Use cert designators for the certifier in sq pki vouch certify.

- See #207.
This commit is contained in:
Justus Winter 2024-10-24 15:45:52 +02:00
parent b7f3c1198c
commit ca24cbfc7e
No known key found for this signature in database
GPG Key ID: 686F55B4AB2B3386
3 changed files with 39 additions and 34 deletions

View File

@ -1,22 +1,16 @@
//! Command-line parser for `sq pki vouch certify`.
use clap::ArgGroup;
use clap::Parser;
use sequoia_openpgp as openpgp;
use openpgp::KeyHandle;
use crate::cli::THIRD_PARTY_CERTIFICATION_VALIDITY_DURATION;
use crate::cli::THIRD_PARTY_CERTIFICATION_VALIDITY_IN_YEARS;
use crate::cli::types::CertDesignators;
use crate::cli::types::ClapData;
use crate::cli::types::Expiration;
use crate::cli::types::FileOrStdin;
use crate::cli::types::FileOrStdout;
use crate::cli::types::TrustAmount;
use crate::cli::types::UserIDDesignators;
use crate::cli::types::cert_designator;
use crate::cli::types::cert_designator::{self, *};
use crate::cli::types::userid_designator;
use crate::cli::examples::*;
@ -87,21 +81,12 @@ reference time.
),
after_help = CERTIFY_EXAMPLES,
)]
#[clap(group(ArgGroup::new("certifier_input").args(&["certifier_file", "certifier"]).required(true)))]
pub struct Command {
#[clap(
long,
value_name = "KEY",
help = "Create the certification using KEY.",
)]
pub certifier: Option<KeyHandle>,
#[clap(
long,
value_name = "KEY-FILE",
required = true,
help = "Create the certification using KEY-FILE.",
)]
pub certifier_file: Option<FileOrStdin>,
#[command(flatten)]
pub certifier: CertDesignators<CertUserIDEmailFileArgs,
CertifierPrefix,
OneValue,
CertifierDoc>,
#[command(flatten)]
pub cert: CertDesignators<

View File

@ -88,6 +88,19 @@ impl ArgumentPrefix for RevokerPrefix {
}
}
/// "--certifier", "--certifier-userid", "--certifier-file", etc.
pub type CertifierPrefix = ConcreteArgumentPrefix<typenum::U5>;
impl ArgumentPrefix for CertifierPrefix {
fn prefix() -> &'static str {
"certifier-"
}
fn name() -> &'static str {
"certifier"
}
}
/// Adds a `--file` argument.
pub type FileArg = typenum::U1;
@ -220,6 +233,24 @@ impl AdditionalDocs for ToVerifyDoc {
}
}
/// Documentation for certifier arguments.
pub struct CertifierDoc {}
impl AdditionalDocs for CertifierDoc {
fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr {
match arg {
"file" =>
"Create the certification using the key read from PATH"
.into(),
_ => {
debug_assert!(help.starts_with("Use certificates"));
help.replace("Use certificates",
"Create the certification using the key")
.into()
},
}
}
}
/// A certificate designator.
#[derive(Debug)]
pub enum CertDesignator {

View File

@ -1,27 +1,16 @@
use sequoia_openpgp as openpgp;
use openpgp::Result;
use openpgp::types::KeyFlags;
use crate::Sq;
use crate::cli::pki::vouch::certify;
use crate::cli::types::FileStdinOrKeyHandle;
use crate::commands::FileOrStdout;
use crate::parse_notations;
pub fn certify(sq: Sq, mut c: certify::Command)
-> Result<()>
{
let certifier: FileStdinOrKeyHandle = if let Some(file) = c.certifier_file {
assert!(c.certifier.is_none());
file.into()
} else if let Some(kh) = c.certifier {
kh.into()
} else {
panic!("clap enforces --certifier or --certifier-file is set");
};
let certifier = sq.lookup_one(
certifier, Some(KeyFlags::empty().set_certification()), true)?;
let certifier =
sq.resolve_cert(&c.certifier, sequoia_wot::FULLY_TRUSTED)?.0;
let (cert, source) = sq.resolve_cert(&c.cert, sequoia_wot::FULLY_TRUSTED)?;
if source.is_file() {