slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename Config to Sq.

Browse Source
This commit is contained in:
Neal H. Walfield 2024-05-26 09:57:51 +02:00
parent 446c63d0ed
commit 5afdb049ff
No known key found for this signature in database
GPG Key ID: 6863C9AD5B4D22D3
39 changed files with 495 additions and 495 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
src/commands.rs
View File

@ -25,7 +25,7 @@ use cert_store::Store;
use sequoia_wot::store::Store as _;
use crate::{
Config,
Sq,
common::password,
};
@ -47,38 +47,38 @@ pub mod verify;
pub mod version;
/// Dispatches the top-level subcommand.
pub fn dispatch(config: Config, command: SqCommand) -> Result<()>
pub fn dispatch(sq: Sq, command: SqCommand) -> Result<()>
{
match command.subcommand {
SqSubcommands::Encrypt(command) =>
encrypt::dispatch(config, command),
encrypt::dispatch(sq, command),
SqSubcommands::Decrypt(command) =>
decrypt::dispatch(config, command),
decrypt::dispatch(sq, command),
SqSubcommands::Sign(command) =>
sign::dispatch(config, command),
sign::dispatch(sq, command),
SqSubcommands::Verify(command) =>
verify::dispatch(config, command),
verify::dispatch(sq, command),
SqSubcommands::Inspect(command) =>
inspect::dispatch(config, command),
inspect::dispatch(sq, command),
SqSubcommands::Cert(command) =>
cert::dispatch(config, command),
cert::dispatch(sq, command),
SqSubcommands::Key(command) =>
key::dispatch(config, command),
key::dispatch(sq, command),
SqSubcommands::Pki(command) =>
pki::dispatch(config, command),
pki::dispatch(sq, command),
SqSubcommands::Autocrypt(command) =>
autocrypt::dispatch(config, &command),
autocrypt::dispatch(sq, &command),
SqSubcommands::Network(command) =>
network::dispatch(config, command),
network::dispatch(sq, command),
SqSubcommands::Toolbox(command) =>
toolbox::dispatch(config, command),
toolbox::dispatch(sq, command),
SqSubcommands::Version(command) =>
version::dispatch(config, command),
version::dispatch(sq, command),
}
}
@ -295,7 +295,7 @@ pub fn get_certification_keys<C>(certs: &[C], p: &dyn Policy,
///
/// Note: if `n` User IDs are provided, then the returned vector has
/// `n` elements.
fn active_certification(config: &Config,
fn active_certification(sq: &Sq,
cert: &Fingerprint, userids: Vec<UserID>,
issuer: &Key<openpgp::packet::key::PublicParts,
openpgp::packet::key::UnspecifiedRole>)
@ -303,7 +303,7 @@ fn active_certification(config: &Config,
{
// Look up the cert and find the certifications for the specified
// User ID, if any.
let lc = config.cert_store_or_else()
let lc = sq.cert_store_or_else()
.and_then(|cert_store| cert_store.lookup_by_cert_fpr(cert));
let lc = match lc {
Ok(lc) => lc,
@ -339,14 +339,14 @@ fn active_certification(config: &Config,
.iter()
.filter(|sig| {
if let Some(ct) = sig.signature_creation_time() {
ct <= config.time
ct <= sq.time
&& sig.signature_validity_period()
.map(|vp| {
config.time < ct + vp
sq.time < ct + vp
})
.unwrap_or(true)
&& sig.get_issuers().iter().any(|i| i.aliases(&issuer_kh))
&& config.policy.signature(
&& sq.policy.signature(
sig, HashAlgoSecurity::CollisionResistance).is_ok()
} else {
false
@ -363,7 +363,7 @@ fn active_certification(config: &Config,
});
// Return the first valid signature, which is the most recent one
// that is no younger than config.time.
// that is no younger than sq.time.
let pk = ua.cert().primary_key().key();
let certification = certifications.into_iter()
.filter_map(|sig| {
@ -440,7 +440,7 @@ pub struct VHelper<'c, 'store, 'rstore>
where 'store: 'rstore
{
#[allow(dead_code)]
config: &'c Config<'store, 'rstore>,
sq: &'c Sq<'store, 'rstore>,
signatures: usize,
certs: Option<Vec<Cert>>,
labels: HashMap<KeyID, String>,
@ -462,11 +462,11 @@ pub struct VHelper<'c, 'store, 'rstore>
}
impl<'c, 'store, 'rstore> VHelper<'c, 'store, 'rstore> {
fn new(config: &'c Config<'store, 'rstore>, signatures: usize,
fn new(sq: &'c Sq<'store, 'rstore>, signatures: usize,
certs: Vec<Cert>)
-> Self {
VHelper {
config: config,
sq: sq,
signatures,
certs: Some(certs),
labels: HashMap::new(),
@ -520,7 +520,7 @@ impl<'c, 'store, 'rstore> VHelper<'c, 'store, 'rstore> {
use crate::commands::pki::output::print_path;
use crate::print_error_chain;
let reference_time = self.config.time;
let reference_time = self.sq.time;
use self::VerificationError::*;
for result in results {
@ -583,7 +583,7 @@ impl<'c, 'store, 'rstore> VHelper<'c, 'store, 'rstore> {
// Direct trust.
let mut trusted = self.trusted.contains(&issuer);
let mut prefix = "";
let trust_roots = self.config.trust_roots();
let trust_roots = self.sq.trust_roots();
if ! trusted && ! trust_roots.is_empty() {
prefix = " ";
@ -591,10 +591,10 @@ impl<'c, 'store, 'rstore> VHelper<'c, 'store, 'rstore> {
qprintln!("Authenticating {} ({:?}) using the web of trust:",
cert_fpr, signer_userid);
if let Ok(Some(cert_store)) = self.config.cert_store() {
if let Ok(Some(cert_store)) = self.sq.cert_store() {
// Build the network.
let cert_store = sequoia_wot::store::CertStore::from_store(
cert_store, self.config.policy, reference_time);
cert_store, self.sq.policy, reference_time);
let userids = if let Some(userid) = sig.signers_user_id() {
let userid = UserID::from(userid);
@ -623,7 +623,7 @@ impl<'c, 'store, 'rstore> VHelper<'c, 'store, 'rstore> {
let paths = q.authenticate(
userid, cert.fingerprint(),
// XXX: Make this user configurable.
// XXX: Make this user squrable.
sequoia_wot::FULLY_TRUSTED);
let amount = paths.amount();
@ -778,7 +778,7 @@ impl<'c, 'store, 'rstore> VerificationHelper for VHelper<'c, 'store, 'rstore>
// Avoid initializing the certificate store if we don't actually
// need to.
if ! ids.is_empty() {
if let Ok(Some(cert_store)) = self.config.cert_store() {
if let Ok(Some(cert_store)) = self.sq.cert_store() {
for id in ids.iter() {
for c in cert_store.lookup_by_cert_or_subkey(id)
.unwrap_or_default()

42
src/commands/autocrypt.rs
View File

@ -13,7 +13,7 @@ use openpgp::{
use sequoia_autocrypt as autocrypt;
use crate::{
Config,
Sq,
cli,
commands::network::{
certify_downloads,
@ -21,17 +21,17 @@ use crate::{
},
};
pub fn dispatch(config: Config, c: &cli::autocrypt::Command) -> Result<()> {
pub fn dispatch(sq: Sq, c: &cli::autocrypt::Command) -> Result<()> {
use cli::autocrypt::Subcommands::*;
match &c.subcommand {
Import(c) => import(config, c),
Decode(c) => decode(config, c),
EncodeSender(c) => encode_sender(config, c),
Import(c) => import(sq, c),
Decode(c) => decode(sq, c),
EncodeSender(c) => encode_sender(sq, c),
}
}
fn import<'store, 'rstore>(mut config: Config<'store, 'rstore>,
fn import<'store, 'rstore>(mut sq: Sq<'store, 'rstore>,
command: &cli::autocrypt::ImportCommand)
-> Result<()>
where 'store: 'rstore
@ -62,11 +62,11 @@ fn import<'store, 'rstore>(mut config: Config<'store, 'rstore>,
if let Some(cert) = h.key {
sender_cert = Some(cert.clone());
if let Ok((ca, _)) = config.certd_or_else()
if let Ok((ca, _)) = sq.certd_or_else()
.and_then(|certd| certd.shadow_ca_autocrypt())
{
acc.append(&mut certify_downloads(
&mut config, ca,
&mut sq, ca,
vec![cert], Some(&addr[..])));
} else {
acc.push(cert);
@ -81,7 +81,7 @@ fn import<'store, 'rstore>(mut config: Config<'store, 'rstore>,
Some(c) => c,
None => {
// Import what we got.
import_certs(&mut config, acc)?;
import_certs(&mut sq, acc)?;
return Ok(());
},
};
@ -92,13 +92,13 @@ fn import<'store, 'rstore>(mut config: Config<'store, 'rstore>,
load_keys(command.secret_key_file.iter().map(|s| s.as_ref()))?;
let mut helper = Helper::new(
&config, None,
&sq, None,
1, // Require one trusted signature...
vec![sender_cert.clone()], // ... from this cert.
secrets, command.session_key.clone(), false);
helper.quiet(true);
let policy = config.policy.clone();
let policy = sq.policy.clone();
let mut decryptor = match DecryptorBuilder::from_buffered_reader(input)?
.with_policy(&policy, None, helper)
.context("Decryption failed")
@ -108,7 +108,7 @@ fn import<'store, 'rstore>(mut config: Config<'store, 'rstore>,
// The decryption failed, but we should still import the
// Autocrypt header.
wprintln!("Note: Decryption of message failed: {}", e);
import_certs(&mut config, acc)?;
import_certs(&mut sq, acc)?;
return Ok(());
},
};
@ -129,12 +129,12 @@ fn import<'store, 'rstore>(mut config: Config<'store, 'rstore>,
.find_map(|a| (&a.key == "addr").then(|| a.value.clone()))
{
if let Some(cert) = h.key {
if let Ok((ca, _)) = config.certd_or_else()
if let Ok((ca, _)) = sq.certd_or_else()
.and_then(|certd| certd.shadow_ca_autocrypt_gossip_for(
&sender_cert, from_addr))
{
acc.append(&mut certify_downloads(
&mut config, ca,
&mut sq, ca,
vec![cert], Some(&addr[..])));
} else {
acc.push(cert);
@ -144,17 +144,17 @@ fn import<'store, 'rstore>(mut config: Config<'store, 'rstore>,
}
// Finally, do one import.
import_certs(&mut config, acc)?;
import_certs(&mut sq, acc)?;
Ok(())
}
fn decode(config: Config, command: &cli::autocrypt::DecodeCommand)
fn decode(sq: Sq, command: &cli::autocrypt::DecodeCommand)
-> Result<()>
{
let input = command.input.open()?;
let mut output = command.output.create_pgp_safe(
config.force,
sq.force,
command.binary,
armor::Kind::PublicKey,
)?;
@ -169,20 +169,20 @@ fn decode(config: Config, command: &cli::autocrypt::DecodeCommand)
Ok(())
}
fn encode_sender(config: Config, command: &cli::autocrypt::EncodeSenderCommand)
fn encode_sender(sq: Sq, command: &cli::autocrypt::EncodeSenderCommand)
-> Result<()>
{
let input = command.input.open()?;
let mut output = command.output.create_safe(config.force)?;
let mut output = command.output.create_safe(sq.force)?;
let cert = Cert::from_buffered_reader(input)?;
let addr = command.address.clone()
.or_else(|| {
cert.with_policy(config.policy, None)
cert.with_policy(sq.policy, None)
.and_then(|vcert| vcert.primary_userid()).ok()
.map(|ca| ca.userid().to_string())
});
let ac = autocrypt::AutocryptHeader::new_sender(
config.policy,
sq.policy,
&cert,
&addr.ok_or_else(|| anyhow::anyhow!(
"No well-formed primary userid found, use \

10
src/commands/cert.rs
View File

@ -1,7 +1,7 @@
//! Operations on certs.
use crate::{
Config,
Sq,
Result,
cli::cert::{Command, Subcommands},
};
@ -10,16 +10,16 @@ pub mod import;
pub mod export;
pub mod lint;
pub fn dispatch(config: Config, command: Command) -> Result<()>
pub fn dispatch(sq: Sq, command: Command) -> Result<()>
{
match command.subcommand {
Subcommands::Import(command) =>
import::dispatch(config, command),
import::dispatch(sq, command),
Subcommands::Export(command) =>
export::dispatch(config, command),
export::dispatch(sq, command),
Subcommands::Lint(command) =>
lint::lint(config, command),
lint::lint(sq, command),
}
}

14
src/commands/cert/export.rs
View File

@ -15,15 +15,15 @@ use cert_store::store::UserIDQueryParams;
use crate::cli::types::FileOrStdout;
use crate::{
Config,
Sq,
print_error_chain,
utils::cert_exportable,
};
use crate::cli::cert::export;
pub fn dispatch(config: Config, mut cmd: export::Command) -> Result<()> {
let cert_store = config.cert_store_or_else()?;
pub fn dispatch(sq: Sq, mut cmd: export::Command) -> Result<()> {
let cert_store = sq.cert_store_or_else()?;
let mut userid_query = Vec::new();
let mut die = false;
@ -97,14 +97,14 @@ pub fn dispatch(config: Config, mut cmd: export::Command) -> Result<()> {
if cmd.cert.is_empty() && cmd.key.is_empty() && userid_query.is_empty()
&& ! cmd.all
{
config.hint(format_args!(
sq.hint(format_args!(
"Use --all to export all certs, or give a query."));
return Err(anyhow::anyhow!("no query given"));
}
let output = FileOrStdout::default();
let mut sink = output.create_pgp_safe(
config.force,
sq.force,
cmd.binary,
armor::Kind::PublicKey,
)?;
@ -177,7 +177,7 @@ pub fn dispatch(config: Config, mut cmd: export::Command) -> Result<()> {
exported.insert(cert.fingerprint());
} else {
// But, when matching a subkey, we do.
if let Ok(vc) = cert.with_policy(config.policy, None) {
if let Ok(vc) = cert.with_policy(sq.policy, None) {
if vc.keys().subkeys().any(|ka| {
ka.key_handle().aliases(kh)
})
@ -203,7 +203,7 @@ pub fn dispatch(config: Config, mut cmd: export::Command) -> Result<()> {
}
// Matching User IDs need a valid self signature.
if let Ok(vc) = cert.with_policy(config.policy, None) {
if let Ok(vc) = cert.with_policy(sq.policy, None) {
if vc.userids().any(|ua| {
q.check(ua.userid(), pattern)
}) {

12
src/commands/cert/import.rs
View File

@ -13,14 +13,14 @@ use cert_store::LazyCert;
use cert_store::StoreUpdate;
use crate::{
Config,
Sq,
best_effort_primary_uid,
};
use crate::cli::cert::import;
use crate::cli::types::FileOrStdin;
pub fn dispatch<'store, 'rstore>(config: Config<'store, 'rstore>,
pub fn dispatch<'store, 'rstore>(sq: Sq<'store, 'rstore>,
cmd: import::Command)
-> Result<()>
where 'store: 'rstore
@ -38,9 +38,9 @@ where 'store: 'rstore
let input = FileOrStdin::from(input).open()?;
let raw_certs = RawCertParser::from_buffered_reader(input)?;
let policy = config.policy.clone();
let time = config.time;
let cert_store = config.cert_store_or_else()?;
let policy = sq.policy.clone();
let time = sq.time;
let cert_store = sq.cert_store_or_else()?;
for raw_cert in raw_certs {
let cert = match raw_cert {
@ -54,7 +54,7 @@ where 'store: 'rstore
let fingerprint = cert.fingerprint();
let sanitized_userid = best_effort_primary_uid(
Some(&config), cert.to_cert()?, &policy, time);
Some(&sq), cert.to_cert()?, &policy, time);
if let Err(err) = cert_store.update_by(Arc::new(cert), &mut stats) {
wprintln!("Error importing {}, {}: {}",
fingerprint, sanitized_userid, err);

