Drop Store, use callback functions

Signed-off-by: Wiktor Kwapisiewicz <[email protected]>

README.md

@@ -128,17 +128,18 @@ assert "PGP MESSAGE" in str(signed)
 Verifies signed data and returns verified data:
 
 ```python
-from pysequoia import Store, verify
+from pysequoia import verify
 
 # sign some data
 signing_key = Cert.from_file("signing-key.asc")
 signed = sign(s.secrets.signer(), "data to be signed".encode("utf8"))
 
-# verify the data
-store = Store("/tmp/store")
-store.put(signing_key)
+def get_certs(key_ids):
+  print(f"For verification, we need these keys: {key_ids}")
+  return [signing_key]
 
-result = verify(signed, store)
+# verify the data
+result = verify(signed, get_certs)
 assert result.bytes.decode("utf8") == "data to be signed"
 ```
 
@@ -230,7 +231,6 @@ Merges packets from a new version into an old version of a certificate:
 old = Cert.from_file("wiktor.asc")
 new = Cert.from_file("wiktor-fresh.asc")
 merged = old.merge(new)
-print(f"Merged, updated cert: {merged}")
 ```
 
 ### User IDs
@@ -386,37 +386,6 @@ private_parts = Cert.from_bytes(f"{c.secrets}".encode("utf8"))
 assert private_parts.has_secret_keys
 ```
 
-## Certificate management
-
-### CertD integration
-
-This library exposes [OpenPGP Certificate Directory][CERT-D]
-integration, which allows storing and retrieving OpenPGP certificates
-in a persistent way directly in the file system.
-
-Note that this will *not* allow you to read GnuPG-specific key
-directories. Cert-D [does not allow certificate removal][NO-REMOV].
-
-[CERT-D]: https://sequoia-pgp.gitlab.io/pgp-cert-d/
-[NO-REMOV]: https://gitlab.com/sequoia-pgp/pgp-cert-d/-/issues/33
-
-```python
-from pysequoia import Store
-
-cert = Cert.from_file("wiktor.asc")
-s = Store("/tmp/store")
-s.put(cert)
-assert s.get(cert.fingerprint) != None
-```
-
-The certificate is now stored in the given directory and can be
-retrieved later by its fingerprint:
-
-```python
-s = Store("/tmp/store")
-assert s.get("653909a2f0e37c106f5faf546c8857e0d8e8f074") != None
-```
-
 ## OpenPGP Cards
 
 There's an experimental feature allowing communication with OpenPGP

src/lib.rs

@@ -11,7 +11,6 @@ mod notation;
 mod sign;
 mod signature;
 mod signer;
-mod store;
 mod user_id;
 mod verify;
 
@@ -51,7 +50,6 @@ impl Decrypted {
 #[pymodule]
 fn pysequoia(_py: Python, m: &PyModule) -> PyResult<()> {
     m.add_class::<cert::Cert>()?;
-    m.add_class::<store::Store>()?;
     m.add_class::<card::Card>()?;
     m.add_class::<notation::Notation>()?;
     m.add_function(wrap_pyfunction!(sign::sign, m)?)?;

src/verify.rs

@@ -3,11 +3,10 @@ use openpgp::{parse::stream::*, policy::StandardPolicy};
 use pyo3::prelude::*;
 use sequoia_openpgp as openpgp;
 
-use crate::store::Store;
 use crate::Decrypted;
 
 #[pyfunction]
-pub fn verify(bytes: &[u8], store: &Store) -> PyResult<Decrypted> {
+pub fn verify(bytes: &[u8], store: Py<PyAny>) -> PyResult<Decrypted> {
     let helper = PyVerifier { store };
 
     let policy = &StandardPolicy::new();
@@ -20,17 +19,19 @@ pub fn verify(bytes: &[u8], store: &Store) -> PyResult<Decrypted> {
     Ok(Decrypted { content: sink })
 }
 
-struct PyVerifier<'a> {
-    store: &'a Store,
+struct PyVerifier {
+    store: Py<PyAny>,
 }
 
-impl VerificationHelper for PyVerifier<'_> {
+impl VerificationHelper for PyVerifier {
     fn get_certs(&mut self, ids: &[openpgp::KeyHandle]) -> openpgp::Result<Vec<openpgp::Cert>> {
         let mut certs = vec![];
-        for id in ids {
-            if let Some(cert) = self.store.get(id.to_string())? {
-                certs.push(cert.cert().clone());
-            }
+        let result: Vec<crate::cert::Cert> = Python::with_gil(|py| {
+            let str_ids = ids.iter().map(|x| x.to_hex()).collect::<Vec<_>>();
+            self.store.call1(py, (str_ids,))?.extract(py)
+        })?;
+        for cert in result.into_iter() {
+            certs.push(cert.cert().clone());
         }
         Ok(certs)
     }