with_policy does not affect subcomponents
Writing a policy that filters signatures does not affect accessor functions such as certifications()
.
Consider the following test that currently fails:
#[test]
fn test_sigs() -> Result<()> {
use std::io::{Cursor, Read};
use openpgp::Result;
use openpgp::packet::{Packet, Signature, key::PublicParts};
use openpgp::cert::prelude::*;
use openpgp::parse::Parse;
use openpgp::armor::{Reader, ReaderMode};
use openpgp::policy::{Policy, StandardPolicy};
use openpgp::types::{
SymmetricAlgorithm,
AEADAlgorithm,
SignatureType
};
#[derive(Debug)]
struct RejectPersonaCertificationsPolicy<'a>(StandardPolicy<'a>);
impl Policy for RejectPersonaCertificationsPolicy<'_> {
fn key(&self, ka: &ValidErasedKeyAmalgamation<PublicParts>)
-> Result<()>
{
self.0.key(ka)
}
fn signature(&self, sig: &Signature) -> Result<()> {
eprintln!("sig.typ() = {}", sig.typ());
if sig.typ() == SignatureType::PersonaCertification {
// this line is never called and panic is never triggered
panic!("lets panic: {}", sig.typ());
//Err(anyhow::anyhow!("Persona certifications are ignored."))
} else {
self.0.signature(sig)
}
}
fn symmetric_algorithm(&self, algo: SymmetricAlgorithm) -> Result<()> {
self.0.symmetric_algorithm(algo)
}
fn aead_algorithm(&self, algo: AEADAlgorithm) -> Result<()> {
self.0.aead_algorithm(algo)
}
fn packet(&self, packet: &Packet) -> Result<()> {
self.0.packet(packet)
}
}
impl RejectPersonaCertificationsPolicy<'_> {
fn new() -> Self {
Self(StandardPolicy::new())
}
}
// this key has one persona certification
let data = r#"
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEX7JGrxYJKwYBBAHaRw8BAQdASKGcnowaZBDc2Z3rZZlWb6jEjne9sK76afbJ
trd5Uw+0BlRlc3QgMoiQBBMWCAA4FiEEyZ6oBYFia3z+ooCBqR9BqiGp8AQFAl+y
Rq8CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQqR9BqiGp8ASfxwEAvEb0
bFr7ZgFZSDOITNptm+FEynib8mmLACsvHAmCjvIA+gOaSNyxMW6N59q7/j0sDjp1
aYNgpNFLbYBZpkXXVL0GiHUEERYIAB0WIQTE4QfdkkisIbWVOcHmlsuS3dbWEwUC
X7JG4gAKCRDmlsuS3dbWExEwAQCpqfiVMhjDwVFMsMpwd5r0N/8rAx8/nmgpCsK3
M9TUrAD7BhTYVPRbkJqTZYd9DlLtBcbF3yNPTHlB+F2sFjI+cgo=
=ZfYu
-----END PGP PUBLIC KEY BLOCK-----
"#;
let mut cursor = Cursor::new(&data);
let mut reader = Reader::new(&mut cursor, ReaderMode::VeryTolerant);
let mut buf = Vec::new();
reader.read_to_end(&mut buf)?;
let cert = Cert::from_bytes(&buf)?;
let ref p = RejectPersonaCertificationsPolicy::new();
let u = cert.with_policy(p, None)?.userids().nth(0).unwrap();
// I expect persona certifications to be filtered out but they are not
assert_eq!(u.with_policy(p, None).unwrap().certifications().len(), 0);
// len() is 1 while it should be 0 as there is only one third-party sig
// and it has class 0x11 (persona)
Ok(())
}