diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2021-01-21 08:46:34 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2021-01-21 08:46:34 +0100 |
commit | bccf4922c50bde59c11e8aa635abad08e252c04b (patch) | |
tree | d474bf603aad801f513cf0117d23ab9ede83041e | |
parent | 805a695646bcef387f152f28c1fde6dbf300b36f (diff) |
sq: Move --network-policy to the network subcommands.
- Also check that the selected policy allows WKD.
-rw-r--r-- | sq/src/commands/net.rs | 21 | ||||
-rw-r--r-- | sq/src/sq-usage.rs | 13 | ||||
-rw-r--r-- | sq/src/sq.rs | 18 | ||||
-rw-r--r-- | sq/src/sq_cli.rs | 15 |
4 files changed, 41 insertions, 26 deletions
diff --git a/sq/src/commands/net.rs b/sq/src/commands/net.rs index c531f69e..777a73bf 100644 --- a/sq/src/commands/net.rs +++ b/sq/src/commands/net.rs @@ -33,11 +33,23 @@ use crate::{ serialize_keyring, }; + +fn parse_network_policy(m: &clap::ArgMatches) -> net::Policy { + match m.value_of("policy").expect("has default value") { + "offline" => net::Policy::Offline, + "anonymized" => net::Policy::Anonymized, + "encrypted" => net::Policy::Encrypted, + "insecure" => net::Policy::Insecure, + _ => unreachable!(), + } +} + pub fn dispatch_keyserver(config: Config, m: &clap::ArgMatches) -> Result<()> { + let network_policy = parse_network_policy(m); let mut ks = if let Some(uri) = m.value_of("server") { - KeyServer::new(config.network_policy, &uri) + KeyServer::new(network_policy, &uri) } else { - KeyServer::keys_openpgp_org(config.network_policy) + KeyServer::keys_openpgp_org(network_policy) }.context("Malformed keyserver URI")?; let mut rt = tokio::runtime::Builder::new() @@ -107,6 +119,8 @@ pub fn dispatch_keyserver(config: Config, m: &clap::ArgMatches) -> Result<()> { } pub fn dispatch_wkd(config: Config, m: &clap::ArgMatches) -> Result<()> { + let network_policy = parse_network_policy(m); + let mut rt = tokio::runtime::Builder::new() .basic_scheduler() .enable_io() @@ -123,6 +137,9 @@ pub fn dispatch_wkd(config: Config, m: &clap::ArgMatches) -> Result<()> { println!("{}", url); }, ("get", Some(m)) => { + // Check that the policy allows https. + network_policy.assert(net::Policy::Encrypted)?; + let email_address = m.value_of("input").unwrap(); // XXX: EmailAddress could be created here to // check it's a valid email address, print the error to diff --git a/sq/src/sq-usage.rs b/sq/src/sq-usage.rs index 3a380cff..b1741eba 100644 --- a/sq/src/sq-usage.rs +++ b/sq/src/sq-usage.rs @@ -18,7 +18,6 @@ //! The notation name is considered known. This is used when validating //! signatures. Signatures that have unknown notations with the critical //! bit set are considered invalid. -//! -p, --policy <NETWORK-POLICY> Sets the network policy to use //! //! SUBCOMMANDS: //! encrypt Encrypts a message @@ -533,7 +532,10 @@ //! -h, --help Prints help information //! //! OPTIONS: -//! -s, --server <URI> Sets the keyserver to use +//! -p, --policy <NETWORK-POLICY> +//! Sets the network policy to use [default: encrypted] [possible +//! values: offline, anonymized, encrypted, insecure] +//! -s, --server <URI> Sets the keyserver to use //! //! SUBCOMMANDS: //! get Retrieves a key @@ -584,11 +586,16 @@ //! Interacts with Web Key Directories //! //! USAGE: -//! sq wkd <SUBCOMMAND> +//! sq wkd [OPTIONS] <SUBCOMMAND> //! //! FLAGS: //! -h, --help Prints help information //! +//! OPTIONS: +//! -p, --policy <NETWORK-POLICY> +//! Sets the network policy to use [default: encrypted] [possible +//! values: offline, anonymized, encrypted, insecure] +//! //! SUBCOMMANDS: //! generate Generates a Web Key Directory for the given domain and keys. //! If the WKD exists, the new keys will be inserted and it is diff --git a/sq/src/sq.rs b/sq/src/sq.rs index 6a9f9a13..29d16134 100644 --- a/sq/src/sq.rs +++ b/sq/src/sq.rs @@ -24,8 +24,6 @@ use crate::openpgp::parse::Parse; use crate::openpgp::serialize::{Serialize, stream::{Message, Armorer}}; use crate::openpgp::cert::prelude::*; use crate::openpgp::policy::StandardPolicy as P; -#[cfg(feature = "net")] -use sequoia_net as net; mod sq_cli; mod commands; @@ -296,8 +294,6 @@ fn help_warning(arg: &str) { #[allow(dead_code)] pub struct Config { force: bool, - #[cfg(feature = "net")] - network_policy: net::Policy, } fn main() -> Result<()> { @@ -315,24 +311,10 @@ fn main() -> Result<()> { .collect(); policy.good_critical_notations(&known_notations); - #[cfg(feature = "net")] - let network_policy = match matches.value_of("policy") { - None => net::Policy::Encrypted, - Some("offline") => net::Policy::Offline, - Some("anonymized") => net::Policy::Anonymized, - Some("encrypted") => net::Policy::Encrypted, - Some("insecure") => net::Policy::Insecure, - Some(_) => { - eprintln!("Bad network policy, must be offline, anonymized, encrypted, or insecure."); - std::process::exit(1); - }, - }; let force = matches.is_present("force"); let config = Config { force, - #[cfg(feature = "net")] - network_policy, }; match matches.subcommand() { diff --git a/sq/src/sq_cli.rs b/sq/src/sq_cli.rs index 05159cc7..9d9ebb96 100644 --- a/sq/src/sq_cli.rs +++ b/sq/src/sq_cli.rs @@ -626,13 +626,16 @@ pub fn configure(app: App<'static, 'static>) -> App<'static, 'static> { } else { // With networking support. app - .arg(Arg::with_name("policy") - .short("p").long("policy").value_name("NETWORK-POLICY") - .help("Sets the network policy to use")) .subcommand(SubCommand::with_name("keyserver") .display_order(410) .about("Interacts with keyservers") .setting(AppSettings::SubcommandRequiredElseHelp) + .arg(Arg::with_name("policy") + .short("p").long("policy").value_name("NETWORK-POLICY") + .possible_values(&["offline", "anonymized", + "encrypted", "insecure"]) + .default_value("encrypted") + .help("Sets the network policy to use")) .arg(Arg::with_name("server") .short("s").long("server").value_name("URI") .help("Sets the keyserver to use")) @@ -664,6 +667,12 @@ pub fn configure(app: App<'static, 'static>) -> App<'static, 'static> { .display_order(420) .about("Interacts with Web Key Directories") .setting(AppSettings::SubcommandRequiredElseHelp) + .arg(Arg::with_name("policy") + .short("p").long("policy").value_name("NETWORK-POLICY") + .possible_values(&["offline", "anonymized", + "encrypted", "insecure"]) + .default_value("encrypted") + .help("Sets the network policy to use")) .subcommand(SubCommand::with_name("url") .about("Prints the Web Key Directory URL of \ an email address.") |