When adopting a key, error out if the key's key flags is empty.
- When adopting a key using `sq key adopt`, error out if the key's key flags are empty.
This commit is contained in:
parent
5ec89e8abe
commit
33dc4a1b41
@ -191,13 +191,17 @@ pub fn adopt(sq: Sq, mut command: cli::key::AdoptCommand) -> Result<()>
|
||||
builder = builder.set_key_expiration_time(&key, e.timestamp())?;
|
||||
}
|
||||
|
||||
// If there is a valid backsig, recreate it.
|
||||
let need_backsig = builder
|
||||
.key_flags()
|
||||
.map(|kf| kf.for_signing() || kf.for_certification())
|
||||
.unwrap_or(false);
|
||||
let key_flags = builder.key_flags().unwrap_or(KeyFlags::empty());
|
||||
if key_flags.is_empty() {
|
||||
return Err(anyhow::anyhow!(
|
||||
"{} has no key capabilities. Pass at least one of \
|
||||
--can-sign, --can-authenticate, and --can-encrypt to \
|
||||
adopt this key.",
|
||||
key.fingerprint()));
|
||||
};
|
||||
|
||||
if need_backsig {
|
||||
// If we need a valid backsig, create it.
|
||||
if key_flags.for_signing() || key_flags.for_certification() {
|
||||
// Derive a signer.
|
||||
let ka = cert.keys().key_handle(key.fingerprint())
|
||||
.next()
|
||||
|
@ -659,12 +659,26 @@ fn adopt_bare() -> Result<()> {
|
||||
|
||||
let to_adopt = bare_signing().0;
|
||||
|
||||
let cert = sq.key_adopt(
|
||||
// First, a bare certificate doesn't have any key flags set. Make
|
||||
// sure `sq key adopt` complains, if we don't specify any (e.g.,
|
||||
// `--can-encrypt`).
|
||||
let r = sq.key_adopt_maybe(
|
||||
&[],
|
||||
vec![ bare() ],
|
||||
alice_primary().0,
|
||||
vec![ to_adopt.clone() ],
|
||||
&alice2_pgp);
|
||||
if r.is_ok() {
|
||||
panic!("sq key adopt succeeded, but should have complained about \
|
||||
missing key flags");
|
||||
}
|
||||
|
||||
let cert = sq.key_adopt(
|
||||
&["--can-encrypt", "universal"],
|
||||
vec![ bare() ],
|
||||
alice_primary().0,
|
||||
vec![ to_adopt.clone() ],
|
||||
&alice2_pgp);
|
||||
|
||||
let mut found = false;
|
||||
for k in cert.keys() {
|
||||
|
Loading…
x
Reference in New Issue
Block a user