summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEndi S. Dewata <edewata@redhat.com>2016-04-15 02:30:00 +0200
committerEndi S. Dewata <edewata@redhat.com>2016-04-15 20:03:36 +0200
commitd3bbfe07b1cb2d65a7af6530ea01374b20a761e4 (patch)
tree1fd572a9a76b5bfc4610037b1c45ef5d8a63e4f4
parent08f032de4090467ac4096f970609e19834b997ac (diff)
downloadpki-d3bbfe07b1cb2d65a7af6530ea01374b20a761e4.zip
pki-d3bbfe07b1cb2d65a7af6530ea01374b20a761e4.tar.gz
pki-d3bbfe07b1cb2d65a7af6530ea01374b20a761e4.tar.xz
Updated pki pkcs12-export CLI.
For consistency the pki pkcs12-export has been modified to overwrite the PKCS #12 output file by default. A new option has been added to append the exported certificates and keys into the output file if the file already exists. The same option has been added to the The pki-server instance-cert-export and subsystem-cert-export commands. https://fedorahosted.org/pki/ticket/1736
-rw-r--r--base/common/python/pki/nssdb.py10
-rw-r--r--base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java14
-rw-r--r--base/server/cmscore/src/com/netscape/cmscore/base/PropConfigStore.java2
-rw-r--r--base/server/python/pki/server/cli/instance.py18
-rw-r--r--base/server/python/pki/server/cli/subsystem.py20
5 files changed, 46 insertions, 18 deletions
diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py
index 9d27633..503bd41 100644
--- a/base/common/python/pki/nssdb.py
+++ b/base/common/python/pki/nssdb.py
@@ -543,7 +543,9 @@ class NSSDatabase(object):
def export_pkcs12(self, pkcs12_file,
pkcs12_password=None,
pkcs12_password_file=None,
- nicknames=None):
+ nicknames=None,
+ append=False,
+ debug=False):
tmpdir = tempfile.mkdtemp()
@@ -575,6 +577,12 @@ class NSSDatabase(object):
'--pkcs12-password-file', password_file
])
+ if append:
+ cmd.extend(['--append'])
+
+ if debug:
+ cmd.extend(['--debug'])
+
if nicknames:
cmd.extend(nicknames)
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
index fab5ecd..728a9ef 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
@@ -61,7 +61,7 @@ public class PKCS12ExportCLI extends CLI {
option.setArgName("path");
options.addOption(option);
- options.addOption(null, "new-file", false, "Create a new PKCS #12 file");
+ options.addOption(null, "append", false, "Append into an existing PKCS #12 file");
options.addOption(null, "no-trust-flags", false, "Do not include trust flags");
options.addOption(null, "no-key", false, "Do not include private key");
options.addOption(null, "no-chain", false, "Do not include certificate chain");
@@ -128,7 +128,7 @@ public class PKCS12ExportCLI extends CLI {
Password password = new Password(passwordString.toCharArray());
- boolean newFile = cmd.hasOption("new-file");
+ boolean append = cmd.hasOption("append");
boolean includeTrustFlags = !cmd.hasOption("no-trust-flags");
boolean includeKey = !cmd.hasOption("no-key");
boolean includeChain = !cmd.hasOption("no-chain");
@@ -139,13 +139,13 @@ public class PKCS12ExportCLI extends CLI {
PKCS12 pkcs12;
- if (newFile || !new File(filename).exists()) {
- // if new file requested or file does not exist, create a new file
- pkcs12 = new PKCS12();
+ if (append && new File(filename).exists()) {
+ // if append requested and file exists, export into the existing file
+ pkcs12 = util.loadFromFile(filename, password);
} else {
- // otherwise, export into the existing file
- pkcs12 = util.loadFromFile(filename, password);
+ // otherwise, create a new file
+ pkcs12 = new PKCS12();
}
if (nicknames.length == 0) {
diff --git a/base/server/cmscore/src/com/netscape/cmscore/base/PropConfigStore.java b/base/server/cmscore/src/com/netscape/cmscore/base/PropConfigStore.java
index eb3f6c3..cc16e24 100644
--- a/base/server/cmscore/src/com/netscape/cmscore/base/PropConfigStore.java
+++ b/base/server/cmscore/src/com/netscape/cmscore/base/PropConfigStore.java
@@ -255,7 +255,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
if (str == null) {
CMS.traceHashKey(mDebugType, getFullName(name), "<notpresent>");
- throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name));
+ throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getFullName(name)));
}
// should we check for empty string ?
