diff options
author | Wiktor Kwapisiewicz <wiktor@metacode.biz> | 2022-07-12 13:34:18 +0200 |
---|---|---|
committer | Wiktor Kwapisiewicz <wiktor@metacode.biz> | 2022-09-15 09:45:41 +0200 |
commit | 9b377ffd74a61f6e508b8e3063942b21ddc0b8d2 (patch) | |
tree | 4caf724b9a9c45187158948858fd4339e5f9069e | |
parent | 9cee22c8dbcd55f1b7e41668e9feb35bd1a250c3 (diff) |
sq: Expose `dane get` command.
- Similar to "wkd get" this command will fetch OpenPGP certificates
and display them in armored form with comments.
- Fixes #865.
-rw-r--r-- | sq/sq-usage.md | 51 | ||||
-rw-r--r-- | sq/src/commands/net.rs | 31 | ||||
-rw-r--r-- | sq/src/sq.rs | 4 | ||||
-rw-r--r-- | sq/src/sq_cli/dane.rs | 56 | ||||
-rw-r--r-- | sq/src/sq_cli/mod.rs | 2 |
5 files changed, 144 insertions, 0 deletions
diff --git a/sq/sq-usage.md b/sq/sq-usage.md index 927c66a3..41751068 100644 --- a/sq/sq-usage.md +++ b/sq/sq-usage.md @@ -71,6 +71,8 @@ SUBCOMMANDS: Interacts with keyservers wkd Interacts with Web Key Directories + dane + Interacts with DANE armor Converts binary to ASCII dearmor @@ -1498,6 +1500,55 @@ OPTIONS: Print help information ``` +## Subcommand sq dane + +```text +DNS-Based Authentication of Named Entities (DANE) is a method for publishing +public keys in DNS as specified in RFC 7929. + +USAGE: + sq dane [OPTIONS] <SUBCOMMAND> + +OPTIONS: + -n, --network-policy <NETWORK-POLICY> + Sets the network policy to use + + [default: encrypted] + [possible values: offline, anonymized, encrypted, insecure] + + -h, --help + Print help information + +SUBCOMMANDS: + get + Queries for certs using DANE + help + Print this message or the help of the given subcommand(s) +``` + +### Subcommand sq dane get + +```text +Queries for certs using DANE + +USAGE: + sq dane get [OPTIONS] <ADDRESS> + +ARGS: + <ADDRESS> + Queries a cert for ADDRESS + +OPTIONS: + -B, --binary + Emits binary data + + -h, --help + Print help information + + -o, --output <FILE> + Writes to FILE or stdout if omitted +``` + ## Subcommand sq armor ```text diff --git a/sq/src/commands/net.rs b/sq/src/commands/net.rs index 4b5e6b2e..46d23a24 100644 --- a/sq/src/commands/net.rs +++ b/sq/src/commands/net.rs @@ -20,6 +20,7 @@ use sequoia_net as net; use net::{ KeyServer, wkd, + dane, }; use crate::{ @@ -173,3 +174,33 @@ pub fn dispatch_wkd(config: Config, c: sq_cli::wkd::Command) -> Result<()> { Ok(()) } + +pub fn dispatch_dane(config: Config, c: sq_cli::dane::Command) -> Result<()> { + let network_policy: net::Policy = c.network_policy.into(); + + let rt = tokio::runtime::Builder::new_current_thread() + .enable_io() + .enable_time() + .build()?; + + use crate::sq_cli::dane::Subcommands::*; + match c.subcommand { + Get(c) => { + // Check that the policy allows https. + network_policy.assert(net::Policy::Encrypted)?; + + let email_address = c.email_address; + // XXX: EmailAddress could be created here to + // check it's a valid email address, print the error to + // stderr and exit. + // Because it might be created a WkdServer struct, not + // doing it for now. + let certs = rt.block_on(dane::get(&email_address))?; + let mut output = + config.create_or_stdout_safe(c.output.as_deref())?; + serialize_keyring(&mut output, &certs, c.binary)?; + }, + } + + Ok(()) +} diff --git a/sq/src/sq.rs b/sq/src/sq.rs index 9fef712d..e759c142 100644 --- a/sq/src/sq.rs +++ b/sq/src/sq.rs @@ -691,6 +691,10 @@ fn main() -> Result<()> { commands::net::dispatch_wkd(config, command)? } + SqSubcommands::Dane(command) => { + commands::net::dispatch_dane(config, command)? + } + SqSubcommands::Certify(command) => { commands::certify::certify(config, command)? } diff --git a/sq/src/sq_cli/dane.rs b/sq/src/sq_cli/dane.rs new file mode 100644 index 00000000..069f9598 --- /dev/null +++ b/sq/src/sq_cli/dane.rs @@ -0,0 +1,56 @@ +use clap::{Args, Parser, Subcommand}; + +use crate::sq_cli::types::NetworkPolicy; + +#[derive(Parser, Debug)] +#[clap( + name = "dane", + about = "Interacts with DANE", + long_about = "DNS-Based Authentication of Named Entities (DANE) is a method for publishing public keys in DNS as specified in RFC 7929.", + subcommand_required = true, + arg_required_else_help = true, + setting(clap::AppSettings::DeriveDisplayOrder), +)] +pub struct Command { + #[clap( + short, + long, + value_name = "NETWORK-POLICY", + default_value_t = NetworkPolicy::Encrypted, + arg_enum, + help = "Sets the network policy to use", + )] + pub network_policy: NetworkPolicy, + #[clap(subcommand)] + pub subcommand: Subcommands, +} + +#[derive(Debug, Subcommand)] +pub enum Subcommands { + Get(GetCommand), +} + +#[derive(Debug, Args)] +#[clap( + about = "Queries for certs using DANE", +)] +pub struct GetCommand { + #[clap( + value_name = "ADDRESS", + help = "Queries a cert for ADDRESS", + )] + pub email_address: String, + #[clap( + short = 'B', + long, + help = "Emits binary data", + )] + pub binary: bool, + #[clap( + short, + long, + value_name = "FILE", + help = "Writes to FILE or stdout if omitted" + )] + pub output: Option<String>, +} diff --git a/sq/src/sq_cli/mod.rs b/sq/src/sq_cli/mod.rs index 91748a1f..5221a2ec 100644 --- a/sq/src/sq_cli/mod.rs +++ b/sq/src/sq_cli/mod.rs @@ -6,6 +6,7 @@ pub mod autocrypt; pub mod armor; pub mod certify; +pub mod dane; mod dearmor; mod decrypt; pub mod encrypt; @@ -129,6 +130,7 @@ pub enum SqSubcommands { Autocrypt(autocrypt::Command), Keyserver(keyserver::Command), Wkd(wkd::Command), + Dane(dane::Command), Armor(armor::Command), Dearmor(dearmor::Command), |