slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
24ce3aa2e9
sequoia-sq/tests/integration/sq_pki_link.rs

858 lines
30 KiB
Rust
Raw Normal View History

Change sq pki link retract to use the NULL policy. - Change `sq pki link retract` to use the NULL policy when resolving user IDs. It's safer to retract a link for a user ID than to refuse.
2024-11-25 00:01:06 +03:00
use std::collections::BTreeSet;
Require explicit mode, and align `sq sign` and `sq verify`. - The flag `sq sign --detached` is now called `sq sign --signature-file`. - The flag `sq sign --clearsign` is now called `sq sign --cleartext`. - Both `sq sign` and `sq verify` now require an explicit mode, one of `--signature-file`, `--message`, or `--cleartext`. - Fixes #430.
2024-11-13 13:17:20 +03:00
use std::path::{Path, PathBuf};
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
use std::process::ExitStatus;
Replace once_cell with types from the standard library.
2023-12-06 19:42:48 +03:00
use std::sync::{Mutex, OnceLock};
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
use tempfile::TempDir;
use sequoia_openpgp as openpgp;
Change sq pki certify to use a named argument for the certificate. - `sq pki certify` uses a positional argument to specify the certificate to certify. Change it to be a named argument, either `--cert`, or `--cert-file`. - See #318.
2024-10-11 17:27:52 +03:00
use openpgp::KeyHandle;
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
use openpgp::Result;
use openpgp::Cert;
Change sq pki link retract to use the NULL policy. - Change `sq pki link retract` to use the NULL policy when resolving user IDs. It's safer to retract a link for a user ID than to refuse.
2024-11-25 00:01:06 +03:00
use openpgp::parse::Parse;
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
Change sq pki certify to use a named argument for the certificate. - `sq pki certify` uses a positional argument to specify the certificate to certify. Change it to be a named argument, either `--cert`, or `--cert-file`. - See #318.
2024-10-11 17:27:52 +03:00
use super::common::FileOrKeyHandle;
tests: Abstract user ID argument passing. - Add a new type, `UserIDArg`, which represents a user ID argument. - Change functions that take user IDs like `Sq::key_generate` to use it.
2024-11-13 11:20:18 +03:00
use super::common::NO_USERIDS;
use super::common::Sq;
Change sq pki link retract to use the NULL policy. - Change `sq pki link retract` to use the NULL policy when resolving user IDs. It's safer to retract a link for a user ID than to refuse.
2024-11-25 00:01:06 +03:00
use super::common::STANDARD_POLICY;
Change --add-userid from a flag to two arguments. - `sq pki link add`, `sq pki link authorize`, `sq pki vouch certify`, and `sq pki vouch authorize` have a `--add-userid` flag. - Replace the `--add-userid` flag with an `--add-userid` argument, and an `--add-email` argument. - This change means that a flag does not change how an argument is interpreted. It also makes it more explicit whether a user ID should be added, because `--userid` and `--email` could be given multiple times. - See #309 and #318.
2024-11-13 14:48:33 +03:00
use super::common::UserIDArg;
tests: Abstract user ID argument passing. - Add a new type, `UserIDArg`, which represents a user ID argument. - Change functions that take user IDs like `Sq::key_generate` to use it.
2024-11-13 11:20:18 +03:00
use super::common::artifact;
Change sq pki certify to use a named argument for the certificate. - `sq pki certify` uses a positional argument to specify the certificate to certify. Change it to be a named argument, either `--cert`, or `--cert-file`. - See #318.
2024-10-11 17:27:52 +03:00
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// We are going to replace certifications, and we want to make sure
// that the newest one is the active one. This means ensuring that
// the newer one has a newer timestamp. To avoid sleeping for a
// second, the resolution of the time stamp, we pass an explicit time
// to each operation.
//
// This function drives the clock forward, and ensures that every
// operation "happens" at a different point in time.
Replace once_cell with types from the standard library.
2023-12-06 19:42:48 +03:00
static TIME: OnceLock<Mutex<chrono::DateTime<chrono::Utc>>> = OnceLock::new();
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
fn tick() -> String {
let t = TIME.get_or_init(|| Mutex::new(chrono::Utc::now()));
let mut t = t.lock().unwrap();
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
*t = *t + chrono::Duration::seconds(10);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
t.format("%Y-%m-%dT%H:%M:%SZ").to_string()
}
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
// Returns the "current" time.
fn now() -> chrono::DateTime<chrono::Utc> {
*TIME.get_or_init(|| Mutex::new(chrono::Utc::now())).lock().unwrap()
}
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// Verifies a signed message.
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
fn sq_verify(sq: &Sq,
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
time: Option<chrono::DateTime<chrono::Utc>>,
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
trust_roots: &[&str],
signer_files: &[&str],
msg_pgp: &str,
Rework signature verification output. - Signature verification output is confusing. The main problem is the terminology. It talks about "good signatures", "good checksums", and "bad checksums," but it is unclear what good or bad means, and what a checksum is. Instead, talk about "authenticated signatures," "unauthenticated signatures," and completely drop the term "checksum" and just say that the certificate for the alleged signer is missing. - Fixes #4.
2024-10-30 11:41:04 +03:00
authenticated_sigs: usize, unauthenticated_sigs: usize)
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
{
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let mut cmd = sq.command();
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
for trust_root in trust_roots {
cmd.args(&["--trust-root", trust_root]);
}
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
let time = if let Some(time) = time {
time.format("%Y-%m-%dT%H:%M:%SZ").to_string()
} else {
tick()
};
Require explicit mode, and align `sq sign` and `sq verify`. - The flag `sq sign --detached` is now called `sq sign --signature-file`. - The flag `sq sign --clearsign` is now called `sq sign --cleartext`. - Both `sq sign` and `sq verify` now require an explicit mode, one of `--signature-file`, `--message`, or `--cleartext`. - Fixes #430.
2024-11-13 13:17:20 +03:00
cmd.args(["verify", "--message", "--time", &time]);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
for signer_file in signer_files {
cmd.args(&["--signer-file", signer_file]);
}
cmd.arg(msg_pgp);
eprintln!("{:?}", cmd);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let output = sq.run(cmd, None);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
let status = output.status;
let stdout = String::from_utf8_lossy(&output.stdout).to_string();
let stderr = String::from_utf8_lossy(&output.stderr).to_string();
Rework signature verification output. - Signature verification output is confusing. The main problem is the terminology. It talks about "good signatures", "good checksums", and "bad checksums," but it is unclear what good or bad means, and what a checksum is. Instead, talk about "authenticated signatures," "unauthenticated signatures," and completely drop the term "checksum" and just say that the certificate for the alleged signer is missing. - Fixes #4.
2024-10-30 11:41:04 +03:00
if authenticated_sigs > 0 {
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
assert!(status.success(),
"\nstdout:\n{}\nstderr:\n{}",
stdout, stderr);
Rework signature verification output. - Signature verification output is confusing. The main problem is the terminology. It talks about "good signatures", "good checksums", and "bad checksums," but it is unclear what good or bad means, and what a checksum is. Instead, talk about "authenticated signatures," "unauthenticated signatures," and completely drop the term "checksum" and just say that the certificate for the alleged signer is missing. - Fixes #4.
