From 8117d594fb75fc32b2b2b26cf46fde6758be2203 Mon Sep 17 00:00:00 2001
From: "Neal H. Walfield" <neal@pep.foundation>
Date: Tue, 22 Dec 2020 14:07:21 +0100
Subject: sq: Add --allow-broken-crypto to 'sq key adopt'.

  - Add an option to `sq key adopt` to allow adopting keys from
    certificates using broken crypto.
---
 sq/src/commands/key.rs | 10 +++++++++-
 sq/src/sq-usage.rs     |  7 ++++---
 sq/src/sq_cli.rs       |  8 ++++++++
 3 files changed, 21 insertions(+), 4 deletions(-)

(limited to 'sq')

diff --git a/sq/src/commands/key.rs b/sq/src/commands/key.rs
index b10da74a..964f4a66 100644
--- a/sq/src/commands/key.rs
+++ b/sq/src/commands/key.rs
@@ -273,13 +273,21 @@ pub fn adopt(m: &ArgMatches, p: &dyn Policy) -> Result<()> {
         wanted.push((h, None));
     }
 
+    let null_policy = &crate::openpgp::policy::NullPolicy::new();
+    let adoptee_policy = if m.values_of("allow-broken-crypto").is_some() {
+        null_policy
+    } else {
+        p
+    };
+
     // Find the corresponding keys.
     for keyring in m.values_of("keyring").unwrap_or_default() {
         for cert in CertParser::from_file(keyring)
             .context(format!("Parsing: {}", keyring))?
         {
             let cert = cert.context(format!("Parsing {}", keyring))?;
-            let vc = match cert.with_policy(p, None) {
+
+            let vc = match cert.with_policy(adoptee_policy, None) {
                 Ok(vc) => vc,
                 Err(err) => {
                     eprintln!("Ignoring {} from '{}': {}",
diff --git a/sq/src/sq-usage.rs b/sq/src/sq-usage.rs
index e3d442b9..1c968e48 100644
--- a/sq/src/sq-usage.rs
+++ b/sq/src/sq-usage.rs
@@ -489,11 +489,12 @@
 //! Bind keys from one certificate to another.
 //!
 //! USAGE:
-//!     sq key adopt [OPTIONS] <CERT> --key <KEY>...
+//!     sq key adopt [FLAGS] [OPTIONS] <CERT> --key <KEY>...
 //!
 //! FLAGS:
-//!     -h, --help       Prints help information
-//!     -V, --version    Prints version information
+//!         --allow-broken-crypto    Allows adopting keys from certificates using broken cryptography.
+//!     -h, --help                   Prints help information
+//!     -V, --version                Prints version information
 //!
 //! OPTIONS:
 //!     -k, --key <KEY>...            Adds the specified key or subkey to the certificate.
diff --git a/sq/src/sq_cli.rs b/sq/src/sq_cli.rs
index a61a7a60..a050aa45 100644
--- a/sq/src/sq_cli.rs
+++ b/sq/src/sq_cli.rs
@@ -485,6 +485,14 @@ pub fn build() -> App<'static, 'static> {
                              .required(true)
                              .help("Adds the specified key or subkey to the \
                                     certificate."))
+                        .arg(Arg::with_name("allow-broken-crypto")
+                             .value_name("ALLOW-BROKEN-CRYPTO")
+                             .long("allow-broken-crypto")
+                             .multiple(false)
+                             .number_of_values(0)
+                             .takes_value(false)
+                             .help("Allows adopting keys from certificates \
+                                    using broken cryptography."))
                         .arg(Arg::with_name("certificate")
                              .value_name("CERT")
                              .required(true)
-- 
cgit v1.2.3