Add --document-format CLI flag (#115)

* Add --document-format CLI flag

* Add documentation blurb

* Update README.md

README.md

@@ -151,10 +151,11 @@ The list of command line linters bundled with pkilint:
 
 Each of the linters share common command line parameters:
 
-| Parameter         | Default value | Description                                                                                        |
-|-------------------|---------------|----------------------------------------------------------------------------------------------------|
-| `-s`/`--severity` | INFO          | Sets the severity threshold for findings. Findings that are below this threshold are not reported. |
-| `-f`/`--format`   | TEXT          | Sets the format in which results will be reported. Current options are TEXT, CSV, or JSON.         |
+| Parameter           | Default value | Description                                                                                                                                                                                      |
+|---------------------|---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `-s`/`--severity`   | INFO          | Sets the severity threshold for findings. Findings that are below this threshold are not reported.                                                                                               |
+| `-f`/`--format`     | TEXT          | Sets the format in which results will be reported. Current options are TEXT, CSV, or JSON.                                                                                                       |
+| `--document-format` | DETECT        | Sets the expected format of documents. If a document is not in the specified format, then an error is reported and the linter exits. Current options are BASE64, DER, PEM, and DETECT (default). |
 
 Additionally, each linter has ability to lint document (certificate, CRL, OCSP response, etc.) files as well as output the set of validations
 which are performed by each linter. When the `validations` sub-command is specified, the set of validations that are performed by the linter

pkilint/bin/lint_cabf_serverauth_cert.py

@@ -3,7 +3,7 @@
 import argparse
 import sys
 
-from pkilint import loader, report, util, finding_filter
+from pkilint import loader, report, cli_util, finding_filter
 from pkilint.cabf import serverauth
 from pkilint.cabf.serverauth import serverauth_constants
 from pkilint.pkix import certificate
@@ -53,9 +53,9 @@ def main(cli_args=None) -> int:
     lint_parser.add_argument('-r', '--report-all', action='store_true', help='Report all findings without filtering '
                              'any PKIX findings that are superseded by CA/Browser Forum requirements')
 
-    util.add_certificate_validity_period_start_arg(lint_parser)
+    cli_util.add_certificate_validity_period_start_arg(lint_parser)
 
-    util.add_standard_args(lint_parser)
+    cli_util.add_standard_args(lint_parser)
     lint_parser.add_argument('file', type=argparse.FileType('rb'),
                              help='The certificate to lint'
                              )
@@ -73,7 +73,9 @@ def main(cli_args=None) -> int:
         return 0
     else:
         try:
-            cert = loader.load_certificate_file(args.file, args.file.name)
+            cert = loader.RFC5280CertificateDocumentLoader().get_file_loader_func(args.document_format)(
+                args.file, args.file.name
+            )
         except ValueError as e:
             print(f'Failed to load certificate: {e}', file=sys.stderr)
             return 1
@@ -100,7 +102,7 @@ def main(cli_args=None) -> int:
 
         print(args.format(results, args.severity))
 
-        return util.clamp_exit_code(report.get_findings_count(results, args.severity))
+        return cli_util.clamp_exit_code(report.get_findings_count(results, args.severity))
 
 
 if __name__ == "__main__":

pkilint/bin/lint_cabf_smime_cert.py

@@ -6,7 +6,7 @@
 
 from pyasn1.type.univ import ObjectIdentifier
 
-from pkilint import util, loader, report
+from pkilint import cli_util, loader, report
 from pkilint.cabf import smime
 from pkilint.cabf.smime import smime_constants
 from pkilint.pkix import certificate
@@ -93,9 +93,9 @@ def main(cli_args=None) -> int:
                              help='Output the type of S/MIME certificate to standard error. This option may be '
                                   'useful when using the --detect, --guess, or --mapping options.')
 
