Commit Graph

210 Commits

Author SHA1 Message Date
Neal H. Walfield
b0a414a9c3
Make sq key subkey expire's expiration argument a named argument.
- `sq key subkey expire`'s expiration argument is a positional
    argument.  Change it to a named argument.

  - See #318.
2024-10-28 18:58:07 +01:00
Neal H. Walfield
7401c26ff5
Rework gossip.
- Currently, when the user requests gossip, we show all the found
    paths as being untrusted, even though some can be authenticated.
    This is confusing.

  - When getting gossip paths, specify the trust roots.  As of
    `sequoia-wot` 0.13.0, this will also authenticate any returned
    paths.

  - Fixes #338.
2024-10-26 09:30:07 +02:00
Neal H. Walfield
c9bdd6e002
tests: Dry out certificate handling.
- Many commands output a certificate.  Add a helper function to
    parse the output (wherever it may be).
2024-10-25 16:37:25 +02:00
Justus Winter
f3555c5a14
Use cert designators for sq key approvals update.
- See #207.
2024-10-24 14:41:21 +02:00
Justus Winter
a30799e093
Use cert designators for sq key subkey bind.
- See #207.
2024-10-24 14:41:21 +02:00
Justus Winter
33053757dc
Use cert designators for sq key subkey revoke.
- See #207.
2024-10-24 14:41:21 +02:00
Justus Winter
cb1bb1f944
Use cert designators for sq key subkey expire.
- See #207.
2024-10-24 14:40:39 +02:00
Justus Winter
7a0a844512
Use cert designators for sq key subkey password.
- See #207.
2024-10-24 14:40:27 +02:00
Justus Winter
625f1e8a17
Use cert designators for sq key subkey delete.
- See #207.
2024-10-24 14:40:27 +02:00
Justus Winter
74e7f4dd33
Use cert designators for sq key subkey add.
- See #207.
2024-10-23 18:04:13 +02:00
Justus Winter
37e2b65c6f
Use cert designators for sq key revoke.
- See #207.
2024-10-23 17:02:42 +02:00
Justus Winter
5c392b7d0a
Use cert designators for sq key expire.
- See #207.
2024-10-23 16:15:24 +02:00
Justus Winter
eb784ff84c
Use cert designators for sq key password.
- See #207.
2024-10-23 16:08:42 +02:00
Justus Winter
e15852d2f7
Use cert designators for sq cert lint.
- See #207.
2024-10-23 15:28:26 +02:00
Justus Winter
fd8466564c
Make sq key delete --file require --output.
- Previously, the certificate was imported.
2024-10-22 18:13:31 +02:00
Justus Winter
14cef16528
Use cert designators for sq key delete.
- See #207.
2024-10-22 18:12:48 +02:00
Justus Winter
8c47caaee9
Change --cert to only look up by primary key fingerprint.
- See #207.
2024-10-22 15:45:59 +02:00
Justus Winter
964b5d18ef
Raise limit of stdout and stderr shown in tests. 2024-10-22 11:50:30 +02:00
Justus Winter
ffe0b7df25
Rework how fingerprint, user ID pairs are displayed.
- Displaying them on one line is infeasible: first, v6 fingerprints
    will be 64 hex digits long, filling a typical line almost by
    itself.  Second, many of the composite user IDs in use today are
    quite long by itself, and wrapping user IDs is not nice.

  - Instead, display them in two lines, with line art emphasizing the
    fact that they are a tuple.
2024-10-22 11:27:04 +02:00
Justus Winter
af7b7e3dc9
Merge sq autocrypt import into sq cert import, remove others.
- Merge `sq autocrypt import` has been merged into `sq cert import`.

  - Remove `sq autocrypt decode` and `sq autocrypt encode-sender`
    without substitute.

  - Fixes #187.
2024-10-21 16:56:55 +02:00
Justus Winter
54c70fb597
Remove the Autocrypt gossip CA framework.
- Fixes #350.
2024-10-21 14:44:43 +02:00
Justus Winter
1d1a41ac3d
Only export certificates with authenticated bindings.
- When exporting certificates selected by user IDs (i.e. --email,
    --userid, --domain, or --grep), authenticate the bindings and
    export only those certificates that can be authenticated.

  - Fixes #182.
2024-10-21 11:37:10 +02:00
Justus Winter
b98ffa6514
Remove obsolete todos. 2024-10-19 00:29:19 +02:00
Justus Winter
cef1b792dd
Merge the path printing into the concise human readable output.
- Having a single output makes it easier to keep the output
    consistent.
2024-10-19 00:27:48 +02:00
Justus Winter
d07e387eab
Rename sq verify --signer-cert to --signer.
- Fixes #372.
2024-10-18 16:32:11 +02:00
Neal H. Walfield
f934cd2e31
Move sq pki list to sq cert list.
- Move the command `sq pki list` to `sq cert list`.

  - See #358.
2024-10-18 12:17:50 +02:00
Neal H. Walfield
1f50f6fd79
Rename test files.
- Rename test files to reflect the commands they are testing.
2024-10-18 09:47:39 +02:00
Neal H. Walfield
a779fbb277
Add a test.
- `sq pki link authorize` certifies all self-signed user IDs when
    no user IDs are provided.  Add a test that checks that it silently
    ignores invalid self-signed user IDs (e.g., revoked user IDs) in
    this case.
2024-10-18 09:45:08 +02:00
Neal H. Walfield
9ad9355ed4
Don't try to certify invalid user IDs.
- `sq pki vouch authorize` certifies all self-signed user IDs when
    no user IDs are provided.  Change it to silently ignore invalid
    self-signed user IDs (e.g., revoked user IDs) in this case.
2024-10-18 09:41:07 +02:00
Neal H. Walfield
9d2d34b990
Move sq pki {certify,authorize} under sq pki vouch.
- Move `sq pki certify` and `sq pki authorize` under `sq pki vouch`.