2024-10-30 11:41:04 +03:00
assert!(stderr.contains(&format!("{} authenticated signature",
authenticated_sigs)),
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
"stdout:\n{}\nstderr:\n{}",
stdout, stderr);
} else {
assert!(! status.success(),
"\nstdout:\n{}\nstderr:\n{}",
stdout, stderr);
}
Rework signature verification output. - Signature verification output is confusing. The main problem is the terminology. It talks about "good signatures", "good checksums", and "bad checksums," but it is unclear what good or bad means, and what a checksum is. Instead, talk about "authenticated signatures," "unauthenticated signatures," and completely drop the term "checksum" and just say that the certificate for the alleged signer is missing. - Fixes #4.
2024-10-30 11:41:04 +03:00
if unauthenticated_sigs > 0 {
assert!(stderr.contains(&format!("{} unauthenticated signature",
unauthenticated_sigs)),
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
"stdout:\n{}\nstderr:\n{}", stdout, stderr);
}
}
// Links a User ID and a certificate.
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
fn sq_link(sq: &Sq,
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
cert: &str, userids: &[&str], emails: &[&str], more_args: &[&str],
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
success: bool)
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
-> (ExitStatus, String, String)
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
{
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let mut cmd = sq.command();
Change sq pki link add to use a named argument for the certificate. - `sq pki link add` uses a positional argument to specify the certificate to link. Change it to be a named argument, `--cert`. - See #318.
2024-10-15 14:17:57 +03:00
cmd.args(&["pki", "link", "add", "--time", &tick()]);
cmd.arg("--cert").arg(cert);
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
for userid in userids {
cmd.arg("--userid").arg(userid);
}
for email in emails {
cmd.arg("--email").arg(email);
}
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
cmd.args(more_args);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let output = sq.run(cmd, None);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
let stdout = String::from_utf8_lossy(&output.stdout).to_string();
let stderr = String::from_utf8_lossy(&output.stderr).to_string();
if success {
assert!(output.status.success(),
Move sq link to sq pki.
2024-01-17 12:47:41 +03:00
"'sq pki link add' failed unexpectedly\
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
\nstdout:\n{}\nstderr:\n{}",
stdout, stderr);
} else {
assert!(! output.status.success(),
Move sq link to sq pki.
2024-01-17 12:47:41 +03:00
"'sq pki link add' succeeded unexpectedly\
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
\nstdout:\n{}\nstderr:\n{}",
stdout, stderr);
}
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
(output.status, stdout, stderr)
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
}
Remove sq pki link retract's positional argument for specifying a user ID. - `sq pki link retract` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:11:21 +03:00
fn sq_retract(sq: &Sq, cert: &str, userids: &[&str], emails: &[&str])
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
-> (ExitStatus, String, String)
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
{
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let mut cmd = sq.command();
Change sq pki link retract to use a named argument for the certificate. - `sq pki link retract` uses a positional argument to specify the certificate to retract. Change it to be a named argument, `--cert`. - See #318.
2024-10-15 14:26:57 +03:00
cmd.args(&["pki", "link", "retract", "--time", &tick(), "--cert", cert]);
Remove sq pki link retract's positional argument for specifying a user ID. - `sq pki link retract` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:11:21 +03:00
for userid in userids {
cmd.arg("--userid").arg(userid);
}
for email in emails {
cmd.arg("--email").arg(email);
}
Align user ID designators in `sq pki link retract`. - User IDs have to be explicitly given, or `--all` has to be used to select them all (this was previously the default). - This aligns the retract subcommand with the other link and vouch management commands. - Fixes #442.
2024-11-28 19:38:52 +03:00
if userids.is_empty() && emails.is_empty() {
cmd.arg("--all");
}
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
eprintln!("{:?}", cmd);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let output = sq.run(cmd, true);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
let stdout = String::from_utf8_lossy(&output.stdout).to_string();
let stderr = String::from_utf8_lossy(&output.stderr).to_string();
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
(output.status, stdout, stderr)
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
}
// Certifies a binding.
//
// The certification is imported into the cert store.
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
fn sq_certify(sq: &Sq,
Change sq pki certify to use a named argument for the user ID. - `sq pki certify` uses a positional argument to specify the user ID to certify. Change it to be a named argument, either `--userid`, or `--email`. - This changes the meaning of `--email` from a flag that changes how `--userid` interprets its argument, to an argument. - This also allows multiple user IDs to be specified at once. - See #318.
2024-10-11 14:45:31 +03:00
certifier: &str, cert: &str, userid: &str,
Add new subcommand sq pki authorize. - Previously `sq pki certify` could create certifications, and mark a certificate as a trusted introducer (when the user set `--depth` to be greater than zero). Anecdotal evidence indicates that combining these two actions in a single command is confusing. - Split the latter functionality off, and put it in a new subcommand, `sq pki authorize`. - See https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/249#note_1865470753
2024-10-14 11:42:14 +03:00
trust_amount: Option<usize>)
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
{
Change sq pki certify to use a named argument for the user ID. - `sq pki certify` uses a positional argument to specify the user ID to certify. Change it to be a named argument, either `--userid`, or `--email`. - This changes the meaning of `--email` from a flag that changes how `--userid` interprets its argument, to an argument. - This also allows multiple user IDs to be specified at once. - See #318.
2024-10-11 14:45:31 +03:00
let mut extra_args = Vec::new();
let trust_amount_;
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
if let Some(trust_amount) = trust_amount {
Change sq pki certify to use a named argument for the user ID. - `sq pki certify` uses a positional argument to specify the user ID to certify. Change it to be a named argument, either `--userid`, or `--email`. - This changes the meaning of `--email` from a flag that changes how `--userid` interprets its argument, to an argument. - This also allows multiple user IDs to be specified at once. - See #318.
2024-10-11 14:45:31 +03:00
extra_args.push("--amount");
trust_amount_ = format!("{}", trust_amount);
extra_args.push(&trust_amount_);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
}
Add new subcommand sq pki authorize. - Previously `sq pki certify` could create certifications, and mark a certificate as a trusted introducer (when the user set `--depth` to be greater than zero). Anecdotal evidence indicates that combining these two actions in a single command is confusing. - Split the latter functionality off, and put it in a new subcommand, `sq pki authorize`. - See https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/249#note_1865470753
2024-10-14 11:42:14 +03:00
let certification = sq.scratch_file(Some(&format!(
"certification {} {} by {}", cert, userid, certifier)[..]));
let cert = if let Ok(kh) = cert.parse::<KeyHandle>() {
kh.into()
} else {
FileOrKeyHandle::FileOrStdin(cert.into())
};
Rename `sq pki vouch certify` to `sq pki vouch add`. - This makes it consistent with `sq pki link add` and all the other commands that add components to certs. - Fixes #433.
