aspera-cli 4.22.0 → 4.24.0

data/lib/aspera/cli/plugins/config.rb

@@ -8,6 +8,7 @@ require 'aspera/cli/version'
 require 'aspera/cli/formatter'
 require 'aspera/cli/info'
 require 'aspera/cli/transfer_progress'
+require 'aspera/cli/wizard'
 require 'aspera/ascp/installation'
 require 'aspera/products/transferd'
 require 'aspera/transfer/error_info'
@@ -23,6 +24,7 @@ require 'aspera/persistency_folder'
 require 'aspera/data_repository'
 require 'aspera/line_logger'
 require 'aspera/rest'
+require 'aspera/oauth/jwt'
 require 'aspera/log'
 require 'aspera/assert'
 require 'aspera/oauth'
@@ -68,10 +70,7 @@ module Aspera
         EXTEND_VAULT = :vault
         PRESET_DIG_SEPARATOR = '.'
         DEFAULT_CHECK_NEW_VERSION_DAYS = 7
-        DEFAULT_PRIV_KEY_FILENAME = 'my_private_key.pem' # pragma: allowlist secret
-        DEFAULT_PRIV_KEY_LENGTH = 4096
-        COFFEE_IMAGE = 'https://enjoyjava.com/wp-content/uploads/2018/01/How-to-make-strong-coffee.jpg'
-        WIZARD_RESULT_KEYS = %i[preset_value test_args].freeze
+        COFFEE_IMAGE_URL = 'https://enjoyjava.com/wp-content/uploads/2018/01/How-to-make-strong-coffee.jpg'
         GEM_CHECK_DATE_FMT = '%Y/%m/%d'
         # for testing only
         SELF_SIGNED_CERT = OpenSSL::SSL.const_get(:enon_yfirev.to_s.upcase.reverse) # cspell: disable-line
@@ -90,28 +89,15 @@ module Aspera
           :EXTEND_PRESET,
           :EXTEND_VAULT,
           :DEFAULT_CHECK_NEW_VERSION_DAYS,
-          :DEFAULT_PRIV_KEY_FILENAME,
           :SERVER_COMMAND,
           :PRESET_DIG_SEPARATOR,
-          :COFFEE_IMAGE,
-          :WIZARD_RESULT_KEYS,
+          :COFFEE_IMAGE_URL,
           :SELF_SIGNED_CERT,
           :PERSISTENCY_FOLDER,
-          :DEFAULT_PRIV_KEY_LENGTH,
           :CONF_OVERVIEW_KEYS,
           :SMTP_CONF_PARAMS
 
         class << self
-          def generate_rsa_private_key(path:, length: DEFAULT_PRIV_KEY_LENGTH)
-            require 'openssl'
-            priv_key = OpenSSL::PKey::RSA.new(length)
-            File.write(path, priv_key.to_s)
-            File.write("#{path}.pub", priv_key.public_key.to_s)
-            Environment.restrict_file_access(path)
-            Environment.restrict_file_access("#{path}.pub")
-            nil
-          end
-
           # folder containing plugins in the gem's main folder
           def gem_plugins_folder
             File.dirname(File.expand_path(__FILE__))
@@ -132,7 +118,7 @@ module Aspera
           # return product family folder (~/.aspera)
           def module_family_folder
             user_home_folder = Dir.home
-            Aspera.assert(Dir.exist?(user_home_folder), exception_class: Cli::Error){"Home folder does not exist: #{user_home_folder}. Check your user environment."}
+            Aspera.assert(Dir.exist?(user_home_folder), type: Cli::Error){"Home folder does not exist: #{user_home_folder}. Check your user environment."}
             return File.join(user_home_folder, ASPERA_HOME_FOLDER_NAME)
           end
 
@@ -171,11 +157,12 @@ module Aspera
             :home, 'Home folder for tool',
             handler: {o: self, m: :main_folder},
             types: String,
-            default: self.class.default_app_main_folder(app_name: Info::CMD_NAME))
+            default: self.class.default_app_main_folder(app_name: Info::CMD_NAME)
+          )
           options.parse_options!
           Log.log.debug{"#{Info::CMD_NAME} folder: #{@main_folder}"}
           # data persistency manager, created by config plugin, set for global object
-          @broker.persistency = PersistencyFolder.new(File.join(@main_folder, PERSISTENCY_FOLDER))
+          context.persistency = PersistencyFolder.new(File.join(@main_folder, PERSISTENCY_FOLDER))
           # set folders for plugin lookup
           PluginFactory.instance.add_lookup_folder(self.class.gem_plugins_folder)
           PluginFactory.instance.add_lookup_folder(File.join(@main_folder, ASPERA_PLUGINS_FOLDERNAME))
@@ -183,7 +170,8 @@ module Aspera
           options.declare(
             :config_file, 'Path to YAML file with preset configuration',
             handler: {o: self, m: :option_config_file},
-            default: File.join(@main_folder, DEFAULT_CONFIG_FILENAME))
+            default: File.join(@main_folder, DEFAULT_CONFIG_FILENAME)
+          )
           options.parse_options!
