Struct sequoia_openpgp::cert::amalgamation::ValidComponentAmalgamation

pub struct ValidComponentAmalgamation<'a, C> { /* private fields */ }

A ComponentAmalgamation plus a Policy and a reference time.

A ValidComponentAmalgamation combines a ComponentAmalgamation with a Policy and a reference time. This allows it to implement the ValidAmalgamation trait, which provides methods that require a Policy and a reference time. Although ComponentAmalgamation could implement these methods by requiring that the caller explicitly pass them in, embedding them in the ValidComponentAmalgamation helps ensure that multipart operations, even those that span multiple functions, use the same Policy and reference time.

A ValidComponentAmalgamation is typically obtained by transforming a ComponentAmalgamation using ValidateAmalgamation::with_policy. A ComponentAmalgamationIter can also be changed to yield ValidComponentAmalgamations.

A ValidComponentAmalgamation is guaranteed to come from a valid certificate, and have a valid and live binding signature at the specified reference time. Note: this only means that the binding signatures are live; it says nothing about whether the certificate is live. If you care about that, then you need to check it separately.

Examples

Print out information about all non-revoked User IDs.

use openpgp::cert::prelude::*;
use openpgp::packet::prelude::*;
use openpgp::policy::StandardPolicy;
use openpgp::types::RevocationStatus;

let p = &StandardPolicy::new();
for u in cert.userids() {
    // Create a `ValidComponentAmalgamation`.  This may fail if
    // there are no binding signatures that are accepted by the
    // policy and that are live right now.
    let u = u.with_policy(p, None)?;

    // Before using the User ID, we still need to check that it is
    // not revoked; `ComponentAmalgamation::with_policy` ensures
    // that there is a valid *binding signature*, not that the
    // `ComponentAmalgamation` is valid.
    //
    // Note: `ValidComponentAmalgamation::revocation_status` and
    // `Preferences::preferred_symmetric_algorithms` use the
    // embedded policy and timestamp.  Even though we used `None` for
    // the timestamp (i.e., now), they are guaranteed to use the same
    // timestamp, because `with_policy` eagerly transforms it into
    // the current time.
    //
    // Note: we only check whether the User ID is not revoked.  If
    // we were using a key, we'd also want to check that it is alive.
    // (Keys can expire, but User IDs cannot.)
    if let RevocationStatus::Revoked(_revs) = u.revocation_status() {
        // Revoked by the key owner.  (If we care about
        // designated revokers, then we need to check those
        // ourselves.)
    } else {
        // Print information about the User ID.
        eprintln!("{}: preferred symmetric algorithms: {:?}",
                  String::from_utf8_lossy(u.value()),
                  u.preferred_symmetric_algorithms());
    }
}

Implementations

impl<'a> ValidComponentAmalgamation<'a, UserID>

pub fn attested_certifications( &self, ) -> impl Iterator<Item = &Signature> + Send + Sync

Returns the userid’s attested third-party certifications.

This feature is experimental.

Allows the certificate owner to attest to third party certifications. See Section 5.2.3.30 of RFC 4880bis for details. This can be used to address certificate flooding concerns.

This method only returns signatures that are valid under the current policy and are attested by the certificate holder.

pub fn attestation_key_signatures( &'a self, ) -> impl Iterator<Item = &'a Signature> + Send + Sync

Returns set of active attestation key signatures.

This feature is experimental.

Returns the set of signatures with the newest valid signature creation time. Older signatures are not returned. The sum of all digests in these signatures are the set of attested third-party certifications.

This interface is useful for pruning old attestation key signatures when filtering a certificate.

Note: This is a low-level interface. Consider using ValidUserIDAmalgamation::attested_certifications to iterate over all attested certifications.

pub fn attest_certifications<C, S>( &self, primary_signer: &mut dyn Signer, certifications: C, ) -> Result<Vec<Signature>>

where C: IntoIterator<Item = S>, S: Borrow<Signature>,

Attests to third-party certifications.

