canonicalizing TPKs doesn't reorder TPSes
Consider:
#[test]
fn keysigning_party() {
use crate::tpk::packet::signature;
let (alice, _) = TPKBuilder::new()
.add_userid("alice@foo.com")
.add_signing_subkey()
.generate().unwrap();
let (bob, _) = TPKBuilder::new()
.add_userid("bob@bar.com")
.add_signing_subkey()
.generate().unwrap();
let sig_template
= signature::Builder::new(SignatureType::GenericCertificate)
.set_trust_signature(255, 120)
.unwrap();
// Have alice sign bob's key.
let alice_certifies_bob
= bob.userids().nth(0).unwrap().userid().bind(
&mut alice.primary().clone().mark_parts_secret()
.into_keypair().unwrap(),
&alice,
sig_template,
None, None).unwrap();
let bob2
= bob.merge_packets(vec![ alice_certifies_bob.clone().into() ])
.unwrap();
eprintln!("{:#?}", bob2);
// This is what we want:
//
// assert_eq!(bob2.userids().nth(0).unwrap().certifications(),
// &[ alice_certifies_bob.clone() ]);
// But this is what we get:
assert_eq!(bob2.subkeys().nth(0).unwrap().certifications(),
&[ alice_certifies_bob.clone() ]);
}
TPK::merge_packets
adds the packets to the end of the TPK as a packet pile and then recanonicalizes the packet pile. This causes the TPS to be added to the subkey's set of certifications!