Implement sq key adopt --expire.

This commit is contained in:
Justus Winter 2023-04-14 10:10:07 +02:00
parent 956dc42faf
commit f7cdc4274d
No known key found for this signature in database
GPG Key ID: 686F55B4AB2B3386
2 changed files with 13 additions and 3 deletions

View File

@ -633,8 +633,12 @@ fn adopt(config: Config, command: sq_cli::key::AdoptCommand) -> Result<()> {
// Add the keys and signatures to cert.
let mut packets: Vec<Packet> = vec![];
for (_, ka) in wanted.into_iter() {
let (key, builder) = ka.expect("Checked for missing keys above.");
let mut builder = builder;
let (key, mut builder) = ka.expect("Checked for missing keys above.");
// Set key expiration.
if let Some(e) = &command.expire {
builder = builder.set_key_expiration_time(&key, e.timestamp()?)?;
}
// If there is a valid backsig, recreate it.
let need_backsig = builder.key_flags()

View File

@ -1,6 +1,6 @@
use clap::{ValueEnum, ArgGroup, Args, Parser, Subcommand};
use crate::sq_cli::types::IoArgs;
use crate::sq_cli::types::{self, IoArgs};
#[derive(Parser, Debug)]
#[clap(
@ -442,6 +442,12 @@ pub struct AdoptCommand {
)]
// TODO Type should be KeyHandle, improve help
pub key: Vec<String>,
#[clap(
long = "expire",
value_name = "KEY-EXPIRATION-TIME",
help = "Makes adopted subkeys expire at the given time",
)]
pub expire: Option<types::Time>,
#[clap(
long = "allow-broken-crypto",
help = "Allows adopting keys from certificates \