From f078f93025b517609d25ce2cb2ebc41a01d81190 Mon Sep 17 00:00:00 2001 From: "Neal H. Walfield" Date: Fri, 20 Dec 2019 14:22:09 +0100 Subject: openpgp: Simplify key iteration interface. - Cert::keys_valid() is just a short-cut for Cert::keys_all().alive().revoked(false). - Remove Cert::keys_valid() and rename Cert::keys_all() to Cert::keys(). --- guide/src/chapter_01.md | 8 +++--- guide/src/chapter_02.md | 8 +++--- ipc/examples/gpg-agent-decrypt.rs | 2 +- ipc/examples/gpg-agent-sign.rs | 2 +- ipc/tests/gpg-agent.rs | 12 ++++++--- net/src/lib.rs | 2 +- openpgp-ffi/examples/decrypt-with.c | 2 +- openpgp-ffi/examples/encrypt-for.c | 4 ++- openpgp-ffi/include/sequoia/openpgp.h | 25 ++--------------- openpgp-ffi/src/cert.rs | 35 +++--------------------- openpgp-ffi/src/parse/stream.rs | 2 +- openpgp/examples/decrypt-with.rs | 2 +- openpgp/examples/encrypt-for.rs | 4 ++- openpgp/examples/generate-encrypt-decrypt.rs | 2 +- openpgp/examples/generate-sign-verify.rs | 2 +- openpgp/examples/notarize.rs | 4 ++- openpgp/examples/pad.rs | 4 ++- openpgp/examples/sign-detached.rs | 4 ++- openpgp/examples/sign.rs | 4 ++- openpgp/src/cert/bindings.rs | 8 ++++-- openpgp/src/cert/builder.rs | 4 +-- openpgp/src/cert/keyiter.rs | 34 ++++++++++++++--------- openpgp/src/cert/mod.rs | 40 +++++----------------------- openpgp/src/crypto/keygrip.rs | 2 +- openpgp/src/crypto/mpis.rs | 2 +- openpgp/src/packet/signature/mod.rs | 2 +- openpgp/src/parse/stream.rs | 6 ++--- openpgp/src/serialize/cert.rs | 4 +-- openpgp/src/serialize/stream.rs | 20 +++++++------- sqv/src/sqv.rs | 4 +-- store/src/backend/mod.rs | 2 +- tool/src/commands/mod.rs | 8 +++--- tool/tests/sq-sign.rs | 2 +- 33 files changed, 112 insertions(+), 154 deletions(-) diff --git a/guide/src/chapter_01.md b/guide/src/chapter_01.md index 6368a9eb..56c131fb 100644 --- a/guide/src/chapter_01.md +++ b/guide/src/chapter_01.md @@ -51,7 +51,7 @@ fn main() { # fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) # -> openpgp::Result<()> { # // Get the keypair to do the signing from the Cert. -# let keypair = tsk.keys_valid().for_signing().nth(0).unwrap(). +# let keypair = tsk.keys().alive().revoked(false).for_signing().nth(0).unwrap(). # key().clone().mark_parts_secret().unwrap().into_keypair()?; # # // Start streaming an OpenPGP message. @@ -196,7 +196,7 @@ fn generate() -> openpgp::Result { # fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) # -> openpgp::Result<()> { # // Get the keypair to do the signing from the Cert. -# let keypair = tsk.keys_valid().for_signing().nth(0).unwrap(). +# let keypair = tsk.keys().alive().revoked(false).for_signing().nth(0).unwrap(). # key().clone().mark_parts_secret().unwrap().into_keypair()?; # # // Start streaming an OpenPGP message. @@ -341,7 +341,7 @@ implements [`io::Write`], and we simply write the plaintext to it. fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) -> openpgp::Result<()> { // Get the keypair to do the signing from the Cert. - let keypair = tsk.keys_valid().for_signing().nth(0).unwrap(). + let keypair = tsk.keys().alive().revoked(false).for_signing().nth(0).unwrap(). key().clone().mark_parts_secret().unwrap().into_keypair()?; // Start streaming an OpenPGP message. @@ -497,7 +497,7 @@ Verified data can be read from this using [`io::Read`]. # fn sign(sink: &mut Write, plaintext: &str, tsk: &openpgp::Cert) # -> openpgp::Result<()> { # // Get the keypair to do the signing from the Cert. -# let keypair = tsk.keys_valid().for_signing().nth(0).unwrap(). +# let keypair = tsk.keys().alive().revoked(false).for_signing().nth(0).unwrap(). # key().clone().mark_parts_secret().unwrap().into_keypair()?; # # // Start streaming an OpenPGP message. diff --git a/guide/src/chapter_02.md b/guide/src/chapter_02.md index e1687803..9f4c3a0a 100644 --- a/guide/src/chapter_02.md +++ b/guide/src/chapter_02.md @@ -51,7 +51,7 @@ fn main() { # -> openpgp::Result<()> { # // Build a vector of recipients to hand to Encryptor. # let mut recipients = -# recipient.keys_valid() +# recipient.keys().alive().revoked(false) # .for_transport_encryption() # .map(|ka| ka.key().into()) # .collect::>(); @@ -192,7 +192,7 @@ fn generate() -> openpgp::Result { # -> openpgp::Result<()> { # // Build a vector of recipients to hand to Encryptor. # let mut recipients = -# recipient.keys_valid() +# recipient.keys().alive().revoked(false) # .for_transport_encryption() # .map(|ka| ka.key().into()) # .collect::>(); @@ -333,7 +333,7 @@ fn encrypt(sink: &mut Write, plaintext: &str, recipient: &openpgp::Cert) -> openpgp::Result<()> { // Build a vector of recipients to hand to Encryptor. let mut recipients = - recipient.keys_valid() + recipient.keys().alive().revoked(false) .for_transport_encryption() .map(|ka| ka.key().into()) .collect::>(); @@ -488,7 +488,7 @@ Decrypted data can be read from this using [`io::Read`]. # -> openpgp::Result<()> { # // Build a vector of recipients to hand to Encryptor. # let mut recipients = -# recipient.keys_valid() +# recipient.keys().alive().revoked(false) # .for_transport_encryption() # .map(|ka| ka.key().into()) # .collect::>(); diff --git a/ipc/examples/gpg-agent-decrypt.rs b/ipc/examples/gpg-agent-decrypt.rs index 381bab6d..2b9252cc 100644 --- a/ipc/examples/gpg-agent-decrypt.rs +++ b/ipc/examples/gpg-agent-decrypt.rs @@ -74,7 +74,7 @@ impl<'a> Helper<'a> { // Map (sub)KeyIDs to secrets. let mut keys = HashMap::new(); for cert in certs { - for ka in cert.keys_all() { + for ka in cert.keys() { if ka.binding_signature(None) .map(|s| (s.key_flags().for_storage_encryption() || s.key_flags().for_transport_encryption())) diff --git a/ipc/examples/gpg-agent-sign.rs b/ipc/examples/gpg-agent-sign.rs index dfc3f304..b5f32a9c 100644 --- a/ipc/examples/gpg-agent-sign.rs +++ b/ipc/examples/gpg-agent-sign.rs @@ -39,7 +39,7 @@ fn main() { // Construct a KeyPair for every signing-capable (sub)key. let mut signers = certs.iter().flat_map(|cert| { - cert.keys_valid().for_signing().filter_map(|ka| { + cert.keys().alive().revoked(false).for_signing().filter_map(|ka| { KeyPair::new(&ctx, ka.key()).ok() }) }).collect::>(); diff --git a/ipc/tests/gpg-agent.rs b/ipc/tests/gpg-agent.rs index 6a74ffa3..889402b5 100644 --- a/ipc/tests/gpg-agent.rs +++ b/ipc/tests/gpg-agent.rs @@ -95,7 +95,9 @@ fn sign() { gpg_import(&ctx, &buf); let keypair = KeyPair::new( - &ctx, cert.keys_valid().for_signing().take(1).next().unwrap().key()) + &ctx, + cert.keys().alive().revoked(false) + .for_signing().take(1).next().unwrap().key()) .unwrap(); let mut message = Vec::new(); @@ -208,7 +210,8 @@ fn decrypt() { let mut message = Vec::new(); { let recipient = - cert.keys_valid().key_flags( + cert.keys().alive().revoked(false) + .key_flags( KeyFlags::default().set_transport_encryption(true)) .map(|ka| ka.key().into()) .nth(0).unwrap(); @@ -275,8 +278,9 @@ fn decrypt() { { let mut keypair = KeyPair::new( self.ctx, - self.cert.keys_valid().key_flags( - KeyFlags::default().set_transport_encryption(true)) + self.cert.keys().alive().revoked(false). + key_flags( + KeyFlags::default().set_transport_encryption(true)) .take(1).next().unwrap().key()) .unwrap(); diff --git a/net/src/lib.rs b/net/src/lib.rs index a7746727..8f91ce18 100644 --- a/net/src/lib.rs +++ b/net/src/lib.rs @@ -183,7 +183,7 @@ impl KeyServer { Some(armor::Kind::PublicKey))); match Cert::from_reader(r) { Ok(cert) => { - if cert.keys_all().any(|ka| { + if cert.keys().any(|ka| { KeyID::from(ka.key().fingerprint()) == keyid_want }) { diff --git a/openpgp-ffi/examples/decrypt-with.c b/openpgp-ffi/examples/decrypt-with.c index 423106bd..c85b96f8 100644 --- a/openpgp-ffi/examples/decrypt-with.c +++ b/openpgp-ffi/examples/decrypt-with.c @@ -155,7 +155,7 @@ decrypt_cb (void *cookie_opaque, pgp_pkesk_t pkesk = pkesks[i]; pgp_keyid_t keyid = pgp_pkesk_recipient (pkesk); - pgp_cert_key_iter_t key_iter = pgp_cert_key_iter_all (cookie->key); + pgp_cert_key_iter_t key_iter = pgp_cert_key_iter (cookie->key); pgp_key_t key; while ((key = pgp_cert_key_iter_next (key_iter, NULL, NULL))) { pgp_keyid_t this_keyid = pgp_key_keyid (key); diff --git a/openpgp-ffi/examples/encrypt-for.c b/openpgp-ffi/examples/encrypt-for.c index 8303f8ee..65bd8a45 100644 --- a/openpgp-ffi/examples/encrypt-for.c +++ b/openpgp-ffi/examples/encrypt-for.c @@ -36,7 +36,9 @@ main (int argc, char **argv) if (cert == NULL) error (1, 0, "pgp_cert_from_file: %s", pgp_error_to_string (err)); - pgp_cert_key_iter_t iter = pgp_cert_key_iter_valid (cert); + pgp_cert_key_iter_t iter = pgp_cert_key_iter (cert); + pgp_cert_key_iter_alive (iter); + pgp_cert_key_iter_revoked (iter, false); pgp_cert_key_iter_for_storage_encryption (iter); pgp_cert_key_iter_for_transport_encryption (iter); size_t recipients_len; diff --git a/openpgp-ffi/include/sequoia/openpgp.h b/openpgp-ffi/include/sequoia/openpgp.h index 4d6d8416..4468ccb5 100644 --- a/openpgp-ffi/include/sequoia/openpgp.h +++ b/openpgp-ffi/include/sequoia/openpgp.h @@ -912,30 +912,9 @@ pgp_user_id_binding_iter_t pgp_cert_user_id_binding_iter (pgp_cert_t cert); /// Returns an iterator over all `Key`s in a Cert. /// /// That is, this returns an iterator over the primary key and any -/// subkeys, along with the corresponding signatures. -/// -/// Note: since a primary key is different from a subkey, the iterator -/// is over `Key`s and not `SubkeyBindings`. Since the primary key -/// has no binding signature, the signature carrying the primary key's -/// key flags is returned (either a direct key signature, or the -/// self-signature on the primary User ID). There are corner cases -/// where no such signature exists (e.g. partial Certs), therefore this -/// iterator may return `None` for the primary key's signature. -/// -/// A valid `Key` has at least one good self-signature. -/// -/// Compare with `pgp_cert_key_iter_valid`, which filters out expired and -/// revoked keys. -/*/ -pgp_cert_key_iter_t pgp_cert_key_iter_all (pgp_cert_t cert); - -/*/ -/// Returns an iterator over the live and unrevoked `Key`s in a Cert. -/// -/// Compare with `pgp_cert_key_iter_all`, which doesn't filter out -/// expired and revoked keys by default. +/// subkeys. /*/ -pgp_cert_key_iter_t pgp_cert_key_iter_valid (pgp_cert_t cert); +pgp_cert_key_iter_t pgp_cert_key_iter (pgp_cert_t cert); /*/ /// Returns the Cert's primary user id (if any). diff --git a/openpgp-ffi/src/cert.rs b/openpgp-ffi/src/cert.rs index 2791ad1c..0c91dd88 100644 --- a/openpgp-ffi/src/cert.rs +++ b/openpgp-ffi/src/cert.rs @@ -436,44 +436,17 @@ pub struct KeyIterWrapper<'a> { next_called: bool, } -/// Returns an iterator over the Cert's live, non-revoked keys. -/// -/// That is, this returns an iterator over the primary key and any -/// subkeys, along with the corresponding signatures. -/// -/// Note: since a primary key is different from a subkey, the iterator -/// is over `Key`s and not `SubkeyBindings`. Since the primary key -/// has no binding signature, the signature carrying the primary key's -/// key flags is returned (either a direct key signature, or the -/// self-signature on the primary User ID). There are corner cases -/// where no such signature exists (e.g. partial Certs), therefore this -/// iterator may return `None` for the primary key's signature. -/// -/// A valid `Key` has at least one good self-signature. -/// -/// To return all keys, use `pgp_cert_key_iter_all()`. -#[::sequoia_ffi_macros::extern_fn] #[no_mangle] -pub extern "C" fn pgp_cert_key_iter_valid(cert: *const Cert) - -> *mut KeyIterWrapper<'static> -{ - let cert = cert.ref_raw(); - box_raw!(KeyIterWrapper { - iter: cert.keys_valid(), - next_called: false, - }) -} - /// Returns an iterator over all `Key`s in a Cert. /// -/// Compare with `pgp_cert_key_iter_valid`, which filters out expired -/// and revoked keys by default. +/// That is, this returns an iterator over the primary key and any +/// subkeys. #[::sequoia_ffi_macros::extern_fn] #[no_mangle] -pub extern "C" fn pgp_cert_key_iter_all(cert: *const Cert) +pub extern "C" fn pgp_cert_key_iter(cert: *const Cert) -> *mut KeyIterWrapper<'static> { let cert = cert.ref_raw(); box_raw!