diff options
author | Endi S. Dewata <edewata@redhat.com> | 2013-11-18 11:11:16 -0500 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2013-11-19 14:18:07 -0500 |
commit | 94a964ac6285683a90f2f5cd484a6cc4fc25f82f (patch) | |
tree | dba722d522c302781bf9b46c4eee4d4f589e9d13 /base/java-tools/src/com/netscape/cmstools/client | |
parent | 3ce7191f48d8be29ddb89cf401f80316d44cf354 (diff) | |
download | pki-94a964ac6285683a90f2f5cd484a6cc4fc25f82f.tar.gz pki-94a964ac6285683a90f2f5cd484a6cc4fc25f82f.tar.xz pki-94a964ac6285683a90f2f5cd484a6cc4fc25f82f.zip |
Fixed client-cert-import command.
Previously client-cert-import uses a JSS method that calls NSS
function PK11_ImportDERCertForKey(). To import certificate without
key it should use PK11_ImportCert but it's only available via
certutil. So for now the client-cert-import has been modified to
call certutil until the interface is added to JSS.
The MainCLI has been modified not to call CryptoManager.initialize()
to avoid locking up the security database while importing the
certificate using certutil.
Diffstat (limited to 'base/java-tools/src/com/netscape/cmstools/client')
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java | 54 |
1 files changed, 45 insertions, 9 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java index 1ced6727f..0376b7f90 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java @@ -19,6 +19,7 @@ package com.netscape.cmstools.client; import java.io.File; +import java.io.FileOutputStream; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; @@ -106,17 +107,52 @@ public class ClientCertImportCLI extends CLI { System.exit(1); } - // import the certificate - if (isCACert) { - if (verbose) System.out.println("Importing CA certificate."); - cert = client.importCACertPackage(bytes); + MainCLI mainCLI = (MainCLI)parent.getParent(); - } else { - if (verbose) System.out.println("Importing certificate."); - cert = client.importCertPackage(bytes, client.config.getCertNickname()); + if (mainCLI.config.getCertNickname() == null) { + System.err.println("Error: Certificate nickname is required."); + System.exit(1); } - MainCLI.printMessage("Imported certificate \"" + cert.getNickname() + "\""); - ClientCLI.printCertInfo(cert); + File certDatabase = mainCLI.certDatabase; + File certFile = new File(certDatabase, "import.crt"); + + try { + try (FileOutputStream out = new FileOutputStream(certFile)) { + out.write(bytes); + } + + String flag; + if (isCACert) { + if (verbose) System.out.println("Importing CA certificate."); + flag = "CT,c,"; + + } else { + if (verbose) System.out.println("Importing certificate."); + flag = "u,u,u"; + } + + String[] commands = { + "/usr/bin/certutil", "-A", + "-d", certDatabase.getAbsolutePath(), + "-i", certFile.getAbsolutePath(), + "-n", mainCLI.config.getCertNickname(), + "-t", flag + }; + + Runtime rt = Runtime.getRuntime(); + Process p = rt.exec(commands); + + int rc = p.waitFor(); + if (rc != 0) { + MainCLI.printMessage("Import failed"); + return; + } + + MainCLI.printMessage("Imported certificate \"" + mainCLI.config.getCertNickname() + "\""); + + } finally { + certFile.delete(); + } } } |