8
src/commands/cert/lint.rs
View File

@ -25,7 +25,7 @@ use openpgp::types::SymmetricAlgorithm;
use crate::{
Config,
Sq,
decrypt_key,
cli::cert::lint::Command,
};
@ -199,7 +199,7 @@ fn update_subkey_binding<P>(ka: &ValidSubordinateKeyAmalgamation<P>,
Ok(sig)
}
pub fn lint(config: Config, mut args: Command) -> Result<()> {
pub fn lint(sq: Sq, mut args: Command) -> Result<()> {
// If there were any errors reading the input.
let mut bad_input = false;
@ -244,12 +244,12 @@ pub fn lint(config: Config, mut args: Command) -> Result<()> {
args.quiet = true;
}
let reference_time = config.time;
let reference_time = sq.time;
let mut passwords = Vec::new();
let mut out = args.output.create_pgp_safe(
config.force, args.binary,
sq.force, args.binary,
if args.export_secret_keys {
armor::Kind::SecretKey
} else {

42
src/commands/decrypt.rs
View File

@ -34,16 +34,16 @@ use crate::{
VHelper,
},
common::password,
Config,
Sq,
load_certs,
load_keys,
};
pub fn dispatch(config: Config, command: cli::decrypt::Command) -> Result<()> {
pub fn dispatch(sq: Sq, command: cli::decrypt::Command) -> Result<()> {
tracer!(TRACE, "decrypt::dispatch");
let mut input = command.input.open()?;
let mut output = command.output.create_safe(config.force)?;
let mut output = command.output.create_safe(sq.force)?;
let certs = load_certs(
command.sender_cert_file.iter().map(|s| s.as_ref()),
@ -66,7 +66,7 @@ pub fn dispatch(config: Config, command: cli::decrypt::Command) -> Result<()> {
load_keys(command.secret_key_file.iter().map(|s| s.as_ref()))?;
let private_key_store = command.private_key_store;
let session_keys = command.session_key;
decrypt(config, private_key_store.as_deref(),
decrypt(sq, private_key_store.as_deref(),
&mut input, &mut output,
signatures, certs, secrets,
command.dump_session_key,
@ -166,7 +166,7 @@ impl<'c, 'store, 'rstore> std::ops::DerefMut for Helper<'c, 'store, 'rstore> {
impl<'c, 'store, 'rstore> Helper<'c, 'store, 'rstore>
where 'store: 'rstore
{
pub fn new(config: &'c Config<'store, 'rstore>, private_key_store: Option<&str>,
pub fn new(sq: &'c Sq<'store, 'rstore>, private_key_store: Option<&str>,
signatures: usize, certs: Vec<Cert>, secrets: Vec<Cert>,
session_keys: Vec<cli::types::SessionKey>,
dump_session_key: bool)
@ -176,7 +176,7 @@ impl<'c, 'store, 'rstore> Helper<'c, 'store, 'rstore>
let mut identities: HashMap<KeyID, Fingerprint> = HashMap::new();
let mut hints: HashMap<KeyID, String> = HashMap::new();
for tsk in secrets {
let hint = match tsk.with_policy(config.policy, None)
let hint = match tsk.with_policy(sq.policy, None)
.and_then(|valid_cert| valid_cert.primary_userid()).ok()
{
Some(uid) => format!("{} ({})", uid.userid(),
@ -186,7 +186,7 @@ impl<'c, 'store, 'rstore> Helper<'c, 'store, 'rstore>
for ka in tsk.keys()
// XXX: Should use the message's creation time that we do not know.
.with_policy(config.policy, None)
.with_policy(sq.policy, None)
.for_transport_encryption().for_storage_encryption()
{
let id: KeyID = ka.key().fingerprint().into();
@ -206,7 +206,7 @@ impl<'c, 'store, 'rstore> Helper<'c, 'store, 'rstore>
}
Helper {
vhelper: VHelper::new(config, signatures, certs),
vhelper: VHelper::new(sq, signatures, certs),
secret_keys: keys,
key_identities: identities,
key_hints: hints,
@ -395,7 +395,7 @@ impl<'c, 'store, 'rstore> DecryptionHelper for Helper<'c, 'store, 'rstore>
}
// Try the key store.
match self.vhelper.config.key_store_or_else() {
match self.vhelper.sq.key_store_or_else() {
Ok(ks) => {
let mut ks = ks.lock().unwrap();
match ks.decrypt(&pkesks[..]) {
@ -417,10 +417,10 @@ impl<'c, 'store, 'rstore> DecryptionHelper for Helper<'c, 'store, 'rstore>
let mut key = key_status.into_key();
let keyid = key.keyid();
let userid = best_effort_primary_uid_for(
Some(&self.config),
Some(&self.sq),
&KeyHandle::from(&keyid),
self.config.policy,
self.config.time);
self.sq.policy,
self.sq.time);
let keypair = loop {
let password = rpassword::prompt_password(
@ -470,7 +470,7 @@ impl<'c, 'store, 'rstore> DecryptionHelper for Helper<'c, 'store, 'rstore>
to be encrypted to:");
eprintln!();
for recipient in recipients.into_iter() {
let certs = self.config.lookup(
let certs = self.sq.lookup(
std::iter::once(KeyHandle::from(recipient)),
Some(KeyFlags::empty()
.set_storage_encryption()
@ -484,10 +484,10 @@ impl<'c, 'store, 'rstore> DecryptionHelper for Helper<'c, 'store, 'rstore>
eprintln!(" - {}, {}",
cert.fingerprint(),
best_effort_primary_uid(
Some(self.config),
Some(self.sq),
&cert,
self.config.policy,
self.config.time));
self.sq.policy,
self.sq.time));
}
}
Err(err) => {
@ -542,7 +542,7 @@ impl<'c, 'store, 'rstore> DecryptionHelper for Helper<'c, 'store, 'rstore>
// Allow too many arguments now, should be reworked later
#[allow(clippy::too_many_arguments)]
pub fn decrypt(config: Config,
pub fn decrypt(sq: Sq,
private_key_store: Option<&str>,
input: &mut (dyn io::Read + Sync + Send),
output: &mut dyn io::Write,
@ -550,10 +550,10 @@ pub fn decrypt(config: Config,
dump_session_key: bool,
sk: Vec<cli::types::SessionKey>)
-> Result<()> {
let helper = Helper::new(&config, private_key_store, signatures, certs,
let helper = Helper::new(&sq, private_key_store, signatures, certs,
secrets, sk, dump_session_key);
let mut decryptor = DecryptorBuilder::from_reader(input)?
.with_policy(config.policy, None, helper)
.with_policy(sq.policy, None, helper)
.context("Decryption failed")?;
io::copy(&mut decryptor, output).context("Decryption failed")?;
@ -563,7 +563,7 @@ pub fn decrypt(config: Config,
Ok(())
}
pub fn decrypt_unwrap(config: Config,
pub fn decrypt_unwrap(sq: Sq,
input: &mut (dyn io::Read + Sync + Send),
output: &mut dyn io::Write,
secrets: Vec<Cert>,
@ -571,7 +571,7 @@ pub fn decrypt_unwrap(config: Config,
dump_session_key: bool)
-> Result<()>
{
let mut helper = Helper::new(&config, None, 0, Vec::new(), secrets,
let mut helper = Helper::new(&sq, None, 0, Vec::new(), secrets,
session_keys,
dump_session_key);

38
src/commands/encrypt.rs
View File

@ -31,7 +31,7 @@ use crate::cli;
use crate::cli::types::EncryptPurpose;
use crate::cli::types::FileOrStdin;
use crate::cli::types::MetadataTime;
use crate::Config;
use crate::Sq;
use crate::Result;
use crate::common::password;
use crate::load_certs;
@ -39,28 +39,28 @@ use crate::load_certs;
use crate::commands::CompressionMode;
use crate::commands::get_signing_keys;
pub fn dispatch(config: Config, command: cli::encrypt::Command) -> Result<()> {
pub fn dispatch(sq: Sq, command: cli::encrypt::Command) -> Result<()> {
tracer!(TRACE, "decrypt::dispatch");
let mut recipients = load_certs(
command.recipients_file.iter().map(|s| s.as_ref()))?;
recipients.extend(
config.lookup(command.recipients_cert,
Some(KeyFlags::empty()
.set_storage_encryption()
.set_transport_encryption()),
true,
false)
sq.lookup(command.recipients_cert,
Some(KeyFlags::empty()
.set_storage_encryption()
.set_transport_encryption()),
true,
false)
.context("--recipient-cert")?);
recipients.extend(
config.lookup_by_userid(&command.recipients_email, true)
sq.lookup_by_userid(&command.recipients_email, true)
.context("--recipient-email")?);
recipients.extend(
config.lookup_by_userid(&command.recipients_userid, false)
sq.lookup_by_userid(&command.recipients_userid, false)
.context("--recipient-userid")?);
let output = command.output.create_pgp_safe(
config.force,
sq.force,
command.binary,
armor::Kind::Message,
)?;
@ -70,8 +70,8 @@ pub fn dispatch(config: Config, command: cli::encrypt::Command) -> Result<()> {
let signer_keys = &command.signer_key[..];
encrypt(
&config,
config.policy,
&sq,
sq.policy,
command.private_key_store.as_deref(),
command.input,
output,
@ -81,7 +81,7 @@ pub fn dispatch(config: Config, command: cli::encrypt::Command) -> Result<()> {
signer_keys,
command.mode,
command.compression,
Some(config.time),
Some(sq.time),
command.use_expired_subkey,
command.set_metadata_filename,
command.set_metadata_time
@ -91,7 +91,7 @@ pub fn dispatch(config: Config, command: cli::encrypt::Command) -> Result<()> {
}
pub fn encrypt<'a, 'b: 'a>(
config: &Config,
sq: &Sq,
policy: &'b dyn Policy,
private_key_store: Option<&str>,
input: FileOrStdin,
@ -139,7 +139,7 @@ pub fn encrypt<'a, 'b: 'a>(
let mut signer_keys = if signer_keys.is_empty() {
Vec::new()
} else {
let mut ks = config.key_store_or_else()?.lock().unwrap();
let mut ks = sq.key_store_or_else()?.lock().unwrap();
signer_keys.into_iter()
.map(|kh| {
@ -160,14 +160,14 @@ pub fn encrypt<'a, 'b: 'a>(
match key.locked() {
Ok(Protection::Password(msg)) => {
let fpr = key.fingerprint();
let cert = config.lookup_one(
let cert = sq.lookup_one(
&KeyHandle::from(&fpr), None, true);
let display = match cert {
Ok(cert) => {
format!(" ({})",
best_effort_primary_uid(
Some(&config), &cert, config.policy,
config.time))
Some(&sq), &cert, sq.policy,
sq.time))
}
Err(_) => {
"".to_string()

70
src/commands/inspect.rs
View File

@ -28,7 +28,7 @@ use cert_store::Store;
use crate::Convert;
use crate::best_effort_primary_uid_for;
use crate::Config;
use crate::Sq;
use crate::one_line_error_chain;
use crate::SECONDS_IN_YEAR;
use crate::SECONDS_IN_DAY;
@ -36,13 +36,13 @@ use crate::SECONDS_IN_DAY;
use crate::cli::inspect;
use crate::cli::types::FileOrStdout;
pub fn dispatch(mut config: Config, c: inspect::Command)
pub fn dispatch(mut sq: Sq, c: inspect::Command)
-> Result<()>
{
// sq inspect does not have --output, but commands::inspect does.
// Work around this mismatch by always creating a stdout output.
let output_type = FileOrStdout::default();
let output = &mut output_type.create_unsafe(config.force)?;
let output = &mut output_type.create_unsafe(sq.force)?;
let print_certifications = c.certifications;
@ -59,11 +59,11 @@ pub fn dispatch(mut config: Config, c: inspect::Command)
}
}
inspect(&mut config, input.open()?,
inspect(&mut sq, input.open()?,
Some(&input.to_string()), output,
print_certifications)
} else {
let cert_store = config.cert_store_or_else()?;
let cert_store = sq.cert_store_or_else()?;
for cert in c.cert.into_iter() {
let certs = cert_store.lookup_by_cert_or_subkey(&cert)
.with_context(|| format!("Looking up {}", cert))?;
@ -77,7 +77,7 @@ pub fn dispatch(mut config: Config, c: inspect::Command)
let br = buffered_reader::Memory::with_cookie(
&bytes, sequoia_openpgp::parse::Cookie::default());
inspect(&mut config, br, None, output,
inspect(&mut sq, br, None, output,
print_certifications)
}
}
@ -90,7 +90,7 @@ pub fn dispatch(mut config: Config, c: inspect::Command)
///
/// If `print_certifications` is set, also shows information about
/// certifications.
pub fn inspect<'a, R>(config: &mut Config,
pub fn inspect<'a, R>(sq: &mut Sq,
input: R,
input_filename: Option<&str>,
output: &mut Box<dyn std::io::Write + Send + Sync>,
@ -98,7 +98,7 @@ pub fn inspect<'a, R>(config: &mut Config,
-> Result<()>
where R: BufferedReader<sequoia_openpgp::parse::Cookie> + 'a,
{
let time = Some(config.time);
let time = Some(sq.time);
let mut ppr = openpgp::parse::PacketParser::from_buffered_reader(input)?;
@ -130,8 +130,8 @@ where R: BufferedReader<sequoia_openpgp::parse::Cookie> + 'a,
std::mem::take(&mut packets));
let cert = openpgp::Cert::try_from(pp)?;
inspect_cert(
config,
config.policy,
sq,
sq.policy,
time,
output,
&cert,
@ -195,7 +195,7 @@ where R: BufferedReader<sequoia_openpgp::parse::Cookie> + 'a,
for pkesk in pkesks.iter() {
writeln!(output, " Recipient: {}", pkesk.recipient())?;
}
inspect_signatures(config, output, &sigs)?;
inspect_signatures(sq, output, &sigs)?;
if ! literal_prefix.is_empty() {
writeln!(output, " Data: {:?}{}",
String::from_utf8_lossy(&literal_prefix),
@ -205,7 +205,7 @@ where R: BufferedReader<sequoia_openpgp::parse::Cookie> + 'a,
} else if is_cert.is_ok() || is_keyring.is_ok() {
let pp = openpgp::PacketPile::from(packets);
let cert = openpgp::Cert::try_from(pp)?;
inspect_cert(config, config.policy, time, output, &cert,
inspect_cert(sq, sq.policy, time, output, &cert,
print_certifications)?;
} else if packets.is_empty() && ! sigs.is_empty() {
if sigs.iter().all(is_revocation_sig) {
@ -213,7 +213,7 @@ where R: BufferedReader<sequoia_openpgp::parse::Cookie> + 'a,
if sigs.len() > 1 { "s" } else { "" })?;
writeln!(output)?;
for sig in sigs {
inspect_bare_revocation(config, output, &sig)?;
inspect_bare_revocation(sq, output, &sig)?;
}
writeln!(output, " Note: \
Signatures have NOT been verified!")?;
@ -221,7 +221,7 @@ where R: BufferedReader<sequoia_openpgp::parse::Cookie> + 'a,
writeln!(output, "Detached signature{}.",
if sigs.len() > 1 { "s" } else { "" })?;
writeln!(output)?;
inspect_signatures(config, output, &sigs)?;
inspect_signatures(sq, output, &sigs)?;
}
} else if packets.is_empty() {
writeln!(output, "No OpenPGP data.")?;
@ -286,7 +286,7 @@ fn is_revocation_cert(c: &Cert) -> bool {
}
fn inspect_cert(
config: &mut Config,
sq: &mut Sq,
policy: &dyn Policy,
time: Option<SystemTime>,
output: &mut dyn io::Write,
@ -304,7 +304,7 @@ fn inspect_cert(
writeln!(output, " Fingerprint: {}", cert.fingerprint())?;
inspect_revocation(output, "", cert.revocation_status(policy, None))?;
inspect_key(
config,
sq,
policy,
time,
output,
@ -326,7 +326,7 @@ fn inspect_cert(
Err(e) => print_error_chain(output, &e)?,
}
inspect_key(
config,
sq,
policy,
time,
output,
@ -357,7 +357,7 @@ fn inspect_cert(
}
Err(e) => print_error_chain(output, &e)?,
}
inspect_certifications(config, output, policy,
inspect_certifications(sq, output, policy,
uidb.certifications(),
print_certifications)?;
writeln!(output)?;
@ -375,7 +375,7 @@ fn inspect_cert(
}
Err(e) => print_error_chain(output, &e)?,
}
inspect_certifications(config, output, policy,
inspect_certifications(sq, output, policy,
uab.certifications(),
print_certifications)?;
writeln!(output)?;
@ -391,7 +391,7 @@ fn inspect_cert(
}
Err(e) => print_error_chain(output, &e)?,
}
inspect_certifications(config, output, policy,
inspect_certifications(sq, output, policy,
ub.certifications(),
print_certifications)?;
writeln!(output)?;
@ -405,7 +405,7 @@ fn inspect_cert(
}
fn inspect_key(
config: &mut Config,
sq: &mut Sq,
policy: &dyn Policy,
time: Option<SystemTime>,
output: &mut dyn io::Write,
@ -460,7 +460,7 @@ fn inspect_key(
writeln!(output, "{} Key flags: {}", indent, flags)?;
}
}
inspect_certifications(config, output, policy,
inspect_certifications(sq, output, policy,
bundle.certifications().iter(),
print_certifications)?;
@ -519,11 +519,11 @@ fn inspect_revocation(output: &mut dyn io::Write,
Ok(())
}
fn inspect_bare_revocation(config: &mut Config,
fn inspect_bare_revocation(sq: &mut Sq,
output: &mut dyn io::Write, sig: &Signature)
-> Result<()> {
let indent = "";
inspect_issuers(config, output, &sig)?;
inspect_issuers(sq, output, &sig)?;
writeln!(output, "{} Possible revocation:", indent)?;
print_reasons(output, indent, false, &[sig])?;
writeln!(output)?;
@ -561,7 +561,7 @@ fn inspect_key_flags(flags: openpgp::types::KeyFlags) -> Option<String> {
}
}
fn inspect_signatures(config: &mut Config,
fn inspect_signatures(sq: &mut Sq,
output: &mut dyn io::Write,
sigs: &[openpgp::packet::Signature]) -> Result<()> {
use openpgp::types::SignatureType::*;
@ -572,7 +572,7 @@ fn inspect_signatures(config: &mut Config,
writeln!(output, " Kind: {}", signature_type)?,
}
inspect_issuers(config, output, &sig)?;
inspect_issuers(sq, output, &sig)?;
}
if ! sigs.is_empty() {
writeln!(output, " Note: \
@ -582,7 +582,7 @@ fn inspect_signatures(config: &mut Config,
Ok(())
}
fn inspect_issuers(config: &mut Config,
fn inspect_issuers(sq: &mut Sq,
output: &mut dyn io::Write,
sig: &Signature) -> Result<()> {
let mut fps: Vec<_> = sig.issuer_fingerprints().collect();
@ -593,7 +593,7 @@ fn inspect_issuers(config: &mut Config,
writeln!(output, " Alleged signer: {}, {}",
kh,
best_effort_primary_uid_for(
Some(config), kh, config.policy, config.time))?;
Some(sq), kh, sq.policy, sq.time))?;
}
let mut keyids: Vec<_> = sig.issuers().collect();
@ -604,15 +604,15 @@ fn inspect_issuers(config: &mut Config,
writeln!(output, " Alleged signer: {}, {}",
keyid,
best_effort_primary_uid_for(
Some(config), &KeyHandle::from(keyid),
config.policy, config.time))?;
Some(sq), &KeyHandle::from(keyid),
sq.policy, sq.time))?;
}
}
Ok(())
}
fn inspect_certifications<'a, A>(config: &mut Config,
fn inspect_certifications<'a, A>(sq: &mut Sq,
output: &mut dyn io::Write,
policy: &dyn Policy,
certs: A,
@ -698,8 +698,8 @@ fn inspect_certifications<'a, A>(config: &mut Config,
writeln!(output, "{}Alleged certifier: {}, {}",
indent, kh,
best_effort_primary_uid_for(
Some(config), kh,
config.policy, config.time))?;
Some(sq), kh,
sq.policy, sq.time))?;
}
let mut keyids: Vec<_> = sig.issuers().collect();
keyids.sort();
@ -709,8 +709,8 @@ fn inspect_certifications<'a, A>(config: &mut Config,
writeln!(output, "{}Alleged certifier: {}, {}", indent,
keyid,
best_effort_primary_uid_for(
Some(config), &KeyHandle::from(keyid),
config.policy, config.time))?;
Some(sq), &KeyHandle::from(keyid),
sq.policy, sq.time))?;
}
}