           # read config file (set @config_presets)
           read_config_file
@@ -204,29 +192,26 @@ module Aspera
           options.declare(:preset, 'Load the named option preset from current config file', short: 'P', handler: {o: self, m: :option_preset})
           options.declare(:version_check_days, 'Period in days to check new version (zero to disable)', coerce: Integer, default: DEFAULT_CHECK_NEW_VERSION_DAYS)
           options.declare(:plugin_folder, 'Folder where to find additional plugins', handler: {o: self, m: :option_plugin_folder})
-          # wizard options
-          options.declare(:override, 'Wizard: override existing value', values: :bool, default: :no)
-          options.declare(:default, 'Wizard: set as default configuration for specified plugin (also: update)', values: :bool, default: true)
-          options.declare(:test_mode, 'Wizard: skip private key check step', values: :bool, default: false)
-          options.declare(:key_path, 'Wizard: path to private key for JWT')
+          # declare wizard options
+          @wizard = Wizard.new(self, @main_folder)
           # Transfer SDK options
-          options.declare(:ascp_path, 'Path to ascp', handler: {o: Ascp::Installation.instance, m: :ascp_path})
-          options.declare(:use_product, 'Use ascp from specified product', handler: {o: self, m: :option_use_product})
-          options.declare(:sdk_url, 'URL to get Aspera Transfer Daemon', default: SpecialValues::DEF)
-          options.declare(:locations_url, 'URL to get locations of Aspera Transfer Daemon', handler: {o: Ascp::Installation.instance, m: :transferd_urls})
-          options.declare(:sdk_folder, 'SDK folder path', handler: {o: Products::Transferd, m: :sdk_directory})
+          options.declare(:ascp_path, 'Ascp: Path to ascp', handler: {o: Ascp::Installation.instance, m: :ascp_path})
+          options.declare(:use_product, 'Ascp: Use ascp from specified product', handler: {o: self, m: :option_use_product})
+          options.declare(:sdk_url, 'Ascp: URL to get Aspera Transfer Executables', default: SpecialValues::DEF)
+          options.declare(:locations_url, 'Ascp: URL to get locations of Aspera Transfer Daemon', handler: {o: Ascp::Installation.instance, m: :transferd_urls})
+          options.declare(:sdk_folder, 'Ascp: SDK folder path', handler: {o: Products::Transferd, m: :sdk_directory})
           options.declare(:progress_bar, 'Display progress bar', values: :bool, default: Environment.terminal?)
           # email options
-          options.declare(:smtp, 'SMTP configuration', types: Hash)
-          options.declare(:notify_to, 'Email recipient for notification of transfers')
-          options.declare(:notify_template, 'Email ERB template for notification of transfers')
+          options.declare(:smtp, 'Email: SMTP configuration', types: Hash)
+          options.declare(:notify_to, 'Email: Recipient for notification of transfers')
+          options.declare(:notify_template, 'Email: ERB template for notification of transfers')
           # HTTP options
-          options.declare(:insecure, 'Do not validate any HTTPS certificate', values: :bool, handler: {o: self, m: :option_insecure}, default: :no)
-          options.declare(:ignore_certificate, 'Do not validate HTTPS certificate for these URLs', types: Array, handler: {o: self, m: :option_ignore_cert_host_port})
-          options.declare(:silent_insecure, 'Issue a warning if certificate is ignored', values: :bool, handler: {o: self, m: :option_warn_insecure_cert}, default: :yes)
-          options.declare(:cert_stores, 'List of folder with trusted certificates', types: [Array, String], handler: {o: self, m: :trusted_cert_locations})
-          options.declare(:http_options, 'Options for HTTP/S socket', types: Hash, handler: {o: self, m: :option_http_options}, default: {})
-          options.declare(:http_proxy, 'URL for HTTP proxy with optional credentials', types: String, handler: {o: self, m: :option_http_proxy})
+          options.declare(:insecure, 'HTTP/S: Do not validate any certificate', values: :bool, handler: {o: self, m: :option_insecure}, default: :no)
+          options.declare(:ignore_certificate, 'HTTP/S: Do not validate certificate for these URLs', types: Array, handler: {o: self, m: :option_ignore_cert_host_port})
+          options.declare(:warn_insecure, 'HTTP/S: Issue a warning if certificate is ignored', values: :bool, handler: {o: self, m: :option_warn_insecure_cert}, default: :yes)
+          options.declare(:cert_stores, 'HTTP/S: List of folder with trusted certificates', types: [Array, String], handler: {o: self, m: :trusted_cert_locations})
+          options.declare(:http_options, 'HTTP/S: Options for HTTP/S socket', types: Hash, handler: {o: self, m: :option_http_options}, default: {})
+          options.declare(:http_proxy, 'HTTP/S: URL for proxy with optional credentials', types: String, handler: {o: self, m: :option_http_proxy})
           options.declare(:cache_tokens, 'Save and reuse OAuth tokens', values: :bool, handler: {o: self, m: :option_cache_tokens})
           options.declare(:fpac, 'Proxy auto configuration script')
           options.declare(:proxy_credentials, 'HTTP proxy credentials for fpac: user, password', types: Array)
@@ -256,7 +241,7 @@ module Aspera
             @pac_exec = ProxyAutoConfig.new(pac_script).register_uri_generic
             proxy_user_pass = options.get_option(:proxy_credentials)
             if !proxy_user_pass.nil?
