Make sq cert list display certificates without user IDs.

- If a cert has been explicitly given via the cert designators, we
    want to display it even if it has no bindings.

  - Fixes #501.

src/common/pki/authenticate.rs

@@ -181,7 +181,13 @@ pub fn authenticate<'store, 'rstore>(
         bindings = certs.iter().flat_map(|cert| {
             let fp = cert.fingerprint();
             let userids = n.certified_userids_of(&fp);
-            userids.into_iter().map(move |uid| (fp.clone(), Some(uid)))
+            if userids.is_empty() {
+                Box::new(std::iter::once((fp, None)))
+                    as Box<dyn Iterator<Item = (Fingerprint, Option<UserID>)>>
+            } else {
+                Box::new(userids.into_iter()
+                         .map(move |uid| (fp.clone(), Some(uid))))
+            }
         }).collect();
     } else {
         // No User ID, no Fingerprint.
@@ -252,6 +258,12 @@ pub fn authenticate<'store, 'rstore>(
         let userid = if let Some(u) = userid {
             u
         } else {
+            // A cert without bindings.  This was provided explicitly
+            // via `certs`, is therefore authenticated, and we want to
+            // display it.
+            output.add_cert(fingerprint)?;
+            bindings_shown += 1;
+            authenticated += 1;
             continue;
         };
 

tests/integration/sq_cert_list.rs

@@ -64,3 +64,15 @@ fn list_empty() {
     sq.pki_link_add(&[], cert.key_handle(), &["alice"]);
     sq.cert_list(&["alice"]);
 }
+
+/// Tests that listing a cert without user IDs works.
+#[test]
+fn list_no_userids() {
+    let sq = Sq::new();
+    let (cert, cert_path, _rev_path)
+        = sq.key_generate::<&str>(&[], &[]);
+    sq.key_import(&cert_path);
+    let fp = cert.fingerprint().to_string();
+    let output = sq.cert_list(&[&fp]);
+    assert!(std::str::from_utf8(&output).unwrap().contains(&fp));
+}