sq: Move --network-policy to the network subcommands.

- Also check that the selected policy allows WKD.
author: Justus Winter <justus@sequoia-pgp.org> 2021-01-21 08:46:34 +0100
committer: Justus Winter <justus@sequoia-pgp.org> 2021-01-21 08:46:34 +0100
commit: bccf4922c50bde59c11e8aa635abad08e252c04b (patch)
tree: d474bf603aad801f513cf0117d23ab9ede83041e
parent: 805a695646bcef387f152f28c1fde6dbf300b36f (diff)
4 files changed, 41 insertions, 26 deletions
diff --git a/sq/src/commands/net.rs b/sq/src/commands/net.rs
index c531f69e..777a73bf 100644
--- a/sq/src/commands/net.rs
+++ b/sq/src/commands/net.rs
@@ -33,11 +33,23 @@ use crate::{
     serialize_keyring,
 };
 
+
+fn parse_network_policy(m: &clap::ArgMatches) -> net::Policy {
+    match m.value_of("policy").expect("has default value") {
+        "offline" => net::Policy::Offline,
+        "anonymized" => net::Policy::Anonymized,
+        "encrypted" => net::Policy::Encrypted,
+        "insecure" => net::Policy::Insecure,
+        _ => unreachable!(),
+    }
+}
+
 pub fn dispatch_keyserver(config: Config, m: &clap::ArgMatches) -> Result<()> {
+    let network_policy = parse_network_policy(m);
     let mut ks = if let Some(uri) = m.value_of("server") {
-        KeyServer::new(config.network_policy, &uri)
+        KeyServer::new(network_policy, &uri)
     } else {
-        KeyServer::keys_openpgp_org(config.network_policy)
+        KeyServer::keys_openpgp_org(network_policy)
     }.context("Malformed keyserver URI")?;
 
     let mut rt = tokio::runtime::Builder::new()
@@ -107,6 +119,8 @@ pub fn dispatch_keyserver(config: Config, m: &clap::ArgMatches) -> Result<()> {
 }
 
 pub fn dispatch_wkd(config: Config, m: &clap::ArgMatches) -> Result<()> {
+    let network_policy = parse_network_policy(m);
+
     let mut rt = tokio::runtime::Builder::new()
         .basic_scheduler()
         .enable_io()
@@ -123,6 +137,9 @@ pub fn dispatch_wkd(config: Config, m: &clap::ArgMatches) -> Result<()> {
             println!("{}", url);
         },
         ("get",  Some(m)) => {
+            // Check that the policy allows https.
+            network_policy.assert(net::Policy::Encrypted)?;
+
             let email_address = m.value_of("input").unwrap();
             // XXX: EmailAddress could be created here to
             // check it's a valid email address, print the error to
diff --git a/sq/src/sq-usage.rs b/sq/src/sq-usage.rs
index 3a380cff..b1741eba 100644
--- a/sq/src/sq-usage.rs
+++ b/sq/src/sq-usage.rs
@@ -18,7 +18,6 @@
 //!             The notation name is considered known. This is used when validating
 //!             signatures. Signatures that have unknown notations with the critical
 //!             bit set are considered invalid.
-//!     -p, --policy <NETWORK-POLICY>         Sets the network policy to use
 //!
 //! SUBCOMMANDS:
 //!     encrypt             Encrypts a message
@@ -533,7 +532,10 @@
 //!     -h, --help    Prints help information
 //!
 //! OPTIONS:
-//!     -s, --server <URI>    Sets the keyserver to use
+//!     -p, --policy <NETWORK-POLICY>
+//!             Sets the network policy to use [default: encrypted]  [possible
+//!             values: offline, anonymized, encrypted, insecure]
+//!     -s, --server <URI>               Sets the keyserver to use
 //!
 //! SUBCOMMANDS:
 //!     get     Retrieves a key
@@ -584,11 +586,16 @@
 //! Interacts with Web Key Directories
 //!
 //! USAGE:
-//!     sq wkd <SUBCOMMAND>
+//!     sq wkd [OPTIONS] <SUBCOMMAND>
 //!
 //! FLAGS:
 //!     -h, --help    Prints help information
 //!
+//! OPTIONS:
+//!     -p, --policy <NETWORK-POLICY>
+//!             Sets the network policy to use [default: encrypted]  [possible
+//!             values: offline, anonymized, encrypted, insecure]
+//!
 //! SUBCOMMANDS:
 //!     generate    Generates a Web Key Directory for the given domain and keys.
 //!                 If the WKD exists, the new keys will be inserted and it is
diff --git a/sq/src/sq.rs b/sq/src/sq.rs
index 6a9f9a13..29d16134 100644
--- a/sq/src/sq.rs
+++ b/sq/src/sq.rs
@@ -24,8 +24,6 @@ use crate::openpgp::parse::Parse;
 use crate::openpgp::serialize::{Serialize, stream::{Message, Armorer}};
 use crate::openpgp::cert::prelude::*;
 use crate::openpgp::policy::StandardPolicy as P;
-#[cfg(feature = "net")]
-use sequoia_net as net;
 
