diff options
author | Endi S. Dewata <edewata@redhat.com> | 2013-07-17 11:05:11 -0400 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2013-07-22 19:01:50 -0400 |
commit | d5a63e2c0cf44f1eafecf51bd243cf794b33a515 (patch) | |
tree | 618633c746c3aba8c135ebc7520c8bc1906f7294 /base/java-tools/src/com/netscape | |
parent | f038cf0eb758e20747e6632154e8dcb49d0d143e (diff) | |
download | pki-d5a63e2c0cf44f1eafecf51bd243cf794b33a515.tar.gz pki-d5a63e2c0cf44f1eafecf51bd243cf794b33a515.tar.xz pki-d5a63e2c0cf44f1eafecf51bd243cf794b33a515.zip |
Fixed token authentication problem on RHEL.
The CryptoManager.initialize() and CryptoToken.login() invocation has been
moved into the main program as a workaround for the authentication problem
on RHEL and to ensure proper initialization in general.
Bugzilla #985111
Diffstat (limited to 'base/java-tools/src/com/netscape')
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java | 44 |
1 files changed, 39 insertions, 5 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index ae93320f9..1c6411d79 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -29,7 +29,11 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; import org.apache.commons.lang.StringUtils; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; +import org.mozilla.jss.util.IncorrectPasswordException; +import org.mozilla.jss.util.Password; import com.netscape.certsrv.account.AccountClient; import com.netscape.certsrv.client.ClientConfig; @@ -232,6 +236,41 @@ public class MainCLI extends CLI { public void init() throws Exception { + if (config.getCertDatabase() == null) { + // Create a default certificate database + certDatabase = new File( + System.getProperty("user.home") + File.separator + + ".dogtag" + File.separator + "nssdb"); + + certDatabase.mkdirs(); + + } else { + // Use existing certificate database + certDatabase = new File(config.getCertDatabase()); + } + + if (verbose) System.out.println("Certificate database: "+certDatabase.getAbsolutePath()); + + // Main program should initialize certificate database + CryptoManager.initialize(certDatabase.getAbsolutePath()); + + // If password is specified, use password to access client database + if (config.getCertPassword() != null) { + CryptoManager manager = CryptoManager.getInstance(); + CryptoToken token = manager.getInternalKeyStorageToken(); + Password password = new Password(config.getCertPassword().toCharArray()); + + try { + token.login(password); + + } catch (IncorrectPasswordException e) { + System.out.println("Error: "+e.getClass().getSimpleName()+": "+e.getMessage()); + // The original exception doesn't contain a message. + throw new IncorrectPasswordException("Incorrect certificate database password."); + } + + } + client = new PKIClient(config); client.setVerbose(verbose); @@ -246,11 +285,6 @@ public class MainCLI extends CLI { } accountClient = new AccountClient(client); - - // initialize certificate database if specified - if (config.getCertDatabase() != null) { - client.initCertDatabase(); - } } public void execute(String[] args) throws Exception { |