2024-11-20 13:54:50 +03:00
sq.pki_vouch_add(&extra_args, certifier, cert, &[userid],
Move sq pki {certify,authorize} under sq pki vouch. - Move `sq pki certify` and `sq pki authorize` under `sq pki vouch`. - This mirrors `sq pki link`.
2024-10-17 18:35:14 +03:00
Some(certification.as_path()));
Add new subcommand sq pki authorize. - Previously `sq pki certify` could create certifications, and mark a certificate as a trusted introducer (when the user set `--depth` to be greater than zero). Anecdotal evidence indicates that combining these two actions in a single command is confusing. - Split the latter functionality off, and put it in a new subcommand, `sq pki authorize`. - See https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/249#note_1865470753
2024-10-14 11:42:14 +03:00
sq.cert_import(&certification);
}
fn sq_authorize(sq: &Sq,
certifier: &str, cert: &str, userid: &str,
trust_amount: Option<usize>, depth: Option<usize>)
{
let mut extra_args = vec![ "--unconstrained" ];
let trust_amount_;
if let Some(trust_amount) = trust_amount {
extra_args.push("--amount");
trust_amount_ = format!("{}", trust_amount);
extra_args.push(&trust_amount_);
}
Change sq pki certify to use a named argument for the user ID. - `sq pki certify` uses a positional argument to specify the user ID to certify. Change it to be a named argument, either `--userid`, or `--email`. - This changes the meaning of `--email` from a flag that changes how `--userid` interprets its argument, to an argument. - This also allows multiple user IDs to be specified at once. - See #318.
2024-10-11 14:45:31 +03:00
let depth_;
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
if let Some(depth) = depth {
Change sq pki certify to use a named argument for the user ID. - `sq pki certify` uses a positional argument to specify the user ID to certify. Change it to be a named argument, either `--userid`, or `--email`. - This changes the meaning of `--email` from a flag that changes how `--userid` interprets its argument, to an argument. - This also allows multiple user IDs to be specified at once. - See #318.
2024-10-11 14:45:31 +03:00
extra_args.push("--depth");
depth_ = format!("{}", depth);
extra_args.push(&depth_);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
}
Change sq pki certify to use a named argument for the user ID. - `sq pki certify` uses a positional argument to specify the user ID to certify. Change it to be a named argument, either `--userid`, or `--email`. - This changes the meaning of `--email` from a flag that changes how `--userid` interprets its argument, to an argument. - This also allows multiple user IDs to be specified at once. - See #318.
2024-10-11 14:45:31 +03:00
let certification = sq.scratch_file(Some(&format!(
"certification {} {} by {}", cert, userid, certifier)[..]));
Change sq pki certify to use a named argument for the certificate. - `sq pki certify` uses a positional argument to specify the certificate to certify. Change it to be a named argument, either `--cert`, or `--cert-file`. - See #318.
2024-10-11 17:27:52 +03:00
let cert = if let Ok(kh) = cert.parse::<KeyHandle>() {
kh.into()
} else {
FileOrKeyHandle::FileOrStdin(cert.into())
};
Move sq pki {certify,authorize} under sq pki vouch. - Move `sq pki certify` and `sq pki authorize` under `sq pki vouch`. - This mirrors `sq pki link`.
2024-10-17 18:35:14 +03:00
sq.pki_vouch_authorize(&extra_args, certifier, cert, &[userid],
Some(certification.as_path()));
Change sq pki certify to use a named argument for the user ID. - `sq pki certify` uses a positional argument to specify the user ID to certify. Change it to be a named argument, either `--userid`, or `--email`. - This changes the meaning of `--email` from a flag that changes how `--userid` interprets its argument, to an argument. - This also allows multiple user IDs to be specified at once. - See #318.
2024-10-11 14:45:31 +03:00
sq.cert_import(&certification);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
}
// Verify signatures using the acceptance machinery.
#[test]
Rename integration tests to match the subcommand being tested. - Rename the files and the tests to reflect the subcommands actually being tested.
2024-08-22 12:30:26 +03:00
fn sq_pki_link_add_retract() -> Result<()> {
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let sq = Sq::new();
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
let dir = TempDir::new()?;
let certd = dir.path().join("cert.d").display().to_string();
std::fs::create_dir(&certd).expect("mkdir works");
struct Data {
key_file: String,
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
cert: Cert, // unused
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
sig_file: String,
}
// Four certificates.
let alice_userid = "<alice@example.org>";
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let (alice, alice_pgp, _) = sq.key_generate(&[], &[alice_userid]);
sq.cert_import(&alice_pgp);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
let alice = Data {
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
key_file: alice_pgp.display().to_string(),
cert: alice,
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
sig_file: dir.path().join("alice.sig").display().to_string(),
};
let alice_fpr = alice.cert.fingerprint().to_string();
let bob_userid = "<bob@example.org>";
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let (bob, bob_pgp, _) = sq.key_generate(&[], &[bob_userid]);
sq.cert_import(&bob_pgp);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
let bob = Data {
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
key_file: bob_pgp.display().to_string(),
cert: bob,
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
sig_file: dir.path().join("bob.sig").display().to_string(),
};
let bob_fpr = bob.cert.fingerprint().to_string();
let carol_userid = "<carol@example.org>";
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let (carol, carol_pgp, _) = sq.key_generate(&[], &[carol_userid]);
sq.cert_import(&carol_pgp);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
let carol = Data {
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
key_file: carol_pgp.display().to_string(),
cert: carol,
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
sig_file: dir.path().join("carol.sig").display().to_string(),
};
let carol_fpr = carol.cert.fingerprint().to_string();
let dave_userid = "<dave@other.org>";
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let (dave, dave_pgp, _) = sq.key_generate(&[], &[dave_userid]);
sq.cert_import(&dave_pgp);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
let dave = Data {
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
key_file: dave_pgp.display().to_string(),
cert: dave,
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
sig_file: dir.path().join("dave.sig").display().to_string(),
};
let dave_fpr = dave.cert.fingerprint().to_string();
let data: &[&Data] = &[ &alice, &bob, &carol, &dave ][..];
// Have each certificate sign a message.
for data in data.iter() {
Require explicit mode, and align `sq sign` and `sq verify`. - The flag `sq sign --detached` is now called `sq sign --signature-file`. - The flag `sq sign --clearsign` is now called `sq sign --cleartext`. - Both `sq sign` and `sq verify` now require an explicit mode, one of `--signature-file`, `--message`, or `--cleartext`. - Fixes #430.
2024-11-13 13:17:20 +03:00
sq.sign_args(
&["--time", &tick()],
PathBuf::from(data.key_file.as_str()), None,
&artifact("messages/a-cypherpunks-manifesto.txt"),
PathBuf::from(data.sig_file.clone()).as_path());
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
}
// None of the certificates can be authenticated so verifying the
// messages should fail.
for data in data.iter() {
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &data.sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
}
// Have Alice certify Bob as a trusted introducer and have Bob
// certify Carol.