(KeyIterWrapper { - iter: cert.keys_all(), + iter: cert.keys(), next_called: false, }) } diff --git a/openpgp-ffi/src/parse/stream.rs b/openpgp-ffi/src/parse/stream.rs index f3b5b32f..3478b141 100644 --- a/openpgp-ffi/src/parse/stream.rs +++ b/openpgp-ffi/src/parse/stream.rs @@ -816,7 +816,7 @@ impl DecryptionHelper for DHelper { /// pgp_pkesk_t pkesk = pkesks[i]; /// pgp_keyid_t keyid = pgp_pkesk_recipient (pkesk); /// -/// pgp_cert_key_iter_t key_iter = pgp_cert_key_iter_all (cookie->key); +/// pgp_cert_key_iter_t key_iter = pgp_cert_key_iter (cookie->key); /// pgp_key_t key; /// while ((key = pgp_cert_key_iter_next (key_iter, NULL, NULL))) { /// pgp_keyid_t this_keyid = pgp_key_keyid (key); diff --git a/openpgp/examples/decrypt-with.rs b/openpgp/examples/decrypt-with.rs index 7c924cc9..27977048 100644 --- a/openpgp/examples/decrypt-with.rs +++ b/openpgp/examples/decrypt-with.rs @@ -58,7 +58,7 @@ impl Helper { // Map (sub)KeyIDs to secrets. let mut keys = HashMap::new(); for cert in certs { - for ka in cert.keys_all() { + for ka in cert.keys() { if ka.binding_signature(None) .map(|s| (s.key_flags().for_storage_encryption() || s.key_flags().for_transport_encryption())) diff --git a/openpgp/examples/encrypt-for.rs b/openpgp/examples/encrypt-for.rs index eceec5b3..93eba5b5 100644 --- a/openpgp/examples/encrypt-for.rs +++ b/openpgp/examples/encrypt-for.rs @@ -37,7 +37,9 @@ fn main() { // Build a vector of recipients to hand to Encryptor. let mut recipients = certs.iter() - .flat_map(|cert| cert.keys_valid().key_flags(mode.clone())) + .flat_map(|cert| { + cert.keys().alive().revoked(false).key_flags(mode.clone()) + }) .map(|ka| ka.key().into()) .collect::>(); diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs index 01782b47..416a4b73 100644 --- a/openpgp/examples/generate-encrypt-decrypt.rs +++ b/openpgp/examples/generate-encrypt-decrypt.rs @@ -42,7 +42,7 @@ fn encrypt(sink: &mut dyn Write, plaintext: &str, recipient: &openpgp::Cert) -> openpgp::Result<()> { // Build a vector of recipients to hand to Encryptor. let mut recipients = - recipient.keys_valid() + recipient.keys().alive().revoked(false) .for_transport_encryption() .map(|ka| ka.key().into()) .collect::>(); diff --git a/openpgp/examples/generate-sign-verify.rs b/openpgp/examples/generate-sign-verify.rs index 1cccac44..a51ff031 100644 --- a/openpgp/examples/generate-sign-verify.rs +++ b/openpgp/examples/generate-sign-verify.rs @@ -40,7 +40,7 @@ fn generate() -> openpgp::Result { fn sign(sink: &mut dyn Write, plaintext: &str, tsk: &openpgp::Cert) -> openpgp::Result<()> { // Get the keypair to do the signing from the Cert. - let keypair = tsk.keys_valid().for_signing().nth(0).unwrap() + let keypair = tsk.keys().alive().revoked(false).for_signing().nth(0).unwrap() .key().clone().mark_parts_secret().unwrap().into_keypair()?; // Start streaming an OpenPGP message. diff --git a/openpgp/examples/notarize.rs b/openpgp/examples/notarize.rs index f52466f4..fec7419b 100644 --- a/openpgp/examples/notarize.rs +++ b/openpgp/examples/notarize.rs @@ -28,7 +28,9 @@ fn main() { .expect("Failed to read key"); let mut n = 0; - for key in tsk.keys_valid().for_signing().secret().map(|ka| ka.key()) { + for key in tsk.keys().alive().revoked(false).for_signing().secret() + .map(|ka| ka.key()) + { keys.push({ let mut key = key.clone(); if key.secret().expect("filtered").is_encrypted() { diff --git a/openpgp/examples/pad.rs b/openpgp/examples/pad.rs index 32583a42..95625f51 100644 --- a/openpgp/examples/pad.rs +++ b/openpgp/examples/pad.rs @@ -39,7 +39,9 @@ fn main() { // Build a vector of recipients to hand to Encryptor. let mut recipients = certs.iter() - .flat_map(|cert| cert.keys_valid().key_flags(mode.clone())) + .flat_map(|cert| { + cert.keys().alive().revoked(false).key_flags(mode.clone()) + }) .map(|ka| Recipient::new(KeyID::wildcard(), ka.key())) .collect::>(); diff --git a/openpgp/examples/sign-detached.rs b/openpgp/examples/sign-detached.rs index 20d4150b..eea08f08 100644 --- a/openpgp/examples/sign-detached.rs +++ b/openpgp/examples/sign-detached.rs @@ -24,7 +24,9 @@ fn main() { .expect("Failed to read key"); let mut n = 0; - for key in tsk.keys_valid().for_signing().secret().map(|ka| ka.key()) { + for key in tsk.keys().alive().revoked(false).for_signing().secret() + .map(|ka| ka.key()) + { keys.push({ let mut key = key.clone(); if key.secret().expect("filtered").is_encrypted() { diff --git a/openpgp/examples/sign.rs b/openpgp/examples/sign.rs index 7fae29ef..d8054fac 100644 --- a/openpgp/examples/sign.rs +++ b/openpgp/examples/sign.rs @@ -23,7 +23,9 @@ fn main() { .expect("Failed to read key"); let mut n = 0; - for key in tsk.keys_valid().for_signing().secret().map(|ka| ka.key()) { + for key in tsk.keys().alive().revoked(false).for_signing().secret() + .map(|ka| ka.key()) + { keys.push({ let mut key = key.clone(); if key.secret().expect("filtered").is_encrypted() { diff --git a/openpgp/src/cert/bindings.rs b/openpgp/src/cert/bindings.rs index d06dbfa6..70e80983 100644 --- a/openpgp/src/cert/bindings.rs +++ b/openpgp/src/cert/bindings.rs @@ -36,7 +36,9 @@ impl Key { /// /// // Let's add an encryption subkey. /// let flags = KeyFlags::default().set_storage_encryption(true); - /// assert_eq!(cert.keys_valid().key_flags(flags.clone()).count(), 0); + /// assert_eq!(cert.keys().alive().revoked(false) + /// .key_flags(flags.clone()).count(), + /// 0); /// /// // Generate a subkey and a binding signature. /// let subkey: Key<_, key::SubordinateRole> = @@ -51,7 +53,9 @@ impl Key { /// binding.into()])?; /// /// // Check that we have an encryption subkey. - /// assert_eq!(cert.keys_valid().key_flags(flags).count(), 1); + /// assert_eq!(cert.keys().alive().revoked(false) + /// .key_flags(flags).count(), + /// 1); /// # Ok(()) } pub fn bind(&self, signer: &mut dyn Signer, cert: &Cert, signature: signature::Builder, diff --git a/openpgp/src/cert/builder.rs b/openpgp/src/cert/builder.rs index 24bc5fe7..511ddd2d 100644 --- a/openpgp/src/cert/builder.rs +++ b/openpgp/src/cert/builder.rs @@ -655,7 +655,7 @@ mod tests { assert!(sig.key_alive(key, now + 590 * s).is_ok()); assert!(! sig.key_alive(key, now + 610 * s).is_ok()); - let (sig, key) = cert.keys_valid().for_signing() + let (sig, key) = cert.keys().alive().revoked(false).for_signing() .nth(0).map(|ka| { (ka.binding_signature(None).unwrap(), ka.key()) }).unwrap(); @@ -663,7 +663,7 @@ mod tests { assert!(sig.key_alive(key, now + 290 * s).is_ok()); assert!(! sig.key_alive(key, now + 310 * s).is_ok()); - let (sig, key) = cert.keys_valid().for_authentication() + let (sig, key) = cert.keys().alive().revoked(false).for_authentication() .nth(0).map(|ka| { (ka.binding_signature(None).unwrap(), ka.key()) }).unwrap(); diff --git a/openpgp/src/cert/keyiter.rs b/openpgp/src/cert/keyiter.rs index 8c948f50..b4fbe725 100644 --- a/openpgp/src/cert/keyiter.rs +++ b/openpgp/src/cert/keyiter.rs @@ -391,7 +391,7 @@ mod test { fn key_iter_test() { let key = Cert::from_bytes(crate::tests::key("neal.pgp")).unwrap(); assert_eq!(1 + key.subkeys().count(), - key.keys_all().count()); + key.keys().count()); } #[test] @@ -400,7 +400,7 @@ mod test { .generate().unwrap(); let flags = KeyFlags::default().set_transport_encryption(true); - assert_eq!(cert.keys_all().key_flags(flags).count(), 0); + assert_eq!(cert.keys().key_flags(flags).count(), 0); } #[test] @@ -410,7 +410,7 @@ mod test { .generate().unwrap(); let flags = KeyFlags::default().set_transport_encryption(true); - assert_eq!(cert.keys_all().key_flags(flags).count(), 1); + assert_eq!(cert.keys().key_flags(flags).count(), 1); } #[test] @@ -421,7 +421,7 @@ mod test { .generate().unwrap(); let flags = KeyFlags::default().set_transport_encryption(true); - assert_eq!(cert.keys_all().key_flags(flags).count(), 1); + assert_eq!(cert.keys().key_flags(flags).count(), 1); } #[test] @@ -433,7 +433,7 @@ mod test { let now = std::time::SystemTime::now() - std::time::Duration::new(52 * 7 * 24 * 60 * 60, 0); - assert_eq!(cert.keys_all().key_flags(flags).alive_at(now).count(), 0); + assert_eq!(cert.keys().key_flags(flags).alive_at(now).count(), 0); } #[test] @@ -443,7 +443,7 @@ mod test { .generate().unwrap(); let flags = KeyFlags::default().set_certification(true); - assert_eq!(cert.keys_all().key_flags(flags).count(), 2); + assert_eq!