From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 22 May 2025 13:13:17 +0000 (+0200)
Subject: pki: Reduce indentation in usage output and print command description
X-Git-Tag: 6.0.2dr1~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=37ec770758918325c114b968580e86efb8394e64;p=thirdparty%2Fstrongswan.git

pki: Reduce indentation in usage output and print command description

Also print error message at the end of the output.
---

diff --git a/src/pki/command.c b/src/pki/command.c
index 6e6bf041e1..abf0ba61c1 100644
--- a/src/pki/command.c
+++ b/src/pki/command.c
@@ -213,51 +213,53 @@ void command_register(command_t command)
 int command_usage(char *error)
 {
 	FILE *out = stdout;
-	int i, indent = 0;
+	int i;
 
 	if (error)
 	{
 		out = stderr;
-		fprintf(out, "Error: %s\n", error);
 	}
-	fprintf(out, "strongSwan %s PKI tool\n", VERSION);
+	fprintf(out, "strongSwan %s PKI tool", VERSION);
 
 	if (active == help_idx)
 	{
-		fprintf(out, "loaded plugins: %s\n",
+		fprintf(out, "\nloaded plugins: %s\nusage:\n"
+				"  pki command [options]\ncommands:\n",
 				lib->plugins->loaded_plugins(lib->plugins));
-	}
-
-	fprintf(out, "usage:\n");
-	if (active == help_idx)
-	{
 		for (i = 0; i < MAX_COMMANDS && cmds[i].cmd; i++)
 		{
-			fprintf(out, "  pki --%-7s (-%c)  %s\n",
+			fprintf(out, "  --%-7s (-%c)  %s\n",
 					cmds[i].cmd, cmds[i].op, cmds[i].description);
 		}
 	}
 	else
 	{
+		fprintf(out, " (--%s/-%c)\n%s\nusage:\n",
+				cmds[active].cmd, cmds[active].op, cmds[active].description);
 		for (i = 0; i < MAX_LINES && cmds[active].line[i]; i++)
 		{
 			if (i == 0)
 			{
-				indent = fprintf(out, "  pki --%s ", cmds[active].cmd);
-				fprintf(out, "%s\n", cmds[active].line[i]);
+				fprintf(out, "  pki --%s %s\n", cmds[active].cmd,
+						cmds[active].line[i]);
 			}
 			else
 			{
-				fprintf(out, "%*s%s\n", indent, "", cmds[active].line[i]);
+				fprintf(out, "    %s\n", cmds[active].line[i]);
 			}
 		}
+		fprintf(out, "options:\n");
 		for (i = 0; cmds[active].options[i].name; i++)
 		{
-			fprintf(out, "        --%-15s (-%c)  %s\n",
+			fprintf(out, "  --%-15s (-%c)  %s\n",
 					cmds[active].options[i].name, cmds[active].options[i].op,
 					cmds[active].options[i].desc);
 		}
 	}
+	if (error)
+	{
+		fprintf(out, "error: %s\n", error);
+	}
 	return error != NULL;
 }
 
