diff options
author | Endi S. Dewata <edewata@redhat.com> | 2013-11-14 13:16:59 -0500 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2013-11-15 12:40:28 -0500 |
commit | 88b5bfea749ead60c609cab9ee406e09f33e93d6 (patch) | |
tree | 3b8423baaf5ca684540dd95bdd3abca01773ef65 /base/java-tools | |
parent | c73890c7c617732a84d009e117ff7aeab0133053 (diff) | |
download | pki-88b5bfea749ead60c609cab9ee406e09f33e93d6.tar.gz pki-88b5bfea749ead60c609cab9ee406e09f33e93d6.tar.xz pki-88b5bfea749ead60c609cab9ee406e09f33e93d6.zip |
Added client-init command.
A new CLI command has been added to simplify the creation of client
certificate database.
Diffstat (limited to 'base/java-tools')
4 files changed, 191 insertions, 87 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index 5bf1a7a72..28a2113a8 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -30,6 +30,7 @@ import org.apache.commons.cli.Option; import org.apache.commons.cli.Options; import org.apache.commons.lang.StringUtils; import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.CryptoManager.NotInitializedException; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; import org.mozilla.jss.util.IncorrectPasswordException; @@ -152,16 +153,16 @@ public class MainCLI extends CLI { option.setArgName("type"); options.addOption(option); - option = new Option("d", true, "Certificate database"); + option = new Option("d", true, "Certificate database location (default: ~/.dogtag/nssdb)"); option.setArgName("database"); options.addOption(option); - option = new Option("n", true, "Certificate nickname"); - option.setArgName("nickname"); + option = new Option("c", true, "Certificate database password"); + option.setArgName("password"); options.addOption(option); - option = new Option("c", true, "Certificate password"); - option.setArgName("password"); + option = new Option("n", true, "Certificate nickname"); + option.setArgName("nickname"); options.addOption(option); option = new Option("u", true, "Username"); @@ -238,6 +239,19 @@ public class MainCLI extends CLI { list = cmd.getOptionValue("ignore-cert-status"); convertCertStatusList(list, ignoredCertStatuses); + + if (config.getCertDatabase() == null) { + // Use default certificate database + this.certDatabase = new File( + System.getProperty("user.home") + File.separator + + ".dogtag" + File.separator + "nssdb"); + + } else { + // Use existing certificate database + this.certDatabase = new File(config.getCertDatabase()); + } + + if (verbose) System.out.println("Certificate database: "+this.certDatabase.getAbsolutePath()); } public void convertCertStatusList(String list, Collection<Integer> statuses) throws Exception { @@ -259,35 +273,24 @@ public class MainCLI extends CLI { public void init() throws Exception { - if (config.getCertDatabase() == null) { - // Create a default certificate database - certDatabase = new File( - System.getProperty("user.home") + File.separator + - ".dogtag" + File.separator + "nssdb"); - - certDatabase.mkdirs(); - - } else { - // Use existing certificate database - certDatabase = new File(config.getCertDatabase()); - } - - if (verbose) System.out.println("Certificate database: "+certDatabase.getAbsolutePath()); - // Main program should initialize certificate database - CryptoManager.initialize(certDatabase.getAbsolutePath()); + if (certDatabase.exists()) { + CryptoManager.initialize(certDatabase.getAbsolutePath()); + } // If password is specified, use password to access client database if (config.getCertPassword() != null) { - CryptoManager manager = CryptoManager.getInstance(); - CryptoToken token = manager.getInternalKeyStorageToken(); - Password password = new Password(config.getCertPassword().toCharArray()); - try { + CryptoManager manager = CryptoManager.getInstance(); + CryptoToken token = manager.getInternalKeyStorageToken(); + Password password = new Password(config.getCertPassword().toCharArray()); token.login(password); + } catch (NotInitializedException e) { + // The original exception doesn't contain a message. + throw new Error("Certificate database not initialized."); + } catch (IncorrectPasswordException e) { - System.out.println("Error: "+e.getClass().getSimpleName()+": "+e.getMessage()); // The original exception doesn't contain a message. throw new IncorrectPasswordException("Incorrect certificate database password."); } @@ -310,42 +313,57 @@ public class MainCLI extends CLI { public void execute(String[] args) throws Exception { + createOptions(options); + + CommandLine cmd; try { - createOptions(options); + cmd = parser.parse(options, args, true); + } catch (Exception e) { + throw new Error(e.getMessage(), e); + } - CommandLine cmd; - try { - cmd = parser.parse(options, args, true); - } catch (Exception e) { - throw new Error(e.getMessage(), e); - } + String[] cmdArgs = cmd.getArgs(); - String[] cmdArgs = cmd.getArgs(); + if (cmd.hasOption("version")) { + printVersion(); + System.exit(1); + } - if (cmd.hasOption("version")) { - printVersion(); - System.exit(1); - } + if (cmdArgs.length == 0 || cmd.hasOption("help")) { + printHelp(); + System.exit(1); + } - if (cmdArgs.length == 0 || cmd.hasOption("help")) { - printHelp(); - System.exit(1); - } + parseOptions(cmd); - parseOptions(cmd); + if (verbose) { + System.out.print("Command:"); + for (String arg : cmdArgs) { + if (arg.contains(" ")) arg = "\""+arg+"\""; + System.out.print(" "+arg); + } + System.out.println(); + } + // Do