diff options
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java | 21 | ||||
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java | 10 |
2 files changed, 16 insertions, 15 deletions
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index 77245ec53..4d63d9bc1 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -330,9 +330,14 @@ public class MainCLI extends CLI { } } - // store security database path - if (certDatabase != null) + if (certDatabase != null) { + // store user-provided security database location config.setCertDatabase(new File(certDatabase).getAbsolutePath()); + } else { + // store default security database location + config.setCertDatabase(System.getProperty("user.home") + + File.separator + ".dogtag" + File.separator + "nssdb"); + } // store token name config.setTokenName(tokenName); @@ -395,17 +400,7 @@ public class MainCLI extends CLI { list = cmd.getOptionValue("ignore-cert-status"); convertCertStatusList(list, ignoredCertStatuses); - if (config.getCertDatabase() == null) { - // Use default client security database - this.certDatabase = new File( - System.getProperty("user.home") + File.separator + - ".dogtag" + File.separator + "nssdb"); - - } else { - // Use existing client security database - this.certDatabase = new File(config.getCertDatabase()); - } - + this.certDatabase = new File(config.getCertDatabase()); if (verbose) System.out.println("Client security database: "+this.certDatabase.getAbsolutePath()); String messageFormat = cmd.getOptionValue("message-format"); diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java index d83bcf2fc..f242ece14 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java @@ -81,14 +81,20 @@ public class KeyCLI extends CLI { // create new key client keyClient = new KeyClient(client, subsystem); - if (client.getConfig().getCertDatabase() != null && client.getConfig().getCertPassword() != null) { + + // if security database password is specified, + // prepare key client for archival/retrieval + if (client.getConfig().getCertPassword() != null) { + // create crypto provider for key client keyClient.setCrypto(new NSSCryptoProvider(client.getConfig())); - // Set the transport cert for crypto operations + // download transport cert systemCertClient = new SystemCertClient(client, subsystem); String transportCert = systemCertClient.getTransportCert().getEncoded(); transportCert = transportCert.substring(CertData.HEADER.length(), transportCert.indexOf(CertData.FOOTER)); + + // set transport cert for key client keyClient.setTransportCert(transportCert); } |