diff options
| author | Endi S. Dewata <edewata@redhat.com> | 2016-06-21 18:39:25 +0200 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-06-29 01:17:05 +0200 |
| commit | 8598a68ac954d1020f4e0063e257a20512961567 (patch) | |
| tree | f17df8bee056c9a2af57387851bed472c97cb7d0 /base/java-tools/src | |
| parent | 66223629c5d8e74be9f5a59734ab091b081435bc (diff) | |
| download | pki-8598a68ac954d1020f4e0063e257a20512961567.tar.gz pki-8598a68ac954d1020f4e0063e257a20512961567.tar.xz pki-8598a68ac954d1020f4e0063e257a20512961567.zip | |
Fixed KRA cloning issue.
The pki pkcs12-import CLI has been modified not to import
certificates that already exist in the NSS database unless
specifically requested with the --overwrite parameter. This
will avoid changing the trust flags of the CA signing
certificate during KRA cloning.
The some other classes have been modified to provide better
debugging information.
https://fedorahosted.org/pki/ticket/2374
Diffstat (limited to 'base/java-tools/src')
| -rw-r--r-- | base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java index ae574d387..862fffb64 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ImportCLI.java @@ -61,6 +61,7 @@ public class PKCS12ImportCLI extends CLI { options.addOption(option); options.addOption(null, "no-trust-flags", false, "Do not include trust flags"); + options.addOption(null, "overwrite", false, "Overwrite existing certificates"); options.addOption("v", "verbose", false, "Run in verbose mode."); options.addOption(null, "debug", false, "Run in debug mode."); @@ -125,6 +126,7 @@ public class PKCS12ImportCLI extends CLI { Password password = new Password(passwordString.toCharArray()); boolean trustFlagsEnabled = !cmd.hasOption("no-trust-flags"); + boolean overwrite = cmd.hasOption("overwrite"); try { PKCS12Util util = new PKCS12Util(); @@ -134,12 +136,12 @@ public class PKCS12ImportCLI extends CLI { if (nicknames.length == 0) { // store all certificates - util.storeIntoNSS(pkcs12); + util.storeIntoNSS(pkcs12, overwrite); } else { // load specified certificates for (String nickname : nicknames) { - util.storeCertIntoNSS(pkcs12, nickname); + util.storeCertIntoNSS(pkcs12, nickname, overwrite); } } |