Format. Modify args.

src/bin/j7s_mk_cert.rs

@@ -7,17 +7,29 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */
 #![feature(duration_constructors)]
 use anyhow::Result;
-use clap::Parser;
+use clap::{Parser, ValueEnum};
-use rcgen::{
-    CertificateParams, DistinguishedName, DnType, ExtendedKeyUsagePurpose,
-    Issuer, KeyPair, KeyUsagePurpose, SanType,
-};
 use rcgen::string::Ia5String;
+use rcgen::{
+    CertificateParams, DistinguishedName, DnType, ExtendedKeyUsagePurpose, Issuer, KeyPair,
+    KeyUsagePurpose, SanType,
+};
 use std::fs;
 use std::path::PathBuf;
 use time::{Duration, OffsetDateTime};
 
-/// Generate a Certificate Authority with some opinionated
+#[derive(ValueEnum, Debug, Clone)]
+enum AuthMode {
+    Server,
+    Client,
+}
+
+#[derive(ValueEnum, Debug, Clone)]
+enum IdentityType {
+    Email,
+    Domain,
+}
+
+/// Generate a Certificate with some opinionated
 /// options selected.
 #[derive(Parser, Debug)]
 #[command(version, about, long_about = None)]
@@ -26,23 +38,20 @@ struct Args {
     #[arg(long)]
     common_name: String,
 
-    /// Email address to assign to cert.
+    /// Is the identity for this cert an email address or a
+    /// domain name?
     #[arg(long)]
-    email_address: Option<String>,
+    identity_type: IdentityType,
 
-    /// Domain address to assign to cert.
+    /// Identity of identity_type to add to cert.
     #[arg(long)]
-    domain_name: Option<String>,
+    identity: String,
 
-    /// Set to make this cert valid for client authentication.
+    /// Should this be used for client or server auth?
     #[arg(long)]
-    client_auth: bool,
+    auth_mode: AuthMode,
 
-    /// Set to make this cert valid for server authentication.
+    /// Days for Certificate to valid for.
-    #[arg(long)]
-    server_auth: bool,
-
-    /// Days for CA to valid for.
     #[arg(long, default_value = "365")]
     valid_length: i64,
 
@@ -58,12 +67,6 @@ struct Args {
 fn main() -> Result<()> {
     let args = Args::parse();
 
-    if (args.client_auth && args.server_auth) || (!args.client_auth && !args.server_auth) {
-        return Err(anyhow::Error::msg(
-            "Must set one and only one of client or server auth.",
-        ));
-    }
-
     // Set up our identity.
     let mut params: CertificateParams = Default::default();
     let earliest_date = OffsetDateTime::now_utc();
@@ -76,27 +79,25 @@ fn main() -> Result<()> {
     params
         .distinguished_name
         .push(DnType::CommonName, args.common_name);
-    if args.email_address.is_some() {
+    if matches!(args.identity_type, IdentityType::Email) {
-        let email_address = Ia5String::try_from(args.email_address.unwrap())?;
+        let email_address = Ia5String::try_from(args.identity.clone())?;
         params
             .subject_alt_names
             .push(SanType::Rfc822Name(email_address));
     }
-    if args.domain_name.is_some() {
+    if matches!(args.identity_type, IdentityType::Domain) {
-        let domain_name = Ia5String::try_from(args.domain_name.unwrap())?;
+        let domain_name = Ia5String::try_from(args.identity.clone())?;
-        params
+        params.subject_alt_names.push(SanType::DnsName(domain_name));
-            .subject_alt_names
-            .push(SanType::DnsName(domain_name));
     }
 
     // Set up our purposes.
     params.key_usages.push(KeyUsagePurpose::DigitalSignature);
-    if args.client_auth {
+    if matches!(args.auth_mode, AuthMode::Client) {
         params
             .extended_key_usages
             .push(ExtendedKeyUsagePurpose::ClientAuth);
     }
-    if args.server_auth {
+    if matches!(args.auth_mode, AuthMode::Server) {
         params
             .extended_key_usages
             .push(ExtendedKeyUsagePurpose::ServerAuth);