slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix generation of user ID-less keys.

Browse Source 
- Fixes #491.
This commit is contained in:
Justus Winter 2024-12-11 13:29:32 +01:00
parent 44d97fc920
commit 02f0dc44fa
No known key found for this signature in database
GPG Key ID: 686F55B4AB2B3386
2 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/commands/key/generate.rs
View File

@ -182,7 +182,7 @@ pub fn generate(
builder.generate() builder.generate()
}; };
let (cert, rev); let (mut cert, rev);
let rev_path = if let Some(rev_cert) = command.rev_cert { let rev_path = if let Some(rev_cert) = command.rev_cert {
(cert, rev) = gen()?; (cert, rev) = gen()?;
@ -250,8 +250,12 @@ pub fn generate(
None => { None => {
// write the key to the key store // write the key to the key store
// Certify the key with a per-host shadow CA. // Certify the key with a per-host shadow CA if there
let cert = certify_generated(&mut sq, &cert)?; // are any user IDs to certify.
let have_userids = cert.userids().next().is_some();
if have_userids {
cert = certify_generated(&mut sq, &cert)?;
}
match sq.import_key(cert.clone(), &mut Default::default()) match sq.import_key(cert.clone(), &mut Default::default())
.map(|(key_status, _cert_status)| key_status) .map(|(key_status, _cert_status)| key_status)
@ -278,7 +282,7 @@ pub fn generate(
let trust_root = sq.local_trust_root()?; let trust_root = sq.local_trust_root()?;
let trust_root = trust_root.to_cert()?; let trust_root = trust_root.to_cert()?;
if command.own_key { if command.own_key && have_userids {
// Mark all user IDs as authenticated, and mark // Mark all user IDs as authenticated, and mark
// the key as a trusted introducer. // the key as a trusted introducer.
crate::common::pki::certify::certify( crate::common::pki::certify::certify(
@ -301,7 +305,7 @@ pub fn generate(
None, // Output. None, // Output.
false, // Binary. false, // Binary.
)?; )?;
} else if command.shared_key { } else if command.shared_key && have_userids {
// Mark all user IDs as authenticated. // Mark all user IDs as authenticated.
crate::common::pki::certify::certify( crate::common::pki::certify::certify(
&mut std::io::stderr(), &mut std::io::stderr(),

17
tests/integration/sq_key_generate.rs
View File

@ -7,6 +7,23 @@ use super::common;
use super::common::UserIDArg; use super::common::UserIDArg;
use super::common::NO_USERIDS; use super::common::NO_USERIDS;
#[test]
fn sq_key_generate_no_userid() -> Result<()> {
let sq = common::Sq::new();
// Stateless key generation.
let (cert, _, _) = sq.key_generate::<&str>(&[], &[]);
assert_eq!(cert.userids().count(), 0);
// Stateful key generation.
let mut cmd = sq.command();
cmd.args(["key", "generate", "--own-key", "--no-userids",
"--without-password"]);
sq.run(cmd, true);
Ok(())
}
#[test] #[test]
fn sq_key_generate_creation_time() -> Result<()> fn sq_key_generate_creation_time() -> Result<()>
{ {