Commit Graph

1171 Commits

Author SHA1 Message Date
Neal H. Walfield
60b369274b
Refactor common::get_keys to be less clever.
- Refactor `common::get_keys` to have two loops that are relatively
    straightforward instead of having a single loop that is clever.
2024-11-18 17:59:19 +01:00
Neal H. Walfield
1374ff8458
Fix sq pki path to use Sq::resolve_cert.
- Certificates designated by the use should be looked up using
    `Sq::resolve_cert`, and not `Sq::lookup_one`, which also considers
    subkeys.

  - Change `sq pki path` to use `Sq::resolve_cert`.

  - Fixes #207.
2024-11-18 17:58:43 +01:00
Neal H. Walfield
b49386a886
Remove unnecessary lookup.
- `Sq::resolve_cert` already returns the certificate.  Don't look it
    up again.
2024-11-18 17:58:38 +01:00
Neal H. Walfield
6ffdd4aab7
Fix documentation.
- It's called `--cert-grep` now, not `--grep`.
2024-11-18 17:41:27 +01:00
Neal H. Walfield
2fb5cc4abf
Don't add approvals for non-exportable certifications or certs.
- Change `sq key approvals list` and `sq key approvals update` to
    ignore certifications that are not exportable, and certificates
    that are not exportable, or are a shadow CA.

  - Fixes #402.
2024-11-18 16:40:48 +01:00
Neal H. Walfield
915e8da4da
Move the ca_creation_time function to the common module.
- Move the `ca_creation_time` function to the `common` module so
    that other code can use it.
2024-11-18 16:40:48 +01:00
Neal H. Walfield
5619472ae2
Change the packet dumper to show the issuer, when available.
- When dumping a signature, look up the issuer listed in in any
    issuer or issuer fingerprint subpackets.  If we have a
    certificate, show a user ID.
2024-11-18 16:40:47 +01:00
Justus Winter
382c587fa9
Remove the --binary flag from all commands emitting certs or keys.
- Fixes #384.
2024-11-18 16:19:54 +01:00
Justus Winter
91f4400c26
Use --cert- prefix for all cert designators.
- Resolves a conflict with the user ID designators, and makes the
    interface more consistent.

  - Fixes #385.
2024-11-18 14:57:09 +01:00
Justus Winter
e61a03f863
Remove sq toolbox strip-userid.
- Fixes #439.
2024-11-18 14:15:37 +01:00
Justus Winter
db5a2bbe3b
Turn sq key approvals --add-authenticated into a flag.
- And require full authentication of peers.

  - Fixes #440.
2024-11-18 13:56:35 +01:00
Neal H. Walfield
01aa1d1619
When searching by fingerprint, show any unauthenticated certificate.
- `sq cert list FINGERPRINT` does not show the certificate if the
    certificate could not be authenticated.  Since the user is
    searching by fingerprint, which is self authenticating, we don't
    run the risk of showing something irrelevant.  As such, always
    show the certificate in this case.

  - Fixes #408.
2024-11-18 11:23:46 +01:00
Neal H. Walfield
7d44c8e3d5
Rearrange the order of the user ID designator arguments.
- Rearrange the order of the user ID designators arguments so that
    the help output is easier to scan.  Specifically, move
    `--userid-or-add` immediately after `--userid`, `--email-or-add`
    immediately after `--email`, and `--name-or-add` immediately after
    `--name`.
2024-11-18 10:40:34 +01:00
Neal H. Walfield
cef1542ee4
Rename --add-userid to --userid-or-add, etc.
- Rename `--add-userid` to `--userid-or-add`, `--add-email` to
    `--email-or-add`, and `--add-name` to `--name-or-add`.  The new
    names better reflect the semantics: we first try to select a user
    ID based on the designator, and then fall back to adding it as it.
2024-11-18 10:40:18 +01:00
Neal H. Walfield
df5eb0c4d2
Add support for examples that are only syntax checked.
- Currently, we execute all examples.  Unfortunately, some examples
    can't be executed reliably, e.g., those that require network access.

  - Add a new example variant that is only syntax checked.

  - Fixes #423.

