#
#
# patch "cmd_key_cert.cc"
#  from [c77148067ed49c1ca6749de2bd32900ebd8331e2]
#    to [ec22023ddd85b5c087bdbd2bed3443a68fe6b1dd]
# 
# patch "cmd_packet.cc"
#  from [db20e73d643a42781dadfe5bfcac021e56998a5f]
#    to [1e8889a5d1085ae2c364f5d58f2bdb16b7d5bea4]
# 
# patch "database_check.cc"
#  from [b0a9902c384be0628ca247149cb88b4e0fc38ed5]
#    to [7ab9c29a4afd98142dbb73d85e4dffdc0b449e58]
# 
# patch "keys.cc"
#  from [de15fab9dd9d0847d13af45aeba6321f785dd9dc]
#    to [c0a07b4c39c1ea1591d8694351659d3a4a5428bd]
# 
# patch "lua_hooks.cc"
#  from [a4d6b05a80590b68c3c3f75da2e718ea74c002f4]
#    to [d1d103f77bf09b74bda1838a6e4dfdb59a81b0aa]
# 
# patch "lua_hooks.hh"
#  from [b49564bdf2a32666d2498360b4d531462e5d7e29]
#    to [b1eeb9b2f6eef6fe389ac28cfe9d12657ee8d3a0]
# 
# patch "netsync.cc"
#  from [7b48f2ea1e68a9d4e9a9e647b80e89492eb03cc6]
#    to [632825f399ff0e1ef520b38fb8b2730606a20735]
# 
# patch "project.cc"
#  from [399a73e5180b71fa74251a603920bff7cff8baef]
#    to [9420c864da2224b567dd700699a3d9b81e4aa30d]
# 
# patch "project.hh"
#  from [dee7f3ecb9b61646c3e8b296e38fa11d6081e763]
#    to [0f53d807f622042c42a122866919c755bf8b3b2a]
# 
# patch "unit-tests/netcmd.cc"
#  from [656a692ebe9213966985a9e075fad9b6fe17a27a]
#    to [56ed8d5af0e7cff22e014cf74af4ac96c5b6b8ed]
# 
# patch "unit-tests/packet.cc"
#  from [8a4117cb466406558be04177454bfde7f3db68cd]
#    to [92ffcd817682815b2f7a77cf287d0fd12fc30d53]
#
============================================================
--- cmd_key_cert.cc	c77148067ed49c1ca6749de2bd32900ebd8331e2
+++ cmd_key_cert.cc	ec22023ddd85b5c087bdbd2bed3443a68fe6b1dd
@@ -61,7 +61,9 @@ CMD(dropkey, "dropkey", "", CMD_REF(key_
 
   key_id ident;
   project_t project(db);
-  project.lookup_key_by_name(typecast_vocab<key_name>(idx(args, 0)), ident);
+  project.lookup_key_by_name(keys,
+                             typecast_vocab<key_name>(idx(args, 0)),
+                             ident);
 
   if (db.database_specified())
     {
============================================================
--- cmd_packet.cc	db20e73d643a42781dadfe5bfcac021e56998a5f
+++ cmd_packet.cc	1e8889a5d1085ae2c364f5d58f2bdb16b7d5bea4
@@ -37,7 +37,9 @@ CMD(pubkey, "pubkey", "", CMD_REF(packet
 
   key_id ident;
   project_t project(db);
-  project.lookup_key_by_name(typecast_vocab<key_name>(idx(args, 0)), ident);
+  project.lookup_key_by_name(keys,
+                             typecast_vocab<key_name>(idx(args, 0)),
+                             ident);
   bool exists(false);
   rsa_pub_key key;
   if (db.database_specified() && db.public_key_exists(ident))
@@ -75,7 +77,7 @@ CMD(privkey, "privkey", "", CMD_REF(pack
 
   key_name name = typecast_vocab<key_name>(idx(args, 0));
   key_id ident;
-  project.lookup_key_by_name(name, ident);
+  project.lookup_key_by_name(keys, name, ident);
   E(keys.key_pair_exists(ident), origin::user,
     F("public and private key '%s' do not exist in keystore")
     % idx(args, 0)());
============================================================
--- database_check.cc	b0a9902c384be0628ca247149cb88b4e0fc38ed5
+++ database_check.cc	7ab9c29a4afd98142dbb73d85e4dffdc0b449e58
@@ -432,17 +432,17 @@ check_keys(database & db,
 
 static void
 check_keys(database & db,
-           map<key_name, checked_key> & checked_keys)
+           map<key_id, checked_key> & checked_keys)
 {
-  vector<key_name> pubkeys;
+  vector<key_id> pubkeys;
 
-  db.get_public_keys(pubkeys);
+  db.get_key_ids(pubkeys);
 
   L(FL("checking %d public keys") % pubkeys.size());
 
   ticker ticks(_("keys"), "k", 1);
 
