gimmecert Changeset - 8db14e9c5a3e

Changeset - 8db14e9c5a3e

Parent rev.

Child rev.

[Not reviewed]

0 2 0

Branko Majic (branko) - 4 years ago 2020-07-20 23:40:24
branko@majic.rs

GC-37: The --csr and --key-specification options should be exclusive:

- Updated list of invalid invocations in the unit tests.
- Updated parsers for server and client subcommands.

2 files changed with 22 insertions and 6 deletions:

gimmecert/cli.py

tests/test_cli.py

0 comments (0 inline, 0 general)

gimmecert/cli.py

➞

Show inline comments

@@ @@ -164,16 +164,19 @@ def setup_help_subcommand_parser(parser, subparsers): @@
 @subcommand_parser
 def setup_server_subcommand_parser(parser, subparsers):
     subparser = subparsers.add_parser('server', description='Issues server certificate.')
     subparser.add_argument('entity_name', help='Name of the server entity.')
     subparser.add_argument('dns_name', nargs='*', help='Additional DNS names to include in subject alternative name.')
     subparser.add_argument('--csr', '-c', type=str, default=None, help='''Do not generate server private key locally, and use the passed-in \
     key_specification_or_csr_group = subparser.add_mutually_exclusive_group()
     key_specification_or_csr_group.add_argument('--csr', '-c', type=str, default=None,
                                                 help='''Do not generate server private key locally, and use the passed-in \
     certificate signing request (CSR) instead. Use dash (-) to read from standard input. Only the public key is taken from the CSR.''')
     subparser.add_argument('--key-specification', '-k', type=key_specification,
                            help=ArgumentHelp.key_specification_format + " Default is to use same algorithm/parameters as used by CA hierarchy.", default=None)
     key_specification_or_csr_group.add_argument('--key-specification', '-k', type=key_specification, default=None,
                                                 help=ArgumentHelp.key_specification_format +
                                                 " Default is to use same algorithm/parameters as used by CA hierarchy.")
     def server_wrapper(args):
         project_directory = os.getcwd()
         return server(sys.stdout, sys.stderr, project_directory, args.entity_name, args.dns_name, args.csr, args.key_specification)
@@ @@ -183,16 +186,19 @@ def setup_server_subcommand_parser(parser, subparsers): @@
 @subcommand_parser
 def setup_client_subcommand_parser(parser, subparsers):
     subparser = subparsers.add_parser('client', description='Issue client certificate.')
     subparser.add_argument('entity_name', help='Name of the client entity.')
     subparser.add_argument('--csr', '-c', type=str, default=None, help='''Do not generate client private key locally, and use the passed-in \
     key_specification_or_csr_group = subparser.add_mutually_exclusive_group()
     key_specification_or_csr_group.add_argument('--csr', '-c', type=str, default=None,
                                                 help='''Do not generate client private key locally, and use the passed-in \
     certificate signing request (CSR) instead. Use dash (-) to read from standard input. Only the public key is taken from the CSR.''')
     subparser.add_argument('--key-specification', '-k', type=key_specification,
                            help=ArgumentHelp.key_specification_format + " Default is to use same algorithm/parameters as used by CA hierarchy.", default=None)
     key_specification_or_csr_group.add_argument('--key-specification', '-k', type=key_specification, default=None,
                                                 help=ArgumentHelp.key_specification_format +
                                                 " Default is to use same algorithm/parameters as used by CA hierarchy.")
     def client_wrapper(args):
         project_directory = os.getcwd()
         return client(sys.stdout, sys.stderr, project_directory, args.entity_name, args.csr, args.key_specification)

tests/test_cli.py

➞

Show inline comments

@@ @@ -388,25 +388,35 @@ INVALID_CLI_INVOCATIONS = [ @@
     # server, invalid key specification
     ("gimmecert.cli.server", ["gimmecert", "server", "-k", "rsa", "myserver"]),
     ("gimmecert.cli.server", ["gimmecert", "server", "-k", "rsa:not_a_number", "myserver"]),
     ("gimmecert.cli.server", ["gimmecert", "server", "-k", "unsupported:algorithm", "myserver"]),
     ("gimmecert.cli.server", ["gimmecert", "server", "-k", "ecdsa:unsupported_curve", "myserver"]),
     # server, both key specification and csr specified at the same time
     ("gimmecert.cli.server", ["gimmecert", "server", "-k", "rsa:1024", "--csr", "myserver.csr.pem", "myserver"]),
     # client, invalid key specification
     ("gimmecert.cli.client", ["gimmecert", "client", "-k", "rsa", "myclient"]),
     ("gimmecert.cli.client", ["gimmecert", "client", "-k", "rsa:not_a_number", "myclient"]),
     ("gimmecert.cli.client", ["gimmecert", "client", "-k", "unsupported:algorithm", "myclient"]),
     ("gimmecert.cli.client", ["gimmecert", "client", "-k", "ecdsa:unsupported_curve", "myserver"]),
     # client, both key specification and csr specified at the same time
     ("gimmecert.cli.client", ["gimmecert", "client", "-k", "rsa:1024", "--csr", "myclient.csr.pem", "myclient"]),
     # renew, key specification without new private key option
     ("gimmecert.cli.renew", ["gimmecert", "renew", "-k", "rsa:1024", "server", "myserver"]),
     ("gimmecert.cli.renew", ["gimmecert", "renew", "-k", "rsa:1024", "client", "myclient"]),
     # renew, both new private key and csr specified at same time
     ("gimmecert.cli.renew", ["gimmecert", "renew", "server", "--new-private-key", "--csr", "myserver.csr.pem", "myserver"]),
     ("gimmecert.cli.renew", ["gimmecert", "renew", "client", "--new-private-key", "--csr", "myclient.csr.pem", "myclient"]),
     # renew, both key specification and csr specified at the same time
     ("gimmecert.cli.renew", ["gimmecert", "renew", "server", "--key-specification", "rsa:1024", "--csr", "myserver.csr.pem", "myserver"]),
     ("gimmecert.cli.renew", ["gimmecert", "renew", "client", "--key-specification", "rsa:1024", "--csr", "myclient.csr.pem", "myclient"]),
+]
 @pytest.mark.parametrize("command_function, cli_invocation", INVALID_CLI_INVOCATIONS)
 def test_invalid_parser_commands_and_options_produce_error(tmpdir, command_function, cli_invocation):
     """

0 comments (0 inline, 0 general)