slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgrade sequoia-cert-store and sequoia-wot.

Browse Source 
- Upgrade `sequoia-cert-store` to 0.6.0 and `sequoia-wot` to 0.12.0.
This commit is contained in:
Neal H. Walfield 2024-06-14 19:35:57 +02:00
parent 7431a00efc
commit 9ce23340f7
No known key found for this signature in database
GPG Key ID: 6863C9AD5B4D22D3
5 changed files with 47 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Cargo.lock generated
View File

@ -3144,9 +3144,9 @@ dependencies = [
[[package]]
name = "sequoia-cert-store"
version = "0.5.3"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "83bd0304e4a7dc7af3aebb827ec3bf980b5e85d5a04c0c3bd9032e29d677e526"
checksum = "41c48ce5b9596be3d68d197e6b2a9f7ec787d49a8dd5a758ffc53e2b381cd0e4"
dependencies = [
"anyhow",
"crossbeam",
@ -3161,6 +3161,7 @@ dependencies = [
"smallvec",
"thiserror",
"tokio",
"url",
]
[[package]]
@ -3448,9 +3449,9 @@ dependencies = [
[[package]]
name = "sequoia-wot"
version = "0.11.0"
version = "0.12.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d16930db37050e74cfdae18654108e8f78eeeb3d659336223b657ccc9a3a6141"
checksum = "486e5d22de6407e3f8b57104da7d1e34d60fc4101c2af0c49d1435542c0b3ddb"
dependencies = [
"anyhow",
"chrono",

4
Cargo.toml
View File

@ -44,9 +44,9 @@ humantime = "2"
indicatif = "0.17"
itertools = ">=0.10, <0.13"
once_cell = "1.17"
sequoia-cert-store = "0.5.3"
sequoia-cert-store = "0.6.0"
sequoia-keystore = { version = "0.5" }
sequoia-wot = { version = "0.11", default-features = false }
sequoia-wot = { version = "0.12", default-features = false }
tempfile = "3.1"
thiserror = "1"
tokio = { version = "1.13.1" }

11
src/commands.rs
View File

@ -395,17 +395,16 @@ impl<'c, 'store, 'rstore> VHelper<'c, 'store, 'rstore> {
"{} cannot be authenticated. \
It has no User IDs",
cert_fpr);
} else if let Ok(n) = sequoia_wot::Network::new(&cert_store) {
let mut q = sequoia_wot::QueryBuilder::new(&n);
q.roots(sequoia_wot::Roots::new(trust_roots.into_iter()));
let q = q.build();
} else {
let n = sequoia_wot::NetworkBuilder::rooted(
&cert_store, &*trust_roots).build();
let authenticated_userids
= userids.into_iter().filter(|userid| {
let userid_str =
String::from_utf8_lossy(userid.value());
let paths = q.authenticate(
let paths = n.authenticate(
userid, cert.fingerprint(),
// XXX: Make this user squrable.
sequoia_wot::FULLY_TRUSTED);
@ -467,8 +466,6 @@ impl<'c, 'store, 'rstore> VHelper<'c, 'store, 'rstore> {
signer_userid = String::from_utf8_lossy(
authenticated_userids[0].value()).to_string();
}
} else {
qprintln!("Failed to build web of trust network.");
}
} else {
qprintln!("Skipping, certificate store has been disabled");

