def add_extensions(self, parser: CommandParser) -> None:
"""Add arguments for x509 extensions."""
group = parser.add_argument_group("X509 v3 certificate extensions", self.add_extensions_help)
group.add_argument(
"--key-usage",
metavar="VALUES",
action=actions.OrderedSetExtensionAction,
extension=KeyUsage,
help='The keyUsage extension, e.g. "critical,keyCertSign".',
)
group.add_argument(
"--ext-key-usage",
metavar="VALUES",
action=actions.OrderedSetExtensionAction,
extension=ExtendedKeyUsage,
help='The extendedKeyUsage extension, e.g. "serverAuth,clientAuth".',
)
group.add_argument(
"--tls-feature",
metavar="VALUES",
action=actions.OrderedSetExtensionAction,
extension=TLSFeature,
help="TLS Feature extensions.",
)
def create_parser(self, prog_name, subcommand):
parser = CommandParser(self,
prog="%s %s" %
(os.path.basename(prog_name), subcommand),
description=u'API文档辅助生成脚本.',
add_help=False)
parser.set_defaults(
**{
'verbosity': 1,
'pythonpath': None,
'traceback': None,
'no_color': False,
'settings': None
})
parser._positionals = parser.add_argument_group(u'位置参数')
parser._optionals = parser.add_argument_group(u'关键字参数')
parser.add_argument(
'ref',
nargs='?',
help=u'引用的对象(eg. oeauth.User, commons.login, users)')
parser.add_argument('-t', dest='target', help=u'请求的URL的对象(eg. users)')
parser.add_argument('-p', dest='prefix', help=u'请求的URL的前缀(eg. auth)')
parser.add_argument(
'-m',
dest='mode',
default='ILRCUAD',
help=u'包含的模式(Info/Create/List/Get/Update/Delete, eg. iclruad)')
parser.add_argument('-o', dest='output', help=u'保存文件名(allinone模式)')
parser.add_argument('-u',
'--update',
dest='update',
action='store_true',
default=False,
help=u'覆盖已经存在的文件(默认不覆盖)')
parser.add_argument('-i',
'--interactive',
dest='interactive',
action='store_true',
default=False,
help=u'覆盖前询问(默认不询问)')
parser.add_argument('-s',
'--sign',
dest='sign',
action='store_true',
default=False,
help=u'添加文档签名(默认不添加)')
parser.add_argument('-a',
'--allinone',
dest='allinone',
action='store_true',
default=False,
help=u'合并到单个rst文件中(默认不合并)')
parser.add_argument('-f',
'--form-request',
dest='form_request',
action='store_true',
default=False,
help=u'表单请求方式(URL请求只包含GET/POST)')
parser.add_argument('-h', '--help', action='help', help=u'显示帮助信息')
self.parser = parser
return parser
def add_arguments(self, parser: CommandParser) -> None:
self.add_general_args(parser)
self.add_algorithm(parser)
self.add_key_type(parser)
self.add_key_size(parser)
self.add_ecc_curve(parser)
parser.add_argument(
"--expires",
metavar="DAYS",
action=ExpiresAction,
default=timedelta(365 * 10),
help="CA certificate expires in DAYS days (default: %(default)s).",
)
self.add_ca(
parser,
"--parent",
no_default=True,
help_text=
"Make the CA an intermediate CA of the named CA. By default, this is a new root CA.",
)
parser.add_argument("name", help="Human-readable name of the CA")
self.add_subject(
parser,
help_text=
"""The subject of the CA in the format "/key1=value1/key2=value2/...",
valid keys are %s. If "CN" is not set, the name is used."""
% self.valid_subject_keys,
)
self.add_password(
parser,
help_text=
"Optional password used to encrypt the private key. If no argument is passed, "
"you will be prompted.",
)
parser.add_argument(
"--path",
type=pathlib.PurePath,
help=
"Path where to store Certificate Authorities (relative to CA_DIR).",
)
parser.add_argument(
"--parent-password",
nargs="?",
action=PasswordAction,
metavar="PASSWORD",
prompt="Password for parent CA: ",
help="Password for the private key of any parent CA.",
)
group = parser.add_argument_group(
"Default hostname",
"The default hostname is used to compute default URLs for services like OCSP. The hostname is "
"usually configured in your settings (current setting: %s), but you can override that value "
"here. The value must be just the hostname and optionally a port, *without* a protocol, e.g. "
'"ca.example.com" or "ca.example.com:8000".' %
ca_settings.CA_DEFAULT_HOSTNAME,
)
group = group.add_mutually_exclusive_group()
group.add_argument(
"--default-hostname",
metavar="HOSTNAME",
help=
"Override the the default hostname configured in your settings.",
)
group.add_argument(
"--no-default-hostname",
dest="default_hostname",
action="store_false",
help="Disable any default hostname configured in your settings.",
)
self.add_acme_group(parser)
group = parser.add_argument_group(
"pathlen attribute",
"""Maximum number of CAs that can appear below this one. A pathlen of zero (the default) means it
can only be used to sign end user certificates and not further CAs.""",
)
group = group.add_mutually_exclusive_group()
group.add_argument(
"--pathlen",
default=0,
type=int,
help="Maximum number of sublevel CAs (default: %(default)s).")
group.add_argument(
"--no-pathlen",
action="store_const",
const=None,
dest="pathlen",
help="Do not add a pathlen attribute.",
)
group = parser.add_argument_group(
"X509 v3 certificate extensions for CA",
"""Extensions added to the certificate authority itself. These options cannot be changed without
creating a new authority.""",
)
group.add_argument(
"--ca-crl-url",
action=MultipleURLAction,
help=
"URL to a certificate revokation list. Can be given multiple times.",
)
group.add_argument("--ca-ocsp-url",
metavar="URL",
action=URLAction,
help="URL of an OCSP responder.")
group.add_argument(
"--ca-issuer-url",
metavar="URL",
action=URLAction,
help="URL to the certificate of your CA (in DER format).",
)
nc_group = parser.add_argument_group(
"Name Constraints",
"Add name constraints to the CA, limiting what certificates this CA can sign."
)
nc_group.add_argument(
"--permit-name",
metavar="NAME",
action="append",
default=[],
help="Add the given name to the permitted-subtree.",
)
nc_group.add_argument(
"--exclude-name",
metavar="NAME",
action="append",
default=[],
help="Add the given name to the excluded-subtree.",
)
self.add_ca_args(parser)
