keyfork-derive-openpgp: add KEYFORK_OPENPGP_EXPIRE env var
This commit is contained in:
parent
278e5c84fd
commit
33405ee4fc
|
@ -1,6 +1,9 @@
|
||||||
//! Creation of OpenPGP certificates from BIP-0032 derived data.
|
//! Creation of OpenPGP certificates from BIP-0032 derived data.
|
||||||
|
|
||||||
use std::time::{Duration, SystemTime, SystemTimeError};
|
use std::{
|
||||||
|
str::FromStr,
|
||||||
|
time::{Duration, SystemTime, SystemTimeError},
|
||||||
|
};
|
||||||
|
|
||||||
use derive_util::{DerivationIndex, ExtendedPrivateKey, IndexError, PrivateKey};
|
use derive_util::{DerivationIndex, ExtendedPrivateKey, IndexError, PrivateKey};
|
||||||
use ed25519_dalek::SigningKey;
|
use ed25519_dalek::SigningKey;
|
||||||
|
@ -68,7 +71,24 @@ pub fn derive(xprv: XPrv, keys: &[KeyFlags], userid: &UserID) -> Result<Cert> {
|
||||||
};
|
};
|
||||||
|
|
||||||
let epoch = SystemTime::UNIX_EPOCH + Duration::from_secs(1);
|
let epoch = SystemTime::UNIX_EPOCH + Duration::from_secs(1);
|
||||||
let one_day = SystemTime::now() + Duration::from_secs(60 * 60 * 24);
|
let expiration_date = match std::env::var("KEYFORK_OPENPGP_EXPIRE").as_mut() {
|
||||||
|
Ok(var) => {
|
||||||
|
let ch = var.pop();
|
||||||
|
match (ch, u64::from_str(&var)) {
|
||||||
|
(Some(ch @ ('d' | 'm' | 'y')), Ok(expire)) => {
|
||||||
|
let multiplier = match ch {
|
||||||
|
'd' => 1,
|
||||||
|
'm' => 30,
|
||||||
|
'y' => 365,
|
||||||
|
_ => unreachable!(),
|
||||||
|
};
|
||||||
|
SystemTime::now() + Duration::from_secs(60 * 60 * 24 * expire * multiplier)
|
||||||
|
}
|
||||||
|
_ => SystemTime::now() + Duration::from_secs(60 * 60 * 24),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Err(_) => SystemTime::now() + Duration::from_secs(60 * 60 * 24),
|
||||||
|
};
|
||||||
|
|
||||||
// Create certificate with initial key and signature
|
// Create certificate with initial key and signature
|
||||||
let derived_primary_key = xprv.derive_child(&DerivationIndex::new(0, true)?)?;
|
let derived_primary_key = xprv.derive_child(&DerivationIndex::new(0, true)?)?;
|
||||||
|
@ -80,7 +100,7 @@ pub fn derive(xprv: XPrv, keys: &[KeyFlags], userid: &UserID) -> Result<Cert> {
|
||||||
|
|
||||||
// Sign and attach primary key and primary userid
|
// Sign and attach primary key and primary userid
|
||||||
let builder = SignatureBuilder::new(SignatureType::PositiveCertification)
|
let builder = SignatureBuilder::new(SignatureType::PositiveCertification)
|
||||||
.set_key_validity_period(one_day.duration_since(epoch)?)?
|
.set_key_validity_period(expiration_date.duration_since(epoch)?)?
|
||||||
.set_signature_creation_time(epoch)?
|
.set_signature_creation_time(epoch)?
|
||||||
.set_key_flags(primary_key_flags.clone())?;
|
.set_key_flags(primary_key_flags.clone())?;
|
||||||
let binding = userid.bind(&mut primary_key.clone().into_keypair()?, &cert, builder)?;
|
let binding = userid.bind(&mut primary_key.clone().into_keypair()?, &cert, builder)?;
|
||||||
|
@ -89,7 +109,8 @@ pub fn derive(xprv: XPrv, keys: &[KeyFlags], userid: &UserID) -> Result<Cert> {
|
||||||
|
|
||||||
// Set certificate expiration to one day
|
// Set certificate expiration to one day
|
||||||
let mut keypair = primary_key.clone().into_keypair()?;
|
let mut keypair = primary_key.clone().into_keypair()?;
|
||||||
let signatures = cert.set_expiration_time(&policy, None, &mut keypair, Some(one_day))?;
|
let signatures =
|
||||||
|
cert.set_expiration_time(&policy, None, &mut keypair, Some(expiration_date))?;
|
||||||
let cert = cert.insert_packets(signatures)?;
|
let cert = cert.insert_packets(signatures)?;
|
||||||
|
|
||||||
let mut cert = cert;
|
let mut cert = cert;
|
||||||
|
@ -127,7 +148,7 @@ pub fn derive(xprv: XPrv, keys: &[KeyFlags], userid: &UserID) -> Result<Cert> {
|
||||||
SignatureBuilder::new(SignatureType::SubkeyBinding)
|
SignatureBuilder::new(SignatureType::SubkeyBinding)
|
||||||
.set_key_flags(subkey_flags.clone())?
|
.set_key_flags(subkey_flags.clone())?
|
||||||
.set_signature_creation_time(epoch)?
|
.set_signature_creation_time(epoch)?
|
||||||
.set_key_validity_period(one_day.duration_since(epoch)?)?
|
.set_key_validity_period(expiration_date.duration_since(epoch)?)?
|
||||||
.set_embedded_signature(
|
.set_embedded_signature(
|
||||||
SignatureBuilder::new(SignatureType::PrimaryKeyBinding)
|
SignatureBuilder::new(SignatureType::PrimaryKeyBinding)
|
||||||
.set_signature_creation_time(epoch)?
|
.set_signature_creation_time(epoch)?
|
||||||
|
@ -141,7 +162,7 @@ pub fn derive(xprv: XPrv, keys: &[KeyFlags], userid: &UserID) -> Result<Cert> {
|
||||||
SignatureBuilder::new(SignatureType::SubkeyBinding)
|
SignatureBuilder::new(SignatureType::SubkeyBinding)
|
||||||
.set_key_flags(subkey_flags.clone())?
|
.set_key_flags(subkey_flags.clone())?
|
||||||
.set_signature_creation_time(epoch)?
|
.set_signature_creation_time(epoch)?
|
||||||
.set_key_validity_period(one_day.duration_since(epoch)?)?
|
.set_key_validity_period(expiration_date.duration_since(epoch)?)?
|
||||||
};
|
};
|
||||||
|
|
||||||
// Sign subkey with primary key and attach to cert
|
// Sign subkey with primary key and attach to cert
|
||||||
|
|
Loading…
Reference in New Issue