diff options
author | Heiko <heiko@schaefer.name> | 2021-05-19 12:21:06 +0200 |
---|---|---|
committer | Heiko <heiko@schaefer.name> | 2021-05-19 12:21:06 +0200 |
commit | 246e79fe7bf280e957eb0c1cfc50508aacf85ff4 (patch) | |
tree | 3aa354d417589ca337a1d1d269b3ee38bb291068 | |
parent | bf3048ae3312b1cc2871c94f12bc0d4bf488d7ff (diff) | |
download | openpgp-ca-246e79fe7bf280e957eb0c1cfc50508aacf85ff4.tar.gz |
Implement 'update wkd' functionality for bulk updates of all certs from WKD.
-rw-r--r-- | openpgp-ca-bin/src/bin.rs | 1 | ||||
-rw-r--r-- | openpgp-ca-bin/src/cli.rs | 2 | ||||
-rw-r--r-- | openpgp-ca-lib/src/ca.rs | 18 | ||||
-rw-r--r-- | openpgp-ca-lib/src/update.rs | 37 |
4 files changed, 39 insertions, 19 deletions
diff --git a/openpgp-ca-bin/src/bin.rs b/openpgp-ca-bin/src/bin.rs index 7205f43..441709b 100644 --- a/openpgp-ca-bin/src/bin.rs +++ b/openpgp-ca-bin/src/bin.rs @@ -142,6 +142,7 @@ fn main() -> Result<()> { }, Command::Update { cmd } => match cmd { UpdateCommand::Keyserver {} => ca.update_from_keyserver()?, + UpdateCommand::Wkd {} => ca.update_from_wkd()?, }, } diff --git a/openpgp-ca-bin/src/cli.rs b/openpgp-ca-bin/src/cli.rs index 41f02ec..8265f61 100644 --- a/openpgp-ca-bin/src/cli.rs +++ b/openpgp-ca-bin/src/cli.rs @@ -293,4 +293,6 @@ pub enum KeyListCommand { pub enum UpdateCommand { /// Update certificates from a keyserver Keyserver {}, + /// Update certificates from WKD + Wkd {}, } diff --git a/openpgp-ca-lib/src/ca.rs b/openpgp-ca-lib/src/ca.rs index 9ce8d7c..e075553 100644 --- a/openpgp-ca-lib/src/ca.rs +++ b/openpgp-ca-lib/src/ca.rs @@ -796,11 +796,19 @@ impl OpenpgpCa { // -------- Update certs from public sources - /// Pull updates for a cert from WKD and merge them into our local - /// storage for this cert. - pub fn update_from_wkd(&self, cert: &models::Cert) -> Result<()> { - self.db() - .transaction(|| update::update_from_wkd(&self, cert)) + /// Pull updates for all certs from WKD and merge them into our local + /// storage. + pub fn update_from_wkd(&self) -> Result<()> { + for c in self.user_certs_get_all()? { + self.db().transaction::<_, anyhow::Error, _>(|| { + let updated = update::update_from_wkd(&self, &c)?; + if updated { + println!("Got update for cert {}", c.fingerprint); + } + Ok(()) + })?; + } + Ok(()) } /// Update all certs from keyserver diff --git a/openpgp-ca-lib/src/update.rs b/openpgp-ca-lib/src/update.rs index 0987004..ceb7358 100644 --- a/openpgp-ca-lib/src/update.rs +++ b/openpgp-ca-lib/src/update.rs @@ -23,34 +23,43 @@ use tokio::runtime::Runtime; /// all certs retrieved in that way, if they have a matching fingerprint, /// the cert data from wkd is merged into the existing cert (failed merges are /// ignored silently). -pub fn update_from_wkd(oca: &OpenpgpCa, cert: &models::Cert) -> Result<()> { +pub fn update_from_wkd(oca: &OpenpgpCa, cert: &models::Cert) -> Result<bool> { let mut rt = Runtime::new()?; let emails = oca.emails_get(&cert)?; // Collect all updates for 'cert' in 'merge' - let mut merge = Pgp::armored_to_cert(&cert.pub_cert)?; + let orig = Pgp::armored_to_cert(&cert.pub_cert)?; + let mut merged = orig.clone(); for email in emails { - let certs = rt.block_on(async move { wkd::get(&email.addr).await }); - - for c in certs? { - if c.fingerprint() == Fingerprint::from_hex(&cert.fingerprint)? { - // If 'c' can't be merged, silently ignore the error that - // sequoia returns - if let Ok(m) = merge.clone().merge_public(c) { - merge = m; + let res = rt.block_on(async move { wkd::get(&email.addr).await }); + + // silently ignore errors on wkd lookup + if let Ok(certs) = res { + for c in certs { + if c.fingerprint() == Fingerprint::from_hex(&cert.fingerprint)? + { + // If 'c' can't be merged, silently ignore the error that + // sequoia returns + if let Ok(m) = merged.clone().merge_public(c) { + merged = m; + } } } } } - let mut db_update = cert.clone(); - db_update.pub_cert = Pgp::cert_to_armored(&merge)?; + if merged != orig { + let mut db_update = cert.clone(); + db_update.pub_cert = Pgp::cert_to_armored(&merged)?; - oca.db().cert_update(&db_update)?; + oca.db().cert_update(&db_update)?; - Ok(()) + Ok(true) + } else { + Ok(false) + } } /// Update a cert in the OpenPGP CA database from the "Hagrid" keyserver at |