slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
sequoia-sq/tests/integration/sq_key_approvals_update.rs

317 lines
11 KiB
Rust
Raw Normal View History

Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
use std::ffi::OsStr;
use std::path::Path;
Don't add approvals for non-exportable certifications or certs. - Change `sq key approvals list` and `sq key approvals update` to ignore certifications that are not exportable, and certificates that are not exportable, or are a shadow CA. - Fixes #402.
2024-11-18 15:52:26 +01:00
use super::common::{artifact, Sq, STANDARD_POLICY};
Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
use sequoia_openpgp as openpgp;
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
use openpgp::{
Cert,
Result,
cert::amalgamation::ValidateAmalgamation,
Don't add approvals for non-exportable certifications or certs. - Change `sq key approvals list` and `sq key approvals update` to ignore certifications that are not exportable, and certificates that are not exportable, or are a shadow CA. - Fixes #402.
2024-11-18 15:52:26 +01:00
parse::Parse,
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
};
Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
#[test]
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
fn update_files() -> Result<()> {
Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
// See https://gitlab.com/sequoia-pgp/sequoia/-/issues/1111
let now = std::time::SystemTime::now()
- std::time::Duration::new(60 * 60, 0);
let sq = Sq::at(now);
let alice_userid = "<alice@example.org>";
let (alice, alice_pgp, _alice_rev)
= sq.key_generate(&[], &["<alice@example.org>"]);
let (_bob, bob_pgp, _bob_rev)
= sq.key_generate(&[], &["<bob@example.org>"]);
// Attest the certifications.
//
// public is first merged into private.
let attest = |sq: &Sq, public: &Path| {
let priv_file = sq.scratch_file(
&*format!("{}-priv",
public.file_name()
.unwrap_or(OsStr::new(""))
.to_str().unwrap_or("")));
Move sq toolbox keyring to sq keyring. - Make `sq keyring` a top-level subcommand. - See #326.
2024-11-16 09:20:01 +01:00
sq.keyring_merge(
Add support for merging bare revocation certificates. - Extend `sq toolbox keyring merge` to merge bare revocation certificates. - Fixes #50.
2024-10-31 10:00:54 +01:00
&[ public, &alice_pgp ][..], None,
Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
&*priv_file);
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
let approval_file = sq.scratch_file(
&*format!("{}-approval", public.display()));
Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
let approval = sq.key_approvals_update(
&priv_file, &["--add-all"], &*approval_file);
Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
eprintln!("{}", sq.inspect(&approval_file));
Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
assert_eq!(approval.bad_signatures().count(), 0);
Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
let approval_ua = approval.userids().next().unwrap();
assert_eq!(approval_ua.attestations().count(), 1);
Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
};
// Attest nothing.
attest(&sq, &alice_pgp);
// Have Bob certify Alice.
let alice2_pub_pgp = sq.scratch_file("alice2_pub");
Rename `sq pki vouch certify` to `sq pki vouch add`. - This makes it consistent with `sq pki link add` and all the other commands that add components to certs. - Fixes #433.
2024-11-20 11:54:50 +01:00
let alice2 = sq.pki_vouch_add(&[],
Move sq pki {certify,authorize} under sq pki vouch. - Move `sq pki certify` and `sq pki authorize` under `sq pki vouch`. - This mirrors `sq pki link`.
2024-10-17 17:35:14 +02:00
&bob_pgp,
&alice_pgp,
&[alice_userid],
&*alice2_pub_pgp);
Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
assert_eq!(alice2.fingerprint(), alice.fingerprint());
// Attest Bob's certification.
attest(&sq, &alice2_pub_pgp);
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
Ok(())
}
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
const ALICE_USERID: &str = "<alice@example.org>";
const BOB_USERID: &str = "<bob@example.org>";
fn make_keys(sq: &Sq) -> Result<(Cert, Cert)> {
let (alice, alice_pgp, _alice_rev)
= sq.key_generate(&[], &[ALICE_USERID]);
let (bob, bob_pgp, _bob_rev)
= sq.key_generate(&[], &[BOB_USERID]);
sq.key_import(alice_pgp);
sq.key_import(bob_pgp);
Ok((alice, bob))
}
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
#[test]
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
fn update_all() -> Result<()> {
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
// See https://gitlab.com/sequoia-pgp/sequoia/-/issues/1111
let now = std::time::SystemTime::now()
- std::time::Duration::new(60 * 60, 0);
let sq = Sq::at(now);
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
let (alice, bob) = make_keys(&sq)?;
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
// Attest the zero certifications.