26
src/commands/key.rs
View File

@ -2,7 +2,7 @@ use sequoia_openpgp as openpgp;
use openpgp::Result;
use crate::cli;
use crate::Config;
use crate::Sq;
mod adopt;
use adopt::adopt;
@ -24,21 +24,21 @@ use revoke::certificate_revoke;
mod subkey;
mod userid;
pub fn dispatch(config: Config, command: cli::key::Command) -> Result<()>
pub fn dispatch(sq: Sq, command: cli::key::Command) -> Result<()>
{
use cli::key::Subcommands::*;
match command.subcommand {
List(c) => list(config, c)?,
Generate(c) => generate(config, c)?,
Import(c) => import(config, c)?,
Export(c) => export(config, c)?,
Password(c) => password(config, c)?,
Expire(c) => expire::dispatch(config, c)?,
Userid(c) => userid::dispatch(config, c)?,
Revoke(c) => certificate_revoke(config, c)?,
Subkey(c) => subkey::dispatch(config, c)?,
Adopt(c) => adopt(config, c)?,
AttestCertifications(c) => attest_certifications(config, c)?,
List(c) => list(sq, c)?,
Generate(c) => generate(sq, c)?,
Import(c) => import(sq, c)?,
Export(c) => export(sq, c)?,
Password(c) => password(sq, c)?,
Expire(c) => expire::dispatch(sq, c)?,
Userid(c) => userid::dispatch(sq, c)?,
Revoke(c) => certificate_revoke(sq, c)?,
Subkey(c) => subkey::dispatch(sq, c)?,
Adopt(c) => adopt(sq, c)?,
AttestCertifications(c) => attest_certifications(sq, c)?,
}
Ok(())
}

16
src/commands/key/adopt.rs
View File

@ -19,11 +19,11 @@ use openpgp::Packet;
use openpgp::Result;
use sequoia_openpgp as openpgp;
use crate::Config;
use crate::Sq;
use crate::cli;
use crate::decrypt_key;
pub fn adopt(config: Config, command: cli::key::AdoptCommand) -> Result<()>
pub fn adopt(sq: Sq, command: cli::key::AdoptCommand) -> Result<()>
{
let input = command.certificate.open()?;
let cert = Cert::from_buffered_reader(input)?;
@ -42,11 +42,11 @@ pub fn adopt(config: Config, command: cli::key::AdoptCommand) -> Result<()>
let adoptee_policy: &dyn Policy = if command.allow_broken_crypto {
null_policy
} else {
config.policy
sq.policy
};
// Find the corresponding keys.
for keyring in config.keyrings.iter() {
for keyring in sq.keyrings.iter() {
for cert in CertParser::from_file(&keyring)
.context(format!("Parsing: {}", &keyring.display()))?
{
@ -105,7 +105,7 @@ pub fn adopt(config: Config, command: cli::key::AdoptCommand) -> Result<()>
};
let builder = builder
.set_signature_creation_time(config.time)?;
.set_signature_creation_time(sq.time)?;
*keyo = Some((
key.key().clone().role_into_subordinate(),
@ -176,7 +176,7 @@ pub fn adopt(config: Config, command: cli::key::AdoptCommand) -> Result<()>
.unwrap_or_else(|| {
SignatureBuilder::new(SignatureType::PrimaryKeyBinding)
})
.set_signature_creation_time(config.time)?
.set_signature_creation_time(sq.time)?
.sign_primary_key_binding(&mut subkey_signer, pk, &key)?;
builder = builder.set_embedded_signature(backsig)?;
@ -200,14 +200,14 @@ pub fn adopt(config: Config, command: cli::key::AdoptCommand) -> Result<()>
let cert = cert.clone().insert_packets(packets.clone())?;
let mut sink = command.output.for_secrets().create_safe(config.force)?;
let mut sink = command.output.for_secrets().create_safe(sq.force)?;
if command.binary {
cert.as_tsk().serialize(&mut sink)?;
} else {
cert.as_tsk().armored().serialize(&mut sink)?;
}
let vc = cert.with_policy(config.policy, None).expect("still valid");
let vc = cert.with_policy(sq.policy, None).expect("still valid");
for pair in packets[..].chunks(2) {
let newkey: &Key<key::PublicParts, key::UnspecifiedRole> = match pair[0]
{

14
src/commands/key/attest_certifications.rs
View File

@ -4,12 +4,12 @@ use openpgp::parse::Parse;
use openpgp::serialize::Serialize;
use sequoia_openpgp as openpgp;
use crate::Config;
use crate::Sq;
use crate::cli;
use crate::decrypt_key;
pub fn attest_certifications(
config: Config,
sq: Sq,
command: cli::key::AttestCertificationsCommand,
) -> Result<()> {
// Attest to all certifications?
@ -30,13 +30,13 @@ pub fn attest_certifications(
for uid in key.userids() {
if all {
attestation_signatures.append(&mut uid.attest_certifications(
config.policy,
sq.policy,
&mut pk_signer,
uid.certifications(),
)?);
} else {
attestation_signatures.append(&mut uid.attest_certifications(
config.policy,
sq.policy,
&mut pk_signer,
&[],
)?);
@ -46,13 +46,13 @@ pub fn attest_certifications(
for ua in key.user_attributes() {
if all {
attestation_signatures.append(&mut ua.attest_certifications(
config.policy,
sq.policy,
&mut pk_signer,
ua.certifications(),
)?);
} else {
attestation_signatures.append(&mut ua.attest_certifications(
config.policy,
sq.policy,
&mut pk_signer,
&[],
)?);
@ -62,7 +62,7 @@ pub fn attest_certifications(
// Finally, add the new signatures.
let key = key.insert_packets(attestation_signatures)?;
let mut sink = command.output.for_secrets().create_safe(config.force)?;
let mut sink = command.output.for_secrets().create_safe(sq.force)?;
if command.binary {
key.as_tsk().serialize(&mut sink)?;
} else {

16
src/commands/key/expire.rs
View File

@ -16,16 +16,16 @@ use sequoia_openpgp::{
use sequoia_cert_store::StoreUpdate;
use crate::{
Config,
Sq,
cli,
};
pub fn dispatch(config: Config, command: cli::key::expire::Command)
pub fn dispatch(sq: Sq, command: cli::key::expire::Command)
-> Result<()>
{
let policy = config.policy.clone();
let policy = sq.policy.clone();
let cert_store = if command.output.is_none() {
Some(config.cert_store_or_else()?)
Some(sq.cert_store_or_else()?)
} else {
None
};
@ -137,7 +137,7 @@ pub fn dispatch(config: Config, command: cli::key::expire::Command)
if let Some(sink) = command.output {
let path = sink.path().map(Clone::clone);
let mut output = sink.for_secrets().create_safe(config.force)?;
let mut output = sink.for_secrets().create_safe(sq.force)?;
if command.binary {
key.as_tsk().serialize(&mut output)?;
} else {
@ -145,7 +145,7 @@ pub fn dispatch(config: Config, command: cli::key::expire::Command)
}
if let Some(path) = path {
config.hint(format_args!(
sq.hint(format_args!(
"Updated key written to {}. \
To make the update effective, it has to be published \
so that others can find it, for example using:",
@ -154,7 +154,7 @@ pub fn dispatch(config: Config, command: cli::key::expire::Command)
"sq network keyserver publish {}",
path.display()));
} else {
config.hint(format_args!(
sq.hint(format_args!(
"To make the update effective, it has to be published \
so that others can find it."));
}
@ -166,7 +166,7 @@ pub fn dispatch(config: Config, command: cli::key::expire::Command)
wprintln!("Error importing updated cert: {}", err);
return Err(err);
} else {
config.hint(format_args!(
sq.hint(format_args!(
"Imported updated cert into the cert store. \
To make the update effective, it has to be published \
so that others can find it, for example using:"))

12
src/commands/key/export.rs
View File

@ -10,16 +10,16 @@ use openpgp::serialize::Serialize;
use anyhow::Context;
use crate::cli;
use crate::Config;
use crate::Sq;
use crate::Result;
const NULL: openpgp::policy::NullPolicy =
openpgp::policy::NullPolicy::new();
pub fn export(config: Config, command: cli::key::ExportCommand)
pub fn export(sq: Sq, command: cli::key::ExportCommand)
-> Result<()>
{
let ks = config.key_store_or_else()?;
let ks = sq.key_store_or_else()?;
let mut ks = ks.lock().unwrap();
// If the user asks for multiple keys from the same certificate,
@ -29,12 +29,12 @@ pub fn export(config: Config, command: cli::key::ExportCommand)
for (export_cert, export) in command.cert.into_iter().map(|kh| (true, kh))
.chain(command.key.into_iter().map(|kh| (false, kh)))
{
let mut cert = config.lookup_one(&export, None, true)?;
let mut cert = sq.lookup_one(&export, None, true)?;
if let Some(c) = certs.remove(&cert.fingerprint()) {
cert = c;
}
let vc = Cert::with_policy(&cert, config.policy, config.time)
let vc = Cert::with_policy(&cert, sq.policy, sq.time)
.or_else(|err| {
if export_cert {
Err(err)
@ -43,7 +43,7 @@ pub fn export(config: Config, command: cli::key::ExportCommand)
// policy. It should be possible to export old
// keys, even if the certificate is not considered
// safe any more.
Cert::with_policy(&cert, &NULL, config.time)
Cert::with_policy(&cert, &NULL, sq.time)
}
})
.with_context(|| {

18
src/commands/key/generate.rs
View File

@ -14,14 +14,14 @@ use openpgp::Result;
use crate::common::password;
use crate::common::userid::lint_userids;
use crate::Config;
use crate::Sq;
use crate::cli::types::FileOrStdout;
use crate::cli;
use crate::ImportStatus;
use crate::commands::inspect::inspect;
pub fn generate(
mut config: Config,
mut sq: Sq,
command: cli::key::GenerateCommand,
) -> Result<()> {
let mut builder = CertBuilder::new();
@ -42,13 +42,13 @@ pub fn generate(
}
// Creation time.
builder = builder.set_creation_time(config.time);
builder = builder.set_creation_time(sq.time);
// Expiration.
builder = builder.set_validity_period(
command
.expiry
.as_duration(DateTime::<Utc>::from(config.time))?
.as_duration(DateTime::<Utc>::from(sq.time))?
);
// Cipher Suite
@ -135,7 +135,7 @@ pub fn generate(
path.as_mut_os_string().push(".rev");
FileOrStdout::from(path)
} else if on_keystore {
let dir = config.home.data_dir(sequoia_directories::Component::Other(
let dir = sq.home.data_dir(sequoia_directories::Component::Other(
"revocation-certificates".into()));
std::fs::create_dir_all(&dir)
.with_context(|| {
@ -163,7 +163,7 @@ pub fn generate(
.collect();
headers.insert(0, ("Comment", "Revocation certificate for"));
let w = rev_path.create_safe(config.force)?;
let w = rev_path.create_safe(sq.force)?;
let mut w = Writer::with_headers(w, Kind::PublicKey, headers)?;
Packet::from(cert.primary_key().key().clone()).serialize(&mut w)?;
Packet::Signature(rev).serialize(&mut w)?;
@ -181,14 +181,14 @@ pub fn generate(
Some(ref output_file) => {
// Write the key to a file or to stdout.
let w = output_file.clone().for_secrets()
.create_safe(config.force)?;
.create_safe(sq.force)?;
let mut w = Writer::with_headers(w, Kind::SecretKey, headers)?;
cert.as_tsk().serialize(&mut w)?;
w.finalize()?;
}
None => {
// write the key to the key store
match config.import_key(cert.clone()) {
match sq.import_key(cert.clone()) {
Ok(ImportStatus::New) => { /* success */ }
Ok(ImportStatus::Unchanged) => {
panic!(
@ -215,7 +215,7 @@ pub fn generate(
.expect("serializing to a vector is infallible");
if let Err(err) = inspect(
&mut config,
&mut sq,
buffered_reader::Memory::with_cookie(&bytes, Default::default()),
command.output
.as_ref()

