diff options
Diffstat (limited to 'sq/src/commands')
-rw-r--r-- | sq/src/commands/certify.rs | 5 | ||||
-rw-r--r-- | sq/src/commands/decrypt.rs | 33 | ||||
-rw-r--r-- | sq/src/commands/key.rs | 17 | ||||
-rw-r--r-- | sq/src/commands/mod.rs | 20 |
4 files changed, 37 insertions, 38 deletions
diff --git a/sq/src/commands/certify.rs b/sq/src/commands/certify.rs index 11c23a5b..add05199 100644 --- a/sq/src/commands/certify.rs +++ b/sq/src/commands/certify.rs @@ -6,7 +6,6 @@ use openpgp::cert::prelude::*; use openpgp::packet::prelude::*; use openpgp::packet::signature::subpacket::NotationDataFlags; use openpgp::parse::Parse; -use openpgp::policy::Policy; use openpgp::serialize::Serialize; use openpgp::types::SignatureType; @@ -14,7 +13,7 @@ use crate::Config; use crate::parse_duration; use crate::SECONDS_IN_YEAR; -pub fn certify(config: Config, p: &impl Policy, m: &clap::ArgMatches) +pub fn certify(config: Config, m: &clap::ArgMatches) -> Result<()> { let certifier = m.value_of("certifier").unwrap(); @@ -23,7 +22,7 @@ pub fn certify(config: Config, p: &impl Policy, m: &clap::ArgMatches) let certifier = Cert::from_file(certifier)?; let cert = Cert::from_file(cert)?; - let vc = cert.with_policy(p, None)?; + let vc = cert.with_policy(&config.policy, None)?; let trust_depth: u8 = m.value_of("depth") .map(|s| s.parse()).unwrap_or(Ok(0))?; diff --git a/sq/src/commands/decrypt.rs b/sq/src/commands/decrypt.rs index 3f196a57..ef33dadf 100644 --- a/sq/src/commands/decrypt.rs +++ b/sq/src/commands/decrypt.rs @@ -18,7 +18,6 @@ use crate::openpgp::parse::{ use crate::openpgp::parse::stream::{ VerificationHelper, DecryptionHelper, DecryptorBuilder, MessageStructure, }; -use crate::openpgp::policy::Policy; use crate::{ Config, @@ -28,8 +27,8 @@ use crate::{ }, }; -struct Helper { - vhelper: VHelper, +struct Helper<'a> { + vhelper: VHelper<'a>, secret_keys: HashMap<KeyID, Key<key::SecretParts, key::UnspecifiedRole>>, key_identities: HashMap<KeyID, Fingerprint>, @@ -38,17 +37,17 @@ struct Helper { dumper: Option<PacketDumper>, } -impl Helper { - fn new<'a>(config: Config, policy: &'a dyn Policy, - signatures: usize, certs: Vec<Cert>, secrets: Vec<Cert>, - dump_session_key: bool, dump: bool) - -> Self +impl<'a> Helper<'a> { + fn new(config: &Config<'a>, + signatures: usize, certs: Vec<Cert>, secrets: Vec<Cert>, + dump_session_key: bool, dump: bool) + -> Self { let mut keys = HashMap::new(); let mut identities: HashMap<KeyID, Fingerprint> = HashMap::new(); let mut hints: HashMap<KeyID, String> = HashMap::new(); for tsk in secrets { - let hint = match tsk.with_policy(policy, None) + let hint = match tsk.with_policy(&config.policy, None) .and_then(|valid_cert| valid_cert.primary_userid()).ok() { Some(uid) => format!("{} ({})", uid.userid(), @@ -58,7 +57,7 @@ impl Helper { for ka in tsk.keys() // XXX: Should use the message's creation time that we do not know. - .with_policy(policy, None) + .with_policy(&config.policy, None) .for_transport_encryption().for_storage_encryption() .secret() { @@ -111,7 +110,7 @@ impl Helper { } } -impl VerificationHelper for Helper { +impl<'a> VerificationHelper for Helper<'a> { fn inspect(&mut self, pp: &PacketParser) -> Result<()> { if let Some(dumper) = self.dumper.as_mut() { dumper.packet(&mut io::stderr(), @@ -130,7 +129,7 @@ impl VerificationHelper for Helper { } } -impl DecryptionHelper for Helper { +impl<'a> DecryptionHelper for Helper<'a> { fn decrypt<D>(&mut self, pkesks: &[PKESK], skesks: &[SKESK], sym_algo: Option<SymmetricAlgorithm>, mut decrypt: D) -> openpgp::Result<Option<Fingerprint>> @@ -276,18 +275,18 @@ impl DecryptionHelper for Helper { } } -pub fn decrypt(config: Config, policy: &dyn Policy, +pub fn decrypt(config: Config, input: &mut (dyn io::Read + Sync + Send), output: &mut dyn io::Write, signatures: usize, certs: Vec<Cert>, secrets: Vec<Cert>, dump_session_key: bool, dump: bool, hex: bool) -> Result<()> { - let helper = Helper::new(config, policy, signatures, certs, secrets, + let helper = Helper::new(&config, signatures, certs, secrets, dump_session_key, dump || hex); let mut decryptor = DecryptorBuilder::from_reader(input)? .mapping(hex) - .with_policy(policy, None, helper) + .with_policy(&config.policy, None, helper) .context("Decryption failed")?; io::copy(&mut