Trait sequoia_openpgp::cert::amalgamation::ValidAmalgamation
source · [−]pub trait ValidAmalgamation<'a, C: 'a>: Sealed {
fn cert(&self) -> &ValidCert<'a>;
fn time(&self) -> SystemTime;
fn policy(&self) -> &'a dyn Policy;
fn binding_signature(&self) -> &'a Signature;
fn revocation_status(&self) -> RevocationStatus<'a>;
fn revocation_keys(
&self
) -> Box<dyn Iterator<Item = &'a RevocationKey> + 'a>ⓘNotable traits for Box<R, Global>impl<R> Read for Box<R, Global> where
R: Read + ?Sized, impl<W> Write for Box<W, Global> where
W: Write + ?Sized, impl<I, A> Iterator for Box<I, A> where
I: Iterator + ?Sized,
A: Allocator, type Item = <I as Iterator>::Item;impl<F, A> Future for Box<F, A> where
F: Future + Unpin + ?Sized,
A: Allocator + 'static, type Output = <F as Future>::Output;
;
fn map<F: Fn(&'a Signature) -> Option<T>, T>(&self, f: F) -> Option<T> { ... }
fn direct_key_signature(&self) -> Result<&'a Signature> { ... }
}
Expand description
Methods for valid amalgamations.
The methods exposed by a ValidComponentAmalgamation
are similar
to those exposed by a ComponentAmalgamation
, but the policy and
reference time are included in the ValidComponentAmalgamation
.
This helps prevent using different policies or different reference
times when using a component, which can easily happen when the
checks span multiple functions.
Sealed trait
This trait is sealed and cannot be implemented for types outside this crate.
Therefore it can be extended in a non-breaking way.
If you want to implement the trait inside the crate
you also need to implement the seal::Sealed
marker trait.
Required Methods
Returns the valid amalgamation’s associated certificate.
Examples
fn f(ua: &ValidUserIDAmalgamation) {
let cert = ua.cert();
// ...
}
fn time(&self) -> SystemTime
fn time(&self) -> SystemTime
Returns the amalgamation’s reference time.
Examples
fn f(ua: &ValidUserIDAmalgamation) {
let t = ua.time();
// ...
}
Returns the amalgamation’s policy.
Examples
fn f(ua: &ValidUserIDAmalgamation) {
let policy = ua.policy();
// ...
}
fn binding_signature(&self) -> &'a Signature
fn binding_signature(&self) -> &'a Signature
Returns the component’s binding signature as of the reference time.
Examples
fn f(ua: &ValidUserIDAmalgamation) {
let sig = ua.binding_signature();
// ...
}
fn revocation_status(&self) -> RevocationStatus<'a>
fn revocation_status(&self) -> RevocationStatus<'a>
Returns the component’s revocation status as of the amalgamation’s reference time.
This does not check whether the certificate has been
revoked. For that, use Cert::revocation_status()
.
Note, as per RFC 4880, a key is considered to be revoked at some time if there were no soft revocations created as of that time, and no hard revocations:
If a key has been revoked because of a compromise, all signatures created by that key are suspect. However, if it was merely superseded or retired, old signatures are still valid.
Examples
use openpgp::cert::prelude::*;
use openpgp::types::RevocationStatus;
match ua.revocation_status() {
RevocationStatus::Revoked(revs) => {
// The certificate holder revoked the User ID.
}
RevocationStatus::CouldBe(revs) => {
// There are third-party revocations. You still need
// to check that they are valid (this is necessary,
// because without the Certificates are not normally
// available to Sequoia).
}
RevocationStatus::NotAsFarAsWeKnow => {
// We have no evidence that the User ID is revoked.
}
}
fn revocation_keys(&self) -> Box<dyn Iterator<Item = &'a RevocationKey> + 'a>ⓘNotable traits for Box<R, Global>impl<R> Read for Box<R, Global> where
R: Read + ?Sized, impl<W> Write for Box<W, Global> where
W: Write + ?Sized, impl<I, A> Iterator for Box<I, A> where
I: Iterator + ?Sized,
A: Allocator, type Item = <I as Iterator>::Item;impl<F, A> Future for Box<F, A> where
F: Future + Unpin + ?Sized,
A: Allocator + 'static, type Output = <F as Future>::Output;
fn revocation_keys(&self) -> Box<dyn Iterator<Item = &'a RevocationKey> + 'a>ⓘNotable traits for Box<R, Global>impl<R> Read for Box<R, Global> where
R: Read + ?Sized, impl<W> Write for Box<W, Global> where
W: Write + ?Sized, impl<I, A> Iterator for Box<I, A> where
I: Iterator + ?Sized,
A: Allocator, type Item = <I as Iterator>::Item;impl<F, A> Future for Box<F, A> where
F: Future + Unpin + ?Sized,
A: Allocator + 'static, type Output = <F as Future>::Output;
R: Read + ?Sized, impl<W> Write for Box<W, Global> where
W: Write + ?Sized, impl<I, A> Iterator for Box<I, A> where
I: Iterator + ?Sized,
A: Allocator, type Item = <I as Iterator>::Item;impl<F, A> Future for Box<F, A> where
F: Future + Unpin + ?Sized,
A: Allocator + 'static, type Output = <F as Future>::Output;
Returns a list of any designated revokers for this component.
This function returns the designated revokers listed on the components’s binding signatures and the certificate’s direct key signatures.
Note: the returned list is deduplicated.
Examples
use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::RevocationKey;
let p = &StandardPolicy::new();
let (alice, _) =
CertBuilder::general_purpose(None, Some("alice@example.org"))
.generate()?;
// Make Alice a designated revoker for Bob.
let (bob, _) =
CertBuilder::general_purpose(None, Some("bob@example.org"))
.set_revocation_keys(vec![(&alice).into()])
.generate()?;
// Make sure Alice is listed as a designated revoker for Bob's
// primary user id.
assert_eq!(bob.with_policy(p, None)?.primary_userid()?
.revocation_keys().collect::<Vec<&RevocationKey>>(),
vec![&(&alice).into()]);
// Make sure Alice is listed as a designated revoker for Bob's
// encryption subkey.
assert_eq!(bob.with_policy(p, None)?
.keys().for_transport_encryption().next().unwrap()
.revocation_keys().collect::<Vec<&RevocationKey>>(),
vec![&(&alice).into()]);
Provided Methods
Maps the given function over binding and direct key signature.
Makes f
consider both the binding signature and the direct
key signature. Information in the binding signature takes
precedence over the direct key signature. See also Section
5.2.3.3 of RFC 4880.
fn direct_key_signature(&self) -> Result<&'a Signature>
fn direct_key_signature(&self) -> Result<&'a Signature>
Returns the certificate’s direct key signature as of the reference time, if any.
Subpackets on direct key signatures apply to all components of the certificate, cf. Section 5.2.3.3 of RFC 4880.
Examples
fn f(ua: &ValidUserIDAmalgamation) {
let sig = ua.direct_key_signature();
// ...
}