diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2023-03-21 12:51:00 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2023-09-19 15:44:18 +0200 |
commit | 2df7064a0b0c9a40869ad52ccc196c9eda453c72 (patch) | |
tree | 69ee4a29e81779d249e0a8f6a5c52b52eae20cc6 /net | |
parent | 9f49926026c28bb584838c71030e9e62d221397f (diff) |
net: Drop the network policy mechanism.
- This seems over-engineered in retrospect.
Diffstat (limited to 'net')
-rw-r--r-- | net/src/lib.rs | 173 | ||||
-rw-r--r-- | net/tests/hkp.rs | 7 |
2 files changed, 19 insertions, 161 deletions
diff --git a/net/src/lib.rs b/net/src/lib.rs index 14549413..d669e698 100644 --- a/net/src/lib.rs +++ b/net/src/lib.rs @@ -17,9 +17,9 @@ //! //! ```no_run //! # use sequoia_openpgp::KeyID; -//! # use sequoia_net::{KeyServer, Policy, Result}; +//! # use sequoia_net::{KeyServer, Result}; //! # async fn f() -> Result<()> { -//! let mut ks = KeyServer::keys_openpgp_org(Policy::Encrypted)?; +//! let mut ks = KeyServer::keys_openpgp_org()?; //! let keyid: KeyID = "31855247603831FD".parse()?; //! println!("{:?}", ks.get(keyid).await?); //! # Ok(()) @@ -45,8 +45,6 @@ use hyper_tls::HttpsConnector; use native_tls::{Certificate, TlsConnector}; use percent_encoding::{percent_encode, AsciiSet, CONTROLS}; -use std::convert::{From, TryFrom}; -use std::fmt; use std::io::Cursor; use url::Url; @@ -76,87 +74,6 @@ const KEYSERVER_ENCODE_SET: &AsciiSet = // respect to the encoding. .add(b'-').add(b'+').add(b'/'); -/// Network policy for Sequoia. -/// -/// With this policy you can control how Sequoia accesses remote -/// systems. -#[derive(PartialEq, PartialOrd, Debug, Copy, Clone)] -pub enum Policy { - /// Do not contact remote systems. - Offline, - - /// Only contact remote systems using anonymization techniques - /// like TOR. - Anonymized, - - /// Only contact remote systems using transports offering - /// encryption and authentication like TLS. - Encrypted, - - /// Contact remote systems even with insecure transports. - Insecure, -} - -impl fmt::Display for Policy { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "{}", match self { - Policy::Offline => "Offline", - Policy::Anonymized => "Anonymized", - Policy::Encrypted => "Encrypted", - Policy::Insecure => "Insecure", - }) - } -} - -impl Policy { - /// Asserts that this policy allows an action requiring policy - /// `action`. - pub fn assert(&self, action: Policy) -> Result<()> { - if action > *self { - Err(Error::PolicyViolation(action).into()) - } else { - Ok(()) - } - } -} - -impl<'a> From<&'a Policy> for u8 { - fn from(policy: &Policy) -> Self { - match policy { - Policy::Offline => 0, - Policy::Anonymized => 1, - Policy::Encrypted => 2, - Policy::Insecure => 3, - } - } -} - -impl TryFrom<u8> for Policy { - type Error = TryFromU8Error; - - fn try_from(policy: u8) -> std::result::Result<Self, Self::Error> { - match policy { - 0 => Ok(Policy::Offline), - 1 => Ok(Policy::Anonymized), - 2 => Ok(Policy::Encrypted), - 3 => Ok(Policy::Insecure), - n => Err(TryFromU8Error(n)), - } - } -} - -/// Indicates errors converting `u8` to `Policy`. -#[derive(Debug)] -pub struct TryFromU8Error(u8); - -impl fmt::Display for TryFromU8Error { - fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { - write!(f, "Bad network policy: {}", self.0) - } -} - -impl std::error::Error for TryFromU8Error {} - /// For accessing keyservers using HKP. pub struct KeyServer { client: Box<dyn AClient>, @@ -167,7 +84,7 @@ assert_send_and_sync!(KeyServer); impl KeyServer { /// Returns a handle for the given URI. - pub fn new(p: Policy, uri: &str) -> Result<Self> { + pub fn new(uri: &str) -> Result<Self> { let uri: Url = uri.parse() .or_else(|_| format!