Trait sequoia_openpgp::cert::amalgamation::ValidAmalgamation
source · pub trait ValidAmalgamation<'a, C: 'a>: Sealed {
// Required methods
fn cert(&self) -> &ValidCert<'a>;
fn time(&self) -> SystemTime;
fn policy(&self) -> &'a dyn Policy;
fn binding_signature(&self) -> &'a Signature;
fn revocation_status(&self) -> RevocationStatus<'a>;
fn revocation_keys(
&self
) -> Box<dyn Iterator<Item = &'a RevocationKey> + 'a>;
// Provided methods
fn map<F: Fn(&'a Signature) -> Option<T>, T>(&self, f: F) -> Option<T> { ... }
fn direct_key_signature(&self) -> Result<&'a Signature> { ... }
}Expand description
Methods for valid amalgamations.
The methods exposed by a ValidComponentAmalgamation are similar
to those exposed by a ComponentAmalgamation, but the policy and
reference time are included in the ValidComponentAmalgamation.
This helps prevent using different policies or different reference
times when using a component, which can easily happen when the
checks span multiple functions.
§Sealed trait
This trait is sealed and cannot be implemented for types outside this crate.
Therefore it can be extended in a non-breaking way.
If you want to implement the trait inside the crate
you also need to implement the seal::Sealed marker trait.
Required Methods§
sourcefn cert(&self) -> &ValidCert<'a>
fn cert(&self) -> &ValidCert<'a>
Returns the valid amalgamation’s associated certificate.
§Examples
fn f(ua: &ValidUserIDAmalgamation) {
let cert = ua.cert();
// ...
}sourcefn time(&self) -> SystemTime
fn time(&self) -> SystemTime
Returns the amalgamation’s reference time.
§Examples
fn f(ua: &ValidUserIDAmalgamation) {
let t = ua.time();
// ...
}sourcefn policy(&self) -> &'a dyn Policy
fn policy(&self) -> &'a dyn Policy
Returns the amalgamation’s policy.
§Examples
fn f(ua: &ValidUserIDAmalgamation) {
let policy = ua.policy();
// ...
}sourcefn binding_signature(&self) -> &'a Signature
fn binding_signature(&self) -> &'a Signature
Returns the component’s binding signature as of the reference time.
§Examples
fn f(ua: &ValidUserIDAmalgamation) {
let sig = ua.binding_signature();
// ...
}sourcefn revocation_status(&self) -> RevocationStatus<'a>
fn revocation_status(&self) -> RevocationStatus<'a>
Returns the component’s revocation status as of the amalgamation’s reference time.
This does not check whether the certificate has been
revoked. For that, use Cert::revocation_status().
Note, as per RFC 4880, a key is considered to be revoked at some time if there were no soft revocations created as of that time, and no hard revocations:
If a key has been revoked because of a compromise, all signatures created by that key are suspect. However, if it was merely superseded or retired, old signatures are still valid.
§Examples
use openpgp::cert::prelude::*;
use openpgp::types::RevocationStatus;
match ua.revocation_status() {
RevocationStatus::Revoked(revs) => {
// The certificate holder revoked the User ID.
}
RevocationStatus::CouldBe(revs) => {
// There are third-party revocations. You still need
// to check that they are valid (this is necessary,
// because without the Certificates are not normally
// available to Sequoia).
}
RevocationStatus::NotAsFarAsWeKnow => {
// We have no evidence that the User ID is revoked.
}
}sourcefn revocation_keys(&self) -> Box<dyn Iterator<Item = &'a RevocationKey> + 'a>
fn revocation_keys(&self) -> Box<dyn Iterator<Item = &'a RevocationKey> + 'a>
Returns a list of any designated revokers for this component.
This function returns the designated revokers listed on the components’s binding signatures and the certificate’s direct key signatures.
Note: the returned list is deduplicated.
§Examples
use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::RevocationKey;
let p = &StandardPolicy::new();
let (alice, _) =
CertBuilder::general_purpose(None, Some("alice@example.org"))
.generate()?;
// Make Alice a designated revoker for Bob.
let (bob, _) =
CertBuilder::general_purpose(None, Some("bob@example.org"))
.set_revocation_keys(vec![(&alice).into()])
.generate()?;
// Make sure Alice is listed as a designated revoker for Bob's
// primary user id.
assert_eq!(bob.with_policy(p, None)?.primary_userid()?
.revocation_keys().collect::<Vec<&RevocationKey>>(),
vec![&(&alice).into()]);
// Make sure Alice is listed as a designated revoker for Bob's
// encryption subkey.
assert_eq!(bob.with_policy(p, None)?
.keys().for_transport_encryption().next().unwrap()
.revocation_keys().collect::<Vec<&RevocationKey>>(),
vec![&(&alice).into()]);Provided Methods§
sourcefn map<F: Fn(&'a Signature) -> Option<T>, T>(&self, f: F) -> Option<T>
fn map<F: Fn(&'a Signature) -> Option<T>, T>(&self, f: F) -> Option<T>
Maps the given function over binding and direct key signature.
Makes f consider both the binding signature and the direct
key signature. Information in the binding signature takes
precedence over the direct key signature. See also Section
5.2.3.3 of RFC 4880.
sourcefn direct_key_signature(&self) -> Result<&'a Signature>
fn direct_key_signature(&self) -> Result<&'a Signature>
Returns the certificate’s direct key signature as of the reference time, if any.
Subpackets on direct key signatures apply to all components of the certificate, cf. Section 5.2.3.3 of RFC 4880.
§Examples
fn f(ua: &ValidUserIDAmalgamation) {
let sig = ua.direct_key_signature();
// ...
}