Added client-init command.

A new CLI command has been added to simplify the creation of client
certificate database.

4 files changed, 191 insertions, 87 deletions

diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index 5bf1a7a72..28a2113a8 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -30,6 +30,7 @@ import org.apache.commons.cli.Option;
 import org.apache.commons.cli.Options;
 import org.apache.commons.lang.StringUtils;
 import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.CryptoManager.NotInitializedException;
 import org.mozilla.jss.crypto.CryptoToken;
 import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
 import org.mozilla.jss.util.IncorrectPasswordException;
@@ -152,16 +153,16 @@ public class MainCLI extends CLI {
         option.setArgName("type");
         options.addOption(option);
 
-        option = new Option("d", true, "Certificate database");
+        option = new Option("d", true, "Certificate database location (default: ~/.dogtag/nssdb)");
         option.setArgName("database");
         options.addOption(option);
 
-        option = new Option("n", true, "Certificate nickname");
-        option.setArgName("nickname");
+        option = new Option("c", true, "Certificate database password");
+        option.setArgName("password");
         options.addOption(option);
 
-        option = new Option("c", true, "Certificate password");
-        option.setArgName("password");
+        option = new Option("n", true, "Certificate nickname");
+        option.setArgName("nickname");
         options.addOption(option);
 
         option = new Option("u", true, "Username");
@@ -238,6 +239,19 @@ public class MainCLI extends CLI {
 
         list = cmd.getOptionValue("ignore-cert-status");
         convertCertStatusList(list, ignoredCertStatuses);
+
+        if (config.getCertDatabase() == null) {
+            // Use default certificate database
+            this.certDatabase = new File(
+                    System.getProperty("user.home") + File.separator +
+                    ".dogtag" + File.separator + "nssdb");
+
+        } else {
+            // Use existing certificate database
+            this.certDatabase = new File(config.getCertDatabase());
+        }
+
+        if (verbose) System.out.println("Certificate database: "+this.certDatabase.getAbsolutePath());
     }
 
     public void convertCertStatusList(String list, Collection<Integer> statuses) throws Exception {
@@ -259,35 +273,24 @@ public class MainCLI extends CLI {
 
     public void init() throws Exception {
 
-        if (config.getCertDatabase() == null) {
-            // Create a default certificate database
-            certDatabase = new File(
-                    System.getProperty("user.home") + File.separator +
-                    ".dogtag" + File.separator + "nssdb");
-
-            certDatabase.mkdirs();
-
-        } else {
-            // Use existing certificate database
-            certDatabase = new File(config.getCertDatabase());
-        }
-
-        if (verbose) System.out.println("Certificate database: "+certDatabase.getAbsolutePath());
-
         // Main program should initialize certificate database
-        CryptoManager.initialize(certDatabase.getAbsolutePath());
+        if (certDatabase.exists()) {
+            CryptoManager.initialize(certDatabase.getAbsolutePath());
+        }
 
         // If password is specified, use password to access client database
         if (config.getCertPassword() != null) {
-            CryptoManager manager = CryptoManager.getInstance();
-            CryptoToken token = manager.getInternalKeyStorageToken();
-            Password password = new Password(config.getCertPassword().toCharArray());
-
             try {
+                CryptoManager manager = CryptoManager.getInstance();
+                CryptoToken token = manager.getInternalKeyStorageToken();
+                Password password = new Password(config.getCertPassword().toCharArray());
                 token.login(password);
 
+            } catch (NotInitializedException e) {
+                // The original exception doesn't contain a message.
+                throw new Error("Certificate database not initialized.");
+
             } catch (IncorrectPasswordException e) {
-                System.out.println("Error: "+e.getClass().getSimpleName()+": "+e.getMessage());
                 // The original exception doesn't contain a message.
                 throw new IncorrectPasswordException("Incorrect certificate database password.");
             }
@@ -310,42 +313,57 @@ public class MainCLI extends CLI {
 
     public void execute(String[] args) throws Exception {
 
+        createOptions(options);
+
+        CommandLine cmd;
         try {
-            createOptions(options);
+            cmd = parser.parse(options, args, true);
+        } catch (Exception e) {
+            throw new Error(e.getMessage(), e);
+        }
 
-            CommandLine cmd;
-            try {
-                cmd = parser.parse(options, args, true);
-            } catch (Exception e) {
-                throw new Error(e.getMessage(), e);
-            }
+        String[] cmdArgs = cmd.getArgs();
 
-            String[] cmdArgs = cmd.getArgs();
+        if (cmd.hasOption("version")) {
+            printVersion();
+            System.exit(1);
+        }
 
-            if (cmd.hasOption("version")) {
-                printVersion();
-                System.exit(1);
-            }
+        if (cmdArgs.length == 0 || cmd.hasOption("help")) {
+            printHelp();
+            System.exit(1);
+        }
 
-            if (cmdArgs.length == 0 || cmd.hasOption("help")) {
-                printHelp();
-                System.exit(1);
-            }
+        parseOptions(cmd);
 
-            parseOptions(cmd);
+        if (verbose) {
+            System.out.print("Command:");
+            for (String arg : cmdArgs) {
+                if (arg.contains(" ")) arg = "\""+arg+"\"";
+                System.out.print(" "+arg);
+            }
+            System.out.println();
+        }
 
+        // Do not call CryptoManager.initialize() on client-init
+        // because otherwise the database will be locked.
+        if (!cmdArgs[0].equals("client-init")) {
             init();
+        }
 
