CLI: Add missing periods to failures

ykman/_cli/__main__.py

@@ -131,7 +131,7 @@ def require_reader(connection_types, reader):
  info = read_info(conn, dev.pid)
  return dev, info
  except Exception:
- raise CliFail("Failed to connect to YubiKey")
+ raise CliFail("Failed to connect to YubiKey.")
  elif len(readers) > 1:
  raise CliFail("Multiple external readers match name.")
  else:
@@ -398,14 +398,14 @@ def resolve():
 
  if use_scp:
  if SmartCardConnection not in connections:
- raise CliFail("SCP can only be used with CCID commands")
+ raise CliFail("SCP can only be used with CCID commands.")
 
  scp_kid, scp_kvn = scp_sd
  if scp_kid:
  try:
  scp_kid = ScpKid(scp_kid)
  except ValueError:
- raise CliFail(f"Invalid KID for card certificate: {scp_kid}")
+ raise CliFail(f"Invalid KID for card certificate: {scp_kid}.")
 
  if scp_ca:
  ca = scp_ca.read()
@@ -431,11 +431,11 @@ def resolve():
  scp_kid = ScpKid.SCP11b
 
  if scp03_keys and scp_kid != ScpKid.SCP03:
- raise CliFail("--scp with SCP03 keys can only be used with SCP03")
+ raise CliFail("--scp with SCP03 keys can only be used with SCP03.")
 
  if scp_kid == ScpKid.SCP03:
  if scp_ca:
- raise CliFail("--scp-ca can only be used with SCP11")
+ raise CliFail("--scp-ca can only be used with SCP11.")
 
  def params_f(_):
  return Scp03KeyParams(
@@ -446,7 +446,7 @@ def params_f(_):
  elif scp11_creds:
  # SCP11 a/c
  if scp_kid and scp_kid not in (ScpKid.SCP11a, ScpKid.SCP11c):
- raise CliFail("--scp with file(s) can only be used with SCP11 a/c")
+ raise CliFail("--scp with file(s) can only be used with SCP11 a/c.")
 
  first = scp11_creds.pop(0)
  password = scp_cred_password.encode() if scp_cred_password else None
@@ -457,7 +457,7 @@ def params_f(_):
  break
  except InvalidPasswordError:
  if scp_cred_password:
- raise CliFail("Wrong password to decrypt private key")
+ raise CliFail("Wrong password to decrypt private key.")
  logger.debug("Error parsing key", exc_info=True)
  password = click_prompt(
  "Enter password to decrypt SCP11 key",
@@ -502,9 +502,9 @@ def params_f(conn):
  else:
  # SCP11b
  if scp_kid not in (ScpKid.SCP11b, None):
- raise CliFail(f"{scp_kid.name} requires --scp")
+ raise CliFail(f"{scp_kid.name} requires --scp.")
  if any(scp_oce):
- raise CliFail("SCP11b cannot be used with --scp-oce")
+ raise CliFail("SCP11b cannot be used with --scp-oce.")
 
  def params_f(conn):
  return find_scp11_params(conn, ScpKid.SCP11b, scp_kvn, ca)

ykman/_cli/openpgp.py

@@ -359,7 +359,7 @@ def set_signature_policy(ctx, policy, admin_pin):
  session.set_signature_pin_policy(policy)
  click.echo("Signature PIN policy has been set.")
  except Exception:
- raise CliFail("Failed to set new Signature PIN policy")
+ raise CliFail("Failed to set new Signature PIN policy.")
 
 
 @openpgp.group("keys")
@@ -499,7 +499,7 @@ def attest(ctx, key, certificate, pin, format):
  certificate,
  )
  except Exception:
- raise CliFail("Attestation failed")
+ raise CliFail("Attestation failed.")
 
 
 @openpgp.group("certificates")
@@ -527,7 +527,7 @@ def export_certificate(ctx, key, format, certificate):
  try:
  cert = session.get_certificate(key)
  except ValueError:
- raise CliFail(f"Failed to read certificate from slot {key.name}")
+ raise CliFail(f"Failed to read certificate from slot {key.name}.")
  certificate.write(cert.public_bytes(encoding=format))
  log_or_echo(
  f"Certificate for slot {key.name} exported to {_fname(certificate)}",
@@ -588,4 +588,4 @@ def import_certificate(ctx, key, cert, admin_pin):
  session.put_certificate(key, certs[0])
  click.echo(f"Certificate imported into slot {key.name}")
  except Exception:
- raise CliFail("Failed to import certificate")
+ raise CliFail("Failed to import certificate.")

ykman/_cli/otp.py

@@ -401,7 +401,7 @@ def yubiotp(
  "Automated YubiCloud upload support has been ended. "
  "You can manually upload a credential by saving it as a CSV file "
  "(use -O/--config-output) and then submitting it to "
- "https://upload.yubico.com"
+ "https://upload.yubico.com."
  )
 
  if public_id and serial_public_id:
@@ -418,7 +418,7 @@ def yubiotp(
  try:
  serial = session.get_serial()
  except CommandError:
- raise CliFail("Serial number not set, public ID must be provided")
+ raise CliFail("Serial number not set, public ID must be provided.")
 