-              Aspera.assert(proxy_user_pass.length.eql?(2), exception_class: Cli::BadArgument){"proxy_credentials shall have two elements (#{proxy_user_pass.length})"}
+              Aspera.assert(proxy_user_pass.length.eql?(2), type: Cli::BadArgument){"proxy_credentials shall have two elements (#{proxy_user_pass.length})"}
               @pac_exec.proxy_user = proxy_user_pass[0]
               @pac_exec.proxy_pass = proxy_user_pass[1]
             end
@@ -362,7 +347,8 @@ module Aspera
               if !@ssl_warned_urls.include?(base_url)
                 formatter.display_message(
                   :error,
-                  "#{Formatter::WARNING_FLASH} Ignoring certificate for: #{base_url}. Do not deactivate certificate verification in production.")
+                  "#{Formatter::WARNING_FLASH} Ignoring certificate for: #{base_url}. Do not deactivate certificate verification in production."
+                )
                 @ssl_warned_urls.push(base_url)
               end
             end
@@ -378,13 +364,39 @@ module Aspera
           # Rest.io_http_session(http_session).debug_output = Log.log
           http_session.verify_mode = SELF_SIGNED_CERT if http_session.use_ssl? && ignore_cert?(http_session.address, http_session.port)
           http_session.cert_store = @certificate_store if @certificate_store
-          Log.log.debug{"using cert store #{http_session.cert_store} (#{@certificate_store})"} unless http_session.cert_store.nil?
+          Log.log.debug{"Using cert store #{http_session.cert_store} (#{@certificate_store})"} unless http_session.cert_store.nil?
           @option_http_options.each do |k, v|
             method = "#{k}=".to_sym
             # check if accessor is a method of Net::HTTP
             # continue_timeout= read_timeout= write_timeout=
             if http_session.respond_to?(method)
               http_session.send(method, v)
+            elsif k.eql?('ssl_options')
+              # NOTE: here is a hack that allows setting SSLContext options
+              Aspera.assert_type(v, Array){'ssl_options'}
+              # more dynamic method, but more complex:
+              # Net::HTTP::SSL_ATTRIBUTES.push(:options) unless Net::HTTP::SSL_ATTRIBUTES.include?(:options)
+              # Net::HTTP::SSL_IVNAMES.push(:@options) unless Net::HTTP::SSL_IVNAMES.include?(:@options)
+              # Start with default options
+              ssl_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options]
+              v.each do |opt|
+                case opt
+                when Integer
+                  ssl_options = opt
+                when String
+                  name = "OP_#{opt.start_with?('-') ? opt[1..] : opt}".upcase
+                  raise Cli::BadArgument, "No such ssl_option: #{name}, use one of: #{OpenSSL::SSL.constants.grep(/^OP_/).map{ |c| c.to_s.sub(/^OP_/, '')}.join(', ')}" if !OpenSSL::SSL.const_defined?(name)
+                  if opt.start_with?('-')
+                    ssl_options &= ~OpenSSL::SSL.const_get(name)
+                  else
+                    ssl_options |= OpenSSL::SSL.const_get(name)
+                  end
+                else
+                  Aspera.error_unexpected_value(opt.class.name){'Expected String or Integer in ssl_options'}
+                end
+              end
+              # http_session.instance_variable_set(:@options, ssl_options)
+              OpenSSL::SSL::SSLContext::DEFAULT_PARAMS[:options] = ssl_options
             else
               Log.log.error{"no such HTTP session attribute: #{k}"}
             end
@@ -423,7 +435,8 @@ module Aspera
           check_date_persist = PersistencyActionOnce.new(
             manager: persistency,
             data:    last_check_array,
-            id:      'version_last_check')
+            id:      'version_last_check'
+          )
           # get persisted date or nil
           current_date = Date.today
           last_check_days = (current_date - Date.strptime(last_check_array.first, GEM_CHECK_DATE_FMT)) rescue nil
@@ -447,7 +460,7 @@ module Aspera
           default_config_name = get_plugin_default_config_name(plugin_name_sym)
           Log.log.debug{"add_plugin_default_preset:#{plugin_name_sym}:#{default_config_name}"}
           options.add_option_preset(preset_by_name(default_config_name), 'default_plugin', override: false) unless default_config_name.nil?