Add new subcommand sq pki authorize. - Previously `sq pki certify` could create certifications, and mark a certificate as a trusted introducer (when the user set `--depth` to be greater than zero). Anecdotal evidence indicates that combining these two actions in a single command is confusing. - Split the latter functionality off, and put it in a new subcommand, `sq pki authorize`. - See https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/249#note_1865470753
2024-10-14 11:42:14 +03:00
sq_authorize(&sq, &alice.key_file,
&bob.cert.fingerprint().to_string(), bob_userid,
None, Some(1));
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_certify(&sq, &bob.key_file,
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
&carol.cert.fingerprint().to_string(), carol_userid,
Add new subcommand sq pki authorize. - Previously `sq pki certify` could create certifications, and mark a certificate as a trusted introducer (when the user set `--depth` to be greater than zero). Anecdotal evidence indicates that combining these two actions in a single command is confusing. - Split the latter functionality off, and put it in a new subcommand, `sq pki authorize`. - See https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/249#note_1865470753
2024-10-14 11:42:14 +03:00
None);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// We should be able to verify Alice's, Bob's and Carol's
// signatures Alice as the trust root. And Bob's and Carols' with
// Bob as the trust root.
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[&alice_fpr], &[], &alice.sig_file, 1, 0);
sq_verify(&sq, None, &[&alice_fpr], &[], &bob.sig_file, 1, 0);
sq_verify(&sq, None, &[&alice_fpr], &[], &carol.sig_file, 1, 0);
sq_verify(&sq, None, &[&alice_fpr], &[], &dave.sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[&bob_fpr], &[], &alice.sig_file, 0, 1);
sq_verify(&sq, None, &[&bob_fpr], &[], &bob.sig_file, 1, 0);
sq_verify(&sq, None, &[&bob_fpr], &[], &carol.sig_file, 1, 0);
sq_verify(&sq, None, &[&bob_fpr], &[], &dave.sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[&carol_fpr], &[], &alice.sig_file, 0, 1);
sq_verify(&sq, None, &[&carol_fpr], &[], &bob.sig_file, 0, 1);
sq_verify(&sq, None, &[&carol_fpr], &[], &carol.sig_file, 1, 0);
sq_verify(&sq, None, &[&carol_fpr], &[], &dave.sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[&dave_fpr], &[], &alice.sig_file, 0, 1);
sq_verify(&sq, None, &[&dave_fpr], &[], &bob.sig_file, 0, 1);
sq_verify(&sq, None, &[&dave_fpr], &[], &carol.sig_file, 0, 1);
sq_verify(&sq, None, &[&dave_fpr], &[], &dave.sig_file, 1, 0);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// Let's accept Alice, but not (yet) as a trusted introducer. We
// should now be able to verify Alice's signature, but not Bob's.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
sq_link(&sq, &alice_fpr, &[ &alice_userid ], &[], &[], true);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &alice.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &bob.sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// Accept Alice as a trusted introducer. We should be able to
// verify Alice, Bob, and Carol's signatures.
Split authorization functionality out of sq pki link add. - Split authorization functionality out of `sq pki link add` into a new command, `sq pki link authorize`. - Align `sq pki link authorize`'s arguments with `sq pki authorize` arguments.
2024-10-17 14:46:16 +03:00
sq.pki_link_authorize(&["--time", &tick(), "--unconstrained"],
alice.cert.key_handle(),
&[ &alice_userid ]);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &alice.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &bob.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &carol.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &dave.sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// Retract the acceptance for Alice. If we don't specify a trust
// root, none of the signatures should verify.
Remove sq pki link retract's positional argument for specifying a user ID. - `sq pki link retract` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:11:21 +03:00
sq_retract(&sq, &alice_fpr, &[ &alice_userid ], &[]);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
for data in data.iter() {
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &data.sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
}
// Accept Alice as a trusted introducer again. We should be able
// to verify Alice, Bob, and Carol's signatures.
Split authorization functionality out of sq pki link add. - Split authorization functionality out of `sq pki link add` into a new command, `sq pki link authorize`. - Align `sq pki link authorize`'s arguments with `sq pki authorize` arguments.
2024-10-17 14:46:16 +03:00
sq.pki_link_authorize(&["--time", &tick(), "--unconstrained"],
alice.cert.key_handle(),
&[ &alice_userid ]);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &alice.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &bob.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &carol.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &dave.sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// Have Bob certify Dave. Now Dave's signature should also
// verify.
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_certify(&sq, &bob.key_file,
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
&dave.cert.fingerprint().to_string(), dave_userid,
Add new subcommand sq pki authorize. - Previously `sq pki certify` could create certifications, and mark a certificate as a trusted introducer (when the user set `--depth` to be greater than zero). Anecdotal evidence indicates that combining these two actions in a single command is confusing. - Split the latter functionality off, and put it in a new subcommand, `sq pki authorize`. - See https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/249#note_1865470753
2024-10-14 11:42:14 +03:00
None);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &alice.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &bob.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &carol.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &dave.sig_file, 1, 0);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// Change Alice's acceptance to just be a normal certification.
// We should only be able to verify her signature.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
sq_link(&sq, &alice_fpr, &[ &alice_userid ], &[], &[], true);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &alice.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &bob.sig_file, 0, 1);
sq_verify(&sq, None, &[], &[], &carol.sig_file, 0, 1);
sq_verify(&sq, None, &[], &[], &dave.sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// Change Alice's acceptance to be a ca, but only for example.org,
// i.e., not for Dave.
Split authorization functionality out of sq pki link add. - Split authorization functionality out of `sq pki link add` into a new command, `sq pki link authorize`. - Align `sq pki link authorize`'s arguments with `sq pki authorize` arguments.
2024-10-17 14:46:16 +03:00
sq.pki_link_authorize(&["--time", &tick(), "--domain", "example.org"],
alice.cert.key_handle(),
&[ &alice_userid ]);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &alice.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &bob.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &carol.sig_file, 1, 0);
sq_verify(&sq, None, &[], &[], &dave.sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
// A fifth certificate.
let (ed, ed_pgp, _) = sq.key_generate(
&["--allow-non-canonical-userids"],
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
&[
"Ed <ed@example.org>",
"Eddie <ed@example.org>",
// This is not considered to be an email address as
// it is not wrapped in angle brackets.
"ed@some.org",
// But this is.
"<ed@other.org>",
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
]);
sq.cert_import(&ed_pgp);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
let ed_fpr = ed.fingerprint().to_string();
Require explicit mode, and align `sq sign` and `sq verify`. - The flag `sq sign --detached` is now called `sq sign --signature-file`. - The flag `sq sign --clearsign` is now called `sq sign --cleartext`. - Both `sq sign` and `sq verify` now require an explicit mode, one of `--signature-file`, `--message`, or `--cleartext`. - Fixes #430.
2024-11-13 13:17:20 +03:00
let ed_sig_file = dir.path().join("ed.sig");
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
Require explicit mode, and align `sq sign` and `sq verify`. - The flag `sq sign --detached` is now called `sq sign --signature-file`. - The flag `sq sign --clearsign` is now called `sq sign --cleartext`. - Both `sq sign` and `sq verify` now require an explicit mode, one of `--signature-file`, `--message`, or `--cleartext`. - Fixes #430.
