2024-06-12 15:53:26 +03:00
use std ::time ::Duration ;
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
use openpgp ::parse ::Parse ;
use openpgp ::types ::ReasonForRevocation ;
use openpgp ::types ::RevocationStatus ;
use openpgp ::types ::SignatureType ;
use openpgp ::Cert ;
use openpgp ::Result ;
use sequoia_openpgp as openpgp ;
2024-08-15 14:38:43 +03:00
use super ::common ::artifact ;
use super ::common ::compare_notations ;
use super ::common ::FileOrKeyHandle ;
use super ::common ::Sq ;
use super ::common ::NULL_POLICY ;
use super ::common ::STANDARD_POLICY ;
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
#[ test ]
fn sq_key_revoke ( ) -> Result < ( ) > {
2024-06-12 15:53:26 +03:00
let sq = Sq ::new ( ) ;
let time = sq . now ( ) ;
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
2024-06-12 17:29:13 +03:00
let ( _cert , cert_path , _cert_rev )
2024-06-12 15:53:26 +03:00
= sq . key_generate ( & [ ] , & [ " alice " ] ) ;
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
let message = " message " ;
2024-06-12 15:53:26 +03:00
// revoke for various reasons, with or without notations added, or
// with a revocation whose reference time is one hour after the
// creation of the certificate
2024-06-12 17:29:13 +03:00
for ( ( reason , reason_str , notations , revocation_time ) , cert_path ) in [
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
(
ReasonForRevocation ::KeyCompromised ,
" compromised " ,
2024-06-12 15:12:57 +03:00
& [ ] [ .. ] ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
None ,
) ,
(
ReasonForRevocation ::KeyCompromised ,
" compromised " ,
2024-06-12 15:12:57 +03:00
& [ ] [ .. ] ,
2024-06-12 15:53:26 +03:00
Some ( time + Duration ::new ( 60 * 60 , 0 ) ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
) ,
(
ReasonForRevocation ::KeyCompromised ,
" compromised " ,
2024-06-12 15:12:57 +03:00
& [ ( " foo " , " bar " ) , ( " hallo@sequoia-pgp.org " , " VALUE " ) ] [ .. ] ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
None ,
) ,
2024-06-12 15:12:57 +03:00
( ReasonForRevocation ::KeyRetired , " retired " , & [ ] [ .. ] , None ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
(
ReasonForRevocation ::KeyRetired ,
" retired " ,
2024-06-12 15:12:57 +03:00
& [ ( " foo " , " bar " ) , ( " hallo@sequoia-pgp.org " , " VALUE " ) ] [ .. ] ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
None ,
) ,
2024-06-12 15:12:57 +03:00
( ReasonForRevocation ::KeySuperseded , " superseded " , & [ ] [ .. ] , None ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
(
ReasonForRevocation ::KeySuperseded ,
" superseded " ,
2024-06-12 15:12:57 +03:00
& [ ( " foo " , " bar " ) , ( " hallo@sequoia-pgp.org " , " VALUE " ) ] [ .. ] ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
None ,
) ,
2024-06-12 15:12:57 +03:00
( ReasonForRevocation ::Unspecified , " unspecified " , & [ ] [ .. ] , None ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
(
ReasonForRevocation ::Unspecified ,
" unspecified " ,
2024-06-12 15:12:57 +03:00
& [ ] [ .. ] ,
2024-06-12 15:53:26 +03:00
Some ( time + Duration ::new ( 60 * 60 , 0 ) ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
) ,
(
ReasonForRevocation ::Unspecified ,
" unspecified " ,
2024-06-12 15:12:57 +03:00
& [ ( " foo " , " bar " ) , ( " hallo@sequoia-pgp.org " , " VALUE " ) ] [ .. ] ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
None ,
) ,
2024-06-12 17:29:13 +03:00
] . into_iter ( ) . flat_map ( | test | {
[
// A normal key.
( test , cert_path . clone ( ) ) ,
// A key that uses SHA-1.
