diff options
author | Endi S. Dewata <edewata@redhat.com> | 2015-09-27 17:23:48 +0200 |
---|---|---|
committer | Matthew Harmsen <mharmsen@redhat.com> | 2015-10-01 12:46:39 -0600 |
commit | b67a17f29a5a5312847c1188607a7fa7b33e034f (patch) | |
tree | fcb15ec5c451df10c4e23afb478972aea29c124e /base/java-tools | |
parent | 249f975ca6a82ffed3a11af5275fdb595e7ee757 (diff) | |
download | pki-b67a17f29a5a5312847c1188607a7fa7b33e034f.tar.gz pki-b67a17f29a5a5312847c1188607a7fa7b33e034f.tar.xz pki-b67a17f29a5a5312847c1188607a7fa7b33e034f.zip |
Added default subject DN for pki client-cert-request.
The pki client-cert-request CLI has been modified to generate a
default subject DN if it's not specified. The man page has been
updated accordingly.
https://fedorahosted.org/pki/ticket/1463
(cherry picked from commit 3292de07ed01f6230de34120bf9cd1b8d164610a)
Diffstat (limited to 'base/java-tools')
-rw-r--r-- | base/java-tools/man/man1/pki-client.1 | 17 | ||||
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java | 24 |
2 files changed, 29 insertions, 12 deletions
diff --git a/base/java-tools/man/man1/pki-client.1 b/base/java-tools/man/man1/pki-client.1 index 65e618555..da5de7cbf 100644 --- a/base/java-tools/man/man1/pki-client.1 +++ b/base/java-tools/man/man1/pki-client.1 @@ -21,7 +21,7 @@ pki-client \- Command-Line Interface for managing the security database on Certi \fBpki\fR [CLI options] \fBclient\fR \fBpki\fR [CLI options] \fBclient-init\fR [command options] \fBpki\fR [CLI options] \fBclient-cert-find\fR [command options] -\fBpki\fR [CLI options] \fBclient-cert-request\fR <subject DN> [command options] +\fBpki\fR [CLI options] \fBclient-cert-request\fR [subject DN] [command options] \fBpki\fR [CLI options] \fBclient-cert-import\fR [nickname] [command options] \fBpki\fR [CLI options] \fBclient-cert-mod\fR <nickname> [command options] \fBpki\fR [CLI options] \fBclient-cert-show\fR <nickname> [command options] @@ -47,7 +47,7 @@ This command is to create a new security database for the client. This command is to list certificates in the client security database. .RE .PP -\fBpki\fR [CLI options] \fBclient-cert-request\fR <subject DN> [command options] +\fBpki\fR [CLI options] \fBclient-cert-request\fR [subject DN] [command options] .RS 4 This command is to generate and submit a certificate request. .RE @@ -82,13 +82,22 @@ To create a new database execute the following command: .B pki -d <security database location> -c <security database password> client-init -To view certificates in the security database: +To list certificates in the security database: .B pki -d <security database location> -c <security database password> client-cert-find To request a certificate: -.B pki -d <security database location> -c <security database password> client-cert-request <subject DN> +.B pki -d <security database location> -c <security database password> client-cert-request [subject DN] + +The subject DN requirement depends on the certificate profile being requested. +Some profiles may require the user to provide a subject DN in a certain +format. Some other profiles may generate their own subject DN. + +Certain profiles may also require additional authentication. To authenticate, +a username and a password can be specified using the --username and --password +options, respectively. If the subject DN is not specififed the CLI may use the +username to generate a default subject DN "UID=<username>". To import a certificate from a file into the security database: diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java index c08d1562c..938cc4b28 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java @@ -68,7 +68,7 @@ public class ClientCertRequestCLI extends CLI { } public void printHelp() { - formatter.printHelp(getFullName() + " <Subject DN> [OPTIONS...]", options); + formatter.printHelp(getFullName() + " [Subject DN] [OPTIONS...]", options); } public void createOptions() { @@ -151,13 +151,22 @@ public class ClientCertRequestCLI extends CLI { System.exit(-1); } - if (cmdArgs.length < 1) { - System.err.println("Error: Missing subject DN."); - printHelp(); - System.exit(-1); - } + String certRequestUsername = cmd.getOptionValue("username"); + + String subjectDN; - String subjectDN = cmdArgs[0]; + if (cmdArgs.length == 0) { + if (certRequestUsername == null) { + System.err.println("Error: Missing subject DN or request username."); + printHelp(); + System.exit(-1); + } + + subjectDN = "UID=" + certRequestUsername; + + } else { + subjectDN = cmdArgs[0]; + } // pkcs10, crmf String requestType = cmd.getOptionValue("type", "pkcs10"); @@ -316,7 +325,6 @@ public class ClientCertRequestCLI extends CLI { } } - String certRequestUsername = cmd.getOptionValue("username"); if (certRequestUsername != null) { request.setAttribute("uid", certRequestUsername); } |