Add sq inspect --cert KEYHANDLE

- Extend `sq inspect` to read from the certificate store.
2023-03-30 22:50:52 +02:00 · 2023-03-30 22:50:52 +02:00 · 4efea87492
commit 4efea87492
parent cd1a26de1c
3 changed files with 45 additions and 2 deletions
--- a/2
+++ b/2
@ -73,6 +73,8 @@
     amount 1 of 120) by the local trust root.  The proxy certificates
     can be managed in the usual way using `sq link add` and `sq link
     retract`.
+   - Extend `sq inspect` to inspect certificates from the certificate
+     store using the `--cert` option.
 * Deprecated functionality
   - `sq key generate --creation-time TIME` is deprecated in favor of
     `sq key generate --time TIME`.
--- a/src/commands/inspect.rs
+++ b/src/commands/inspect.rs
@ -1,7 +1,10 @@
 use std::convert::TryFrom;
 use std::io::{self, Read};
+use std::path::Path;
 use std::time::{Duration, SystemTime};

+use anyhow::Context;
+
 use sequoia_openpgp as openpgp;
 use openpgp::{KeyHandle, Packet, Result};
 use openpgp::cert::prelude::*;
@ -13,6 +16,9 @@ use openpgp::parse::{Parse, PacketParserResult};
 use openpgp::policy::{Policy, HashAlgoSecurity};
 use openpgp::packet::key::SecretKeyMaterial;

+use sequoia_cert_store as cert_store;
+use cert_store::Store;
+
 use super::dump::Convert;

 use crate::Config;
@ -45,8 +51,33 @@ pub fn inspect(mut config: Config, c: inspect::Command)
    let mut sigs = Vec::new();    // Accumulator for signatures.
    let mut literal_prefix = Vec::new();

-    let mut ppr =
-        openpgp::parse::PacketParser::from_reader(crate::open_or_stdin(input)?)?;
+    let mut bytes: Vec<u8> = Vec::new();
+    let mut ppr = if c.cert.is_empty() {
+        if let Some(input) = input.as_ref() {
+            if ! Path::new(input).exists() && input.parse::<KeyHandle>().is_ok() {
+                eprintln!("The file {} does not exist, \
+                           did you mean \"sq inspect --cert {}\"?",
+                          input, input);
+            }
+        }
+
+        openpgp::parse::PacketParser::from_reader(crate::open_or_stdin(input)?)?
+    } else {
+        let cert_store = config.cert_store_or_else()?;
+        for cert in c.cert.into_iter() {
+            let certs = cert_store.lookup_by_key(&cert)
+                .with_context(|| format!("Looking up {}", cert))?;
+
+            // Include non-exportable signatures, etc.
+            for cert in certs.into_iter() {
+                let b = cert.to_vec().context("Serializing certificate")?;
+                bytes.extend(b);
+            }
+        }
+
+        openpgp::parse::PacketParser::from_bytes(&bytes)?
+    };
+
    while let PacketParserResult::Some(mut pp) = ppr {
        match pp.packet {
            Packet::PublicKey(_) | Packet::SecretKey(_) => {
--- a/src/sq_cli/inspect.rs
+++ b/src/sq_cli/inspect.rs
@ -1,5 +1,8 @@
 use clap::Parser;

+use sequoia_openpgp as openpgp;
+use openpgp::KeyHandle;
+
 #[derive(Parser, Debug)]
 #[clap(
    name = "inspect",
@ -41,6 +44,13 @@ pub struct Command {
        help = "Reads from FILE or stdin if omitted",
    )]
    pub input: Option<String>,
+    #[clap(
+        long = "cert",
+        value_name = "FINGERPRINT|KEYID",
+        conflicts_with = "input",
+        help = "Reads the specified certificate from the certificate store",
+    )]
+    pub cert: Vec<KeyHandle>,
    #[clap(
        long = "certifications",
        help = "Prints third-party certifications",