keyfork-shard: re-enable standard policy, alive check still disabled, add check for encryption keys when discovering certs

This commit is contained in:
Ryan Heywood 2024-08-11 18:57:43 -04:00
parent c25c11d1a0
commit c36fe0a1b1
Signed by: ryan
GPG Key ID: 8E401478A3FBEF72
1 changed files with 14 additions and 3 deletions

View File

@ -25,7 +25,7 @@ use openpgp::{
stream::{DecryptionHelper, DecryptorBuilder, VerificationHelper},
Parse,
},
policy::{NullPolicy, Policy},
policy::{NullPolicy, StandardPolicy, Policy},
serialize::{
stream::{ArbitraryWriter, Encryptor2, LiteralWriter, Message, Recipient, Signer},
Marshal,
@ -77,6 +77,10 @@ pub enum Error {
/// An IO error occurred.
#[error("IO error: {0}")]
Io(#[source] std::io::Error),
/// No valid keys were found for the given recipient.
#[error("No valid keys were found for the recipient {0}")]
NoValidKeys(KeyID),
}
#[allow(missing_docs)]
@ -239,6 +243,13 @@ impl<P: PromptHandler> OpenPGP<P> {
certs.insert(certfp, cert);
}
}
for cert in certs.values() {
let policy = StandardPolicy::new();
let valid_cert = cert.with_policy(&policy, None).map_err(Error::Sequoia)?;
if get_encryption_keys(&valid_cert).next().is_none() {
return Err(Error::NoValidKeys(valid_cert.keyid()))
}
}
Ok(certs.into_values().collect())
}
}
@ -276,7 +287,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
key_data: &[Self::PublicKey],
threshold: u8,
) -> Result<Self::EncryptedData, Self::Error> {
let policy = NullPolicy::new();
let policy = StandardPolicy::new();
let mut pp = vec![SHARD_METADATA_VERSION, threshold];
// Note: Sequoia does not export private keys on a Cert, only on a TSK
signing_key
@ -362,7 +373,7 @@ impl<P: PromptHandler> Format for OpenPGP<P> {
public_key: &Cert,
signing_key: &mut Self::SigningKey,
) -> Result<EncryptedMessage> {
let policy = NullPolicy::new();
let policy = StandardPolicy::new();
let valid_cert = public_key
.with_policy(&policy, None)
.map_err(Error::Sequoia)?;