10
src/commands/key/import.rs
View File

@ -4,11 +4,11 @@ use openpgp::parse::Parse;
use crate::best_effort_primary_uid;
use crate::cli;
use crate::Config;
use crate::Sq;
use crate::ImportStatus;
use crate::Result;
pub fn import(config: Config, command: cli::key::ImportCommand) -> Result<()> {
pub fn import(sq: Sq, command: cli::key::ImportCommand) -> Result<()> {
// Return the first error.
let mut ret = Ok(());
@ -28,10 +28,10 @@ pub fn import(config: Config, command: cli::key::ImportCommand) -> Result<()> {
let id = format!("{} {}",
cert.fingerprint(),
best_effort_primary_uid(
Some(&config), &cert, config.policy,
config.time));
Some(&sq), &cert, sq.policy,
sq.time));
match config.import_key(cert) {
match sq.import_key(cert) {
Ok(ImportStatus::New) => {
wprintln!("Imported {} from {}: new",
id, file.display());

10
src/commands/key/list.rs
View File

@ -6,12 +6,12 @@ use keystore::Protection;
use crate::best_effort_primary_uid;
use crate::cli;
use crate::Config;
use crate::Sq;
use crate::Result;
pub fn list(config: Config, _command: cli::key::ListCommand) -> Result<()> {
pub fn list(sq: Sq, _command: cli::key::ListCommand) -> Result<()> {
// Start and connect to the keystore.
let ks = if let Some(ks) = config.key_store()? {
let ks = if let Some(ks) = sq.key_store()? {
ks
} else {
// The key store is disabled. Don't fail, just return
@ -41,10 +41,10 @@ pub fn list(config: Config, _command: cli::key::ListCommand) -> Result<()> {
let fpr = KeyHandle::from(key.fingerprint());
let sanitized_userid = if let Ok(cert)
= config.lookup_one(&fpr, None, true)
= sq.lookup_one(&fpr, None, true)
{
best_effort_primary_uid(
Some(&config), &cert, config.policy, None)
Some(&sq), &cert, sq.policy, None)
} else {
crate::PreferredUserID::unknown()
};

6
src/commands/key/password.rs
View File

@ -6,12 +6,12 @@ use openpgp::Result;
use sequoia_openpgp as openpgp;
use crate::common;
use crate::Config;
use crate::Sq;
use crate::cli;
use crate::decrypt_key;
pub fn password(
config: Config,
sq: Sq,
command: cli::key::PasswordCommand,
) -> Result<()> {
let input = command.input.open()?;
@ -71,7 +71,7 @@ pub fn password(
key = key.insert_packets(encrypted)?;
}
let mut output = command.output.for_secrets().create_safe(config.force)?;
let mut output = command.output.for_secrets().create_safe(sq.force)?;
if command.binary {
key.as_tsk().serialize(&mut output)?;
} else {

10
src/commands/key/revoke.rs
View File

@ -14,7 +14,7 @@ use openpgp::Cert;
use openpgp::Packet;
use openpgp::Result;
use crate::Config;
use crate::Sq;
use crate::cli::key::RevokeCommand;
use crate::cli::types::FileOrStdout;
use crate::common::RevocationOutput;
@ -146,28 +146,28 @@ impl<'a> RevocationOutput for CertificateRevocation<'a> {
/// Revoke a certificate
pub fn certificate_revoke(
config: Config,
sq: Sq,
command: RevokeCommand,
) -> Result<()> {
let cert = read_cert(command.input.as_deref())?;
let secret = read_secret(command.secret_key_file.as_deref())?;
let time = Some(config.time);
let time = Some(sq.time);
let notations = parse_notations(command.notation)?;
let revocation = CertificateRevocation::new(
cert,
secret,
config.policy,
sq.policy,
time,
command.private_key_store.as_deref(),
command.reason.into(),
&command.message,
&notations,
)?;
revocation.write(command.output, command.binary, config.force)?;
revocation.write(command.output, command.binary, sq.force)?;
Ok(())
}

30
src/commands/key/subkey.rs
View File

@ -23,7 +23,7 @@ use openpgp::KeyHandle;
use openpgp::Packet;
use openpgp::Result;
use crate::Config;
use crate::Sq;
use crate::cli::key::SubkeyAddCommand;
use crate::cli::key::SubkeyCommand;
use crate::cli::key::SubkeyRevokeCommand;
@ -209,10 +209,10 @@ impl<'a> RevocationOutput for SubkeyRevocation<'a> {
}
}
pub fn dispatch(config: Config, command: SubkeyCommand) -> Result<()> {
pub fn dispatch(sq: Sq, command: SubkeyCommand) -> Result<()> {
match command {
SubkeyCommand::Add(c) => subkey_add(config, c)?,
SubkeyCommand::Revoke(c) => subkey_revoke(config, c)?,
SubkeyCommand::Add(c) => subkey_add(sq, c)?,
SubkeyCommand::Revoke(c) => subkey_revoke(sq, c)?,
}
Ok(())
@ -224,16 +224,16 @@ pub fn dispatch(config: Config, command: SubkeyCommand) -> Result<()> {
/// user input (or application-wide defaults if not specified).
/// If no specific expiry is requested, the subkey never expires.
fn subkey_add(
config: Config,
sq: Sq,
command: SubkeyAddCommand,
) -> Result<()> {
let input = command.input.open()?;
let cert = Cert::from_buffered_reader(input)?;
let valid_cert = cert.with_policy(config.policy, config.time)?;
let valid_cert = cert.with_policy(sq.policy, sq.time)?;
let validity = command
.expiry
.as_duration(DateTime::<Utc>::from(config.time))?;
.as_duration(DateTime::<Utc>::from(sq.time))?;
let keyflags = KeyFlags::empty()
.set_authentication_to(command.can_authenticate)
@ -251,9 +251,9 @@ fn subkey_add(
let (primary_key, password) =
match get_primary_keys(
&[cert.clone()],
config.policy,
sq.policy,
command.private_key_store.as_deref(),
Some(config.time),
Some(sq.time),
None,
) {
Ok(keys) => {
@ -277,7 +277,7 @@ fn subkey_add(
};
let new_cert = KeyBuilder::new(keyflags)
.set_creation_time(config.time)
.set_creation_time(sq.time)
.set_cipher_suite(command.cipher_suite.as_ciphersuite())
.set_password(password)
.subkey(valid_cert)?
@ -285,7 +285,7 @@ fn subkey_add(
.set_primary_key_signer(primary_key)
.attach_cert()?;
let mut sink = command.output.for_secrets().create_safe(config.force)?;
let mut sink = command.output.for_secrets().create_safe(sq.force)?;
if command.binary {
new_cert.as_tsk().serialize(&mut sink)?;
} else {
@ -302,14 +302,14 @@ fn subkey_add(
/// [`Cert`] fails, if retrieval of [`NotationData`] fails or if the eventual
/// revocation fails.
pub fn subkey_revoke(
config: Config,
sq: Sq,
command: SubkeyRevokeCommand,
) -> Result<()> {
let cert = read_cert(command.input.as_deref())?;
let secret = read_secret(command.secret_key_file.as_deref())?;
let time = Some(config.time);
let time = Some(sq.time);
let notations = parse_notations(command.notation)?;
@ -317,14 +317,14 @@ pub fn subkey_revoke(
&command.subkey,
cert,
secret,
config.policy,
sq.policy,
time,
command.private_key_store.as_deref(),
command.reason.into(),
&command.message,
&notations,
)?;
revocation.write(command.output, command.binary, config.force)?;
revocation.write(command.output, command.binary, sq.force)?;
Ok(())
}

42
src/commands/key/userid.rs
View File

@ -25,7 +25,7 @@ use openpgp::Packet;
use openpgp::Result;
use sequoia_openpgp as openpgp;
use crate::Config;
use crate::Sq;
use crate::cli::key::UseridRevokeCommand;
use crate::cli::types::FileOrStdout;
use crate::cli;
@ -211,20 +211,20 @@ impl<'a> RevocationOutput for UserIDRevocation<'a> {
}
pub fn dispatch(
config: Config,
sq: Sq,
command: cli::key::UseridCommand,
) -> Result<()> {
match command {
cli::key::UseridCommand::Add(c) => userid_add(config, c)?,
cli::key::UseridCommand::Revoke(c) => userid_revoke(config, c)?,
cli::key::UseridCommand::Strip(c) => userid_strip(config, c)?,
cli::key::UseridCommand::Add(c) => userid_add(sq, c)?,
cli::key::UseridCommand::Revoke(c) => userid_revoke(sq, c)?,
cli::key::UseridCommand::Strip(c) => userid_strip(sq, c)?,
}
Ok(())
}
fn userid_add(
config: Config,
sq: Sq,
command: cli::key::UseridAddCommand,
) -> Result<()> {
let input = command.input.open()?;
@ -251,11 +251,11 @@ fn userid_add(
));
}
let creation_time = Some(config.time);
let creation_time = Some(sq.time);
let mut pk = match get_primary_keys(
&[key.clone()],
config.policy,
sq.policy,
command.private_key_store.as_deref(),
creation_time,
None,
@ -273,7 +273,7 @@ fn userid_add(
};
let vcert = key
.with_policy(config.policy, creation_time)
.with_policy(sq.policy, creation_time)
.with_context(|| {
format!("Certificate {} is not valid", key.fingerprint())
})?;
@ -302,7 +302,7 @@ fn userid_add(
let mut symmetric_algorithms: Vec<_> =
sb.preferred_symmetric_algorithms().unwrap_or(&[]).to_vec();
symmetric_algorithms
.retain(|algo| config.policy.symmetric_algorithm(*algo).is_ok());
.retain(|algo| sq.policy.symmetric_algorithm(*algo).is_ok());
if symmetric_algorithms.is_empty() {
symmetric_algorithms.push(Default::default());
}
@ -312,7 +312,7 @@ fn userid_add(
let mut hash_algorithms: Vec<_> =
sb.preferred_hash_algorithms().unwrap_or(&[]).to_vec();
hash_algorithms.retain(|algo| {
config
sq
.policy
.hash_cutoff(*algo, HashAlgoSecurity::CollisionResistance)
.map(|cutoff| cutoff.lt(&SystemTime::now()))
@ -379,7 +379,7 @@ fn userid_add(
// Merge additional User IDs into key
let cert = key.insert_packets(add)?;
let mut sink = command.output.for_secrets().create_safe(config.force)?;
let mut sink = command.output.for_secrets().create_safe(sq.force)?;
if command.binary {
cert.as_tsk().serialize(&mut sink)?;
} else {
@ -389,13 +389,13 @@ fn userid_add(
}
fn userid_strip(
config: Config,
sq: Sq,
command: cli::key::UseridStripCommand,
) -> Result<()> {
let input = command.input.open()?;
let key = Cert::from_buffered_reader(input)?;
let orig_cert_valid = key.with_policy(config.policy, None).is_ok();
let orig_cert_valid = key.with_policy(sq.policy, None).is_ok();
let strip: Vec<_> = command.userid;
@ -421,7 +421,7 @@ fn userid_strip(
});
if orig_cert_valid {
if let Err(err) = cert.with_policy(config.policy, None) {
if let Err(err) = cert.with_policy(sq.policy, None) {
wprintln!(
"Removing the User ID(s) has resulted in a invalid key:
{}
@ -433,7 +433,7 @@ signatures on other User IDs to make the key valid again.",
}
}
let mut sink = command.output.for_secrets().create_safe(config.force)?;
let mut sink = command.output.for_secrets().create_safe(sq.force)?;
if command.binary {
cert.as_tsk().serialize(&mut sink)?;
} else {
@ -449,23 +449,23 @@ signatures on other User IDs to make the key valid again.",
/// Returns an error if reading of the [`Cert`] fails, if retrieval of
/// [`NotationData`] fails or if the eventual revocation fails.
pub fn userid_revoke(
config: Config,
sq: Sq,
command: UseridRevokeCommand,
) -> Result<()> {
let cert = read_cert(command.input.as_deref())?;
let secret = read_secret(command.secret_key_file.as_deref())?;
let time = Some(config.time);
let time = Some(sq.time);
let notations = parse_notations(command.notation)?;
let revocation = UserIDRevocation::new(
command.userid,
config.force,
sq.force,
cert,
secret,
config.policy,
sq.policy,
time,
command.private_key_store.as_deref(),
command.reason.into(),
@ -473,7 +473,7 @@ pub fn userid_revoke(
&notations,
)?;
revocation.write(command.output, command.binary, config.force)?;
revocation.write(command.output, command.binary, sq.force)?;
Ok(())
}