-    util.add_certificate_validity_period_start_arg(lint_parser)
+    cli_util.add_certificate_validity_period_start_arg(lint_parser)
 
-    util.add_standard_args(lint_parser)
+    cli_util.add_standard_args(lint_parser)
 
     lint_parser.add_argument('file',
                              type=argparse.FileType('rb'),
@@ -119,7 +119,9 @@ def main(cli_args=None) -> int:
         return 0
     else:
         try:
-            cert = loader.load_certificate_file(args.file, args.file.name)
+            cert = loader.RFC5280CertificateDocumentLoader().get_file_loader_func(args.document_format)(
+                args.file, args.file.name
+            )
         except ValueError as e:
             print(f'Failed to load certificate: {e}', file=sys.stderr)
             return 1
@@ -152,7 +154,7 @@ def main(cli_args=None) -> int:
 
         print(args.format(results, args.severity))
 
-        return util.clamp_exit_code(report.get_findings_count(results, args.severity))
+        return cli_util.clamp_exit_code(report.get_findings_count(results, args.severity))
 
 
 if __name__ == '__main__':

pkilint/bin/lint_crl.py

@@ -3,7 +3,7 @@
 import argparse
 import sys
 
-from pkilint import loader, pkix, report, util
+from pkilint import loader, pkix, report, cli_util
 from pkilint.cabf import cabf_crl
 from pkilint.pkix import crl, name, extension
 
@@ -34,7 +34,7 @@ def main(cli_args=None) -> int:
 
     lint_parser = subparsers.add_parser('lint', help='Lint the specified CRL')
     _add_args(lint_parser)
-    util.add_standard_args(lint_parser)
+    cli_util.add_standard_args(lint_parser)
 
     lint_parser.add_argument('file', type=argparse.FileType('rb'),
                              help='The CRL file to lint'
@@ -80,7 +80,9 @@ def main(cli_args=None) -> int:
         return 0
     else:
         try:
-            crl_doc = loader.load_crl_file(args.file, args.file.name)
+            crl_doc = loader.RFC5280CertificateListDocumentLoader().get_file_loader_func(args.document_format)(
+                args.file, args.file.name
+            )
         except ValueError as e:
             print(f'Failed to load CRL: {e}', file=sys.stderr)
             return 1
@@ -89,7 +91,7 @@ def main(cli_args=None) -> int:
 
         print(args.format(results, args.severity))
 
-        return util.clamp_exit_code(report.get_findings_count(results, args.severity))
+        return cli_util.clamp_exit_code(report.get_findings_count(results, args.severity))
 
 
 if __name__ == "__main__":

pkilint/bin/lint_etsi_cert.py

@@ -4,7 +4,7 @@
 import sys
 
 from pkilint import etsi
-from pkilint import loader, report, util, finding_filter
+from pkilint import loader, report, cli_util, finding_filter
 from pkilint.etsi import etsi_constants
 from pkilint.pkix import certificate
 
@@ -53,7 +53,7 @@ def main(cli_args=None) -> int:
     lint_parser.add_argument('-r', '--report-all', action='store_true', help='Report all findings without filtering '
                              'any findings that are superseded by other requirements')
 
-    util.add_standard_args(lint_parser)
+    cli_util.add_standard_args(lint_parser)
     lint_parser.add_argument('file', type=argparse.FileType('rb'),
                              help='The certificate to lint'
                              )
@@ -71,7 +71,9 @@ def main(cli_args=None) -> int:
         return 0
     else:
         try:
-            cert = loader.load_certificate_file(args.file, args.file.name)
+            cert = loader.RFC5280CertificateDocumentLoader().get_file_loader_func(args.document_format)(
+                args.file, args.file.name
+            )
         except ValueError as e:
             print(f'Failed to load certificate: {e}', file=sys.stderr)
             return 1
@@ -98,7 +100,7 @@ def main(cli_args=None) -> int:
 
         print(args.format(results, args.severity))
 
-        return util.clamp_exit_code(report.get_findings_count(results, args.severity))
+        return cli_util.clamp_exit_code(report.get_findings_count(results, args.severity))
 
 
 if __name__ == "__main__":

pkilint/bin/lint_ocsp_response.py

@@ -4,7 +4,7 @@
 import sys
 
 from pkilint import pkix
-from pkilint import util, loader, report
+from pkilint import cli_util, loader, report
 from pkilint.pkix import extension, name, ocsp
 