-          return nil
+          return
         end
 
         # get the default global preset, or set default one
@@ -495,12 +508,12 @@ module Aspera
         # @return the hash from name (also expands possible includes)
         # @param config_name name of the preset in config file
         # @param include_path used to detect and avoid include loops
-        def preset_by_name(config_name, include_path=[])
+        def preset_by_name(config_name, include_path = [])
           raise Cli::Error, 'loop in include' if include_path.include?(config_name)
           include_path = include_path.clone # avoid messing up if there are multiple branches
           current = @config_presets
           config_name.split(PRESET_DIG_SEPARATOR).each do |name|
-            Aspera.assert_type(current, Hash, exception_class: Cli::Error){"sub key: #{include_path}"}
+            Aspera.assert_type(current, Hash, type: Cli::Error){"sub key: #{include_path}"}
             include_path.push(name)
             current = current[name]
             raise Cli::Error, "No such config preset: #{include_path}" if current.nil?
@@ -537,7 +550,7 @@ module Aspera
           when String
             options.add_option_preset(preset_by_name(value), 'set_by_name')
           else
-            raise 'Preset definition must be a String for preset name, or Hash for set of values'
+            raise BadArgument, 'Preset definition must be a String for preset name, or Hash for set of values'
           end
         end
 
@@ -563,12 +576,12 @@ module Aspera
             @config_checksum_on_disk = config_checksum
           end
           files_to_copy = []
-          Log.log.trace1{Log.dump('Available_presets', @config_presets)}
+          Log.dump(:available_presets, @config_presets, level: :trace1)
           Aspera.assert_type(@config_presets, Hash){'config file YAML'}
           # check there is at least the config section
           Aspera.assert(@config_presets.key?(CONF_PRESET_CONFIG)){"Cannot find key: #{CONF_PRESET_CONFIG}"}
           version = @config_presets[CONF_PRESET_CONFIG][CONF_PRESET_VERSION]
-          raise 'No version found in config section.' if version.nil?
+          raise Error, 'No version found in config section.' if version.nil?
           Log.log.debug{"conf version: #{version}"}
           # VVV if there are any conversion needed, those happen here.
           # fix bug in 4.4 (creating key "true" in "default" preset)
@@ -598,46 +611,6 @@ module Aspera
           raise Cli::Error, e.to_s
         end
 
-        # Find a plugin, and issue the "require"
-        # @return [Hash] plugin info: { product: , url:, version: }
-        def identify_plugins_for_url
-          app_url = options.get_next_argument('url', mandatory: true)
-          check_only = options.get_next_argument('plugin name', mandatory: false)
-          check_only = check_only.to_sym unless check_only.nil?
-          found_apps = []
-          my_self_plugin_sym = self.class.name.split('::').last.downcase.to_sym
-          PluginFactory.instance.plugin_list.each do |plugin_name_sym|
-            # no detection for internal plugin
-            next if plugin_name_sym.eql?(my_self_plugin_sym)
-            next if check_only && !check_only.eql?(plugin_name_sym)
-            # load plugin class
-            detect_plugin_class = PluginFactory.instance.plugin_class(plugin_name_sym)
-            # requires detection method
-            next unless detect_plugin_class.respond_to?(:detect)
-            detection_info = nil
-            begin
-              Log.log.debug{"detecting #{plugin_name_sym} at #{app_url}"}
-              formatter.long_operation_running("#{plugin_name_sym}\r")
-              detection_info = detect_plugin_class.detect(app_url)
-            rescue OpenSSL::SSL::SSLError => e
-              Log.log.warn(e.message)
-              Log.log.warn('Use option --insecure=yes to allow unchecked certificate') if e.message.include?('cert')
-            rescue StandardError => e
-              Log.log.debug{"detect error: [#{e.class}] #{e}"}
-              next
-            end
-            next if detection_info.nil?
