keyringctl: Deal with multi-certificate per user files

keyringctl:
Add `sanitize_certificate_file()` to potentially split per-user input
files that contain more than one certificate.
Change `packet_split()` to add documentation and rename the key
parameter to certificate, as it is more generic.
Change `convert_certificate()` to use named parameters when calling
`packet_split()`.
Change `convert()` to call `convert_certificate()` on a list of
sanitized certificates (generated using `sanitized_certificate_file()`)
to be able to deal with multi-certificate files per user.
This commit is contained in:
David Runge 2021-10-04 22:12:33 +02:00 committed by Levente Polyak
parent cb8e827112
commit 7f7c2f13f0
No known key found for this signature in database
GPG Key ID: FC1B547C8D8172C8

View File

@ -125,7 +125,7 @@ def convert_certificate(working_dir: Path, certificate: Path, name_override: Opt
debug(f'Processing certificate {certificate}')
for packet in packet_split(working_dir, certificate):
for packet in packet_split(working_dir=working_dir, certificate=certificate):
debug(f'Processing packet {packet.name}')
if packet.name.endswith('--PublicKey'):
pubkey = packet
@ -432,10 +432,67 @@ def packet_dump_field(packet: Path, field: str) -> str:
return lines[0].split(maxsplit=1)[1]
def packet_split(working_dir: Path, key: Path) -> Iterable[Path]:
def sanitize_certificate_file(working_dir: Path, certificate: Path) -> List[Path]:
"""Sanitize a certificate file, potentially containing several certificates
If the input file holds several certificates, they are split into respective files below working_dir and their
paths are returned. Else the path to the input certificate file is returned.
Parameters
----------
working_dir: Path
The path of the working directory below which to create split certificates
certificate: Path
The absolute path of a file containing one or several PGP certificates
Returns
-------
List[Path]
A list of paths that either contain the input certificate or several split certificates
"""
begin_cert = "-----BEGIN PGP PUBLIC KEY BLOCK-----"
end_cert = "-----END PGP PUBLIC KEY BLOCK-----"
certificate_list: List[Path] = []
with open(file=certificate, mode="r") as certificate_file:
file = certificate_file.read()
if file.count(begin_cert) > 1 and file.count(end_cert) > 1:
debug(f"Several public keys detected in file: {certificate}")
for split_cert in [f"{cert}{end_cert}\n" for cert in list(filter(None, file.split(f"{end_cert}\n")))]:
split_cert_dir = Path(mkdtemp(dir=working_dir)).absolute()
split_cert_path = split_cert_dir / certificate.name
with open(file=split_cert_path, mode="w") as split_cert_file:
split_cert_file.write(split_cert)
debug(f"Writing split cert to file: {split_cert_path}")
certificate_list.append(split_cert_path)
return certificate_list
else:
return [certificate]
def packet_split(working_dir: Path, certificate: Path) -> Iterable[Path]:
"""Split a file containing a PGP certificate into separate packet files
The files are split using sq
Parameters
----------
working_dir: Path
The path of the working directory below which to create the output files
certificate: Path
The absolute path of a file containing one PGP certificate
Returns
-------
Iterable[Path]
An iterable over the naturally sorted list of packet files derived from certificate
"""
packet_dir = Path(mkdtemp(dir=working_dir)).absolute()
with cwd(packet_dir):
system(['sq', 'packet', 'split', '--prefix', '', str(key)])
system(['sq', 'packet', 'split', '--prefix', '', str(certificate)])
return natural_sort_path(packet_dir.iterdir())
@ -463,13 +520,15 @@ def convert(
directories: List[Path] = []
if source.is_dir():
for key in source.iterdir():
directories.append(
convert_certificate(working_dir=working_dir, certificate=key, name_override=name_override)
)
for sane_cert in sanitize_certificate_file(working_dir=working_dir, certificate=key):
directories.append(
convert_certificate(working_dir=working_dir, certificate=sane_cert, name_override=name_override)
)
else:
directories.append(
convert_certificate(working_dir=working_dir, certificate=source, name_override=name_override)
)
for sane_cert in sanitize_certificate_file(working_dir=working_dir, certificate=source):
directories.append(
convert_certificate(working_dir=working_dir, certificate=sane_cert, name_override=name_override)
)
for path in directories:
(target_dir / path.name).mkdir(exist_ok=True)