2024-11-13 13:17:20 +03:00
sq.sign_args(
&["--time", &tick()],
&ed_pgp, None,
&artifact("messages/a-cypherpunks-manifesto.txt"),
ed_sig_file.as_path());
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// If we don't use --petname, than a self-signed User ID must
// exist.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
sq_link(&sq, &ed_fpr, &[ "bob@example.com" ], &[], &[], false);
Require explicit mode, and align `sq sign` and `sq verify`. - The flag `sq sign --detached` is now called `sq sign --signature-file`. - The flag `sq sign --clearsign` is now called `sq sign --cleartext`. - Both `sq sign` and `sq verify` now require an explicit mode, one of `--signature-file`, `--message`, or `--cleartext`. - Fixes #430.
2024-11-13 13:17:20 +03:00
let ed_sig_file = ed_sig_file.display().to_string();
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &ed_sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
sq_link(&sq, &ed_fpr, &[], &[ "bob@example.com" ], &[], false);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &ed_sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// We should only create links if all the supplied User IDs are
// valid.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
sq_link(&sq, &ed_fpr, &["ed@some.org", "bob@example.com"], &[], &[], false);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &ed_sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
sq_link(&sq, &ed_fpr, &["ed@some.org"], &["bob@example.com"], &[], false);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &ed_sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// Pass an email address to --userid. This shouldn't match
// either.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
sq_link(&sq, &ed_fpr, &["ed@other.org"], &[], &[], false);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &ed_sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// Link all User IDs individually.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
sq_link(&sq, &ed_fpr,
Change --email and --add-email to only match user IDs unambiguously. - Commands like `sq pki vouch certify` allow designating a user ID by email address. Currently, if multiple self-signed user IDs include the specified email address, all are used. Change the semantics of `--email` and --add-email` to only match unambiguously. - Fixes #309.
2024-11-13 16:07:44 +03:00
&["ed@some.org", "Ed <ed@example.org>", "Eddie <ed@example.org>"],
&["ed@other.org"],
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
&[], true);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &ed_sig_file, 1, 0);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// Retract the links one at a time.
Remove sq pki link retract's positional argument for specifying a user ID. - `sq pki link retract` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:11:21 +03:00
sq_retract(&sq, &ed_fpr, &[], &[ "ed@other.org" ]);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &ed_sig_file, 1, 0);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
Remove sq pki link retract's positional argument for specifying a user ID. - `sq pki link retract` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:11:21 +03:00
sq_retract(&sq, &ed_fpr, &[ "Ed <ed@example.org>" ], &[]);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &ed_sig_file, 1, 0);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
Remove sq pki link retract's positional argument for specifying a user ID. - `sq pki link retract` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:11:21 +03:00
sq_retract(&sq, &ed_fpr, &[ "Eddie <ed@example.org>" ], &[]);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &ed_sig_file, 1, 0);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
Remove sq pki link retract's positional argument for specifying a user ID. - `sq pki link retract` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:11:21 +03:00
sq_retract(&sq, &ed_fpr, &[ "ed@some.org" ], &[]);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
// Now the certificate should no longer be authenticated.
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &ed_sig_file, 0, 1);
Add sq link - Add new commands `sq link add` and `sq link retract` to certify bindings using the cert-d's trust root, if any.
2023-03-22 13:11:34 +03:00
Ok(())
}
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
// Set the different parameters. When the parameters are the same,
// make sure no certifications are written; when they are different
// make sure the file changed.
#[test]
Rename integration tests to match the subcommand being tested. - Rename the files and the tests to reflect the subcommands actually being tested.
2024-08-22 12:30:26 +03:00
fn sq_pki_link_update_detection() -> Result<()> {
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let sq = Sq::new();
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
let alice_userid = "<alice@example.org>";
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let (alice, alice_pgp, _) = sq.key_generate(&[], &[alice_userid]);
sq.cert_import(&alice_pgp);
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
let alice_fpr = alice.fingerprint().to_string();
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let alice_cert_pgp = sq.certd()
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
.join(&alice_fpr[0..2].to_ascii_lowercase())
.join(&alice_fpr[2..].to_ascii_lowercase());
// Reads and returns file. Asserts that old and the new contexts
// are the same (or not).
let compare = |old: Vec<u8>, file: &Path, same: bool| -> Vec<u8> {
let new = std::fs::read(file).unwrap();
if same {
assert_eq!(old, new, "file unexpectedly changed");
} else {
assert_ne!(old, new, "file unexpectedly stayed the same");
}
new
};
let bytes = std::fs::read(&alice_cert_pgp).unwrap();
// Retract it. There is nothing to retract (but this doesn't fail).
Remove sq pki link retract's positional argument for specifying a user ID. - `sq pki link retract` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:11:21 +03:00
let output = sq_retract(&sq, &alice_fpr, &[], &[]);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("You never certified"),
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, true);
// Link it.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
sq_link(&sq, &alice_fpr, &[], &[], &["--all"], true);
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
let bytes = compare(bytes, &alice_cert_pgp, false);
// As no parameters changed, this should succeeded, but no
// certification should be written.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
let output = sq_link(&sq, &alice_fpr, &[], &[], &["--all"], true);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("Certification parameters are unchanged"),
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, true);
// Make Alice a CA.
Align user ID designators in `sq pki {link,vouch} {add,authorize}`. - Align user ID designators across these four commands. Previously, `--all` was implied for the authorize commands if no user ID designator was given. - However, this is problematic for the following reasons: - First, it is inconsistent across the commands. - Second, while CAs can add any name to their cert because they are CAs, those certifications are subject to constraints, such as domain constraints, or the amount. But, the link we add fully authenticates the current user IDs, which may not be what the user wants, so it should require explicit consent. - Third, making this implicit again is easier than going from implicit to explicit, which breaks existing users. - Fixes #442.
2024-11-27 14:44:13 +03:00
sq.pki_link_authorize(&["--time", &tick(), "--unconstrained", "--all"],
Split authorization functionality out of sq pki link add. - Split authorization functionality out of `sq pki link add` into a new command, `sq pki link authorize`. - Align `sq pki link authorize`'s arguments with `sq pki authorize` arguments.
2024-10-17 14:46:16 +03:00
alice.key_handle(),
tests: Abstract user ID argument passing. - Add a new type, `UserIDArg`, which represents a user ID argument. - Change functions that take user IDs like `Sq::key_generate` to use it.
2024-11-13 11:20:18 +03:00
NO_USERIDS);
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
let bytes = compare(bytes, &alice_cert_pgp, false);
Split authorization functionality out of sq pki link add. - Split authorization functionality out of `sq pki link add` into a new command, `sq pki link authorize`. - Align `sq pki link authorize`'s arguments with `sq pki authorize` arguments.
2024-10-17 14:46:16 +03:00
sq.pki_link_authorize(&["--time", &tick(), "--unconstrained", "--all"],
alice.key_handle(),
tests: Abstract user ID argument passing. - Add a new type, `UserIDArg`, which represents a user ID argument. - Change functions that take user IDs like `Sq::key_generate` to use it.
