slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix sq inspect to respect the reference time.

Browse Source 
- `sq inspect` used the current time.  Change it to respect the
    reference time set using the `--time` argument.
This commit is contained in:
Neal H. Walfield 2024-06-20 14:50:58 +02:00
parent 77a5047c6b
commit 4e0af86dc2
No known key found for this signature in database
GPG Key ID: 6863C9AD5B4D22D3
1 changed files with 19 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
src/commands/inspect.rs
View File

@ -97,8 +97,6 @@ pub fn inspect<'a, R>(sq: &mut Sq,
-> Result<()> -> Result<()>
where R: BufferedReader<sequoia_openpgp::parse::Cookie> + 'a, where R: BufferedReader<sequoia_openpgp::parse::Cookie> + 'a,
{ {
let time = Some(sq.time);
let mut ppr = openpgp::parse::PacketParser::from_buffered_reader(input)?; let mut ppr = openpgp::parse::PacketParser::from_buffered_reader(input)?;
loop { loop {
@ -130,8 +128,6 @@ where R: BufferedReader<sequoia_openpgp::parse::Cookie> + 'a,
let cert = openpgp::Cert::try_from(pp)?; let cert = openpgp::Cert::try_from(pp)?;
inspect_cert( inspect_cert(
sq, sq,
sq.policy,
time,
output, output,
&cert, &cert,
print_certifications, print_certifications,
@ -204,8 +200,7 @@ where R: BufferedReader<sequoia_openpgp::parse::Cookie> + 'a,
} else if is_cert.is_ok() || is_keyring.is_ok() { } else if is_cert.is_ok() || is_keyring.is_ok() {
let pp = openpgp::PacketPile::from(packets); let pp = openpgp::PacketPile::from(packets);
let cert = openpgp::Cert::try_from(pp)?; let cert = openpgp::Cert::try_from(pp)?;
inspect_cert(sq, sq.policy, time, output, &cert, inspect_cert(sq, output, &cert, print_certifications)?;
print_certifications)?;
} else if packets.is_empty() && ! sigs.is_empty() { } else if packets.is_empty() && ! sigs.is_empty() {
if sigs.iter().all(is_revocation_sig) { if sigs.iter().all(is_revocation_sig) {
writeln!(output, "Revocation Certificate{}.", writeln!(output, "Revocation Certificate{}.",
@ -286,8 +281,6 @@ fn is_revocation_cert(c: &Cert) -> bool {
fn inspect_cert( fn inspect_cert(
sq: &mut Sq, sq: &mut Sq,
policy: &dyn Policy,
time: Option<SystemTime>,
output: &mut dyn io::Write, output: &mut dyn io::Write,
cert: &openpgp::Cert, cert: &openpgp::Cert,
print_certifications: bool, print_certifications: bool,
@ -301,11 +294,9 @@ fn inspect_cert(
} }
writeln!(output)?; writeln!(output)?;
writeln!(output, " Fingerprint: {}", cert.fingerprint())?; writeln!(output, " Fingerprint: {}", cert.fingerprint())?;
inspect_revocation(output, "", cert.revocation_status(policy, None))?; inspect_revocation(output, "", cert.revocation_status(sq.policy, sq.time))?;
inspect_key( inspect_key(
sq, sq,
policy,
time,
output, output,
"", "",
cert.keys().next().unwrap(), cert.keys().next().unwrap(),
@ -315,10 +306,10 @@ fn inspect_cert(
for skb in cert.keys().subkeys() { for skb in cert.keys().subkeys() {
writeln!(output, " Subkey: {}", skb.key().fingerprint())?; writeln!(output, " Subkey: {}", skb.key().fingerprint())?;
inspect_revocation(output, "", skb.revocation_status(policy, None))?; inspect_revocation(output, "", skb.revocation_status(sq.policy, sq.time))?;
match skb.binding_signature(policy, None) { match skb.binding_signature(sq.policy, sq.time) {
Ok(sig) => { Ok(sig) => {
if let Err(e) = sig.signature_alive(None, Duration::new(0, 0)) { if let Err(e) = sig.signature_alive(sq.time, Duration::new(0, 0)) {
print_error_chain(output, &e)?; print_error_chain(output, &e)?;
} }
} }
@ -326,8 +317,6 @@ fn inspect_cert(
} }
inspect_key( inspect_key(
sq, sq,
policy,
time,
output, output,
"", "",
skb.into(), skb.into(),
@ -347,16 +336,16 @@ fn inspect_cert(
for uidb in cert.userids() { for uidb in cert.userids() {
writeln!(output, " UserID: {}", uidb.userid())?; writeln!(output, " UserID: {}", uidb.userid())?;
inspect_revocation(output, "", uidb.revocation_status(policy, None))?; inspect_revocation(output, "", uidb.revocation_status(sq.policy, sq.time))?;
match uidb.binding_signature(policy, None) { match uidb.binding_signature(sq.policy, sq.time) {
Ok(sig) => { Ok(sig) => {