This feature is experimental.

Allows the certificate owner to attest to third party certifications. See Section 5.2.3.30 of RFC 4880bis for details. This can be used to address certificate flooding concerns.

Examples

let (alice, _) = CertBuilder::new()
    .add_userid("alice@example.org")
    .generate()?;
let mut alice_signer =
    alice.primary_key().key().clone().parts_into_secret()?
    .into_keypair()?;

let (bob, _) = CertBuilder::new()
    .add_userid("bob@example.org")
    .generate()?;
let mut bob_signer =
    bob.primary_key().key().clone().parts_into_secret()?
    .into_keypair()?;
let bob_pristine = bob.clone();

// Have Alice certify the binding between "bob@example.org" and
// Bob's key.
let alice_certifies_bob
    = bob.userids().next().unwrap().userid().bind(
        &mut alice_signer, &bob,
        SignatureBuilder::new(SignatureType::GenericCertification))?;
let bob = bob.insert_packets(vec![alice_certifies_bob.clone()])?;

// Have Bob attest that certification.
let bobs_uid = bob.userids().next().unwrap();
let attestations =
    bobs_uid.attest_certifications(
        policy,
        &mut bob_signer,
        bobs_uid.certifications())?;
let bob = bob.insert_packets(attestations)?;

assert_eq!(bob.bad_signatures().count(), 0);
assert_eq!(bob.userids().next().unwrap().certifications().next(),
           Some(&alice_certifies_bob));

impl<'a> ValidComponentAmalgamation<'a, UserAttribute>

pub fn attested_certifications( &self, ) -> impl Iterator<Item = &Signature> + Send + Sync

Returns the user attributes’s attested third-party certifications.

This feature is experimental.

Allows the certificate owner to attest to third party certifications. See Section 5.2.3.30 of RFC 4880bis for details. This can be used to address certificate flooding concerns.

This method only returns signatures that are valid under the current policy and are attested by the certificate holder.

pub fn attestation_key_signatures( &'a self, ) -> impl Iterator<Item = &'a Signature> + Send + Sync

Returns set of active attestation key signatures.

This feature is experimental.

Returns the set of signatures with the newest valid signature creation time. Older signatures are not returned. The sum of all digests in these signatures are the set of attested third-party certifications.

This interface is useful for pruning old attestation key signatures when filtering a certificate.

Note: This is a low-level interface. Consider using ValidUserAttributeAmalgamation::attested_certifications to iterate over all attested certifications.

pub fn attest_certifications<C, S>( &self, primary_signer: &mut dyn Signer, certifications: C, ) -> Result<Vec<Signature>>

where C: IntoIterator<Item = S>, S: Borrow<Signature>,

Attests to third-party certifications.

This feature is experimental.

Allows the certificate owner to attest to third party certifications. See Section 5.2.3.30 of RFC 4880bis for details. This can be used to address certificate flooding concerns.

Examples

See ValidUserIDAmalgamation::attest_certifications#examples.

impl<'a, C> ValidComponentAmalgamation<'a, C>

where C: Ord + Send + Sync,

pub fn self_signatures(&self) -> impl Iterator<Item = &Signature> + Send + Sync

The component’s self-signatures.

This method only returns signatures that are valid under the current policy.

pub fn certifications(&self) -> impl Iterator<Item = &Signature> + Send + Sync

The component’s third-party certifications.

This method only returns signatures that are valid under the current policy.

pub fn self_revocations(&self) -> impl Iterator<Item = &Signature> + Send + Sync

The component’s revocations that were issued by the certificate holder.

This method only returns signatures that are valid under the current policy.

pub fn other_revocations( &self, ) -> impl Iterator<Item = &Signature> + Send + Sync

The component’s revocations that were issued by other certificates.

This method only returns signatures that are valid under the current policy.

pub fn signatures(&self) -> impl Iterator<Item = &Signature> + Send + Sync

Returns all of the component’s signatures.

This method only returns signatures that are valid under the current policy.

