diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2013-04-25 17:06:04 -0400 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2013-04-26 12:01:14 -0400 |
commit | 4fc145d2144d94e67188509d1b284e4c5eb95905 (patch) | |
tree | bc0399d3598423eee203140b94dcae8cae71e70d /base | |
parent | 139e45a55ecc9af28b0f5c2e56c400c9171d147f (diff) | |
download | pki-4fc145d2144d94e67188509d1b284e4c5eb95905.tar.gz pki-4fc145d2144d94e67188509d1b284e4c5eb95905.tar.xz pki-4fc145d2144d94e67188509d1b284e4c5eb95905.zip |
Added method to download CA cert chain from admin interface.
A new method has been added to the PKIClient to download the CA
certificate chain from an alternative location including the admin
interface.
Ticket #491
Diffstat (limited to 'base')
3 files changed, 27 insertions, 14 deletions
diff --git a/base/common/src/com/netscape/certsrv/client/PKIClient.java b/base/common/src/com/netscape/certsrv/client/PKIClient.java index 00b71694b..bd0d58c88 100644 --- a/base/common/src/com/netscape/certsrv/client/PKIClient.java +++ b/base/common/src/com/netscape/certsrv/client/PKIClient.java @@ -1,7 +1,6 @@ package com.netscape.certsrv.client; import java.io.IOException; -import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import java.security.cert.CertificateEncodingException; @@ -77,10 +76,16 @@ public class PKIClient { return manager.getCACerts(); } - public byte[] downloadCACertChain(URI caServerURI) + public byte[] downloadCACertChain(String serverURI) throws ParserConfigurationException, SAXException, IOException { + return downloadCACertChain(serverURI, "/ee/ca/getCertChain"); + } + + public byte[] downloadCACertChain(String uri, String servletPath) throws ParserConfigurationException, SAXException, IOException { - URL url = new URL(caServerURI+"/ee/ca/getCertChain"); + URL url = new URL(uri + servletPath); + + if (verbose) System.out.println("Retrieving CA certificate chain from " + url + "."); DocumentBuilderFactory documentFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder documentBuilder = documentFactory.newDocumentBuilder(); diff --git a/base/common/src/com/netscape/certsrv/client/PKIConnection.java b/base/common/src/com/netscape/certsrv/client/PKIConnection.java index c86fd3ade..940575b87 100644 --- a/base/common/src/com/netscape/certsrv/client/PKIConnection.java +++ b/base/common/src/com/netscape/certsrv/client/PKIConnection.java @@ -347,7 +347,7 @@ public class PKIConnection { } if (client.verbose) System.out.println("Downloading CA certificate chain from " + caServerURI + "."); - byte[] bytes = client.downloadCACertChain(new URI(caServerURI)); + byte[] bytes = client.downloadCACertChain(caServerURI); if (client.verbose) System.out.println("Importing CA certificate chain."); client.importCACertPackage(bytes); diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientImportCertCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientImportCertCLI.java index ed7309b1a..e89f954bb 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientImportCertCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientImportCertCLI.java @@ -19,7 +19,6 @@ package com.netscape.cmstools.client; import java.io.File; -import java.net.URI; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; @@ -74,31 +73,30 @@ public class ClientImportCertCLI extends CLI { String certPath = cmd.getOptionValue("cert"); String caCertPath = cmd.getOptionValue("ca-cert"); - boolean importCACert = cmd.hasOption("ca-server"); + boolean importFromCAServer = cmd.hasOption("ca-server"); + boolean isCACert = false; + + // load the certificate if (certPath != null) { if (verbose) System.out.println("Loading certificate from " + certPath + "."); bytes = FileUtils.readFileToByteArray(new File(certPath)); - if (verbose) System.out.println("Importing certificate."); - cert = parent.parent.client.importCertPackage(bytes, parent.parent.client.config.getCertNickname()); } else if (caCertPath != null) { if (verbose) System.out.println("Loading CA certificate from " + caCertPath + "."); bytes = FileUtils.readFileToByteArray(new File(caCertPath)); - if (verbose) System.out.println("Importing CA certificate."); - cert = parent.parent.client.importCACertPackage(bytes); + isCACert = true; - } else if (importCACert) { + } else if (importFromCAServer) { ClientConfig config = parent.parent.config; String caServerURI = "http://" + config.getServerURI().getHost() + ":8080/ca"; if (verbose) System.out.println("Downloading CA certificate from " + caServerURI + "."); - bytes = parent.parent.client.downloadCACertChain(new URI(caServerURI)); + bytes = parent.parent.client.downloadCACertChain(caServerURI); - if (verbose) System.out.println("Importing CA certificate."); - cert = parent.parent.client.importCACertPackage(bytes); + isCACert = true; } else { System.err.println("Error: Missing certificate to import"); @@ -106,6 +104,16 @@ public class ClientImportCertCLI extends CLI { System.exit(1); } + // import the certificate + if (isCACert) { + if (verbose) System.out.println("Importing CA certificate."); + cert = parent.parent.client.importCACertPackage(bytes); + + } else { + if (verbose) System.out.println("Importing certificate."); + cert = parent.parent.client.importCertPackage(bytes, parent.parent.client.config.getCertNickname()); + } + MainCLI.printMessage("Imported certificate \"" + cert.getNickname() + "\""); ClientCLI.printCertInfo(cert); } |