  - Add some examples for `sq network search`.
2024-11-16 22:01:18 +01:00
Neal H. Walfield
3f21498607
Add some tracing. 2024-11-16 21:19:44 +01:00
Neal H. Walfield
84b1bf99c6
Fix sq cert list for fingerprints and key IDs.
- The implementation of `sq cert list` tried to parse the
    pattern.  To do so, it relied on type inference to determine how
    to parse it.  The type was inferred from the type of the `cert`
    parameter to `authenticate`.  In
    2e17dec9ad, the type of the `cert`
    parameter changed from `KeyHandle` to `Cert`.  `Cert` has a
    `Parse` implementation so the type system didn't detect anything
    wrong.  However, we were now trying to parse the pattern as a
    `Cert` instead of a `KeyHandle`, which would fail for key handles.

  - Fix it, and add some tests for `sq cert list`.
2024-11-16 21:19:28 +01:00
Neal H. Walfield
ebea7371db
Implement From<KeyHandle> for CertDesignators.
- To make it easier to call `Sq::resolve_cert` with a fingerprint,
    implement `From<KeyHandle>` for `CertDesignators`.
2024-11-16 21:11:08 +01:00
Neal H. Walfield
6353cd61b2
When listing who made a certification, show the fingerprint.
- `sq key approvals list` shows a user ID for the certificate that
    made a certification, but not its fingerprint.  Also show the
    fingerprint.
2024-11-16 19:01:23 +01:00
Neal H. Walfield
8edf3de3de
When listing approvals, indicate whether there are any pending.
- When `sq key approvals list` is used to list approvals, indicate
    whether any certifications are pending approval, and suggest using
    `--pending` to view them.
2024-11-16 19:01:14 +01:00
Neal H. Walfield
491d15be17
Make sq key approvals more transparent.
- Show how many approvals were added, and how many were retracted.

  - Fixes #436.
2024-11-16 18:37:57 +01:00
Neal H. Walfield
d54334b97b
Make sq key approvals update require an action.
- `sq key approvals update` doesn't require an action, but it
    should.  Make it so.

  - See #436.
2024-11-16 18:22:05 +01:00
Neal H. Walfield
f95db6fc9e
Lint user IDs that would be added and are not self signed.
- When a user ID designator designates a user ID that is not
    self-signed, and the command would add it to the certificate, check
    that it is in canonical form.

  - The relevant commands are: `sq key userid revoke`, `sq pki link
    add`, `sq pki link authorize`, `sq pki vouch certify`, and `sq pki
    vouch authorize`

  - Allow the user to disable the check with a new flag,
    `--allow-non-canonical-userids`.

  - Fixes #437.
2024-11-16 17:31:33 +01:00
Neal H. Walfield
f176fe9a4c
Rename sq toolbox dearmor to sq packet dearmor.
- See #326.
2024-11-16 10:12:36 +01:00
Neal H. Walfield
5a500f8fee
Rename sq toolbox armor to sq packet armor.
- See #326.
2024-11-16 10:09:56 +01:00
Neal H. Walfield
d46844ca35
Move sq toolbox packet to sq packet.
- Make `sq packet` a top-level subcommand.

  - See #326.
2024-11-16 10:07:07 +01:00
Neal H. Walfield
e1a4fa656c
Move sq toolbox keyring to sq keyring.
- Make `sq keyring` a top-level subcommand.

  - See #326.
2024-11-16 10:06:59 +01:00
Neal H. Walfield
050bba99f8
Fix comment. 2024-11-16 07:13:29 +01:00
Neal H. Walfield
8e41fb7cd4
tests: Fix check.
- When checking if there are any user ID arguments, also check for
    `--userid`.
2024-11-16 07:12:13 +01:00
Neal H. Walfield
574dcf9b22
Show standard usage if no arguments are supplied to sq cert export.
- `sq cert export` uses a custom error message if the user does not
    designate any certificates.

  - Instead, require that the user designate using clap, which prints
    a nicer error message if this is violated.
2024-11-15 20:59:15 +01:00
Neal H. Walfield
b76cec64b6
Port sq toolbox userid-strip to the user ID designator framework.
- Fixes #434.
2024-11-15 20:43:50 +01:00
Neal H. Walfield
4dbeebc045
Port sq cert list and two more to the user ID designator framework.
- Port `sq cert list`, `sq pki authenticate` and `sq pki lookup` to
    the user ID designator framework.  See #434.

