Bugzilla BZ717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2041 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-07-05 20:49:44 +0000
committer: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-07-05 20:49:44 +0000
commit: b85caf78b618b289a6040ee0eec95f8c605c8344 (patch)
tree: 7b2cb1cf10d538c6065517d3bd67dd1dd12fd03b /pki
parent: add066d6c0e5a800d39646839278eb5d1e6e2030 (diff)
download: pki-b85caf78b618b289a6040ee0eec95f8c605c8344.tar.gz
pki-b85caf78b618b289a6040ee0eec95f8c605c8344.tar.xz
pki-b85caf78b618b289a6040ee0eec95f8c605c8344.zip
11 files changed, 37 insertions, 34 deletions
diff --git a/pki/base/native-tools/src/sslget/sslget.c b/pki/base/native-tools/src/sslget/sslget.c
index 64b479b3f..f08b4cd93 100644
--- a/pki/base/native-tools/src/sslget/sslget.c
+++ b/pki/base/native-tools/src/sslget/sslget.c
@@ -137,7 +137,7 @@ static void
 Usage(const char *progName)
 {
     fprintf(stderr, 
-    	"Usage: %s -n nickname [-p password | -w pwfile ] [-d dbdir] \n"
+    	"Usage: %s [-n nickname] [-p password | -w pwfile ] [-d dbdir] \n"
 	"          [-e post] [-v] [-V] -r url hostname[:port]\n"
     "     -n  : nickname or hsm:nickname\n"
     "     -v  : verbose\n"
@@ -580,9 +580,11 @@ client_main(
 
     SSL_BadCertHook(model_sock, myBadCertHandler, NULL);
 
-    SSL_GetClientAuthDataHook(model_sock, 
+    if( nickName) {
+    	SSL_GetClientAuthDataHook(model_sock, 
                               (SSLGetClientAuthData)my_GetClientAuthData, 
                               nickName);
+    }
 
     /* I'm not going to set the HandshakeCallback function. */
 
@@ -723,8 +725,8 @@ main(int argc, char **argv)
      	port = (unsigned short)tmpI;
     }
 
-    if (!nickName || !url) {
-	fprintf( stderr, "ERROR:  Invalid nickname or url!\n" );
+    if ( !url) {
+	fprintf( stderr, "ERROR:  Invalid url!\n" );
 	Usage(progName);
     }
 
@@ -757,19 +759,20 @@ main(int argc, char **argv)
 	exit(1);
     }
 
-    cert[kt_rsa] = PK11_FindCertFromNickname(nickName, passwd);
-    if (cert[kt_rsa] == NULL) {
-	fprintf(stderr, "Can't find certificate %s\n", nickName);
-	exit(1);
-    }
-
-    privKey[kt_rsa] = PK11_FindKeyByAnyCert(cert[kt_rsa], passwd);
-    if (privKey[kt_rsa] == NULL) {
-	fprintf(stderr, "Can't find Private Key for cert %s (possibly incorrect password)\n", nickName);
-	exit(1);
+    if(nickName) {
+    	cert[kt_rsa] = PK11_FindCertFromNickname(nickName, passwd);
+    	if (cert[kt_rsa] == NULL) {
+		fprintf(stderr, "Can't find certificate %s\n", nickName);
+		exit(1);
+    	}
+    
+    	privKey[kt_rsa] = PK11_FindKeyByAnyCert(cert[kt_rsa], passwd);
+    	if (privKey[kt_rsa] == NULL) {
+		fprintf(stderr, "Can't find Private Key for cert %s (possibly incorrect password)\n", nickName);
+		exit(1);
+    	}
     }
 
-
     client_main(port, connections, privKey, cert, hostName, nickName);
 
     NSS_Shutdown();
diff --git a/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm b/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
index c8f2e43fd..4cc65e5cf 100755
--- a/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
@@ -227,7 +227,7 @@ sub get_domain_xml
 
     my $sd_host = $::config->get("securitydomain.host");
     my $sd_admin_port = $::config->get("securitydomain.httpsadminport");
-    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
 
     $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
     $content = $1;
diff --git a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
index 7789aaaba..dd991a917 100755
--- a/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm
@@ -147,7 +147,7 @@ sub display
     my $sd_host = $url_info->host;
     my $sd_admin_port = $url_info->port;
     my $nickname = $::config->get("preop.cert.sslserver.nickname");
-    my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getCertChain\" $sd_host:$sd_admin_port`;
+    my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getCertChain\" $sd_host:$sd_admin_port`;
 
     my $caCert = "";
     if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) {
@@ -216,7 +216,7 @@ sub get_domain_xml
 
     my $sd_host = $sdom_info->host;
     my $sd_admin_port = $sdom_info->port;
-    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
 