// if (str.length() == 0) {
diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py
index a779f3c..4eeee5d 100644
--- a/base/server/python/pki/server/cli/instance.py
+++ b/base/server/python/pki/server/cli/instance.py
@@ -76,7 +76,9 @@ class InstanceCertExportCLI(pki.cli.CLI):
print(' --pkcs12-file <path> Output file to store the exported certificate and key in PKCS #12 format.')
print(' --pkcs12-password <password> Password for the PKCS #12 file.')
print(' --pkcs12-password-file <path> Input file containing the password for the PKCS #12 file.')
+ print(' --append Append into an existing PKCS #12 file.')
print(' -v, --verbose Run in verbose mode.')
+ print(' --debug Run in debug mode.')
print(' --help Show help message.')
print()
@@ -86,7 +88,7 @@ class InstanceCertExportCLI(pki.cli.CLI):
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'pkcs12-file=', 'pkcs12-password=', 'pkcs12-password-file=',
- 'verbose', 'help'])
+ 'append', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: ' + str(e))
@@ -99,6 +101,8 @@ class InstanceCertExportCLI(pki.cli.CLI):
pkcs12_file = None
pkcs12_password = None
pkcs12_password_file = None
+ append = False
+ debug = False
for o, a in opts:
if o in ('-i', '--instance'):
@@ -113,9 +117,15 @@ class InstanceCertExportCLI(pki.cli.CLI):
elif o == '--pkcs12-password-file':
pkcs12_password_file = a
+ elif o == '--append':
+ append = True
+
elif o in ('-v', '--verbose'):
self.set_verbose(True)
+ elif o == '--debug':
+ debug = True
+
elif o == '--help':
self.print_help()
sys.exit()
@@ -142,12 +152,12 @@ class InstanceCertExportCLI(pki.cli.CLI):
pkcs12_file=pkcs12_file,
pkcs12_password=pkcs12_password,
pkcs12_password_file=pkcs12_password_file,
- nicknames=nicknames)
+ nicknames=nicknames,
+ append=append,
+ debug=debug)
finally:
nssdb.close()
- self.print_message('Exported certificates')
-
class InstanceFindCLI(pki.cli.CLI):
diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py
index 5ab232c..fe395aa 100644
--- a/base/server/python/pki/server/cli/subsystem.py
+++ b/base/server/python/pki/server/cli/subsystem.py
@@ -464,7 +464,9 @@ class SubsystemCertExportCLI(pki.cli.CLI):
print(' --pkcs12-file <path> Output file to store the exported certificate and key in PKCS #12 format.')
print(' --pkcs12-password <password> Password for the PKCS #12 file.')
print(' --pkcs12-password-file <path> Input file containing the password for the PKCS #12 file.')
+ print(' --append Append into an existing PKCS #12 file.')
print(' -v, --verbose Run in verbose mode.')
+ print(' --debug Run in debug mode.')
print(' --help Show help message.')
print()
@@ -474,7 +476,7 @@ class SubsystemCertExportCLI(pki.cli.CLI):
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=', 'cert-file=', 'csr-file=',
'pkcs12-file=', 'pkcs12-password=', 'pkcs12-password-file=',
- 'verbose', 'help'])
+ 'append', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: ' + str(e))
@@ -494,6 +496,8 @@ class SubsystemCertExportCLI(pki.cli.CLI):
pkcs12_file = None
pkcs12_password = None
pkcs12_password_file = None
+ append = False
+ debug = False
for o, a in opts:
if o in ('-i', '--instance'):
@@ -514,9 +518,15 @@ class SubsystemCertExportCLI(pki.cli.CLI):
elif o == '--pkcs12-password-file':
pkcs12_password_file = a
+ elif o == '--append':
+ append = True
+
elif o in ('-v', '--verbose'):
self.set_verbose(True)
+ elif o == '--debug':
+ debug = True
+
elif o == '--help':
self.print_help()
sys.exit()
@@ -526,7 +536,7 @@ class SubsystemCertExportCLI(pki.cli.CLI):
self.print_help()
sys.exit(1)
- if not pkcs12_file:
+ if not (cert_file or csr_file or pkcs12_file):
print('ERROR: missing output file')
self.print_help()
sys.exit(1)
@@ -579,13 +589,13 @@ class SubsystemCertExportCLI(pki.cli.CLI):
pkcs12_file=pkcs12_file,
pkcs12_password=pkcs12_password,
pkcs12_password_file=pkcs12_password_file,
- nicknames=nicknames)
+ nicknames=nicknames,
+ append=append,
+ debug=debug)
finally:
nssdb.close()
- self.print_message('Export complete')
-
class SubsystemCertUpdateCLI(pki.cli.CLI):