60
src/commands/pki.rs
View File

@ -104,16 +104,16 @@ fn authenticate<'store, 'rstore>(
cert_store.precompute();
}
let n = wot::Network::new(cert_store)?;
let mut q = wot::QueryBuilder::new(&n);
if ! gossip {
q.roots(wot::Roots::new(sq.trust_roots()));
}
let mut n = if gossip {
wot::NetworkBuilder::rootless(cert_store)
} else {
wot::NetworkBuilder::rooted(cert_store,
&*sq.trust_roots())
};
if certification_network {
q.certification_network();
n = n.certification_network();
}
let q = q.build();
let n = n.build();
let required_amount =
required_trust_amount(trust_amount, certification_network)?;
@ -196,12 +196,12 @@ fn authenticate<'store, 'rstore>(
// and select the bindings where the User ID matches the email
// address.
bindings = if let Some(fingerprint) = fingerprint.as_ref() {
q.network().certified_userids_of(fingerprint)
n.certified_userids_of(fingerprint)
.into_iter()
.map(|userid| (fingerprint.clone(), userid))
.collect::<Vec<_>>()
} else {
q.network().lookup_synopses_by_email(&email)
n.lookup_synopses_by_email(&email)
};
let email_normalized = userid_check.email_normalized()
@ -225,7 +225,7 @@ fn authenticate<'store, 'rstore>(
bindings.push((fingerprint, userid.clone()));
} else {
// Fingerprint, no User ID.
bindings = q.network().certified_userids_of(&fingerprint)
bindings = n.certified_userids_of(&fingerprint)
.into_iter()
.map(|userid| (fingerprint.clone(), userid))
.collect();
@ -233,7 +233,7 @@ fn authenticate<'store, 'rstore>(
} else if let Some(userid) = userid {
// The caller did not specify a certificate. Find all
// bindings with the User ID.
bindings = q.network().lookup_synopses_by_userid(userid.clone())
bindings = n.lookup_synopses_by_userid(userid.clone())
.into_iter()
.map(|fpr| (fpr, userid.clone()))
.collect();
@ -241,7 +241,7 @@ fn authenticate<'store, 'rstore>(
// No User ID, no Fingerprint.
// List everything.
bindings = q.network().certified_userids();
bindings = n.certified_userids();
if let Some(ref pattern) = list_pattern {
// Or rather, just User IDs that match the pattern.
@ -293,7 +293,7 @@ fn authenticate<'store, 'rstore>(
OutputFormat::DOT => {
Box::new(output::DotOutputNetwork::new(
required_amount,
q.roots(),
n.roots(),
gossip,
certification_network,
))
@ -319,7 +319,7 @@ fn authenticate<'store, 'rstore>(
let paths = if gossip {
// Gossip.
let paths = q.gossip(
let paths = n.gossip(
fingerprint.clone(), userid.clone());
// Sort so the shortest paths come first.
@ -340,7 +340,7 @@ fn authenticate<'store, 'rstore>(
.map(|p| (p, 0))
.collect::<Vec<(wot::Path, usize)>>()
} else {
let paths = q.authenticate(
let paths = n.authenticate(
userid.clone(), fingerprint.clone(), required_amount);
aggregated_amount = paths.amount();
@ -364,7 +364,7 @@ fn authenticate<'store, 'rstore>(
if lint_input {
// See if the target certificate exists.
if let Some(kh) = certificate_dealiased {
match q.network().lookup_synopses(&kh) {
match n.lookup_synopses(&kh) {
Err(err) => {
wprintln!("Looking up target certificate ({}): {}",
kh, err);
@ -390,7 +390,7 @@ fn authenticate<'store, 'rstore>(
// Check if the certificate has expired.
if let Some(e) = cert.expiration_time() {
if e <= q.network().reference_time() {
if e <= n.reference_time() {
wprintln!("Warning: {} is expired.", kh);
}
}
@ -406,9 +406,7 @@ fn authenticate<'store, 'rstore>(
// See if there are any certifications made on
// this certificate.
if let Ok(cs) = q.network()
.certifications_of(&fpr, 0.into())
{
if let Ok(cs) = n.certifications_of(&fpr, 0.into()) {
if cs.iter().all(|cs| {
cs.certifications()
.all(|(_userid, certifications)| {
@ -447,9 +445,9 @@ fn authenticate<'store, 'rstore>(
// See if the trust roots exist.
if ! gossip {
if q.roots().iter().all(|r| {
if n.roots().iter().all(|r| {
let fpr = r.fingerprint();
if let Err(err) = q.network().lookup_synopsis_by_fpr(&fpr) {
if let Err(err) = n.lookup_synopsis_by_fpr(&fpr) {
wprintln!("Looking up trust root ({}): {}.",
fpr, err);
true
@ -550,16 +548,16 @@ fn check_path(sq: &Sq,
}
};
let n = wot::Network::new(cert_store)?;
let mut q = wot::QueryBuilder::new(&n);
if ! gossip {
q.roots(wot::Roots::new(sq.trust_roots()));
}
let mut n = if gossip {
wot::NetworkBuilder::rootless(cert_store)
} else {
wot::NetworkBuilder::rooted(cert_store,
&*sq.trust_roots())
};
if certification_network {
q.certification_network();
n = n.certification_network();
}
let q = q.build();
let q = n.build();
let required_amount =
required_trust_amount(trust_amount, certification_network)?;

18
src/sq.rs
View File

@ -346,14 +346,12 @@ impl<'store: 'rstore, 'rstore> Sq<'store, 'rstore> {
/// Returns a web-of-trust query builder.
///
/// The trust roots are already set appropriately.
pub fn wot_query(&self)
-> Result<wot::QueryBuilder<&WotStore<'store, 'rstore>>>
fn wot_query(&self) -> Result<wot::NetworkBuilder<&WotStore<'store, 'rstore>>>
{
let cert_store = self.cert_store_or_else()?;
let network = wot::Network::new(cert_store)?;
let mut query = wot::QueryBuilder::new_owned(network.into());
query.roots(wot::Roots::new(self.trust_roots()));
Ok(query)
let network = wot::NetworkBuilder::rooted(cert_store,
&*self.trust_roots());
Ok(network)
}
/// Returns the key store's path.
@ -630,10 +628,8 @@ impl<'store: 'rstore, 'rstore> Sq<'store, 'rstore> {
let cert_store = wot::store::CertStore::from_store(
cert_store, self.policy, self.time);
let n = wot::Network::new(&cert_store)?;
let mut q = wot::QueryBuilder::new(&n);
q.roots(wot::Roots::new(self.trust_roots().iter().cloned()));
let q = q.build();
let n = wot::NetworkBuilder::rooted(&cert_store, &*self.trust_roots())
.build();
let mut results: Vec<Cert> = Vec::new();
// We try hard to not just stop at the first error, but lint
@ -739,7 +735,7 @@ impl<'store: 'rstore, 'rstore> Sq<'store, 'rstore> {
}
// Authenticate the bindings.
let paths = q.authenticate(
let paths = n.authenticate(
&userid, cert.fingerprint(),
// XXX: Make this user configurable.
wot::FULLY_TRUSTED);