("hkps://{}", uri).parse())?; @@ -180,13 +97,13 @@ impl KeyServer { _ => return Err(Error::MalformedUri.into()), }; - Self::make(p, client, uri) + Self::make(client, uri) } /// Returns a handle for the given URI. /// /// `cert` is used to authenticate the server. - pub fn with_cert(p: Policy, uri: &str, cert: Certificate) + pub fn with_cert(uri: &str, cert: Certificate) -> Result<Self> { let uri: Url = uri.parse()?; @@ -201,25 +118,26 @@ impl KeyServer { .build(HttpsConnector::from((http, tls.into())))) }; - Self::make(p, client, uri) + Self::make(client, uri) } /// Returns a handle for keys.openpgp.org. /// /// The server at `hkps://keys.openpgp.org` distributes updates /// for OpenPGP certificates. It is a good default choice. - pub fn keys_openpgp_org(p: Policy) -> Result<Self> { - Self::new(p, "hkps://keys.openpgp.org") + pub fn keys_openpgp_org() -> Result<Self> { + Self::new("hkps://keys.openpgp.org") } /// Common code for the above functions. - fn make(p: Policy, client: Box<dyn AClient>, uri: Url) -> Result<Self> { + fn make(client: Box<dyn AClient>, uri: Url) -> Result<Self> { let s = uri.scheme(); match s { - "hkp" => p.assert(Policy::Insecure), - "hkps" => p.assert(Policy::Encrypted), - _ => return Err(Error::MalformedUri.into()) - }?; + "hkp" => (), + "hkps" => (), + _ => return Err(Error::MalformedUri.into()), + } + let uri = format!("{}://{}:{}", match s {"hkp" => "http", "hkps" => "https", @@ -400,10 +318,6 @@ pub type Result<T> = ::std::result::Result<T, anyhow::Error>; #[derive(thiserror::Error, Debug)] /// Errors returned from the network routines. pub enum Error { - /// The network policy was violated by the given action. - #[error("Unmet network policy requirement: {0}")] - PolicyViolation(Policy), - /// A requested key was not found. #[error("Key not found")] NotFound, @@ -449,63 +363,10 @@ pub enum Error { mod tests { use super::*; - fn ok(policy: Policy, required: Policy) { - assert!(policy.assert(required).is_ok()); - } - - fn fail(policy: Policy, required: Policy) { - assert!(matches!( - policy.assert(required) - .err().unwrap().downcast::<Error>().unwrap(), - Error::PolicyViolation(_))); - } - - #[test] - fn offline() { - let p = Policy::Offline; - ok(p, Policy::Offline); - fail(p, Policy::Anonymized); - fail(p, Policy::Encrypted); - fail(p, Policy::Insecure); - } - - #[test] - fn anonymized() { - let p = Policy::Anonymized; - ok(p, Policy::Offline); - ok(p, Policy::Anonymized); - fail(p, Policy::Encrypted); - fail(p, Policy::Insecure); - } - - #[test] - fn encrypted() { - let p = Policy::Encrypted; - ok(p, Policy::Offline); - ok(p, Policy::Anonymized); - ok(p, Policy::Encrypted); - fail(p, Policy::Insecure); - } - - #[test] - fn insecure() { - let p = Policy::Insecure; - ok(p, Policy::Offline); - ok(p, Policy::Anonymized); - ok(p, Policy::Encrypted); - ok(p, Policy::Insecure); - } - #[test] fn uris() { - let p = Policy::Insecure; - assert!(KeyServer::new(p, "keys.openpgp.org").is_ok()); - assert!(KeyServer::new(p, "hkp://keys.openpgp.org").is_ok()); - assert!(KeyServer::new(p, "hkps://keys.openpgp.org").is_ok()); - - let p = Policy::Encrypted; - assert!(KeyServer::new(p, "keys.openpgp.org").is_ok()); - assert!(KeyServer::new(p, "hkp://keys.openpgp.org").is_err()); - assert!(KeyServer::new(p, "hkps://keys.openpgp.org").is_ok()); + assert!(KeyServer::new("keys.openpgp.org").is_ok()); + assert!(KeyServer::new("hkp://keys.openpgp.org").is_ok()); + assert!(KeyServer::new("hkps://keys.openpgp.org").is_ok()); } } diff --git a/net/tests/hkp.rs b/net/tests/hkp.rs index 7a306ec5..99da791e 100644 --- a/net/tests/hkp.rs +++ b/net/tests/hkp.rs @@ -11,7 +11,6 @@ use sequoia_openpgp::KeyID; use sequoia_openpgp::armor::Reader; use sequoia_openpgp::Cert; use sequoia_openpgp::parse::Parse; -use sequoia_net as net; use sequoia_net::KeyServer; const RESPONSE: &str = "-----BEGIN PGP PUBLIC KEY BLOCK----- @@ -118,14 +117,12 @@ fn start_server() -> SocketAddr { addr } -const P: net::Policy = net::Policy::Insecure; - #[tokio::test] async fn get() -> anyhow::Result<()> { // Start server. let addr = start_server(); - let mut keyserver = KeyServer::new(P, &format!("hkp://{}", addr))?; + let mut keyserver = KeyServer::new(&format!("hkp://{}", addr))?; let keyid: KeyID = ID.parse()?; let key = keyserver.get(keyid).await?; @@ -140,7 +137,7 @@ async fn send() -> anyhow::Result<()> { let addr = start_server(); eprintln!("{}", format!("hkp://{}", addr)); let mut keyserver = - KeyServer::new(P, &format!("hkp://{}", addr))?; + KeyServer::new(&format!("hkp://{}", addr))?; let key = Cert::from_reader(Reader::from_reader(Cursor::new(RESPONSE), None))?; keyserver.send(&key).await?; |