-            Aspera.assert_type(detection_info, Hash)
-            Aspera.assert_type(detection_info[:url], String) if detection_info.key?(:url)
-            app_name = detect_plugin_class.respond_to?(:application_name) ? detect_plugin_class.application_name : detect_plugin_class.name.split('::').last
-            # if there is a redirect, then the detector can override the url.
-            found_apps.push({product: plugin_name_sym, name: app_name, url: app_url, version: 'unknown'}.merge(detection_info))
-          end
-          raise "No known application found at #{app_url}" if found_apps.empty?
-          Aspera.assert(found_apps.all?{ |a| a.keys.all?(Symbol)})
-          return found_apps
-        end
-
         def execute_connect_action
           command = options.get_next_command(%i[list info version])
           if %i[info version].include?(command)
@@ -686,12 +659,12 @@ module Aspera
             set_global_default(:ascp_path, ascp_path)
             return Main.result_nothing
           when :show
-            return Main.result_status(Ascp::Installation.instance.path(:ascp))
+            return Main.result_text(Ascp::Installation.instance.path(:ascp))
           when :info
             # collect info from ascp executable
             data = Ascp::Installation.instance.ascp_info
             # add command line transfer spec
-            data['ts'] = transfer.updated_ts
+            data['ts'] = transfer.option_transfer_spec
             # add keys
             DataRepository::ELEMENTS.each_with_object(data){ |i, h| h[i.to_s] = DataRepository.instance.item(i)}
             # declare those as secrets
@@ -715,10 +688,8 @@ module Aspera
             n, v = Ascp::Installation.instance.install_sdk(url: options.get_option(:sdk_url, mandatory: true), version: version)
             return Main.result_status("Installed #{n} version #{v}")
           when :spec
-            return Main.result_object_list(
-              Transfer::SpecDoc.man_table(formatter, cli: false),
-              fields: Transfer::SpecDoc::TABLE_COLUMNS.map(&:to_s)
-            )
+            fields, data = Transfer::SpecDoc.man_table(Formatter)
+            return Main.result_object_list(data, fields: fields.map(&:to_s))
           when :schema
             schema = Transfer::Spec::SCHEMA.merge({'$comment'=>'DO NOT EDIT, this file was generated from the YAML.'})
             agent = options.get_next_argument('transfer agent name', mandatory: false)
@@ -772,7 +743,7 @@ module Aspera
           raise "no such preset: #{name}" if PRESET_EXIST_ACTIONS.include?(action) && !@config_presets.key?(name)
           case action
           when :list
-            return Main.result_value_list(@config_presets.keys, 'name')
+            return Main.result_value_list(@config_presets.keys, name: 'name')
           when :overview
             # display process modifies the value (hide secrets): we do not want to save removed secrets
             data = self.class.deep_clone(@config_presets)
@@ -809,9 +780,7 @@ module Aspera
             return Main.result_nothing
           when :initialize
             config_value = options.get_next_argument('extended value', validation: Hash)
-            if @config_presets.key?(name)
-              Log.log.warn{"configuration already exists: #{name}, overwriting"}
-            end
+            Log.log.warn{"configuration already exists: #{name}, overwriting"} if @config_presets.key?(name)
             @config_presets[name] = config_value
             return Main.result_status("Modified: #{@option_config_file}")
           when :update
@@ -834,7 +803,7 @@ module Aspera
             url = options.get_option(:url, mandatory: true)
             user = options.get_option(:username, mandatory: true)
             result = lookup_preset(url: url, username: user)
-            raise 'no such config found' if result.nil?
+            raise Error, 'no such config found' if result.nil?