  - This mirrors `sq pki link`.
2024-10-18 08:49:07 +02:00
Neal H. Walfield
609c5aab16
Split authorization functionality out of sq pki link add.
- Split authorization functionality out of `sq pki link add` into a
    new command, `sq pki link authorize`.

  - Align `sq pki link authorize`'s arguments with `sq pki authorize`
    arguments.
2024-10-17 16:42:35 +02:00
Neal H. Walfield
cd7b79dbae
Generalize helper function.
- Generalize `Sq::pki_link_add` and `Sq::pki_link_add_maybe` to take
    zero or more user IDs.
2024-10-17 16:41:57 +02:00
Neal H. Walfield
386992f14f
Fix sq pki link retract when retracting all certifications.
- When retracting all certifications, don't just retract
    certifications on the self-signed user IDs, retract them on all
    user IDs.
2024-10-16 12:38:22 +02:00
Neal H. Walfield
43db8fa44c
Check all user IDs, not just self-signed user IDs.
- When checking if a user ID was already signed, don't just check
    valid self-signed user IDs.
2024-10-16 12:36:45 +02:00
Neal H. Walfield
f0bfdfd1cd
Remove sq pki link retract's positional argument for specifying a user ID.
- `sq pki link retract` has a positional argument for specifying a user
    ID directly or by email address.  Remove it in favor of the named
    arguments, `--userid` and `--email`.

  - See #318.
2024-10-15 17:32:25 +02:00
Neal H. Walfield
dd75de8178
Remove sq pki link add's positional argument for specifying a user ID.
- `sq pki link add` has a positional argument for specifying a user
    ID directly or by email address.  Remove it in favor of the named
    arguments, `--userid` and `--email`.

  - See #318.
2024-10-15 17:31:49 +02:00
Neal H. Walfield
34df026d87
Change sq pki link retract to use a named argument for the certificate.
- `sq pki link retract` uses a positional argument to specify the
    certificate to retract.  Change it to be a named argument, `--cert`.

  - See #318.
2024-10-15 17:30:57 +02:00
Neal H. Walfield
bc075f9328
Change sq pki link add to use a named argument for the certificate.
- `sq pki link add` uses a positional argument to specify the
    certificate to link.  Change it to be a named argument, `--cert`.

  - See #318.
2024-10-15 17:30:22 +02:00
Neal H. Walfield
a9d419973c
Check that we don't certify our own certificate.
- `sq pki certify` and `sq pki authorize` are for creating
    third-party certifications.

  - Error out if the certifier is the same as the certificate being
    certified.
2024-10-15 12:55:56 +02:00
Neal H. Walfield
f11b3f6b59
Extend sq pki authorize to constrain by domain.
- Constraining an introducer by regex is error prone.  Add an option
    to `sq pki authorize` to constrain an introducer by domain name.
2024-10-14 17:46:18 +02:00
Neal H. Walfield
22284ed9b1
Add new subcommand sq pki authorize.
- Previously `sq pki certify` could create certifications, and mark
    a certificate as a trusted introducer (when the user set `--depth`
    to be greater than zero).  Anecdotal evidence indicates that
    combining these two actions in a single command is confusing.

  - Split the latter functionality off, and put it in a new subcommand,
    `sq pki authorize`.

  - See https://gitlab.com/sequoia-pgp/sequoia-sq/-/issues/249#note_1865470753
2024-10-14 17:46:18 +02:00
Neal H. Walfield
bea0a5b732
Generalize Sq::pki_certify to certify multiple user IDs at once.
- Generalize `Sq::pki_certify` to certify multiple user IDs at once.
2024-10-14 17:46:18 +02:00
Neal H. Walfield
3d63b8de96
Change sq pki certify to use a named argument for the certificate.
- `sq pki certify` uses a positional argument to specify the
    certificate to certify.  Change it to be a named argument, either
    `--cert`, or `--cert-file`.

  - See #318.
2024-10-14 17:46:12 +02:00
Neal H. Walfield
b40f545a24
Change sq pki certify to use a named argument for the user ID.
- `sq pki certify` uses a positional argument to specify the user
    ID to certify.  Change it to be a named argument, either
    `--userid`, or `--email`.

  - This changes the meaning of `--email` from a flag that changes how
    `--userid` interprets its argument, to an argument.

  - This also allows multiple user IDs to be specified at once.

  - See #318.
2024-10-14 17:13:08 +02:00
Neal H. Walfield
4a3c360f41
Refactor sq pki certify, sq pki link add and sq pki link retract.
- Pull similar functionality out of the implementation of `sq pki
    certify`, `sq pki link add`, and `sq pki link retract`, and put it
    in a new module, `common::pki::certify`.

  - This slightly changes the human readable output.
2024-10-14 17:13:08 +02:00
Justus Winter
aaae90ce6e
Improve some integration tests to use more of the test framework. 2024-10-11 16:53:54 +02:00
Justus Winter
b885328662
Make sq toolbox keyring filter --handle robust.
- By splitting `--handle` into `--cert` and `--key`, where the
    former only matches on primary keys, and the latter matches on
    both primary keys and subkeys.

  - Fixes #287.
2024-10-09 16:58:04 +02:00
Justus Winter
d4ce7ac095
Add tests for sq toolbox keyring filter. 2024-10-09 16:57:48 +02:00
Justus Winter
fcfbfb73b6
Run tests in a separate working directory.
- This way they can create artifacts in their working directory.
2024-10-09 16:57:48 +02:00
Justus Winter
0e5b1c0611
Deduplicate function to locate test artifacts. 2024-10-09 16:57:48 +02:00