Changeset - 8db14e9c5a3e
[Not reviewed]
0 2 0
Branko Majic (branko) - 4 years ago 2020-07-20 23:40:24
branko@majic.rs
GC-37: The --csr and --key-specification options should be exclusive:

- Updated list of invalid invocations in the unit tests.
- Updated parsers for server and client subcommands.
2 files changed with 22 insertions and 6 deletions:
0 comments (0 inline, 0 general)
gimmecert/cli.py
Show inline comments
 
@@ -164,16 +164,19 @@ def setup_help_subcommand_parser(parser, subparsers):
 

	
 
@subcommand_parser
 
def setup_server_subcommand_parser(parser, subparsers):
 
    subparser = subparsers.add_parser('server', description='Issues server certificate.')
 
    subparser.add_argument('entity_name', help='Name of the server entity.')
 
    subparser.add_argument('dns_name', nargs='*', help='Additional DNS names to include in subject alternative name.')
 
    subparser.add_argument('--csr', '-c', type=str, default=None, help='''Do not generate server private key locally, and use the passed-in \
 
    key_specification_or_csr_group = subparser.add_mutually_exclusive_group()
 
    key_specification_or_csr_group.add_argument('--csr', '-c', type=str, default=None,
 
                                                help='''Do not generate server private key locally, and use the passed-in \
 
    certificate signing request (CSR) instead. Use dash (-) to read from standard input. Only the public key is taken from the CSR.''')
 
    subparser.add_argument('--key-specification', '-k', type=key_specification,
 
                           help=ArgumentHelp.key_specification_format + " Default is to use same algorithm/parameters as used by CA hierarchy.", default=None)
 
    key_specification_or_csr_group.add_argument('--key-specification', '-k', type=key_specification, default=None,
 
                                                help=ArgumentHelp.key_specification_format +
 
                                                " Default is to use same algorithm/parameters as used by CA hierarchy.")
 

	
 
    def server_wrapper(args):
 
        project_directory = os.getcwd()
 

	
 
        return server(sys.stdout, sys.stderr, project_directory, args.entity_name, args.dns_name, args.csr, args.key_specification)
 

	
 
@@ -183,16 +186,19 @@ def setup_server_subcommand_parser(parser, subparsers):
 

	
 

	
 
@subcommand_parser
 
def setup_client_subcommand_parser(parser, subparsers):
 
    subparser = subparsers.add_parser('client', description='Issue client certificate.')
 
    subparser.add_argument('entity_name', help='Name of the client entity.')
 
    subparser.add_argument('--csr', '-c', type=str, default=None, help='''Do not generate client private key locally, and use the passed-in \
 
    key_specification_or_csr_group = subparser.add_mutually_exclusive_group()
 
    key_specification_or_csr_group.add_argument('--csr', '-c', type=str, default=None,
 
                                                help='''Do not generate client private key locally, and use the passed-in \
 
    certificate signing request (CSR) instead. Use dash (-) to read from standard input. Only the public key is taken from the CSR.''')
 
    subparser.add_argument('--key-specification', '-k', type=key_specification,
 
                           help=ArgumentHelp.key_specification_format + " Default is to use same algorithm/parameters as used by CA hierarchy.", default=None)
 
    key_specification_or_csr_group.add_argument('--key-specification', '-k', type=key_specification, default=None,
 
                                                help=ArgumentHelp.key_specification_format +
 
                                                " Default is to use same algorithm/parameters as used by CA hierarchy.")
 

	
 
    def client_wrapper(args):
 
        project_directory = os.getcwd()
 

	
 
        return client(sys.stdout, sys.stderr, project_directory, args.entity_name, args.csr, args.key_specification)
 

	
tests/test_cli.py
Show inline comments
 
@@ -388,25 +388,35 @@ INVALID_CLI_INVOCATIONS = [
 
    # server, invalid key specification
 
    ("gimmecert.cli.server", ["gimmecert", "server", "-k", "rsa", "myserver"]),
 
    ("gimmecert.cli.server", ["gimmecert", "server", "-k", "rsa:not_a_number", "myserver"]),
 
    ("gimmecert.cli.server", ["gimmecert", "server", "-k", "unsupported:algorithm", "myserver"]),
 
    ("gimmecert.cli.server", ["gimmecert", "server", "-k", "ecdsa:unsupported_curve", "myserver"]),
 

	
 
    # server, both key specification and csr specified at the same time
 
    ("gimmecert.cli.server", ["gimmecert", "server", "-k", "rsa:1024", "--csr", "myserver.csr.pem", "myserver"]),
 

	
 
    # client, invalid key specification
 
    ("gimmecert.cli.client", ["gimmecert", "client", "-k", "rsa", "myclient"]),
 
    ("gimmecert.cli.client", ["gimmecert", "client", "-k", "rsa:not_a_number", "myclient"]),
 
    ("gimmecert.cli.client", ["gimmecert", "client", "-k", "unsupported:algorithm", "myclient"]),
 
    ("gimmecert.cli.client", ["gimmecert", "client", "-k", "ecdsa:unsupported_curve", "myserver"]),
 

	
 
    # client, both key specification and csr specified at the same time
 
    ("gimmecert.cli.client", ["gimmecert", "client", "-k", "rsa:1024", "--csr", "myclient.csr.pem", "myclient"]),
 

	
 
    # renew, key specification without new private key option
 
    ("gimmecert.cli.renew", ["gimmecert", "renew", "-k", "rsa:1024", "server", "myserver"]),
 
    ("gimmecert.cli.renew", ["gimmecert", "renew", "-k", "rsa:1024", "client", "myclient"]),
 

	
 
    # renew, both new private key and csr specified at same time
 
    ("gimmecert.cli.renew", ["gimmecert", "renew", "server", "--new-private-key", "--csr", "myserver.csr.pem", "myserver"]),
 
    ("gimmecert.cli.renew", ["gimmecert", "renew", "client", "--new-private-key", "--csr", "myclient.csr.pem", "myclient"]),
 

	
 
    # renew, both key specification and csr specified at the same time
 
    ("gimmecert.cli.renew", ["gimmecert", "renew", "server", "--key-specification", "rsa:1024", "--csr", "myserver.csr.pem", "myserver"]),
 
    ("gimmecert.cli.renew", ["gimmecert", "renew", "client", "--key-specification", "rsa:1024", "--csr", "myclient.csr.pem", "myclient"]),
 
]
 

	
 

	
 
@pytest.mark.parametrize("command_function, cli_invocation", INVALID_CLI_INVOCATIONS)
 
def test_invalid_parser_commands_and_options_produce_error(tmpdir, command_function, cli_invocation):
 
    """
0 comments (0 inline, 0 general)