not call CryptoManager.initialize() on client-init + // because otherwise the database will be locked. + if (!cmdArgs[0].equals("client-init")) { init(); + } - if (verbose) { - System.out.print("Command:"); - for (String arg : cmdArgs) { - if (arg.contains(" ")) arg = "\""+arg+"\""; - System.out.print(" "+arg); - } - System.out.println(); - } + super.execute(cmdArgs); + } - super.execute(cmdArgs); + public static void printMessage(String message) { + System.out.println(StringUtils.repeat("-", message.length())); + System.out.println(message); + System.out.println(StringUtils.repeat("-", message.length())); + } + + public static void main(String args[]) { + try { + MainCLI cli = new MainCLI(); + cli.execute(args); } catch (Throwable t) { if (verbose) { @@ -356,15 +374,4 @@ public class MainCLI extends CLI { System.exit(1); } } - - public static void printMessage(String message) { - System.out.println(StringUtils.repeat("-", message.length())); - System.out.println(message); - System.out.println(StringUtils.repeat("-", message.length())); - } - - public static void main(String args[]) throws Exception { - MainCLI cli = new MainCLI(); - cli.execute(args); - } } diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCLI.java index fe0d001ac..11ede895f 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCLI.java @@ -32,6 +32,7 @@ public class ClientCLI extends CLI { public ClientCLI(CLI parent) { super("client", "Client management commands", parent); + addModule(new ClientInitCLI(this)); addModule(new ClientCertFindCLI(this)); addModule(new ClientCertImportCLI(this)); addModule(new ClientCertRemoveCLI(this)); diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java new file mode 100644 index 000000000..34c9b7792 --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java @@ -0,0 +1,119 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2013 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cmstools.client; + +import java.io.BufferedReader; +import java.io.File; +import java.io.FileWriter; +import java.io.InputStreamReader; +import java.io.PrintWriter; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.io.FileUtils; + +import com.netscape.cmstools.cli.CLI; +import com.netscape.cmstools.cli.MainCLI; + +/** + * @author Endi S. Dewata + */ +public class ClientInitCLI extends CLI { + + public ClientInitCLI(ClientCLI clientCLI) { + super("init", "Initialize client security database", clientCLI); + } + + public void printHelp() { + formatter.printHelp(getFullName() + " [OPTIONS]", options); + } + + public void execute(String[] args) throws Exception { + + options.addOption(null, "force", false, "Force database initialization."); + + CommandLine cmd = null; + + try { + cmd = parser.parse(options, args); + + } catch (Exception e) { + System.err.println("Error: " + e.getMessage()); + printHelp(); + System.exit(1); + } + + MainCLI mainCLI = (MainCLI)parent.getParent(); + + if (mainCLI.config.getCertPassword() == null) { + System.err.println("Error: Certificate database password is required."); + System.exit(1); + } + + boolean force = cmd.hasOption("force"); + File certDatabase = mainCLI.certDatabase; + + if (certDatabase.exists()) { + + if (!force) { + System.out.print("Certificate database already exists. Overwrite (y/N)? "); + System.out.flush(); + + BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); + String line = reader.readLine().trim(); + + if (line.equals("") || !line.substring(0, 1).equalsIgnoreCase("Y")) { + MainCLI.printMessage("Client initialization canceled"); + return; + } + } + + FileUtils.deleteDirectory(certDatabase); + } + + certDatabase.mkdirs(); + + File passwordFile = new File(certDatabase, "password.txt"); + + try { + try (PrintWriter out = new PrintWriter(new FileWriter(passwordFile))) { + out.println(mainCLI.config.getCertPassword()); + } + + String[] commands = { + "/usr/bin/certutil", "-N", + "-d", certDatabase.getAbsolutePath(), + "-f", passwordFile.getAbsolutePath() + }; + + Runtime rt = Runtime.getRuntime(); + Process p = rt.exec(commands); + + int rc = p.waitFor(); + if (rc != 0) { + MainCLI.printMessage("Client initialization failed"); + return; + } + + MainCLI.printMessage("Client initialized"); + + } finally { + passwordFile.delete(); + } + } +} diff --git a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java index 28c99dd7b..06527a78f 100644 --- a/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/system/TPSConnectorCLI.java @@ -17,8 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools.system; -import java.util.Arrays; - import org.jboss.resteasy.plugins.providers.atom.Link; import com.netscape.certsrv.system.TPSConnectorClient; @@ -50,28 +48,7 @@ public class TPSConnectorCLI extends CLI { client = parent.getClient(); tpsConnectorClient = (TPSConnectorClient)parent.getClient("tpsconnector"); - if (args.length == 0) { - printHelp(); - System.exit(1); - } - - String command = args[0]; - String[] commandArgs = Arrays.copyOfRange(args, 1, args.length); - - if (command == null) { - printHelp(); - System.exit(1); - } - - CLI module = getModule(command); - if (module != null) { - module.execute(commandArgs); - - } else { - System.err.println("Error: Invalid command \""+command+"\""); - printHelp(); - System.exit(1); - } + super.execute(args); } public static void printConnectorInfo(TPSConnectorData data) { |