Added condition for checking instance id in kra commands

Partially Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1351295

4 files changed, 36 insertions, 7 deletions

diff --git a/base/java-tools/bin/pki b/base/java-tools/bin/pki
index c9170831b..6104a5f76 100644
--- a/base/java-tools/bin/pki
+++ b/base/java-tools/bin/pki
@@ -261,7 +261,6 @@ if __name__ == '__main__':
 
     except subprocess.CalledProcessError as e:
         if cli.verbose:
-            print('ERROR: %s' % e)
-        elif cli.debug:
             traceback.print_exc()
-        exit(e.returncode)
+        print('ERROR: %s' % e)
+        sys.exit(e.returncode)
diff --git a/base/server/python/pki/server/__init__.py b/base/server/python/pki/server/__init__.py
index 454408f6a..87303cd56 100644
--- a/base/server/python/pki/server/__init__.py
+++ b/base/server/python/pki/server/__init__.py
@@ -562,7 +562,7 @@ class PKIInstance(object):
     def get_token_password(self, token='internal'):
 
         # determine the password name for the token
-        if token.lower() in ['internal', 'internal key storage token']:
+        if not token or token.lower() in ['internal', 'internal key storage token']:
             name = 'internal'
 
         else:
diff --git a/base/server/python/pki/server/cli/kra.py b/base/server/python/pki/server/cli/kra.py
index b4f0df43f..676d1f511 100644
--- a/base/server/python/pki/server/cli/kra.py
+++ b/base/server/python/pki/server/cli/kra.py
@@ -132,9 +132,15 @@ class KRAClonePrepareCLI(pki.cli.CLI):
             sys.exit(1)
 
         instance = pki.server.PKIInstance(instance_name)
+        if not instance.is_valid():
+            print('ERROR: Invalid instance %s.' % instance_name)
+            sys.exit(1)
         instance.load()
 
         subsystem = instance.get_subsystem('kra')
+        if not subsystem:
+            print('ERROR: No KRA subsystem in instance %s.' % instance_name)
+            sys.exit(1)
 
         tmpdir = tempfile.mkdtemp()
 
@@ -151,6 +157,7 @@ class KRAClonePrepareCLI(pki.cli.CLI):
                 'storage', pkcs12_file, pkcs12_password_file)
             subsystem.export_system_cert(
                 'audit_signing', pkcs12_file, pkcs12_password_file)
+
             instance.export_external_certs(pkcs12_file, pkcs12_password_file)
 
         finally:
@@ -235,12 +242,15 @@ class KRADBVLVFindCLI(pki.cli.CLI):
                 sys.exit(1)
 
         instance = pki.server.PKIInstance(instance_name)
+        if not instance.is_valid():
+            print('ERROR: Invalid instance %s.' % instance_name)
+            sys.exit(1)
         instance.load()
 
         subsystem = instance.get_subsystem('kra')
-
         if not subsystem:
-            raise Exception('Subsystem not found')
+            print('ERROR: No KRA subsystem in instance %s.' % instance_name)
+            sys.exit(1)
 
         self.find_vlv(subsystem, bind_dn, bind_password)
 
@@ -347,6 +357,9 @@ class KRADBVLVAddCLI(pki.cli.CLI):
                 sys.exit(1)
 
         instance = pki.server.PKIInstance(instance_name)
+        if not instance.is_valid():
+            print('ERROR: Invalid instance %s.' % instance_name)
+            sys.exit(1)
         instance.load()
         self.add_vlv(instance, bind_dn, bind_password)
 
@@ -442,6 +455,9 @@ class KRADBVLVDeleteCLI(pki.cli.CLI):
                 sys.exit(1)
 
         instance = pki.server.PKIInstance(instance_name)
+        if not instance.is_valid():
+            print('ERROR: Invalid instance %s.' % instance_name)
+            sys.exit(1)
         instance.load()
         self.delete_vlv(instance, bind_dn, bind_password)
 
@@ -557,6 +573,9 @@ class KRADBVLVReindexCLI(pki.cli.CLI):
                 sys.exit(1)
 
         instance = pki.server.PKIInstance(instance_name)
+        if not instance.is_valid():
+            print('ERROR: Invalid instance %s.' % instance_name)
+            sys.exit(1)
         instance.load()
         self.reindex_vlv(instance, bind_dn, bind_password)
 
diff --git a/base/server/sbin/pki-server b/base/server/sbin/pki-server
index cd00de0ba..cea62b7e4 100644
--- a/base/server/sbin/pki-server
+++ b/base/server/sbin/pki-server
@@ -22,7 +22,9 @@
 from __future__ import absolute_import
 from __future__ import print_function
 import getopt
+import subprocess
 import sys
+import traceback
 
 import pki.cli
 import pki.server.cli.ca
@@ -103,5 +105,14 @@ class PKIServerCLI(pki.cli.CLI):
 
 
 if __name__ == '__main__':
+
     cli = PKIServerCLI()
-    cli.execute(sys.argv)
+
+    try:
+        cli.execute(sys.argv)
+
+    except subprocess.CalledProcessError as e:
+        if cli.verbose:
+            traceback.print_exc()
+        print('ERROR: %s' % e)
+        sys.exit(e.returncode)