slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move the domain to regex conversion functionality to common.

Browse Source 
- Move the code that converts a domain to a regular expression in
    `src/commands/pki/link.rs` to `src/common/pki/certify.rs`.
This commit is contained in:
Neal H. Walfield 2024-10-14 15:33:10 +02:00
parent 712bb1991b
commit d303694e9d
No known key found for this signature in database
GPG Key ID: 6863C9AD5B4D22D3
4 changed files with 38 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/commands/pki/authorize.rs
View File

@ -152,6 +152,7 @@ pub fn authorize(sq: Sq, mut c: authorize::Command)
true, // User supplied user IDs.
&[(c.amount, c.expiration)],
c.depth,
&[], // Domain.
&c.regex[..],
c.local,
c.non_revocable,

2
src/commands/pki/certify.rs
View File

@ -155,7 +155,7 @@ pub fn certify(sq: Sq, mut c: certify::Command)
true, // User supplied user IDs.
&[(c.amount, c.expiration)],
0,
&[][..],
&[][..], &[][..], // Domain, regex.
c.local,
c.non_revocable,
&notations[..],

34
src/commands/pki/link.rs
View File

@ -268,39 +268,12 @@ pub fn add(sq: Sq, c: link::AddCommand)
if domain == "*" {
star = true;
}
if let Err(err) = UserIDQueryParams::is_domain(&domain) {
return Err(err).context(format!(
"{:?} is not a valid domain", domain));
}
}
// If there's a catch all, we don't need to add any regular
// expressions.
if star {
regex = Vec::new();
} else {
for mut domain in c.ca.into_iter() {
// Escape any control characters.
const CONTROL: &[(&str, &str)] = &[
(".", "\\."),
("|", "\\|"),
("(", "\\("),
(")", "\\)"),
("*", "\\*"),
("+", "\\+"),
("?", "\\?"),
("^", "\\^"),
("$", "\\$"),
("[", "\\["),
("]", "\\]"),
];
for (c, e) in CONTROL.iter() {
domain = domain.replace(c, e);
}
regex.push(format!("<[^>]+[@.]{}>$", domain));
}
}
let notations = parse_notations(c.notation)?;
@ -333,6 +306,11 @@ pub fn add(sq: Sq, c: link::AddCommand)
user_supplied_userids,
&templates,
trust_depth,
if star {
&[][..]
} else {
&c.ca[..]
},
&regex[..],
true, // Local.
false, // Non-revocable.
@ -375,7 +353,7 @@ pub fn retract(sq: Sq, c: link::RetractCommand)
user_supplied_userids,
&[(TrustAmount::None, Expiration::Never)],
0,
&[][..],
&[][..], &[][..], // Domain, regex.
true, // Local.
false, // Non-revocable.
&notations[..],

30
src/common/pki/certify.rs
View File

@ -20,6 +20,7 @@ use openpgp::types::SignatureType;
use sequoia_cert_store as cert_store;
use cert_store::StoreUpdate;
use cert_store::store::UserIDQueryParams;
use crate::Sq;
use crate::cli::types::Expiration;
@ -166,6 +167,7 @@ pub fn certify(sq: &Sq,
user_supplied_userids: bool,
templates: &[(TrustAmount<u8>, Expiration)],
trust_depth: u8,
domain: &[String],
regex: &[String],
local: bool,
non_revocable: bool,
@ -192,6 +194,34 @@ pub fn certify(sq: &Sq,
let mut base
= SignatureBuilder::new(SignatureType::GenericCertification);
for domain in domain {
if let Err(err) = UserIDQueryParams::is_domain(domain) {
return Err(err).context(format!(
"{:?} is not a valid domain", domain));
}
// Escape any control characters.
const CONTROL: &[(&str, &str)] = &[
(".", "\\."),
("|", "\\|"),
("(", "\\("),
(")", "\\)"),
("*", "\\*"),
("+", "\\+"),
("?", "\\?"),
("^", "\\^"),
("$", "\\$"),
("[", "\\["),
("]", "\\]"),
];
let mut domain = domain.to_string();
for (c, e) in CONTROL.iter() {
domain = domain.replace(c, e);
}
base = base.add_regular_expression(format!("<[^>]+[@.]{}>$", domain))?;
}
for regex in regex {
base = base.add_regular_expression(regex)?;
}