( test , artifact ( " keys/only-sha1-priv.pgp " ) ) ,
]
} )
{
2024-05-28 16:04:48 +03:00
eprintln! ( " ========================== " ) ;
eprintln! ( " reason: {} , message: {} , notations: {:?} , time: {:?} " ,
reason , reason_str , notations , revocation_time ) ;
2024-06-12 17:29:13 +03:00
let cert = Cert ::from_file ( & cert_path ) . expect ( " valid cert " ) ;
2024-05-28 16:04:48 +03:00
for keystore in [ false , true ] . into_iter ( ) {
eprintln! ( " -------------------------- " ) ;
eprintln! ( " keystore: {} " , keystore ) ;
2024-06-12 15:53:26 +03:00
let revocation = sq . scratch_file ( Some ( & format! (
2024-05-28 16:04:48 +03:00
" revocation_{}_{}_{}.rev " ,
reason_str ,
2024-06-12 15:53:26 +03:00
if notations . is_empty ( ) {
2024-05-28 16:04:48 +03:00
" no_notations "
2024-06-12 15:12:57 +03:00
} else {
" notations "
2024-05-28 16:04:48 +03:00
} ,
if revocation_time . is_some ( ) {
" time "
} else {
" no_time "
}
2024-06-12 15:53:26 +03:00
) [ .. ] ) ) ;
2024-05-28 16:04:48 +03:00
if keystore {
// When using the keystore, we need to import the key.
2024-06-12 15:53:26 +03:00
sq . key_import ( & cert_path ) ;
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
}
2024-05-28 16:04:48 +03:00
2024-06-12 15:53:26 +03:00
let updated = sq . key_revoke (
if keystore {
FileOrKeyHandle ::from ( cert . key_handle ( ) )
} else {
FileOrKeyHandle ::from ( & cert_path )
} ,
None ,
2024-05-28 16:04:48 +03:00
reason_str ,
message ,
2024-06-12 15:53:26 +03:00
None ,
notations ,
Some ( revocation . as_path ( ) ) ) ;
2024-05-28 16:04:48 +03:00
if let RevocationStatus ::Revoked ( sigs )
= updated . revocation_status ( STANDARD_POLICY , None )
{
assert_eq! ( sigs . len ( ) , 1 ) ;
let sig = sigs . into_iter ( ) . next ( ) . unwrap ( ) ;
// the issuer is the certificate owner
assert_eq! (
sig . get_issuers ( ) . into_iter ( ) . next ( ) ,
2024-06-12 15:53:26 +03:00
Some ( cert . key_handle ( ) )
2024-05-28 16:04:48 +03:00
) ;
let revoked_cert = cert . clone ( ) . insert_packets ( sig . clone ( ) ) . unwrap ( ) ;
let status = revoked_cert
2024-06-12 15:53:26 +03:00
. revocation_status (
STANDARD_POLICY ,
revocation_time . map ( Into ::into ) ) ;
2024-05-28 16:04:48 +03:00
println! ( " {:?} " , sig ) ;
println! ( " {:?} " , status ) ;
// Verify the revocation.
assert! ( matches! ( status , RevocationStatus ::Revoked ( _ ) ) ) ;
// it is a key revocation
assert_eq! ( sig . typ ( ) , SignatureType ::KeyRevocation ) ;
// our reason for revocation and message matches
assert_eq! (
sig . reason_for_revocation ( ) ,
Some ( ( reason , message . as_bytes ( ) ) )
) ;
// the notations of the revocation match the ones
// we passed in
compare_notations ( sig , notations ) ? ;
} else {
panic! ( " Not revoked " ) ;
}
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
}
}
Ok ( ( ) )
}
#[ test ]
fn sq_key_revoke_thirdparty ( ) -> Result < ( ) > {
2024-06-12 15:53:26 +03:00
let sq = Sq ::new ( ) ;
let time = sq . now ( ) ;
2024-06-12 17:29:13 +03:00
let ( _cert , cert_path , _cert_rev )
2024-06-12 15:53:26 +03:00
= sq . key_generate ( & [ ] , & [ " alice " ] ) ;
2024-06-12 17:29:13 +03:00
let ( _thirdparty_cert , thirdparty_path , _cert_rev )
2024-06-12 15:53:26 +03:00
= sq . key_generate ( & [ ] , & [ " bob <bob@example.org> " ] ) ;
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
let message = " message " ;
// revoke for various reasons, with or without notations added, or with
// a revocation whose reference time is one hour after the creation of the
// certificate
2024-06-12 17:29:13 +03:00
for ( ( reason , reason_str , notations , revocation_time ) , cert_path , thirdparty_path ) in [
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
(
ReasonForRevocation ::KeyCompromised ,
" compromised " ,