  - This changes the user ID parameter from a positional parameter
    to a named parameter, and drops the `--email` flag.  See #318.
2024-11-15 17:47:05 +01:00
Neal H. Walfield
472ba5a3a7
Upgrade sequoia-wot.
- Upgrade to the 0.13.2, which includes a fix that the next change
    requires.
2024-11-15 17:45:55 +01:00
Neal H. Walfield
b655bb2730
Move the authenticate function to its own module under common.
- Move `commands::pki::authenticate` to `common::pki::authenticate`.

  - Also move the output module.
2024-11-15 16:17:49 +01:00
Neal H. Walfield
f419837b31
Improve the format of error messages for failing examples.
- Compiler error messages are usually formatted as follows:

    PROGRAM:FILE_NAME:LINENO: MESSAGE

  - When an example fails, format it accordingly.

  - This has the advantage that IDEs like emacs can jump to the
    specified location.
2024-11-15 11:04:39 +01:00
Neal H. Walfield
10cb342612
Revise the authenticate code's linting.
- `commands::pki::authenticate` is now given the certificate to
    authenticate.  Revise the linting code to take advantage of this.
2024-11-15 11:04:38 +01:00
Neal H. Walfield
2e17dec9ad
Port sq pki {authenticate,identify} to the cert designator framework.
- Port `sq pki authenticate` and `sq pki identify` to the cert
    designator framework.  See #207.

  - This changes the certificate parameter from a positional parameter
    to a named parameter.  See #318.
2024-11-15 11:04:38 +01:00
Neal H. Walfield
d561fad1a6
Move the sq pki identify cli definition to its own module. 2024-11-14 21:09:53 +01:00
Neal H. Walfield
dd7345340b
Move the sq pki lookup cli definition to its own module. 2024-11-14 21:09:52 +01:00
Neal H. Walfield
64aaa04914
Move the sq pki authenticate cli definition to its own module. 2024-11-14 21:09:42 +01:00
Justus Winter
beb850a673
Improve documentation.
- Fixes 14f4c8fd3a.
2024-11-14 17:35:30 +01:00
Justus Winter
64ab3c6dd3
Expand ~ in state directories.
- Fixes #391.
2024-11-14 17:30:41 +01:00
Justus Winter
0a8ba2b3f7
Make sq encrypt --set-metadata-filename take a simple string.
- Previously, the file name was constructed from the path of the
    input file, using some transformations that may be considered
    surprising (notably, the file name of unspecified encoding was
    transformed into UTF-8 using a lossy mechanism).

  - Avoid this opaque transformation by taking an explicit string
    argument.

  - Fixes #351.
2024-11-14 16:55:42 +01:00
Justus Winter
b916a13426
Remove sq encrypt --set-metadata-time.
- The literal data packet's time field is problematic for a variety
    of reasons.  The previous timestamp interface allows a number of
    time sources (ctime, mtime, message time (that is way better
    encoded in the signature creation time), explicit timestamp), but
    the information about what kind of timestamp this should be is
    lost when the time is encoded, without warning.

  - Remove it.

  - See #351.
2024-11-14 16:55:41 +01:00
Neal H. Walfield
f16ef5d878
Port sq pki path to the user ID designator framework.
- Port `sq pki path` to the user ID designator framework.
    See #434.

  - This change adds two new additional arguments, `--email` and
    `--name`.
2024-11-14 16:48:49 +01:00
Neal H. Walfield
24f12c6fd8
Add support for adding a user ID by display name.
- Extend the user ID designator framework to allow designating a
    self-signed user ID by its display name, or adding a new user ID
    if none match.
2024-11-14 16:48:49 +01:00
Neal H. Walfield
0e36a20d97
Make sq pki path's user ID argument a named argument.
- See #318.
2024-11-14 16:48:49 +01:00
Neal H. Walfield
428e4dbde3
Move the sq pki path cli definition to its own module. 2024-11-14 16:48:49 +01:00
Neal H. Walfield
4095e19529
Move the sq pki path implementation to its own module. 2024-11-14 16:48:49 +01:00
Justus Winter
ec80c67e47
Make sq download --output mandatory.
- Fixes #438.
2024-11-14 16:24:43 +01:00