diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2015-09-27 17:23:48 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2015-09-30 15:27:31 +0200 |
| commit | 164f200c1406eb547e0989a55ce114dfc2dff511 (patch) | |
| tree | a193596c33ef8b74a1d26404c094adc88f4e587c /base/java-tools/src/com/netscape/cmstools | |
| parent | b1559af37ddb6c9dfeb25ae69cb220a0139005c9 (diff) | |
| download | pki-164f200c1406eb547e0989a55ce114dfc2dff511.tar.gz pki-164f200c1406eb547e0989a55ce114dfc2dff511.tar.xz pki-164f200c1406eb547e0989a55ce114dfc2dff511.zip | |
Added support for directory-authenticated profiles in CLI.
The pki cert-request-submit and client-cert-request CLIs have been
modified to provide options to specify the username and password
for directory-authenticated certificate enrollments.
https://fedorahosted.org/pki/ticket/1463
Diffstat (limited to 'base/java-tools/src/com/netscape/cmstools')
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java | 47 | ||||
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java | 72 |
2 files changed, 89 insertions, 30 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java index 961115968..cec1cff4f 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java @@ -1,5 +1,6 @@ package com.netscape.cmstools.cert; +import java.io.Console; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; @@ -17,6 +18,7 @@ import com.netscape.certsrv.cert.CertEnrollmentRequest; import com.netscape.certsrv.cert.CertRequestInfos; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; + import netscape.security.x509.X500Name; public class CertRequestSubmitCLI extends CLI { @@ -27,13 +29,20 @@ public class CertRequestSubmitCLI extends CLI { super("request-submit", "Submit certificate request", certCLI); this.certCLI = certCLI; - Option optAID = new Option(null, "issuer-id", true, "Authority ID (host authority if omitted)"); - optAID.setArgName("id"); - options.addOption(optAID); + Option option = new Option(null, "issuer-id", true, "Authority ID (host authority if omitted)"); + option.setArgName("id"); + options.addOption(option); + + option = new Option(null, "issuer-dn", true, "Authority DN (host authority if omitted)"); + option.setArgName("dn"); + options.addOption(option); + + option = new Option(null, "username", true, "Username for request authentication"); + option.setArgName("username"); + options.addOption(option); - Option optADN = new Option(null, "issuer-dn", true, "Authority DN (host authority if omitted)"); - optADN.setArgName("dn"); - options.addOption(optADN); + option = new Option(null, "password", false, "Prompt password for request authentication"); + options.addOption(option); } public void printHelp() { @@ -41,7 +50,7 @@ public class CertRequestSubmitCLI extends CLI { } @Override - public void execute(String[] args) { + public void execute(String[] args) throws Exception { // Always check for "--help" prior to parsing if (Arrays.asList(args).contains("--help")) { // Display usage @@ -97,20 +106,22 @@ public class CertRequestSubmitCLI extends CLI { System.exit(-1); } - try { - CertEnrollmentRequest erd = getEnrollmentRequest(cmdArgs[0]); - CertRequestInfos cri = certCLI.certClient.enrollRequest(erd, aid, adn); - MainCLI.printMessage("Submitted certificate request"); - CertCLI.printCertRequestInfos(cri); + CertEnrollmentRequest request = getEnrollmentRequest(cmdArgs[0]); - } catch (FileNotFoundException e) { - System.err.println("Error: " + e.getMessage()); - System.exit(-1); + String certRequestUsername = cmd.getOptionValue("username"); + if (certRequestUsername != null) { + request.setAttribute("uid", certRequestUsername); + } - } catch (JAXBException e) { - System.err.println("Error: " + e.getMessage()); - System.exit(-1); + if (cmd.hasOption("password")) { + Console console = System.console(); + String certRequestPassword = new String(console.readPassword("Password: ")); + request.setAttribute("pwd", certRequestPassword); } + + CertRequestInfos cri = certCLI.certClient.enrollRequest(request, aid, adn); + MainCLI.printMessage("Submitted certificate request"); + CertCLI.printCertRequestInfos(cri); } private CertEnrollmentRequest getEnrollmentRequest(String fileName) throws JAXBException, FileNotFoundException { diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java index db71c8a0f..370a7be5b 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java @@ -19,13 +19,13 @@ package com.netscape.cmstools.client; import java.io.ByteArrayOutputStream; +import java.io.Console; import java.io.File; import java.security.KeyPair; +import java.util.HashMap; +import java.util.Map; import java.util.Vector; -import netscape.ldap.util.DN; -import netscape.ldap.util.RDN; - import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; import org.apache.commons.io.FileUtils; @@ -50,6 +50,9 @@ import com.netscape.cmstools.cli.MainCLI; import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.util.Utils; +import netscape.ldap.util.DN; +import netscape.ldap.util.RDN; + /** * @author Endi S. Dewata */ @@ -73,6 +76,13 @@ public class ClientCertRequestCLI extends CLI { option.setArgName("request type"); options.addOption(option); + option = new Option(null, "username", true, "Username for request authentication"); + option.setArgName("username"); + options.addOption(option); + + option = new Option(null, "password", false, "Prompt password for request authentication"); + options.addOption(option); + option = new Option(null, "attribute-encoding", false, "Enable Attribute encoding"); options.addOption(option); @@ -265,20 +275,58 @@ public class ClientCertRequestCLI extends CLI { } } + // parse subject DN and put the values in a map + DN dn = new DN(subjectDN); + Vector<?> rdns = dn.getRDNs(); + + Map<String, String> subjectAttributes = new HashMap<String, String>(); + for (int i=0; i< rdns.size(); i++) { + RDN rdn = (RDN)rdns.elementAt(i); + String type = rdn.getTypes()[0].toLowerCase(); + String value = rdn.getValues()[0]; + subjectAttributes.put(type, value); + } + ProfileInput sn = request.getInput("Subject Name"); if (sn != null) { - DN dn = new DN(subjectDN); - Vector<?> rdns = dn.getRDNs(); - - for (int i=0; i< rdns.size(); i++) { - RDN rdn = (RDN)rdns.elementAt(i); - String type = rdn.getTypes()[0].toLowerCase(); - String value = rdn.getValues()[0]; - ProfileAttribute uidAttr = sn.getAttribute("sn_" + type); - uidAttr.setValue(value); + if (verbose) System.out.println("Subject Name:"); + + for (ProfileAttribute attribute : sn.getAttributes()) { + String name = attribute.getName(); + String value = null; + + if (name.equals("subject")) { + // get the whole subject DN + value = subjectDN; + + } else if (name.startsWith("sn_")) { + // get value from subject DN + value = subjectAttributes.get(name.substring(3)); + + } else { + // unknown attribute, ignore + if (verbose) System.out.println(" - " + name); + continue; + } + + if (value == null) continue; + + if (verbose) System.out.println(" - " + name + ": " + value); + attribute.setValue(value); } } + String certRequestUsername = cmd.getOptionValue("username"); + if (certRequestUsername != null) { + request.setAttribute("uid", certRequestUsername); + } + + if (cmd.hasOption("password")) { + Console console = System.console(); + String certRequestPassword = new String(console.readPassword("Password: ")); + request.setAttribute("pwd", certRequestPassword); + } + if (verbose) { System.out.println("Sending certificate request."); } |