142
src/commands/network.rs
View File

@ -50,7 +50,7 @@ use crate::{
output::{
pluralize::Pluralize,
},
Config,
Sq,
Model,
best_effort_primary_uid,
merge_keyring,
@ -71,22 +71,22 @@ pub const CONNECT_TIMEOUT: Duration = Duration::new(5, 0);
/// How long to wait for each individual http request.
pub const REQUEST_TIMEOUT: Duration = Duration::new(5, 0);
pub fn dispatch(config: Config, c: cli::network::Command)
pub fn dispatch(sq: Sq, c: cli::network::Command)
-> Result<()>
{
use cli::network::Subcommands;
match c.subcommand {
Subcommands::Fetch(command) =>
dispatch_fetch(config, command),
dispatch_fetch(sq, command),
Subcommands::Keyserver(command) =>
dispatch_keyserver(config, command),
dispatch_keyserver(sq, command),
Subcommands::Wkd(command) =>
dispatch_wkd(config, command),
dispatch_wkd(sq, command),
Subcommands::Dane(command) =>
dispatch_dane(config, command),
dispatch_dane(sq, command),
}
}
@ -94,13 +94,13 @@ pub fn dispatch(config: Config, c: cli::network::Command)
/// Import the certificates into the local certificate store.
///
/// This does not certify the certificates.
pub fn import_certs(config: &Config, certs: Vec<Cert>) -> Result<()> {
pub fn import_certs(sq: &Sq, certs: Vec<Cert>) -> Result<()> {
if certs.is_empty() {
// No need to do and say anything.
return Ok(());
}
let cert_store = config.cert_store_or_else()
let cert_store = sq.cert_store_or_else()
.context("Inserting results")?;
let mut stats
@ -114,7 +114,7 @@ pub fn import_certs(config: &Config, certs: Vec<Cert>) -> Result<()> {
cert_store.update_by(Arc::new(cert.clone().into()), &mut stats)
.with_context(|| {
let sanitized_userid = best_effort_primary_uid(
Some(&config), &cert, config.policy, config.time);
Some(&sq), &cert, sq.policy, sq.time);
format!("Inserting {}, {}",
cert.fingerprint(), sanitized_userid)
@ -124,7 +124,7 @@ pub fn import_certs(config: &Config, certs: Vec<Cert>) -> Result<()> {
let mut certs = certs.into_iter()
.map(|cert| {
let userid = best_effort_primary_uid(
Some(&config), &cert, config.policy, config.time);
Some(&sq), &cert, sq.policy, sq.time);
(userid, cert)
})
.collect::<Vec<_>>();
@ -154,7 +154,7 @@ pub fn import_certs(config: &Config, certs: Vec<Cert>) -> Result<()> {
///
/// This does not import the certification or the certificate into
/// the certificate store.
fn certify(config: &Config,
fn certify(sq: &Sq,
signer: &mut dyn Signer, cert: &Cert, userids: &[UserID],
creation_time: Option<SystemTime>, depth: u8, amount: usize)
-> Result<Cert>
@ -172,13 +172,13 @@ fn certify(config: &Config,
}
let certifications = active_certification(
config, &cert.fingerprint(),
sq, &cert.fingerprint(),
userids.iter().cloned().collect(),
signer.public())
.into_iter()
.map(|(userid, active_certification)| {
if let Some(_) = active_certification {
config.info(format_args!(
sq.info(format_args!(
"Provenance information for {}, {:?} \
exists and is current, not updating it",
cert.fingerprint(),
@ -197,7 +197,7 @@ fn certify(config: &Config,
})
{
Ok(sig) => {
config.info(format_args!(
sq.info(format_args!(
"Recorded provenance information \
for {}, {:?}",
cert.fingerprint(),
@ -236,7 +236,7 @@ fn certify(config: &Config,
///
/// If a certificate cannot be certified for whatever reason, a
/// diagnostic is emitted, and the certificate is returned as is.
pub fn certify_downloads<'store, 'rstore>(config: &mut Config<'store, 'rstore>,
pub fn certify_downloads<'store, 'rstore>(sq: &mut Sq<'store, 'rstore>,
ca: Arc<LazyCert<'store>>,
certs: Vec<Cert>, email: Option<&str>)
-> Vec<Cert>
@ -246,7 +246,7 @@ pub fn certify_downloads<'store, 'rstore>(config: &mut Config<'store, 'rstore>,
let ca = ca.to_cert()?;
let keys = get_certification_keys(
&[ca], config.policy, None, Some(config.time), None)?;
&[ca], sq.policy, None, Some(sq.time), None)?;
assert!(
keys.len() == 1,
"Expect exactly one result from get_certification_keys()"
@ -259,7 +259,7 @@ pub fn certify_downloads<'store, 'rstore>(config: &mut Config<'store, 'rstore>,
let err = err.context(
"Warning: not recording provenance information, \
failed to load CA key");
if config.verbose {
if sq.verbose {
print_error_chain(&err);
}
return certs;
@ -275,13 +275,13 @@ pub fn certify_downloads<'store, 'rstore>(config: &mut Config<'store, 'rstore>,
});
let certs: Vec<Cert> = certs.into_iter().map(|cert| {
let vc = match cert.with_policy(config.policy, config.time) {
let vc = match cert.with_policy(sq.policy, sq.time) {
Err(err) => {
let err = err.context(format!(
"Warning: not recording provenance information \
for {}, not valid",
cert.fingerprint()));
if config.verbose {
if sq.verbose {
print_error_chain(&err);
}
return cert;
@ -303,8 +303,8 @@ pub fn certify_downloads<'store, 'rstore>(config: &mut Config<'store, 'rstore>,
.collect::<Vec<UserID>>();
if userids.is_empty() {
if config.verbose {
config.info(format_args!(
if sq.verbose {
sq.info(format_args!(
"Warning: not recording provenance information \
for {}, it does not contain a valid User ID with \
the specified email address ({:?})",
@ -320,8 +320,8 @@ pub fn certify_downloads<'store, 'rstore>(config: &mut Config<'store, 'rstore>,
};
match certify(
config, &mut ca_signer, &cert, &userids[..],
Some(config.time), 0, sequoia_wot::FULLY_TRUSTED)
sq, &mut ca_signer, &cert, &userids[..],
Some(sq.time), 0, sequoia_wot::FULLY_TRUSTED)
{
Ok(cert) => cert,
Err(err) => {
@ -329,7 +329,7 @@ pub fn certify_downloads<'store, 'rstore>(config: &mut Config<'store, 'rstore>,
"Warning: not recording provenance information \
for {}, failed to certify it",
cert.fingerprint()));
if config.verbose {
if sq.verbose {
print_error_chain(&err);
}
@ -398,8 +398,8 @@ impl Query {
/// Returns all known addresses and fingerprints of exportable
/// certificates as queries.
fn all_certs(config: &Config) -> Result<Vec<Query>> {
if let Some(store) = config.cert_store()? {
fn all_certs(sq: &Sq) -> Result<Vec<Query>> {
if let Some(store) = sq.cert_store()? {
let mut fingerprints = HashSet::new();
let mut addresses = HashSet::new();
for cert in store.certs().filter(
@ -424,8 +424,8 @@ impl Query {
/// Returns all known addresses of exportable certificates as
/// queries.
fn all_addresses(config: &Config) -> Result<Vec<Query>> {
if let Some(store) = config.cert_store()? {
fn all_addresses(sq: &Sq) -> Result<Vec<Query>> {
if let Some(store) = sq.cert_store()? {
let mut addresses = store.certs()
.filter(
|c| c.to_cert().map(|c| cert_exportable(c)).unwrap_or(false))
@ -498,12 +498,12 @@ impl Method {
//
// This doesn't return an error, because not all methods have
// shadow CAs, and a missing CA is not a hard error.
fn ca<'store, 'rstore>(&self, config: &Config<'store, 'rstore>)
fn ca<'store, 'rstore>(&self, sq: &Sq<'store, 'rstore>)
-> Option<Arc<LazyCert<'store>>>
where 'store: 'rstore
{
let ca = || -> Result<_> {
let certd = config.certd_or_else()?;
let certd = sq.certd_or_else()?;
let (cert, created) = match self {
Method::KeyServer(url) => {
let result = certd.shadow_ca_keyserver(url)?;
@ -511,7 +511,7 @@ impl Method {
match result {
Some((cert, created)) => (cert, created),
None => {
if config.verbose {
if sq.verbose {
wprintln!(
"Not recording provenance information: \
{} is not known to be a verifying \
@ -550,7 +550,7 @@ impl Method {
err);
};
if config.verbose {
if sq.verbose {
print_err();
} else {
use std::sync::Once;
@ -567,7 +567,7 @@ impl Method {
return Some(cert);
}
if config.verbose {
if sq.verbose {
let invalid = "invalid data".to_string();
wprintln!(
@ -580,7 +580,7 @@ impl Method {
// We really want the self-signed, primary user
// ID.
best_effort_primary_uid(
None, cert, config.policy, None).to_string()
None, cert, sq.policy, None).to_string()
} else {
invalid
},
@ -609,8 +609,8 @@ struct Response {
impl Response {
/// Creates a progress bar.
fn progress_bar(config: &Config) -> ProgressBar {
if config.verbose {
fn progress_bar(sq: &Sq) -> ProgressBar {
if sq.verbose {
ProgressBar::hidden()
} else {
ProgressBar::new(0)
@ -622,7 +622,7 @@ impl Response {
/// If `silent_errors` is given, then failure messages are
/// suppressed unless --verbose is given, or there was not a
/// single successful result.
async fn collect<'store, 'rstore>(config: &mut Config<'store, 'rstore>,
async fn collect<'store, 'rstore>(sq: &mut Sq<'store, 'rstore>,
mut responses: JoinSet<Response>,
certify: bool,
silent_errors: bool,
@ -641,10 +641,10 @@ impl Response {
Ok(cert) => if ! certify {
certs.push(cert);
} else { pb.suspend(|| {
if let Some(ca) = response.method.ca(config)
if let Some(ca) = response.method.ca(sq)
{
certs.append(&mut certify_downloads(
config, ca, vec![cert], None));
sq, ca, vec![cert], None));
} else {
certs.push(cert);
}
@ -659,7 +659,7 @@ impl Response {
}
}
if ! silent_errors || config.verbose || certs.is_empty() {
if ! silent_errors || sq.verbose || certs.is_empty() {
for (method, query, e) in errors {
pb.suspend(|| wprintln!("{}: {}: {}", method, query, e));
}
@ -673,17 +673,17 @@ impl Response {
}
/// Either writes out a keyring or imports the certs.
fn import_or_emit(mut config: Config<'_, '_>,
fn import_or_emit(mut sq: Sq<'_, '_>,
output: Option<FileOrStdout>,
binary: bool,
certs: Vec<Cert>)
-> Result<()>
{
if let Some(file) = &output {
let mut output = file.create_safe(config.force)?;
let mut output = file.create_safe(sq.force)?;
serialize_keyring(&mut output, certs, binary)?;
} else {
import_certs(&mut config, certs)?;
import_certs(&mut sq, certs)?;
}
Ok(())
@ -693,7 +693,7 @@ impl Response {
/// How many times to iterate to discover related certificates.
const FETCH_MAX_QUERY_ITERATIONS: usize = 3;
pub fn dispatch_fetch(mut config: Config, c: cli::network::fetch::Command)
pub fn dispatch_fetch(mut sq: Sq, c: cli::network::fetch::Command)
-> Result<()>
{
let default_servers = default_keyservers_p(&c.servers);
@ -709,12 +709,12 @@ pub fn dispatch_fetch(mut config: Config, c: cli::network::fetch::Command)
let mut seen_ids = HashSet::new();
let mut seen_urls = HashSet::new();
let mut queries = if c.all {
Query::all_certs(&config)?
Query::all_certs(&sq)?
} else {
Query::parse(&c.query)?
};
let mut results = Vec::new();
let mut pb = Response::progress_bar(&config);
let mut pb = Response::progress_bar(&sq);
let rt = tokio::runtime::Runtime::new()?;
rt.block_on(async {
@ -809,7 +809,7 @@ pub fn dispatch_fetch(mut config: Config, c: cli::network::fetch::Command)
// Finally, we also consult the certificate store to
// discover more identifiers. This is sync, but we use
// the same mechanism to merge the result back in.
if let Ok(Some(store)) = config.cert_store() {
if let Ok(Some(store)) = sq.cert_store() {
pb.inc_length(1);
let mut email_query = UserIDQueryParams::new();
email_query.set_email(true);
@ -835,7 +835,7 @@ pub fn dispatch_fetch(mut config: Config, c: cli::network::fetch::Command)
}
let mut certs = Response::collect(
&mut config, requests, c.output.is_none(), default_servers, &mut pb).await?;
&mut sq, requests, c.output.is_none(), default_servers, &mut pb).await?;
// Expand certs to discover new identifiers to query.
for cert in &certs {
@ -855,7 +855,7 @@ pub fn dispatch_fetch(mut config: Config, c: cli::network::fetch::Command)
})?;
drop(pb);
Response::import_or_emit(config, c.output, c.binary, results)?;
Response::import_or_emit(sq, c.output, c.binary, results)?;
Ok(())
}
@ -872,7 +872,7 @@ fn default_keyservers_p(servers: &[String]) -> bool {
.all(|(a, b)| a == b)
}
pub fn dispatch_keyserver(mut config: Config,
pub fn dispatch_keyserver(mut sq: Sq,
c: cli::network::keyserver::Command)
-> Result<()>
{
@ -888,9 +888,9 @@ pub fn dispatch_keyserver(mut config: Config,
use crate::cli::network::keyserver::Subcommands::*;
match c.subcommand {
Fetch(c) => rt.block_on(async {
let mut pb = Response::progress_bar(&config);
let mut pb = Response::progress_bar(&sq);
let queries = if c.all {
Query::all_certs(&config)?
Query::all_certs(&sq)?
} else {
Query::parse_keyserver_queries(&c.query)?
};
@ -917,9 +917,9 @@ pub fn dispatch_keyserver(mut config: Config,
});
let certs = Response::collect(
&mut config, requests, c.output.is_none(), default_servers, &mut pb).await?;
&mut sq, requests, c.output.is_none(), default_servers, &mut pb).await?;
drop(pb);
Response::import_or_emit(config, c.output, c.binary, certs)?;
Response::import_or_emit(sq, c.output, c.binary, certs)?;
Result::Ok(())
})?,
Publish(c) => rt.block_on(async {
@ -954,7 +954,7 @@ pub fn dispatch_keyserver(mut config: Config,
// by default, but we will not consider this
// an error, and only print the message in
// verbose mode.
if config.verbose {
if sq.verbose {
wprintln!("{}: {}", url, e);
}
},
@ -985,7 +985,7 @@ pub fn dispatch_keyserver(mut config: Config,
Ok(())
}
pub fn dispatch_wkd(mut config: Config, c: cli::network::wkd::Command)
pub fn dispatch_wkd(mut sq: Sq, c: cli::network::wkd::Command)
-> Result<()> {
let rt = tokio::runtime::Runtime::new()?;
@ -995,23 +995,23 @@ pub fn dispatch_wkd(mut config: Config, c: cli::network::wkd::Command)
let wkd_url = wkd::Url::from(&c.email_address)?;
let advanced = wkd_url.to_url(None)?.to_string();
let direct = wkd_url.to_url(wkd::Variant::Direct)?.to_string();
let output = Model::wkd_url(config.output_version,
let output = Model::wkd_url(sq.output_version,
WkdUrlVariant::Advanced, advanced, direct)?;
output.write(config.output_format, &mut std::io::stdout())?;
output.write(sq.output_format, &mut std::io::stdout())?;
},
DirectUrl(c) => {
let wkd_url = wkd::Url::from(&c.email_address)?;
let advanced = wkd_url.to_url(None)?.to_string();
let direct = wkd_url.to_url(wkd::Variant::Direct)?.to_string();
let output = Model::wkd_url(config.output_version,
let output = Model::wkd_url(sq.output_version,
WkdUrlVariant::Direct, advanced, direct)?;
output.write(config.output_format, &mut std::io::stdout())?;
output.write(sq.output_format, &mut std::io::stdout())?;
},
Fetch(c) => rt.block_on(async {
let mut pb = Response::progress_bar(&config);
let mut pb = Response::progress_bar(&sq);
let http_client = http_client()?;
let queries = if c.all {
Query::all_addresses(&config)?
Query::all_addresses(&sq)?
} else {
Query::parse_addresses(&c.addresses)?
};
@ -1033,9 +1033,9 @@ pub fn dispatch_wkd(mut config: Config, c: cli::network::wkd::Command)
});
let certs = Response::collect(
&mut config, requests, c.output.is_none(), false, &mut pb).await?;
&mut sq, requests, c.output.is_none(), false, &mut pb).await?;
drop(pb);
Response::import_or_emit(config, c.output, c.binary, certs)?;
Response::import_or_emit(sq, c.output, c.binary, certs)?;
Result::Ok(())
})?,
Generate(c) => {
@ -1052,7 +1052,7 @@ pub fn dispatch_wkd(mut config: Config, c: cli::network::wkd::Command)
let certs: Vec<Cert> = parser.filter_map(|cert| cert.ok())
.collect();
for cert in certs {
let vc = match cert.with_policy(config.policy, config.time) {
let vc = match cert.with_policy(sq.policy, sq.time) {
Ok(vc) => vc,
e @ Err(_) if !skip => e?,
_ => continue,
@ -1074,7 +1074,7 @@ pub fn dispatch_wkd(mut config: Config, c: cli::network::wkd::Command)
Ok(())
}
pub fn dispatch_dane(mut config: Config, c: cli::network::dane::Command)
pub fn dispatch_dane(mut sq: Sq, c: cli::network::dane::Command)
-> Result<()> {
let rt = tokio::runtime::Runtime::new()?;
@ -1083,7 +1083,7 @@ pub fn dispatch_dane(mut config: Config, c: cli::network::dane::Command)
Generate(c) => {
for cert in CertParser::from_buffered_reader(c.input.open()?)? {
let cert = cert?;
let vc = match cert.with_policy(config.policy, config.time) {
let vc = match cert.with_policy(sq.policy, sq.time) {
Ok(vc) => vc,
e @ Err(_) if ! c.skip => e?,
_ => continue,
@ -1107,9 +1107,9 @@ pub fn dispatch_dane(mut config: Config, c: cli::network::dane::Command)
}
},
Fetch(c) => rt.block_on(async {
let mut pb = Response::progress_bar(&config);
let mut pb = Response::progress_bar(&sq);
let queries = if c.all {
Query::all_addresses(&config)?
Query::all_addresses(&sq)?
} else {
Query::parse_addresses(&c.addresses)?
};
@ -1129,9 +1129,9 @@ pub fn dispatch_dane(mut config: Config, c: cli::network::dane::Command)
});
let certs = Response::collect(
&mut config, requests, c.output.is_none(), false, &mut pb).await?;
&mut sq, requests, c.output.is_none(), false, &mut pb).await?;
drop(pb);
Response::import_or_emit(config, c.output, c.binary, certs)?;
Response::import_or_emit(sq, c.output, c.binary, certs)?;
Result::Ok(())
})?,
}

