diff options
| author | Neal H. Walfield <neal@pep.foundation> | 2022-01-17 09:59:59 +0100 |
|---|---|---|
| committer | Neal H. Walfield <neal@pep.foundation> | 2022-01-20 14:28:26 +0100 |
| commit | 406a2eacee83575724545cf943df9a79c1860c5b (patch) | |
| tree | e6fc33df16eb58f2604ed71c8b61ee703aeea383 | |
| parent | c2c142d763c51646ddce7487e4fdf21c9fd10b89 (diff) | |
sq: Move revocation subcommand dispatch to the revoke module.
| -rw-r--r-- | sq/src/commands/revoke.rs | 92 | ||||
| -rw-r--r-- | sq/src/sq.rs | 81 |
2 files changed, 92 insertions, 81 deletions
diff --git a/sq/src/commands/revoke.rs b/sq/src/commands/revoke.rs index b6dadf63..df51615c 100644 --- a/sq/src/commands/revoke.rs +++ b/sq/src/commands/revoke.rs @@ -3,15 +3,20 @@ use std::time::SystemTime; use sequoia_openpgp as openpgp; use openpgp::armor; -use openpgp::cert::CertRevocationBuilder; +use openpgp::cert::prelude::*; use openpgp::Packet; use openpgp::packet::signature::subpacket::NotationData; +use openpgp::packet::signature::subpacket::NotationDataFlags; +use openpgp::parse::Parse; use openpgp::Result; use openpgp::serialize::Serialize; use openpgp::types::ReasonForRevocation; use crate::{ commands::cert_stub, Config, + load_certs, + open_or_stdin, + parse_iso8601, }; pub struct RevokeOpts<'a> { @@ -26,6 +31,91 @@ pub struct RevokeOpts<'a> { pub notations: &'a [(bool, NotationData)], } + +pub fn dispatch(config: Config, m: &clap::ArgMatches) -> Result<()> { + match m.subcommand() { + ("certificate", Some(m)) => { + let input = m.value_of("input"); + let input = open_or_stdin(input)?; + let cert = CertParser::from_reader(input)?.collect::<Vec<_>>(); + let cert = match cert.len() { + 0 => Err(anyhow::anyhow!("No certificates provided."))?, + 1 => cert.into_iter().next().expect("have one")?, + _ => Err( + anyhow::anyhow!("Multiple certificates provided."))?, + }; + + let secret: Option<&str> = m.value_of("secret-key-file"); + let secret = load_certs(secret.into_iter())?; + if secret.len() > 1 { + Err(anyhow::anyhow!("Multiple secret keys provided."))?; + } + let secret = secret.into_iter().next(); + + let private_key_store = m.value_of("private-key-store"); + + let binary = m.is_present("binary"); + + let time = if let Some(time) = m.value_of("time") { + Some(parse_iso8601(time, chrono::NaiveTime::from_hms(0, 0, 0)) + .context(format!("Bad value passed to --time: {:?}", + time))?.into()) + } else { + None + }; + + let reason = m.value_of("reason").expect("required"); + let reason = match &*reason { + "compromised" => ReasonForRevocation::KeyCompromised, + "superseded" => ReasonForRevocation::KeySuperseded, + "retired" => ReasonForRevocation::KeyRetired, + "unspecified" => ReasonForRevocation::Unspecified, + _ => panic!("invalid values should be caught by clap"), + }; + + let message: &str = m.value_of("message").expect("required"); + + // Each --notation takes two values. The iterator + // returns them one at a time, however. + let mut notations: Vec<(bool, NotationData)> = Vec::new(); + if let Some(mut n) = m.values_of("notation") { + while let Some(name) = n.next() { + let value = n.next().unwrap(); + + let (critical, name) = if !name.is_empty() + && name.starts_with('!') + { + (true, &name[1..]) + } else { + (false, name) + }; + + notations.push( + (critical, + NotationData::new( + name, value, + NotationDataFlags::empty().set_human_readable()))); + } + } + + revoke_certificate(RevokeOpts { + config, + private_key_store, + cert, + secret, + binary, + time, + notations: ¬ations, + reason, + message, + })?; + } + _ => unreachable!(), + } + + Ok(()) +} + pub fn revoke_certificate(opts: RevokeOpts) -> Result<()> { let config = opts.config; diff --git a/sq/src/sq.rs b/sq/src/sq.rs index 55317375..14600fed 100644 --- a/sq/src/sq.rs +++ b/sq/src/sq.rs @@ -18,7 +18,6 @@ use crate::openpgp::{armor, Cert}; use crate::openpgp::crypto::Password; use crate::openpgp::fmt::hex; use crate::openpgp::types::KeyFlags; -use crate::openpgp::types::ReasonForRevocation; use crate::openpgp::packet::prelude::*; use crate::openpgp::parse::{Parse, PacketParser, PacketParserResult}; use crate::openpgp::packet::signature::subpacket::NotationData; @@ -699,85 +698,7 @@ fn main() -> Result<()> { ("key", Some(m)) => commands::key::dispatch(config, m)?, - ("revoke", Some(m)) => match m.subcommand() { - ("certificate", Some(m)) => { - let input = m.value_of("input"); - let input = open_or_stdin(input)?; - let cert = CertParser::from_reader(input)?.collect::<Vec<_>>(); - let cert = match cert.len() { - 0 => Err(anyhow::anyhow!("No certificates provided."))?, - 1 => cert.into_iter().next().expect("have one")?, - _ => Err( - anyhow::anyhow!("Multiple certificates provided."))?, - }; - - let secret: Option<&str> = m.value_of("secret-key-file"); - let secret = load_certs(secret.into_iter())?; - if secret.len() > 1 { - Err(anyhow::anyhow!("Multiple secret keys provided."))?; - } - let secret = secret.into_iter().next(); - - let private_key_store = m.value_of("private-key-store"); - - let binary = m.is_present("binary"); - - let time = if let Some(time) = m.value_of("time") { - Some(parse_iso8601(time, chrono::NaiveTime::from_hms(0, 0, 0)) - .context(format!("Bad value passed to --time: {:?}", - time))?.into()) - } else { - None - }; - - let reason = m.value_of("reason").expect("required"); - let reason = match &*reason { - "compromised" => ReasonForRevocation::KeyCompromised, - "superseded" => ReasonForRevocation::KeySuperseded, - "retired" => ReasonForRevocation::KeyRetired, - "unspecified" => ReasonForRevocation::Unspecified, - _ => panic!("invalid values should be caught by clap"), - }; - - let message: &str = m.value_of("message").expect("required"); - - // Each --notation takes two values. The iterator - // returns them one at a time, however. - let mut notations: Vec<(bool, NotationData)> = Vec::new(); - if let Some(mut n) = m.values_of("notation") { - while let Some(name) = n.next() { - let value = n.next().unwrap(); - - let (critical, name) = if !name.is_empty() - && name.starts_with('!') - { - (true, &name[1..]) - } else { - (false, name) - }; - - notations.push( - (critical, - NotationData::new( - name, value, - NotationDataFlags::empty().set_human_readable()))); - } - } - - commands::revoke_certificate(commands::revoke::RevokeOpts { - config, - private_key_store, - cert, - secret, - binary, - time, - notations: ¬ations, - reason, - message, - })?; - } - _ => unreachable!(), - }, + ("revoke", Some(m)) => commands::revoke::dispatch(config, m)?, #[cfg(feature = "net")] ("wkd", Some(m)) => commands::net::dispatch_wkd(config, m)?, |