diff --git a/ykman/_cli/__main__.py b/ykman/_cli/__main__.py index c1bb20db..2f25a5e1 100644 --- a/ykman/_cli/__main__.py +++ b/ykman/_cli/__main__.py @@ -131,7 +131,7 @@ def require_reader(connection_types, reader): info = read_info(conn, dev.pid) return dev, info except Exception: - raise CliFail("Failed to connect to YubiKey") + raise CliFail("Failed to connect to YubiKey.") elif len(readers) > 1: raise CliFail("Multiple external readers match name.") else: @@ -398,14 +398,14 @@ def resolve(): if use_scp: if SmartCardConnection not in connections: - raise CliFail("SCP can only be used with CCID commands") + raise CliFail("SCP can only be used with CCID commands.") scp_kid, scp_kvn = scp_sd if scp_kid: try: scp_kid = ScpKid(scp_kid) except ValueError: - raise CliFail(f"Invalid KID for card certificate: {scp_kid}") + raise CliFail(f"Invalid KID for card certificate: {scp_kid}.") if scp_ca: ca = scp_ca.read() @@ -431,11 +431,11 @@ def resolve(): scp_kid = ScpKid.SCP11b if scp03_keys and scp_kid != ScpKid.SCP03: - raise CliFail("--scp with SCP03 keys can only be used with SCP03") + raise CliFail("--scp with SCP03 keys can only be used with SCP03.") if scp_kid == ScpKid.SCP03: if scp_ca: - raise CliFail("--scp-ca can only be used with SCP11") + raise CliFail("--scp-ca can only be used with SCP11.") def params_f(_): return Scp03KeyParams( @@ -446,7 +446,7 @@ def params_f(_): elif scp11_creds: # SCP11 a/c if scp_kid and scp_kid not in (ScpKid.SCP11a, ScpKid.SCP11c): - raise CliFail("--scp with file(s) can only be used with SCP11 a/c") + raise CliFail("--scp with file(s) can only be used with SCP11 a/c.") first = scp11_creds.pop(0) password = scp_cred_password.encode() if scp_cred_password else None @@ -457,7 +457,7 @@ def params_f(_): break except InvalidPasswordError: if scp_cred_password: - raise CliFail("Wrong password to decrypt private key") + raise CliFail("Wrong password to decrypt private key.") logger.debug("Error parsing key", exc_info=True) password = click_prompt( "Enter password to decrypt SCP11 key", @@ -502,9 +502,9 @@ def params_f(conn): else: # SCP11b if scp_kid not in (ScpKid.SCP11b, None): - raise CliFail(f"{scp_kid.name} requires --scp") + raise CliFail(f"{scp_kid.name} requires --scp.") if any(scp_oce): - raise CliFail("SCP11b cannot be used with --scp-oce") + raise CliFail("SCP11b cannot be used with --scp-oce.") def params_f(conn): return find_scp11_params(conn, ScpKid.SCP11b, scp_kvn, ca) diff --git a/ykman/_cli/openpgp.py b/ykman/_cli/openpgp.py index 7aa07057..c3eef12a 100644 --- a/ykman/_cli/openpgp.py +++ b/ykman/_cli/openpgp.py @@ -359,7 +359,7 @@ def set_signature_policy(ctx, policy, admin_pin): session.set_signature_pin_policy(policy) click.echo("Signature PIN policy has been set.") except Exception: - raise CliFail("Failed to set new Signature PIN policy") + raise CliFail("Failed to set new Signature PIN policy.") @openpgp.group("keys") @@ -499,7 +499,7 @@ def attest(ctx, key, certificate, pin, format): certificate, ) except Exception: - raise CliFail("Attestation failed") + raise CliFail("Attestation failed.") @openpgp.group("certificates") @@ -527,7 +527,7 @@ def export_certificate(ctx, key, format, certificate): try: cert = session.get_certificate(key) except ValueError: - raise CliFail(f"Failed to read certificate from slot {key.name}") + raise CliFail(f"Failed to read certificate from slot {key.name}.") certificate.write(cert.public_bytes(encoding=format)) log_or_echo( f"Certificate for slot {key.name} exported to {_fname(certificate)}", @@ -588,4 +588,4 @@ def import_certificate(ctx, key, cert, admin_pin): session.put_certificate(key, certs[0]) click.echo(f"Certificate imported into slot {key.name}") except Exception: - raise CliFail("Failed to import certificate") + raise CliFail("Failed to import certificate.") diff --git a/ykman/_cli/otp.py b/ykman/_cli/otp.py index 2a0ca524..ff258c16 100644 --- a/ykman/_cli/otp.py +++ b/ykman/_cli/otp.py @@ -401,7 +401,7 @@ def yubiotp( "Automated YubiCloud upload support has been ended. " "You can manually upload a credential by saving it as a CSV file " "(use -O/--config-output) and then submitting it to " - "https://upload.yubico.com" + "https://upload.yubico.com." ) if public_id and serial_public_id: @@ -418,7 +418,7 @@ def yubiotp( try: serial = session.get_serial() except CommandError: - raise CliFail("Serial number not set, public ID must be provided") + raise CliFail("Serial number not set, public ID must be