2024-06-12 15:12:57 +03:00
& [ ] [ .. ] ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
None ,
) ,
(
ReasonForRevocation ::KeyCompromised ,
" compromised " ,
2024-06-12 15:12:57 +03:00
& [ ] [ .. ] ,
2024-06-12 15:53:26 +03:00
Some ( time + Duration ::new ( 60 * 60 , 0 ) ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
) ,
(
ReasonForRevocation ::KeyCompromised ,
" compromised " ,
2024-06-12 15:12:57 +03:00
& [ ( " foo " , " bar " ) , ( " hallo@sequoia-pgp.org " , " VALUE " ) ] [ .. ] ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
None ,
) ,
2024-06-12 15:12:57 +03:00
( ReasonForRevocation ::KeyRetired , " retired " , & [ ] [ .. ] , None ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
(
ReasonForRevocation ::KeyRetired ,
" retired " ,
2024-06-12 15:12:57 +03:00
& [ ] [ .. ] ,
2024-06-12 15:53:26 +03:00
Some ( time + Duration ::new ( 60 * 60 , 0 ) ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
) ,
(
ReasonForRevocation ::KeyRetired ,
" retired " ,
2024-06-12 15:12:57 +03:00
& [ ( " foo " , " bar " ) , ( " hallo@sequoia-pgp.org " , " VALUE " ) ] [ .. ] ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
None ,
) ,
2024-06-12 15:12:57 +03:00
( ReasonForRevocation ::KeySuperseded , " superseded " , & [ ] [ .. ] , None ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
(
ReasonForRevocation ::KeySuperseded ,
" superseded " ,
2024-06-12 15:12:57 +03:00
& [ ] [ .. ] ,
2024-06-12 15:53:26 +03:00
Some ( time + Duration ::new ( 60 * 60 , 0 ) ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
) ,
(
ReasonForRevocation ::KeySuperseded ,
" superseded " ,
2024-06-12 15:12:57 +03:00
& [ ( " foo " , " bar " ) , ( " hallo@sequoia-pgp.org " , " VALUE " ) ] [ .. ] ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
None ,
) ,
2024-06-12 15:12:57 +03:00
( ReasonForRevocation ::Unspecified , " unspecified " , & [ ] [ .. ] , None ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
(
ReasonForRevocation ::Unspecified ,
" unspecified " ,
2024-06-12 15:12:57 +03:00
& [ ] [ .. ] ,
2024-06-12 15:53:26 +03:00
Some ( time + Duration ::new ( 60 * 60 , 0 ) ) ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
) ,
(
ReasonForRevocation ::Unspecified ,
" unspecified " ,
2024-06-12 15:12:57 +03:00
& [ ( " foo " , " bar " ) , ( " hallo@sequoia-pgp.org " , " VALUE " ) ] [ .. ] ,
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
None ,
) ,
2024-06-12 17:29:13 +03:00
] . into_iter ( ) . flat_map ( | test | {
[
// Two valid keys.
( test ,
cert_path . clone ( ) ,
thirdparty_path . clone ( ) ) ,
// The revokee is invalid (SHA-1).
( test ,
artifact ( " keys/only-sha1-priv.pgp " ) ,
thirdparty_path . clone ( ) ) ,
// The revoker is invalid (SHA-1).
( test ,
cert_path . clone ( ) ,
artifact ( " keys/only-sha1-priv.pgp " ) ) ,
]
} ) {
let cert = Cert ::from_file ( & cert_path ) . expect ( " valid cert " ) ;
let thirdparty_cert
= Cert ::from_file ( & thirdparty_path ) . expect ( " valid cert " ) ;
let thirdparty_valid_cert = thirdparty_cert
. with_policy ( NULL_POLICY , Some ( time . into ( ) ) ) ? ;
let thirdparty_fingerprint
= & thirdparty_valid_cert . clone ( ) . fingerprint ( ) ;
2024-05-28 16:04:48 +03:00
for keystore in [ false , true ] . into_iter ( ) {
2024-06-12 15:53:26 +03:00
let revocation = sq . scratch_file ( Some ( & format! (
2024-05-28 16:04:48 +03:00
" revocation_{}_{}_{}.rev " ,
reason_str ,
2024-06-12 15:12:57 +03:00
if ! notations . is_empty ( ) {
2024-05-28 16:04:48 +03:00
" no_notations "
2024-06-12 15:12:57 +03:00
} else {
" notations "
2024-05-28 16:04:48 +03:00
} ,
if revocation_time . is_some ( ) {
" time "
} else {
" no_time "
}
2024-06-12 15:53:26 +03:00
) [ .. ] ) ) ;
2024-05-28 16:04:48 +03:00
if keystore {
// When using the keystore, we need to import the key.