Methods from Deref<Target = ComponentAmalgamation<'a, C>>

pub fn parts_as_public( &'a self, ) -> &'a ComponentAmalgamation<'a, Key<PublicParts, R>>

Changes the key’s parts tag to PublicParts.

pub fn parts_as_secret( &'a self, ) -> Result<&'a ComponentAmalgamation<'a, Key<SecretParts, R>>>

Changes the key’s parts tag to SecretParts.

pub fn parts_as_unspecified( &'a self, ) -> &ComponentAmalgamation<'a, Key<UnspecifiedParts, R>>

Changes the key’s parts tag to UnspecifiedParts.

pub fn role_as_primary( &'a self, ) -> &'a ComponentAmalgamation<'a, Key<P, PrimaryRole>>

Changes the key’s role tag to PrimaryRole.

pub fn role_as_subordinate( &'a self, ) -> &'a ComponentAmalgamation<'a, Key<P, SubordinateRole>>

Changes the key’s role tag to SubordinateRole.

pub fn role_as_unspecified( &'a self, ) -> &'a ComponentAmalgamation<'a, Key<P, UnspecifiedRole>>

Changes the key’s role tag to UnspecifiedRole.

pub fn cert(&self) -> &'a Cert

Returns the component’s associated certificate.

for u in cert.userids() {
    // It's not only an identical `Cert`, it's the same one.
    assert!(std::ptr::eq(u.cert(), &cert));
}

pub fn bundle(&self) -> &'a ComponentBundle<C>

Returns this amalgamation’s bundle.

Note: although ComponentAmalgamation derefs to a &ComponentBundle, this method provides a more accurate lifetime, which is helpful when returning the reference from a function. See the module’s documentation for more details.

Examples

use openpgp::cert::prelude::*;
use openpgp::packet::prelude::*;

cert.userids()
    .map(|ua| {
        // The following doesn't work:
        //
        //   let b: &ComponentBundle<_> = &ua; b
        //
        // Because ua's lifetime is this closure and autoderef
        // assigns `b` the same lifetime as `ua`.  `bundle()`,
        // however, returns a reference whose lifetime is that
        // of `cert`.
        ua.bundle()
    })
    .collect::<Vec<&ComponentBundle<_>>>();

pub fn component(&self) -> &'a C

Returns this amalgamation’s component.

Note: although ComponentAmalgamation derefs to a &Component (via &ComponentBundle), this method provides a more accurate lifetime, which is helpful when returning the reference from a function. See the module’s documentation for more details.

pub fn self_signatures( &self, ) -> impl Iterator<Item = &'a Signature> + Send + Sync

The component’s self-signatures.

pub fn certifications( &self, ) -> impl Iterator<Item = &'a Signature> + Send + Sync

The component’s third-party certifications.

pub fn certifications_by_key<'b>( &'b self, issuers: &'b [KeyHandle], ) -> impl Iterator<Item = &'a Signature> + Send + Sync + 'b

Returns third-party certifications that appear to issued by any of the specified keys.

A certification is returned if one of the provided key handles matches an Issuer subpacket or Issuer Fingerprint subpacket in the certification.

This function does not check that a certification is valid. It can’t. To check that a certification was actually issued by a specific key, we also need a policy and the public key, which we don’t have. To only get valid certifications, use UserIDAmalgamation::valid_certifications_by_key or UserIDAmalgamation::active_certifications_by_key instead of this function.

pub fn self_revocations( &self, ) -> impl Iterator<Item = &'a Signature> + Send + Sync

The component’s revocations that were issued by the certificate holder.

pub fn other_revocations( &self, ) -> impl Iterator<Item = &'a Signature> + Send + Sync

The component’s revocations that were issued by other certificates.

pub fn signatures(&self) -> impl Iterator<Item = &'a Signature> + Send + Sync

Returns all of the component’s signatures.

pub fn userid(&self) -> &'a UserID

Returns a reference to the User ID.

