diff options
| author | Heiko <heiko@schaefer.name> | 2021-05-05 16:55:33 +0200 |
|---|---|---|
| committer | Heiko <heiko@schaefer.name> | 2021-05-05 16:55:33 +0200 |
| commit | 1848cc60aa0c5b9ed79de5369e0d219b1fa86000 (patch) | |
| tree | 36e68834c3d0544ae6dc4ec008c3c3cf20e12e2a | |
| parent | b96e08aaa921f9b0b3ac7427d63e1b4a1172f7db (diff) | |
| download | openpgp-ca-1848cc60aa0c5b9ed79de5369e0d219b1fa86000.tar.gz | |
Add a simple "update keyserver" command to check for updates from hagrid for each cert.
| -rw-r--r-- | src/bin.rs | 3 | ||||
| -rw-r--r-- | src/ca.rs | 15 | ||||
| -rw-r--r-- | src/cli.rs | 13 | ||||
| -rw-r--r-- | src/update.rs | 29 |
4 files changed, 48 insertions, 12 deletions
@@ -140,6 +140,9 @@ fn main() -> Result<()> { ca.export_keylist(path, signature_uri, force)?; } }, + Command::Update { cmd } => match cmd { + UpdateCommand::Keyserver {} => ca.update_from_keyserver()?, + }, } Ok(()) @@ -803,10 +803,23 @@ impl OpenpgpCa { .transaction(|| update::update_from_wkd(&self, cert)) } + /// Update all certs from keyserver + pub fn update_from_keyserver(&self) -> Result<()> { + for c in self.user_certs_get_all()? { + let updated = self.update_from_hagrid(&c)?; + if updated { + println!("Got update for cert {}", c.fingerprint); + } + } + Ok(()) + } + /// Pull updates for a cert from the hagrid keyserver /// (https://keys.openpgp.org/) and merge any updates into our local /// storage for this cert. - pub fn update_from_hagrid(&self, cert: &models::Cert) -> Result<()> { + /// + /// Returns "true" if updated data was received, false if not. + pub fn update_from_hagrid(&self, cert: &models::Cert) -> Result<bool> { self.db() .transaction(|| update::update_from_hagrid(&self, cert)) } @@ -52,13 +52,18 @@ pub enum Command { #[structopt(subcommand)] cmd: KeyListCommand, }, + /// Update + Update { + #[structopt(subcommand)] + cmd: UpdateCommand, + }, // /// Manage Directories // Directory { // #[structopt(subcommand)] // cmd: DirCommand, // }, // /// Manage key-profiles - // KeyProfile {}, + // KeyProfile {} } #[derive(StructOpt, Debug)] @@ -283,3 +288,9 @@ pub enum KeyListCommand { force: bool, }, } + +#[derive(StructOpt, Debug)] +pub enum UpdateCommand { + /// Update certificates from a keyserver + Keyserver {}, +} diff --git a/src/update.rs b/src/update.rs index 9568bc0..0987004 100644 --- a/src/update.rs +++ b/src/update.rs @@ -55,7 +55,10 @@ pub fn update_from_wkd(oca: &OpenpgpCa, cert: &models::Cert) -> Result<()> { /// Update a cert in the OpenPGP CA database from the "Hagrid" keyserver at /// `keys.openpgp.org` -pub fn update_from_hagrid(oca: &OpenpgpCa, cert: &models::Cert) -> Result<()> { +pub fn update_from_hagrid( + oca: &OpenpgpCa, + cert: &models::Cert, +) -> Result<bool> { let fp = (cert.fingerprint).parse::<Fingerprint>()?; let c = Pgp::armored_to_cert(&cert.pub_cert)?; @@ -68,15 +71,21 @@ pub fn update_from_hagrid(oca: &OpenpgpCa, cert: &models::Cert) -> Result<()> { let update = rt.block_on(async move { hagrid.get(&KeyID::from(fp)).await })?; - // Merge new certificate information into existing cert - if let Ok(merged) = c.merge_public(update) { - // Store merged cert in DB - let mut db_update = cert.clone(); - db_update.pub_cert = Pgp::cert_to_armored(&merged)?; + // Merge new certificate information into existing cert. + // (Silently ignore potential errors from merge_public()) + if let Ok(merged) = c.clone().merge_public(update) { + if merged != c { + // Store merged cert in DB + let mut db_update = cert.clone(); + db_update.pub_cert = Pgp::cert_to_armored(&merged)?; - oca.db().cert_update(&db_update) - } else { - // Silently ignore potential errors from merge_public(). - Ok(()) + oca.db().cert_update(&db_update)?; + + // An update for this cert was received + return Ok(true); + } } + + // No update was received + Ok(false) } |