Add Sq::get_certification_key.

- Add `Sq::get_certification_key`, which is a wrapper around `Sq::get_certification_keys`, for the case where only one certificate is looked up. - Update users.
2024-05-26 14:55:31 +02:00 · 2024-05-26 14:55:31 +02:00 · 538e3ef81e
commit 538e3ef81e
parent dd2751c1c3
5 changed files with 27 additions and 38 deletions
--- a/src/commands/network.rs
+++ b/src/commands/network.rs
@ -241,12 +241,7 @@ pub fn certify_downloads<'store, 'rstore>(sq: &mut Sq<'store, 'rstore>,
    let ca = || -> Result<_> {
        let ca = ca.to_cert()?;

-        let keys = sq.get_certification_keys(&[ca], None)?;
-        assert!(
-            keys.len() == 1,
-            "Expect exactly one result from get_certification_keys()"
-        );
-        Ok(keys.into_iter().next().unwrap().0)
+        Ok(sq.get_certification_key(ca, None)?.0)
    };
    let mut ca_signer = match ca() {
        Ok(signer) => signer,
--- a/src/commands/pki/certify.rs
+++ b/src/commands/pki/certify.rs
@ -119,12 +119,7 @@ pub fn certify(sq: Sq, c: certify::Command)
        options.push(GetKeysOptions::AllowRevoked);
    }

-    let keys = sq.get_certification_keys(&[certifier], Some(&options))?;
-    assert_eq!(
-        keys.len(), 1,
-        "Expect exactly one result from get_certification_keys()"
-    );
-    let mut signer = keys.into_iter().next().unwrap().0;
+    let mut signer = sq.get_certification_key(certifier, Some(&options))?.0;

    // Create the certifications.
    let mut new_packets: Vec<Packet> = Vec::new();
--- a/src/commands/pki/link.rs
+++ b/src/commands/pki/link.rs
@ -478,13 +478,8 @@ pub fn add(sq: Sq, c: link::AddCommand)
    };

    // Sign it.
-    let keys = sq.get_certification_keys(&[trust_root], None)
-        .context("Looking up local trust root")?;
-    assert!(
-        keys.len() == 1,
-        "Expect exactly one result from get_certification_keys()"
-    );
-    let mut signer = keys.into_iter().next().unwrap().0;
+    let mut signer = sq.get_certification_key(trust_root, None)
+        .context("Looking up local trust root")?.0;

    let certifications = active_certification(
            &sq, &vc.fingerprint(), userids,
@ -645,13 +640,8 @@ pub fn retract(sq: Sq, c: link::RetractCommand)
    };

    // Sign it.
-    let keys = sq.get_certification_keys(&[trust_root], None)
-        .context("Looking up local trust root")?;
-    assert!(
-        keys.len() == 1,
-        "Expect exactly one result from get_certification_keys()"
-    );
-    let mut signer = keys.into_iter().next().unwrap().0;
+    let mut signer = sq.get_certification_key(trust_root, None)
+        .context("Looking up local trust root")?.0;

    let certifications = active_certification(
            &sq, &cert.fingerprint(), userids, signer.public())
--- a/src/common/revoke.rs
+++ b/src/common/revoke.rs
@ -38,12 +38,8 @@ pub fn get_secret_signer<'a>(
    secret: Option<&'a Cert>,
 ) -> Result<(Cert, Box<dyn Signer + Send + Sync>)> {
    if let Some(secret) = secret {
-        if let Ok(keys) = sq.get_certification_keys(&[secret.clone()], None) {
-            assert!(
-                keys.len() == 1,
-                "Expect exactly one result from get_certification_keys()"
-            );
-            Ok((secret.clone(), keys.into_iter().next().expect("have one").0))
+        if let Ok((key, _password)) = sq.get_certification_key(secret, None) {
+            Ok((secret.clone(), key))
        } else {
            if ! sq.time_is_now {
                return Err(anyhow!(
@ -63,12 +59,8 @@ does not contain a certification key with secret key material"
            }
        }
    } else {
-        if let Ok(keys) = sq.get_certification_keys(&[cert], None) {
-            assert!(
-                keys.len() == 1,
-                "Expect exactly one result from get_certification_keys()"
-            );
-            Ok((cert.clone(), keys.into_iter().next().expect("have one").0))
+        if let Ok((key, _password)) = sq.get_certification_key(cert, None) {
+            Ok((cert.clone(), key))
        } else {
            if ! sq.time_is_now {
                return Err(anyhow!(
--- a/src/sq.rs
+++ b/src/sq.rs
@ -1204,6 +1204,23 @@ impl<'store: 'rstore, 'rstore> Sq<'store, 'rstore> {
                      options)
    }

+    /// Returns suitable certification keys from a given list of Certs.
+    ///
+    /// This returns one key for each Cert.  If a Cert doesn't have an
+    /// appropriate key, then this returns an error.
+    pub fn get_certification_key<C>(&self, cert: C,
+                                    options: Option<&[GetKeysOptions]>)
+        -> Result<(Box<dyn crypto::Signer + Send + Sync>, Option<Password>)>
+    where C: std::borrow::Borrow<Cert>
+    {
+        let keys = self.get_certification_keys(&[cert], options)?;
+        assert!(
+            keys.len() == 1,
+            "Expected exactly one result from get_certification_keys()"
+        );
+        Ok(keys.into_iter().next().unwrap())
+    }
+
    /// Prints additional information in verbose mode.
    pub fn info(&self, msg: fmt::Arguments) {
        if self.verbose {