Note: although ComponentAmalgamation<UserID> derefs to a &UserID (via &ComponentBundle), this method provides a more accurate lifetime, which is helpful when returning the reference from a function. See the module’s documentation for more details.

pub fn valid_certifications_by_key<T, PK>( &self, policy: &'a dyn Policy, reference_time: T, issuer: PK, ) -> impl Iterator<Item = &Signature> + Send + Sync

where T: Into<Option<SystemTime>>, PK: Into<&'a Key<PublicParts, UnspecifiedRole>>,

Returns the third-party certifications issued by the specified key, and valid at the specified time.

This function returns the certifications issued by the specified key. Specifically, it returns a certification if:

• it is well formed,
• it is live with respect to the reference time,
• it conforms to the policy, and
• the signature is cryptographically valid.

This method is implemented on a UserIDAmalgamation and not a ValidUserIDAmalgamation, because a third-party certification does not require the user ID to be self signed.

Examples

Alice has certified that a certificate belongs to Bob on two occasions. Whereas UserIDAmalgamation::valid_certifications_by_key returns both certifications, UserIDAmalgamation::active_certifications_by_key only returns the most recent certification.

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;

const P: &StandardPolicy = &StandardPolicy::new();

let alice: Cert = // ...
let bob: Cert = // ...

let ua = bob.userids().next().expect("have user id");

let valid_certifications = ua.valid_certifications_by_key(
    P, None, alice.primary_key().key());
// Alice certified Bob's certificate twice.
assert_eq!(valid_certifications.count(), 2);

let active_certifications = ua.active_certifications_by_key(
    P, None, alice.primary_key().key());
// But only the most recent one is active.
assert_eq!(active_certifications.count(), 1);

pub fn active_certifications_by_key<T, PK>( &self, policy: &'a dyn Policy, reference_time: T, issuer: PK, ) -> impl Iterator<Item = &Signature> + Send + Sync

where T: Into<Option<SystemTime>>, PK: Into<&'a Key<PublicParts, UnspecifiedRole>>,

Returns any active third-party certifications issued by the specified key.

This function is like UserIDAmalgamation::valid_certifications_by_key, but it only returns active certifications. Active certifications are the most recent valid certifications with respect to the reference time.

Although there is normally only a single active certification, there can be multiple certifications with the same timestamp. In this case, all of them are returned.

Unlike self-signatures, multiple third-party certifications issued by the same key at the same time can be sensible. For instance, Alice may fully trust a CA for user IDs in a particular domain, and partially trust it for everything else. This can only be expressed using multiple certifications.

This method is implemented on a UserIDAmalgamation and not a ValidUserIDAmalgamation, because a third-party certification does not require the user ID to be self signed.

Examples

See the examples for UserIDAmalgamation::valid_certifications_by_key.

pub fn valid_third_party_revocations_by_key<T, PK>( &self, policy: &'a dyn Policy, reference_time: T, issuer: PK, ) -> impl Iterator<Item = &Signature> + Send + Sync

where T: Into<Option<SystemTime>>, PK: Into<&'a Key<PublicParts, UnspecifiedRole>>,

Returns the third-party revocations issued by the specified key, and valid at the specified time.

This function returns the revocations issued by the specified key. Specifically, it returns a revocation if:

• it is well formed,
• it is live with respect to the reference time,
• it conforms to the policy, and
• the signature is cryptographically valid.

This method is implemented on a UserIDAmalgamation and not a ValidUserIDAmalgamation, because a third-party revocation does not require the user ID to be self signed.

Examples

Alice revokes a user ID on Bob’s certificate.

use sequoia_openpgp as openpgp;
use openpgp::cert::prelude::*;
use openpgp::policy::StandardPolicy;

const P: &StandardPolicy = &StandardPolicy::new();

let alice: Cert = // ...
let bob: Cert = // ...

let ua = bob.userids().next().expect("have user id");

let revs = ua.valid_third_party_revocations_by_key(
    P, None, alice.primary_key().key());
// Alice revoked the User ID.
assert_eq!(revs.count(), 1);

pub fn attest_certifications2<T, C, S>( &self, policy: &dyn Policy, time: T, primary_signer: &mut dyn Signer, certifications: C, ) -> Result<Vec<Signature>>

where T: Into<Option<SystemTime>>, C: IntoIterator<Item = S>, S: Borrow<Signature>,

Attests to third-party certifications.

