From 6b6c506d52c1fb346cf0e019dda138ba002cb81e Mon Sep 17 00:00:00 2001 From: Wiktor Kwapisiewicz Date: Thu, 1 Jun 2023 22:35:14 +0200 Subject: [PATCH 1/3] Add pysequoia to list of needed packages --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 109316e..70d1ef4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -24,7 +24,7 @@ test: stage: test needs: [] before_script: - - pacman -Syu --needed --noconfirm make python sequoia-sq python-coverage python-pytest python-tomli + - pacman -Syu --needed --noconfirm make python sequoia-sq python-coverage python-pysequoia python-pytest python-tomli script: - make test only: From a5b08015a48b475db34d77d92bc7f5f06a22548f Mon Sep 17 00:00:00 2001 From: Wiktor Kwapisiewicz Date: Thu, 1 Jun 2023 22:35:41 +0200 Subject: [PATCH 2/3] Use pysequoia in key_extract_certificate --- libkeyringctl/sequoia.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libkeyringctl/sequoia.py b/libkeyringctl/sequoia.py index 941f5e0..0bfdae3 100644 --- a/libkeyringctl/sequoia.py +++ b/libkeyringctl/sequoia.py @@ -5,6 +5,7 @@ from datetime import datetime from functools import reduce from pathlib import Path from platform import python_version_tuple +from pysequoia import Cert from re import sub from tempfile import mkdtemp from typing import Dict @@ -336,10 +337,13 @@ def key_extract_certificate(key: Path, output: Optional[Path]) -> str: The result of the extract in case output is None """ - cmd = ["sq", "key", "extract-cert", str(key)] + cert = Cert.from_file(str(key)) + # Conversion to string exports only public parts + public = str(cert) if output: - cmd.extend(["--output", str(output)]) - return system(cmd) + with open(output, "wb") as f: + f.write(public.encode("utf8")) + return public def certify(key: Path, certificate: Path, uid: Uid, output: Optional[Path]) -> str: From 9d7b3ee27f3b6fce30aa45f0355d9cad89db5d64 Mon Sep 17 00:00:00 2001 From: Wiktor Kwapisiewicz Date: Thu, 1 Jun 2023 22:47:11 +0200 Subject: [PATCH 3/3] Use pysequoia in key_generate --- libkeyringctl/sequoia.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/libkeyringctl/sequoia.py b/libkeyringctl/sequoia.py index 0bfdae3..5289c89 100644 --- a/libkeyringctl/sequoia.py +++ b/libkeyringctl/sequoia.py @@ -317,11 +317,12 @@ def key_generate(uids: List[Uid], outfile: Path) -> str: The result of the key generate call """ - cmd = ["sq", "key", "generate"] - for uid in uids: - cmd.extend(["--userid", str(uid)]) - cmd.extend(["--export", str(outfile)]) - return system(cmd) + # Current limitation of pysequoia: only one User ID allowed + assert len(uids) == 1 + cert = str(Cert.generate(user_id = uids[0])) + with open(outfile, "wb") as f: + f.write(cert.encode("utf8")) + return cert def key_extract_certificate(key: Path, output: Optional[Path]) -> str: