diff options
-rw-r--r-- | base/java-tools/man/man1/pki-ca-profile.1 | 54 | ||||
-rw-r--r-- | base/java-tools/man/man1/pki-tps-profile.1 | 152 | ||||
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/tps/profile/ProfileCLI.java | 5 | ||||
-rw-r--r-- | base/java-tools/src/com/netscape/cmstools/tps/profile/ProfileModifyCLI.java | 2 | ||||
-rw-r--r-- | base/tps/man/man5/pki-tps-profile.5 | 3 | ||||
-rw-r--r-- | specs/pki-core.spec | 1 |
6 files changed, 189 insertions, 28 deletions
diff --git a/base/java-tools/man/man1/pki-ca-profile.1 b/base/java-tools/man/man1/pki-ca-profile.1 index 851e7d7e3..74b9b51b8 100644 --- a/base/java-tools/man/man1/pki-ca-profile.1 +++ b/base/java-tools/man/man1/pki-ca-profile.1 @@ -1,7 +1,7 @@ .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) -.TH pki-profile 1 "Sep 30, 2014" "version 10.2" "PKI Profile Management Commands" Dogtag Team +.TH pki-ca-profile 1 "Sep 30, 2014" "version 10.2" "PKI CA Profile Management Commands" Dogtag Team .\" Please adjust this date whenever revising the man page. .\" .\" Some roff macros, for reference: @@ -15,18 +15,18 @@ .\" .sp <n> insert n+1 empty lines .\" for man page specific macros, see man(7) .SH NAME -pki-profile \- Command-Line Interface for managing Certificate System profiles. +pki-profile \- Command-Line Interface for managing Certificate System CA profiles. .SH SYNOPSIS .nf \fBpki\fR [CLI options] \fBca-profile\fR \fBpki\fR [CLI options] \fBca-profile-find\fR [command options] -\fBpki\fR [CLI options] \fBca-profile-show <Profile ID> \fR [command options] -\fBpki\fR [CLI options] \fBca-profile-add <Input file path> \fR [command options] -\fBpki\fR [CLI options] \fBca-profile-mod <Input file path> \fR [command options] -\fBpki\fR [CLI options] \fBca-profile-del <Profile ID> \fR [command options] -\fBpki\fR [CLI options] \fBca-profile-enable <Profile ID> \fR [command options] -\fBpki\fR [CLI options] \fBca-profile-disable <Profile ID> \fR [command options] +\fBpki\fR [CLI options] \fBca-profile-show <profile ID>\fR [command options] +\fBpki\fR [CLI options] \fBca-profile-add <input file path>\fR [command options] +\fBpki\fR [CLI options] \fBca-profile-mod <input file path>\fR [command options] +\fBpki\fR [CLI options] \fBca-profile-del <profile ID>\fR [command options] +\fBpki\fR [CLI options] \fBca-profile-enable <profile ID>\fR [command options] +\fBpki\fR [CLI options] \fBca-profile-disable <profile ID>\fR [command options] .fi .SH DESCRIPTION @@ -39,35 +39,36 @@ The \fBpki ca-profile\fR commands provide command-line interfaces to manage prof This command is to list the profiles. .RE .PP -\fBpki\fR [CLI options] \fBca-profile-show <Profile ID>\fR [command options] +\fBpki\fR [CLI options] \fBca-profile-show <profile ID>\fR [command options] .RS 4 This command is to view the details of a profile. .RE .PP -\fBpki\fR [CLI options] \fBca-profile-add\fR <Input file path> [command options] +\fBpki\fR [CLI options] \fBca-profile-add <input file path>\fR [command options] .RS 4 This command is to create a new profile. .RE .PP -\fBpki\fR [CLI options] \fBca-profile-mod <Input file path> \fR [command options] +\fBpki\fR [CLI options] \fBca-profile-mod <input file path>\fR [command options] .RS 4 This command is to modify an existing profile. .RE .PP -\fBpki\fR [CLI options] \fBca-profile-del\fR <Profile ID> [command options] +\fBpki\fR [CLI options] \fBca-profile-del <profile ID>\fR [command options] .RS 4 This command is to delete a profile. .RE .PP -\fBpki\fR [CLI options] \fBca-profile-enable\fR <Profile ID> [command options] +\fBpki\fR [CLI options] \fBca-profile-enable <profile ID>\fR [command options] .RS 4 This command is to enable a profile. .RE .PP -\fBpki\fR [CLI options] \fBca-profile-disable\fR <Profile ID> [command options] +\fBpki\fR [CLI options] \fBca-profile-disable <profile ID>\fR [command options] .RS 4 This command is to disable a profile. .RE + .SH OPTIONS The CLI options are described in \fBpki\fR(1). @@ -75,24 +76,24 @@ The CLI options are described in \fBpki\fR(1). To view available profile commands, type \fBpki ca-profile\fP. To view each command's usage, type \fB pki ca-profile-<command> \-\-help\fP. -All the ca-profile commands require agent authentication. +All the ca-profile commands require CA agent authentication. .SS Viewing the profiles -.B pki <agent authentication> ca-profile-find +.B pki <CA agent authentication> ca-profile-find -The \fBstart\fR and \fBsize\fR options can be used to specify the beginning and the size of the list. +The results can be paged