openpgp-key-janitor/src/main.rs

use anyhow::{Context, Result};

use sequoia_openpgp::{
    cert::CertBuilder,
    packet::{signature::SignatureBuilder, Signature},
    types::{KeyFlags, SignatureType},
    Cert,
};

use spec::{KeyFlag, Spec};

mod paths;
mod setup;
mod spec;

fn main() -> Result<()> {
    let (paths, spec) = crate::setup::setup().context("Failed to setup application")?;
    let (cert, rev) = paths.load()?.ok_or(()).or_else(|()| generate_new(spec))?;
    paths
        .write(cert, rev)
        .context("Failed to store certificate!")?;
    Ok(())
}

fn generate_new(spec: Spec) -> Result<(Cert, Signature)> {
    let mut builder = CertBuilder::new()
        .set_primary_key_flags(
            spec.primary
                .flags
                .iter()
                .fold(KeyFlags::empty(), KeyFlag::fold),
        )
        .set_validity_period(
            spec.primary
                .expiry
                .validity_period
                .or(spec.expiry.validity_period),
        )
        .set_cipher_suite(spec.primary.cipher_suite);
    for sub_key in spec.subs {
        builder = builder.add_subkey_with(
            sub_key.flags.iter().fold(KeyFlags::empty(), KeyFlag::fold),
            sub_key
                .expiry
                .validity_period
                .or(spec.expiry.validity_period),
            Some(sub_key.cipher_suite),
            SignatureBuilder::new(SignatureType::SubkeyBinding),
        )?;
    }
    for user_id in spec.user_ids {
        let mut sig_builder = SignatureBuilder::new(SignatureType::PositiveCertification);
        for (key, value) in user_id.notation {
            sig_builder = sig_builder
                .add_notation(key, value, None, false)
                .context(format!(
                    "Failed to add notation to signature builder for {}",
                    &user_id.value
                ))?;
        }
        builder = builder
            .add_userid_with(user_id.value.clone(), sig_builder)
            .context(format!(
                "Failed to add user ID {} to certificate builder",
                &user_id.value
            ))?;
    }

    builder
        .generate()
        .context("Failed to generate certificate!")
}
chore: split code out into modules 2023-05-30 21:15:22 +00:00			`use anyhow::{Context, Result};`
feat: support generating new keys according to spec 2023-05-30 17:34:57 +00:00
			`use sequoia_openpgp::{`
			`cert::CertBuilder,`
feat: support working on existing keys 2023-05-31 15:27:45 +00:00			`packet::{signature::SignatureBuilder, Signature},`
feat: support generating new keys according to spec 2023-05-30 17:34:57 +00:00			`types::{KeyFlags, SignatureType},`
feat: support working on existing keys 2023-05-31 15:27:45 +00:00			`Cert,`
feat: support generating new keys according to spec 2023-05-30 17:34:57 +00:00			`};`

feat: support working on existing keys 2023-05-31 15:27:45 +00:00			`use spec::{KeyFlag, Spec};`
feat: support generating new keys according to spec 2023-05-30 17:34:57 +00:00
chore: split code out into modules 2023-05-30 21:15:22 +00:00			`mod paths;`
			`mod setup;`
			`mod spec;`
feat: support generating new keys according to spec 2023-05-30 17:34:57 +00:00
			`fn main() -> Result<()> {`
chore: split code out into modules 2023-05-30 21:15:22 +00:00			`let (paths, spec) = crate::setup::setup().context("Failed to setup application")?;`
feat: support working on existing keys 2023-05-31 15:27:45 +00:00			`let (cert, rev) = paths.load()?.ok_or(()).or_else(\|()\| generate_new(spec))?;`
			`paths`
			`.write(cert, rev)`
			`.context("Failed to store certificate!")?;`
			`Ok(())`
			`}`

			`fn generate_new(spec: Spec) -> Result<(Cert, Signature)> {`
feat: support generating new keys according to spec 2023-05-30 17:34:57 +00:00			`let mut builder = CertBuilder::new()`
chore: split code out into modules 2023-05-30 21:15:22 +00:00			`.set_primary_key_flags(`
			`spec.primary`
			`.flags`
			`.iter()`
			`.fold(KeyFlags::empty(), KeyFlag::fold),`
			`)`
feat: support generating new keys according to spec 2023-05-30 17:34:57 +00:00			`.set_validity_period(`
			`spec.primary`
			`.expiry`
			`.validity_period`
			`.or(spec.expiry.validity_period),`
			`)`
			`.set_cipher_suite(spec.primary.cipher_suite);`
			`for sub_key in spec.subs {`
			`builder = builder.add_subkey_with(`
chore: split code out into modules 2023-05-30 21:15:22 +00:00			`sub_key.flags.iter().fold(KeyFlags::empty(), KeyFlag::fold),`
feat: support generating new keys according to spec 2023-05-30 17:34:57 +00:00			`sub_key`
			`.expiry`
			`.validity_period`
			`.or(spec.expiry.validity_period),`
			`Some(sub_key.cipher_suite),`
			`SignatureBuilder::new(SignatureType::SubkeyBinding),`
			`)?;`
			`}`
			`for user_id in spec.user_ids {`
			`let mut sig_builder = SignatureBuilder::new(SignatureType::PositiveCertification);`
			`for (key, value) in user_id.notation {`
chore: split code out into modules 2023-05-30 21:15:22 +00:00			`sig_builder = sig_builder`
			`.add_notation(key, value, None, false)`
			`.context(format!(`
			`"Failed to add notation to signature builder for {}",`
			`&user_id.value`
			`))?;`
feat: support generating new keys according to spec 2023-05-30 17:34:57 +00:00			`}`
chore: split code out into modules 2023-05-30 21:15:22 +00:00			`builder = builder`
			`.add_userid_with(user_id.value.clone(), sig_builder)`
			`.context(format!(`
			`"Failed to add user ID {} to certificate builder",`
			`&user_id.value`
			`))?;`
feat: support generating new keys according to spec 2023-05-30 17:34:57 +00:00			`}`

feat: support working on existing keys 2023-05-31 15:27:45 +00:00			`builder`
chore: split code out into modules 2023-05-30 21:15:22 +00:00			`.generate()`
feat: support working on existing keys 2023-05-31 15:27:45 +00:00			`.context("Failed to generate certificate!")`
feat: support generating new keys according to spec 2023-05-30 17:34:57 +00:00			`}`