Implement sq certify --add-userid.

- See #14.
2024-01-10 11:04:19 +01:00 · 2024-01-10 11:04:19 +01:00 · af170f6b45
commit af170f6b45
parent b25529cda7
3 changed files with 39 additions and 3 deletions
--- a/sq-subplot.md
+++ b/sq-subplot.md
@ -1158,6 +1158,28 @@ when I run sq --no-cert-store inspect cert.pgp
 then stdout contains "Certifications: 1,"
 ~~~

+## Certify an identity that is not self-signed
+
+_Requirement: We can certify a user identity on a cert, even if that
+user identity doesn't exist on that cert, and consequently has no
+self-signature._
+
+~~~scenario
+given an installed sq
+when I run sq --no-cert-store key generate --userid Alice --output alice.pgp
+when I run sq --no-cert-store key extract-cert alice.pgp -o alice-cert.pgp
+when I run sq --no-cert-store key generate --userid Bob --output bob.pgp
+when I run sq --no-cert-store key extract-cert bob.pgp -o bob-cert.pgp
+
+when I run sq --no-cert-store inspect bob-cert.pgp
+then stdout doesn't contain "Certifications:"
+
+when I run sq --no-cert-store certify --add-userid alice.pgp bob-cert.pgp "My friend Bob" -o cert.pgp
+when I run sq --no-cert-store inspect cert.pgp
+then stdout contains "My friend Bob"
+then stdout contains "Certifications: 1,"
+~~~
+

 # Sign a document and verify the signature: `sq sign` and `sq verify`

--- a/src/cli/certify.rs
+++ b/src/cli/certify.rs
@ -159,6 +159,13 @@ pub struct Command {
            The special keyword \"never\" sets an unlimited expiry.",
    )]
    pub expiry: Expiry,
+    #[clap(
+        long,
+        help = "Add the given user ID if it doesn't exist.",
+        long_help =
+            "Add the given user ID if it doesn't exist in the certificate.",
+    )]
+    pub add_userid: bool,
    #[clap(
        long = "allow-not-alive-certifier",
        help = "Don't fail if the certificate making the \
--- a/src/commands/certify.rs
+++ b/src/commands/certify.rs
@ -56,12 +56,16 @@ pub fn certify(config: Config, c: certify::Command)
    for ua in vc.userids() {
        if let Ok(a_userid) = std::str::from_utf8(ua.userid().value()) {
            if a_userid == userid {
-                u = Some(ua.userid());
+                u = Some(ua.userid().clone());
                break;
            }
        }
    }

+    if u.is_none() && c.add_userid {
+        u = Some(UserID::from(userid.as_str()));
+    }
+
    let userid = if let Some(userid) = u {
        userid
    } else {
@ -142,8 +146,11 @@ pub fn certify(config: Config, c: certify::Command)
        .sign_userid_binding(
            &mut signer,
            cert.primary_key().component(),
-            userid)?;
-    let cert = cert.insert_packets(certification.clone())?;
+            &userid)?;
+    let cert = cert.insert_packets(vec![
+        Packet::from(userid),
+        Packet::from(certification.clone()),
+    ])?;
    assert!(cert.clone().into_packets().any(|p| {
        match p {
            Packet::Signature(sig) => sig == certification,