Implement 'update wkd' functionality for bulk updates of all certs from WKD.

4 files changed, 39 insertions, 19 deletions

diff --git a/openpgp-ca-bin/src/bin.rs b/openpgp-ca-bin/src/bin.rs
index 7205f43..441709b 100644
--- a/openpgp-ca-bin/src/bin.rs
+++ b/openpgp-ca-bin/src/bin.rs
@@ -142,6 +142,7 @@ fn main() -> Result<()> {
         },
         Command::Update { cmd } => match cmd {
             UpdateCommand::Keyserver {} => ca.update_from_keyserver()?,
+            UpdateCommand::Wkd {} => ca.update_from_wkd()?,
         },
     }
 
diff --git a/openpgp-ca-bin/src/cli.rs b/openpgp-ca-bin/src/cli.rs
index 41f02ec..8265f61 100644
--- a/openpgp-ca-bin/src/cli.rs
+++ b/openpgp-ca-bin/src/cli.rs
@@ -293,4 +293,6 @@ pub enum KeyListCommand {
 pub enum UpdateCommand {
     /// Update certificates from a keyserver
     Keyserver {},
+    /// Update certificates from WKD
+    Wkd {},
 }
diff --git a/openpgp-ca-lib/src/ca.rs b/openpgp-ca-lib/src/ca.rs
index 9ce8d7c..e075553 100644
--- a/openpgp-ca-lib/src/ca.rs
+++ b/openpgp-ca-lib/src/ca.rs
@@ -796,11 +796,19 @@ impl OpenpgpCa {
 
     // -------- Update certs from public sources
 
-    /// Pull updates for a cert from WKD and merge them into our local
-    /// storage for this cert.
-    pub fn update_from_wkd(&self, cert: &models::Cert) -> Result<()> {
-        self.db()
-            .transaction(|| update::update_from_wkd(&self, cert))
+    /// Pull updates for all certs from WKD and merge them into our local
+    /// storage.
+    pub fn update_from_wkd(&self) -> Result<()> {
+        for c in self.user_certs_get_all()? {
+            self.db().transaction::<_, anyhow::Error, _>(|| {
+                let updated = update::update_from_wkd(&self, &c)?;
+                if updated {
+                    println!("Got update for cert {}", c.fingerprint);
+                }
+                Ok(())
+            })?;
+        }
+        Ok(())
     }
 
     /// Update all certs from keyserver
diff --git a/openpgp-ca-lib/src/update.rs b/openpgp-ca-lib/src/update.rs
index 0987004..ceb7358 100644
--- a/openpgp-ca-lib/src/update.rs
+++ b/openpgp-ca-lib/src/update.rs
@@ -23,34 +23,43 @@ use tokio::runtime::Runtime;
 /// all certs retrieved in that way, if they have a  matching fingerprint,
 /// the cert data from wkd is merged into the existing cert (failed merges are
 /// ignored silently).
-pub fn update_from_wkd(oca: &OpenpgpCa, cert: &models::Cert) -> Result<()> {
+pub fn update_from_wkd(oca: &OpenpgpCa, cert: &models::Cert) -> Result<bool> {
     let mut rt = Runtime::new()?;
 
     let emails = oca.emails_get(&cert)?;
 
     // Collect all updates for 'cert' in 'merge'
-    let mut merge = Pgp::armored_to_cert(&cert.pub_cert)?;
+    let orig = Pgp::armored_to_cert(&cert.pub_cert)?;
+    let mut merged = orig.clone();
 
     for email in emails {
-        let certs = rt.block_on(async move { wkd::get(&email.addr).await });
-
-        for c in certs? {
-            if c.fingerprint() == Fingerprint::from_hex(&cert.fingerprint)? {
-                // If 'c' can't be merged, silently ignore the error that
-                // sequoia returns
-                if let Ok(m) = merge.clone().merge_public(c) {
-                    merge = m;
+        let res = rt.block_on(async move { wkd::get(&email.addr).await });
+
+        // silently ignore errors on wkd lookup
+        if let Ok(certs) = res {
+            for c in certs {
+                if c.fingerprint() == Fingerprint::from_hex(&cert.fingerprint)?
+                {
+                    // If 'c' can't be merged, silently ignore the error that
+                    // sequoia returns
+                    if let Ok(m) = merged.clone().merge_public(c) {
+                        merged = m;
+                    }
                 }
             }
         }
     }
 
-    let mut db_update = cert.clone();
-    db_update.pub_cert = Pgp::cert_to_armored(&merge)?;
+    if merged != orig {
+        let mut db_update = cert.clone();
+        db_update.pub_cert = Pgp::cert_to_armored(&merged)?;
 
-    oca.db().cert_update(&db_update)?;
+        oca.db().cert_update(&db_update)?;
 
-    Ok(())
+        Ok(true)
+    } else {
+        Ok(false)
+    }
 }
 
 /// Update a cert in the OpenPGP CA database from the "Hagrid" keyserver at