tool: Add `--known-notation` option to `sq`

This option marks the given notation name as good and known. This
affects the verification procedure as unknown critical notations would
otherwise cause the signature verification failure.

Fixes #77.

3 files changed, 22 insertions, 4 deletions

diff --git a/tool/src/sq-usage.rs b/tool/src/sq-usage.rs
index 420bcee2..0312d07f 100644
--- a/tool/src/sq-usage.rs
+++ b/tool/src/sq-usage.rs
@@ -14,9 +14,12 @@
 //!     -V, --version    Prints version information
 //!
 //! OPTIONS:
-//!         --home <DIRECTORY>           Sets the home directory to use
-//!     -m, --mapping <MAPPING>          Sets the realm and mapping to use [default: org.sequoia-pgp.contacts/default]
-//!     -p, --policy <NETWORK-POLICY>    Sets the network policy to use
+//!         --home <DIRECTORY>                Sets the home directory to use
+//!         --known-notation <NOTATION>...    The notation name is considered known. This is used when validating
+//!                                           sigantures. Signatures that have unknown notations with the critical bit set
+//!                                           are considered invalid.
+//!     -m, --mapping <MAPPING>               Sets the realm and mapping to use [default: org.sequoia-pgp.contacts/default]
+//!     -p, --policy <NETWORK-POLICY>         Sets the network policy to use
 //!
 //! SUBCOMMANDS:
 //!     decrypt      Decrypts an OpenPGP message
diff --git a/tool/src/sq.rs b/tool/src/sq.rs
index 421dadae..cdb309dd 100644
--- a/tool/src/sq.rs
+++ b/tool/src/sq.rs
@@ -212,10 +212,15 @@ fn help_warning(arg: &str) {
 }
 
 fn main() -> Result<()> {
-    let policy = &P::new();
+    let policy = &mut P::new();
 
     let matches = sq_cli::build().get_matches();
 
+    let known_notations: Vec<&str> = matches.values_of("known-notation")
+        .unwrap_or_default()
+        .collect();
+    policy.good_critical_notations(&known_notations);
+
     let network_policy = match matches.value_of("policy") {
         None => NetworkPolicy::Encrypted,
         Some("offline") => NetworkPolicy::Offline,
diff --git a/tool/src/sq_cli.rs b/tool/src/sq_cli.rs
index 52e43c98..fb98cd65 100644
--- a/tool/src/sq_cli.rs
+++ b/tool/src/sq_cli.rs
@@ -27,6 +27,16 @@ pub fn build() -> App<'static, 'static> {
              .long("force")
              .short("f")
              .help("Overwrite existing files"))
+        .arg(Arg::with_name("known-notation")
+             .long("known-notation")
+             .multiple(true)
+             .takes_value(true)
+             .value_name("NOTATION")
+             .number_of_values(1)
+             .help("The notation name is considered known. \
+               This is used when validating sigantures. \
+               Signatures that have unknown notations with the \
+               critical bit set are considered invalid."))
         .subcommand(SubCommand::with_name("decrypt")
                     .display_order(10)
                     .about("Decrypts an OpenPGP message")