             return Main.result_single_object(result)
           when :secure
             identifier = options.get_next_argument('config name', mandatory: false)
@@ -901,7 +870,7 @@ module Aspera
           when :preset # newer syntax
             return execute_preset
           when :open
-            Environment.open_editor(@option_config_file.to_s)
+            Environment.instance.open_editor(@option_config_file.to_s)
             return Main.result_nothing
           when :documentation
             section = options.get_next_argument('private key file path', mandatory: false)
@@ -910,12 +879,12 @@ module Aspera
             return Main.result_nothing
           when :genkey # generate new rsa key
             private_key_path = options.get_next_argument('private key file path')
-            private_key_length = options.get_next_argument('size in bits', mandatory: false, validation: Integer, default: DEFAULT_PRIV_KEY_LENGTH)
-            self.class.generate_rsa_private_key(path: private_key_path, length: private_key_length)
+            private_key_length = options.get_next_argument('size in bits', mandatory: false, validation: Integer, default: OAuth::Jwt::DEFAULT_PRIV_KEY_LENGTH)
+            OAuth::Jwt.generate_rsa_private_key(path: private_key_path, length: private_key_length)
             return Main.result_status("Generated #{private_key_length} bit RSA key: #{private_key_path}")
           when :pubkey # get pub key
             private_key_pem = options.get_next_argument('private key PEM value')
-            return Main.result_status(OpenSSL::PKey::RSA.new(private_key_pem).public_key.to_s)
+            return Main.result_text(OpenSSL::PKey::RSA.new(private_key_pem).public_key.to_s)
           when :remote_certificate
             cert_action = options.get_next_command(%i[chain only name])
             remote_url = options.get_next_argument('remote URL')
@@ -923,20 +892,18 @@ module Aspera
             raise "No certificate found for #{remote_url}" unless remote_chain&.first
             case cert_action
             when :chain
-              return Main.result_status(remote_chain.map(&:to_pem).join("\n"))
+              return Main.result_text(remote_chain.map(&:to_pem).join("\n"))
             when :only
-              return Main.result_status(remote_chain.first.to_pem)
+              return Main.result_text(remote_chain.first.to_pem)
             when :name
-              return Main.result_status(remote_chain.first.subject.to_a.find{ |name, _, _| name == 'CN'}[1])
+              return Main.result_text(remote_chain.first.subject.to_a.find{ |name, _, _| name == 'CN'}[1])
             end
           when :echo # display the content of a value given on command line
             return Main.result_auto(options.get_next_argument('value', validation: nil))
           when :download
             file_url = options.get_next_argument('source URL').chomp
             file_dest = options.get_next_argument('file path', mandatory: false)
-            if file_dest.nil?
-              file_dest = File.join(transfer.destination_folder(Transfer::Spec::DIRECTION_RECEIVE), file_url.gsub(%r{.*/}, ''))
-            end
+            file_dest = File.join(transfer.destination_folder(Transfer::Spec::DIRECTION_RECEIVE), file_url.gsub(%r{.*/}, '')) if file_dest.nil?
             formatter.display_status("Downloading: #{file_url}")
             Rest.new(base_url: file_url).call(operation: 'GET', save_to_file: file_dest)
             return Main.result_status("Saved to: #{file_dest}")
@@ -990,27 +957,27 @@ module Aspera
             # interactive mode
             options.ask_missing_mandatory = true
             # detect plugins by url and optional query
-            apps = identify_plugins_for_url.freeze
+            apps = @wizard.identify_plugins_for_url.freeze
             return Main.result_object_list(apps) if action.eql?(:detect)
-            return wizard_find(apps)
+            return @wizard.find(apps)
           when :coffee
-            return Main.result_image(COFFEE_IMAGE, formatter: formatter)
+            return Main.result_image(COFFEE_IMAGE_URL)
           when :image
-            return Main.result_image(options.get_next_argument('image uri or blob'), formatter: formatter)
+            return Main.result_image(options.get_next_argument('image URI or blob'))
           when :ascp
             execute_action_ascp
           when :transferd
             execute_action_transferd
           when :gem
             case options.get_next_command(%i[path version name])
-            when :path then return Main.result_status(self.class.gem_src_root)
-            when :version then return Main.result_status(Cli::VERSION)
-            when :name then return Main.result_status(Info::GEM_NAME)
+            when :path then return Main.result_text(self.class.gem_src_root)
+            when :version then return Main.result_text(Cli::VERSION)
+            when :name then return Main.result_text(Info::GEM_NAME)
             end
           when :folder
-            return Main.result_status(@main_folder)
+            return Main.result_text(@main_folder)
           when :file
-            return Main.result_status(@option_config_file)
+            return Main.result_text(@option_config_file)
           when :email_test
             send_email_template(email_template_default: EMAIL_TEST_TEMPLATE)
             return Main.result_nothing
@@ -1020,7 +987,7 @@ module Aspera
             # ensure fpac was provided
             options.get_option(:fpac, mandatory: true)
             server_url = options.get_next_argument('server url')
-            return Main.result_status(@pac_exec.find_proxy_for_url(server_url))
+            return Main.result_text(@pac_exec.get_proxies(server_url))
           when :check_update
             return Main.result_single_object(check_gem_version)
           when :initdemo
@@ -1047,101 +1014,11 @@ module Aspera
           when :vault then execute_vault
           when :test then return execute_test
           when :platform
-            return Main.result_status(Environment.architecture)
+            return Main.result_text(Environment.instance.architecture)
           else Aspera.error_unreachable_line
           end
         end
 
-        def wizard_find(apps)
-          identification = if apps.length.eql?(1)
-            Log.log.debug{"Detected: #{identification}"}
-            apps.first
-          else
-            formatter.display_status('Multiple applications detected, please select from:')
-            formatter.display_results(type: :object_list, data: apps, fields: %w[product url version])
-            answer = options.prompt_user_input_in_list('product', apps.map{ |a| a[:product]})
-            apps.find{ |a| a[:product].eql?(answer)}
-          end
-          wiz_preset_name = options.get_next_argument('preset name', default: '')
-          Log.log.debug{Log.dump(:identification, identification)}
-          wiz_url = identification[:url]
-          formatter.display_status("Using: #{identification[:name]} at #{wiz_url}".bold)
-          # set url for instantiation of plugin
-          options.add_option_preset({url: wiz_url}, 'wizard')
-          # instantiate plugin: command line options will be known and wizard can be called
-          wiz_plugin_class = PluginFactory.instance.plugin_class(identification[:product])
-          Aspera.assert(wiz_plugin_class.respond_to?(:wizard), exception_class: Cli::BadArgument) do
-            "Detected: #{identification[:product]}, but this application has no wizard"
-          end
-          # instantiate plugin: command line options will be known, e.g. private_key
-          plugin_instance = wiz_plugin_class.new(**init_params)
-          wiz_params = {
-            object: plugin_instance
-          }
-          # is private key needed ?
