyn Policy,
             (create_or_stdout(output_path, force)?, Vec::new(), None)
         };
 
-    let mut output = Writer::from(output);
+    let mut keypairs = super::get_signing_keys(&secrets, policy, time)?;
+    if keypairs.is_empty() {
+        return Err(anyhow::anyhow!("No signing keys found"));
+    }
+
+    // Stream an OpenPGP message.
+    // The sink may be a NamedTempFile.  Carefully keep a reference so
+    // that we can rename it.
+    let mut message = Message::new(&mut output);
     if ! binary {
-        output = output.armor(
-            if detached {
+        message = Armorer::new(message)
+            .kind(if detached {
                 armor::Kind::Signature
             } else {
                 armor::Kind::Message
-            },
-            Vec::new())?;
-    }
-
-    let mut keypairs = super::get_signing_keys(&secrets, policy, time)?;
-    if keypairs.is_empty() {
-        return Err(anyhow::anyhow!("No signing keys found"));
+            })
+            .build()?;
     }
 
     // When extending a detached signature, prepend any existing
     // signatures first.
     for sig in prepend_sigs.into_iter() {
-        Packet::Signature(sig).serialize(&mut output)?;
+        Packet::Signature(sig).serialize(&mut message)?;
     }
 
-    // Stream an OpenPGP message.
-    let sink = Message::new(&mut output);
-
-    let mut signer = Signer::new(sink, keypairs.pop().unwrap());
+    let mut signer = Signer::new(message, keypairs.pop().unwrap());
     for s in keypairs {
         signer = signer.add_signer(s);
         if let Some(time) = time {
@@ -131,16 +130,12 @@ fn sign_data(policy: &dyn Policy,
 
     writer.finalize()
         .context("Failed to sign")?;
-    // The sink may be a NamedTempFile.  Carefully keep a reference so
-    // that we can rename it.
-    let tmp = output.finalize()?;
 
     if let Some(path) = tmp_path {
         // Atomically replace the old file.
         fs::rename(path,
                    output_path.expect("must be Some if tmp_path is Some"))?;
     }
-    drop(tmp);
     Ok(())
 }