improve options to select secret key to backup/restore

1 files changed, 36 insertions, 12 deletions

diff --git a/keysafe.hs b/keysafe.hs
index 7de3079..7f89004 100644
--- a/keysafe.hs
+++ b/keysafe.hs
@@ -27,20 +27,44 @@ main :: IO ()
 main = do
 	cmdline <- CmdLine.get
 	ui <- selectUI (CmdLine.gui cmdline)
-	let keytype = CmdLine.keytype cmdline
 	-- TODO determine gpg key id by examining secret key,
 	-- or retrieving public key from keyserver and examining it.
-	let keyid = KeyId keytype "dummy key id"
 	let tunables = if CmdLine.testMode cmdline
 		then testModeTunables
 		else defaultTunables
-	case CmdLine.mode cmdline of
-		CmdLine.Backup -> storedemo ui keyid tunables
-		CmdLine.Restore -> retrievedemo ui keyid
-		CmdLine.Benchmark -> benchmarkTunables tunables
+	case (CmdLine.mode cmdline, CmdLine.secretkeysource cmdline) of
+		(CmdLine.Backup, Just secretkeysource) ->
+			backup ui tunables =<< normalize secretkeysource
+		(CmdLine.Backup, Nothing) -> do
+			backup ui tunables =<< normalize =<< pickGpgKey CmdLine.Backup ui
+		(CmdLine.Restore, Just secretkeydest) ->
+			restore ui =<< normalize secretkeydest
+		(CmdLine.Restore, Nothing) -> do
+			restore ui =<< normalize =<< pickGpgKey CmdLine.Backup ui
+		(CmdLine.Benchmark, _) -> benchmarkTunables tunables
 
-storedemo :: UI -> KeyId -> Tunables -> IO ()
-storedemo ui keyid tunables = do
+-- | Normalize gpg keyids, by querying the gpg keyserver for the key.
+-- If the keyserver knows of the key, the long keyid is used.
+-- But, if the keyserver does not know of the key, a null keyid is used.
+normalize :: SecretKeySource -> IO SecretKeySource
+normalize = return -- TODO
+
+-- | Pick gpg secret key to back up or restore.
+--
+-- When backing up, if there is only one secret
+-- key, the choice is obvious. Otherwise prompt the user with a list.
+--
+-- When restoring, prompt the user for the name of the key,
+-- query the keyserver, and let the user pick from a list.
+-- The "other" option uses a null keyid, to handle the case where a key is
+-- not stored in the keyserver.
+pickGpgKey :: CmdLine.Mode -> UI -> IO SecretKeySource
+pickGpgKey CmdLine.Backup ui = error "TODO"
+pickGpgKey CmdLine.Restore ui = error "TODO"
+pickGpgKey _ ui = error "internal error in pickGpgKey"
+
+backup :: UI -> Tunables -> SecretKeySource -> IO ()
+backup ui tunables secretkeysource = do
 	username <- userName
 	name <- fromMaybe (error "Aborting on no name") 
 		<$> promptName ui "Enter a name"
@@ -50,7 +74,7 @@ storedemo ui keyid tunables = do
 	print $ estimateAttack spotAWS $ estimateBruteforceOf kek
 		(passwordEntropy password [])
 	let esk = encrypt tunables kek secretkey
-	let sis = shardIdents tunables name keyid
+	let sis = shardIdents tunables name secretkeysource
 	shards <- genShards esk tunables
 	print =<< mapM (uncurry (storeShard localFiles)) (zip (getIdents sis) shards)
 	print =<< obscureShards localFiles
@@ -67,13 +91,13 @@ storedemo ui keyid tunables = do
 		, "(Your own full name is a pretty good choice for the name to enter here.)"
 		]
 
-retrievedemo :: UI -> KeyId -> IO ()
-retrievedemo ui keyid = do
+restore :: UI -> SecretKeySource -> IO ()
+restore ui secretkeydest = do
 	username <- userName
 	name <- fromMaybe (error "Aborting on no name") 
 		<$> promptName ui "Enter the name of the key to restore"
 			namedesc username validateName
-	let sis = shardIdents tunables name keyid
+	let sis = shardIdents tunables name secretkeydest
 	-- we drop 1 to simulate not getting all shards from the servers
 	let l = drop 1 $ zip [1..] (getIdents sis)
 	shards <- map (\(RetrieveSuccess s) -> s)