-          if options.known_options.key?(:private_key) &&
-              (!wiz_plugin_class.respond_to?(:private_key_required?) || wiz_plugin_class.private_key_required?(wiz_url))
-            # lets see if path to priv key is provided
-            private_key_path = options.get_option(:key_path)
-            # give a chance to provide
-            if private_key_path.nil?
-              formatter.display_status('Please provide the path to your private RSA key, or nothing to generate one:')
-              private_key_path = options.get_option(:key_path, mandatory: true).to_s
-            end
-            # else generate path
-            if private_key_path.empty?
-              private_key_path = File.join(@main_folder, DEFAULT_PRIV_KEY_FILENAME)
-            end
-            if File.exist?(private_key_path)
-              formatter.display_status('Using existing key:')
-            else
-              formatter.display_status("Generating #{DEFAULT_PRIV_KEY_LENGTH} bit RSA key...")
-              self.class.generate_rsa_private_key(path: private_key_path)
-              formatter.display_status('Created key:')
-            end
-            formatter.display_status(private_key_path)
-            private_key_pem = File.read(private_key_path)
-            options.set_option(:private_key, private_key_pem)
-            wiz_params[:private_key_path] = private_key_path
-            wiz_params[:pub_key_pem] = OpenSSL::PKey::RSA.new(private_key_pem).public_key.to_s
-          end
-          Log.log.debug{Log.dump(:wiz_params, wiz_params)}
-          # finally, call the wizard
-          wizard_result = wiz_plugin_class.wizard(**wiz_params)
-          Log.log.debug{"wizard result: #{wizard_result}"}
-          Aspera.assert(WIZARD_RESULT_KEYS.eql?(wizard_result.keys.sort)){"missing or extra keys in wizard result: #{wizard_result.keys}"}
-          # get preset name from user or default
-          if wiz_preset_name.empty?
-            elements = [
-              identification[:product],
-              URI.parse(wiz_url).host
-            ]
-            elements.push(options.get_option(:username, mandatory: true)) unless wizard_result[:preset_value].key?(:link) rescue nil
-            wiz_preset_name = elements.join('_').strip.downcase.gsub(/[^a-z0-9]/, '_').squeeze('_')
-          end
-          # test mode does not change conf file
-          return Main.result_single_object(wizard_result) if options.get_option(:test_mode)
-          # Write configuration file
-          formatter.display_status("Preparing preset: #{wiz_preset_name}")
-          # init defaults if necessary
-          @config_presets[CONF_PRESET_DEFAULTS] ||= {}
-          option_override = options.get_option(:override, mandatory: true)
-          raise Cli::Error, "A default configuration already exists for plugin '#{identification[:product]}' (use --override=yes or --default=no)" \
-            if !option_override && options.get_option(:default, mandatory: true) && @config_presets[CONF_PRESET_DEFAULTS].key?(identification[:product])
-          raise Cli::Error, "Preset already exists: #{wiz_preset_name}  (use --override=yes or --id=<name>)" \
-            if !option_override && @config_presets.key?(wiz_preset_name)
-          @config_presets[wiz_preset_name] = wizard_result[:preset_value].stringify_keys
-          test_args = wizard_result[:test_args]
-          if options.get_option(:default, mandatory: true)
-            formatter.display_status("Setting config preset as default for #{identification[:product]}")
-            @config_presets[CONF_PRESET_DEFAULTS][identification[:product].to_s] = wiz_preset_name
-          else
-            test_args = "-P#{wiz_preset_name} #{test_args}"
-          end
-          # TODO: actually test the command
-          return Main.result_status("You can test with:\n#{Info::CMD_NAME} #{identification[:product]} #{test_args}")
-        end
-
         # @return [Hash] email server setting with defaults if not defined
         def email_settings
           smtp = options.get_option(:smtp, mandatory: true)
@@ -1193,7 +1070,7 @@ module Aspera
           end
           # execute template
           msg_with_headers = ERB.new(notify_template).result(template_binding)
-          Log.log.debug{Log.dump(:msg_with_headers, msg_with_headers)}
+          Log.dump(:msg_with_headers, msg_with_headers)
           require 'net/smtp'
           smtp = Net::SMTP.new(mail_conf[:server], mail_conf[:port])
           smtp.enable_starttls if mail_conf[:tls]
@@ -1207,7 +1084,7 @@ module Aspera
         # Save current configuration to config file
         # return true if file was saved
         def save_config_file_if_needed
-          raise 'no configuration loaded' if @config_presets.nil?
