Added default subject DN for pki client-cert-request.

The pki client-cert-request CLI has been modified to generate a default subject DN if it's not specified. The man page has been updated accordingly. https://fedorahosted.org/pki/ticket/1463 (cherry picked from commit 3292de07ed01f6230de34120bf9cd1b8d164610a)
author: Endi S. Dewata <edewata@redhat.com> 2015-09-27 17:23:48 +0200
committer: Matthew Harmsen <mharmsen@redhat.com> 2015-10-01 12:46:39 -0600
commit: b67a17f29a5a5312847c1188607a7fa7b33e034f (patch)
tree: fcb15ec5c451df10c4e23afb478972aea29c124e /base
parent: 249f975ca6a82ffed3a11af5275fdb595e7ee757 (diff)
download: pki-b67a17f29a5a5312847c1188607a7fa7b33e034f.tar.gz
pki-b67a17f29a5a5312847c1188607a7fa7b33e034f.tar.xz
pki-b67a17f29a5a5312847c1188607a7fa7b33e034f.zip
2 files changed, 29 insertions, 12 deletions
diff --git a/base/java-tools/man/man1/pki-client.1 b/base/java-tools/man/man1/pki-client.1
index 65e618555..da5de7cbf 100644
--- a/base/java-tools/man/man1/pki-client.1
+++ b/base/java-tools/man/man1/pki-client.1
@@ -21,7 +21,7 @@ pki-client \- Command-Line Interface for managing the security database on Certi
 \fBpki\fR [CLI options] \fBclient\fR
 \fBpki\fR [CLI options] \fBclient-init\fR [command options]
 \fBpki\fR [CLI options] \fBclient-cert-find\fR [command options]
-\fBpki\fR [CLI options] \fBclient-cert-request\fR <subject DN> [command options]
+\fBpki\fR [CLI options] \fBclient-cert-request\fR [subject DN] [command options]
 \fBpki\fR [CLI options] \fBclient-cert-import\fR [nickname] [command options]
 \fBpki\fR [CLI options] \fBclient-cert-mod\fR <nickname> [command options]
 \fBpki\fR [CLI options] \fBclient-cert-show\fR <nickname> [command options]
@@ -47,7 +47,7 @@ This command is to create a new security database for the client.
 This command is to list certificates in the client security database.
 .RE
 .PP
-\fBpki\fR [CLI options] \fBclient-cert-request\fR <subject DN> [command options]
+\fBpki\fR [CLI options] \fBclient-cert-request\fR [subject DN] [command options]
 .RS 4
 This command is to generate and submit a certificate request.
 .RE
@@ -82,13 +82,22 @@ To create a new database execute the following command:
 
 .B pki -d <security database location> -c <security database password> client-init
 
-To view certificates in the security database:
+To list certificates in the security database:
 
 .B pki -d <security database location> -c <security database password> client-cert-find
 
 To request a certificate:
 
-.B pki -d <security database location> -c <security database password> client-cert-request <subject DN>
+.B pki -d <security database location> -c <security database password> client-cert-request [subject DN]
+
+The subject DN requirement depends on the certificate profile being requested.
+Some profiles may require the user to provide a subject DN in a certain
+format. Some other profiles may generate their own subject DN.
+
+Certain profiles may also require additional authentication. To authenticate,
+a username and a password can be specified using the --username and --password
+options, respectively. If the subject DN is not specififed the CLI may use the
+username to generate a default subject DN "UID=<username>".
 
 To import a certificate from a file into the security database:
 
diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
index c08d1562c..938cc4b28 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
@@ -68,7 +68,7 @@ public class ClientCertRequestCLI extends CLI {
     }
 
     public void printHelp() {
-        formatter.printHelp(getFullName() + " <Subject DN> [OPTIONS...]", options);
+        formatter.printHelp(getFullName() + " [Subject DN] [OPTIONS...]", options);
     }
 
     public void createOptions() {
@@ -151,13 +151,22 @@ public class ClientCertRequestCLI extends CLI {
             System.exit(-1);
         }
 
-        if (cmdArgs.length < 1) {
-            System.err.println("Error: Missing subject DN.");
-            printHelp();
-            System.exit(-1);
-        }
+        String certRequestUsername = cmd.getOptionValue("username");
+
+        String subjectDN;
 
-        String subjectDN = cmdArgs[0];
+        if (cmdArgs.length == 0) {
+            if (certRequestUsername == null) {
+                System.err.println("Error: Missing subject DN or request username.");
+                printHelp();
+                System.exit(-1);
+            }
+
+            subjectDN = "UID=" + certRequestUsername;
+
+        } else {
+            subjectDN = cmdArgs[0];
+        }
 
         // pkcs10, crmf
         String requestType = cmd.getOptionValue("type", "pkcs10");
@@ -316,7 +325,6 @@ public class ClientCertRequestCLI extends CLI {
             }
         }
 
-        String certRequestUsername = cmd.getOptionValue("username");
         if (certRequestUsername != null) {
             request.setAttribute("uid", certRequestUsername);
         }
author	Endi S. Dewata <edewata@redhat.com>	2015-09-27 17:23:48 +0200
committer	Matthew Harmsen <mharmsen@redhat.com>	2015-10-01 12:46:39 -0600
commit	b67a17f29a5a5312847c1188607a7fa7b33e034f (patch)
tree	fcb15ec5c451df10c4e23afb478972aea29c124e /base
parent	249f975ca6a82ffed3a11af5275fdb595e7ee757 (diff)
download	pki-b67a17f29a5a5312847c1188607a7fa7b33e034f.tar.gz pki-b67a17f29a5a5312847c1188607a7fa7b33e034f.tar.xz pki-b67a17f29a5a5312847c1188607a7fa7b33e034f.zip