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
let approval = sq.key_approvals_update(
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
alice.key_handle(), &["--add-all"], None);
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
assert_eq!(approval.bad_signatures().count(), 0);
let approval_ua = approval.userids().next().unwrap();
assert_eq!(approval_ua.attestations().count(), 1);
assert_eq!(approval_ua.with_policy(STANDARD_POLICY, None).unwrap()
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
.attested_certifications().count(), 0);
// Have Bob certify Alice.
Rename `sq pki vouch certify` to `sq pki vouch add`. - This makes it consistent with `sq pki link add` and all the other commands that add components to certs. - Fixes #433.
2024-11-20 11:54:50 +01:00
let alice2 = sq.pki_vouch_add(&[],
Move sq pki {certify,authorize} under sq pki vouch. - Move `sq pki certify` and `sq pki authorize` under `sq pki vouch`. - This mirrors `sq pki link`.
2024-10-17 17:35:14 +02:00
bob.key_handle(),
alice.key_handle(),
&[ALICE_USERID],
None);
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
assert_eq!(alice2.fingerprint(), alice.fingerprint());
// Attest Bob's certification.
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
let approval = sq.key_approvals_update(
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
&alice.key_handle(), &["--add-all"], None);
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
assert_eq!(approval.bad_signatures().count(), 0);
let approval_ua = approval.userids().next().unwrap();
assert_eq!(approval_ua.attestations().count(), 2);
assert_eq!(approval_ua.with_policy(STANDARD_POLICY, None).unwrap()
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
.attested_certifications().count(), 1);
// Drop the approval of Bob's certification.
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
let approval = sq.key_approvals_update(
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
&alice.key_handle(), &["--remove-all"], None);
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
assert_eq!(approval.bad_signatures().count(), 0);
let approval_ua = approval.userids().next().unwrap();
assert_eq!(approval_ua.attestations().count(), 3);
assert_eq!(approval_ua.with_policy(STANDARD_POLICY, None).unwrap()
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
.attested_certifications().count(), 0);
Ok(())
}
#[test]
fn update_by() -> Result<()> {
// See https://gitlab.com/sequoia-pgp/sequoia/-/issues/1111
let now = std::time::SystemTime::now()
- std::time::Duration::new(60 * 60, 0);
let sq = Sq::at(now);
let (alice, bob) = make_keys(&sq)?;
let bob_fp = bob.fingerprint().to_string();
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
// Attest the zero certifications.
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
let approval = sq.key_approvals_update(
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
alice.key_handle(), &["--add-by", &bob_fp], None);
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
assert_eq!(approval.bad_signatures().count(), 0);
let approval_ua = approval.userids().next().unwrap();
assert_eq!(approval_ua.attestations().count(), 1);
assert_eq!(approval_ua.with_policy(STANDARD_POLICY, None).unwrap()
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
.attested_certifications().count(), 0);
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
// Have Bob certify Alice.
Rename `sq pki vouch certify` to `sq pki vouch add`. - This makes it consistent with `sq pki link add` and all the other commands that add components to certs. - Fixes #433.
2024-11-20 11:54:50 +01:00
let alice2 = sq.pki_vouch_add(&[],
Move sq pki {certify,authorize} under sq pki vouch. - Move `sq pki certify` and `sq pki authorize` under `sq pki vouch`. - This mirrors `sq pki link`.
2024-10-17 17:35:14 +02:00
bob.key_handle(),
alice.key_handle(),
&[ALICE_USERID],
None);
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
assert_eq!(alice2.fingerprint(), alice.fingerprint());
// Attest Bob's certification.