diff --git a/src/pki/commands/acert.c b/src/pki/commands/acert.c
index 9084ef6012..2bf934a0d6 100644
--- a/src/pki/commands/acert.c
+++ b/src/pki/commands/acert.c
@@ -278,8 +278,8 @@ static void __attribute__ ((constructor))reg()
 		acert, 'z', "acert",
 		"issue an attribute certificate",
 		{"[--in file] [--group name]* --issuerkey file|--issuerkeyid hex",
-		 " --issuercert file [--serial hex] [--lifetime hours]",
-		 " [--not-before datetime] [--not-after datetime] [--dateform form]",
+		 "--issuercert file [--serial hex] [--lifetime hours]",
+		 "[--not-before datetime] [--not-after datetime] [--dateform form]",
 		 "[--digest md5|sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
 		 "[--rsa-padding pkcs1|pss]",
 		 "[--outform der|pem]"},
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index f36608e3c0..e5d167bd8d 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -274,7 +274,7 @@ static void __attribute__ ((constructor))reg()
 		req, 'r', "req",
 		"create a PKCS#10 certificate request",
 		{"[--in file|--keyid hex] [--type rsa|ecdsa|priv]",
-		 " --oldreq file|--dn distinguished-name [--san subjectAltName]+",
+		 "--oldreq file|--dn distinguished-name [--san subjectAltName]+",
 		 "[--flag serverAuth|clientAuth|ocspSigning|msSmartcardLogon]+",
 		 "[--profile server|client|dual|ocsp] [--password challengePassword]",
 		 "[--digest sha1|sha224|sha256|sha384|sha512|sha3_224|sha3_256|sha3_384|sha3_512]",
diff --git a/src/pki/commands/scep.c b/src/pki/commands/scep.c
index a1f0530a99..1dbc433baf 100644
--- a/src/pki/commands/scep.c
+++ b/src/pki/commands/scep.c
@@ -631,9 +631,9 @@ static void __attribute__ ((constructor))reg()
 		scep, 'S', "scep",
 		"Enroll an X.509 certificate with a SCEP server",
 		{"--url url [--in file] [--dn distinguished-name] [--san subjectAltName]+",
+		 "--cacert-enc file --cacert-sig file [--cacert file]+",
 		 "[--profile profile] [--password password]",
-		 " --cacert-enc file --cacert-sig file [--cacert file]+",
-		 " --cert file --key file] [--cipher aes|des3]",
+		 "[--cert file --key file] [--cipher aes|des3]",
 		 "[--digest sha256|sha384|sha512|sha224|sha1] [--rsa-padding pkcs1|pss]",
 		 "[--interval time] [--maxpolltime time] [--outform der|pem]"},
 		{
@@ -646,9 +646,9 @@ static void __attribute__ ((constructor))reg()
 			{"password",    'p', 1, "challengePassword to include in cert request"},
 			{"cacert-enc",  'e', 1, "CA certificate for encryption"},
 			{"cacert-sig",  's', 1, "CA certificate for signature verification"},
-			{"cacert",      'C', 1, "Additional CA certificates"},
-			{"cert",        'c', 1, "Old certificate about to be renewed"},
-			{"key",         'k', 1, "Old RSA private key about to be replaced"},
+			{"cacert",      'C', 1, "additional CA certificates"},
+			{"cert",        'c', 1, "old certificate about to be renewed"},
+			{"key",         'k', 1, "old RSA private key about to be replaced"},
 			{"cipher",      'E', 1, "encryption cipher, default: aes"},
 			{"digest",      'g', 1, "digest for signature creation, default: sha256"},
 			{"rsa-padding", 'R', 1, "padding for RSA signatures, default: pkcs1"},
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index dc83f907e7..999b62b070 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -452,7 +452,7 @@ static void __attribute__ ((constructor))reg()
 		self, 's', "self",
 		"create a self signed certificate",
 		{"[--in file|--keyid hex] [--type rsa|ecdsa|ed25519|ed448|priv]",
-		 " --dn distinguished-name [--san subjectAltName]+",
+		 "--dn distinguished-name [--san subjectAltName]+",
 		 "[--lifetime days] [--serial hex] [--ca] [--ocsp uri]+",
 		 "[--flag serverAuth|clientAuth|crlSign|ocspSigning|msSmartcardLogon]+",
 		 "[--nc-permitted name] [--nc-excluded name]",
diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index c2ba5353e5..7ad9585e99 100644
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -256,12 +256,12 @@ static void __attribute__ ((constructor))reg()
 {
 	command_register((command_t) {
 		verify, 'v', "verify",
-		"verify a certificate using the CA certificate",
-		{"[--in file] [--cacert file] [--crl file]"},
+		"verify a certificate using one or more CA certificates",
+		{"[--in file] [--cacert file]+ [--crl file]"},
 		{
 			{"help",	'h', 0, "show usage information"},
 			{"in",		'i', 1, "X.509 certificate to verify, default: stdin"},
-			{"cacert",	'c', 1, "CA certificate for trustchain verification"},
+			{"cacert",	'c', 1, "CA certificate(s) for trustchain verification"},
 			{"crl",		'l', 1, "CRL for trustchain verification"},
 			{"online",	'o', 0, "enable online CRL/OCSP revocation checking"},
 		}