provided.") public_id = modhex_encode(b"\xff\x00" + struct.pack(b">I", serial)) click.echo(f"Using YubiKey serial as public ID: {public_id}") diff --git a/ykman/_cli/piv.py b/ykman/_cli/piv.py index 6b96e91a..f7ea8e8b 100644 --- a/ykman/_cli/piv.py +++ b/ykman/_cli/piv.py @@ -486,7 +486,9 @@ def change_management_key( # Can't combine new key with generate. if new_management_key and generate: - raise CliFail("Invalid options: --new-management-key conflicts with --generate") + raise CliFail( + "Invalid options: --new-management-key conflicts with --generate." + ) # Touch not supported on NEO. if touch and session.version < (4, 0, 0): @@ -530,7 +532,7 @@ def change_management_key( if len(new_management_key) != algorithm.key_len: raise CliFail( - "Management key has the wrong length (expected %d bytes)" + "Management key has the wrong length (expected %d bytes)." % algorithm.key_len ) @@ -624,7 +626,7 @@ def generate_key( if ctx.obj["fips_unready"]: raise CliFail( - "YubiKey FIPS must be in FIPS approved mode prior to key generation" + "YubiKey FIPS must be in FIPS approved mode prior to key generation." ) _check_key_support_fips(ctx, algorithm, pin_policy) @@ -671,7 +673,7 @@ def import_key( """ if ctx.obj["fips_unready"]: - raise CliFail("YubiKey FIPS must be in FIPS approved mode prior to key import") + raise CliFail("YubiKey FIPS must be in FIPS approved mode prior to key import.") session = ctx.obj["session"] @@ -858,7 +860,7 @@ def move_key(ctx, management_key, pin, source, dest): DEST PIV slot to move the key into """ if source == dest: - raise CliFail("SOURCE must be different from DEST") + raise CliFail("SOURCE must be different from DEST.") session = ctx.obj["session"] _ensure_authenticated(ctx, pin, management_key) try: @@ -866,9 +868,9 @@ def move_key(ctx, management_key, pin, source, dest): click.echo(f"Key moved from slot {source.name} to slot {dest.name}.") except ApduError as e: if e.sw == SW.INCORRECT_PARAMETERS: - raise CliFail("DEST slot is not empty") + raise CliFail("DEST slot is not empty.") if e.sw == SW.REFERENCE_DATA_NOT_FOUND: - raise CliFail("No key in SOURCE slot") + raise CliFail("No key in SOURCE slot.") raise @@ -982,7 +984,7 @@ def import_certificate( timeout = None except ApduError as e: if e.sw == SW.REFERENCE_DATA_NOT_FOUND: - raise CliFail(f"No private key in slot {slot}") + raise CliFail(f"No private key in slot {slot}.") raise except NotSupportedError: timeout = 1.0 @@ -992,7 +994,7 @@ def do_verify(): if not check_key(session, slot, public_key): raise CliFail( "The public key of the certificate does not match the " - f"private key in slot {slot}" + f"private key in slot {slot}." ) _verify_pin_if_needed(ctx, session, do_verify, pin) @@ -1417,6 +1419,8 @@ def _check_key_support_fips(ctx, key_type, pin_policy): info = ctx.obj["info"] if CAPABILITY.PIV in info.fips_capable: if key_type in (KEY_TYPE.RSA1024, KEY_TYPE.X25519): - raise CliFail(f"Key type {key_type.name} not supported on YubiKey FIPS") + raise CliFail(f"Key type {key_type.name} not supported on YubiKey FIPS.") if pin_policy in (PIN_POLICY.NEVER,): - raise CliFail(f"PIN policy {pin_policy.name} not supported on YubiKey FIPS") + raise CliFail( + f"PIN policy {pin_policy.name} not supported on YubiKey FIPS." + ) diff --git a/ykman/_cli/securitydomain.py b/ykman/_cli/securitydomain.py index 813573c5..9e30e3d1 100644 --- a/ykman/_cli/securitydomain.py +++ b/ykman/_cli/securitydomain.py @@ -145,7 +145,7 @@ def reset(ctx, force): the Security Domain on the YubiKey. """ if "scp" in ctx.obj: - raise CliFail("Reset must be performed without an active SCP session") + raise CliFail("Reset must be performed without an active SCP session.") force or click.confirm( "WARNING! This will delete all stored Security Domain data and restore factory " @@ -239,7 +239,7 @@ def generate_key(ctx, key, public_key_output, replace_kvn): valid = (ScpKid.SCP11a, ScpKid.SCP11b, ScpKid.SCP11c) if key.kid not in valid: values_str = ", ".join(f"0x{v:x} ({v.name})" for v in valid) - raise CliFail(f"KID must be one of {values_str}") + raise CliFail(f"KID must be one of {values_str}.") session = ctx.obj["session"] @@ -247,7 +247,7 @@ def generate_key(ctx, key, public_key_output, replace_kvn): public_key = session.generate_ec_key(key, replace_kvn=replace_kvn) except ApduError as e: if e.sw == SW.NO_SPACE: - raise CliFail("No space left for SCP keys") + raise CliFail("No space left for SCP keys.") raise key_encoding = serialization.Encoding.PEM