44
src/commands/pki.rs
View File

@ -30,7 +30,7 @@ use output::print_path_error;
#[allow(unused_imports)]
use output::OutputType as _;
use crate::Config;
use crate::Sq;
fn required_trust_amount(trust_amount: Option<TrustAmount<usize>>,
certification_network: bool)
@ -76,7 +76,7 @@ fn have_self_signed_userid(cert: &wot::CertSynopsis,
/// Authenticate bindings defined by a Query on a Network
fn authenticate<'store, 'rstore>(
config: Config<'store, 'rstore>,
sq: Sq<'store, 'rstore>,
precompute: bool,
list_pattern: Option<String>,
email: bool,
@ -90,7 +90,7 @@ fn authenticate<'store, 'rstore>(
where 'store: 'rstore,
{
// Build the network.
let cert_store = match config.cert_store() {
let cert_store = match sq.cert_store() {
Ok(Some(cert_store)) => cert_store,
Ok(None) => {
return Err(anyhow::anyhow!("Certificate store has been disabled"));
@ -108,7 +108,7 @@ fn authenticate<'store, 'rstore>(
let mut q = wot::QueryBuilder::new(&n);
if ! gossip {
q.roots(wot::Roots::new(config.trust_roots()));
q.roots(wot::Roots::new(sq.trust_roots()));
}
if certification_network {
q.certification_network();
@ -120,7 +120,7 @@ fn authenticate<'store, 'rstore>(
let mut certificate_dealiased = None;
let fingerprint: Option<Fingerprint> = if let Some(kh) = certificate {
match config.lookup(std::iter::once(kh), None, true, true) {
match sq.lookup(std::iter::once(kh), None, true, true) {
Ok(certs) => {
assert!(certs.len() >= 1);
@ -288,7 +288,7 @@ fn authenticate<'store, 'rstore>(
let mut authenticated = 0;
let mut lint_input = true;
let mut output = match config.output_format {
let mut output = match sq.output_format {
#[cfg(feature = "dot-writer")]
OutputFormat::DOT => {
Box::new(output::DotOutputNetwork::new(
@ -308,7 +308,7 @@ fn authenticate<'store, 'rstore>(
} else {
Box::new(
output::ConciseHumanReadableOutputNetwork::new(
&config, required_amount))
&sq, required_amount))
as Box<dyn output::OutputType>
}
}
@ -530,7 +530,7 @@ fn authenticate<'store, 'rstore>(
}
// For `sq-wot path`.
fn check_path(config: &Config,
fn check_path(sq: &Sq,
gossip: bool,
certification_network: bool,
trust_amount: Option<TrustAmount<usize>>,
@ -540,7 +540,7 @@ fn check_path(config: &Config,
tracer!(TRACE, "check_path");
// Build the network.
let cert_store = match config.cert_store() {
let cert_store = match sq.cert_store() {
Ok(Some(cert_store)) => cert_store,
Ok(None) => {
return Err(anyhow::anyhow!("Certificate store has been disabled"));
@ -554,7 +554,7 @@ fn check_path(config: &Config,
let mut q = wot::QueryBuilder::new(&n);
if ! gossip {
q.roots(wot::Roots::new(config.trust_roots()));
q.roots(wot::Roots::new(sq.trust_roots()));
}
if certification_network {
q.certification_network();
@ -567,13 +567,13 @@ fn check_path(config: &Config,
let (khs, userid) = (path.certs()?, path.userid()?);
assert!(khs.len() > 0, "guaranteed by clap");
let r = q.lint_path(&khs, &userid, required_amount, config.policy);
let r = q.lint_path(&khs, &userid, required_amount, sq.policy);
let target_kh = khs.last().expect("have one");
match r {
Ok(path) => {
match config.output_format {
match sq.output_format {
#[cfg(feature = "dot-writer")]
OutputFormat::DOT => {
wprintln!(
@ -596,7 +596,7 @@ fn check_path(config: &Config,
}
}
Err(err) => {
match config.output_format {
match sq.output_format {
#[cfg(feature = "dot-writer")]
OutputFormat::DOT => {
wprintln!(
@ -628,7 +628,7 @@ impl StatusListener for KeyServerUpdate {
}
}
pub fn dispatch(config: Config, cli: cli::pki::Command) -> Result<()> {
pub fn dispatch(sq: Sq, cli: cli::pki::Command) -> Result<()> {
tracer!(TRACE, "pki::dispatch");
use cli::pki::*;
@ -638,7 +638,7 @@ pub fn dispatch(config: Config, cli: cli::pki::Command) -> Result<()> {
email, gossip, certification_network, trust_amount,
cert, userid, show_paths,
}) => authenticate(
config, false, None,
sq, false, None,
*email, *gossip, *certification_network, *trust_amount,
Some(&userid), Some(&cert), *show_paths,
)?,
@ -649,7 +649,7 @@ pub fn dispatch(config: Config, cli: cli::pki::Command) -> Result<()> {
email, gossip, certification_network, trust_amount,
userid, show_paths,
}) => authenticate(
config, false, None,
sq, false, None,
*email, *gossip, *certification_network, *trust_amount,
Some(&userid), None, *show_paths)?,
@ -659,7 +659,7 @@ pub fn dispatch(config: Config, cli: cli::pki::Command) -> Result<()> {
gossip, certification_network, trust_amount,
cert, show_paths,
}) => authenticate(
config, false, None,
sq, false, None,
false, *gossip, *certification_network, *trust_amount,
None, Some(&cert), *show_paths)?,
@ -674,12 +674,12 @@ pub fn dispatch(config: Config, cli: cli::pki::Command) -> Result<()> {
// A key handle was given as pattern and --email was not
// given. Act like `sq pki identify`.
authenticate(
config, false, None,
sq, false, None,
false, *gossip, *certification_network, *trust_amount,
None, Some(&handle), *show_paths)?;
} else {
authenticate(
config, pattern.is_none(), pattern,
sq, pattern.is_none(), pattern,
*email, *gossip, *certification_network, *trust_amount,
None, None, *show_paths)?;
},
@ -689,14 +689,14 @@ pub fn dispatch(config: Config, cli: cli::pki::Command) -> Result<()> {
gossip, certification_network, trust_amount,
path,
}) => check_path(
&config, *gossip, *certification_network, *trust_amount,
&sq, *gossip, *certification_network, *trust_amount,
path)?,
Subcommands::Certify(command) =>
self::certify::certify(config, command)?,
self::certify::certify(sq, command)?,
Subcommands::Link(command) =>
self::link::link(config, command)?,
self::link::link(sq, command)?,
}
Ok(())

16
src/commands/pki/certify.rs
View File

@ -14,13 +14,13 @@ use openpgp::serialize::Serialize;
use openpgp::types::SignatureType;
use openpgp::types::KeyFlags;
use crate::Config;
use crate::Sq;
use crate::parse_notations;
use crate::commands::get_certification_keys;
use crate::commands::GetKeysOptions;
use crate::cli::pki::certify;
pub fn certify(config: Config, c: certify::Command)
pub fn certify(sq: Sq, c: certify::Command)
-> Result<()>
{
let certifier = c.certifier;
@ -32,7 +32,7 @@ pub fn certify(config: Config, c: certify::Command)
// XXX: Change this interface: it's dangerous to guess whether an
// identifier is a file or a key handle.
let cert = if let Ok(kh) = cert.parse::<KeyHandle>() {
config.lookup_one(&kh, Some(KeyFlags::empty().set_certification()), true)?
sq.lookup_one(&kh, Some(KeyFlags::empty().set_certification()), true)?
} else {
Cert::from_file(cert)?
};
@ -49,9 +49,9 @@ pub fn certify(config: Config, c: certify::Command)
let local = c.local;
let non_revocable = c.non_revocable;
let time = config.time;
let time = sq.time;
let vc = cert.with_policy(config.policy, Some(time))?;
let vc = cert.with_policy(sq.policy, Some(time))?;
let query = if c.email {
UserIDQuery::Email(userid)
@ -122,7 +122,7 @@ pub fn certify(config: Config, c: certify::Command)
}
let keys = get_certification_keys(
&[certifier], config.policy,
&[certifier], sq.policy,
private_key_store.as_deref(),
Some(time),
Some(&options))?;
@ -159,7 +159,7 @@ pub fn certify(config: Config, c: certify::Command)
if let Some(validity) = c
.expiry
.as_duration(DateTime::<Utc>::from(config.time))?
.as_duration(DateTime::<Utc>::from(sq.time))?
{
builder = builder.set_signature_validity_period(validity)?;
}
@ -187,7 +187,7 @@ pub fn certify(config: Config, c: certify::Command)
// And export it.
let cert = cert.insert_packets(new_packets)?;
let mut message = c.output.create_pgp_safe(
config.force,
sq.force,
c.binary,
sequoia_openpgp::armor::Kind::PublicKey,
)?;

74
src/commands/pki/link.rs
View File

@ -19,7 +19,7 @@ use cert_store::Store;
use cert_store::StoreUpdate;
use cert_store::store::UserIDQueryParams;
use crate::Config;
use crate::Sq;
use crate::commands::active_certification;
use crate::commands::get_certification_keys;
use crate::parse_notations;
@ -36,7 +36,7 @@ use crate::cli::pki::link;
/// On success, returns the matching User IDs. This includes mapping
/// email addresses to their matching User IDs. If an email address
/// matches multiple User IDs, they are all returned.
pub fn check_userids(config: &Config, cert: &Cert, self_signed: bool,
pub fn check_userids(sq: &Sq, cert: &Cert, self_signed: bool,
userids: &Vec<String>, emails: &Vec<String>,
patterns: &Vec<String>)
-> Result<Vec<UserID>>
@ -78,7 +78,7 @@ pub fn check_userids(config: &Config, cert: &Cert, self_signed: bool,
}
let self_signed_userids = || -> Result<Vec<UserID>> {
let vc = cert.with_policy(config.policy, config.time)
let vc = cert.with_policy(sq.policy, sq.time)
.with_context(|| {
format!("{} is not valid according to the current policy",
cert.fingerprint())
@ -319,26 +319,26 @@ fn diff_link(old: &Signature, new: &SignatureBuilder, new_ct: SystemTime)
changed
}
pub fn link(config: Config, c: link::Command) -> Result<()> {
pub fn link(sq: Sq, c: link::Command) -> Result<()> {
use link::Subcommands::*;
match c.subcommand {
Add(c) => add(config, c)?,
Retract(c) => retract(config, c)?,
List(c) => list(config, c)?,
Add(c) => add(sq, c)?,
Retract(c) => retract(sq, c)?,
List(c) => list(sq, c)?,
}
Ok(())
}
pub fn add(config: Config, c: link::AddCommand)
pub fn add(sq: Sq, c: link::AddCommand)
-> Result<()>
{
let trust_root = config.local_trust_root()?;
let trust_root = sq.local_trust_root()?;
let trust_root = trust_root.to_cert()?;
let cert = config.lookup_one(&c.certificate, None, true)?;
let cert = sq.lookup_one(&c.certificate, None, true)?;
let mut userids =
check_userids(&config, &cert, true, &c.userid, &c.email, &c.pattern)
check_userids(&sq, &cert, true, &c.userid, &c.email, &c.pattern)
.context("sq pki link add: Invalid User IDs")?;
userids.extend(c.petname.iter().map(|petname| {
// If it is a bare email, we wrap it in angle brackets.
@ -349,7 +349,7 @@ pub fn add(config: Config, c: link::AddCommand)
}
}));
let vc = cert.with_policy(config.policy, Some(config.time))?;
let vc = cert.with_policy(sq.policy, Some(sq.time))?;
let user_supplied_userids = if userids.is_empty() {
if c.all {
@ -443,7 +443,7 @@ pub fn add(config: Config, c: link::AddCommand)
builder = builder.set_exportable_certification(false)?;
// Creation time.
builder = builder.set_signature_creation_time(config.time)?;
builder = builder.set_signature_creation_time(sq.time)?;
let notations = parse_notations(c.notation)?;
for (critical, n) in notations {
@ -462,7 +462,7 @@ pub fn add(config: Config, c: link::AddCommand)
// exactly what we want.
let mut partial = builder.clone();
partial = partial.set_signature_creation_time(
config.time - Duration::new(1, 0))?;
sq.time - Duration::new(1, 0))?;
partial = partial.set_trust_signature(trust_depth, 40)?;
builder = builder.set_signature_validity_period(
@ -472,7 +472,7 @@ pub fn add(config: Config, c: link::AddCommand)
} else {
if let Some(validity) = c
.expiry
.as_duration(DateTime::<Utc>::from(config.time))? {
.as_duration(DateTime::<Utc>::from(sq.time))? {
builder = builder.set_signature_validity_period(validity)?;
}
vec![ builder ]
@ -480,7 +480,7 @@ pub fn add(config: Config, c: link::AddCommand)
// Sign it.
let keys = get_certification_keys(
&[trust_root], config.policy, None, Some(config.time), None)
&[trust_root], sq.policy, None, Some(sq.time), None)
.context("Looking up local trust root")?;
assert!(
keys.len() == 1,
@ -489,7 +489,7 @@ pub fn add(config: Config, c: link::AddCommand)
let mut signer = keys.into_iter().next().unwrap().0;
let certifications = active_certification(
&config, &vc.fingerprint(), userids,
&sq, &vc.fingerprint(), userids,
signer.public())
.into_iter()
.map(|(userid, active_certification)| {
@ -538,9 +538,9 @@ pub fn add(config: Config, c: link::AddCommand)
let changed = diff_link(
&active_certification,
&builders[0], config.time);
&builders[0], sq.time);
if ! changed && config.force {
if ! changed && sq.force {
wprintln!(" Link parameters are unchanged, but \
updating anyway as \"--force\" was specified.");
} else if c.temporary {
@ -601,29 +601,29 @@ pub fn add(config: Config, c: link::AddCommand)
let cert = cert.insert_packets(certifications.clone())?;
let cert_store = config.cert_store_or_else()?;
let cert_store = sq.cert_store_or_else()?;
cert_store.update(Arc::new(cert.into()))
.with_context(|| format!("Updating {}", c.certificate))?;
Ok(())
}
pub fn retract(config: Config, c: link::RetractCommand)
pub fn retract(sq: Sq, c: link::RetractCommand)
-> Result<()>
{
let trust_root = config.local_trust_root()?;
let trust_root = sq.local_trust_root()?;
let trust_root = trust_root.to_cert()?;
let trust_root_kh = trust_root.key_handle();
let cert = config.lookup_one(&c.certificate, None, true)?;
let cert = sq.lookup_one(&c.certificate, None, true)?;
let mut userids =
check_userids(&config, &cert, false, &c.userid, &c.email, &c.pattern)
check_userids(&sq, &cert, false, &c.userid, &c.email, &c.pattern)
.context("sq pki link retract: Invalid User IDs")?;
// Nothing was specified. Retract all known User IDs.
if userids.is_empty() {
let vc = cert.with_policy(config.policy, Some(config.time))?;
let vc = cert.with_policy(sq.policy, Some(sq.time))?;
userids = vc.userids().map(|ua| ua.userid().clone()).collect();
}
@ -635,7 +635,7 @@ pub fn retract(config: Config, c: link::RetractCommand)
builder = builder.set_exportable_certification(false)?;
// Creation time.
builder = builder.set_signature_creation_time(config.time)?;
builder = builder.set_signature_creation_time(sq.time)?;
let notations = parse_notations(c.notation)?;
for (critical, n) in notations {
@ -648,7 +648,7 @@ pub fn retract(config: Config, c: link::RetractCommand)
// Sign it.
let keys = get_certification_keys(
&[trust_root], config.policy, None, Some(config.time), None)
&[trust_root], sq.policy, None, Some(sq.time), None)
.context("Looking up local trust root")?;
assert!(
keys.len() == 1,
@ -657,7 +657,7 @@ pub fn retract(config: Config, c: link::RetractCommand)
let mut signer = keys.into_iter().next().unwrap().0;
let certifications = active_certification(
&config, &cert.fingerprint(), userids, signer.public())
&sq, &cert.fingerprint(), userids, signer.public())
.into_iter()
.map(|(userid, active_certification)| {
let userid_str = || String::from_utf8_lossy(userid.value());
@ -696,9 +696,9 @@ pub fn retract(config: Config, c: link::RetractCommand)
let changed = diff_link(
&active_certification,
&builder, config.time);
&builder, sq.time);
if ! changed && config.force {
if ! changed && sq.force {
wprintln!(" Link parameters are unchanged, but \
updating anyway as \"--force\" was specified.");
} else if ! changed {
@ -712,7 +712,7 @@ pub fn retract(config: Config, c: link::RetractCommand)
} else {
wprintln!(" Link parameters changed, updating link.");
}
} else if config.force {
} else if sq.force {
wprintln!("There is no link to retract between {} and {:?}, \
retracting anyways as \"--force\" was specified.",
cert.fingerprint(), userid_str());
@ -757,27 +757,27 @@ pub fn retract(config: Config, c: link::RetractCommand)
let cert = cert.insert_packets(certifications.clone())?;
let cert_store = config.cert_store_or_else()?;
let cert_store = sq.cert_store_or_else()?;
cert_store.update(Arc::new(cert.into()))
.with_context(|| format!("Updating {}", c.certificate))?;
Ok(())
}
pub fn list(config: Config, c: link::ListCommand)
pub fn list(sq: Sq, c: link::ListCommand)
-> Result<()>
{
let cert_store = config.cert_store_or_else()?;
let cert_store = sq.cert_store_or_else()?;
cert_store.prefetch_all();
let trust_root = config.local_trust_root()?;
let trust_root = sq.local_trust_root()?;
let trust_root = trust_root.to_cert()?;
let trust_root_key = trust_root.primary_key().key().role_as_unspecified();
let cert_store = config.cert_store_or_else()?;
let cert_store = sq.cert_store_or_else()?;
for cert in cert_store.certs() {
for (userid, certification) in active_certification(
&config, &cert.fingerprint(), cert.userids().collect(),
&sq, &cert.fingerprint(), cert.userids().collect(),
trust_root_key)
.into_iter()
.filter_map(|(user, certification)| {