This feature is experimental.

Allows the certificate owner to attest to third party certifications. See draft-dkg-openpgp-1pa3pc for details. This can be used to address certificate flooding concerns.

A policy is needed, because the expiration is updated by updating the current binding signatures.

Examples

let (alice, _) = CertBuilder::new()
    .add_userid("alice@example.org")
    .generate()?;
let mut alice_signer =
    alice.primary_key().key().clone().parts_into_secret()?
    .into_keypair()?;

let (bob, _) = CertBuilder::new()
    .add_userid("bob@example.org")
    .generate()?;
let mut bob_signer =
    bob.primary_key().key().clone().parts_into_secret()?
    .into_keypair()?;
let bob_pristine = bob.clone();

// Have Alice certify the binding between "bob@example.org" and
// Bob's key.
let alice_certifies_bob
    = bob.userids().next().unwrap().userid().bind(
        &mut alice_signer, &bob,
        SignatureBuilder::new(SignatureType::GenericCertification))?;
let bob = bob.insert_packets(vec![alice_certifies_bob.clone()])?;

// Have Bob attest that certification.
let bobs_uid = bob.userids().next().unwrap();
let attestations =
    bobs_uid.attest_certifications2(
        policy,
        None,
        &mut bob_signer,
        bobs_uid.certifications())?;
let bob = bob.insert_packets(attestations)?;

assert_eq!(bob.bad_signatures().count(), 0);
assert_eq!(bob.userids().next().unwrap().certifications().next(),
           Some(&alice_certifies_bob));

pub fn attest_certifications<C, S>( &self, policy: &dyn Policy, primary_signer: &mut dyn Signer, certifications: C, ) -> Result<Vec<Signature>>

where C: IntoIterator<Item = S>, S: Borrow<Signature>,

👎Deprecated: Use attest_certifications2 instead.

Attests to third-party certifications.

This feature is experimental.

This function is deprecated in favor of UserIDAmalgamation::attest_certifications2, which includes a reference time parameter.

pub fn user_attribute(&self) -> &'a UserAttribute

Returns a reference to the User Attribute.

Note: although ComponentAmalgamation<UserAttribute> derefs to a &UserAttribute (via &ComponentBundle), this method provides a more accurate lifetime, which is helpful when returning the reference from a function. See the module’s documentation for more details.

pub fn attest_certifications2<T, C, S>( &self, policy: &dyn Policy, time: T, primary_signer: &mut dyn Signer, certifications: C, ) -> Result<Vec<Signature>>

where T: Into<Option<SystemTime>>, C: IntoIterator<Item = S>, S: Borrow<Signature>,

Attests to third-party certifications.

This feature is experimental.

Allows the certificate owner to attest to third party certifications. See Section 5.2.3.30 of RFC 4880bis for details. This can be used to address certificate flooding concerns.

A policy is needed, because the expiration is updated by updating the current binding signatures.

Examples

See UserIDAmalgamation::attest_certifications#examples.

pub fn attest_certifications<C, S>( &self, policy: &dyn Policy, primary_signer: &mut dyn Signer, certifications: C, ) -> Result<Vec<Signature>>

where C: IntoIterator<Item = S>, S: Borrow<Signature>,

👎Deprecated: Use attest_certifications2 instead.

Attests to third-party certifications.

This feature is experimental.

This function is deprecated in favor of UserAttributeAmalgamation::attest_certifications2, which includes a reference time parameter.

