diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2013-09-25 23:54:39 -0400 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2013-10-01 19:26:38 -0400 |
| commit | a4a492ef370053764b7dacbbf2f9f36069ea46b2 (patch) | |
| tree | 6ba47cbd79602db1f323e232f31cb72f1a31dabc /base/java-tools/src/com | |
| parent | 7c0fb95b77f0f91c572e0242c09a88605497a455 (diff) | |
| download | pki-a4a492ef370053764b7dacbbf2f9f36069ea46b2.tar.gz pki-a4a492ef370053764b7dacbbf2f9f36069ea46b2.tar.xz pki-a4a492ef370053764b7dacbbf2f9f36069ea46b2.zip | |
Fixed CLI authentication issue.
Previously the CLI authentication could fail because it's using a
fixed default subsystem which may not match the command it's trying
to execute. The CLI has now been modified to use the appropriate
default subsystem depending on the command to be executed.
Diffstat (limited to 'base/java-tools/src/com')
11 files changed, 237 insertions, 104 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java index 83cd6851c..c3f43401c 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java @@ -68,7 +68,14 @@ public class CertCLI extends CLI { public void execute(String[] args) throws Exception { - certClient = new CertClient(parent.getClient()); + client = parent.getClient(); + + // determine the subsystem + String subsystem = client.getSubsystem(); + if (subsystem == null) subsystem = "ca"; + + // create new cert client + certClient = new CertClient(client, subsystem); super.execute(args); } diff --git a/base/java-tools/src/com/netscape/cmstools/cli/CLI.java b/base/java-tools/src/com/netscape/cmstools/cli/CLI.java index 0adecc171..abe0883b1 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/CLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/CLI.java @@ -87,14 +87,22 @@ public class CLI { this.description = description; } - public void addModule(CLI module) { - modules.put(module.getName(), module); + public CLI getParent() { + return parent; } public CLI getModule(String name) { return modules.get(name); } + public void addModule(CLI module) { + modules.put(module.getName(), module); + } + + public CLI removeModule(String name) { + return modules.remove(name); + } + public PKIClient getClient() { return client; } diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index 5808254ef..f77dc8183 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -35,7 +35,6 @@ import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; import org.mozilla.jss.util.IncorrectPasswordException; import org.mozilla.jss.util.Password; -import com.netscape.certsrv.account.AccountClient; import com.netscape.certsrv.client.ClientConfig; import com.netscape.certsrv.client.PKIClient; import com.netscape.certsrv.client.PKIConnection; @@ -60,26 +59,26 @@ public class MainCLI extends CLI { public File certDatabase; - public AccountClient accountClient; - String output; public MainCLI() throws Exception { super("pki", "PKI command-line interface"); addModule(new CACLI(this)); - addModule(new CertCLI(this)); - addModule(new ClientCLI(this)); - addModule(new GroupCLI(this)); - addModule(new KeyCLI(this)); addModule(new KRACLI(this)); - addModule(new KRAConnectorCLI(this)); addModule(new OCSPCLI(this)); - addModule(new ProfileCLI(this)); - addModule(new SecurityDomainCLI(this)); addModule(new TKSCLI(this)); addModule(new TPSCLI(this)); - addModule(new UserCLI(this)); + + addModule(new ClientCLI(this)); + + addModule(new ProxyCLI(new CertCLI(this), "ca")); + addModule(new ProxyCLI(new GroupCLI(this), "ca")); + addModule(new ProxyCLI(new KeyCLI(this), "kra")); + addModule(new ProxyCLI(new KRAConnectorCLI(this), "ca")); + addModule(new ProxyCLI(new ProfileCLI(this), "ca")); + addModule(new ProxyCLI(new SecurityDomainCLI(this), "ca")); + addModule(new ProxyCLI(new UserCLI(this), "ca")); } public String getFullModuleName(String moduleName) { @@ -96,7 +95,43 @@ public class MainCLI extends CLI { formatter.printHelp(name+" [OPTIONS..] <command> [ARGS..]", options); System.out.println(); - super.printHelp(); + int leftPadding = 1; + int rightPadding = 25; + + System.out.println("Subsystems:"); + + for (CLI module : modules.values()) { + if (!(module instanceof SubsystemCLI)) continue; + + String label = module.getFullName(); + + int padding = rightPadding - leftPadding - label.length(); + if (padding < 1) + padding = 1; + + System.out.print(StringUtils.repeat(" ", leftPadding)); + System.out.print(label); + System.out.print(StringUtils.repeat(" ", padding)); + System.out.println(module.getDescription()); + } + + System.out.println(); + System.out.println("Commands:"); + + for (CLI module : modules.values()) { + if (module instanceof SubsystemCLI) continue; + + String label = module.getFullName(); + + int padding = rightPadding - leftPadding - label.length(); + if (padding < 1) + padding = 1; + + System.out.print(StringUtils.repeat(" ", leftPadding)); + System.out.print(label); + System.out.print(StringUtils.repeat(" ", padding)); + System.out.println(module.getDescription()); + } } public void createOptions(Options options) throws UnknownHostException { @@ -117,7 +152,7 @@ public class MainCLI extends CLI { option.setArgName("port"); options.addOption(option); - option = new Option("t", true, "Subsystem type (default: ca)"); + option = new Option("t", true, "Subsystem type"); option.setArgName("type"); options.addOption(option); @@ -168,13 +203,18 @@ public class MainCLI extends CLI { String protocol = cmd.getOptionValue("P", "http"); String hostname = cmd.getOptionValue("h", InetAddress.getLocalHost().getCanonicalHostName()); String port = cmd.getOptionValue("p", "8080"); - String type = cmd.getOptionValue("t", "ca"); + String subsystem = cmd.getOptionValue("t"); if (uri == null) - uri = protocol + "://" + hostname + ":" + port + "/" + type; + uri = protocol + "://" + hostname + ":" + port; + + if (subsystem != null) + uri = uri + "/" + subsystem; config.setServerURI(uri); + if (verbose) System.out.println("Server URI: "+uri); + String certDatabase = cmd.getOptionValue("d"); String certNickname = cmd.getOptionValue("n"); String certPassword = cmd.getOptionValue("c"); @@ -270,20 +310,10 @@ public class MainCLI extends CLI { file.mkdirs(); connection.setOutput(file); } - - String subsystem = config.getSubsystem(); - if (subsystem != null) { - // if server URI includes subsystem, perform authentication - // against that subsystem - accountClient = new AccountClient(client, subsystem); - } } public void execute(String[] args) throws Exception { - CLI module; - String[] moduleArgs; - try { createOptions(options); @@ -308,6 +338,8 @@ public class MainCLI extends CLI { parseOptions(cmd); + init(); + if (verbose) { System.out.print("Command:"); for (String arg : cmdArgs) { @@ -317,65 +349,7 @@ public class MainCLI extends CLI { System.out.println(); } - String command = cmdArgs[0]; - String moduleName; - String moduleCommand; - - // If a command contains a '-' sign it will be - // split into module name and module command. - // Otherwise it's a single command. - int i = command.indexOf('-'); - if (i >= 0) { // <module name>-<module command> - moduleName = command.substring(0, i); - moduleCommand = command.substring(i+1); - - } else { // <command> - moduleName = command; - moduleCommand = null; - } - - // get command module - if (verbose) System.out.println("Module: " + moduleName); - module = getModule(moduleName); - if (module == null) - throw new Error("Invalid module \"" + moduleName + "\"."); - - // prepare module arguments - if (moduleCommand != null) { - moduleArgs = new String[cmdArgs.length]; - moduleArgs[0] = moduleCommand; - System.arraycopy(cmdArgs, 1, moduleArgs, 1, cmdArgs.length-1); - - } else { - moduleArgs = new String[cmdArgs.length-1]; - System.arraycopy(cmdArgs, 1, moduleArgs, 0, cmdArgs.length-1); - } - - } catch (Throwable t) { - if (verbose) { - t.printStackTrace(System.err); - } else { - System.err.println(t.getClass().getSimpleName()+": "+t.getMessage()); - } - printHelp(); - System.exit(1); - return; - } - - if (verbose) System.out.println("Server URI: "+config.getServerURI()); - - // execute command - try { - init(); - - // login if subsystem and username/nickname is specified - if (config.getSubsystem() != null && - (config.getUsername() != null || config.getCertNickname() != null)) { - accountClient.login(); - } - - // execute module command - module.execute(moduleArgs); + super.execute(cmdArgs); } catch (Throwable t) { if (verbose) { @@ -384,10 +358,6 @@ public class MainCLI extends CLI { System.err.println(t.getClass().getSimpleName()+": "+t.getMessage()); } System.exit(1); - - } finally { - // logout if subsystem is specified - if (config.getSubsystem() != null) accountClient.logout(); } } diff --git a/base/java-tools/src/com/netscape/cmstools/cli/ProxyCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/ProxyCLI.java new file mode 100644 index 000000000..7d76cb1b2 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/cli/ProxyCLI.java @@ -0,0 +1,119 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2013 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cmstools.cli; + +import com.netscape.certsrv.account.AccountClient; +import com.netscape.certsrv.client.ClientConfig; +import com.netscape.certsrv.client.PKIClient; + + +/** + * This class provides a mechanism to authenticate against + * the appropriate subsystem for the CLI command. + * + * @author Endi S. Dewata + */ +public class ProxyCLI extends CLI { + + CLI module; + String defaultSubsystem; + + public ProxyCLI(CLI module, String defaultSubsystem) { + super(module.getName(), module.getDescription(), module.getParent()); + + this.module = module; + this.defaultSubsystem = defaultSubsystem; + } + + public String getName() { + return module.getName(); + } + + public void setName(String name) { + module.setName(name); + } + + public String getFullName() { + return module.getFullName(); + } + + public String getFullModuleName(String moduleName) { + return module.getFullModuleName(moduleName); + } + + public String getDescription() { + return module.getDescription(); + } + + public void setDescription(String description) { + module.setDescription(description); + } + + public CLI getParent() { + return module.getParent(); + } + + public CLI getModule(String name) { + return module.getModule(name); + } + + public void addModule(CLI module) { + this.module.addModule(module); + } + + public CLI removeModule(String name) { + return module.removeModule(name); + } + + public PKIClient getClient() { + return module.getClient(); + } + + public Object getClient(String name) { + return module.getClient(name); + } + + public void printHelp() { + module.printHelp(); + } + + public void