summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2016-03-17 15:23:34 +0100
committerEndi S. Dewata <edewata@redhat.com>2016-04-05 22:46:00 +0200
commit2009b97646f2321a806fcebbc33c329de16793e6 (patch)
tree741a1978096ac97d6d293e74d64772fb73da0c1a
parent8267e90f65c427ce30518edcc1889b535c32da83 (diff)
downloadpki-2009b97646f2321a806fcebbc33c329de16793e6.tar.gz
pki-2009b97646f2321a806fcebbc33c329de16793e6.tar.xz
pki-2009b97646f2321a806fcebbc33c329de16793e6.zip
Additional clean-ups for PKCS #12 utilities.
The pki_server_external_cert_path has been renamed to pki_server_external_certs_path to match the file name. A default pki_server_external_certs_path has been added to default.cfg. The pki pkcs12-export has been modified to export into existing PKCS #12 file by default. The pki-server instance-cert-export has been modified to accept a list of nicknames to export. https://fedorahosted.org/pki/ticket/1742
-rw-r--r--base/common/python/pki/nssdb.py6
-rw-r--r--base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java2
-rw-r--r--base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java15
-rw-r--r--base/server/python/pki/server/cli/instance.py11
-rw-r--r--base/server/python/pki/server/cli/subsystem.py4
5 files changed, 27 insertions, 11 deletions
diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py
index 9bb917fa1..e6aa0a6c2 100644
--- a/base/common/python/pki/nssdb.py
+++ b/base/common/python/pki/nssdb.py
@@ -549,8 +549,10 @@ class NSSDatabase(object):
finally:
shutil.rmtree(tmpdir)
- def export_pkcs12(self, pkcs12_file, nicknames=None, pkcs12_password=None,
- pkcs12_password_file=None):
+ def export_pkcs12(self, pkcs12_file,
+ pkcs12_password=None,
+ pkcs12_password_file=None,
+ nicknames=None):
tmpdir = tempfile.mkdtemp()
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java
index c3c5ef489..48e4907cf 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java
@@ -151,7 +151,7 @@ public class PKCS12CertAddCLI extends CLI {
pkcs12 = new PKCS12();
} else {
- // otherwise, add into the same file
+ // otherwise, add into the existing file
pkcs12 = util.loadFromFile(filename, password);
}
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
index 52a993125..d42c449b4 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
@@ -18,6 +18,7 @@
package com.netscape.cmstools.pkcs12;
import java.io.BufferedReader;
+import java.io.File;
import java.io.FileReader;
import java.util.logging.Level;
import java.util.logging.Logger;
@@ -60,6 +61,7 @@ public class PKCS12ExportCLI extends CLI {
option.setArgName("path");
options.addOption(option);
+ options.addOption(null, "new-file", false, "Create a new PKCS #12 file");
options.addOption(null, "no-trust-flags", false, "Do not include trust flags");
options.addOption("v", "verbose", false, "Run in verbose mode.");
@@ -124,14 +126,23 @@ public class PKCS12ExportCLI extends CLI {
Password password = new Password(passwordString.toCharArray());
+ boolean newFile = cmd.hasOption("new-file");
boolean trustFlagsEnabled = !cmd.hasOption("no-trust-flags");
try {
PKCS12Util util = new PKCS12Util();
util.setTrustFlagsEnabled(trustFlagsEnabled);
- // overwrite existing file
- PKCS12 pkcs12 = new PKCS12();
+ PKCS12 pkcs12;
+
+ if (newFile || !new File(filename).exists()) {
+ // if new file requested or file does not exist, create a new file
+ pkcs12 = new PKCS12();
+
+ } else {
+ // otherwise, export into the existing file
+ pkcs12 = util.loadFromFile(filename, password);
+ }
if (nicknames.length == 0) {
// load all certificates
diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py
index 16a3355c3..d19fcf363 100644
--- a/base/server/python/pki/server/cli/instance.py
+++ b/base/server/python/pki/server/cli/instance.py
@@ -64,10 +64,10 @@ class InstanceCertExportCLI(pki.cli.CLI):
def __init__(self):
super(InstanceCertExportCLI, self).__init__(
- 'export', 'Export subsystem certificate')
+ 'export', 'Export system certificates')
def print_help(self): # flake8: noqa
- print('Usage: pki-server instance-cert-export [OPTIONS]')
+ print('Usage: pki-server instance-cert-export [OPTIONS] [nicknames...]')
print()
print(' -i, --instance <instance ID> Instance ID (default: pki-tomcat).')
print(' --pkcs12-file <path> Output file to store the exported certificate and key in PKCS #12 format.')
@@ -80,7 +80,7 @@ class InstanceCertExportCLI(pki.cli.CLI):
def execute(self, argv):
try:
- opts, _ = getopt.gnu_getopt(argv, 'i:v', [
+ opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'pkcs12-file=', 'pkcs12-password=', 'pkcs12-password-file=',
'verbose', 'help'])
@@ -90,6 +90,8 @@ class InstanceCertExportCLI(pki.cli.CLI):
self.print_help()
sys.exit(1)
+ nicknames = args
+
instance_name = 'pki-tomcat'
pkcs12_file = None
pkcs12_password = None
@@ -136,7 +138,8 @@ class InstanceCertExportCLI(pki.cli.CLI):
nssdb.export_pkcs12(
pkcs12_file=pkcs12_file,
pkcs12_password=pkcs12_password,
- pkcs12_password_file=pkcs12_password_file)
+ pkcs12_password_file=pkcs12_password_file,
+ nicknames=nicknames)
finally:
nssdb.close()
diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py
index 92d4c3deb..b6c694f88 100644
--- a/base/server/python/pki/server/cli/subsystem.py
+++ b/base/server/python/pki/server/cli/subsystem.py
@@ -576,9 +576,9 @@ class SubsystemCertExportCLI(pki.cli.CLI):
try:
nssdb.export_pkcs12(
pkcs12_file=pkcs12_file,
- nicknames=nicknames,
pkcs12_password=pkcs12_password,
- pkcs12_password_file=pkcs12_password_file)
+ pkcs12_password_file=pkcs12_password_file,
+ nicknames=nicknames)
finally:
nssdb.close()