-  for (vector<key_name>::const_iterator i = pubkeys.begin();
+  for (vector<key_id>::const_iterator i = pubkeys.begin();
        i != pubkeys.end(); ++i)
     {
       db.get_key(*i, checked_keys[*i].pub);
@@ -455,7 +455,7 @@ check_certs(database & db,
 static void
 check_certs(database & db,
             map<revision_id, checked_revision> & checked_revisions,
-            map<key_name, checked_key> & checked_keys,
+            map<key_id, checked_key> & checked_keys,
             size_t & total_certs)
 {
   vector<cert> certs;
@@ -763,10 +763,10 @@ static void
 }
 
 static void
-report_keys(map<key_name, checked_key> const & checked_keys,
+report_keys(map<key_id, checked_key> const & checked_keys,
             size_t & missing_keys)
 {
-  for (map<key_name, checked_key>::const_iterator
+  for (map<key_id, checked_key>::const_iterator
          i = checked_keys.begin(); i != checked_keys.end(); ++i)
     {
       checked_key key = i->second;
@@ -898,7 +898,7 @@ check_db(database & db)
   set<manifest_id> found_manifests;
   map<revision_id, checked_roster> checked_rosters;
   map<revision_id, checked_revision> checked_revisions;
-  map<key_name, checked_key> checked_keys;
+  map<key_id, checked_key> checked_keys;
   map<revision_id, checked_height> checked_heights;
 
   size_t missing_files = 0;
============================================================
--- keys.cc	de15fab9dd9d0847d13af45aeba6321f785dd9dc
+++ keys.cc	c0a07b4c39c1ea1591d8694351659d3a4a5428bd
@@ -137,7 +137,7 @@ get_user_key(options const & opts, lua_h
             }
           else if (!opts.signing_key().empty())
             {
-              project.lookup_key_by_name(opts.signing_key, key);
+              project.lookup_key_by_name(keys, opts.signing_key, key);
             }
         }
       else
@@ -147,7 +147,7 @@ get_user_key(options const & opts, lua_h
               "was given with an empty argument"));
         }
     }
-  else if (lua.hook_get_branch_key(opts.branch, project, key))
+  else if (lua.hook_get_branch_key(opts.branch, keys, project, key))
     ; // the lua hook sets the key
   else
     {
@@ -186,7 +186,7 @@ cache_netsync_key(options const & opts,
         }
       else if (!opts.signing_key().empty())
         {
-          project.lookup_key_by_name(opts.signing_key, key);
+          project.lookup_key_by_name(keys, opts.signing_key, key);
           found_key = true;
         }
     }
============================================================
--- lua_hooks.cc	a4d6b05a80590b68c3c3f75da2e718ea74c002f4
+++ lua_hooks.cc	d1d103f77bf09b74bda1838a6e4dfdb59a81b0aa
@@ -283,6 +283,7 @@ lua_hooks::hook_get_branch_key(branch_na
 
 bool
 lua_hooks::hook_get_branch_key(branch_name const & branchname,
+                               key_store & keys,
                                project_t & project,
                                key_id & k)
 {
@@ -295,7 +296,7 @@ lua_hooks::hook_get_branch_key(branch_na
     .ok();
 
   key_name name(key, origin::user);
-  project.lookup_key_by_name(name, k);
+  project.lookup_key_by_name(keys, name, k);
   return ok;
 }
 
============================================================
--- lua_hooks.hh	b49564bdf2a32666d2498360b4d531462e5d7e29
+++ lua_hooks.hh	b1eeb9b2f6eef6fe389ac28cfe9d12657ee8d3a0
@@ -24,6 +24,7 @@ class app_state;
 
 struct uri;
 class app_state;
+class key_store;
 struct lua_State;
 struct globish;
 struct options;
@@ -50,6 +51,7 @@ public:
   bool hook_expand_selector(std::string const & sel, std::string & exp);
   bool hook_expand_date(std::string const & sel, std::string & exp);
   bool hook_get_branch_key(branch_name const & branchname,
+                           key_store & keys,
                            project_t & project, key_id & k);
   bool hook_get_passphrase(key_name const & name,
                            key_id const & id,
============================================================
--- netsync.cc	7b48f2ea1e68a9d4e9a9e647b80e89492eb03cc6
+++ netsync.cc	632825f399ff0e1ef520b38fb8b2730606a20735
@@ -889,7 +889,7 @@ session::session(options & opts,
        i != opts.keys_to_push.end(); ++i)
     {
       key_id ident;
-      project.lookup_key_by_name(*i, ident);
+      project.lookup_key_by_name(keys, *i, ident);
       keys_to_push.push_back(ident);
     }
 }
============================================================
--- project.cc	399a73e5180b71fa74251a603920bff7cff8baef
+++ project.cc	9420c864da2224b567dd700699a3d9b81e4aa30d
@@ -432,6 +432,88 @@ project_t::put_revision_testresult(key_s
            cert_value(lexical_cast<string>(passed), origin::internal));
 }
 