if let Err(e) = sig.signature_alive(None, Duration::new(0, 0)) { if let Err(e) = sig.signature_alive(sq.time, Duration::new(0, 0)) {
print_error_chain(output, &e)?; print_error_chain(output, &e)?;
} }
} }
Err(e) => print_error_chain(output, &e)?, Err(e) => print_error_chain(output, &e)?,
} }
inspect_certifications(sq, output, policy, inspect_certifications(sq, output,
uidb.certifications(), uidb.certifications(),
print_certifications)?; print_certifications)?;
writeln!(output)?; writeln!(output)?;
@ -365,16 +354,16 @@ fn inspect_cert(
for uab in cert.user_attributes() { for uab in cert.user_attributes() {
writeln!(output, " User attribute: {:?}", writeln!(output, " User attribute: {:?}",
uab.user_attribute())?; uab.user_attribute())?;
inspect_revocation(output, "", uab.revocation_status(policy, None))?; inspect_revocation(output, "", uab.revocation_status(sq.policy, sq.time))?;
match uab.binding_signature(policy, None) { match uab.binding_signature(sq.policy, sq.time) {
Ok(sig) => { Ok(sig) => {
if let Err(e) = sig.signature_alive(None, Duration::new(0, 0)) { if let Err(e) = sig.signature_alive(sq.time, Duration::new(0, 0)) {
print_error_chain(output, &e)?; print_error_chain(output, &e)?;
} }
} }
Err(e) => print_error_chain(output, &e)?, Err(e) => print_error_chain(output, &e)?,
} }
inspect_certifications(sq, output, policy, inspect_certifications(sq, output,
uab.certifications(), uab.certifications(),
print_certifications)?; print_certifications)?;
writeln!(output)?; writeln!(output)?;
@ -382,15 +371,15 @@ fn inspect_cert(
for ub in cert.unknowns() { for ub in cert.unknowns() {
writeln!(output, " Unknown component: {:?}", ub.unknown())?; writeln!(output, " Unknown component: {:?}", ub.unknown())?;
match ub.binding_signature(policy, None) { match ub.binding_signature(sq.policy, sq.time) {
Ok(sig) => { Ok(sig) => {
if let Err(e) = sig.signature_alive(None, Duration::new(0, 0)) { if let Err(e) = sig.signature_alive(sq.time, Duration::new(0, 0)) {
print_error_chain(output, &e)?; print_error_chain(output, &e)?;
} }
} }
Err(e) => print_error_chain(output, &e)?, Err(e) => print_error_chain(output, &e)?,
} }
inspect_certifications(sq, output, policy, inspect_certifications(sq, output,
ub.certifications(), ub.certifications(),
print_certifications)?; print_certifications)?;
writeln!(output)?; writeln!(output)?;
@ -405,8 +394,6 @@ fn inspect_cert(
fn inspect_key( fn inspect_key(
sq: &mut Sq, sq: &mut Sq,
policy: &dyn Policy,
time: Option<SystemTime>,
output: &mut dyn io::Write, output: &mut dyn io::Write,
indent: &str, indent: &str,
ka: ErasedKeyAmalgamation<PublicParts>, ka: ErasedKeyAmalgamation<PublicParts>,
@ -414,7 +401,7 @@ fn inspect_key(
) -> Result<()> { ) -> Result<()> {
let key = ka.key(); let key = ka.key();
let bundle = ka.bundle(); let bundle = ka.bundle();
let vka = match ka.with_policy(policy, time) { let vka = match ka.with_policy(sq.policy, sq.time) {
Ok(vka) => { Ok(vka) => {
if let Err(e) = vka.alive() { if let Err(e) = vka.alive() {
writeln!(output, "{} Invalid: {}", writeln!(output, "{} Invalid: {}",
@ -459,7 +446,7 @@ fn inspect_key(
writeln!(output, "{} Key flags: {}", indent, flags)?; writeln!(output, "{} Key flags: {}", indent, flags)?;
} }
} }
inspect_certifications(sq, output, policy, inspect_certifications(sq, output,
bundle.certifications().iter(), bundle.certifications().iter(),
print_certifications)?; print_certifications)?;
@ -609,7 +596,6 @@ fn inspect_issuers(sq: &mut Sq,
fn inspect_certifications<'a, A>(sq: &mut Sq, fn inspect_certifications<'a, A>(sq: &mut Sq,
output: &mut dyn io::Write, output: &mut dyn io::Write,
policy: &dyn Policy,
certs: A, certs: A,
print_certifications: bool) print_certifications: bool)
-> Result<()> -> Result<()>
@ -708,7 +694,7 @@ fn inspect_certifications<'a, A>(sq: &mut Sq,
writeln!(output, "{}Hash algorithm: {}", writeln!(output, "{}Hash algorithm: {}",
indent, sig.hash_algo())?; indent, sig.hash_algo())?;
if let Err(err) = policy.signature( if let Err(err) = sq.policy.signature(
sig, HashAlgoSecurity::CollisionResistance) sig, HashAlgoSecurity::CollisionResistance)
{ {
writeln!(output, writeln!(output,