Methods from Deref<Target = ComponentBundle<C>>

pub fn parts_as_public(&self) -> &KeyBundle<PublicParts, R>

Changes the key’s parts tag to PublicParts.

pub fn parts_as_secret(&self) -> Result<&KeyBundle<SecretParts, R>>

Changes the key’s parts tag to SecretParts.

pub fn parts_as_unspecified(&self) -> &KeyBundle<UnspecifiedParts, R>

Changes the key’s parts tag to UnspecifiedParts.

pub fn role_as_primary(&self) -> &KeyBundle<P, PrimaryRole>

Changes the key’s role tag to PrimaryRole.

pub fn role_as_subordinate(&self) -> &KeyBundle<P, SubordinateRole>

Changes the key’s role tag to SubordinateRole.

pub fn role_as_unspecified(&self) -> &KeyBundle<P, UnspecifiedRole>

Changes the key’s role tag to UnspecifiedRole.

pub fn component(&self) -> &C

Returns a reference to the bundle’s component.

Examples

// Display some information about any unknown components.
for u in cert.unknowns() {
    eprintln!(" - {:?}", u.component());
}

pub fn binding_signature<T>( &self, policy: &dyn Policy, t: T, ) -> Result<&Signature>

where T: Into<Option<SystemTime>>,

Returns the active binding signature at time t.

The active binding signature is the most recent, non-revoked self-signature that is valid according to the policy and alive at time t (creation time <= t, t < expiry). If there are multiple such signatures then the signatures are ordered by their MPIs interpreted as byte strings.

Examples

use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

// Display information about each User ID's current active
// binding signature (the `time` parameter is `None`), if any.
for ua in cert.userids() {
    eprintln!("{:?}", ua.binding_signature(p, None));
}

pub fn self_signatures2(&self) -> impl Iterator<Item = &Signature> + Send + Sync

Returns the component’s self-signatures.

The signatures are validated, and they are sorted by their creation time, most recent first.

Examples

use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for (i, ka) in cert.keys().enumerate() {
    eprintln!("Key #{} ({}) has {:?} self signatures",
              i, ka.fingerprint(),
              ka.bundle().self_signatures2().count());
}

pub fn self_signatures(&self) -> &[Signature]

👎Deprecated: Use self_signatures2 instead.

Returns the component’s self-signatures.

pub fn certifications2(&self) -> impl Iterator<Item = &Signature> + Send + Sync

Returns the component’s third-party certifications.

The signatures are not validated. They are sorted by their creation time, most recent first.

Examples

use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for ua in cert.userids() {
    eprintln!("User ID {} has {:?} unverified, third-party certifications",
              String::from_utf8_lossy(ua.userid().value()),
              ua.bundle().certifications2().count());
}

pub fn certifications(&self) -> &[Signature]

👎Deprecated: Use certifications2 instead.

Returns the component’s third-party certifications.

pub fn self_revocations2( &self, ) -> impl Iterator<Item = &Signature> + Send + Sync

Returns the component’s revocations that were issued by the certificate holder.

The revocations are validated, and they are sorted by their creation time, most recent first.

Examples

use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for u in cert.userids() {
    eprintln!("User ID {} has {:?} revocation certificates.",
              String::from_utf8_lossy(u.userid().value()),
              u.bundle().self_revocations2().count());
}

pub fn self_revocations(&self) -> &[Signature]

👎Deprecated: Use self_revocations2 instead.

Returns the component’s revocations that were issued by the certificate holder.

pub fn other_revocations2( &self, ) -> impl Iterator<Item = &Signature> + Send + Sync

Returns the component’s revocations that were issued by other certificates.

The revocations are not validated. They are sorted by their creation time, most recent first.

Examples

use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for u in cert.userids() {
    eprintln!("User ID {} has {:?} unverified, third-party revocation certificates.",
              String::from_utf8_lossy(u.userid().value()),
              u.bundle().other_revocations2().count());
}

pub fn other_revocations(&self) -> &[Signature]

👎Deprecated: Use other_revocations2 instead.

