diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2013-09-25 23:54:39 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2013-10-01 19:26:38 -0400 |
| commit | a4a492ef370053764b7dacbbf2f9f36069ea46b2 (patch) | |
| tree | 6ba47cbd79602db1f323e232f31cb72f1a31dabc /base/java-tools/src/com/netscape/cmstools/cli | |
| parent | 7c0fb95b77f0f91c572e0242c09a88605497a455 (diff) | |
| download | pki-a4a492ef370053764b7dacbbf2f9f36069ea46b2.tar.gz pki-a4a492ef370053764b7dacbbf2f9f36069ea46b2.tar.xz pki-a4a492ef370053764b7dacbbf2f9f36069ea46b2.zip | |
Fixed CLI authentication issue.
Previously the CLI authentication could fail because it's using a
fixed default subsystem which may not match the command it's trying
to execute. The CLI has now been modified to use the appropriate
default subsystem depending on the command to be executed.
Diffstat (limited to 'base/java-tools/src/com/netscape/cmstools/cli')
3 files changed, 187 insertions, 90 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/CLI.java b/base/java-tools/src/com/netscape/cmstools/cli/CLI.java index 0adecc171..abe0883b1 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/CLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/CLI.java @@ -87,14 +87,22 @@ public class CLI { this.description = description; } - public void addModule(CLI module) { - modules.put(module.getName(), module); + public CLI getParent() { + return parent; } public CLI getModule(String name) { return modules.get(name); } + public void addModule(CLI module) { + modules.put(module.getName(), module); + } + + public CLI removeModule(String name) { + return modules.remove(name); + } + public PKIClient getClient() { return client; } diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index 5808254ef..f77dc8183 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -35,7 +35,6 @@ import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; import org.mozilla.jss.util.IncorrectPasswordException; import org.mozilla.jss.util.Password; -import com.netscape.certsrv.account.AccountClient; import com.netscape.certsrv.client.ClientConfig; import com.netscape.certsrv.client.PKIClient; import com.netscape.certsrv.client.PKIConnection; @@ -60,26 +59,26 @@ public class MainCLI extends CLI { public File certDatabase; - public AccountClient accountClient; - String output; public MainCLI() throws Exception { super("pki", "PKI command-line interface"); addModule(new CACLI(this)); - addModule(new CertCLI(this)); - addModule(new ClientCLI(this)); - addModule(new GroupCLI(this)); - addModule(new KeyCLI(this)); addModule(new KRACLI(this)); - addModule(new KRAConnectorCLI(this)); addModule(new OCSPCLI(this)); - addModule(new ProfileCLI(this)); - addModule(new SecurityDomainCLI(this)); addModule(new TKSCLI(this)); addModule(new TPSCLI(this)); - addModule(new UserCLI(this)); + + addModule(new ClientCLI(this)); + + addModule(new ProxyCLI(new CertCLI(this), "ca")); + addModule(new ProxyCLI(new GroupCLI(this), "ca")); + addModule(new ProxyCLI(new KeyCLI(this), "kra")); + addModule(new ProxyCLI(new KRAConnectorCLI(this), "ca")); + addModule(new ProxyCLI(new ProfileCLI(this), "ca")); + addModule(new ProxyCLI(new SecurityDomainCLI(this), "ca")); + addModule(new ProxyCLI(new UserCLI(this), "ca")); } public String getFullModuleName(String moduleName) { @@ -96,7 +95,43 @@ public class MainCLI extends CLI { formatter.printHelp(name+" [OPTIONS..] <command> [ARGS..]", options); System.out.println(); - super.printHelp(); + int leftPadding = 1; + int rightPadding = 25; + + System.out.println("Subsystems:"); + + for (CLI module : modules.values()) { + if (!(module instanceof SubsystemCLI)) continue; + + String label = module.getFullName(); + + int padding = rightPadding - leftPadding - label.length(); + if (padding < 1) + padding = 1; + + System.out.print(StringUtils.repeat(" ", leftPadding)); + System.out.print(label); + System.out.print(StringUtils.repeat(" ", padding)); + System.out.println(module.getDescription()); + } + + System.out.println(); + System.out.println("Commands:"); + + for (CLI module : modules.values()) { + if (module instanceof SubsystemCLI) continue; + + String label = module.getFullName(); + + int padding = rightPadding - leftPadding - label.length(); + if (padding < 1) + padding = 1; + + System.out.print(StringUtils.repeat(" ", leftPadding)); + System.out.print(label); + System.out.print(StringUtils.repeat(" ", padding)); + System.out.println(module.getDescription()); + } } public void createOptions(Options options) throws UnknownHostException { @@ -117,7 +152,7 @@ public class MainCLI extends CLI { option.setArgName("port"); options.addOption(option); - option = new Option("t", true, "Subsystem type (default: ca)"); + option = new Option("t", true, "Subsystem type"); option.setArgName("type"); options.addOption(option); @@ -168,13 +203,18 @@ public class MainCLI extends CLI { String protocol = cmd.getOptionValue("P", "http"); String hostname = cmd.getOptionValue("h", InetAddress.getLocalHost().getCanonicalHostName()); String port = cmd.getOptionValue("p", "8080"); - String type = cmd.getOptionValue("t", "ca"); + String subsystem = cmd.getOptionValue("t"); if (uri == null) - uri = protocol + "://" + hostname + ":" + port + "/" + type; + uri = protocol + "://" + hostname + ":" + port; + + if (subsystem != null) + uri = uri + "/" + subsystem; config.setServerURI(uri); + if (verbose) System.out.println("Server URI: "+uri); + String certDatabase = cmd.getOptionValue("d"); String certNickname = cmd.getOptionValue("n"); String certPassword = cmd.getOptionValue("c"); @@ -270,20 +310,10 @@ public class MainCLI extends CLI { file.mkdirs(); connection.setOutput(file); } - - String subsystem = config.getSubsystem(); - if (subsystem != null) { - // if server URI includes subsystem, perform authentication - // against that subsystem - accountClient = new AccountClient(client, subsystem); - } } public void execute(String[] args) throws Exception { - CLI module; - String[] moduleArgs; - try { createOptions(options); @@ -308,6 +338,8 @@ public class MainCLI extends CLI { parseOptions(cmd); + init(); + if (verbose) { System.out.print("Command:"); for (String arg : cmdArgs) { @@ -317,65 +349,7 @@ public class MainCLI extends CLI { System.out.println(); } - String command = cmdArgs[0]; - String moduleName; - String moduleCommand; - - // If a command contains a '-' sign it will be - // split into module name and module command. - // Otherwise it's a single command. - int i = command.indexOf('-'); - if (i >= 0) { // <module name>-<module command> - moduleName = command.substring(0, i); - moduleCommand = command.substring(i+1); - - } else { // <command> - moduleName = command; - moduleCommand = null; - } - - // get command module - if (verbose) System.out.println("Module: " + moduleName); - module = getModule(moduleName); - if (module == null) - throw new Error("Invalid module \"" + moduleName + "\"."); - - // prepare module arguments - if (moduleCommand != null) { - moduleArgs = new String[cmdArgs.length]; - moduleArgs[0] = moduleCommand; - System.arraycopy(cmdArgs, 1, moduleArgs, 1, cmdArgs.length-1); - - } else { - moduleArgs = new String[cmdArgs.length-1]; - System.arraycopy(cmdArgs, 1, moduleArgs, 0, cmdArgs.length-1); - } - - } catch (Throwable t) { - if (verbose) { - t.printStackTrace(System.err); - } else { - System.err.println(t.getClass().getSimpleName()+": "+t.getMessage()); - } - printHelp(); - System.exit(1); - return; - } - - if (verbose) System.out.println("Server URI: "+config.getServerURI()); - - // execute command - try { - init(); - - // login if subsystem and username/nickname is specified - if (config.getSubsystem() != null && - (config.getUsername() != null || config.getCertNickname() != null)) { - accountClient.login(); - } - - // execute module command - module.execute(moduleArgs); + super.execute(cmdArgs); } catch (Throwable t) { if (verbose) { @@ -384,10 +358,6 @@ public class MainCLI extends CLI { System.err.println(t.getClass().getSimpleName()+": "+t.getMessage()); } System.exit(1); - - } finally { - // logout if subsystem is specified - if (config.getSubsystem() != null) accountClient.logout(); } } diff --git a/base/java-tools/src/com/netscape/cmstools/cli/ProxyCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/ProxyCLI.java new file mode 100644 index 000000000..7d76cb1b2 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/cli/ProxyCLI.java @@ -0,0 +1,119 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2013 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cmstools.cli; + +import com.netscape.certsrv.account.AccountClient; +import com.netscape.certsrv.client.ClientConfig; +import com.netscape.certsrv.client.PKIClient; + + +/** + * This class provides a mechanism to authenticate against + * the appropriate subsystem for the CLI command. + * + * @author Endi S. Dewata + */ +public class ProxyCLI extends CLI { + + CLI module; + String defaultSubsystem; + + public ProxyCLI(CLI module, String defaultSubsystem) { + super(module.getName(), module.getDescription(), module.getParent()); + + this.module = module; + this.defaultSubsystem = defaultSubsystem; + } + + public String getName() { + return module.getName(); + } + + public void setName(String name) { + module.setName(name); + } + + public String getFullName() { + return module.getFullName(); + } + + public String getFullModuleName(String moduleName) { + return module.getFullModuleName(moduleName); + } + + public String getDescription() { + return module.getDescription(); + } + + public void setDescription(String description) { + module.setDescription(description); + } + + public CLI getParent() { + return module.getParent(); + } + + public CLI getModule(String name) { + return module.getModule(name); + } + + public void addModule(CLI module) { + this.module.addModule(module); + } + + public CLI removeModule(String name) { + return module.removeModule(name); + } + + public PKIClient getClient() { + return module.getClient(); + } + + public Object getClient(String name) { + return module.getClient(name); + } + + public void printHelp() { + module.printHelp(); + } + + public void execute(String[] args) throws Exception { + + PKIClient client = module.getParent().getClient(); + AccountClient accountClient = null; + + try { + // login if username or nickname is specified + ClientConfig config = client.getConfig(); + if (config.getUsername() != null || config.getCertNickname() != null) { + + String subsystem = config.getSubsystem(); + if (subsystem == null) subsystem = defaultSubsystem; + + accountClient = new AccountClient(client, subsystem); + accountClient.login(); + } + + module.execute(args); + + } finally { + if (accountClient != null) accountClient.logout(); + } + } +} |