From 545e247c2191af28b40fa51edceed81665bf3c83 Mon Sep 17 00:00:00 2001
From: Tony Garnock-Jones <tonyg@leastfixedpoint.com>
Date: Fri, 24 Nov 2023 13:23:20 +0100
Subject: [PATCH] Add `--caveat` option to `syndicate-macaroon mint`

---
 syndicate-tools/src/bin/syndicate-macaroon.rs | 17 +++++++++++++++--
 syndicate/src/sturdy.rs                       |  7 +++++++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/syndicate-tools/src/bin/syndicate-macaroon.rs b/syndicate-tools/src/bin/syndicate-macaroon.rs
index 9cc4b51..5346253 100644
--- a/syndicate-tools/src/bin/syndicate-macaroon.rs
+++ b/syndicate-tools/src/bin/syndicate-macaroon.rs
@@ -23,6 +23,8 @@ use syndicate::language;
 use syndicate::preserves_schema::Codec;
 use syndicate::preserves_schema::ParseError;
 use syndicate::schemas::noise;
+use syndicate::sturdy::Caveat;
+use syndicate::sturdy::SturdyRef;
 use syndicate::sturdy::_Any;
 
 #[derive(Clone, Debug)]
@@ -44,6 +46,10 @@ enum Action {
         #[arg(long, group="key")]
         /// Key bytes, encoded as hex
         hex: Option<String>,
+
+        #[arg(long)]
+        /// Caveats to add
+        caveat: Vec<Preserves<_Any>>,
     },
 
     #[command(group(ArgGroup::new("key").required(true)))]
@@ -136,7 +142,7 @@ fn main() -> io::Result<()> {
                                               &language().unparse(&n))?);
         }
 
-        Action::Mint { oid, phrase, hex } => {
+        Action::Mint { oid, phrase, hex, caveat: caveats } => {
             let key =
                 if let Some(hex) = hex {
                     HexParser::Liberal.decode(&hex).expect("hex encoded sturdyref")
@@ -145,7 +151,14 @@ fn main() -> io::Result<()> {
                 } else {
                     unreachable!()
                 };
-            let m = syndicate::sturdy::SturdyRef::mint(oid.0, &key);
+            let attenuation = caveats.into_iter().map(|c| {
+                let r = language().parse(&c.0);
+                if let Ok(Caveat::Unknown(_)) = &r {
+                    eprintln!("Warning: Unknown caveat format: {:?}", &c.0);
+                }
+                r
+            }).collect::<Result<Vec<Caveat>, _>>()?;
+            let m = SturdyRef::mint(oid.0, &key).attenuate(&attenuation)?;
             println!("{}", TextWriter::encode(&mut NoEmbeddedDomainCodec,
                                               &language().unparse(&m))?);
         }
diff --git a/syndicate/src/sturdy.rs b/syndicate/src/sturdy.rs
index 740f6b3..a2badee 100644
--- a/syndicate/src/sturdy.rs
+++ b/syndicate/src/sturdy.rs
@@ -2,6 +2,7 @@ use blake2::Blake2s256;
 use getrandom::getrandom;
 use hmac::{SimpleHmac, Mac};
 
+use preserves::error::io_syntax_error;
 use preserves::hex::HexParser;
 use preserves::hex::HexFormatter;
 use preserves::value::NestedValue;
@@ -37,6 +38,12 @@ impl std::fmt::Display for ValidationError {
     }
 }
 
+impl From<ValidationError> for io::Error {
+    fn from(v: ValidationError) -> Self {
+        io_syntax_error(&v.to_string())
+    }
+}
+
 impl std::error::Error for ValidationError {}
 
 const KEY_LENGTH: usize = 16; // bytes; 128 bits