From 54babeba8b7d4758f17f450d80092eed19bcfb56 Mon Sep 17 00:00:00 2001
From: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Date: Thu, 10 Sep 2020 10:09:20 +0200
Subject: openpgp: Add functions that only return valid signatures.

  - Fixes #622.
---
 openpgp/src/cert/amalgamation.rs | 45 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 43 insertions(+), 2 deletions(-)

(limited to 'openpgp/src/cert/amalgamation.rs')

diff --git a/openpgp/src/cert/amalgamation.rs b/openpgp/src/cert/amalgamation.rs
index 7e065e4d..786dcca7 100644
--- a/openpgp/src/cert/amalgamation.rs
+++ b/openpgp/src/cert/amalgamation.rs
@@ -233,7 +233,10 @@ use crate::{
         UserID,
     },
     Result,
-    policy::Policy,
+    policy::{
+        HashAlgoSecurity,
+        Policy,
+    },
     seal,
     types::{
         AEADAlgorithm,
@@ -1134,7 +1137,7 @@ impl<'a, C: 'a> From<ValidComponentAmalgamation<'a, C>>
 }
 
 impl<'a, C> ValidComponentAmalgamation<'a, C>
-    where C: Ord
+    where C: Ord + Send + Sync
 {
     /// Returns the amalgamated primary component at time `time`
     ///
@@ -1245,6 +1248,44 @@ impl<'a, C> ValidComponentAmalgamation<'a, C>
             .and_then(|c| ComponentAmalgamation::new(cert, (c.0).0)
                       .with_policy_relaxed(policy, t, valid_cert))
     }
+
+    /// The component's self-signatures.
+    ///
+    /// This method only returns signatures that are valid under the current policy.
+    pub fn self_signatures(&self) -> impl Iterator<Item=&Signature> + Send + Sync  {
+        std::ops::Deref::deref(self).self_signatures().iter()
+          .filter(move |sig| self.cert.policy().signature(sig,
+            HashAlgoSecurity::SecondPreImageResistance).is_ok())
+    }
+
+    /// The component's third-party certifications.
+    ///
+    /// This method only returns signatures that are valid under the current policy.
+    pub fn certifications(&self) -> impl Iterator<Item=&Signature> + Send + Sync  {
+        std::ops::Deref::deref(self).certifications().iter()
+          .filter(move |sig| self.cert.policy().signature(sig,
+            HashAlgoSecurity::CollisionResistance).is_ok())
+    }
+
+    /// The component's revocations that were issued by the
+    /// certificate holder.
+    ///
+    /// This method only returns signatures that are valid under the current policy.
+    pub fn self_revocations(&self) -> impl Iterator<Item=&Signature> + Send + Sync  {
+        std::ops::Deref::deref(self).self_revocations().iter()
+          .filter(move |sig|self.cert.policy().signature(sig,
+            HashAlgoSecurity::SecondPreImageResistance).is_ok())
+    }
+
+    /// The component's revocations that were issued by other
+    /// certificates.
+    ///
+    /// This method only returns signatures that are valid under the current policy.
+    pub fn other_revocations(&self) -> impl Iterator<Item=&Signature> + Send + Sync {
+        std::ops::Deref::deref(self).other_revocations().iter()
+          .filter(move |sig| self.cert.policy().signature(sig,
+            HashAlgoSecurity::CollisionResistance).is_ok())
+    }
 }
 
 impl<'a, C> seal::Sealed for ValidComponentAmalgamation<'a, C> {}
-- 
cgit v1.2.3