diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2014-08-28 19:11:42 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2014-08-28 22:57:32 -0400 |
| commit | 2f7e6de6c489a49f7a7be473e5752ef49472bbcc (patch) | |
| tree | 166ab9e406af0773cdd5b84b8998629896b2a661 /base/java-tools/src/com/netscape/cmstools/cli | |
| parent | 93a8e9aa5c68f50ca3a9c971691b58390d453950 (diff) | |
| download | pki-2f7e6de6c489a49f7a7be473e5752ef49472bbcc.tar.gz pki-2f7e6de6c489a49f7a7be473e5752ef49472bbcc.tar.xz pki-2f7e6de6c489a49f7a7be473e5752ef49472bbcc.zip | |
Fixed problems with CLI authentication parameters.
Previously specifying a security database password in the CLI would
require a certificate nickname to be specified as well. While this
is correct for client certificate authentication, it caused a
problem for operations that do not authenticate against the server
such as client-init. The CLI has been modified to require a security
database password only if the nickname is specified for client
certificate authentication.
Similar changes have been made to require user password only if
the username is specified for basic authentication.
The CLI also has been modified to store all specified parameters
in the config object regardless of parameter validation.
The manual page has been modified accordingly.
Ticket #1125
Diffstat (limited to 'base/java-tools/src/com/netscape/cmstools/cli')
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java | 151 |
1 files changed, 74 insertions, 77 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index becd84524..186c9827e 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -19,9 +19,9 @@ package com.netscape.cmstools.cli; import java.io.BufferedReader; -import java.io.FileReader; import java.io.Console; import java.io.File; +import java.io.FileReader; import java.io.IOException; import java.lang.reflect.Field; import java.net.InetAddress; @@ -291,93 +291,90 @@ public class MainCLI extends CLI { String passwordFile = cmd.getOptionValue("W"); String[] tokenPasswordPair = { null, null }; - // check for mutually exclusive options - if ((certNickname != null) && (username != null)) { - System.err.println("Error: The '-n' (client authentication) and '-u' (basic authentication) options are mutually exclusive!"); - System.exit(-1); - } - if ((certPasswordFile != null) && (certPassword != null)) { - System.err.println("Error: The '-C' and '-c' options are mutually exclusive!"); - System.exit(-1); - } - if ((passwordFile != null) && (password != null)) { - System.err.println("Error: The '-W' and '-w' options are mutually exclusive!"); + // check authentication parameters + if (certNickname != null && username != null) { + System.err.println("Error: The '-n' and '-u' options are mutually exclusive."); System.exit(-1); - } - // check for mutually dependent options - if (((certPasswordFile != null) || (certPassword != null)) && - (certNickname == null)) { - System.err.println("Error: If either of the '-C' or '-c' options are specified, the '-n' client authentication option must also be specified!"); - System.exit(-1); - } - if (((passwordFile != null) || (password != null)) && - (username == null)) { - System.err.println("Error: If either of the '-W' or '-w' options are specified, the '-u' basic authentication option must also be specified!"); - System.exit(-1); + } else if (certNickname != null) { // client certificate authentication + + if (certPasswordFile != null && certPassword != null) { + System.err.println("Error: The '-C' and '-c' options are mutually exclusive."); + System.exit(-1); + + } else if (certPasswordFile == null && certPassword == null) { + System.err.println("Error: Missing security database password."); + System.exit(-1); + } + + } else if (username != null) { // basic authentication + + if (passwordFile != null && password != null) { + System.err.println("Error: The '-W' and '-w' options are mutually exclusive."); + System.exit(-1); + + } else if (passwordFile == null && password == null) { + System.err.println("Error: Missing user password."); + System.exit(-1); + } } - // convert into absolute path + // store security database path if (certDatabase != null) config.setCertDatabase(new File(certDatabase).getAbsolutePath()); - // check for client authentication or basic authentication - if (certNickname != null) { - // client authentication - config.setCertNickname(certNickname); - - if (certPassword != null) { - // set client security database password - config.setCertPassword(certPassword); - } else if (certPasswordFile != null) { - // read client security database password from specified file - tokenPasswordPair = readPlaintextPasswordFromFile(certPasswordFile); - // XXX TBD set client security database token - - // set client security database password - config.setCertPassword(tokenPasswordPair[1]); - } else { - // prompt for client security database password - // - // NOTE: This overrides the password callback provided - // by JSS for NSS security database authentication. - // - try { - certPassword = promptForPassword("Enter Client Security Database Password: "); - // set client security database password - config.setCertPassword(certPassword); - } catch (Exception e) { - System.err.println("Error: " + e.getMessage()); - System.exit(-1); - } + // store certificate nickname + config.setCertNickname(certNickname); + + if (certPasswordFile != null) { + // read client security database password from specified file + tokenPasswordPair = readPlaintextPasswordFromFile(certPasswordFile); + // XXX TBD set client security database token + + certPassword = tokenPasswordPair[1]; + + } else if (certNickname != null && certPassword == null) { + // prompt for security database password if required for authentication + // + // NOTE: This overrides the password callback provided + // by JSS for NSS security database authentication. + // + try { + certPassword = promptForPassword("Enter Client Security Database Password: "); + + } catch (Exception e) { + System.err.println("Error: " + e.getMessage()); + System.exit(-1); } - } else if (username != null) { - // basic authentication - config.setUsername(username); - - if (password != null) { - // set user password - config.setPassword(password); - } else if (passwordFile != null) { - // read user password from specified file - tokenPasswordPair = readPlaintextPasswordFromFile(passwordFile); - // XXX TBD set user token - - // set user password - config.setPassword(tokenPasswordPair[1]); - } else { - // prompt for user password - try { - password = promptForPassword(); - // set user password - config.setPassword(password); - } catch (Exception e) { - System.err.println("Error: " + e.getMessage()); - System.exit(-1); - } + } + + // store security database password + config.setCertPassword(certPassword); + + // store user name + config.setUsername(username); + + if (passwordFile != null) { + // read user password from specified file + tokenPasswordPair = readPlaintextPasswordFromFile(passwordFile); + // XXX TBD set user token + + password = tokenPasswordPair[1]; + + } else if (username != null && password == null) { + // prompt for user password if required for authentication + try { + password = promptForPassword(); + + } catch (Exception e) { + System.err.println("Error: " + e.getMessage()); + System.exit(-1); } } + // store user password + config.setPassword(password); + String list = cmd.getOptionValue("reject-cert-status"); convertCertStatusList(list, rejectedCertStatuses); |