(cert.keys().key_flags(flags).count(), 2); } #[test] @@ -455,12 +455,22 @@ mod test { .add_storage_encryption_subkey() .add_authentication_subkey() .generate().unwrap(); - assert_eq!(cert.keys_valid().for_certification().count(), 2); - assert_eq!(cert.keys_valid().for_transport_encryption().count(), + assert_eq!(cert.keys().alive().revoked(false) + .for_certification().count(), + 2); + assert_eq!(cert.keys().alive().revoked(false) + .for_transport_encryption().count(), + 1); + assert_eq!(cert.keys().alive().revoked(false) + .for_storage_encryption().count(), + 1); + + assert_eq!(cert.keys().alive().revoked(false) + .for_signing().count(), + 1); + assert_eq!(cert.keys().alive().revoked(false) + .key_flags(KeyFlags::default().set_authentication(true)) + .count(), 1); - assert_eq!(cert.keys_valid().for_storage_encryption().count(), 1); - assert_eq!(cert.keys_valid().for_signing().count(), 1); - assert_eq!(cert.keys_valid().key_flags( - KeyFlags::default().set_authentication(true)).count(), 1); } } diff --git a/openpgp/src/cert/mod.rs b/openpgp/src/cert/mod.rs index 45e22271..029e8182 100644 --- a/openpgp/src/cert/mod.rs +++ b/openpgp/src/cert/mod.rs @@ -1210,37 +1210,11 @@ impl Cert { &self.bad } - /// Returns an iterator over the Cert's valid keys (live and - /// not-revoked). + /// Returns an iterator over the certificate's keys. /// /// That is, this returns an iterator over the primary key and any - /// subkeys, along with the corresponding signatures. - /// - /// Note: since a primary key is different from a binding, the - /// iterator is over `Key`s and not `KeyBindings`. - /// Furthermore, the primary key has no binding signature. Here, - /// the signature carrying the primary key's key flags is - /// returned. There are corner cases where no such signature - /// exists (e.g. partial Certs), therefore this iterator may return - /// `None` for the primary key's signature. - /// - /// A valid `Key` has at least one good self-signature. - /// - /// To return all keys, do `keys_all()`. See the - /// documentation of `keys` for how to control what keys are - /// returned. - pub fn keys_valid(&self) - -> KeyIter - { - KeyIter::new(self).alive().revoked(false) - } - - /// Returns an iterator over the Cert's keys. - /// - /// Unlike `Cert::keys_valid()`, this iterator also returns expired - /// and revoked keys. - pub fn keys_all(&self) - -> KeyIter + /// subkeys. + pub fn keys(&self) -> KeyIter { KeyIter::new(self) } @@ -3487,8 +3461,8 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= .add_transport_encryption_subkey() .set_password(Some(String::from("streng geheim").into())) .generate().unwrap(); - assert_eq!(cert.keys_all().secret().count(), 2); - assert_eq!(cert.keys_all().unencrypted_secret().count(), 0); + assert_eq!(cert.keys().secret().count(), 2); + assert_eq!(cert.keys().unencrypted_secret().count(), 0); let mut primary = cert.primary().clone(); let algo = primary.pk_algo(); @@ -3498,7 +3472,7 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= primary.mark_parts_secret().unwrap().mark_role_primary().into() ]).unwrap(); - assert_eq!(cert.keys_all().secret().count(), 2); - assert_eq!(cert.keys_all().unencrypted_secret().count(), 1); + assert_eq!(cert.keys().secret().count(), 2); + assert_eq!(cert.keys().unencrypted_secret().count(), 1); } } diff --git a/openpgp/src/crypto/keygrip.rs b/openpgp/src/crypto/keygrip.rs index ecc1d4e7..cff25e6f 100644 --- a/openpgp/src/crypto/keygrip.rs +++ b/openpgp/src/crypto/keygrip.rs @@ -340,7 +340,7 @@ mod tests { .iter().map(|n| (n, crate::Cert::from_bytes(crate::tests::key(n)).unwrap())) { eprintln!("{}", name); - for key in cert.keys_all().map(|ka| ka.key()) { + for key in cert.keys().map(|ka| ka.key()) { let fp = key.fingerprint(); eprintln!("(sub)key: {}", fp); assert_eq!(&key.mpis().keygrip().unwrap(), diff --git a/openpgp/src/crypto/mpis.rs b/openpgp/src/crypto/mpis.rs index 2c62a82b..37f75213 100644 --- a/openpgp/src/crypto/mpis.rs +++ b/openpgp/src/crypto/mpis.rs @@ -1047,7 +1047,7 @@ mod tests { ("erika-corinna-daniela-simone-antonia-nistp521.pgp", 0, 521), ] { let cert = crate::Cert::from_bytes(crate::tests::key(name)).unwrap(); - let key = cert.keys_all().nth(*key_no).unwrap().key(); + let key = cert.keys().nth(*key_no).unwrap().key(); assert_eq!