+void
+project_t::lookup_key_by_name(key_store & keys,
+                              key_name const & name,
+                              key_id & id)
+{
+  try
+    {
+      id = key_id(name(), origin::no_fault);
+    }
+  catch (recoverable_failure &)
+    {
+      // FIXME: try a lua hook first
+      // or lookup in the policy branches (once those are implemented)
+
+      set<key_id> found;
+      vector<key_id> dbkeys;
+      db.get_key_ids(dbkeys);
+      for (vector<key_id>::const_iterator i = dbkeys.begin();
+           i != dbkeys.end(); ++i)
+        {
+          key_name i_name;
+          rsa_pub_key pub;
+          db.get_pubkey(*i, i_name, pub);
+          if (i_name == name)
+            {
+              found.insert(*i);
+            }
+        }
+
+      vector<key_id> storekeys;
+      keys.get_key_ids(storekeys);
+      for (vector<key_id>::const_iterator i = storekeys.begin();
+           i != storekeys.end(); ++i)
+        {
+          key_name i_name;
+          keypair kp;
+          keys.get_key_pair(*i, i_name, kp);
+          if (i_name == name)
+            {
+              found.insert(*i);
+            }
+        }
+      E(!found.empty(), origin::user,
+        F("you don't have a key names '%s'") % name);
+      E(found.size() == 1, origin::user,
+        F("you have %n keys named '%s'") % found.size() % name);
+      id = *found.begin();
+    }
+}
+
+void
+project_t::get_name_of_key(key_store & keys,
+                           key_id const & id,
+                           key_name & name)
+{
+  // FIXME: try a lua hook first
+  // or lookup in the policy branches (once those are implemented)
+  get_canonical_name_of_key(keys, id, name);
+}
+
+void
+project_t::get_canonical_name_of_key(key_store & keys,
+                                     key_id const & id,
+                                     key_name & name)
+{
+  if (db.public_key_exists(id))
+    {
+      rsa_pub_key pub;
+      db.get_pubkey(id, name, pub);
+    }
+  else if (keys.key_pair_exists(id))
+    {
+      keypair kp;
+      keys.get_key_pair(id, name, kp);
+    }
+  else
+    {
+      E(false, origin::internal,
+        F("key %s does not exist") % id);
+    }
+}
+
 // These should maybe be converted to member functions.
 
 string
============================================================
--- project.hh	dee7f3ecb9b61646c3e8b296e38fa11d6081e763
+++ project.hh	0f53d807f622042c42a122866919c755bf8b3b2a
@@ -135,13 +135,15 @@ public:
                             utf8 const & comment);
 
   // lookup the key ID associated with a particular key name
-  void lookup_key_by_name(key_name const & name, key_id & id);
+  void lookup_key_by_name(key_store & keys,
+                          key_name const & name,
+                          key_id & id);
   // the reverse
-  void get_name_of_key(key_store const & keys,
+  void get_name_of_key(key_store & keys,
                        key_id const & id,
                        key_name & name);
   // get the name given when creating the key
-  void get_canonical_name_of_key(key_store const & keys,
+  void get_canonical_name_of_key(key_store & keys,
                                  key_id const & id,
                                  key_name & name);
 };
============================================================
--- unit-tests/netcmd.cc	656a692ebe9213966985a9e075fad9b6fe17a27a
+++ unit-tests/netcmd.cc	56ed8d5af0e7cff22e014cf74af4ac96c5b6b8ed
@@ -153,9 +153,10 @@ UNIT_TEST(functions)
         netcmd out_cmd, in_cmd;
         protocol_role out_role = source_and_sink_role, in_role;
         string buf;
-        id out_client(raw_sha1("happy client day"), origin::internal);
+        key_id out_client(raw_sha1("happy client day"), origin::internal);
         id out_nonce1(raw_sha1("nonce me amadeus"), origin::internal);
-        id in_client, in_nonce1;
+        key_id in_client;
+        id in_nonce1;
         // total cheat, since we don't actually verify that rsa_oaep_sha_data
         // is sensible anywhere here...
         rsa_oaep_sha_data out_key("nonce start my heart"), in_key;
============================================================
--- unit-tests/packet.cc	8a4117cb466406558be04177454bfde7f3db68cd
+++ unit-tests/packet.cc	92ffcd817682815b2f7a77cf287d0fd12fc30d53
@@ -127,7 +127,9 @@ UNIT_TEST(roundabout)
     // cert now accepts revision_id exclusively, so we need to cast the
     // file_id to create a cert to test the packet writer with.
     cert c(typecast_vocab<revision_id>(fid.inner()), cert_name("smell"), val,
-           key_name("address@hidden"), sig);
+           decode_hexenc_as<key_id>("cccccccccccccccccccccccccccccccccccccc",
+                                    origin::internal),
+           sig);
     pw.consume_revision_cert(c);
 
     keypair kp;