 mod sq_cli;
 mod commands;
@@ -296,8 +294,6 @@ fn help_warning(arg: &str) {
 #[allow(dead_code)]
 pub struct Config {
     force: bool,
-    #[cfg(feature = "net")]
-    network_policy: net::Policy,
 }
 
 fn main() -> Result<()> {
@@ -315,24 +311,10 @@ fn main() -> Result<()> {
         .collect();
     policy.good_critical_notations(&known_notations);
 
-    #[cfg(feature = "net")]
-    let network_policy = match matches.value_of("policy") {
-        None => net::Policy::Encrypted,
-        Some("offline") => net::Policy::Offline,
-        Some("anonymized") => net::Policy::Anonymized,
-        Some("encrypted") => net::Policy::Encrypted,
-        Some("insecure") => net::Policy::Insecure,
-        Some(_) => {
-            eprintln!("Bad network policy, must be offline, anonymized, encrypted, or insecure.");
-            std::process::exit(1);
-        },
-    };
     let force = matches.is_present("force");
 
     let config = Config {
         force,
-        #[cfg(feature = "net")]
-        network_policy,
     };
 
     match matches.subcommand() {
diff --git a/sq/src/sq_cli.rs b/sq/src/sq_cli.rs
index 05159cc7..9d9ebb96 100644
--- a/sq/src/sq_cli.rs
+++ b/sq/src/sq_cli.rs
@@ -626,13 +626,16 @@ pub fn configure(app: App<'static, 'static>) -> App<'static, 'static> {
     } else {
         // With networking support.
         app
-        .arg(Arg::with_name("policy")
-             .short("p").long("policy").value_name("NETWORK-POLICY")
-             .help("Sets the network policy to use"))
         .subcommand(SubCommand::with_name("keyserver")
                     .display_order(410)
                     .about("Interacts with keyservers")
                     .setting(AppSettings::SubcommandRequiredElseHelp)
+                    .arg(Arg::with_name("policy")
+                         .short("p").long("policy").value_name("NETWORK-POLICY")
+                         .possible_values(&["offline", "anonymized",
+                                            "encrypted", "insecure"])
+                         .default_value("encrypted")
+                         .help("Sets the network policy to use"))
                     .arg(Arg::with_name("server")
                          .short("s").long("server").value_name("URI")
                          .help("Sets the keyserver to use"))
@@ -664,6 +667,12 @@ pub fn configure(app: App<'static, 'static>) -> App<'static, 'static> {
                     .display_order(420)
                     .about("Interacts with Web Key Directories")
                     .setting(AppSettings::SubcommandRequiredElseHelp)
+                    .arg(Arg::with_name("policy")
+                         .short("p").long("policy").value_name("NETWORK-POLICY")
+                         .possible_values(&["offline", "anonymized",
+                                            "encrypted", "insecure"])
+                         .default_value("encrypted")
+                         .help("Sets the network policy to use"))
                     .subcommand(SubCommand::with_name("url")
                                 .about("Prints the Web Key Directory URL of \
                                         an email address.")
author	Justus Winter <justus@sequoia-pgp.org>	2021-01-21 08:46:34 +0100
committer	Justus Winter <justus@sequoia-pgp.org>	2021-01-21 08:46:34 +0100
commit	bccf4922c50bde59c11e8aa635abad08e252c04b (patch)
tree	d474bf603aad801f513cf0117d23ab9ede83041e
parent	805a695646bcef387f152f28c1fde6dbf300b36f (diff)