-            if (verbose) {
-                System.out.print("Command:");
-                for (String arg : cmdArgs) {
-                    if (arg.contains(" ")) arg = "\""+arg+"\"";
-                    System.out.print(" "+arg);
-                }
-                System.out.println();
-            }
+        super.execute(cmdArgs);
+    }
 
-            super.execute(cmdArgs);
+    public static void printMessage(String message) {
+        System.out.println(StringUtils.repeat("-", message.length()));
+        System.out.println(message);
+        System.out.println(StringUtils.repeat("-", message.length()));
+    }
+
+    public static void main(String args[]) {
+        try {
+            MainCLI cli = new MainCLI();
+            cli.execute(args);
 
         } catch (Throwable t) {
             if (verbose) {
@@ -356,15 +374,4 @@ public class MainCLI extends CLI {
             System.exit(1);
         }
     }
-
-    public static void printMessage(String message) {
-        System.out.println(StringUtils.repeat("-", message.length()));
-        System.out.println(message);
-        System.out.println(StringUtils.repeat("-", message.length()));
-    }
-
-    public static void main(String args[]) throws Exception {
-        MainCLI cli = new MainCLI();
-        cli.execute(args);
-    }
 }
diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCLI.java
index fe0d001ac..11ede895f 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCLI.java
@@ -32,6 +32,7 @@ public class ClientCLI extends CLI {
     public ClientCLI(CLI parent) {
         super("client", "Client management commands", parent);
 
+        addModule(new ClientInitCLI(this));
         addModule(new ClientCertFindCLI(this));
         addModule(new ClientCertImportCLI(this));
         addModule(new ClientCertRemoveCLI(this));
diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java
new file mode 100644
index 000000000..34c9b7792
--- /dev/null
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java
@@ -0,0 +1,119 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2013 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+package com.netscape.cmstools.client;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileWriter;
+import java.io.InputStreamReader;
+import java.io.PrintWriter;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.io.FileUtils;
+
+import com.netscape.cmstools.cli.CLI;
+import com.netscape.cmstools.cli.MainCLI;
+
+/**
+ * @author Endi S. Dewata
+ */
+public class ClientInitCLI extends CLI {
+
+    public ClientInitCLI(ClientCLI clientCLI) {
+        super("init", "Initialize client security database", clientCLI);
+    }
+
+    public void printHelp() {
+        formatter.printHelp(getFullName() + " [OPTIONS]", options);
+    }
+
+    public void execute(String[] args) throws Exception {
+
+        options.addOption(null, "force", false, "Force database initialization.");
+
+        CommandLine cmd = null;
+
+        try {
+            cmd = parser.parse(options, args);
+
+        } catch (Exception e) {
+            System.err.println("Error: " + e.getMessage());
+            printHelp();
+            System.exit(1);
+        }
+
+        MainCLI mainCLI = (MainCLI)parent.getParent();
+
+        if (mainCLI.config.getCertPassword() == null) {
+            System.err.println("Error: Certificate database password is required.");
+            System.exit(1);
+        }
+
+        boolean force = cmd.hasOption("force");
+        File certDatabase = mainCLI.certDatabase;
+
+        if (certDatabase.exists()) {
+
+            if (!force) {
+                System.out.print("Certificate database already exists. Overwrite (y/N)? ");
+                System.out.flush();
+
+                BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
+                String line = reader.readLine().trim();
+
+                if (line.equals("") || !line.substring(0, 1).equalsIgnoreCase("Y")) {
+                    MainCLI.printMessage("Client initialization canceled");
+                    return;
+                }
+            }
+
+            FileUtils.deleteDirectory(certDatabase);
+        }
+
+        certDatabase.mkdirs();
+
+        File passwordFile = new File(certDatabase, "password.txt");
+
+        try {
+            try (PrintWriter out = new PrintWriter(new FileWriter(passwordFile))) {
+                out.println(mainCLI.config.getCertPassword());
+            }
+
+            String[] commands = {
+                    "/usr/bin/certutil", "-N",
+                    "-d", certDatabase.getAbsolutePath(),
+                    "-f", passwordFile.getAbsolutePath()
+            };
+
+            Runtime rt = Runtime.getRuntime();
+            Process p = rt.exec(commands);
+
+            int rc = p.waitFor();
+            if (rc != 0) {
+                MainCLI.printMessage("Client initialization failed");
+                return;
+            }
+
+            MainCLI.printMessage("Client initialized");
+
+        } finally {
+            passwordFile.delete();
+        }
+    }
+}
diff --git a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java
index 28c99dd7b..06527a78f 100644
--- a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java
@@ -17,8 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmstools.system;
 
-import java.util.Arrays;
-
 import org.jboss.resteasy.plugins.providers.atom.Link;
 
 import com.netscape.certsrv.system.TPSConnectorClient;
@@ -50,28 +48,7 @@ public class TPSConnectorCLI extends CLI {
         client = parent.getClient();
         tpsConnectorClient = (TPSConnectorClient)parent.getClient("tpsconnector");
 
-        if (args.length == 0) {
-            printHelp();
-            System.exit(1);
-        }
-
-        String command = args[0];
-        String[] commandArgs = Arrays.copyOfRange(args, 1, args.length);
-
-        if (command == null) {
-            printHelp();
-            System.exit(1);
-        }
-
-        CLI module = getModule(command);
-        if (module != null) {
-            module.execute(commandArgs);
-
-        } else {
-            System.err.println("Error: Invalid command \""+command+"\"");
-            printHelp();
-            System.exit(1);
-        }
+        super.execute(args);
     }
 
     public static void printConnectorInfo(TPSConnectorData data) {