2024-11-13 11:20:18 +03:00
NO_USERIDS);
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
let bytes = compare(bytes, &alice_cert_pgp, true);
// Make her a partially trusted CA.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
let output = sq_link(&sq, &alice_fpr, &[], &[],
Add --all option to sq link add. - If the user doesn't specify any User IDs, don't link all self-signed User IDs. Print out the self-signed User IDs and prompt the user to specify `--all` or just the ones they want to link.
2023-04-05 12:11:26 +03:00
&["--amount", "30", "--all"], true);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("was previously"),
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, false);
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
let output = sq_link(&sq, &alice_fpr, &[], &[],
Add --all option to sq link add. - If the user doesn't specify any User IDs, don't link all self-signed User IDs. Print out the self-signed User IDs and prompt the user to specify `--all` or just the ones they want to link.
2023-04-05 12:11:26 +03:00
&["--amount", "30", "--all"], true);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("Certification parameters are unchanged"),
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, true);
// Retract the link.
Remove sq pki link retract's positional argument for specifying a user ID. - `sq pki link retract` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:11:21 +03:00
let output = sq_retract(&sq, &alice_fpr, &[], &[]);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("was previously"),
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, false);
Remove sq pki link retract's positional argument for specifying a user ID. - `sq pki link retract` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:11:21 +03:00
let output = sq_retract(&sq, &alice_fpr, &[], &[]);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("Certification parameters are unchanged"),
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, true);
// Link it again.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
let output = sq_link(&sq, &alice_fpr, &[], &[],
Split authorization functionality out of sq pki link add. - Split authorization functionality out of `sq pki link add` into a new command, `sq pki link authorize`. - Align `sq pki link authorize`'s arguments with `sq pki authorize` arguments.
2024-10-17 14:46:16 +03:00
&["--amount", "10", "--all"], true);
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
assert!(output.2.contains("was retracted"),
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, false);
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
let output = sq_link(&sq, &alice_fpr, &[], &[],
Split authorization functionality out of sq pki link add. - Split authorization functionality out of `sq pki link add` into a new command, `sq pki link authorize`. - Align `sq pki link authorize`'s arguments with `sq pki authorize` arguments.
2024-10-17 14:46:16 +03:00
&["--amount", "10", "--all"], true);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("Certification parameters are unchanged"),
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, true);
// Use a notation.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
let output = sq_link(&sq, &alice_fpr, &[], &[],
Rename --notation to --signature-notation. - This aligns with `sq encrypt --signature-notation` and makes it clearer that notations are being put on signatures. - Fixes #454.
2024-11-21 13:38:59 +03:00
&["--signature-notation", "foo", "10", "--all"], true);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("was previously"),
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, false);
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
let output = sq_link(&sq, &alice_fpr, &[], &[],
Rename --notation to --signature-notation. - This aligns with `sq encrypt --signature-notation` and makes it clearer that notations are being put on signatures. - Fixes #454.
2024-11-21 13:38:59 +03:00
&["--signature-notation", "foo", "10", "--all"], true);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("Certification parameters are unchanged"),
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, true);
// The default link again.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
let output = sq_link(&sq, &alice_fpr, &[], &[], &["--all"], true);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("was previously"),
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, false);
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
let output = sq_link(&sq, &alice_fpr, &[], &[], &["--all"], true);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("Certification parameters are unchanged"),
Don't create a link when it already exists - When adding a link, check if the active link has the same parameters, if so don't update the link. If the parameters changed, show a diff.
2023-03-30 12:00:15 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, true);
let _ = bytes;
Ok(())
}
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
Replace "sq link" mentions with "sq pki link" - While the commit b5a7d157104de80b823091cfc37fc7096e752b38 moved the "sq link" command under "sq pki", there are some left-overs in the error messages. Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-04-19 10:00:09 +03:00
// Check that sq pki link add --temporary works.
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
#[test]
Rename integration tests to match the subcommand being tested. - Rename the files and the tests to reflect the subcommands actually being tested.
2024-08-22 12:30:26 +03:00
fn sq_pki_link_add_temporary() -> Result<()> {
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let sq = Sq::new();
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
let alice_userid = "<alice@example.org>";
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let (alice, alice_pgp, _) = sq.key_generate(&[], &[alice_userid]);
sq.cert_import(&alice_pgp);
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
let alice_fpr = alice.fingerprint().to_string();
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
let alice_cert_pgp = sq.certd()
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
.join(&alice_fpr[0..2].to_ascii_lowercase())
.join(&alice_fpr[2..].to_ascii_lowercase());
Require explicit mode, and align `sq sign` and `sq verify`. - The flag `sq sign --detached` is now called `sq sign --signature-file`. - The flag `sq sign --clearsign` is now called `sq sign --cleartext`. - Both `sq sign` and `sq verify` now require an explicit mode, one of `--signature-file`, `--message`, or `--cleartext`. - Fixes #430.
2024-11-13 13:17:20 +03:00
let alice_sig_file = sq.base().join("alice.sig");
sq.sign_args(
&["--time", &tick()],
&alice_pgp, None,
&artifact("messages/a-cypherpunks-manifesto.txt"),
alice_sig_file.as_path());
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
// Reads and returns file. Asserts that old and the new contexts
// are the same (or not).
let compare = |old: Vec<u8>, file: &Path, same: bool| -> Vec<u8> {
let new = std::fs::read(file).unwrap();
if same {
assert_eq!(old, new, "file unexpectedly changed");
} else {
assert_ne!(old, new, "file unexpectedly stayed the same");
}
new
};
let bytes = std::fs::read(&alice_cert_pgp).unwrap();
Require explicit mode, and align `sq sign` and `sq verify`. - The flag `sq sign --detached` is now called `sq sign --signature-file`. - The flag `sq sign --clearsign` is now called `sq sign --cleartext`. - Both `sq sign` and `sq verify` now require an explicit mode, one of `--signature-file`, `--message`, or `--cleartext`. - Fixes #430.
2024-11-13 13:17:20 +03:00
let alice_sig_file = alice_sig_file.display().to_string();
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &alice_sig_file, 0, 1);
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
let output = sq_link(&sq, &alice_fpr, &[], &[], &["--temporary", "--all"], true);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("Certifying "),
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
let bytes = compare(bytes, &alice_cert_pgp, false);
// Now it is fully trusted.
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &alice_sig_file, 1, 0);
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
// In 6 days, too.
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq,
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
Some(now() + chrono::Duration::seconds(6 * 24 * 60 * 60)),
&[], &[], &alice_sig_file, 1, 0);
// But in 8 days it will only be partially trusted.
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq,
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
Some(now() + chrono::Duration::seconds(8 * 24 * 60 * 60)),
&[], &[], &alice_sig_file, 0, 1);
// Now mark it as fully trusted. It should be trusted now, in 6
// days and in 8 days.