Returns the component’s revocations that were issued by other certificates.

pub fn attestations(&self) -> impl Iterator<Item = &Signature> + Send + Sync

Returns all of the component’s Attestation Key Signatures.

This feature is experimental.

The signatures are validated, and they are sorted by their creation time, most recent first.

A certificate owner can use Attestation Key Signatures to attest to third party certifications. Currently, only userid and user attribute certifications can be attested. See Section 5.2.3.30 of RFC 4880bis for details.

Examples

use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for (i, uid) in cert.userids().enumerate() {
    eprintln!("UserID #{} ({:?}) has {:?} attestation key signatures",
              i, uid.email(),
              uid.attestations().count());
}

pub fn signatures(&self) -> impl Iterator<Item = &Signature> + Send + Sync

Returns all of the component’s signatures.

Only the self-signatures are validated. The signatures are sorted first by type, then by creation time. The self revocations come first, then the self signatures, then any key attestation signatures, certifications, and third-party revocations coming last. This function may return additional types of signatures that could be associated to this component.

Examples

use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

for (i, ka) in cert.keys().enumerate() {
    eprintln!("Key #{} ({}) has {:?} signatures",
              i, ka.fingerprint(),
              ka.signatures().count());
}

pub fn key(&self) -> &Key<P, R>

Returns a reference to the key.

This is just a type-specific alias for ComponentBundle::component.

Examples

// Display some information about the keys.
for ka in cert.keys() {
    eprintln!(" - {:?}", ka.key());
}

pub fn revocation_status<T>( &self, policy: &dyn Policy, t: T, ) -> RevocationStatus<'_>

where T: Into<Option<SystemTime>>,

Returns the subkey’s revocation status at time t.

A subkey is revoked at time t if:

• There is a live revocation at time t that is newer than all live self signatures at time t, or

• There is a hard revocation (even if it is not live at time t, and even if there is a newer self-signature).

Note: Certs and subkeys have different criteria from User IDs and User Attributes.

Note: this only returns whether this subkey is revoked; it does not imply anything about the Cert or other components.

Examples

use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

// Display the subkeys' revocation status.
for ka in cert.keys().subkeys() {
    eprintln!(" Revocation status of {}: {:?}",
              ka.fingerprint(), ka.revocation_status(p, None));
}

pub fn userid(&self) -> &UserID

Returns a reference to the User ID.

This is just a type-specific alias for ComponentBundle::component.

Examples

// Display some information about the User IDs.
for ua in cert.userids() {
    eprintln!(" - {:?}", ua.userid());
}

pub fn revocation_status<T>( &self, policy: &dyn Policy, t: T, ) -> RevocationStatus<'_>

where T: Into<Option<SystemTime>>,

Returns the User ID’s revocation status at time t.

A User ID is revoked at time t if:

• There is a live revocation at time t that is newer than all live self signatures at time t.

Note: Certs and subkeys have different criteria from User IDs and User Attributes.

Note: this only returns whether this User ID is revoked; it does not imply anything about the Cert or other components.

Examples

use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

// Display the User IDs' revocation status.
for ua in cert.userids() {
    eprintln!(" Revocation status of {}: {:?}",
              String::from_utf8_lossy(ua.userid().value()),
              ua.revocation_status(p, None));
}

pub fn user_attribute(&self) -> &UserAttribute

Returns a reference to the User Attribute.

This is just a type-specific alias for ComponentBundle::component.

Examples

// Display some information about the User Attributes
for ua in cert.user_attributes() {
    eprintln!(" - {:?}", ua.user_attribute());
}

pub fn revocation_status<T>( &self, policy: &dyn Policy, t: T, ) -> RevocationStatus<'_>

where T: Into<Option<SystemTime>>,

Returns the User Attribute’s revocation status at time t.

A User Attribute is revoked at time t if:

• There is a live revocation at time t that is newer than all live self signatures at time t.

Note: Certs and subkeys have different criteria from User IDs and User Attributes.