+          raise Error, 'no configuration loaded' if @config_presets.nil?
           current_checksum = config_checksum
           return false if @config_checksum_on_disk.eql?(current_checksum)
           FileUtils.mkdir_p(@main_folder)
@@ -1225,7 +1102,7 @@ module Aspera
           Aspera.assert(!@config_presets.nil?){'config_presets shall be defined'}
           if !@use_plugin_defaults
             Log.log.debug('skip default config')
-            return nil
+            return
           end
           if @config_presets.key?(CONF_PRESET_DEFAULTS) &&
               @config_presets[CONF_PRESET_DEFAULTS].key?(plugin_name_sym.to_s)
@@ -1241,7 +1118,7 @@ module Aspera
             raise Cli::Error, "Config name [#{default_config_name}] must be a hash, check config file." if !@config_presets[default_config_name].is_a?(Hash)
             return default_config_name
           end
-          return nil
+          return
         end
 
         # @return [Hash] result of execution of vault command
@@ -1256,11 +1133,7 @@ module Aspera
           when :show
             return Main.result_single_object(vault.get(label: options.get_next_argument('label')))
           when :create
-            label = options.get_next_argument('label', validation: String)
-            info = options.get_next_argument('info', validation: Hash)
-            info = info.symbolize_keys
-            info[:label] = label
-            vault.set(info)
+            vault.set(options.get_next_argument('info', validation: Hash).symbolize_keys)
             return Main.result_status('Secret added')
           when :delete
             label_to_delete = options.get_next_argument('label')
@@ -1276,7 +1149,7 @@ module Aspera
         # @return [String] value from vault matching <name>.<param>
         def vault_value(name)
           m = name.split('.')
-          raise 'vault name shall match <name>.<param>' unless m.length.eql?(2)
+          raise BadArgument, 'vault name shall match <name>.<param>' unless m.length.eql?(2)
           # this raise exception if label not found:
           info = vault.get(label: m[0])
           value = info[m[1].to_sym]
@@ -1298,6 +1171,7 @@ module Aspera
           )
         end
 
+        # Artifically raise an exception for tests
         def execute_test
           case options.get_next_command(%i[throw web])
           when :throw
@@ -1305,18 +1179,20 @@ module Aspera
             # options
             exception_class_name = options.get_next_argument('exception class name', mandatory: true)
             exception_text = options.get_next_argument('exception text', mandatory: true)
-            exception_class = Object.const_get(exception_class_name)
-            Aspera.assert(exception_class <= Exception){"#{exception_class} is not an exception: #{exception_class.class}"}
-            raise exception_class, exception_text
+            type = Object.const_get(exception_class_name)
+            Aspera.assert(type <= Exception){"#{type} is not an exception: #{type.class}"}
+            raise type, exception_text
           when :web
           end
         end
 
         # version of URL without trailing "/" and removing default port
         def canonical_url(url)
-          url.sub(%r{/+$}, '').sub(%r{^(https://[^/]+):443$}, '\1')
+          url.chomp('/').sub(%r{^(https://[^/]+):443$}, '\1')
         end
 
+        # Look for a preset that has the corresponding URL and username
+        # @return the first one matching
         def lookup_preset(url:, username:)
           # remove extra info to maximize match
           url = canonical_url(url)
@@ -1329,6 +1205,8 @@ module Aspera
           nil
         end
 
+        # Lookup the corresponding secret for the given URL and usernames
+        # @raise Exception if mandatory and not found
         def lookup_secret(url:, username:, mandatory: false)
           secret = options.get_option(:secret)
           if secret.nil?