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
let approval = sq.key_approvals_update(
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
&alice.key_handle(), &["--add-by", &bob_fp], None);
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
assert_eq!(approval.bad_signatures().count(), 0);
let approval_ua = approval.userids().next().unwrap();
assert_eq!(approval_ua.attestations().count(), 2);
assert_eq!(approval_ua.with_policy(STANDARD_POLICY, None).unwrap()
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
.attested_certifications().count(), 1);
// Drop the approval of Bob's certification.
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
let approval = sq.key_approvals_update(
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
&alice.key_handle(), &["--remove-by", &bob_fp], None);
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
assert_eq!(approval.bad_signatures().count(), 0);
let approval_ua = approval.userids().next().unwrap();
assert_eq!(approval_ua.attestations().count(), 3);
assert_eq!(approval_ua.with_policy(STANDARD_POLICY, None).unwrap()
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
.attested_certifications().count(), 0);
Ok(())
}
#[test]
fn update_authenticated() -> Result<()> {
// See https://gitlab.com/sequoia-pgp/sequoia/-/issues/1111
let now = std::time::SystemTime::now()
- std::time::Duration::new(60 * 60, 0);
let sq = Sq::at(now);
let (alice, bob) = make_keys(&sq)?;
let bob_fp = bob.fingerprint().to_string();
// Have Bob certify Alice.
Rename `sq pki vouch certify` to `sq pki vouch add`. - This makes it consistent with `sq pki link add` and all the other commands that add components to certs. - Fixes #433.
2024-11-20 11:54:50 +01:00
let alice2 = sq.pki_vouch_add(&[],
Move sq pki {certify,authorize} under sq pki vouch. - Move `sq pki certify` and `sq pki authorize` under `sq pki vouch`. - This mirrors `sq pki link`.
2024-10-17 17:35:14 +02:00
bob.key_handle(),
alice.key_handle(),
&[ALICE_USERID],
None);
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
assert_eq!(alice2.fingerprint(), alice.fingerprint());
// Attest the zero certifications.
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
let approval = sq.key_approvals_update(
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
alice.key_handle(), &["--add-authenticated"], None);
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
assert_eq!(approval.bad_signatures().count(), 0);
let approval_ua = approval.userids().next().unwrap();
assert_eq!(approval_ua.attestations().count(), 1);
assert_eq!(approval_ua.with_policy(STANDARD_POLICY, None).unwrap()
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
.attested_certifications().count(), 0);
// Link Bob's cert to his user ID.
let mut link = sq.command();
Remove sq pki link add's positional argument for specifying a user ID. - `sq pki link add` has a positional argument for specifying a user ID directly or by email address. Remove it in favor of the named arguments, `--userid` and `--email`. - See #318.
2024-10-15 16:00:46 +02:00
link.args(&["pki", "link", "add",
"--cert", &bob_fp,
"--userid", BOB_USERID]);
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
sq.run(link, true);
// Attest Bob's certification.
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
let approval = sq.key_approvals_update(
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
&alice.key_handle(), &["--add-authenticated"], None);
Finish renaming attestation to approval. - See 49b7f25cc4957245bd20d344378e1f506b245c1a. - Fixes #417.
2024-11-06 20:48:18 +01:00
assert_eq!(approval.bad_signatures().count(), 0);
let approval_ua = approval.userids().next().unwrap();
assert_eq!(approval_ua.attestations().count(), 2);
assert_eq!(approval_ua.with_policy(STANDARD_POLICY, None).unwrap()
Improve sq key approvals update. - Add user ID selectors, allow approving or disapproving by certifier fingerprint, and approving using the Web of Trust. - Fixes #262.
2024-08-20 15:06:49 +02:00
.attested_certifications().count(), 1);
Change sq key attest-certifications to support the key store and cert store. - Change `sq key attest-certifications` to use the key store and the cert store. - See #205.
2024-06-10 17:04:46 +02:00
Add test for sq key attest-certifications.
2024-06-10 15:22:41 +02:00
Ok(())
}
Don't add approvals for non-exportable certifications or certs. - Change `sq key approvals list` and `sq key approvals update` to ignore certifications that are not exportable, and certificates that are not exportable, or are a shadow CA. - Fixes #402.
