~core/sage

ref: 921334b04c28087a6b26e858a8a99047783d7df0 sage/src/wrapper.rs -rw-r--r-- 6.1 KiB
921334b0 — core rel: v0.1.1 21 days ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215

use crate::db::Database;
use crate::identity::IdKeyData;
use anyhow::bail;
use pico_args::Arguments;
use std::io::ErrorKind;
use std::path::{Path, PathBuf};
use std::process::{Command, exit};
use std::str::FromStr;
use tempfile::NamedTempFile;

#[derive(Debug)]
enum Mode {
    Encrypt,
    Decrypt,
}

pub fn wrapper(mut pargs: Arguments, db_path: &Path) -> anyhow::Result<()> {
    let verbose = pargs.contains(["-v", "--verbose"]);
    let contains_encrypt = pargs.contains(["-e", "--encrypt"]);
    let contains_decrypt = pargs.contains(["-d", "--decrypt"]);

    if contains_encrypt && contains_decrypt {
        bail!("cannot specify both --encrypt and --decrypt, pick one");
    }

    let mode = if contains_decrypt {
        Mode::Decrypt
    } else {
        Mode::Encrypt
    };
    let output: Option<PathBuf> = pargs.opt_value_from_str(["-o", "--output"])?;
    let armor = pargs.contains(["-a", "--armor"]);
    let passphrase = pargs.contains(["-p", "--passphrase"]);

    let mut recipients = vec![];
    loop {
        let maybe_r: Option<String> = pargs.opt_value_from_str(["-r", "--recipient"])?;

        if let Some(r) = maybe_r {
            recipients.push(r);
        } else {
            break;
        }
    }

    if let Ok(Some(f)) = pargs.opt_value_from_str::<[&str; 2], PathBuf>(["-R", "--recipients-file"])
    {
        recipients.extend(load_keyfile(&f)?);
    }

    let mut identities = vec![];
    loop {
        let maybe_i: Option<String> = pargs.opt_value_from_str(["-i", "--identity"])?;

        if let Some(i) = maybe_i {
            let Ok(path) = PathBuf::from_str(&i);
            if path.exists() {
                identities.extend(load_keyfile(&path)?);
            } else {
                identities.push(i);
            }
        } else {
            break;
        }
    }

    let input: Option<PathBuf> = pargs.opt_free_from_str()?;

    if verbose {
        println!(
            "resolved args: {:?} output={:?} armor?{:?} passphrase?{:?} recipients=>{:?} identities=>{:?} input={:?}",
            mode, output, armor, passphrase, recipients, identities, input
        );
    }

    // Resolve recipients and identities to the database
    let db = Database::load_or_create(db_path)?;

    // resolve recipients
    let resolved_recipients = recipients
        .iter()
        .map(|u| {
            // is this already a valid key?
            if u.starts_with("age1") {
                // regular ol' pubkey
                return u.clone();
            }
            // otherwise, resolve it in the database
            let results = db.fuzzy_search(u.clone());
            if results.is_empty() {
                eprintln!("no results for recipient {u}");
                exit(1);
            }
            if results.len() > 1 {
                eprintln!("recipient {u} is ambiguous, please narrow it down");
                exit(1);
            }
            let r = &results[0];

            if verbose {
                eprintln!(
                    "resolved rcpt {u} => {:?} (keyid {})",
                    r,
                    r.keys.keyid().unwrap()
                );
            }

            r.keys.pk().unwrap()
        })
        .collect::<Vec<_>>();
    // resolve identities
    let resolved_identities = identities.iter()
        .map(|u| {
            // is this already a valid key?
            if u.starts_with("AGE-SECRET-KEY") {
                // regular ol' sk
                return u.clone()
            }
            // otherwise, resolve it in the database
            let results = db.fuzzy_search(u.clone());
            if results.is_empty() {
                eprintln!("no results for identity {u}");
                exit(1);
            }
            if results.len() > 1 {
                eprintln!("identity {u} is ambiguous, please narrow it down");
                exit(1);
            }
            let r = &results[0];

            if verbose {
                eprintln!("resolved id {u} => {:?} (keyid {})", r, r.keys.keyid().unwrap());
            }

            match &r.keys {
                IdKeyData::Local(sk) => sk.clone(),
                IdKeyData::Peer(_) => {
                    eprintln!("resolved identity is a peer key, not a local key. perhaps revise your search terms?");
                    exit(1);
                }
            }
        })
        .collect::<Vec<_>>();

    if verbose {
        eprintln!("resolved recipients: {:#?}", resolved_recipients);
    }

    // write recipients to a temp file
    let r_tmpfile = NamedTempFile::new()?;
    std::fs::write(r_tmpfile.path(), resolved_recipients.join("\n"))?;
    let i_tmpfile = NamedTempFile::new()?;
    std::fs::write(i_tmpfile.path(), resolved_identities.join("\n"))?;

    // execute age
    let mut args = vec![];
    args.push(
        match mode {
            Mode::Encrypt => "--encrypt",
            Mode::Decrypt => "--decrypt",
        }
        .to_string(),
    );
    if let Some(o) = output {
        args.push("--output".to_string());
        args.push(o.display().to_string());
    }
    if armor {
        args.push("--armor".to_string());
    }
    if passphrase {
        args.push("--passphrase".to_string());
    }
    if !resolved_recipients.is_empty() {
        args.push("--recipients-file".to_string());
        args.push(r_tmpfile.path().display().to_string());
    }
    if !resolved_identities.is_empty() {
        args.push("--identity".to_string());
        args.push(i_tmpfile.path().display().to_string());
    }
    if let Some(i) = input {
        args.push(i.display().to_string());
    }

    if verbose {
        eprintln!("exec age {:?}", args);
    }

    let mut c = match Command::new("age").args(args).spawn() {
        Ok(c) => c,
        Err(e) if e.kind() == ErrorKind::NotFound => {
            eprintln!("{e}");
            eprintln!("is `age` installed?");
            exit(0);
        }
        Err(e) => {
            return Err(e)?;
        }
    };

    c.wait()?;

    Ok(())
}

fn load_keyfile(path: &Path) -> anyhow::Result<Vec<String>> {
    let contents = std::fs::read_to_string(path)?;
    Ok(contents
        .lines()
        .filter(|u| !u.is_empty())
        .filter(|u| !u.starts_with("#"))
        .map(|u| u.to_string())
        .collect())
}