From fdd5fb2168ef2bc7a553cc0e7e8453cae645bcec Mon Sep 17 00:00:00 2001
From: Nora Widdecke <nora@sequoia-pgp.org>
Date: Tue, 7 Jun 2022 17:20:03 +0200
Subject: sq: Derive decrypt subcommand.

  - This is part of the effort of moving to clap3's derive API and
    profit from the added type safety.
---
 sq/src/sq_cli.rs | 171 +++++++++++++++++++++++++++++++------------------------
 1 file changed, 96 insertions(+), 75 deletions(-)

diff --git a/sq/src/sq_cli.rs b/sq/src/sq_cli.rs
index f1dc8e1b..d1f47516 100644
--- a/sq/src/sq_cli.rs
+++ b/sq/src/sq_cli.rs
@@ -62,80 +62,7 @@ to refer to OpenPGP keys that do contain secrets.
              .long_help("Adds NOTATION to the list of known notations. \
                This is used when validating signatures. \
                Signatures that have unknown notations with the \
-               critical bit set are considered invalid."))
-
-        .subcommand(Command::new("decrypt")
-                    .display_order(110)
-                    .about("Decrypts a message")
-                    .long_about(
-"Decrypts a message
-
-Decrypts a message using either supplied keys, or by prompting for a
-password.  If message tampering is detected, an error is returned.
-See below for details.
-
-If certificates are supplied using the \"--signer-cert\" option, any
-signatures that are found are checked using these certificates.
-Verification is only successful if there is no bad signature, and the
-number of successfully verified signatures reaches the threshold
-configured with the \"--signatures\" parameter.
-
-If the signature verification fails, or if message tampering is
-detected, the program terminates with an exit status indicating
-failure.  In addition to that, the last 25 MiB of the message are
-withheld, i.e. if the message is smaller than 25 MiB, no output is
-produced, and if it is larger, then the output will be truncated.
-
-The converse operation is \"sq encrypt\".
-")
-                    .after_help(
-"EXAMPLES:
-
-# Decrypt a file using a secret key
-$ sq decrypt --recipient-key juliet.pgp ciphertext.pgp
-
-# Decrypt a file verifying signatures
-$ sq decrypt --recipient-key juliet.pgp --signer-cert romeo.pgp ciphertext.pgp
-
-# Decrypt a file using a password
-$ sq decrypt ciphertext.pgp
-")
-                    .arg(Arg::new("input")
-                         .value_name("FILE")
-                         .help("Reads from FILE or stdin if omitted"))
-                    .arg(Arg::new("output")
-                         .short('o').long("output").value_name("FILE")
-                         .help("Writes to FILE or stdout if omitted"))
-                    .arg(Arg::new("signatures")
-                         .short('n').long("signatures").value_name("N")
-                         .help("Sets the threshold of valid signatures to N")
-                         .long_help(
-                             "Sets the threshold of valid signatures to N. \
-                              The message will only be considered \
-                              verified if this threshold is reached. \
-                              [default: 1 if at least one signer cert file \
-                              is given, 0 otherwise]"))
-                    .arg(Arg::new("sender-cert-file")
-                         .long("signer-cert").value_name("CERT")
-                         .multiple_occurrences(true)
-                         .help("Verifies signatures with CERT"))
-                    .arg(Arg::new("secret-key-file")
-                         .long("recipient-key").value_name("KEY")
-                         .multiple_occurrences(true)
-                         .help("Decrypts with KEY"))
-                    .arg(Arg::new("private-key-store")
-                         .long("private-key-store").value_name("KEY_STORE")
-                         .help("Provides parameters for private key store"))
-                    .arg(Arg::new("dump-session-key")
-                         .long("dump-session-key")
-                         .help("Prints the session key to stderr"))
-                    .arg(Arg::new("dump")
-                         .long("dump")
-                         .help("Prints a packet dump to stderr"))
-                    .arg(Arg::new("hex")
-                         .short('x').long("hex")
-                         .help("Prints a hexdump (implies --dump)"))
-        );
+               critical bit set are considered invalid."));
 
     let app = if ! feature_autocrypt {
         // Without Autocrypt support.
@@ -156,7 +83,8 @@ $ sq decrypt ciphertext.pgp
     .subcommand(KeyringCommand::command())
     .subcommand(KeyCommand::command())
     .subcommand(InspectCommand::command())
-    .subcommand(EncryptCommand::command());
+    .subcommand(EncryptCommand::command())
+    .subcommand(DecryptCommand::command());
 
     app
 }
@@ -2419,6 +2347,99 @@ pub enum EncryptCompressionMode {
     Bzip2
 }
 
+
+#[derive(Parser, Debug)]
+#[clap(
+    name = "decrypt",
+    display_order = 110,
+    about = "Decrypts a message",
+    long_about =
+"Decrypts a message
+
+Decrypts a message using either supplied keys, or by prompting for a
+password.  If message tampering is detected, an error is returned.
+See below for details.
+
+If certificates are supplied using the \"--signer-cert\" option, any
+signatures that are found are checked using these certificates.
+Verification is only successful if there is no bad signature, and the
+number of successfully verified signatures reaches the threshold
+configured with the \"--signatures\" parameter.
+
+If the signature verification fails, or if message tampering is
+detected, the program terminates with an exit status indicating
+failure.  In addition to that, the last 25 MiB of the message are
+withheld, i.e. if the message is smaller than 25 MiB, no output is
+produced, and if it is larger, then the output will be truncated.
+
+The converse operation is \"sq encrypt\".
+",
+    after_help =
+"EXAMPLES:
+
+# Decrypt a file using a secret key
+$ sq decrypt --recipient-key juliet.pgp ciphertext.pgp
+
+# Decrypt a file verifying signatures
+$ sq decrypt --recipient-key juliet.pgp --signer-cert romeo.pgp ciphertext.pgp
+
+# Decrypt a file using a password
+$ sq decrypt ciphertext.pgp
+",
+)]
+// TODO use usize
+pub struct DecryptCommand {
+    #[clap(flatten)]
+    pub io: IoArgs,
+    #[clap(
+        short = 'n',
+        long = "signatures",
+        value_name = "N",
+        help = "Sets the threshold of valid signatures to N",
+        long_help =
+            "Sets the threshold of valid signatures to N. \
+            The message will only be considered \
+            verified if this threshold is reached. \
+            [default: 1 if at least one signer cert file \
+                              is given, 0 otherwise]",
+    )]
+    pub signatures: Option<String>,
+    #[clap(
+        long = "signer-cert",
+        value_name = "CERT",
+        help = "Verifies signatures with CERT",
+    )]
+    pub sender_cert_file: Vec<String>,
+    #[clap(
+        long = "recipient-key",
+        value_name = "KEY",
+        help = "Decrypts with KEY",
+    )]
+    pub secret_key_file: Vec<String>,
+    #[clap(
+        long = "private-key-store",
+        value_name = "KEY_STORE",
+        help = "Provides parameters for private key store",
+    )]
+    pub private_key_store: Option<String>,
+    #[clap(
+            long = "dump-session-key",
+            help = "Prints the session key to stderr",
+    )]
+    pub dump_session_key: bool,
+    #[clap(
+        long = "dump",
+        help = "Prints a packet dump to stderr",
+    )]
+    pub dump: bool,
+    #[clap(
+        short = 'x',
+        long = "hex",
+        help = "Prints a hexdump (implies --dump)",
+    )]
+    pub hex: bool,
+}
+
 #[cfg(feature = "autocrypt")]
 pub mod autocrypt {
     use super::*;
-- 
cgit v1.2.3