Use cert designators for the certifier in sq pki vouch certify
.
- See #207.
This commit is contained in:
parent
b7f3c1198c
commit
ca24cbfc7e
@ -1,22 +1,16 @@
|
||||
//! Command-line parser for `sq pki vouch certify`.
|
||||
|
||||
use clap::ArgGroup;
|
||||
use clap::Parser;
|
||||
|
||||
use sequoia_openpgp as openpgp;
|
||||
use openpgp::KeyHandle;
|
||||
|
||||
use crate::cli::THIRD_PARTY_CERTIFICATION_VALIDITY_DURATION;
|
||||
use crate::cli::THIRD_PARTY_CERTIFICATION_VALIDITY_IN_YEARS;
|
||||
|
||||
use crate::cli::types::CertDesignators;
|
||||
use crate::cli::types::ClapData;
|
||||
use crate::cli::types::Expiration;
|
||||
use crate::cli::types::FileOrStdin;
|
||||
use crate::cli::types::FileOrStdout;
|
||||
use crate::cli::types::TrustAmount;
|
||||
use crate::cli::types::UserIDDesignators;
|
||||
use crate::cli::types::cert_designator;
|
||||
use crate::cli::types::cert_designator::{self, *};
|
||||
use crate::cli::types::userid_designator;
|
||||
|
||||
use crate::cli::examples::*;
|
||||
@ -87,21 +81,12 @@ reference time.
|
||||
),
|
||||
after_help = CERTIFY_EXAMPLES,
|
||||
)]
|
||||
#[clap(group(ArgGroup::new("certifier_input").args(&["certifier_file", "certifier"]).required(true)))]
|
||||
pub struct Command {
|
||||
#[clap(
|
||||
long,
|
||||
value_name = "KEY",
|
||||
help = "Create the certification using KEY.",
|
||||
)]
|
||||
pub certifier: Option<KeyHandle>,
|
||||
#[clap(
|
||||
long,
|
||||
value_name = "KEY-FILE",
|
||||
required = true,
|
||||
help = "Create the certification using KEY-FILE.",
|
||||
)]
|
||||
pub certifier_file: Option<FileOrStdin>,
|
||||
#[command(flatten)]
|
||||
pub certifier: CertDesignators<CertUserIDEmailFileArgs,
|
||||
CertifierPrefix,
|
||||
OneValue,
|
||||
CertifierDoc>,
|
||||
|
||||
#[command(flatten)]
|
||||
pub cert: CertDesignators<
|
||||
|
@ -88,6 +88,19 @@ impl ArgumentPrefix for RevokerPrefix {
|
||||
}
|
||||
}
|
||||
|
||||
/// "--certifier", "--certifier-userid", "--certifier-file", etc.
|
||||
pub type CertifierPrefix = ConcreteArgumentPrefix<typenum::U5>;
|
||||
|
||||
impl ArgumentPrefix for CertifierPrefix {
|
||||
fn prefix() -> &'static str {
|
||||
"certifier-"
|
||||
}
|
||||
|
||||
fn name() -> &'static str {
|
||||
"certifier"
|
||||
}
|
||||
}
|
||||
|
||||
/// Adds a `--file` argument.
|
||||
pub type FileArg = typenum::U1;
|
||||
|
||||
@ -220,6 +233,24 @@ impl AdditionalDocs for ToVerifyDoc {
|
||||
}
|
||||
}
|
||||
|
||||
/// Documentation for certifier arguments.
|
||||
pub struct CertifierDoc {}
|
||||
impl AdditionalDocs for CertifierDoc {
|
||||
fn help(arg: &'static str, help: &'static str) -> clap::builder::StyledStr {
|
||||
match arg {
|
||||
"file" =>
|
||||
"Create the certification using the key read from PATH"
|
||||
.into(),
|
||||
_ => {
|
||||
debug_assert!(help.starts_with("Use certificates"));
|
||||
help.replace("Use certificates",
|
||||
"Create the certification using the key")
|
||||
.into()
|
||||
},
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/// A certificate designator.
|
||||
#[derive(Debug)]
|
||||
pub enum CertDesignator {
|
||||
|
@ -1,27 +1,16 @@
|
||||
use sequoia_openpgp as openpgp;
|
||||
use openpgp::Result;
|
||||
use openpgp::types::KeyFlags;
|
||||
|
||||
use crate::Sq;
|
||||
use crate::cli::pki::vouch::certify;
|
||||
use crate::cli::types::FileStdinOrKeyHandle;
|
||||
use crate::commands::FileOrStdout;
|
||||
use crate::parse_notations;
|
||||
|
||||
pub fn certify(sq: Sq, mut c: certify::Command)
|
||||
-> Result<()>
|
||||
{
|
||||
let certifier: FileStdinOrKeyHandle = if let Some(file) = c.certifier_file {
|
||||
assert!(c.certifier.is_none());
|
||||
file.into()
|
||||
} else if let Some(kh) = c.certifier {
|
||||
kh.into()
|
||||
} else {
|
||||
panic!("clap enforces --certifier or --certifier-file is set");
|
||||
};
|
||||
|
||||
let certifier = sq.lookup_one(
|
||||
certifier, Some(KeyFlags::empty().set_certification()), true)?;
|
||||
let certifier =
|
||||
sq.resolve_cert(&c.certifier, sequoia_wot::FULLY_TRUSTED)?.0;
|
||||
|
||||
let (cert, source) = sq.resolve_cert(&c.cert, sequoia_wot::FULLY_TRUSTED)?;
|
||||
if source.is_file() {
|
||||
|
Loading…
Reference in New Issue
Block a user