slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,343 Commits 1 Branch 2 Tags 47 MiB
379248aa64
Commit Graph

8 Commits

Author SHA1 Message Date
Justus Winter
012e762d38
Align user ID designators in sq pki link retract. 
- User IDs have to be explicitly given, or `--all` has to be used to
    select them all (this was previously the default).

  - This aligns the retract subcommand with the other link and vouch
    management commands.

  - Fixes #442.
 2024-11-28 18:07:30 +01:00
Justus Winter
3b1bd79195
Align user ID designators in sq pki {link,vouch} {add,authorize}. 
- Align user ID designators across these four commands.  Previously,
    `--all` was implied for the authorize commands if no user ID
    designator was given.

  - However, this is problematic for the following reasons:

    - First, it is inconsistent across the commands.

    - Second, while CAs can add any name to their cert because they
      are CAs, those certifications are subject to constraints, such
      as domain constraints, or the amount.  But, the link we add
      fully authenticates the current user IDs, which may not be what
      the user wants, so it should require explicit consent.

    - Third, making this implicit again is easier than going from
      implicit to explicit, which breaks existing users.

  - Fixes #442.
 2024-11-27 13:33:30 +01:00
Justus Winter
6688e0a6d7
Rename sq pki vouch certify to sq pki vouch add. 
- This makes it consistent with `sq pki link add` and all the other
    commands that add components to certs.

  - Fixes #433.
 2024-11-20 12:00:23 +01:00
Neal H. Walfield
9eb0f0754e
Change --add-userid from a flag to two arguments. 
- `sq pki link add`, `sq pki link authorize`, `sq pki vouch
    certify`, and `sq pki vouch authorize` have a `--add-userid` flag.

  - Replace the `--add-userid` flag with an `--add-userid` argument,
    and an `--add-email` argument.

  - This change means that a flag does not change how an argument is
    interpreted.  It also makes it more explicit whether a user ID
    should be added, because `--userid` and `--email` could be given
    multiple times.

  - See #309 and #318.
 2024-11-13 13:51:35 +01:00
Neal H. Walfield
fbd7f260e7
tests: Abstract user ID argument passing. 
- Add a new type, `UserIDArg`, which represents a user ID argument.

  - Change functions that take user IDs like `Sq::key_generate` to use
    it.
 2024-11-13 13:19:40 +01:00
Neal H. Walfield
a779fbb277
Add a test. 
- `sq pki link authorize` certifies all self-signed user IDs when
    no user IDs are provided.  Add a test that checks that it silently
    ignores invalid self-signed user IDs (e.g., revoked user IDs) in
    this case.
 2024-10-18 09:45:08 +02:00
Neal H. Walfield
9d2d34b990
Move sq pki {certify,authorize} under sq pki vouch. 
- Move `sq pki certify` and `sq pki authorize` under `sq pki vouch`.

  - This mirrors `sq pki link`.
 2024-10-18 08:49:07 +02:00
Neal H. Walfield
609c5aab16
Split authorization functionality out of sq pki link add. 
- Split authorization functionality out of `sq pki link add` into a
    new command, `sq pki link authorize`.

  - Align `sq pki link authorize`'s arguments with `sq pki authorize`
    arguments.
 2024-10-17 16:42:35 +02:00