2024-11-18 15:52:26 +01:00
#[test]
fn ignore_shadow_ca() {
// Check that update ignores certificates made by shadow CAs.
let now = std::time::SystemTime::now()
- std::time::Duration::new(60 * 60, 0);
let sq = Sq::at(now);
let (alice, bob) = make_keys(&sq).unwrap();
// Have Bob certify Alice.
Rename `sq pki vouch certify` to `sq pki vouch add`. - This makes it consistent with `sq pki link add` and all the other commands that add components to certs. - Fixes #433.
2024-11-20 11:54:50 +01:00
let alice2 = sq.pki_vouch_add(&[],
Don't add approvals for non-exportable certifications or certs. - Change `sq key approvals list` and `sq key approvals update` to ignore certifications that are not exportable, and certificates that are not exportable, or are a shadow CA. - Fixes #402.
2024-11-18 15:52:26 +01:00
bob.key_handle(),
alice.key_handle(),
&[ALICE_USERID],
None);
assert_eq!(alice2.fingerprint(), alice.fingerprint());
let shadow_ca = artifact("keys/_sequoia_ca_keys.openpgp.org.pgp");
sq.key_import(&shadow_ca);
let shadow_ca = Cert::from_file(&shadow_ca).unwrap();
// Have the shadow CA certify Alice.
Rename `sq pki vouch certify` to `sq pki vouch add`. - This makes it consistent with `sq pki link add` and all the other commands that add components to certs. - Fixes #433.
2024-11-20 11:54:50 +01:00
let alice2 = sq.pki_vouch_add(&[],
Don't add approvals for non-exportable certifications or certs. - Change `sq key approvals list` and `sq key approvals update` to ignore certifications that are not exportable, and certificates that are not exportable, or are a shadow CA. - Fixes #402.
2024-11-18 15:52:26 +01:00
&shadow_ca.key_handle(),
alice.key_handle(),
&[ALICE_USERID],
None);
assert_eq!(alice2.fingerprint(), alice.fingerprint());
// Attest to all certifications. This should ignore the shadow
// CA's certification.
let approval = sq.key_approvals_update(
&alice.key_handle(), &["--add-all"], None);
assert_eq!(approval.bad_signatures().count(), 0);
let approval_ua = approval.userids().next().unwrap();
// We have an attestation key signature.
assert_eq!(approval_ua.attestations().count(), 1);
// With one attestation (not two!).
assert_eq!(approval_ua.with_policy(STANDARD_POLICY, None).unwrap()
.attested_certifications().count(), 1);
}
#[test]
fn ignore_unexportable_certifications() {
// Check that update ignores certificates that are not exportable.
let now = std::time::SystemTime::now()
- std::time::Duration::new(60 * 60, 0);
let sq = Sq::at(now);
let (alice, bob) = make_keys(&sq).unwrap();
// Have Bob create a non-exportable certification for Alice.
Rename `sq pki vouch certify` to `sq pki vouch add`. - This makes it consistent with `sq pki link add` and all the other commands that add components to certs. - Fixes #433.
2024-11-20 11:54:50 +01:00
let alice2 = sq.pki_vouch_add(&["--local"],
Don't add approvals for non-exportable certifications or certs. - Change `sq key approvals list` and `sq key approvals update` to ignore certifications that are not exportable, and certificates that are not exportable, or are a shadow CA. - Fixes #402.
2024-11-18 15:52:26 +01:00
bob.key_handle(),
alice.key_handle(),
&[ALICE_USERID],
None);
assert_eq!(alice2.fingerprint(), alice.fingerprint());
// Attest to all certifications. This should ignore
// non-exportable certifications.
let approval = sq.key_approvals_update(
&alice.key_handle(), &["--add-all"], None);
assert_eq!(approval.bad_signatures().count(), 0);
let approval_ua = approval.userids().next().unwrap();
for attestation in approval_ua.attestations() {
eprintln!(" - {:?}", attestation);
}
// We have an attestation key signature.
assert_eq!(approval_ua.attestations().count(), 1);
// With zero attestations.
assert_eq!(approval_ua.with_policy(STANDARD_POLICY, None).unwrap()
.attested_certifications().count(), 0);
}
Reference in New Issue Copy Permalink