age: Return Box<dyn Identity + Send + Sync> from read_identities

This exposes `Send + Sync` (which is always present for `Identity` types
that we parse, including `age::encrypted::Identity` after this commit) to
users that require it, without adding bounds to `Identity` itself. Users
who do not require these bounds can map the output of `read_identities`
to drop them.

Author: str4d

age/src/cli_common.rs

@@ -25,14 +25,14 @@ pub fn read_identities<E, G, H>(
     file_not_found: G,
     identity_encrypted_without_passphrase: H,
     #[cfg(feature = "ssh")] unsupported_ssh: impl Fn(String, crate::ssh::UnsupportedKey) -> E,
-) -> Result<Vec<Box<dyn Identity>>, E>
+) -> Result<Vec<Box<dyn Identity + Send + Sync>>, E>
 where
     E: From<crate::DecryptError>,
     E: From<io::Error>,
     G: Fn(String) -> E,
     H: Fn(String) -> E,
 {
-    let mut identities: Vec<Box<dyn Identity>> = vec![];
+    let mut identities: Vec<Box<dyn Identity + Send + Sync>> = vec![];
 
     for filename in filenames {
         // Try parsing as an encrypted age identity.

age/src/encrypted.rs

@@ -1,6 +1,6 @@
 //! The "encrypted age identity file" identity type.
 
-use std::{cell::Cell, io};
+use std::{io, ops::DerefMut, sync::Mutex};
 
 use i18n_embed_fl::fl;
 
@@ -77,12 +77,12 @@ impl<R: io::Read> IdentityState<R> {
 
 /// An encrypted age identity file.
 pub struct Identity<R: io::Read, C: Callbacks> {
-    state: Cell<IdentityState<R>>,
+    state: Mutex<Option<IdentityState<R>>>,
     filename: Option<String>,
     callbacks: C,
 }
 
-impl<R: io::Read, C: Callbacks + Clone + 'static> Identity<R, C> {
+impl<R: io::Read, C: Callbacks + Clone + Send + Sync + 'static> Identity<R, C> {
     /// Parses an encrypted identity from an input containing valid UTF-8.
     ///
     /// `filename` is the path to the file that the input is reading from, if any.
@@ -98,10 +98,10 @@ impl<R: io::Read, C: Callbacks + Clone + 'static> Identity<R, C> {
         match Decryptor::new(data)? {
             Decryptor::Recipients(_) => Ok(None),
             Decryptor::Passphrase(decryptor) => Ok(Some(Identity {
-                state: Cell::new(IdentityState::Encrypted {
+                state: Mutex::new(Some(IdentityState::Encrypted {
                     decryptor,
                     max_work_factor,
-                }),
+                })),
                 filename,
                 callbacks,
             })),
@@ -113,9 +113,11 @@ impl<R: io::Read, C: Callbacks + Clone + 'static> Identity<R, C> {
     /// If this encrypted identity has not been decrypted yet, calling this method will
     /// trigger a passphrase request.
     pub fn recipients(&self) -> Result<Vec<Box<dyn crate::Recipient>>, EncryptError> {
-        match self
-            .state
+        let mut state = self.state.lock().unwrap();
+        match state
+            .deref_mut()
             .take()
+            .expect("We never leave this set to None")
             .decrypt(self.filename.as_deref(), self.callbacks.clone())
         {
             Ok((identities, _)) => {
@@ -124,11 +126,11 @@ impl<R: io::Read, C: Callbacks + Clone + 'static> Identity<R, C> {
                     .map(|entry| entry.to_recipient(self.callbacks.clone()))
                     .collect::<Result<Vec<_>, _>>();
 
-                self.state.set(IdentityState::Decrypted(identities));
+                *state = Some(IdentityState::Decrypted(identities));
                 recipients
             }
             Err(e) => {
-                self.state.set(IdentityState::Poisoned(Some(e.clone())));
+                *state = Some(IdentityState::Poisoned(Some(e.clone())));
                 Err(EncryptError::EncryptedIdentities(e))
             }
         }
@@ -151,12 +153,14 @@ impl<R: io::Read, C: Callbacks + Clone + 'static> Identity<R, C> {
     ) -> Option<Result<age_core::format::FileKey, DecryptError>>
     where
         F: Fn(
-            Result<Box<dyn crate::Identity>, DecryptError>,
+            Result<Box<dyn crate::Identity + Send + Sync>, DecryptError>,
         ) -> Option<Result<age_core::format::FileKey, DecryptError>>,
     {
-        match self
-            .state
+        let mut state = self.state.lock().unwrap();
+        match state
+            .deref_mut()
             .take()
+            .expect("We never leave this set to None")
             .decrypt(self.filename.as_deref(), self.callbacks.clone())
         {
             Ok((identities, requested_passphrase)) => {
@@ -175,18 +179,18 @@ impl<R: io::Read, C: Callbacks + Clone + 'static> Identity<R, C> {
                     ));
                 }
 
