Issue #135: update Bundle CLI and corresponding content in README

cloudflare · Mar 23, 2015 · c9fbf4a · c9fbf4a
1 parent 1415724
commit c9fbf4a
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 27 deletions.
diff --git a/README.md b/README.md
@@ -97,18 +97,40 @@ a JSON file with the type:
 
 ```
 cfssl bundle [-ca-bundle bundle] [-int-bundle bundle] \
-             cert [key] [intermediates]
+             [-metadata metadata_file] [-flavor bundle_flavor] \
+             -cert certificate_file [-key key_file]
 ```
 
 The bundles are used for the root and intermediate certificate
-pools. The certificate and key parameters are paths to the
-PEM-encoded client certificate to be bundled. If key is specified,
-the bundle will be built and verified with the key. Otherwise the bundle
-will be built without a private key.
-
-It is also possible to specify cert, key and intermediates through '-cert',
-'-key' and '-intermediates' respectively. And like other commands, flag
-values will take precedence and overwrite the arguments.
+pools. In addition, platform metadata is specified through '-metadata'
+The bundle files, metadata file (and auxiliary files) can be
+found at [cfssl_trust](https://github.com/cloudflare/cfssl_trust)
+
+
+Specify PEM-encoded client certificate and key through '-cert' and
+'-key' respectively. If key is specified, the bundle will be built
+and verified with the key.Otherwise the bundle will be built
+without a private key. It is also acceptable the certificate file
+contains a (partial) certificate bundle.
+
+Specify bundling flavor through '-flavor'. There are three flavors:
+'optimal' to generate a bundle of shortest chain and most advanced
+cryptographic algorithms, 'ubiquitous' to generate a bundle of most
+widely acceptance across different browsers and OS platforms, and
+'force' to find an acceptable bundle which is identical to the
+content of the input certificate file.
+
+Alternatively, the client certificate can be pulled directly from
+a domain. It is also possible to connect to the remote address
+through '-ip'.
+
+```
+cfssl bundle [-ca-bundle bundle] [-int-bundle bundle] \
+             [-metadata metadata_file] [-flavor bundle_flavor] \
+             -domain domain_name [-ip ip_address]
+```
+
+
 
 #### Generating certificate signing request and private key
 

diff --git a/cli/bundle/bundle.go b/cli/bundle/bundle.go
@@ -1,6 +1,7 @@
 package bundle
 
 import (
+	"errors"
 	"fmt"
 
 	"github.com/cloudflare/cfssl/bundler"
@@ -13,34 +14,18 @@ var bundlerUsageText = `cfssl bundle -- create a certificate bundle that contain
 
 Usage of bundle:
 	- Bundle local certificate files
-        cfssl bundle [-ca-bundle file] [-int-bundle file] [-key keyfile] [-flavor int] [-metadata file] CERT
+        cfssl bundle -cert file [-ca-bundle file] [-int-bundle file] [-metadata file] [-key keyfile] [-flavor optimal|ubiquitous|force]
 	- Bundle certificate from remote server.
         cfssl bundle -domain domain_name [-ip ip_address] [-ca-bundle file] [-int-bundle file] [-metadata file]
 
-Arguments:
-	CERT:    Client certificate, possible followed by intermediates to form a (partial) chain, use '-' to read from stdin.
-
-Note:
-	CERT can be specified as flag value. But flag value will take precedence, overwriting the argument.
-
 Flags:
 `
 
 // flags used by 'cfssl bundle'
-var bundlerFlags = []string{"cert", "key", "ca-bundle", "int-bundle", "flavor", "metadata", "domain", "ip", "config"}
+var bundlerFlags = []string{"cert", "key", "ca-bundle", "int-bundle", "flavor", "metadata", "domain", "ip"}
 
 // bundlerMain is the main CLI of bundler functionality.
-// TODO(zi): Decide whether to drop the argument list and only use flags to specify all the inputs.
-// There are debates on whether flag or arg is more appropriate for required parameters.
 func bundlerMain(args []string, c cli.Config) (err error) {
-	// Grab cert file through args only if flag values for cert and domain are absent
-	if c.CertFile == "" && c.Domain == "" {
-		c.CertFile, args, err = cli.PopFirstArgument(args)
-		if err != nil {
-			return
-		}
-	}
-
 	ubiquity.LoadPlatforms(c.Metadata)
 	flavor := bundler.BundleFlavor(c.Flavor)
 	// Initialize a bundler with CA bundle and intermediate bundle.
@@ -79,7 +64,10 @@ func bundlerMain(args []string, c cli.Config) (err error) {
 		if err != nil {
 			return
 		}
+	} else {
+		return errors.New("Must specify bundle target through -cert or -domain")
 	}
+
 	marshaled, err := bundle.MarshalJSON()
 	if err != nil {
 		return