sq: add "sq wkd direct-url" and subplot tests for wkd URL generation

Fixes #315, #513

Sponsored-by: pep.foundation

4 files changed, 104 insertions, 8 deletions

diff --git a/sq/sq-subplot.md b/sq/sq-subplot.md
index 285b24f1..e1d6908c 100644
--- a/sq/sq-subplot.md
+++ b/sq/sq-subplot.md
@@ -1396,6 +1396,66 @@ then files hello.txt and hello.out match
 
 
 
+# Web key directory (WKD) support
+
+[Web Key Directory]: https://wiki.gnupg.org/WKD
+[Internet Draft 14 for WKD]: https://www.ietf.org/archive/id/draft-koch-openpgp-webkey-service-14.html
+
+[Web Key Directory][] (WKD) specifies how to locate a certificate for
+a given email address by constructing HTTPS URLs from the email
+address. It is specified in [Internet Draft 14 for WKD][].
+
+The two URLs are called the "advanced" and "direct" URLs. They are the
+same, except the advanced one uses a subdomain, and an a subdirectory
+named after the domain. This allows the web server where the
+certificates are published to be operated separately from any other
+services for the parent domain.
+
+The advanced URL is the preferred URL. That is why `wkd wkd url`
+prints that, and the other URL is a longer command.
+
+## Advanced WKD URL
+
+_Requirement: Output the advanced URL for an email address._
+
+An advanced URL uses the "openpgpkey" subdomain of the domain in the
+email address, and a subdirectory named after the email domain.
+
+~~~scenario
+given an installed sq
+when I run sq wkd url me@example.com
+then stdout contains "https://openpgpkey.example.com/.well-known/openpgpkey/example.com/hu/s8y7oh5xrdpu9psba3i5ntk64ohouhga?l=me"
+~~~
+
+## Direct WKD URL
+
+_Requirement: Output the direct URL for an email address._
+
+The direct URL lacks the subdomain and subdirectory of an advanced one.
+
+~~~scenario
+given an installed sq
+when I run sq wkd direct-url me@example.com
+then stdout contains "https://example.com/.well-known/openpgpkey/hu/s8y7oh5xrdpu9psba3i5ntk64ohouhga?l=me"
+~~~
+
+## Email local part in original form in WKD URL
+
+_Requirement: The WKD URL has the local part of an email address as
+given in the input, just in case it matters to the server._
+
+An advanced URL uses the "openpgpkey" subdomain of the domain in the
+email address, and a subdirectory named after the email domain.
+
+~~~scenario
+given an installed sq
+when I run sq wkd url Joe.Doe@Example.ORG
+then stdout contains "https://openpgpkey.example.org/.well-known/openpgpkey/example.org/hu/iy9q119eutrkn8s1mk4r39qejnbu3n5q?l=Joe.Doe"
+when I run sq wkd direct-url Joe.Doe@Example.ORG
+then stdout contains "https://example.org/.well-known/openpgpkey/hu/iy9q119eutrkn8s1mk4r39qejnbu3n5q?l=Joe.Doe"
+~~~
+
+
 # Test data file
 
 We use this file as an input file in the tests. It is a very short
diff --git a/sq/src/commands/net.rs b/sq/src/commands/net.rs
index dbd33227..a659cfea 100644
--- a/sq/src/commands/net.rs
+++ b/sq/src/commands/net.rs
@@ -109,11 +109,15 @@ pub fn dispatch_wkd(config: Config, m: &clap::ArgMatches) -> Result<()> {
         Some(("url",  m)) => {
             let email_address = m.value_of("input").unwrap();
             let wkd_url = wkd::Url::from(email_address)?;
-            // XXX: Add other subcomand to specify whether it should be
-            // created with the advanced or the direct method.
             let url = wkd_url.to_url(None)?;
             println!("{}", url);
         },
+        Some(("direct-url",  m)) => {
+            let email_address = m.value_of("input").unwrap();
+            let wkd_url = wkd::Url::from(email_address)?;
+            let url = wkd_url.to_url(wkd::Variant::Direct)?;
+            println!("{}", url);
+        },
         Some(("get",  m)) => {
             // Check that the policy allows https.
             network_policy.assert(net::Policy::Encrypted)?;
diff --git a/sq/src/sq-usage.rs b/sq/src/sq-usage.rs
index 2c4ac28f..61e87084 100644
--- a/sq/src/sq-usage.rs
+++ b/sq/src/sq-usage.rs
@@ -1204,10 +1204,29 @@
 //!             values: offline, anonymized, encrypted, insecure]
 //!
 //! SUBCOMMANDS:
-//!     generate    Generates a Web Key Directory for the given domain and keys.
-//!     get         Queries for certs using Web Key Directory
-//!     help        Print this message or the help of the given subcommand(s)
-//!     url         Prints the Web Key Directory URL of an email address.
+//!     direct-url    Prints the direct Web Key Directory URL of an email
+//!                       address.
+//!     generate      Generates a Web Key Directory for the given domain and
+//!                       keys.
+//!     get           Queries for certs using Web Key Directory
+//!     help          Print this message or the help of the given subcommand(s)
+//!     url           Prints the advanced Web Key Directory URL of an email
+//!                       address.
+//! ```
+//!
+//! ### Subcommand wkd direct-url
+//!
+//! ```text
+//! Prints the direct Web Key Directory URL of an email address.
+//!
+//! USAGE:
+//!     sq wkd direct-url <ADDRESS>
+//!
+//! ARGS:
+//!     <ADDRESS>    Queries for ADDRESS
+//!
+//! OPTIONS:
+//!     -h, --help    Print help information
 //! ```
 //!
 //! ### Subcommand wkd generate
@@ -1261,7 +1280,7 @@
 //! ### Subcommand wkd url
 //!
 //! ```text
-//! Prints the Web Key Directory URL of an email address.
+//! Prints the advanced Web Key Directory URL of an email address.
 //!
 //! USAGE:
 //!     sq wkd url <ADDRESS>
diff --git a/sq/src/sq_cli.rs b/sq/src/sq_cli.rs
index 269b0c38..30f17997 100644
--- a/sq/src/sq_cli.rs
+++ b/sq/src/sq_cli.rs
@@ -2018,13 +2018,14 @@ pub enum WkdNetworkPolicy {
 #[derive(Debug, Subcommand)]
 pub enum WkdSubcommands {
     Url(WkdUrlCommand),
+    DirectUrl(WkdDirectUrlCommand),
     Get(WkdGetCommand),
     Generate(WkdGenerateCommand),
 }
 
 #[derive(Debug, Args)]
 #[clap(
-    about = "Prints the Web Key Directory URL of an email address.",
+    about = "Prints the advanced Web Key Directory URL of an email address.",
 )]
 pub struct WkdUrlCommand {
     #[clap(
@@ -2036,6 +2037,18 @@ pub struct WkdUrlCommand {
 
 #[derive(Debug, Args)]
 #[clap(
+    about = "Prints the direct Web Key Directory URL of an email address.",
+)]
+pub struct WkdDirectUrlCommand {
+    #[clap(
+        value_name = "ADDRESS",
+        help = "Queries for ADDRESS",
+    )]
+    pub input: String,
+}
+
+#[derive(Debug, Args)]
+#[clap(
     about = "Queries for certs using Web Key Directory",
 )]
 pub struct WkdGetCommand {