12
src/commands/pki/output/concise_human_readable.rs
View File

@ -14,14 +14,14 @@ use cert_store::Store;
use sequoia_wot as wot;
use wot::Path;
use crate::Config;
use crate::Sq;
use crate::commands::pki::output::OutputType;
use crate::Time;
/// The concise human-readable specific implementation of an
/// OutputNetwork
pub struct ConciseHumanReadableOutputNetwork<'a, 'store, 'rstore> {
config: &'a Config<'store, 'rstore>,
sq: &'a Sq<'store, 'rstore>,
required_amount: usize,
current_cert: Option<Cert>,
bindings_shown: usize,
@ -29,12 +29,12 @@ pub struct ConciseHumanReadableOutputNetwork<'a, 'store, 'rstore> {
impl<'a, 'store, 'rstore> ConciseHumanReadableOutputNetwork<'a, 'store, 'rstore> {
/// Creates a new ConciseHumanReadableOutputNetwork
pub fn new(config: &'a Config<'store, 'rstore>,
pub fn new(sq: &'a Sq<'store, 'rstore>,
required_amount: usize)
-> Self
{
Self {
config,
sq,
required_amount,
current_cert: None,
bindings_shown: 0,
@ -55,7 +55,7 @@ impl OutputType for ConciseHumanReadableOutputNetwork<'_, '_, '_> {
let current_fingerprint =
self.current_cert.as_ref().map(|cert| cert.fingerprint());
let show_cert = if current_fingerprint.as_ref() != Some(fingerprint) {
let cert = if let Ok(store) = self.config.cert_store_or_else() {
let cert = if let Ok(store) = self.sq.cert_store_or_else() {
store.lookup_by_cert_fpr(fingerprint)
.and_then(|lazy_cert| {
Ok(lazy_cert.to_cert()?.clone())
@ -71,7 +71,7 @@ impl OutputType for ConciseHumanReadableOutputNetwork<'_, '_, '_> {
};
let vc = self.current_cert.as_ref().and_then(|cert| {
cert.with_policy(self.config.policy, self.config.time)
cert.with_policy(self.sq.policy, self.sq.time)
.ok()
});

48
src/commands/sign.rs
View File

@ -26,7 +26,7 @@ use openpgp::types::SignatureType;
use sequoia_keystore::Protection;
use crate::best_effort_primary_uid;
use crate::Config;
use crate::Sq;
use crate::load_certs;
use crate::parse_notations;
@ -37,7 +37,7 @@ use crate::cli::types::FileOrStdout;
mod merge_signatures;
use merge_signatures::merge_signatures;
pub fn dispatch(config: Config, command: cli::sign::Command) -> Result<()> {
pub fn dispatch(sq: Sq, command: cli::sign::Command) -> Result<()> {
tracer!(TRACE, "sign::dispatch");
let mut input = command.input.open()?;
@ -54,13 +54,13 @@ pub fn dispatch(config: Config, command: cli::sign::Command) -> Result<()> {
let secrets =
load_certs(command.secret_key_file.iter().map(|s| s.as_ref()))?;
let signer_keys = &command.signer_key[..];
let time = Some(config.time);
let time = Some(sq.time);
let notations = parse_notations(command.notation)?;
if let Some(merge) = command.merge {
let output = output.create_pgp_safe(
config.force,
sq.force,
binary,
armor::Kind::Message,
)?;
@ -68,11 +68,11 @@ pub fn dispatch(config: Config, command: cli::sign::Command) -> Result<()> {
let mut input2 = data.open()?;
merge_signatures(&mut input, &mut input2, output)?;
} else if command.clearsign {
let output = output.create_safe(config.force)?;
clearsign(config, private_key_store, input, output, secrets,
let output = output.create_safe(sq.force)?;
clearsign(sq, private_key_store, input, output, secrets,
time, &notations)?;
} else {
sign(config,
sign(sq,
private_key_store,
&mut input,
output,
@ -90,7 +90,7 @@ pub fn dispatch(config: Config, command: cli::sign::Command) -> Result<()> {
}
pub fn sign<'a, 'store, 'rstore>(
config: Config<'store, 'rstore>,
sq: Sq<'store, 'rstore>,
private_key_store: Option<&'a str>,
input: &'a mut (dyn io::Read + Sync + Send),
output: &'a FileOrStdout,
@ -106,7 +106,7 @@ pub fn sign<'a, 'store, 'rstore>(
{
match (detached, append|notarize) {
(_, false) | (true, true) =>
sign_data(config,
sign_data(sq,
private_key_store,
input,
output,
@ -118,7 +118,7 @@ pub fn sign<'a, 'store, 'rstore>(
time,
notations),
(false, true) =>
sign_message(config,
sign_message(sq,
private_key_store,
input,
output,
@ -131,7 +131,7 @@ pub fn sign<'a, 'store, 'rstore>(
}
fn sign_data<'a, 'store, 'rstore>(
config: Config<'store, 'rstore>,
sq: Sq<'store, 'rstore>,
private_key_store: Option<&'a str>,
input: &'a mut (dyn io::Read + Sync + Send),
output_path: &'a FileOrStdout,
@ -175,16 +175,16 @@ fn sign_data<'a, 'store, 'rstore>(
let tmp_path = tmp_file.path().into();
(Box::new(tmp_file), sigs, Some(tmp_path))
} else {
(output_path.create_safe(config.force)?, Vec::new(), None)
(output_path.create_safe(sq.force)?, Vec::new(), None)
};
let mut keypairs = super::get_signing_keys(
&secrets, config.policy, private_key_store, time, None)?;
&secrets, sq.policy, private_key_store, time, None)?;
let mut signer_keys = if signer_keys.is_empty() {
Vec::new()
} else {
let mut ks = config.key_store_or_else()?.lock().unwrap();
let mut ks = sq.key_store_or_else()?.lock().unwrap();
signer_keys.into_iter()
.map(|kh| {
@ -205,14 +205,14 @@ fn sign_data<'a, 'store, 'rstore>(
match key.locked() {
Ok(Protection::Password(msg)) => {
let fpr = key.fingerprint();
let cert = config.lookup_one(
let cert = sq.lookup_one(
&KeyHandle::from(&fpr), None, true);
let display = match cert {
Ok(cert) => {
format!(" ({})",
best_effort_primary_uid(
Some(&config), &cert,
config.policy, config.time))
Some(&sq), &cert,
sq.policy, sq.time))
}
Err(_) => {
"".to_string()
@ -349,7 +349,7 @@ fn sign_data<'a, 'store, 'rstore>(
}
fn sign_message<'a, 'store, 'rstore>(
config: Config<'store, 'rstore>,
sq: Sq<'store, 'rstore>,
private_key_store: Option<&'a str>,
input: &'a mut (dyn io::Read + Sync + Send),
output: &'a FileOrStdout,
@ -361,11 +361,11 @@ fn sign_message<'a, 'store, 'rstore>(
-> Result<()>
{
let mut output = output.create_pgp_safe(
config.force,
sq.force,
binary,
armor::Kind::Message,
)?;
sign_message_(config,
sign_message_(sq,
private_key_store,
input,
secrets,
@ -378,7 +378,7 @@ fn sign_message<'a, 'store, 'rstore>(
}
fn sign_message_<'a, 'store, 'rstore>(
config: Config<'store, 'rstore>,
sq: Sq<'store, 'rstore>,
private_key_store: Option<&'a str>,
input: &'a mut (dyn io::Read + Sync + Send),
secrets: Vec<openpgp::Cert>,
@ -389,7 +389,7 @@ fn sign_message_<'a, 'store, 'rstore>(
-> Result<()>
{
let mut keypairs = super::get_signing_keys(
&secrets, config.policy, private_key_store, time, None)?;
&secrets, sq.policy, private_key_store, time, None)?;
if keypairs.is_empty() {
return Err(anyhow::anyhow!("No signing keys found"));
}
@ -586,7 +586,7 @@ fn sign_message_<'a, 'store, 'rstore>(
Ok(())
}
pub fn clearsign(config: Config,
pub fn clearsign(sq: Sq,
private_key_store: Option<&str>,
mut input: impl io::Read + Sync + Send,
mut output: impl io::Write + Sync + Send,
@ -596,7 +596,7 @@ pub fn clearsign(config: Config,
-> Result<()>
{
let mut keypairs = super::get_signing_keys(
&secrets, config.policy, private_key_store, time, None)?;
&secrets, sq.policy, private_key_store, time, None)?;
if keypairs.is_empty() {
return Err(anyhow::anyhow!("No signing keys found"));
}

14
src/commands/toolbox.rs
View File

@ -1,7 +1,7 @@
//! Tools for developers, maintainers, and forensic specialists.
use crate::{
Config,
Sq,
Result,
cli::toolbox::{Command, Subcommands},
};
@ -12,18 +12,18 @@ pub mod extract_cert;
pub mod keyring;
pub mod packet;
pub fn dispatch(config: Config, command: Command) -> Result<()>
pub fn dispatch(sq: Sq, command: Command) -> Result<()>
{
match command.subcommand {
Subcommands::Keyring(command) =>
keyring::dispatch(config, command),
keyring::dispatch(sq, command),
Subcommands::Packet(command) =>
packet::dispatch(config, command),
packet::dispatch(sq, command),
Subcommands::ExtractCert(command) =>
extract_cert::dispatch(config, command),
extract_cert::dispatch(sq, command),
Subcommands::Armor(command) =>
armor::dispatch(config, command),
armor::dispatch(sq, command),
Subcommands::Dearmor(command) =>
dearmor::dispatch(config, command),
dearmor::dispatch(sq, command),
}
}

8
src/commands/toolbox/armor.rs
View File

@ -12,7 +12,7 @@ use openpgp::parse::Parse;
use openpgp::parse::PacketParser;
use openpgp::parse::PacketParserResult;
use crate::Config;
use crate::Sq;
use crate::Result;
use crate::cli;
@ -45,7 +45,7 @@ where B: BufferedReader<C>,
kind
}
pub fn dispatch(config: Config, command: cli::toolbox::armor::Command)
pub fn dispatch(sq: Sq, command: cli::toolbox::armor::Command)
-> Result<()>
{
tracer!(TRACE, "armor::dispatch");
@ -71,7 +71,7 @@ pub fn dispatch(config: Config, command: cli::toolbox::armor::Command)
&& (want_kind.is_none() || want_kind == have_kind)
{
// It is already armored and has the correct kind.
let mut output = command.output.create_safe(config.force)?;
let mut output = command.output.create_safe(sq.force)?;
io::copy(&mut input, &mut output)?;
return Ok(());
}
@ -85,7 +85,7 @@ pub fn dispatch(config: Config, command: cli::toolbox::armor::Command)
let want_kind = want_kind.expect("given or detected");
let mut output =
command.output.create_pgp_safe(config.force, false, want_kind)?;
command.output.create_pgp_safe(sq.force, false, want_kind)?;
if already_armored {
// Dearmor and copy to change the type.