decryptor, output).context("Decryption failed")?; @@ -300,13 +299,13 @@ pub fn decrypt(config: Config, policy: &dyn Policy, return Ok(()); } -pub fn decrypt_unwrap(config: Config, policy: &dyn Policy, +pub fn decrypt_unwrap(config: Config, input: &mut (dyn io::Read + Sync + Send), output: &mut dyn io::Write, secrets: Vec<Cert>, dump_session_key: bool) -> Result<()> { - let mut helper = Helper::new(config, policy, 0, Vec::new(), secrets, + let mut helper = Helper::new(&config, 0, Vec::new(), secrets, dump_session_key, false); let mut ppr = PacketParser::from_reader(input)?; diff --git a/sq/src/commands/key.rs b/sq/src/commands/key.rs index acc5502f..3ed69a04 100644 --- a/sq/src/commands/key.rs +++ b/sq/src/commands/key.rs @@ -194,7 +194,7 @@ pub fn generate(m: &ArgMatches, force: bool) -> Result<()> { Ok(()) } -pub fn adopt(config: Config, m: &ArgMatches, p: &dyn Policy) -> Result<()> { +pub fn adopt(config: Config, m: &ArgMatches) -> Result<()> { let input = open_or_stdin(m.value_of("certificate"))?; let cert = Cert::from_reader(input)?; let mut wanted: Vec<(KeyHandle, @@ -213,11 +213,12 @@ pub fn adopt(config: Config, m: &ArgMatches, p: &dyn Policy) -> Result<()> { } let null_policy = &crate::openpgp::policy::NullPolicy::new(); - let adoptee_policy = if m.values_of("allow-broken-crypto").is_some() { - null_policy - } else { - p - }; + let adoptee_policy: &dyn Policy = + if m.values_of("allow-broken-crypto").is_some() { + null_policy + } else { + &config.policy + }; // Find the corresponding keys. for keyring in m.values_of("keyring").unwrap_or_default() { @@ -365,7 +366,7 @@ pub fn adopt(config: Config, m: &ArgMatches, p: &dyn Policy) -> Result<()> { cert.as_tsk().serialize(&mut message)?; message.finalize()?; - let vc = cert.with_policy(p, None).expect("still valid"); + let vc = cert.with_policy(&config.policy, None).expect("still valid"); for pair in packets[..].chunks(2) { let newkey: &Key<key::PublicParts, key::UnspecifiedRole> = match pair[0] { Packet::PublicKey(ref k) => k.into(), @@ -396,7 +397,7 @@ pub fn adopt(config: Config, m: &ArgMatches, p: &dyn Policy) -> Result<()> { Ok(()) } -pub fn attest_certifications(config: Config, m: &ArgMatches, _p: &dyn Policy) +pub fn attest_certifications(config: Config, m: &ArgMatches) -> Result<()> { // XXX: This function has to do some steps manually, because // Sequoia does not expose this functionality because it has not diff --git a/sq/src/commands/mod.rs b/sq/src/commands/mod.rs index 7becf237..ca0e03e7 100644 --- a/sq/src/commands/mod.rs +++ b/sq/src/commands/mod.rs @@ -205,9 +205,9 @@ pub fn encrypt<'a>(policy: &'a dyn Policy, Ok(()) } -struct VHelper { +struct VHelper<'a> { #[allow(dead_code)] - config: Config, + config: Config<'a>, signatures: usize, certs: Option<Vec<Cert>>, labels: HashMap<KeyID, String>, @@ -220,12 +220,12 @@ struct VHelper { broken_signatures: usize, } -impl VHelper { - fn new(config: Config, signatures: usize, +impl<'a> VHelper<'a> { + fn new(config: &Config<'a>, signatures: usize, certs: Vec<Cert>) -> Self { VHelper { - config, + config: config.clone(), signatures: signatures, certs: Some(certs), labels: HashMap::new(), @@ -331,7 +331,7 @@ impl VHelper { } } -impl VerificationHelper for VHelper { +impl<'a> VerificationHelper for VHelper<'a> { fn get_certs(&mut self, _ids: &[openpgp::KeyHandle]) -> Result<Vec<Cert>> { let certs = self.certs.take().unwrap(); // Get all keys. @@ -373,21 +373,21 @@ impl VerificationHelper for VHelper { } } -pub fn verify(config: Config, policy: &dyn Policy, +pub fn verify(config: Config, input: &mut (dyn io::Read + Sync + Send), detached: Option<&mut (dyn io::Read + Sync + Send)>, output: &mut dyn io::Write, signatures: usize, certs: Vec<Cert>) -> Result<()> { - let helper = VHelper::new(config, signatures, certs); + let helper = VHelper::new(&config, signatures, certs); let helper = if let Some(dsig) = detached { let mut v = DetachedVerifierBuilder::from_reader(dsig)? - .with_policy(policy, None, helper)?; + .with_policy(&config.policy, None, helper)?; v.verify_reader(input)?; v.into_helper() } else { let mut v = VerifierBuilder::from_reader(input)? - .with_policy(policy, None, helper)?; + .with_policy(&config.policy, None, helper)?; io::copy(&mut v, output)?; v.into_helper() }; |