  public_id = modhex_encode(b"\xff\x00" + struct.pack(b">I", serial))
  click.echo(f"Using YubiKey serial as public ID: {public_id}")

ykman/_cli/piv.py

@@ -486,7 +486,9 @@ def change_management_key(
 
  # Can't combine new key with generate.
  if new_management_key and generate:
- raise CliFail("Invalid options: --new-management-key conflicts with --generate")
+ raise CliFail(
+ "Invalid options: --new-management-key conflicts with --generate."
+ )
 
  # Touch not supported on NEO.
  if touch and session.version < (4, 0, 0):
@@ -530,7 +532,7 @@ def change_management_key(
 
  if len(new_management_key) != algorithm.key_len:
  raise CliFail(
- "Management key has the wrong length (expected %d bytes)"
+ "Management key has the wrong length (expected %d bytes)."
  % algorithm.key_len
  )
 
@@ -624,7 +626,7 @@ def generate_key(
 
  if ctx.obj["fips_unready"]:
  raise CliFail(
- "YubiKey FIPS must be in FIPS approved mode prior to key generation"
+ "YubiKey FIPS must be in FIPS approved mode prior to key generation."
  )
  _check_key_support_fips(ctx, algorithm, pin_policy)
 
@@ -671,7 +673,7 @@ def import_key(
  """
 
  if ctx.obj["fips_unready"]:
- raise CliFail("YubiKey FIPS must be in FIPS approved mode prior to key import")
+ raise CliFail("YubiKey FIPS must be in FIPS approved mode prior to key import.")
 
  session = ctx.obj["session"]
 
@@ -858,17 +860,17 @@ def move_key(ctx, management_key, pin, source, dest):
  DEST PIV slot to move the key into
  """
  if source == dest:
- raise CliFail("SOURCE must be different from DEST")
+ raise CliFail("SOURCE must be different from DEST.")
  session = ctx.obj["session"]
  _ensure_authenticated(ctx, pin, management_key)
  try:
  session.move_key(source, dest)
  click.echo(f"Key moved from slot {source.name} to slot {dest.name}.")
  except ApduError as e:
  if e.sw == SW.INCORRECT_PARAMETERS:
- raise CliFail("DEST slot is not empty")
+ raise CliFail("DEST slot is not empty.")
  if e.sw == SW.REFERENCE_DATA_NOT_FOUND:
- raise CliFail("No key in SOURCE slot")
+ raise CliFail("No key in SOURCE slot.")
  raise
 
 
@@ -982,7 +984,7 @@ def import_certificate(
  timeout = None
  except ApduError as e:
  if e.sw == SW.REFERENCE_DATA_NOT_FOUND:
- raise CliFail(f"No private key in slot {slot}")
+ raise CliFail(f"No private key in slot {slot}.")
  raise
  except NotSupportedError:
  timeout = 1.0
@@ -992,7 +994,7 @@ def do_verify():
  if not check_key(session, slot, public_key):
  raise CliFail(
  "The public key of the certificate does not match the "
- f"private key in slot {slot}"
+ f"private key in slot {slot}."
  )
 
  _verify_pin_if_needed(ctx, session, do_verify, pin)
@@ -1417,6 +1419,8 @@ def _check_key_support_fips(ctx, key_type, pin_policy):
  info = ctx.obj["info"]
  if CAPABILITY.PIV in info.fips_capable:
  if key_type in (KEY_TYPE.RSA1024, KEY_TYPE.X25519):
- raise CliFail(f"Key type {key_type.name} not supported on YubiKey FIPS")
+ raise CliFail(f"Key type {key_type.name} not supported on YubiKey FIPS.")
  if pin_policy in (PIN_POLICY.NEVER,):
- raise CliFail(f"PIN policy {pin_policy.name} not supported on YubiKey FIPS")
+ raise CliFail(
+ f"PIN policy {pin_policy.name} not supported on YubiKey FIPS."
+ )

ykman/_cli/securitydomain.py

@@ -145,7 +145,7 @@ def reset(ctx, force):
  the Security Domain on the YubiKey.
  """
  if "scp" in ctx.obj:
- raise CliFail("Reset must be performed without an active SCP session")
+ raise CliFail("Reset must be performed without an active SCP session.")
 
  force or click.confirm(
  "WARNING! This will delete all stored Security Domain data and restore factory "
@@ -239,15 +239,15 @@ def generate_key(ctx, key, public_key_output, replace_kvn):
  valid = (ScpKid.SCP11a, ScpKid.SCP11b, ScpKid.SCP11c)
  if key.kid not in valid:
  values_str = ", ".join(f"0x{v:x} ({v.name})" for v in valid)
- raise CliFail(f"KID must be one of {values_str}")
+ raise CliFail(f"KID must be one of {values_str}.")
 
  session = ctx.obj["session"]
 
  try:
  public_key = session.generate_ec_key(key, replace_kvn=replace_kvn)
  except ApduError as e:
  if e.sw == SW.NO_SPACE:
- raise CliFail("No space left for SCP keys")
+ raise CliFail("No space left for SCP keys.")
  raise
 
  key_encoding = serialization.Encoding.PEM