diff options
author | Endi S. Dewata <edewata@redhat.com> | 2016-02-25 21:31:24 +0100 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2016-02-26 13:12:30 -0500 |
commit | 0dadf421c327bc32d220405208031a9f7e1bb097 (patch) | |
tree | 411865a8c3caa602b9acbcda75e9ac2775612342 /base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java | |
parent | 935633c5ea9f2b5c4321d924af166367008ac4b3 (diff) | |
download | pki-0dadf421c327bc32d220405208031a9f7e1bb097.tar.gz pki-0dadf421c327bc32d220405208031a9f7e1bb097.tar.xz pki-0dadf421c327bc32d220405208031a9f7e1bb097.zip |
Added workaround for JSS limitation in pki pkcs12-import.
Currently JSS is unable to import CA certificates while preserving
their nicknames. As a workaround, the pki pkcs12-import has been
modified such that it exports individual CA certificates from PKCS
The remaining user certificates will continue to be imported using
JSS.
A new pki pkcs12-cert-export command has been added to export
individual certificates from PKCS #12 file into PEM files.
The pki pkcs12-import has been modified to take a list of nicknames
of the certificates to be imported into NSS database.
https://fedorahosted.org/pki/ticket/1742
Diffstat (limited to 'base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java')
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java index 3e42efcbc..bdd8f52bc 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java @@ -44,7 +44,7 @@ public class PKCS12ImportCLI extends CLI { } public void printHelp() { - formatter.printHelp(getFullName() + " [OPTIONS...]", options); + formatter.printHelp(getFullName() + " [OPTIONS...] [nicknames...]", options); } public void createOptions() { @@ -95,6 +95,7 @@ public class PKCS12ImportCLI extends CLI { Logger.getLogger("netscape").setLevel(Level.FINE); } + String[] nicknames = cmd.getArgs(); String filename = cmd.getOptionValue("pkcs12"); if (filename == null) { @@ -130,7 +131,18 @@ public class PKCS12ImportCLI extends CLI { util.setTrustFlagsEnabled(trustFlagsEnabled); PKCS12 pkcs12 = util.loadFromFile(filename, password); - util.storeIntoNSS(pkcs12, password); + + if (nicknames.length == 0) { + // store all certificates + util.storeIntoNSS(pkcs12); + + } else { + // load specified certificates + for (String nickname : nicknames) { + util.storeCertIntoNSS(pkcs12, nickname); + } + } + } finally { password.clear(); |