diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-03-17 15:23:34 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2016-04-05 22:46:00 +0200 |
commit | 2009b97646f2321a806fcebbc33c329de16793e6 (patch) | |
tree | 741a1978096ac97d6d293e74d64772fb73da0c1a | |
parent | 8267e90f65c427ce30518edcc1889b535c32da83 (diff) | |
download | pki-2009b97646f2321a806fcebbc33c329de16793e6.tar.gz pki-2009b97646f2321a806fcebbc33c329de16793e6.tar.xz pki-2009b97646f2321a806fcebbc33c329de16793e6.zip |
Additional clean-ups for PKCS #12 utilities.
The pki_server_external_cert_path has been renamed to
pki_server_external_certs_path to match the file name.
A default pki_server_external_certs_path has been added to
default.cfg.
The pki pkcs12-export has been modified to export into existing
PKCS #12 file by default.
The pki-server instance-cert-export has been modified to accept a
list of nicknames to export.
https://fedorahosted.org/pki/ticket/1742
5 files changed, 27 insertions, 11 deletions
diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index 9bb917fa1..e6aa0a6c2 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -549,8 +549,10 @@ class NSSDatabase(object): finally: shutil.rmtree(tmpdir) - def export_pkcs12(self, pkcs12_file, nicknames=None, pkcs12_password=None, - pkcs12_password_file=None): + def export_pkcs12(self, pkcs12_file, + pkcs12_password=None, + pkcs12_password_file=None, + nicknames=None): tmpdir = tempfile.mkdtemp() diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java index c3c5ef489..48e4907cf 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java @@ -151,7 +151,7 @@ public class PKCS12CertAddCLI extends CLI { pkcs12 = new PKCS12(); } else { - // otherwise, add into the same file + // otherwise, add into the existing file pkcs12 = util.loadFromFile(filename, password); } diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java index 52a993125..d42c449b4 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java @@ -18,6 +18,7 @@ package com.netscape.cmstools.pkcs12; import java.io.BufferedReader; +import java.io.File; import java.io.FileReader; import java.util.logging.Level; import java.util.logging.Logger; @@ -60,6 +61,7 @@ public class PKCS12ExportCLI extends CLI { option.setArgName("path"); options.addOption(option); + options.addOption(null, "new-file", false, "Create a new PKCS #12 file"); options.addOption(null, "no-trust-flags", false, "Do not include trust flags"); options.addOption("v", "verbose", false, "Run in verbose mode."); @@ -124,14 +126,23 @@ public class PKCS12ExportCLI extends CLI { Password password = new Password(passwordString.toCharArray()); + boolean newFile = cmd.hasOption("new-file"); boolean trustFlagsEnabled = !cmd.hasOption("no-trust-flags"); try { PKCS12Util util = new PKCS12Util(); util.setTrustFlagsEnabled(trustFlagsEnabled); - // overwrite existing file - PKCS12 pkcs12 = new PKCS12(); + PKCS12 pkcs12; + + if (newFile || !new File(filename).exists()) { + // if new file requested or file does not exist, create a new file + pkcs12 = new PKCS12(); + + } else { + // otherwise, export into the existing file + pkcs12 = util.loadFromFile(filename, password); + } if (nicknames.length == 0) { // load all certificates diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py index 16a3355c3..d19fcf363 100644 --- a/base/server/python/pki/server/cli/instance.py +++ b/base/server/python/pki/server/cli/instance.py @@ -64,10 +64,10 @@ class InstanceCertExportCLI(pki.cli.CLI): def __init__(self): super(InstanceCertExportCLI, self).__init__( - 'export', 'Export subsystem certificate') + 'export', 'Export system certificates') def print_help(self): # flake8: noqa - print('Usage: pki-server instance-cert-export [OPTIONS]') + print('Usage: pki-server instance-cert-export [OPTIONS] [nicknames...]') print() print(' -i, --instance <instance ID> Instance ID (default: pki-tomcat).') print(' --pkcs12-file <path> Output file to store the exported certificate and key in PKCS #12 format.') @@ -80,7 +80,7 @@ class InstanceCertExportCLI(pki.cli.CLI): def execute(self, argv): try: - opts, _ = getopt.gnu_getopt(argv, 'i:v', [ + opts, args = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', 'pkcs12-file=', 'pkcs12-password=', 'pkcs12-password-file=', 'verbose', 'help']) @@ -90,6 +90,8 @@ class InstanceCertExportCLI(pki.cli.CLI): self.print_help() sys.exit(1) + nicknames = args + instance_name = 'pki-tomcat' pkcs12_file = None pkcs12_password = None @@ -136,7 +138,8 @@ class InstanceCertExportCLI(pki.cli.CLI): nssdb.export_pkcs12( pkcs12_file=pkcs12_file, pkcs12_password=pkcs12_password, - pkcs12_password_file=pkcs12_password_file) + pkcs12_password_file=pkcs12_password_file, + nicknames=nicknames) finally: nssdb.close() diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py index 92d4c3deb..b6c694f88 100644 --- a/base/server/python/pki/server/cli/subsystem.py +++ b/base/server/python/pki/server/cli/subsystem.py @@ -576,9 +576,9 @@ class SubsystemCertExportCLI(pki.cli.CLI): try: nssdb.export_pkcs12( pkcs12_file=pkcs12_file, - nicknames=nicknames, pkcs12_password=pkcs12_password, - pkcs12_password_file=pkcs12_password_file) + pkcs12_password_file=pkcs12_password_file, + nicknames=nicknames) finally: nssdb.close() |