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 17:00:46 +03:00
let output = sq_link(&sq, &alice_fpr, &[], &[], &["--all"], true);
Refactor sq pki certify, sq pki link add and sq pki link retract. - Pull similar functionality out of the implementation of `sq pki certify`, `sq pki link add`, and `sq pki link retract`, and put it in a new module, `common::pki::certify`. - This slightly changes the human readable output.
2024-10-10 15:25:44 +03:00
assert!(output.2.contains("was previously"),
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
"stdout:\n{}\nstderr:\n{}", output.1, output.2);
eprintln!("{:?}", output);
let bytes = compare(bytes, &alice_cert_pgp, false);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq, None, &[], &[], &alice_sig_file, 1, 0);
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq,
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
Some(now() + chrono::Duration::seconds(6 * 24 * 60 * 60)),
&[], &[], &alice_sig_file, 1, 0);
tests: Port remaining tests to the test framework.
2024-08-29 11:59:20 +03:00
sq_verify(&sq,
Add an option to sq link add to temporarily accept a binding - Add an option to `sq link add`, `--temporary`, to temporarily accept a binding. - This creates a fully trusted certification that expires after a week, and a second certification that is one second older, which doesn't expire, but is only partially trusted (trust amount = 40) so that the user remembers this decision.
2023-04-05 18:16:37 +03:00
Some(now() + chrono::Duration::seconds(8 * 24 * 60 * 60)),
&[], &[], &alice_sig_file, 1, 0);
let _bytes = bytes;
Ok(())
}
Check all user IDs, not just self-signed user IDs. - When checking if a user ID was already signed, don't just check valid self-signed user IDs.
2024-10-15 19:29:51 +03:00
#[test]
fn retract_non_self_signed() {
// Make sure we can retract non-self signed user IDs.
let mut sq = Sq::new();
let alice_userid = "Alice <alice@example.org>";
let (alice, alice_pgp, _) = sq.key_generate(&[], &[alice_userid]);
sq.key_import(&alice_pgp);
let petname = "Mon chouchou";
let msg = artifact("messages/a-cypherpunks-manifesto.txt");
let sig_msg = sq.scratch_file(None);
let sig_msg = sig_msg.as_path();
let sig_msg_str = sig_msg.display().to_string();
sq.sign(alice.key_handle(), None, &msg, sig_msg);
// Verifying should fail: alice's certificate is not linked at all.
sq_verify(&sq, None, &[], &[], &sig_msg_str, 0, 1);
// Link a non-self-signed user ID.
sq.tick(1);
Change --add-userid from a flag to two arguments. - `sq pki link add`, `sq pki link authorize`, `sq pki vouch certify`, and `sq pki vouch authorize` have a `--add-userid` flag. - Replace the `--add-userid` flag with an `--add-userid` argument, and an `--add-email` argument. - This change means that a flag does not change how an argument is interpreted. It also makes it more explicit whether a user ID should be added, because `--userid` and `--email` could be given multiple times. - See #309 and #318.
2024-11-13 14:48:33 +03:00
sq.pki_link_add(&[], alice.key_handle(),
&[UserIDArg::AddUserID(petname)]);
Check all user IDs, not just self-signed user IDs. - When checking if a user ID was already signed, don't just check valid self-signed user IDs.
2024-10-15 19:29:51 +03:00
// Now it should work.
sq_verify(&sq, None, &[], &[], &sig_msg_str, 1, 0);
// Retract the link.
sq.tick(1);
sq_retract(&sq, &alice.fingerprint().to_string(), &[petname], &[]);
// Now it should fail.
sq_verify(&sq, None, &[], &[], &sig_msg_str, 0, 1);
}
Fix sq pki link retract when retracting all certifications. - When retracting all certifications, don't just retract certifications on the self-signed user IDs, retract them on all user IDs.
2024-10-16 11:38:33 +03:00
Change sq pki link retract to use the NULL policy. - Change `sq pki link retract` to use the NULL policy when resolving user IDs. It's safer to retract a link for a user ID than to refuse.
2024-11-25 00:01:06 +03:00
#[test]
fn retract_weak() {
// Make sure we can retract signed user IDs whose binding
// signatures rely on weak cryptography from a valid certificate.
let sq = Sq::new();
let cert_path = sq.test_data()
.join("keys")
.join("sha1-userid-priv.pgp");
sq.key_import(&cert_path);
let cert = Cert::from_file(&cert_path).expect("can read");
// Make sure the user ID is there and really uses SHA-1.
let vc = cert.with_policy(STANDARD_POLICY, sq.now())
.expect("valid cert");
let valid_userids: BTreeSet<_> = vc.userids()
.map(|ua| ua.userid())
.collect();
let all_userids: BTreeSet<_> = cert.userids()
.map(|ua| ua.userid())
.collect();
assert!(valid_userids.len() < all_userids.len());
let weak_userids: Vec<_>
= all_userids.difference(&valid_userids)
.map(|u| {
String::from_utf8_lossy(u.value()).to_string()
})
.collect();
let weak_userids: Vec<&String> = weak_userids.iter().collect();
// The current policy doesn't allow SHA-1.
assert!(
sq.pki_link_add_maybe(&[], cert.key_handle(), &weak_userids)
.is_err());
// But the policy as of 2003 did.
sq.pki_link_add(&["--policy-as-of", "2003-01-01"],
cert.key_handle(), &weak_userids);
// Retract.
sq.pki_link_retract(&[], cert.key_handle(), &weak_userids[..]);
}
Fix sq pki link retract when retracting all certifications. - When retracting all certifications, don't just retract certifications on the self-signed user IDs, retract them on all user IDs.
2024-10-16 11:38:33 +03:00
#[test]
fn retract_all() {
// Link all self-signed user IDs and a non-self-signed user ID.
// When we retract all, make sure they are all retracted.
let mut sq = Sq::new();
let alice_userid = "Alice <alice@example.org>";
let (alice, alice_pgp, _) = sq.key_generate(&[], &[alice_userid]);
sq.key_import(&alice_pgp);
let petname = "Mon chouchou";
let msg = artifact("messages/a-cypherpunks-manifesto.txt");
let sig_msg = sq.scratch_file(None);
let sig_msg = sig_msg.as_path();
let sig_msg_str = sig_msg.display().to_string();
sq.sign(alice.key_handle(), None, &msg, sig_msg);
// Verifying should fail: alice's certificate is not linked at all.
sq_verify(&sq, None, &[], &[], &sig_msg_str, 0, 1);
// Link a non-self-signed user ID.
sq.tick(1);
Change --add-userid from a flag to two arguments. - `sq pki link add`, `sq pki link authorize`, `sq pki vouch certify`, and `sq pki vouch authorize` have a `--add-userid` flag. - Replace the `--add-userid` flag with an `--add-userid` argument, and an `--add-email` argument. - This change means that a flag does not change how an argument is interpreted. It also makes it more explicit whether a user ID should be added, because `--userid` and `--email` could be given multiple times. - See #309 and #318.
