Added CLI options to simplify submitting CSR.

The pki ca-cert-request-submit command has been modified to provide options to specify the profile name and the CSR which will be used to create and populate the request object. This way it's no longer necessary to download the request template and insert the CSR manually. https://fedorahosted.org/pki/ticket/456 (cherry picked from commit ec9c68d68eabff3784fcf6dabf2c6745734b3c9c)
author: Endi S. Dewata <edewata@redhat.com> 2015-11-13 16:55:43 +0100
committer: Matthew Harmsen <mharmsen@pki.usersys.redhat.com> 2016-02-22 20:19:06 -0700
commit: 4a81377c26e68c48b78c90f2a61970373dd1a6fa (patch)
tree: 60b4ac90f91aa59b28fd38e6700175f4725e2ed9
parent: 0fb33918773529206879c665211019e0ecb26d48 (diff)
download: pki-4a81377c26e68c48b78c90f2a61970373dd1a6fa.tar.gz
pki-4a81377c26e68c48b78c90f2a61970373dd1a6fa.tar.xz
pki-4a81377c26e68c48b78c90f2a61970373dd1a6fa.zip
1 files changed, 144 insertions, 9 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java
index 3a91f87f5..90b957721 100644
--- a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java
@@ -4,9 +4,10 @@ import java.io.Console;
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Scanner;
-
-import javax.xml.bind.JAXBException;
+import java.util.Vector;
 
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.Option;
@@ -14,9 +15,14 @@ import org.apache.commons.cli.ParseException;
 
 import com.netscape.certsrv.cert.CertEnrollmentRequest;
 import com.netscape.certsrv.cert.CertRequestInfos;
+import com.netscape.certsrv.profile.ProfileAttribute;
+import com.netscape.certsrv.profile.ProfileInput;
 import com.netscape.cmstools.cli.CLI;
 import com.netscape.cmstools.cli.MainCLI;
 
+import netscape.ldap.util.DN;
+import netscape.ldap.util.RDN;
+
 public class CertRequestSubmitCLI extends CLI {
 
     CertCLI certCLI;
@@ -25,12 +31,36 @@ public class CertRequestSubmitCLI extends CLI {
         super("request-submit", "Submit certificate request", certCLI);
         this.certCLI = certCLI;
 
-        Option option = new Option(null, "username", true, "Username for request authentication");
+        Option option = new Option(null, "issuer-id", true, "Authority ID (host authority if omitted)");
+        option.setArgName("ID");
+        options.addOption(option);
+
+        option = new Option(null, "issuer-dn", true, "Authority DN (host authority if omitted)");
+        option.setArgName("DN");
+        options.addOption(option);
+
+        option = new Option(null, "username", true, "Username for request authentication");
         option.setArgName("username");
         options.addOption(option);
 
         option = new Option(null, "password", false, "Prompt password for request authentication");
         options.addOption(option);
+
+        option = new Option(null, "profile", true, "Certificate profile");
+        option.setArgName("profile");
+        options.addOption(option);
+
+        option = new Option(null, "request-type", true, "Request type (default: pkcs10)");
+        option.setArgName("type");
+        options.addOption(option);
+
+        option = new Option(null, "csr-file", true, "File containing the CSR");
+        option.setArgName("path");
+        options.addOption(option);
+
+        option = new Option(null, "subject", true, "Subject DN");
+        option.setArgName("DN");
+        options.addOption(option);
     }
 
     public void printHelp() {
@@ -58,13 +88,119 @@ public class CertRequestSubmitCLI extends CLI {
 
         String[] cmdArgs = cmd.getArgs();
 
-        if (cmdArgs.length < 1) {
-            System.err.println("Error: No filename specified.");
+        String requestFilename = cmdArgs.length > 0 ? cmdArgs[0] : null;
+        String profileID = cmd.getOptionValue("profile");
+
+        if (requestFilename == null && profileID == null) {
+            System.err.println("Error: Missing request file or profile ID.");
+            printHelp();
+            System.exit(-1);
+        }
+
+        if (requestFilename != null && profileID != null) {
+            System.err.println("Error: Request file and profile ID are mutually exclusive.");
             printHelp();
             System.exit(-1);
         }
 
