Parsing issues running init_ca

[a084ed22]

While following the setup instructions I came across an unexpected issue in the root CA:

# django-ca init_ca --path-length=1 --subject-format=rfc4514 "Root CA" "CN=My Root CA,O=Internet Company,C=US"
usage: manage.py init_ca [-h] [--caa NAME] [--website URL] [--tos URL] [--expires DAYS] [--subject-format {openssl,rfc4514}] [--algorithm {SHA-512,SHA-256,...}] [--path PATH]
                         [--key-type {RSA,DSA,EC,Ed25519,Ed448}] [--key-size {2048,4096,8192,...}] [--elliptic-curve {secp256r1,secp384r1,secp521r1,...}] [-p [PASSWORD]]
                         [--parent SERIAL] [--parent-password [PASSWORD]] [--default-hostname HOSTNAME | --no-default-hostname] [--acme-enable | --acme-disable]
                         [--acme-enable-account-registration | --acme-disable-account-registration] [--acme-profile PROFILE] [--acme-contact-optional | --acme-contact-required]
                         [--ocsp-responder-key-validity DAYS] [--ocsp-response-validity SECONDS] [--ocsp-responder NAME] [--ca-issuer NAME] [--path-length PATH_LENGTH | --no-path-length]
                         [--policy-identifier OID] [--certification-practice-statement URL] [--user-notice TEXT] [--certificate-policies-critical] [--crl-full-name NAME]
                         [--crl-distribution-points-critical] [--extended-key-usage EXTENDED_KEY_USAGE [EXTENDED_KEY_USAGE ...]] [--extended-key-usage-critical]
                         [--inhibit-any-policy INT] [--issuer-alternative-name NAME] [--key-usage KEY_USAGE [KEY_USAGE ...]] [--key-usage-non-critical] [--permit-name NAME]
                         [--exclude-name NAME] [--inhibit-policy-mapping INT] [--require-explicit-policy INT] [--subject-alternative-name NAME] [--subject-alternative-name-critical]
                         [--tls-feature TLS_FEATURE [TLS_FEATURE ...]] [--tls-feature-critical] [--sign-ca-issuer NAME] [--sign-issuer-alternative-name NAME] [--sign-crl-full-name NAME]
                         [--sign-ocsp-responder NAME] [--sign-policy-identifier OID] [--sign-certification-practice-statement URL] [--sign-user-notice TEXT]
                         [--sign-certificate-policies-critical] [--version] [-v {0,1,2,3}] [--settings SETTINGS] [--pythonpath PYTHONPATH] [--traceback] [--no-color] [--force-color]
                         [--skip-checks]
                         name subject
manage.py init_ca: error: unrecognized arguments: CN=My Root CA,O=Internet Company,C=US
# django-ca init_ca --path-length=1 --subject-format=rfc4514 Root "CN=My Root CA,O=Internet Company,C=US"
usage: manage.py init_ca [-h] [--caa NAME] [--website URL] [--tos URL] [--expires DAYS] [--subject-format {openssl,rfc4514}] [--algorithm {SHA-512,SHA-256,...}] [--path PATH]
                         [--key-type {RSA,DSA,EC,Ed25519,Ed448}] [--key-size {2048,4096,8192,...}] [--elliptic-curve {secp256r1,secp384r1,secp521r1,...}] [-p [PASSWORD]]
                         [--parent SERIAL] [--parent-password [PASSWORD]] [--default-hostname HOSTNAME | --no-default-hostname] [--acme-enable | --acme-disable]
                         [--acme-enable-account-registration | --acme-disable-account-registration] [--acme-profile PROFILE] [--acme-contact-optional | --acme-contact-required]
                         [--ocsp-responder-key-validity DAYS] [--ocsp-response-validity SECONDS] [--ocsp-responder NAME] [--ca-issuer NAME] [--path-length PATH_LENGTH | --no-path-length]
                         [--policy-identifier OID] [--certification-practice-statement URL] [--user-notice TEXT] [--certificate-policies-critical] [--crl-full-name NAME]
                         [--crl-distribution-points-critical] [--extended-key-usage EXTENDED_KEY_USAGE [EXTENDED_KEY_USAGE ...]] [--extended-key-usage-critical]
                         [--inhibit-any-policy INT] [--issuer-alternative-name NAME] [--key-usage KEY_USAGE [KEY_USAGE ...]] [--key-usage-non-critical] [--permit-name NAME]
                         [--exclude-name NAME] [--inhibit-policy-mapping INT] [--require-explicit-policy INT] [--subject-alternative-name NAME] [--subject-alternative-name-critical]
                         [--tls-feature TLS_FEATURE [TLS_FEATURE ...]] [--tls-feature-critical] [--sign-ca-issuer NAME] [--sign-issuer-alternative-name NAME] [--sign-crl-full-name NAME]
                         [--sign-ocsp-responder NAME] [--sign-policy-identifier OID] [--sign-certification-practice-statement URL] [--sign-user-notice TEXT]
                         [--sign-certificate-policies-critical] [--version] [-v {0,1,2,3}] [--settings SETTINGS] [--pythonpath PYTHONPATH] [--traceback] [--no-color] [--force-color]
                         [--skip-checks]
                         name subject
manage.py init_ca: error: unrecognized arguments: Root CA,O=Internet Company,C=US

do the name and subject fields not allow spaces, or is there an escaping that I'm missing?

[mathiasertl]

No they should absolutely allow spaces! I also checked, and invocations with manage.py work just fine.

The issue appears to be in the manage.py shortcut you're using. I checked, and the version referenced here: https://django-ca.readthedocs.io/en/latest/quickstart_from_source.html#add-manage-py-shortcut ... and it indeed has a bug fixed in 61fb91a.

If you used that wrapper script, can you check if the fix works for you (it did in my tests). If you used something different, either check that script or post that script here so that I can help debug.

[a084ed22]

I confirm that the patch fixes the issue and that issuing the command through the shortcut works correctly. Thank you.