execute(String[] args) throws Exception { + + PKIClient client = module.getParent().getClient(); + AccountClient accountClient = null; + + try { + // login if username or nickname is specified + ClientConfig config = client.getConfig(); + if (config.getUsername() != null || config.getCertNickname() != null) { + + String subsystem = config.getSubsystem(); + if (subsystem == null) subsystem = defaultSubsystem; + + accountClient = new AccountClient(client, subsystem); + accountClient.login(); + } + + module.execute(args); + + } finally { + if (accountClient != null) accountClient.logout(); + } + } +} diff --git a/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java b/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java index a7b414e1d..dba9d9ab3 100644 --- a/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java @@ -63,9 +63,14 @@ public class GroupCLI extends CLI { client = parent.getClient(); groupClient = (GroupClient)parent.getClient("group"); + // if this is a top-level command if (groupClient == null) { - // if parent doesn't have group client then create a new one - groupClient = new GroupClient(client); + // determine the subsystem + String subsystem = client.getSubsystem(); + if (subsystem == null) subsystem = "ca"; + + // create new group client + groupClient = new GroupClient(client, subsystem); } super.execute(args); diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java index bbae43688..e93cc32f0 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java @@ -50,7 +50,13 @@ public class KeyCLI extends CLI { public void execute(String[] args) throws Exception { client = parent.getClient(); - keyClient = new KeyClient(client); + + // determine the subsystem + String subsystem = client.getSubsystem(); + if (subsystem == null) subsystem = "kra"; + + // create new key client + keyClient = new KeyClient(client, subsystem); super.execute(args); } diff --git a/base/java-tools/src/com/netscape/cmstools/profile/ProfileCLI.java b/base/java-tools/src/com/netscape/cmstools/profile/ProfileCLI.java index 7ba472454..775398283 100644 --- a/base/java-tools/src/com/netscape/cmstools/profile/ProfileCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/profile/ProfileCLI.java @@ -49,7 +49,13 @@ public class ProfileCLI extends CLI { public void execute(String[] args) throws Exception { client = parent.getClient(); - profileClient = new ProfileClient(client); + + // determine the subsystem + String subsystem = client.getSubsystem(); + if (subsystem == null) subsystem = "ca"; + + // create new profile client + profileClient = new ProfileClient(client, subsystem); super.execute(args); } diff --git a/base/java-tools/src/com/netscape/cmstools/system/KRAConnectorCLI.java b/base/java-tools/src/com/netscape/cmstools/system/KRAConnectorCLI.java index e45072de1..a59809e26 100644 --- a/base/java-tools/src/com/netscape/cmstools/system/KRAConnectorCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/system/KRAConnectorCLI.java @@ -47,7 +47,13 @@ public class KRAConnectorCLI extends CLI { public void execute(String[] args) throws Exception { client = parent.getClient(); - kraConnectorClient = new KRAConnectorClient(client); + + // determine the subsystem + String subsystem = client.getSubsystem(); + if (subsystem == null) subsystem = "ca"; + + // create new KRA connector client + kraConnectorClient = new KRAConnectorClient(client, subsystem); super.execute(args); } diff --git a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java index b7b54942a..224e215a8 100644 --- a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java @@ -51,7 +51,13 @@ public class SecurityDomainCLI extends CLI { public void execute(String[] args) throws Exception { client = parent.getClient(); - securityDomainClient = new SecurityDomainClient(client); + + // determine the subsystem + String subsystem = client.getSubsystem(); + if (subsystem == null) subsystem = "ca"; + + // create new security domain client + securityDomainClient = new SecurityDomainClient(client, subsystem); super.execute(args); } diff --git a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java index 093e5203a..28c99dd7b 100644 --- a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java @@ -50,11 +50,6 @@ public class TPSConnectorCLI extends CLI { client = parent.getClient(); tpsConnectorClient = (TPSConnectorClient)parent.getClient("tpsconnector"); - if (tpsConnectorClient == null) { - // if parent doesn't have user client then create a new one - tpsConnectorClient = new TPSConnectorClient(client); - } - if (args.length == 0) { printHelp(); System.exit(1); diff --git a/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java b/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java index 74f4df9dd..edbb62cab 100644 --- a/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java @@ -69,9 +69,14 @@ public class UserCLI extends CLI { client = parent.getClient(); userClient = (UserClient)parent.getClient("user"); + // if this is a top-level command if (userClient == null) { - // if parent doesn't have user client then create a new one - userClient = new UserClient(client); + // determine the subsystem + String subsystem = client.getSubsystem(); + if (subsystem == null) subsystem = "ca"; + + // create new user client + userClient = new UserClient(client, subsystem); } super.execute(args); |