(key.mpis().bits().unwrap(), *bits, "Cert {}, key no {}", name, *key_no); } diff --git a/openpgp/src/packet/signature/mod.rs b/openpgp/src/packet/signature/mod.rs index 02b256c1..e47e744c 100644 --- a/openpgp/src/packet/signature/mod.rs +++ b/openpgp/src/packet/signature/mod.rs @@ -1483,7 +1483,7 @@ mod test { let test1 = Cert::from_bytes( crate::tests::key("test1-certification-key.pgp")).unwrap(); - let cert_key1 = test1.keys_all() + let cert_key1 = test1.keys() .for_certification() .nth(0) .map(|ka| ka.key()) diff --git a/openpgp/src/parse/stream.rs b/openpgp/src/parse/stream.rs index fe0d7dd5..ee7cd39b 100644 --- a/openpgp/src/parse/stream.rs +++ b/openpgp/src/parse/stream.rs @@ -699,7 +699,7 @@ impl<'a, H: VerificationHelper> Verifier<'a, H> { if let Some((i, j)) = self.keys.get(&issuer) { let cert = &self.certs[*i]; - let ka = cert.keys_all().nth(*j).unwrap(); + let ka = cert.keys().nth(*j).unwrap(); let binding = ka.binding_signature(self.time); let revoked = ka.revoked(self.time); let key = ka.key(); @@ -1596,7 +1596,7 @@ impl<'a, H: VerificationHelper + DecryptionHelper> Decryptor<'a, H> { if let Some((i, j)) = self.keys.get(&issuer) { let cert = &self.certs[*i]; - let ka = cert.keys_all().nth(*j).unwrap(); + let ka = cert.keys().nth(*j).unwrap(); let binding = ka.binding_signature(self.time); let revoked = ka.revoked(self.time); let key = ka.key(); @@ -2063,7 +2063,7 @@ mod test { // sign 30MiB message let mut buf = vec![]; { - let key = cert.keys_all().for_signing().nth(0).unwrap().key(); + let key = cert.keys().for_signing().nth(0).unwrap().key(); let keypair = key.clone().mark_parts_secret().unwrap() .into_keypair().unwrap(); diff --git a/openpgp/src/serialize/cert.rs b/openpgp/src/serialize/cert.rs index 98b3e542..773606a6 100644 --- a/openpgp/src/serialize/cert.rs +++ b/openpgp/src/serialize/cert.rs @@ -316,7 +316,7 @@ impl<'a> TSK<'a> { /// # f().unwrap(); /// # fn f() -> Result<()> { /// let (cert, _) = CertBuilder::new().add_signing_subkey().generate()?; - /// assert_eq!(cert.keys_valid().secret().count(), 2); + /// assert_eq!(cert.keys().alive().revoked(false).secret().count(), 2); /// /// // Only write out the primary key's secret. /// let mut buf = Vec::new(); @@ -328,7 +328,7 @@ impl<'a> TSK<'a> { /// .serialize(&mut buf)?; /// /// let cert_ = Cert::from_bytes(&buf)?; - /// assert_eq!(cert_.keys_valid().secret().count(), 1); + /// assert_eq!(cert_.keys().alive().revoked(false).secret().count(), 1); /// assert!(cert_.primary().secret().is_some()); /// # Ok(()) } pub fn set_filter

(mut self, predicate: P) -> Self diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs index a3204bca..ba2c91a7 100644 --- a/openpgp/src/serialize/stream.rs +++ b/openpgp/src/serialize/stream.rs @@ -228,7 +228,7 @@ impl<'a> Signer<'a> { /// # let tsk = Cert::from_bytes(&include_bytes!( /// # "../../tests/data/keys/testy-new-private.pgp")[..]) /// # .unwrap(); - /// # let keypair = tsk.keys_valid().for_signing().nth(0).unwrap().key() + /// # let keypair = tsk.keys().alive().revoked(false).for_signing().nth(0).unwrap().key() /// # .clone().mark_parts_secret().unwrap().into_keypair().unwrap(); /// # f(tsk, keypair).unwrap(); /// # fn f(cert: Cert, mut signing_keypair: KeyPair) @@ -331,8 +331,10 @@ impl<'a> Signer<'a> { /// # let tsk = Cert::from_bytes(&include_bytes!( /// # "../../tests/data/keys/testy-new-private.pgp")[..]) /// # .unwrap(); - /// # let keypair = tsk.keys_valid().for_signing().nth(0).unwrap().key() - /// # .clone().mark_parts_secret().unwrap().into_keypair().unwrap(); + /// # let keypair + /// # = tsk.keys().alive().revoked(false).for_signing().nth(0).unwrap() + /// # .key().clone().mark_parts_secret().unwrap().into_keypair() + /// # .unwrap(); /// # f(tsk, keypair).unwrap(); /// # fn f(cert: Cert, mut signing_keypair: KeyPair) /// # -> Result<()> { @@ -983,7 +985,7 @@ impl<'a> Encryptor<'a> { /// /// // Build a vector of recipients to hand to Encryptor. /// let recipient = - /// cert.keys_valid() + /// cert.keys().alive().revoked(false) /// .key_flags(KeyFlags::default() /// .set_storage_encryption(true) /// .set_transport_encryption(true)) @@ -1468,8 +1470,7 @@ mod test { Cert::from_bytes(crate::tests::key("testy-private.pgp")).unwrap(), Cert::from_bytes(crate::tests::key("testy-new-private.pgp")).unwrap(), ] { - for key in tsk.keys_all().for_signing().map(|ka| ka.key()) - { + for key in tsk.keys().for_signing().map(|ka| ka.key()) { keys.insert(key.fingerprint(), key.clone()); } } @@ -1673,10 +1674,9 @@ mod test { mut decrypt: D) -> Result> where D: FnMut(SymmetricAlgorithm, &SessionKey) -> Result<()> { - let mut keypair = self.tsk.keys_all() + let mut keypair = self.tsk.keys() .key_flags( - KeyFlags::default() - .set_transport_encryption(true)) + KeyFlags::default().set_transport_encryption(true)) .map(|ka| ka.key()).next().unwrap() .clone().mark_parts_secret().unwrap() .into_keypair().unwrap(); @@ -1702,7 +1702,7 @@ mod test { { let m = Message::new(&mut msg); let recipient = - tsk.keys_all() + tsk.keys() .key_flags(KeyFlags::default() .set_storage_encryption(true) .set_transport_encryption(true)) diff --git a/sqv/src/sqv.rs b/sqv/src/sqv.rs index b73592f6..ac78c8c5 100644 --- a/sqv/src/sqv.rs +++ b/sqv/src/sqv.rs @@ -155,7 +155,7 @@ fn real_main() -> Result<(), failure::Error> { fn cert_has_key(cert: &Cert, keyid: &KeyID) -> bool { // Even if a key is revoked or expired, we can still use it to // verify a message. - cert.keys_all().any(|ka| *keyid == ka.key().keyid()) + cert.keys().any(|ka| *keyid == ka.key().keyid()) } // Find the certs. @@ -233,7 +233,7 @@ fn real_main() -> Result<(), failure::Error> { if let Some(cert) = certs.get(&issuer.clone().into()) { let cert = cert.borrow(); // Find the right key. - for ka in cert.keys_all() { + for ka in cert.keys() { // Use the current binding signature. let binding = match ka.binding_signature(None) { Some(b) => b, diff --git a/store/src/backend/mod.rs b/store/src/backend/mod.rs index 3876767f..ccb80551 100644 --- a/store/src/backend/mod.rs +++ b/store/src/backend/mod.rs @@ -806,7 +806,7 @@ impl KeyServer { /// Keeps the mapping of (sub)KeyIDs to keys up-to-date. fn reindex_subkeys(c: &Connection, key_id: ID, cert: &Cert) -> Result<()> { - for key in cert.keys_all().map(|ka| ka.key()) { + for key in cert.keys().map(|ka| ka.key()) { let keyid = key.keyid().as_u64() .expect("computed keyid is valid"); diff --git a/tool/src/commands/mod.rs b/tool/src/commands/mod.rs index 1263fa05..1e136572 100644 --- a/tool/src/commands/mod.rs +++ b/tool/src/commands/mod.rs @@ -48,7 +48,7 @@ fn get_signing_keys(certs: &[openpgp::Cert]) { let mut keys = Vec::new(); 'next_cert: for tsk in certs { - for key in tsk.keys_valid() + for key in tsk.keys().alive().revoked(false) .for_signing() .map(|ka| ka.key()) { @@ -112,7 +112,9 @@ pub fn encrypt(mapping: &mut store::Mapping, let mut recipient_subkeys: Vec = Vec::new(); for cert in certs.iter() { let mut count = 0; - for key in cert.keys_valid().key_flags(mode.clone()).map(|ka| ka.key()) { + for key in cert.keys().alive().revoked(false). + key_flags(mode.clone()).map(|ka| ka.key()) + { recipient_subkeys.push(key.into()); count += 1; } @@ -306,7 +308,7 @@ impl<'a> VerificationHelper for VHelper<'a> { .flat_map(|cert| { // Even if a key is revoked or expired, we can still // use it to verify a message. - cert.keys_all().map(|ka| ka.key().fingerprint().into()) + cert.keys().map(|ka| ka.key().fingerprint().into()) }).collect(); // Explicitly provided keys are trusted. diff --git a/tool/tests/sq-sign.rs b/tool/tests/sq-sign.rs index 0c1fbed8..32d45add 100644 --- a/tool/tests/sq-sign.rs +++ b/tool/tests/sq-sign.rs @@ -208,7 +208,7 @@ fn sq_sign_append_on_compress_then_sign() { // message by foot. let tsk = Cert::from_file(&p("keys/dennis-simon-anton-private.pgp")) .unwrap(); - let key = tsk.keys_all().for_signing().nth(0).unwrap().key(); + let key = tsk.keys().for_signing().nth(0).unwrap().key(); let sec = match key.secret() { Some(SecretKeyMaterial::Unencrypted(ref u)) => u.clone(), _ => unreachable!(), -- cgit v1.2.3