Note: this only returns whether this User Attribute is revoked; it does not imply anything about the Cert or other components.

Examples

use openpgp::policy::StandardPolicy;
let p = &StandardPolicy::new();

// Display the User Attributes' revocation status.
for (i, ua) in cert.user_attributes().enumerate() {
    eprintln!(" Revocation status of User Attribute #{}: {:?}",
              i, ua.revocation_status(p, None));
}

pub fn unknown(&self) -> &Unknown

Returns a reference to the unknown component.

This is just a type-specific alias for ComponentBundle::component.

Examples

// Display some information about the User Attributes
for u in cert.unknowns() {
    eprintln!(" - {:?}", u.unknown());
}

Trait Implementations

impl<'a, C> Clone for ValidComponentAmalgamation<'a, C>

fn clone(&self) -> Self

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl<'a, C: Debug> Debug for ValidComponentAmalgamation<'a, C>

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'a, C: 'a> From<ValidComponentAmalgamation<'a, C>> for ComponentAmalgamation<'a, C>

fn from(vca: ValidComponentAmalgamation<'a, C>) -> Self

Converts to this type from the input type.

impl<'a, C> Preferences<'a> for ValidComponentAmalgamation<'a, C>

fn preferred_symmetric_algorithms(&self) -> Option<&'a [SymmetricAlgorithm]>

Returns the supported symmetric algorithms ordered by preference.

fn preferred_hash_algorithms(&self) -> Option<&'a [HashAlgorithm]>

Returns the supported hash algorithms ordered by preference.

fn preferred_compression_algorithms(&self) -> Option<&'a [CompressionAlgorithm]>

Returns the supported compression algorithms ordered by preference.

fn preferred_aead_algorithms(&self) -> Option<&'a [AEADAlgorithm]>

👎Deprecated

Returns the supported AEAD algorithms ordered by preference.

fn key_server_preferences(&self) -> Option<KeyServerPreferences>

Returns the certificate holder’s keyserver preferences.

fn preferred_key_server(&self) -> Option<&'a [u8]>

Returns the certificate holder’s preferred keyserver for updates.

fn policy_uri(&self) -> Option<&'a [u8]>

Returns the URI of a document describing the policy the certificate was issued under.

fn features(&self) -> Option<Features>

Returns the certificate holder’s feature set.

impl<'a, C> ValidAmalgamation<'a, C> for ValidComponentAmalgamation<'a, C>

fn cert(&self) -> &ValidCert<'a>

Returns the valid amalgamation’s associated certificate.

fn time(&self) -> SystemTime

Returns the amalgamation’s reference time.

fn policy(&self) -> &'a dyn Policy

Returns the amalgamation’s policy.

fn binding_signature(&self) -> &'a Signature

Returns the component’s binding signature as of the reference time.

fn revocation_status(&self) -> RevocationStatus<'a>

Returns the component’s revocation status as of the amalgamation’s reference time.

fn revocation_keys(&self) -> Box<dyn Iterator<Item = &'a RevocationKey> + 'a>

Returns a list of any designated revokers for this component.

fn map<F: Fn(&'a Signature) -> Option<T>, T>(&self, f: F) -> Option<T>

Maps the given function over binding and direct key signature.

fn direct_key_signature(&self) -> Result<&'a Signature>

Returns the certificate’s direct key signature as of the reference time, if any.

impl<'a, C> ValidateAmalgamation<'a, C> for ValidComponentAmalgamation<'a, C>

type V = ValidComponentAmalgamation<'a, C>

The type returned by with_policy.

fn with_policy<T>(self, policy: &'a dyn Policy, time: T) -> Result<Self::V>

where T: Into<Option<SystemTime>>, Self: Sized,

Uses the specified Policy and reference time with the amalgamation.

impl<'a, C> Deref for ValidComponentAmalgamation<'a, C>

type Target = ComponentAmalgamation<'a, C>

The resulting type after dereferencing.

fn deref(&self) -> &Self::Target

Dereferences the value.