| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
| |
Subcommands of the encrypted and unencrypted commands were found to have
a wrong help text displayed. The reason for that behavior was that the
subargs were are constructing as part of the argument parsing process
were missing the command being requested and instead containing only the
subcommand.
This change fixes this deficiency. It also adds a test ensuring that the
"Usage" string displayed in the help text of each command and subcommand
contains the proper arguments.
|
|
|
|
|
|
|
| |
This change adds support for changing the read-write mode of the
unencrypted volume. To do so, we introduce a new top-level command,
unencrypted, with a new subcommand, set, that accepts the new mode of
the volume.
|
|
|
|
|
|
|
|
| |
This change is the last step in the process of restructuring the storage
command. In particular, now that functionality pertaining hidden volumes
has been moved out into a dedicated top-level command, it renames said
command to encrypted, because dealing with the encrypted volume is the
only functionality it provides.
|
|
|
|
|
|
| |
This patch marks the next step in the process of restructuring the
storage command. Specifically, it promotes the storage hidden subcommand
to a top-level command, hidden.
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far we have cached secrets in gpg-agent(1) whenever that made sense
to do (i.e., for the two PINs in most contexts but not for passwords).
While there is reason to believe that such caching is desired by the
majority of users, not everybody has a use for it.
To give users an opportunity to opt out of such caching, this change
introduces a new environment variable, NITROCLI_NO_CACHE, that, when
present in the environment, instructs the program to bypass the cache
for all operations that require a secret and to instead inquire such
secrets each time they are needed.
|
| |
|
|
|
|
|
|
|
|
|
| |
This change adds tests for the lock command. For the Nitrokey Pro we
cannot test too much because the only side-effect is that the password
safe is closed and it will be opened automatically again by virtue of
our non-interactive testing methodology.
For Storage devices we verify that the encrypted volume is closed, which
is a documented side-effect.
|
|
|
|
|
|
|
| |
This change adds a test for the creation, opening, and closing of a
hidden subvolume. In order to support that in a non-interactive fashion,
we introduce and honor the NITROCLI_PASSWORD environment variable, that
prevents an interactive password query.
|
|
|
|
|
|
|
|
| |
This change adds two tests for the storage command. The first one
verifies that a proper error message is emitted if a storage command is
attempted on a Pro device. The second one checks the output of the
status subcommand and expected changes to it when opening or closing the
encrypted volume.
|
|
|
|
|
| |
This change adds a set of tests for the pws command. Covered are all
subcommands with the most commonly used parameter combinations.
|
|
|
|
|
|
| |
This change adds a set of tests for the config get and set commands. We
cover chosen valid parameter combinations and verify that they work as
expected as well as an invalid one.
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far we have taken all nitrokey::CommandError objects and put them in
formatted form into the Error::Error variant. What we really should do,
though, is to preserve the original error, with the additional context
provided by the caller, and report that up the stack directly. Doing so
has at least the benefit that we are able to check for expected errors
without hard coding the textual representation as maintained by the
nitrokey create.
This change refactors the code accordingly and adds two tests for such
expected error codes.
|
|
|
|
|
|
|
| |
Now that we have the infrastructure for non-interactive PIN supply in
place, we can add tests for commands that require the entry of a PIN.
To that end, this change adds tests for the pin set as well as pin
unblock commands.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to run tests fully non-interactively we need to avoid the need
for using the GPG agent's PIN entry and caching mechanism. To accomplish
that, we first need an alternate way to supply the PINs to use to the
program.
This change offers such a way by extending the execution context with
two fields representing the PINs that are populated by corresponding
environment variables, NITROCLI_ADMIN_PIN & NITROCLI_USER_PIN, if set.
While only two PINs are required right now, because the program allows
for the changing of each of the PINs, we also add two fields
representing new PINs. These latter two fields are populated by the
NITROCLI_NEW_ADMIN_PIN and NITROCLI_NEW_USER_PIN environment variables.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the future we will need to perform a sequence of invocations of the
program for testing purposes, with each having a slightly different
execution context. Such a scheme does not map very well to the existing
design where we essentially just have a function invocation to run the
program. We would either have functions that produce a different
execution context or pass in the data to modify.
Neither of these approaches is appealing and so this change reworks the
code slightly. With it, we now can create a Nitrocli object, which
contains the data that diverges from the default execution context. This
data will eventually be modifiable by callers.
|
|
|
|
|
|
|
|
| |
For testing purposes it is beneficial to be able to check for expected
errors with the least amount of boiler plate code possible. This change
attempts to be a first step into this direction. It introduces a
test-only trait that can be used to directly unwrap a specific error
from a Result<T, crate::error::Error>.
|
|
This change introduces the first set of integration-style test for the
application. Those tests may or may not connect to an actual Nitrokey
device (depending on what they test). We use the nitrokey-test crate's
test attribute macro to automatically dispatch tests to connected
devices or skip them if a required device is not present. It also
provides the means for automatically serializing tests.
|