From 7e78e716610ac3a9bff86035c52b344b437951a2 Mon Sep 17 00:00:00 2001
From: "Neal H. Walfield" <neal@pep.foundation>
Date: Mon, 6 Jan 2020 10:29:13 +0100
Subject: openpgp: Pass a timestamp to the KeyIter instead of each filter.

  - KeyIter::revoked and KeyIter::key_flags (and its variants) didn't
    take a time stamp so they could only be used for filtering keys
    based on their current state, not their state at some time in the
    past.  Adding a time stamp to each of the filters would have fixed
    the problem, but it would have made the interface ugly: callers
    always want the same time stamp for all filters.

  - Split KeyIter into two structures: a KeyIter and a ValidKeyIter.

  - Add KeyIter::policy.  It takes a time stamp, which is then used
    for filters like `alive` and `revoked`, and it returns a
    ValidKeyIter, which exposes filters that require a time stamp.
---
 openpgp-ffi/examples/decrypt-with.c |  2 +-
 openpgp-ffi/examples/encrypt-for.c  | 12 ++++++------
 2 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'openpgp-ffi/examples')

diff --git a/openpgp-ffi/examples/decrypt-with.c b/openpgp-ffi/examples/decrypt-with.c
index c85b96f8..d395abd9 100644
--- a/openpgp-ffi/examples/decrypt-with.c
+++ b/openpgp-ffi/examples/decrypt-with.c
@@ -157,7 +157,7 @@ decrypt_cb (void *cookie_opaque,
 
     pgp_cert_key_iter_t key_iter = pgp_cert_key_iter (cookie->key);
     pgp_key_t key;
-    while ((key = pgp_cert_key_iter_next (key_iter, NULL, NULL))) {
+    while ((key = pgp_cert_key_iter_next (key_iter))) {
       pgp_keyid_t this_keyid = pgp_key_keyid (key);
       int match = pgp_keyid_equal (this_keyid, keyid);
       pgp_keyid_free (this_keyid);
diff --git a/openpgp-ffi/examples/encrypt-for.c b/openpgp-ffi/examples/encrypt-for.c
index 65bd8a45..aeb4dea4 100644
--- a/openpgp-ffi/examples/encrypt-for.c
+++ b/openpgp-ffi/examples/encrypt-for.c
@@ -36,14 +36,14 @@ main (int argc, char **argv)
   if (cert == NULL)
     error (1, 0, "pgp_cert_from_file: %s", pgp_error_to_string (err));
 
-  pgp_cert_key_iter_t iter = pgp_cert_key_iter (cert);
-  pgp_cert_key_iter_alive (iter);
-  pgp_cert_key_iter_revoked (iter, false);
-  pgp_cert_key_iter_for_storage_encryption (iter);
-  pgp_cert_key_iter_for_transport_encryption (iter);
+  pgp_cert_valid_key_iter_t iter = pgp_cert_valid_key_iter (cert, 0);
+  pgp_cert_valid_key_iter_alive (iter);
+  pgp_cert_valid_key_iter_revoked (iter, false);
+  pgp_cert_valid_key_iter_for_storage_encryption (iter);
+  pgp_cert_valid_key_iter_for_transport_encryption (iter);
   size_t recipients_len;
   pgp_recipient_t *recipients =
-    pgp_recipients_from_key_iter (iter, &recipients_len);
+    pgp_recipients_from_valid_key_iter (iter, &recipients_len);
 
   sink = pgp_writer_from_fd (STDOUT_FILENO);
 
-- 
cgit v1.2.3