     $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
     $content = $1;
diff --git a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm
index 99a2e1798..4a32a8270 100755
--- a/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/DonePanel.pm
@@ -206,9 +206,9 @@ sub get_kra_transport_cert
     my $port = $krainfo_url->port;
     my $tmpfile = "/tmp/donepanel-$$";
     if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
-        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
     } else {
-        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
     }
     my $content = `cat $tmpfile`;
     system("rm $tmpfile");
@@ -264,9 +264,9 @@ sub send_kra_transport_cert
     my $port = $tksinfo_url->port;
     my $tmpfile = "/tmp/donepanel-$$";
     if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
-        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
     } else {
-        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
     }
 
     my $content = `cat $tmpfile`;
diff --git a/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm b/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
index ea05a8ccd..9f9bef94a 100755
--- a/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm
@@ -109,7 +109,7 @@ sub update
     my $nickname = $::config->get("preop.cert.sslserver.nickname");
     my $sd_host = $sdom_info->host;
     my $sd_admin_port = $sdom_info->port;
-    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
     $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
     $content = $1; 
     &PKI::RA::Wizard::debug_log($content);
diff --git a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm b/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
index 8094fabd5..114b19ef0 100755
--- a/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm
@@ -80,7 +80,7 @@ sub pingCS
     my( $hostname ) = $_[3];
     my( $port ) = $_[4];
 
-    my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -n \"$nickname\" -r "/ca/admin/ca/getStatus" $hostname:$port`;
+    my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -r "/ca/admin/ca/getStatus" $hostname:$port`;
     if( "$content" eq "" ) {
         return 0;
     } else {
diff --git a/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
index 2b9fc1861..27d0a0048 100755
--- a/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
+++ b/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
@@ -247,7 +247,7 @@ sub get_domain_xml
 
     my $sd_host = $::config->get("securitydomain.host");
     my $sd_admin_port = $::config->get("securitydomain.httpsadminport");
-    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
 
     $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
     $content = $1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
index 91e07ed2b..68b64a4b5 100755
--- a/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
+++ b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
@@ -148,7 +148,7 @@ sub display
     my $sd_host = $url_info->host;
     my $sd_admin_port = $url_info->port;
     my $nickname = $::config->get("preop.cert.sslserver.nickname");
-    my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getCertChain\" $sd_host:$sd_admin_port`;
+    my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getCertChain\" $sd_host:$sd_admin_port`;
 
     my $caCert = "";
     if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) {
@@ -217,7 +217,7 @@ sub get_domain_xml
 
     my $sd_host = $sdom_info->host;
     my $sd_admin_port = $sdom_info->port;
-    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
 
     $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
     $content = $1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm
index 6166b54cc..3d897fca9 100755
--- a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm
+++ b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm
@@ -210,9 +210,9 @@ sub get_kra_transport_cert
     my $port = $krainfo_url->port;
     my $tmpfile = "/tmp/donepanel-$$";
     if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
-        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
     } else {
-        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
     }
     my $content = `cat $tmpfile`;
     system("rm $tmpfile");
@@ -268,9 +268,9 @@ sub send_kra_transport_cert
     my $port = $tksinfo_url->port;
     my $tmpfile = "/tmp/donepanel-$$";
     if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
-        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
     } else {
-        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
     }
 
     my $content = `cat $tmpfile`;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
index 8a53edab4..dfec6ea80 100755
--- a/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
+++ b/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
@@ -119,9 +119,9 @@ sub update
     my $sd_admin_port = $sdom_info->port;
     my $content;
     if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
-        $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+        $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
     } else {
-        $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+        $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
     }
     $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
     $content = $1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
index 123e95b41..5301d1369 100755
--- a/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
+++ b/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
@@ -79,7 +79,7 @@ sub pingCS
     my( $hostname ) = $_[3];
     my( $port ) = $_[4];
 
-    my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -n \"$nickname\" -r "/ca/admin/ca/getStatus" $hostname:$port`;
+    my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -r "/ca/admin/ca/getStatus" $hostname:$port`;
     if( "$content" eq "" ) {
         return 0;
     } else {
author	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-07-05 20:49:44 +0000
committer	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-07-05 20:49:44 +0000
commit	b85caf78b618b289a6040ee0eec95f8c605c8344 (patch)
tree	7b2cb1cf10d538c6065517d3bd67dd1dd12fd03b /pki
parent	add066d6c0e5a800d39646839278eb5d1e6e2030 (diff)
download	pki-b85caf78b618b289a6040ee0eec95f8c605c8344.tar.gz pki-b85caf78b618b289a6040ee0eec95f8c605c8344.tar.xz pki-b85caf78b618b289a6040ee0eec95f8c605c8344.zip