From 3c38132a78b7c04db6687e81746b496f0c7c2a77 Mon Sep 17 00:00:00 2001 From: James Pace Date: Sun, 26 Apr 2026 17:54:49 -0400 Subject: [PATCH] Format. Modify args. --- src/bin/j7s_mk_cert.rs | 65 +++++++++++++++++++++--------------------- 1 file changed, 33 insertions(+), 32 deletions(-) diff --git a/src/bin/j7s_mk_cert.rs b/src/bin/j7s_mk_cert.rs index 8f52854..fab439d 100644 --- a/src/bin/j7s_mk_cert.rs +++ b/src/bin/j7s_mk_cert.rs @@ -7,17 +7,29 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #![feature(duration_constructors)] use anyhow::Result; -use clap::Parser; -use rcgen::{ - CertificateParams, DistinguishedName, DnType, ExtendedKeyUsagePurpose, - Issuer, KeyPair, KeyUsagePurpose, SanType, -}; +use clap::{Parser, ValueEnum}; use rcgen::string::Ia5String; +use rcgen::{ + CertificateParams, DistinguishedName, DnType, ExtendedKeyUsagePurpose, Issuer, KeyPair, + KeyUsagePurpose, SanType, +}; use std::fs; use std::path::PathBuf; use time::{Duration, OffsetDateTime}; -/// Generate a Certificate Authority with some opinionated +#[derive(ValueEnum, Debug, Clone)] +enum AuthMode { + Server, + Client, +} + +#[derive(ValueEnum, Debug, Clone)] +enum IdentityType { + Email, + Domain, +} + +/// Generate a Certificate with some opinionated /// options selected. #[derive(Parser, Debug)] #[command(version, about, long_about = None)] @@ -26,23 +38,20 @@ struct Args { #[arg(long)] common_name: String, - /// Email address to assign to cert. + /// Is the identity for this cert an email address or a + /// domain name? #[arg(long)] - email_address: Option, + identity_type: IdentityType, - /// Domain address to assign to cert. + /// Identity of identity_type to add to cert. #[arg(long)] - domain_name: Option, + identity: String, - /// Set to make this cert valid for client authentication. + /// Should this be used for client or server auth? #[arg(long)] - client_auth: bool, + auth_mode: AuthMode, - /// Set to make this cert valid for server authentication. - #[arg(long)] - server_auth: bool, - - /// Days for CA to valid for. + /// Days for Certificate to valid for. #[arg(long, default_value = "365")] valid_length: i64, @@ -58,12 +67,6 @@ struct Args { fn main() -> Result<()> { let args = Args::parse(); - if (args.client_auth && args.server_auth) || (!args.client_auth && !args.server_auth) { - return Err(anyhow::Error::msg( - "Must set one and only one of client or server auth.", - )); - } - // Set up our identity. let mut params: CertificateParams = Default::default(); let earliest_date = OffsetDateTime::now_utc(); @@ -76,27 +79,25 @@ fn main() -> Result<()> { params .distinguished_name .push(DnType::CommonName, args.common_name); - if args.email_address.is_some() { - let email_address = Ia5String::try_from(args.email_address.unwrap())?; + if matches!(args.identity_type, IdentityType::Email) { + let email_address = Ia5String::try_from(args.identity.clone())?; params .subject_alt_names .push(SanType::Rfc822Name(email_address)); } - if args.domain_name.is_some() { - let domain_name = Ia5String::try_from(args.domain_name.unwrap())?; - params - .subject_alt_names - .push(SanType::DnsName(domain_name)); + if matches!(args.identity_type, IdentityType::Domain) { + let domain_name = Ia5String::try_from(args.identity.clone())?; + params.subject_alt_names.push(SanType::DnsName(domain_name)); } // Set up our purposes. params.key_usages.push(KeyUsagePurpose::DigitalSignature); - if args.client_auth { + if matches!(args.auth_mode, AuthMode::Client) { params .extended_key_usages .push(ExtendedKeyUsagePurpose::ClientAuth); } - if args.server_auth { + if matches!(args.auth_mode, AuthMode::Server) { params .extended_key_usages .push(ExtendedKeyUsagePurpose::ServerAuth);