-        CertEnrollmentRequest request = getEnrollmentRequest(cmdArgs[0]);
+        String requestType = cmd.getOptionValue("request-type");
+
+        CertEnrollmentRequest request;
+        if (requestFilename == null) { // if no request file specified, generate new request from profile
+
+            if (verbose) {
+                System.out.println("Retrieving " + profileID + " profile.");
+            }
+
+            request = certCLI.certClient.getEnrollmentTemplate(profileID);
+
+            // set default request type for new request
+            if (requestType == null) requestType = "pkcs10";
+
+        } else { // otherwise, load request from file
+
+            if (verbose) {
+                System.out.println("Loading request from " + requestFilename + ".");
+            }
+
+            String xml = loadFile(requestFilename);
+            request = CertEnrollmentRequest.fromXML(xml);
+        }
+
+        if (requestType != null) {
+
+            if (verbose) {
+                System.out.println("Request type: " + requestType);
+            }
+
+            for (ProfileInput input : request.getInputs()) {
+                ProfileAttribute typeAttr = input.getAttribute("cert_request_type");
+                if (typeAttr != null) {
+                    typeAttr.setValue(requestType);
+                }
+            }
+        }
+
+        String csrFilename = cmd.getOptionValue("csr-file");
+        if (csrFilename != null) {
+
+            String csr = loadFile(csrFilename);
+
+            if (verbose) {
+                System.out.println("CSR:");
+                System.out.println(csr);
+            }
+
+            for (ProfileInput input : request.getInputs()) {
+                ProfileAttribute csrAttr = input.getAttribute("cert_request");
+                if (csrAttr != null) {
+                    csrAttr.setValue(csr);
+                }
+            }
+        }
+
+        String subjectDN = cmd.getOptionValue("subject");
+        if (subjectDN != null) {
+            DN dn = new DN(subjectDN);
+            Vector<?> rdns = dn.getRDNs();
+
+            Map<String, String> subjectAttributes = new HashMap<String, String>();
+            for (int i=0; i< rdns.size(); i++) {
+                RDN rdn = (RDN)rdns.elementAt(i);
+                String type = rdn.getTypes()[0].toLowerCase();
+                String value = rdn.getValues()[0];
+                subjectAttributes.put(type, value);
+            }
+
+            ProfileInput sn = request.getInput("Subject Name");
+            if (sn != null) {
+                if (verbose) System.out.println("Subject Name:");
+
+                for (ProfileAttribute attribute : sn.getAttributes()) {
+                    String name = attribute.getName();
+                    String value = null;
+
+                    if (name.equals("subject")) {
+                        // get the whole subject DN
+                        value = subjectDN;
+
+                    } else if (name.startsWith("sn_")) {
+                        // get value from subject DN
+                        value = subjectAttributes.get(name.substring(3));
+
+                    } else {
+                        // unknown attribute, ignore
+                        if (verbose) System.out.println(" - " + name);
+                        continue;
+                    }
+
+                    if (value == null) continue;
+
+                    if (verbose) System.out.println(" - " + name + ": " + value);
+                    attribute.setValue(value);
+                }
+            }
+        }
 
         String certRequestUsername = cmd.getOptionValue("username");
         if (certRequestUsername != null) {
@@ -82,10 +218,9 @@ public class CertRequestSubmitCLI extends CLI {
         CertCLI.printCertRequestInfos(cri);
     }
 
-    private CertEnrollmentRequest getEnrollmentRequest(String fileName) throws JAXBException, FileNotFoundException {
+    private String loadFile(String fileName) throws FileNotFoundException {
         try (Scanner scanner = new Scanner(new File(fileName))) {
-            String xml = scanner.useDelimiter("\\A").next();
-            return CertEnrollmentRequest.fromXML(xml);
+            return scanner.useDelimiter("\\A").next();
         }
     }
 }
author	Endi S. Dewata <edewata@redhat.com>	2015-11-13 16:55:43 +0100
committer	Matthew Harmsen <mharmsen@pki.usersys.redhat.com>	2016-02-22 20:19:06 -0700
commit	4a81377c26e68c48b78c90f2a61970373dd1a6fa (patch)
tree	60b4ac90f91aa59b28fd38e6700175f4725e2ed9
parent	0fb33918773529206879c665211019e0ecb26d48 (diff)
download	pki-4a81377c26e68c48b78c90f2a61970373dd1a6fa.tar.gz pki-4a81377c26e68c48b78c90f2a61970373dd1a6fa.tar.xz pki-4a81377c26e68c48b78c90f2a61970373dd1a6fa.zip