6
src/commands/toolbox/dearmor.rs
View File

@ -3,17 +3,17 @@ use std::io;
use sequoia_openpgp as openpgp;
use openpgp::armor;
use crate::Config;
use crate::Sq;
use crate::Result;
use crate::cli;
pub fn dispatch(config: Config, command: cli::toolbox::dearmor::Command)
pub fn dispatch(sq: Sq, command: cli::toolbox::dearmor::Command)
-> Result<()>
{
tracer!(TRACE, "dearmor::dispatch");
let mut input = command.input.open()?;
let mut output = command.output.create_safe(config.force)?;
let mut output = command.output.create_safe(sq.force)?;
let mut filter = armor::Reader::from_buffered_reader(&mut input, None)?;
io::copy(&mut filter, &mut output)?;

6
src/commands/toolbox/extract_cert.rs
View File

@ -6,15 +6,15 @@ use openpgp::Cert;
use openpgp::Result;
use sequoia_openpgp as openpgp;
use crate::Config;
use crate::Sq;
use crate::cli;
pub fn dispatch(
config: Config,
sq: Sq,
command: cli::toolbox::extract_cert::Command,
) -> Result<()> {
let input = command.input.open()?;
let mut output = command.output.create_safe(config.force)?;
let mut output = command.output.create_safe(sq.force)?;
let cert = Cert::from_buffered_reader(input)?;
if command.binary {

26
src/commands/toolbox/keyring.rs
View File

@ -27,7 +27,7 @@ use openpgp::{
};
use crate::{
Config,
Sq,
Model,
cli::types::FileOrStdout,
output::KeyringListItem,
@ -35,7 +35,7 @@ use crate::{
use crate::cli::toolbox::keyring;
pub fn dispatch(config: Config, c: keyring::Command) -> Result<()> {
pub fn dispatch(sq: Sq, c: keyring::Command) -> Result<()> {
use keyring::Subcommands::*;
match c.subcommand {
Filter(command) => {
@ -125,14 +125,14 @@ pub fn dispatch(config: Config, c: keyring::Command) -> Result<()> {
}
};
filter(&config, command.input, command.output, filter_fn,
filter(&sq, command.input, command.output, filter_fn,
command.binary, command.to_certificate)
},
Merge(c) =>
merge(&config, c.input, c.output, c.binary),
merge(&sq, c.input, c.output, c.binary),
List(c) => {
let mut input = c.input.open()?;
list(config, &mut input, c.all_userids)
list(sq, &mut input, c.all_userids)
},
Split(c) => {
let mut input = c.input.open()?;
@ -156,7 +156,7 @@ pub fn dispatch(config: Config, c: keyring::Command) -> Result<()> {
}
/// Joins certificates and keyrings into a keyring, applying a filter.
fn filter<F>(config: &Config, inputs: Vec<PathBuf>, output: FileOrStdout,
fn filter<F>(sq: &Sq, inputs: Vec<PathBuf>, output: FileOrStdout,
mut filter: F,
binary: bool,
to_certificate: bool)
@ -185,7 +185,7 @@ fn filter<F>(config: &Config, inputs: Vec<PathBuf>, output: FileOrStdout,
}
let mut output = output.for_secrets().create_pgp_safe(
config.force,
sq.force,
binary,
if ! to_certificate && certs.iter().any(|c| c.is_tsk()) {
armor::Kind::SecretKey
@ -209,19 +209,19 @@ fn filter<F>(config: &Config, inputs: Vec<PathBuf>, output: FileOrStdout,
}
/// Lists certs in a keyring.
fn list(config: Config,
fn list(sq: Sq,
input: &mut (dyn io::Read + Sync + Send),
list_all_uids: bool)
-> Result<()>
{
let mut certs = vec![];
let iter = CertParser::from_reader(input)?
.map(|item| KeyringListItem::from_cert_with_config(item, &config));
.map(|item| KeyringListItem::from_cert_with_sq(item, &sq));
for item in iter {
certs.push(item);
}
let list = Model::keyring_list(config.output_version, certs, list_all_uids)?;
list.write(config.output_format, &mut std::io::stdout())?;
let list = Model::keyring_list(sq.output_version, certs, list_all_uids)?;
list.write(sq.output_format, &mut std::io::stdout())?;
Ok(())
}
@ -311,7 +311,7 @@ fn split(input: &mut (dyn io::Read + Sync + Send), prefix: &str, binary: bool)
}
/// Merge multiple keyrings.
fn merge(config: &Config, inputs: Vec<PathBuf>, output: FileOrStdout,
fn merge(sq: &Sq, inputs: Vec<PathBuf>, output: FileOrStdout,
binary: bool)
-> Result<()>
{
@ -353,7 +353,7 @@ fn merge(config: &Config, inputs: Vec<PathBuf>, output: FileOrStdout,
}
let mut output = output.for_secrets().create_pgp_safe(
config.force,
sq.force,
binary,
if certs.values().any(|c| c.as_ref().map(Cert::is_tsk).unwrap_or(false))
{

38
src/commands/toolbox/packet.rs
View File

@ -23,7 +23,7 @@ use openpgp::{
};
use openpgp::serialize::stream::Message;
use crate::Config;
use crate::Sq;
use crate::Convert;
use crate::Result;
use crate::cli::toolbox::packet::{
@ -38,7 +38,7 @@ use crate::load_keys;
pub mod dump;
pub fn dispatch(config: Config, command: Command)
pub fn dispatch(sq: Sq, command: Command)
-> Result<()>
{
tracer!(TRACE, "packet::dispatch");
@ -46,7 +46,7 @@ pub fn dispatch(config: Config, command: Command)
Subcommands::Dump(command) => {
let mut input = command.input.open()?;
let output_type = command.output;
let mut output = output_type.create_unsafe(config.force)?;
let mut output = output_type.create_unsafe(sq.force)?;
let width = if let Some((width, _)) = terminal_size() {
Some(width.0.into())
@ -55,7 +55,7 @@ pub fn dispatch(config: Config, command: Command)
};
let secrets =
load_keys(command.recipient_file.iter().map(|s| s.as_ref()))?;
dump::dump(&config,
dump::dump(&sq,
secrets,
&mut input, &mut output,
command.mpis, command.hex,
@ -65,7 +65,7 @@ pub fn dispatch(config: Config, command: Command)
Subcommands::Decrypt(command) => {
let mut input = command.input.open()?;
let mut output = command.output.create_pgp_safe(
config.force,
sq.force,
command.binary,
openpgp::armor::Kind::Message,
)?;
@ -74,7 +74,7 @@ pub fn dispatch(config: Config, command: Command)
load_keys(command.secret_key_file.iter().map(|s| s.as_ref()))?;
let session_keys = command.session_key;
commands::decrypt::decrypt_unwrap(
config,
sq,
&mut input, &mut output,
secrets,
session_keys,
@ -83,9 +83,9 @@ pub fn dispatch(config: Config, command: Command)
},
Subcommands::Split(command) =>
split(config, command)?,
split(sq, command)?,
Subcommands::Join(command) => {
join(config, command)?;
join(sq, command)?;
}
}
@ -93,7 +93,7 @@ pub fn dispatch(config: Config, command: Command)
}
pub fn split(_config: Config, c: SplitCommand) -> Result<()>
pub fn split(_sq: Sq, c: SplitCommand) -> Result<()>
{
let input = c.input.open()?;
@ -205,7 +205,7 @@ pub fn split(_config: Config, c: SplitCommand) -> Result<()>
}
/// Joins the given files.
pub fn join(config: Config, c: JoinCommand) -> Result<()> {
pub fn join(sq: Sq, c: JoinCommand) -> Result<()> {
// Either we know what kind of armor we want to produce, or we
// need to detect it using the first packet we see.
let kind = c.kind.into();
@ -213,16 +213,16 @@ pub fn join(config: Config, c: JoinCommand) -> Result<()> {
let mut sink = if c.binary {
// No need for any auto-detection.
Some(output.create_pgp_safe(
config.force, true, openpgp::armor::Kind::File)?)
sq.force, true, openpgp::armor::Kind::File)?)
} else if let Some(kind) = kind {
Some(output.create_pgp_safe(config.force, false, kind)?)
Some(output.create_pgp_safe(sq.force, false, kind)?)
} else {
None // Defer.
};
/// Writes a bit-accurate copy of all top-level packets in PPR to
/// OUTPUT.
fn copy<'a, 'b, 'pp>(config: &Config,
fn copy<'a, 'b, 'pp>(sq: &Sq,
mut ppr: PacketParserResult<'pp>,
output: &'a FileOrStdout,
sink: &'b mut Option<Message<'a>>)
@ -240,7 +240,7 @@ pub fn join(config: Config, c: JoinCommand) -> Result<()> {
};
*sink = Some(
output.create_pgp_safe(config.force, false, kind)?
output.create_pgp_safe(sq.force, false, kind)?
);
}
@ -258,14 +258,14 @@ pub fn join(config: Config, c: JoinCommand) -> Result<()> {
/// Writes a bit-accurate copy of all top-level packets in all
/// armored sections in the input to OUTPUT.
fn copy_all<'a, 'b>(config: &Config,
fn copy_all<'a, 'b>(sq: &Sq,
mut ppr: PacketParserResult,
output: &'a FileOrStdout,
sink: &'b mut Option<Message<'a>>)
-> Result<()>
{
// First, copy all the packets, armored or not.
ppr = copy(config, ppr, output, sink)?;
ppr = copy(sq, ppr, output, sink)?;
loop {
// Now, the parser is exhausted, but we may find another
@ -301,7 +301,7 @@ pub fn join(config: Config, c: JoinCommand) -> Result<()> {
}
// We found another armor block, copy all the packets.
ppr = copy(config, ppr, output, sink)?;
ppr = copy(sq, ppr, output, sink)?;
}
}
@ -310,13 +310,13 @@ pub fn join(config: Config, c: JoinCommand) -> Result<()> {
let ppr =
openpgp::parse::PacketParserBuilder::from_file(name)?
.map(true).build()?;
copy_all(&config, ppr, &output, &mut sink)?;
copy_all(&sq, ppr, &output, &mut sink)?;
}
} else {
let ppr =
openpgp::parse::PacketParserBuilder::from_reader(io::stdin())?
.map(true).build()?;
copy_all(&config, ppr, &output, &mut sink)?;
copy_all(&sq, ppr, &output, &mut sink)?;
}
sink.unwrap().finalize()?;

4
src/commands/toolbox/packet/dump.rs
View File

@ -33,7 +33,7 @@ pub enum Kind {
}
#[allow(clippy::redundant_pattern_matching)]
pub fn dump<W>(config: &crate::Config,
pub fn dump<W>(sq: &crate::Sq,
secrets: Vec<Cert>,
input: &mut (dyn io::Read + Sync + Send),
output: &mut dyn io::Write,
@ -60,7 +60,7 @@ pub fn dump<W>(config: &crate::Config,
let mut first_armor_block = true;
let mut is_keyring = true;
let mut helper = crate::commands::decrypt::Helper::new(
&config, None, 0, Vec::new(), secrets, session_keys.clone(), false);
&sq, None, 0, Vec::new(), secrets, session_keys.clone(), false);
loop {
let mut dumper = PacketDumper::new(width, mpis);

18
src/commands/verify.rs
View File

@ -10,19 +10,19 @@ use openpgp::parse::stream::DetachedVerifierBuilder;
use openpgp::parse::stream::VerifierBuilder;
use openpgp::parse::Parse;
use crate::Config;
use crate::Sq;
use crate::Result;
use crate::cli;
use crate::commands::VHelper;
use crate::load_certs;
pub fn dispatch(config: Config, command: cli::verify::Command)
pub fn dispatch(sq: Sq, command: cli::verify::Command)
-> Result<()>
{
tracer!(TRACE, "verify::dispatch");
let mut input = command.input.open()?;
let mut output = command.output.create_safe(config.force)?;
let mut output = command.output.create_safe(sq.force)?;
let mut detached = if let Some(f) = command.detached {
Some(File::open(f)?)
} else {
@ -33,33 +33,33 @@ pub fn dispatch(config: Config, command: cli::verify::Command)
let mut certs = load_certs(
command.sender_file.iter().map(|s| s.as_ref()))?;
certs.extend(
config.lookup(command.sender_certs,
sq.lookup(command.sender_certs,
Some(KeyFlags::empty().set_signing()),
true,
false)
.context("--sender-cert")?);
verify(config, &mut input,
verify(sq, &mut input,
detached.as_mut().map(|r| r as &mut (dyn io::Read + Sync + Send)),
&mut output, signatures, certs)?;
Ok(())
}
pub fn verify(config: Config,
pub fn verify(sq: Sq,
input: &mut (dyn io::Read + Sync + Send),
detached: Option<&mut (dyn io::Read + Sync + Send)>,
output: &mut dyn io::Write,
signatures: usize, certs: Vec<Cert>)
-> Result<()> {
let helper = VHelper::new(&config, signatures, certs);
let helper = VHelper::new(&sq, signatures, certs);
let helper = if let Some(dsig) = detached {
let mut v = DetachedVerifierBuilder::from_reader(dsig)?
.with_policy(config.policy, Some(config.time), helper)?;
.with_policy(sq.policy, Some(sq.time), helper)?;
v.verify_reader(input)?;
v.into_helper()
} else {
let mut v = VerifierBuilder::from_reader(input)?
.with_policy(config.policy, Some(config.time), helper)?;
.with_policy(sq.policy, Some(sq.time), helper)?;
io::copy(&mut v, output)?;
v.into_helper()
};

4
src/commands/version.rs
View File

@ -1,13 +1,13 @@
//! Detailed version and output version information.
use crate::{
Config,
Sq,
Result,
cli::version,
output,
};
pub fn dispatch(_config: Config, c: version::Command)
pub fn dispatch(_sq: Sq, c: version::Command)
-> Result<()>
{
if c.default_output_version {

12
src/main.rs
View File

@ -48,7 +48,7 @@ use clap::FromArgMatches;
#[macro_use] mod log;
mod sq;
use sq::Config;
use sq::Sq;
mod common;
use common::PreferredUserID;
@ -96,7 +96,7 @@ impl Convert<chrono::DateTime<chrono::offset::Utc>> for openpgp::types::Timestam
/// Whether a cert or key was freshly imported, updated, or unchanged.
///
/// Returned by [`Config::import_key`].
/// Returned by [`Sq::import_key`].
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
pub enum ImportStatus {
/// The certificate or key is unchanged.
@ -217,7 +217,7 @@ fn serialize_keyring(mut output: &mut dyn io::Write, certs: Vec<Cert>,
/// Best-effort heuristic to compute the primary User ID of a given cert.
///
/// The returned string is already sanitized, and safe for displaying.
pub fn best_effort_primary_uid<'u, T>(config: Option<&Config>,
pub fn best_effort_primary_uid<'u, T>(config: Option<&Sq>,
cert: &'u Cert,
policy: &'u dyn Policy,
time: T)
@ -311,7 +311,7 @@ where
/// Best-effort heuristic to compute the primary User ID of a given cert.
///
/// The returned string is already sanitized, and safe for displaying.
pub fn best_effort_primary_uid_for<'u, T>(config: Option<&Config>,
pub fn best_effort_primary_uid_for<'u, T>(config: Option<&Sq>,
key_handle: &KeyHandle,
policy: &'u dyn Policy,
time: T)
@ -497,7 +497,7 @@ fn main() -> Result<()> {
None
};
let config = Config {
let sq = Sq {
verbose: c.verbose,
force,
output_format: c.output_format,
@ -517,7 +517,7 @@ fn main() -> Result<()> {
key_store: OnceCell::new(),
};
commands::dispatch(config, c)
commands::dispatch(sq, c)
}
fn parse_notations<N>(n: N) -> Result<Vec<(bool, NotationData)>>

10
src/output.rs
View File

@ -105,7 +105,7 @@ mod keyring {
Result,
cert::Cert,
};
use crate::Config;
use crate::Sq;
use super::{OutputVersion, Write};
use serde::Serialize;
@ -166,9 +166,9 @@ mod keyring {
}
impl ListItem {
pub fn from_cert_with_config(item: Result<Cert>, config: &Config) -> Self {
pub fn from_cert_with_sq(item: Result<Cert>, sq: &Sq) -> Self {
match item {
Ok(cert) => ListItem::Cert(OutputCert::from_cert_with_config(cert, config)),
Ok(cert) => ListItem::Cert(OutputCert::from_cert_with_sq(cert, sq)),
Err(e) => ListItem::Error(format!("{}", e)),
}
}
@ -182,14 +182,14 @@ mod keyring {
}
impl OutputCert {
fn from_cert_with_config(cert: Cert, config: &Config) -> Self {
fn from_cert_with_sq(cert: Cert, sq: &Sq) -> Self {
// Try to be more helpful by including a User ID in the
// listing. We'd like it to be the primary one. Use
// decreasingly strict policies.
let mut primary_uid: Option<Vec<u8>> = None;
// First, apply our policy.
if let Ok(vcert) = cert.with_policy(config.policy, None) {
if let Ok(vcert) = cert.with_policy(sq.policy, None) {
if let Ok(primary) = vcert.primary_userid() {
primary_uid = Some(primary.value().to_vec());
}

4
src/sq.rs
View File

@ -44,7 +44,7 @@ use crate::print_error_chain;
type WotStore<'store, 'rstore>
= wot::store::CertStore<'store, 'rstore, cert_store::CertStore<'store>>;
pub struct Config<'store, 'rstore>
pub struct Sq<'store, 'rstore>
where 'store: 'rstore
{
pub verbose: bool,
@ -74,7 +74,7 @@ pub struct Config<'store, 'rstore>
pub key_store: OnceCell<Mutex<keystore::Keystore>>,
}
impl<'store: 'rstore, 'rstore> Config<'store, 'rstore> {
impl<'store: 'rstore, 'rstore> Sq<'store, 'rstore> {
/// Returns the cert store's base directory, if it is enabled.
pub fn cert_store_base(&self) -> Option<PathBuf> {
if self.no_rw_cert_store {