Refactored restricted command list in PKI CLI.

The names of restricted commands have been moved into a list for
clarity.

1 files changed, 15 insertions, 5 deletions

diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index caccdafcb..c5f20711a 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -28,6 +28,7 @@ import java.lang.reflect.Field;
 import java.net.InetAddress;
 import java.net.URI;
 import java.net.UnknownHostException;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
 
@@ -62,6 +63,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
  */
 public class MainCLI extends CLI {
 
+    /**
+     * These commands should not be executed after CryptoManager.initialize()
+     * since they may modify the NSS database or execute external commands
+     * using the same NSS database.
+     */
+    public final static Collection<String> RESTRICTED_COMMANDS = Arrays.asList(
+            "client-init",
+            "client-cert-import",
+            "client-cert-mod",
+            "client-cert-request",
+            "client-cert-show"
+    );
+
     public ClientConfig config = new ClientConfig();
 
     public Collection<Integer> rejectedCertStatuses = new HashSet<Integer>();
@@ -522,11 +536,7 @@ public class MainCLI extends CLI {
         // Do not call CryptoManager.initialize() on some commands
         // because otherwise the database will be locked.
         String command = cmdArgs[0];
-        if (!command.equals("client-init") &&
-                !command.equals("client-cert-import") &&
-                !command.equals("client-cert-mod") &&
-                !command.equals("client-cert-request") &&
-                !command.equals("client-cert-show")) {
+        if (!RESTRICTED_COMMANDS.contains(command)) {
             init();
         }