From 2a40afef11ccb5c64ff2482f4acdc218d08bf314 Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Fri, 18 Oct 2024 14:44:45 +0200 Subject: [PATCH] Add `--all` flag to `sq network wkd publish` and `dane generate`. - Fixes #273. --- NEWS | 3 +++ src/cli/network/dane.rs | 36 +++++++++++++++++++++++++++++++++++ src/cli/network/wkd.rs | 42 +++++++++++++++++++++++++++++++++++++---- src/commands/network.rs | 18 ++++++++++++++++-- 4 files changed, 93 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index a44afc5a..8f385f72 100644 --- a/NEWS +++ b/NEWS @@ -92,6 +92,9 @@ - Move `sq pki certify` to `sq pki vouch certify`. - Move `sq pki authorize` to `sq pki vouch authorize`. - Move `sq pki list` to `sq cert list`. + - Add a new flag `--all` to `sq network wkd publish` and `sq + network dane generate` that adds all certificates with a user ID + in the target domain that can be authenticated. * Changes in 0.38.0 ** Notable changes diff --git a/src/cli/network/dane.rs b/src/cli/network/dane.rs index 6965df57..fb346a61 100644 --- a/src/cli/network/dane.rs +++ b/src/cli/network/dane.rs @@ -42,6 +42,20 @@ pub enum Subcommands { const GENERATE_EXAMPLES: Actions = Actions { actions: &[ + Action::Setup(Setup { + command: &[ + "sq", "cert", "import", "juliet.pgp", + ], + }), + + Action::Setup(Setup { + command: &[ + "sq", "pki", "link", "add", + "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", + "--userid=Alice ", + ], + }), + Action::Example(Example { comment: "\ Generate DANE records from juliet.pgp for example.org.", @@ -51,6 +65,17 @@ Generate DANE records from juliet.pgp for example.org.", "--file=juliet.pgp", ], }), + + Action::Example(Example { + comment: "\ +Generate DANE records for all certs with an authenticated \ +user ID in example.org.", + command: &[ + "sq", "network", "dane", "generate", + "--domain=example.org", + "--all", + ], + }), ], }; test_examples!(sq_network_dane_generate, GENERATE_EXAMPLES); @@ -77,6 +102,17 @@ pub struct GenerateCommand { NoPrefix, OptionalValue>, + #[clap( + long = "all", + help = "Publish authenticated certs with a user ID matching domain", + long_help = "\ +Use all authenticated certificates with a user ID in the given domain + +Use all certificates that have a user ID matching the domain given \ +to the `--domain` parameter that can be fully authenticated.", + )] + pub all: bool, + #[clap( long = "domain", value_name = "FQDN", diff --git a/src/cli/network/wkd.rs b/src/cli/network/wkd.rs index c214f9f9..e6869929 100644 --- a/src/cli/network/wkd.rs +++ b/src/cli/network/wkd.rs @@ -12,10 +12,7 @@ use crate::cli::types::cert_designator::{ OptionalValue, }; -use crate::cli::examples; -use examples::Action; -use examples::Actions; -use examples::Example; +use crate::cli::examples::*; #[derive(Parser, Debug)] #[clap( @@ -90,6 +87,20 @@ pub struct SearchCommand { const PUBLISH_EXAMPLES: Actions = Actions { actions: &[ + Action::Setup(Setup { + command: &[ + "sq", "cert", "import", "juliet.pgp", + ], + }), + + Action::Setup(Setup { + command: &[ + "sq", "pki", "link", "add", + "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0", + "--userid=Alice ", + ], + }), + Action::Example(Example { comment: "Create a new WKD hierarchy in the local directory \ `public_html`, and insert Alice's cert.", @@ -110,6 +121,18 @@ const PUBLISH_EXAMPLES: Actions = Actions { ], }), + Action::Example(Example { + comment: "\ +Add all certs with an authenticated user ID \ +in example.org to the existing WKD hierarchy.", + command: &[ + "sq", "network", "wkd", "publish", + "--domain=example.org", + "--all", + "public_html", + ], + }), + Action::Example(Example { comment: "Refresh all certs in the existing WKD hierarchy \ in the local directory `public_html` from the \ @@ -156,6 +179,17 @@ pub struct PublishCommand { NoPrefix, OptionalValue>, + #[clap( + long = "all", + help = "Publish authenticated certs with a user ID matching domain", + long_help = "\ +Use all authenticated certificates with a user ID in the given domain + +Use all certificates that have a user ID matching the domain given \ +to the `--domain` parameter that can be fully authenticated.", + )] + pub all: bool, + #[clap( long = "create", value_name = "METHOD", diff --git a/src/commands/network.rs b/src/commands/network.rs index f74e53c1..9b6a598d 100644 --- a/src/commands/network.rs +++ b/src/commands/network.rs @@ -1225,10 +1225,17 @@ pub fn dispatch_wkd(mut sq: Sq, c: cli::network::wkd::Command) Result::Ok(()) })?, - Publish(c) => { + Publish(mut c) => { use wkd::Variant; let cert_store = sq.cert_store_or_else()?; + // Make `--all` implicitly select all certs with a user ID + // matching `--domain` that can be authenticated. + if c.all { + use cli::types::cert_designator::CertDesignator; + c.certs.push(CertDesignator::Domain(c.domain.clone())); + } + let (insert, errors) = sq.resolve_certs( &c.certs, sequoia_wot::FULLY_TRUSTED)?; for error in errors.iter() { @@ -1398,7 +1405,14 @@ pub fn dispatch_dane(mut sq: Sq, c: cli::network::dane::Command) use crate::cli::network::dane::Subcommands::*; match c.subcommand { - Generate(c) => { + Generate(mut c) => { + // Make `--all` implicitly select all certs with a user ID + // matching `--domain` that can be authenticated. + if c.all { + use cli::types::cert_designator::CertDesignator; + c.certs.push(CertDesignator::Domain(c.domain.clone())); + } + let (certs, errors) = sq.resolve_certs( &c.certs, sequoia_wot::FULLY_TRUSTED)?; for error in errors.iter() {