Fix a few random errors in the WAKeyring object implementation

Be sure that we don't purge keys if that would leave us with fewer
than three keys.  Fix a few other error reporting issues and one
syntax error in a WebAuth call.

Change-Id: I9bb75de56da3542f8c26ca8eab0814afea06c16a
Reviewed-on: https://gerrit.stanford.edu/714
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>

1 files changed, 4 insertions, 3 deletions

diff --git a/perl/Wallet/Object/WAKeyring.pm b/perl/Wallet/Object/WAKeyring.pm
index 97984d3..b26be58 100644
--- a/perl/Wallet/Object/WAKeyring.pm
+++ b/perl/Wallet/Object/WAKeyring.pm
@@ -50,7 +50,7 @@ sub file_path {
     $name =~ s/([^\w-])/sprintf ('%%%02X', ord ($1))/ge;
     my $parent = "$Wallet::Config::WAKEYRING_BUCKET/$hash";
     unless (-d $parent || mkdir ($parent, 0700)) {
-        $self->error ("cannot create file bucket $hash: $!");
+        $self->error ("cannot create keyring bucket $hash: $!");
         return;
     }
     return "$Wallet::Config::WAKEYRING_BUCKET/$hash/$name";
@@ -83,6 +83,7 @@ sub get {
         return;
     }
     my $path = $self->file_path;
+    return unless defined $path;
 
     # Create a WebAuth context and ensure we can load the relevant modules.
     my $wa = eval { WebAuth->new };
@@ -127,7 +128,7 @@ sub get {
     }
 
     # Read the keyring.
-    my $ring = eval { WebAuth::Keyring->read ($path) };
+    my $ring = eval { WebAuth::Keyring->read ($wa, $path) };
     if ($@) {
         $self->error ("cannot read keyring: $@");
         return;
@@ -172,7 +173,7 @@ sub get {
             $i++;
         }
     }
-    if (@purge) {
+    if (@purge && $count - @purge >= 3) {
         eval {
             for my $key (reverse @purge) {
                 $ring->remove ($key);