diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-03-27 17:15:13 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-03-27 17:58:29 +0100 |
| commit | ffd468e0dadf8065f8ce21a62cbea8e59ec09c60 (patch) | |
| tree | 08d45ba532cd03ce274dcd73856083d31cf470da /tool/src/commands | |
| parent | 38bf9e15efe78aa08a864f14e113d8ff46bfbd11 (diff) | |
openpgp: Explain binding signature lookup failures.
- If looking up a binding signature fails, don't merely return None,
but an Err(_) that explains the lookup failure. For example, a
binding signature may be present, but it may not meet the policy.
- Fixes #460.
Diffstat (limited to 'tool/src/commands')
| -rw-r--r-- | tool/src/commands/decrypt.rs | 2 | ||||
| -rw-r--r-- | tool/src/commands/inspect.rs | 30 |
2 files changed, 22 insertions, 10 deletions
diff --git a/tool/src/commands/decrypt.rs b/tool/src/commands/decrypt.rs index 964fd6c8..68561f80 100644 --- a/tool/src/commands/decrypt.rs +++ b/tool/src/commands/decrypt.rs @@ -47,7 +47,7 @@ impl<'a> Helper<'a> { let mut identities: HashMap<KeyID, Fingerprint> = HashMap::new(); let mut hints: HashMap<KeyID, String> = HashMap::new(); for tsk in secrets { - let hint = match tsk.primary_userid(policy, None) { + let hint = match tsk.primary_userid(policy, None).ok() { Some(uid) => format!("{} ({})", uid.userid(), KeyID::from(tsk.fingerprint())), None => format!("{}", KeyID::from(tsk.fingerprint())), diff --git a/tool/src/commands/inspect.rs b/tool/src/commands/inspect.rs index 56f97463..43e3d262 100644 --- a/tool/src/commands/inspect.rs +++ b/tool/src/commands/inspect.rs @@ -150,15 +150,25 @@ fn inspect_cert(policy: &dyn Policy, writeln!(output)?; } + fn print_error_chain(output: &mut dyn io::Write, err: &anyhow::Error) + -> Result<()> { + writeln!(output, " Invalid: {}", err)?; + for cause in err.chain().skip(1) { + writeln!(output, " because: {}", cause)?; + } + Ok(()) + } + for uidb in cert.userids() { writeln!(output, " UserID: {}", uidb.userid())?; inspect_revocation(output, "", uidb.revoked(policy, None))?; - if let Some(sig) = uidb.binding_signature(policy, None) { - if let Err(e) = + match uidb.binding_signature(policy, None) { + Ok(sig) => if let Err(e) = sig.signature_alive(None, std::time::Duration::new(0, 0)) { - writeln!(output, " Invalid: {}", e)?; + print_error_chain(output, &e)?; } + Err(e) => print_error_chain(output, &e)?, } inspect_certifications(output, uidb.certifications(), @@ -169,12 +179,13 @@ fn inspect_cert(policy: &dyn Policy, for uab in cert.user_attributes() { writeln!(output, " UserID: {:?}", uab.user_attribute())?; inspect_revocation(output, "", uab.revoked(policy, None))?; - if let Some(sig) = uab.binding_signature(policy, None) { - if let Err(e) = + match uab.binding_signature(policy, None) { + Ok(sig) => if let Err(e) = sig.signature_alive(None, std::time::Duration::new(0, 0)) { - writeln!(output, " Invalid: {}", e)?; + print_error_chain(output, &e)?; } + Err(e) => print_error_chain(output, &e)?, } inspect_certifications(output, uab.certifications(), @@ -184,12 +195,13 @@ fn inspect_cert(policy: &dyn Policy, for ub in cert.unknowns() { writeln!(output, " Unknown component: {:?}", ub.unknown())?; - if let Some(sig) = ub.binding_signature(policy, None) { - if let Err(e) = + match ub.binding_signature(policy, None) { + Ok(sig) => if let Err(e) = sig.signature_alive(None, std::time::Duration::new(0, 0)) { - writeln!(output, " Invalid: {}", e)?; + print_error_chain(output, &e)?; } + Err(e) => print_error_chain(output, &e)?, } inspect_certifications(output, ub.certifications(), |