2024-11-13 14:48:33 +03:00
sq.pki_link_add(&[], alice.key_handle(), &[UserIDArg::AddUserID(petname)]);
Fix sq pki link retract when retracting all certifications. - When retracting all certifications, don't just retract certifications on the self-signed user IDs, retract them on all user IDs.
2024-10-16 11:38:33 +03:00
// Now it should work.
sq_verify(&sq, None, &[], &[], &sig_msg_str, 1, 0);
// Retract *all* links.
sq.tick(1);
sq_retract(&sq, &alice.fingerprint().to_string(), &[], &[]);
// Now it should fail.
sq_verify(&sq, None, &[], &[], &sig_msg_str, 0, 1);
}
Change --email and --add-email to only match user IDs unambiguously. - Commands like `sq pki vouch certify` allow designating a user ID by email address. Currently, if multiple self-signed user IDs include the specified email address, all are used. Change the semantics of `--email` and --add-email` to only match unambiguously. - Fixes #309.
2024-11-13 16:07:44 +03:00
#[test]
fn no_ambiguous_email() {
// Check that we can't address self-signed user IDs by an
// ambiguous email address.
let mut sq = Sq::new();
let alice_userids = &["Alice <alice@example.org>",
"Alice Lovelace <alice@example.org>"][..];
let (alice, alice_pgp, _) = sq.key_generate(&[], alice_userids);
sq.key_import(&alice_pgp);
sq.tick(1);
// Ambiguous.
assert!(
sq.pki_link_add_maybe(
&[], alice.key_handle(), &[UserIDArg::Email("alice@example.org")])
.is_err());
assert!(
sq.pki_link_add_maybe(
&[], alice.key_handle(), &[UserIDArg::AddEmail("alice@example.org")])
.is_err());
// Not a self-signed user ID.
assert!(
sq.pki_link_add_maybe(
&[], alice.key_handle(), &[UserIDArg::UserID("alice@example.org")])
.is_err());
// Fully qualified is okay.
sq.pki_link_add(
&[], alice.key_handle(),
&[UserIDArg::UserID("Alice <alice@example.org>")]);
// As well as adding as a user ID.
sq.pki_link_add(
&[], alice.key_handle(),
&[UserIDArg::AddUserID("<alice@example.org>")]);
}
Add support for addressing shadow CAs by symbolic names. - Add a new paramter to `sq pki link add`, `sq pki link authorize`, and `sq pki link retract`, `--cert-special`, which allows addressing shadow CAs by symbolic names. - If the shadow CA doesn't exist yet, we create it. - This means `sq pki link authorize --cert-special keys.openpgp.org --all --unconstrained` can be used to fully trust the `keys.openpgp.org` key server, for instance. This is more convenient, and especially useful for documentation. - Fixes #337.
2024-11-28 16:20:24 +03:00
#[test]
fn special_names() {
// Check that --cert-special works.
let sq = Sq::new();
let check = |cmd: &str, args: &[&str], name: &str, success: bool| {
let mut c = sq.command();
c.args([ "pki", "link", cmd, "--cert-special", name ]);
c.args(args);
sq.run(c, Some(success));
};
const SPECIAL_STRINGS: &'static [&'static str] = &[
"public-directories",
"keys.openpgp.org",
"keys.mailvelope.com",
"proton.me",
"wkd",
"dane",
"autocrypt",
"web",
];
for name in SPECIAL_STRINGS.iter() {
check("add", &["--all"], name, true);
}
check("add", &["--all"], "xxx", false);
for name in SPECIAL_STRINGS.iter() {
Align user ID designators in `sq pki link retract`. - User IDs have to be explicitly given, or `--all` has to be used to select them all (this was previously the default). - This aligns the retract subcommand with the other link and vouch management commands. - Fixes #442.
2024-11-28 19:38:52 +03:00
check("retract", &["--all"], name, true);
Add support for addressing shadow CAs by symbolic names. - Add a new paramter to `sq pki link add`, `sq pki link authorize`, and `sq pki link retract`, `--cert-special`, which allows addressing shadow CAs by symbolic names. - If the shadow CA doesn't exist yet, we create it. - This means `sq pki link authorize --cert-special keys.openpgp.org --all --unconstrained` can be used to fully trust the `keys.openpgp.org` key server, for instance. This is more convenient, and especially useful for documentation. - Fixes #337.
2024-11-28 16:20:24 +03:00
}
Align user ID designators in `sq pki link retract`. - User IDs have to be explicitly given, or `--all` has to be used to select them all (this was previously the default). - This aligns the retract subcommand with the other link and vouch management commands. - Fixes #442.
2024-11-28 19:38:52 +03:00
check("retract", &["--all"], "xxx", false);
Add support for addressing shadow CAs by symbolic names. - Add a new paramter to `sq pki link add`, `sq pki link authorize`, and `sq pki link retract`, `--cert-special`, which allows addressing shadow CAs by symbolic names. - If the shadow CA doesn't exist yet, we create it. - This means `sq pki link authorize --cert-special keys.openpgp.org --all --unconstrained` can be used to fully trust the `keys.openpgp.org` key server, for instance. This is more convenient, and especially useful for documentation. - Fixes #337.
2024-11-28 16:20:24 +03:00
for name in SPECIAL_STRINGS.iter() {
check("authorize", &["--all", "--unconstrained"], name, true);
}
check("authorize", &["--all", "--unconstrained"], "xxx", false);
for name in SPECIAL_STRINGS.iter() {
Align user ID designators in `sq pki link retract`. - User IDs have to be explicitly given, or `--all` has to be used to select them all (this was previously the default). - This aligns the retract subcommand with the other link and vouch management commands. - Fixes #442.
2024-11-28 19:38:52 +03:00
check("retract", &["--all"], name, true);
Add support for addressing shadow CAs by symbolic names. - Add a new paramter to `sq pki link add`, `sq pki link authorize`, and `sq pki link retract`, `--cert-special`, which allows addressing shadow CAs by symbolic names. - If the shadow CA doesn't exist yet, we create it. - This means `sq pki link authorize --cert-special keys.openpgp.org --all --unconstrained` can be used to fully trust the `keys.openpgp.org` key server, for instance. This is more convenient, and especially useful for documentation. - Fixes #337.
2024-11-28 16:20:24 +03:00
}
Align user ID designators in `sq pki link retract`. - User IDs have to be explicitly given, or `--all` has to be used to select them all (this was previously the default). - This aligns the retract subcommand with the other link and vouch management commands. - Fixes #442.
2024-11-28 19:38:52 +03:00
check("retract", &["--all"], "xxx", false);
Add support for addressing shadow CAs by symbolic names. - Add a new paramter to `sq pki link add`, `sq pki link authorize`, and `sq pki link retract`, `--cert-special`, which allows addressing shadow CAs by symbolic names. - If the shadow CA doesn't exist yet, we create it. - This means `sq pki link authorize --cert-special keys.openpgp.org --all --unconstrained` can be used to fully trust the `keys.openpgp.org` key server, for instance. This is more convenient, and especially useful for documentation. - Fixes #337.
2024-11-28 16:20:24 +03:00
}
Reference in New Issue Copy Permalink