 
@@ -15,7 +15,7 @@ def main(cli_args=None) -> int:
     subparsers.add_parser('validations', help='Output the set of validations which this linter performs')
 
     lint_parser = subparsers.add_parser('lint', help='Lint the specified OCSP response')
-    util.add_standard_args(lint_parser)
+    cli_util.add_standard_args(lint_parser)
 
     lint_parser.add_argument('file', type=argparse.FileType('rb'),
                              help='The OCSP response to lint'
@@ -38,7 +38,9 @@ def main(cli_args=None) -> int:
         return 0
     else:
         try:
-            ocsp_response = loader.load_ocsp_response_file(args.file, args.file.name)
+            ocsp_response = loader.RFC6960OCSPResponseDocumentLoader().get_file_loader_func(args.document_format)(
+                args.file, args.file.name
+            )
         except ValueError as e:
             print(f'Failed to load OCSP response: {e}', file=sys.stderr)
             return 1
@@ -47,7 +49,7 @@ def main(cli_args=None) -> int:
 
         print(args.format(results, args.severity))
 
-        return util.clamp_exit_code(report.get_findings_count(results, args.severity))
+        return cli_util.clamp_exit_code(report.get_findings_count(results, args.severity))
 
 
 if __name__ == "__main__":

pkilint/bin/lint_pkix_cert.py

@@ -4,7 +4,7 @@
 import sys
 
 from pkilint import loader
-from pkilint import report, util
+from pkilint import report, cli_util
 from pkilint.pkix import certificate, name, extension
 
 
@@ -15,7 +15,7 @@ def main(cli_args=None) -> int:
     subparsers.add_parser('validations', help='Output the set of validations which this linter performs')
 
     lint_parser = subparsers.add_parser('lint', help='Lint the specified certificate')
-    util.add_standard_args(lint_parser)
+    cli_util.add_standard_args(lint_parser)
 
     lint_parser.add_argument('file', type=argparse.FileType('rb'),
                              help='The certificate to lint'
@@ -45,7 +45,9 @@ def main(cli_args=None) -> int:
         return 0
     else:
         try:
-            cert = loader.load_certificate_file(args.file, args.file.name)
+            cert = loader.RFC5280CertificateDocumentLoader().get_file_loader_func(args.document_format)(
+                args.file, args.file.name
+            )
         except ValueError as e:
             print(f'Failed to load certificate: {e}', file=sys.stderr)
             return 1
@@ -54,7 +56,7 @@ def main(cli_args=None) -> int:
 
         print(args.format(results, args.severity))
 
-        return util.clamp_exit_code(report.get_findings_count(results, args.severity))
+        return cli_util.clamp_exit_code(report.get_findings_count(results, args.severity))
 
 
 if __name__ == "__main__":

pkilint/bin/lint_pkix_signer_signee_cert_chain.py

@@ -5,7 +5,7 @@
 
 from pyasn1_alt_modules import rfc5280
 
-from pkilint import loader, document, util, validation, pkix, report
+from pkilint import loader, document, cli_util, validation, pkix, report
 from pkilint.pkix import certificate, name, extension, algorithm
 from pkilint.pkix.certificate import certificate_extension, certificate_key
 
@@ -70,7 +70,7 @@ def main(cli_args=None) -> int:
     subparsers.add_parser('validations', help='Output the set of validations which this linter performs')
 
     lint_parser = subparsers.add_parser('lint', help='Lint the specified issuer and subject certificates')
-    util.add_standard_args(lint_parser)
+    cli_util.add_standard_args(lint_parser)
 
     lint_parser.add_argument(dest='issuer', type=argparse.FileType('rb'),
                              help='The issuer certificate to lint'
@@ -93,8 +93,10 @@ def main(cli_args=None) -> int:
     else:
         doc_collection = {}
 
+        loader_func = loader.RFC5280CertificateDocumentLoader().get_file_loader_func(args.document_format)
+
         try:
-            issuer = loader.load_certificate_file(
+            issuer = loader_func(
                 args.issuer, args.issuer.name, 'issuer', doc_collection
             )
         except ValueError as e:
@@ -104,7 +106,7 @@ def main(cli_args=None) -> int:
         doc_collection['issuer'] = issuer
 
         try:
-            subject = loader.load_certificate_file(
+            subject = loader_func(
                 args.subject, args.subject.name, 'subject', doc_collection
             )
         except ValueError as e:
@@ -120,7 +122,7 @@ def main(cli_args=None) -> int:
 
         print(args.format(results, args.severity))
 
-        return util.clamp_exit_code(report.get_findings_count(results, args.severity))
+        return cli_util.clamp_exit_code(report.get_findings_count(results, args.severity))
 
 
 if __name__ == '__main__':