-                self.state.set(IdentityState::Decrypted(identities));
+                *state = Some(IdentityState::Decrypted(identities));
                 result
             }
             Err(e) => {
-                self.state.set(IdentityState::Poisoned(Some(e.clone())));
+                *state = Some(IdentityState::Poisoned(Some(e.clone())));
                 Some(Err(e))
             }
         }
     }
 }
 
-impl<R: io::Read, C: Callbacks + Clone + 'static> crate::Identity for Identity<R, C> {
+impl<R: io::Read, C: Callbacks + Clone + Send + Sync + 'static> crate::Identity for Identity<R, C> {
     fn unwrap_stanza(
         &self,
         stanza: &age_core::format::Stanza,
@@ -210,7 +214,7 @@ impl<R: io::Read, C: Callbacks + Clone + 'static> crate::Identity for Identity<R
 
 #[cfg(test)]
 mod tests {
-    use std::{cell::Cell, io::BufReader};
+    use std::{io::BufReader, sync::Mutex};
 
     use secrecy::{ExposeSecret, SecretString};
 
@@ -235,12 +239,17 @@ fOrxrKTj7xCdNS3+OrCdnBC8Z9cKDxjCGWW3fkjLsYha0Jo=
 
     const TEST_RECIPIENT: &str = "age1ysxuaeqlk7xd8uqsh8lsnfwt9jzzjlqf49ruhpjrrj5yatlcuf7qke4pqe";
 
-    #[derive(Clone)]
-    struct MockCallbacks(Cell<Option<&'static str>>);
+    struct MockCallbacks(Mutex<Option<&'static str>>);
+
+    impl Clone for MockCallbacks {
+        fn clone(&self) -> Self {
+            Self(Mutex::new(self.0.lock().unwrap().clone()))
+        }
+    }
 
     impl MockCallbacks {
         fn new(passphrase: &'static str) -> Self {
-            MockCallbacks(Cell::new(Some(passphrase)))
+            MockCallbacks(Mutex::new(Some(passphrase)))
         }
     }
 
@@ -255,7 +264,9 @@ fOrxrKTj7xCdNS3+OrCdnBC8Z9cKDxjCGWW3fkjLsYha0Jo=
 
         /// This intentionally panics if called twice.
         fn request_passphrase(&self, _: &str) -> Option<secrecy::SecretString> {
-            Some(SecretString::new(self.0.take().unwrap().to_owned()))
+            Some(SecretString::new(
+                self.0.lock().unwrap().take().unwrap().to_owned(),
+            ))
         }
     }
 

age/src/identity.rs

@@ -19,8 +19,8 @@ pub enum IdentityFileEntry {
 impl IdentityFileEntry {
     pub(crate) fn into_identity(
         self,
-        callbacks: impl Callbacks + 'static,
-    ) -> Result<Box<dyn crate::Identity>, DecryptError> {
+        callbacks: impl Callbacks + Send + Sync + 'static,
+    ) -> Result<Box<dyn crate::Identity + Send + Sync>, DecryptError> {
         match self {
             IdentityFileEntry::Native(i) => Ok(Box::new(i)),
             #[cfg(feature = "plugin")]

rage/src/bin/rage-mount/main.rs

@@ -281,7 +281,7 @@ fn main() -> Result<(), Error> {
             }
 
             decryptor
-                .decrypt(identities.iter().map(|i| &**i))
+                .decrypt(identities.iter().map(|i| i.as_ref() as &dyn age::Identity))
                 .map_err(|e| e.into())
                 .and_then(|stream| mount_stream(stream, types, mountpoint))
         }

rage/src/bin/rage/main.rs

@@ -422,7 +422,7 @@ fn decrypt(opts: AgeOptions) -> Result<(), error::DecryptError> {
                     &opts.plugin_name,
                     &[plugin::Identity::default_for_plugin(&opts.plugin_name)],
                     UiCallbacks,
-                )?) as Box<dyn Identity>]
+                )?) as Box<dyn Identity + Send + Sync>]
             };
 
             if identities.is_empty() {