diff options
-rw-r--r-- | sq/sq-subplot.md | 60 | ||||
-rw-r--r-- | sq/src/commands/net.rs | 8 | ||||
-rw-r--r-- | sq/src/sq-usage.rs | 29 | ||||
-rw-r--r-- | sq/src/sq_cli.rs | 15 |
4 files changed, 104 insertions, 8 deletions
diff --git a/sq/sq-subplot.md b/sq/sq-subplot.md index 285b24f1..e1d6908c 100644 --- a/sq/sq-subplot.md +++ b/sq/sq-subplot.md @@ -1396,6 +1396,66 @@ then files hello.txt and hello.out match +# Web key directory (WKD) support + +[Web Key Directory]: https://wiki.gnupg.org/WKD +[Internet Draft 14 for WKD]: https://www.ietf.org/archive/id/draft-koch-openpgp-webkey-service-14.html + +[Web Key Directory][] (WKD) specifies how to locate a certificate for +a given email address by constructing HTTPS URLs from the email +address. It is specified in [Internet Draft 14 for WKD][]. + +The two URLs are called the "advanced" and "direct" URLs. They are the +same, except the advanced one uses a subdomain, and an a subdirectory +named after the domain. This allows the web server where the +certificates are published to be operated separately from any other +services for the parent domain. + +The advanced URL is the preferred URL. That is why `wkd wkd url` +prints that, and the other URL is a longer command. + +## Advanced WKD URL + +_Requirement: Output the advanced URL for an email address._ + +An advanced URL uses the "openpgpkey" subdomain of the domain in the +email address, and a subdirectory named after the email domain. + +~~~scenario +given an installed sq +when I run sq wkd url me@example.com +then stdout contains "https://openpgpkey.example.com/.well-known/openpgpkey/example.com/hu/s8y7oh5xrdpu9psba3i5ntk64ohouhga?l=me" +~~~ + +## Direct WKD URL + +_Requirement: Output the direct URL for an email address._ + +The direct URL lacks the subdomain and subdirectory of an advanced one. + +~~~scenario +given an installed sq +when I run sq wkd direct-url me@example.com +then stdout contains "https://example.com/.well-known/openpgpkey/hu/s8y7oh5xrdpu9psba3i5ntk64ohouhga?l=me" +~~~ + +## Email local part in original form in WKD URL + +_Requirement: The WKD URL has the local part of an email address as +given in the input, just in case it matters to the server._ + +An advanced URL uses the "openpgpkey" subdomain of the domain in the +email address, and a subdirectory named after the email domain. + +~~~scenario +given an installed sq +when I run sq wkd url Joe.Doe@Example.ORG +then stdout contains "https://openpgpkey.example.org/.well-known/openpgpkey/example.org/hu/iy9q119eutrkn8s1mk4r39qejnbu3n5q?l=Joe.Doe" +when I run sq wkd direct-url Joe.Doe@Example.ORG +then stdout contains "https://example.org/.well-known/openpgpkey/hu/iy9q119eutrkn8s1mk4r39qejnbu3n5q?l=Joe.Doe" +~~~ + + # Test data file We use this file as an input file in the tests. It is a very short diff --git a/sq/src/commands/net.rs b/sq/src/commands/net.rs index dbd33227..a659cfea 100644 --- a/sq/src/commands/net.rs +++ b/sq/src/commands/net.rs @@ -109,11 +109,15 @@ pub fn dispatch_wkd(config: Config, m: &clap::ArgMatches) -> Result<()> { Some(("url", m)) => { let email_address = m.value_of("input").unwrap(); let wkd_url = wkd::Url::from(email_address)?; - // XXX: Add other subcomand to specify whether it should be - // created with the advanced or the direct method. let url = wkd_url.to_url(None)?; println!("{}", url); }, + Some(("direct-url", m)) => { + let email_address = m.value_of("input").unwrap(); + let wkd_url = wkd::Url::from(email_address)?; + let url = wkd_url.to_url(wkd::Variant::Direct)?; + println!("{}", url); + }, Some(("get", m)) => { // Check that the policy allows https. network_policy.assert(net::Policy::Encrypted)?; diff --git a/sq/src/sq-usage.rs b/sq/src/sq-usage.rs index 2c4ac28f..61e87084 100644 --- a/sq/src/sq-usage.rs +++ b/sq/src/sq-usage.rs @@ -1204,10 +1204,29 @@ //! values: offline, anonymized, encrypted, insecure] //! //! SUBCOMMANDS: -//! generate Generates a Web Key Directory for the given domain and keys. -//! get Queries for certs using Web Key Directory -//! help Print this message or the help of the given subcommand(s) -//! url Prints the Web Key Directory URL of an email address. +//! direct-url Prints the direct Web Key Directory URL of an email +//! address. +//! generate Generates a Web Key Directory for the given domain and +//! keys. +//! get Queries for certs using Web Key Directory +//! help Print this message or the help of the given subcommand(s) +//! url Prints the advanced Web Key Directory URL of an email +//! address. +//! ``` +//! +//! ### Subcommand wkd direct-url +//! +//! ```text +//! Prints the direct Web Key Directory URL of an email address. +//! +//! USAGE: +//! sq wkd direct-url <ADDRESS> +//! +//! ARGS: +//! <ADDRESS> Queries for ADDRESS +//! +//! OPTIONS: +//! -h, --help Print help information //! ``` //! //! ### Subcommand wkd generate @@ -1261,7 +1280,7 @@ //! ### Subcommand wkd url //! //! ```text -//! Prints the Web Key Directory URL of an email address. +//! Prints the advanced Web Key Directory URL of an email address. //! //! USAGE: //! sq wkd url <ADDRESS> diff --git a/sq/src/sq_cli.rs b/sq/src/sq_cli.rs index 269b0c38..30f17997 100644 --- a/sq/src/sq_cli.rs +++ b/sq/src/sq_cli.rs @@ -2018,13 +2018,14 @@ pub enum WkdNetworkPolicy { #[derive(Debug, Subcommand)] pub enum WkdSubcommands { Url(WkdUrlCommand), + DirectUrl(WkdDirectUrlCommand), Get(WkdGetCommand), Generate(WkdGenerateCommand), } #[derive(Debug, Args)] #[clap( - about = "Prints the Web Key Directory URL of an email address.", + about = "Prints the advanced Web Key Directory URL of an email address.", )] pub struct WkdUrlCommand { #[clap( @@ -2036,6 +2037,18 @@ pub struct WkdUrlCommand { #[derive(Debug, Args)] #[clap( + about = "Prints the direct Web Key Directory URL of an email address.", +)] +pub struct WkdDirectUrlCommand { + #[clap( + value_name = "ADDRESS", + help = "Queries for ADDRESS", + )] + pub input: String, +} + +#[derive(Debug, Args)] +#[clap( about = "Queries for certs using Web Key Directory", )] pub struct WkdGetCommand { |