2024-06-12 15:53:26 +03:00
sq . cert_import ( & cert_path ) ;
sq . key_import ( & thirdparty_path ) ;
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
}
2024-05-28 16:04:48 +03:00
2024-06-12 15:53:26 +03:00
let revocation_cert = sq . key_revoke (
if keystore {
FileOrKeyHandle ::from ( cert . key_handle ( ) )
} else {
FileOrKeyHandle ::from ( & cert_path )
} ,
if keystore {
FileOrKeyHandle ::from ( thirdparty_cert . key_handle ( ) )
} else {
FileOrKeyHandle ::from ( & thirdparty_path )
} ,
2024-05-28 16:04:48 +03:00
reason_str ,
message ,
2024-06-12 15:53:26 +03:00
None ,
notations ,
Some ( revocation . as_path ( ) ) ) ;
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
2024-05-28 16:04:48 +03:00
assert! ( ! revocation_cert . is_tsk ( ) ) ;
// evaluate revocation status
let status = revocation_cert . revocation_status (
STANDARD_POLICY , revocation_time . map ( Into ::into ) ) ;
if let RevocationStatus ::CouldBe ( sigs ) = status {
// there is only one signature packet
assert_eq! ( sigs . len ( ) , 1 ) ;
let sig = sigs . into_iter ( ) . next ( ) . unwrap ( ) ;
// it is a key revocation
assert_eq! ( sig . typ ( ) , SignatureType ::KeyRevocation ) ;
// the issuer is a thirdparty revoker
assert_eq! (
sig . get_issuers ( ) . into_iter ( ) . next ( ) . as_ref ( ) ,
Some ( & thirdparty_fingerprint . clone ( ) . into ( ) )
) ;
// the revocation can be verified
if sig
. clone ( )
. verify_primary_key_revocation (
& thirdparty_cert . primary_key ( ) ,
& cert . primary_key ( ) ,
)
. is_err ( )
{
panic! ( " revocation is not valid " )
}
// our reason for revocation and message matches
assert_eq! (
sig . reason_for_revocation ( ) ,
Some ( ( reason , message . as_bytes ( ) ) )
) ;
// the notations of the revocation match the ones
// we passed in
compare_notations ( sig , notations ) ? ;
} else {
panic! ( " there are no signatures in {:?} " , status ) ;
}
Consolidate `sq revoke` commands as `sq key` subcommands
- Move the `sq revoke certificate`, `sq revoke subkey` and `sq revoke
userid` subcommands below the `sq key` namespace as `sq key revoke`,
`sq key subkey revoke` and `sq key userid revoke` (respectively). This
consolidates commands relevant to key management below `sq key`, which
is in line with already existing subcommands (e.g. `sq key generate`,
`sq key subkey add` or `sq key userid add`).
- Replace the use of a common `revoke()` with `CertificateRevocation`,
`SubkeyRevocation` and `UserIDRevocation` to reduce complexity and
allow for easier per target (i.e., certificate, subkey or userid)
command modification.
- Allow specifying an output file using `--output`/ `-o` for all
revocation subcommands (i.e., `sq key revoke`, `sq key subkey revoke`,
`sq key userid revoke`). If unspecified, output goes to stdout as
before.
- Add common test facilities to create a default certificate in a
temporary directory.
- Add common test function to compare a set of notations with those in
a `Signature`.
- Replace the integration tests which used to test a combined `sq
revoke` subcommand with integration tests for `sq key subkey revoke`,
`sq key userid revoke` and `sq key revoke` using direct and third
party revocation.
Fixes #93
2023-06-20 15:44:11 +03:00
}
}
Ok ( ( ) )
}
