Add --all flag to sq network wkd publish and dane generate.

- Fixes #273.
2024-10-18 14:44:45 +02:00 · 2024-10-18 14:44:45 +02:00 · 2a40afef11
commit 2a40afef11
parent 361e68a248
4 changed files with 93 additions and 6 deletions
--- a/3
+++ b/3
@ -92,6 +92,9 @@
   - Move `sq pki certify` to `sq pki vouch certify`.
   - Move `sq pki authorize` to `sq pki vouch authorize`.
   - Move `sq pki list` to `sq cert list`.
+   - Add a new flag `--all` to `sq network wkd publish` and `sq
+     network dane generate` that adds all certificates with a user ID
+     in the target domain that can be authenticated.

 * Changes in 0.38.0
 ** Notable changes
--- a/src/cli/network/dane.rs
+++ b/src/cli/network/dane.rs
@ -42,6 +42,20 @@ pub enum Subcommands {

 const GENERATE_EXAMPLES: Actions = Actions {
    actions: &[
+        Action::Setup(Setup {
+            command: &[
+                "sq", "cert", "import", "juliet.pgp",
+            ],
+        }),
+
+        Action::Setup(Setup {
+            command: &[
+                "sq", "pki", "link", "add",
+                "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0",
+                "--userid=Alice <alice@example.org>",
+            ],
+        }),
+
        Action::Example(Example {
            comment: "\
 Generate DANE records from juliet.pgp for example.org.",
@ -51,6 +65,17 @@ Generate DANE records from juliet.pgp for example.org.",
                "--file=juliet.pgp",
            ],
        }),
+
+        Action::Example(Example {
+            comment: "\
+Generate DANE records for all certs with an authenticated \
+user ID in example.org.",
+            command: &[
+                "sq", "network", "dane", "generate",
+                "--domain=example.org",
+                "--all",
+            ],
+        }),
    ],
 };
 test_examples!(sq_network_dane_generate, GENERATE_EXAMPLES);
@ -77,6 +102,17 @@ pub struct GenerateCommand {
                               NoPrefix,
                               OptionalValue>,

+    #[clap(
+        long = "all",
+        help = "Publish authenticated certs with a user ID matching domain",
+        long_help = "\
+Use all authenticated certificates with a user ID in the given domain
+
+Use all certificates that have a user ID matching the domain given \
+to the `--domain` parameter that can be fully authenticated.",
+    )]
+    pub all: bool,
+
    #[clap(
        long = "domain",
        value_name = "FQDN",
--- a/src/cli/network/wkd.rs
+++ b/src/cli/network/wkd.rs
@ -12,10 +12,7 @@ use crate::cli::types::cert_designator::{
    OptionalValue,
 };

-use crate::cli::examples;
-use examples::Action;
-use examples::Actions;
-use examples::Example;
+use crate::cli::examples::*;

 #[derive(Parser, Debug)]
 #[clap(
@ -90,6 +87,20 @@ pub struct SearchCommand {

 const PUBLISH_EXAMPLES: Actions = Actions {
    actions: &[
+        Action::Setup(Setup {
+            command: &[
+                "sq", "cert", "import", "juliet.pgp",
+            ],
+        }),
+
+        Action::Setup(Setup {
+            command: &[
+                "sq", "pki", "link", "add",
+                "--cert=EB28F26E2739A4870ECC47726F0073F60FD0CBF0",
+                "--userid=Alice <alice@example.org>",
+            ],
+        }),
+
        Action::Example(Example {
            comment: "Create a new WKD hierarchy in the local directory \
                      `public_html`, and insert Alice's cert.",
@ -110,6 +121,18 @@ const PUBLISH_EXAMPLES: Actions = Actions {
            ],
        }),

+        Action::Example(Example {
+            comment: "\
+Add all certs with an authenticated user ID \
+in example.org to the existing WKD hierarchy.",
+            command: &[
+                "sq", "network", "wkd", "publish",
+                "--domain=example.org",
+                "--all",
+                "public_html",
+            ],
+        }),
+
        Action::Example(Example {
            comment: "Refresh all certs in the existing WKD hierarchy \
                      in the local directory `public_html` from the \
@ -156,6 +179,17 @@ pub struct PublishCommand {
                               NoPrefix,
                               OptionalValue>,

+    #[clap(
+        long = "all",
+        help = "Publish authenticated certs with a user ID matching domain",
+        long_help = "\
+Use all authenticated certificates with a user ID in the given domain
+
+Use all certificates that have a user ID matching the domain given \
+to the `--domain` parameter that can be fully authenticated.",
+    )]
+    pub all: bool,
+
    #[clap(
        long = "create",
        value_name = "METHOD",
--- a/src/commands/network.rs
+++ b/src/commands/network.rs
@ -1225,10 +1225,17 @@ pub fn dispatch_wkd(mut sq: Sq, c: cli::network::wkd::Command)
            Result::Ok(())
        })?,

-        Publish(c) => {
+        Publish(mut c) => {
            use wkd::Variant;
            let cert_store = sq.cert_store_or_else()?;

+            // Make `--all` implicitly select all certs with a user ID
+            // matching `--domain` that can be authenticated.
+            if c.all {
+                use cli::types::cert_designator::CertDesignator;
+                c.certs.push(CertDesignator::Domain(c.domain.clone()));
+            }
+
            let (insert, errors) = sq.resolve_certs(
                &c.certs, sequoia_wot::FULLY_TRUSTED)?;
            for error in errors.iter() {
@ -1398,7 +1405,14 @@ pub fn dispatch_dane(mut sq: Sq, c: cli::network::dane::Command)

    use crate::cli::network::dane::Subcommands::*;
    match c.subcommand {
-        Generate(c) => {
+        Generate(mut c) => {
+            // Make `--all` implicitly select all certs with a user ID
+            // matching `--domain` that can be authenticated.
+            if c.all {
+                use cli::types::cert_designator::CertDesignator;
+                c.certs.push(CertDesignator::Domain(c.domain.clone()));
+            }
+
            let (certs, errors) = sq.resolve_certs(
                &c.certs, sequoia_wot::FULLY_TRUSTED)?;
            for error in errors.iter() {