using the \fB--start\fR and \fB--size\fR options described in \fBpki\fR(1). To view the contents of a profile: A set of profile inputs, profile outputs, authenticators, policies and constraints are defined in a profile. These contents can be viewed using the following command: -.B pki <agent authentication> ca-profile-show <Profile ID> +.B pki <CA agent authentication> ca-profile-show <profile ID> To store the output of the above operation, the output option must be specified. -.B pki <agent authentication> ca-profile-show <Profile ID> --output <FILE_PATH> +.B pki <CA agent authentication> ca-profile-show <profile ID> --output <file path> This output file can be used for modifying the profile. It can be used as a template for certificate enrollment as well but, a more suitable template can be fetched using the \fBpki cert-request-profile-show\fR command. @@ -100,35 +101,35 @@ The \fBpki cert-request-profile-show\fR command does not require an agent/admini .SS Add/Modify/Delete a profile -.B pki <admin authentication> ca-profile-add <Input file path> +.B pki <CA admin authentication> ca-profile-add <input file path> -The contents of the input file must be in an XML format returned by the profile-show command. +The contents of the input file must be in an XML format returned by the ca-profile-show command. This data will be marshaled by the CLI client to create a new profile in the CA. The profile must be disabled before it is modified. It must be enabled after modification to be used for certificate enrollment. To modify an existing profile: -.B pki <admin authentication> ca-profile-mod <Input file path> +.B pki <CA admin authentication> ca-profile-mod <input file path> -The profile data can be retrieved using the profile-show command and after editing the file, +The profile data can be retrieved using the ca-profile-show command and after editing the file, it can be provided to the profile-mod command to modify an existing profile. To delete a profile in the CA: -.B pki <admin authentication> ca-profile-del <Profile ID> +.B pki <CA admin authentication> ca-profile-del <profile ID> .SS Enabling/Disabling a profile in the CA To enable a profile in the CA: -.B pki <agent authenticaton> ca-profile-enable <Profile ID> +.B pki <CA agent authenticaton> ca-profile-enable <profile ID> A profile must be enabled before it can be used. To disable a profile in the CA: -.B pki <agent authentication> ca-profile-disable <Profile ID> +.B pki <CA agent authentication> ca-profile-disable <profile ID> A profile must be disabled before it can be modified. @@ -144,5 +145,4 @@ Abhishek Koneru <akoneru@redhat.com>. Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. .SH SEE ALSO -.BR pkispawn(8), .BR pki(1) diff --git a/base/java-tools/man/man1/pki-tps-profile.1 b/base/java-tools/man/man1/pki-tps-profile.1 new file mode 100644 index 000000000..2a524b4b4 --- /dev/null +++ b/base/java-tools/man/man1/pki-tps-profile.1 @@ -0,0 +1,152 @@ +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH pki-tps-profile 1 "Jul 14, 2015" "version 10.2" "PKI TPS Profile Management Commands" Dogtag Team +.\" Please adjust this date whenever revising the man page. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp <n> insert n+1 empty lines +.\" for man page specific macros, see man(7) +.SH NAME +pki-tps-profile \- Command-Line Interface for managing Certificate System TPS profiles. + +.SH SYNOPSIS +.nf +\fBpki\fR [CLI options] \fBtps-profile\fR +\fBpki\fR [CLI options] \fBtps-profile-find\fR [command options] +\fBpki\fR [CLI options] \fBtps-profile-show <profile ID>\fR [command options] +\fBpki\fR [CLI options] \fBtps-profile-add --input <file path>\fR [command options] +\fBpki\fR [CLI options] \fBtps-profile-mod <profile ID>\ --action <action>\fR [command options] +\fBpki\fR [CLI options] \fBtps-profile-mod <profile ID>\ --input <file path>\fR [command options] +\fBpki\fR [CLI options] \fBtps-profile-del <profile ID>\fR [command options] +.fi + +.SH DESCRIPTION +.PP +The \fBpki tps-profile\fR commands provide command-line interfaces to manage profiles on the TPS. + +.PP +\fBpki\fR [CLI options] \fBtps-profile-find\fR [command options] +.RS 4 +This command is to list the profiles. +.RE +.PP +\fBpki\fR [CLI options] \fBtps-profile-show <profile ID>\fR [command options] +.RS 4 +This command is to view the details of a profile. +.RE +.PP +\fBpki\fR [CLI options] \fBtps-profile-add --input <file path>\fR [command options] +.RS 4 +This command is to create a new profile. +.RE +.PP +\fBpki\fR [CLI options] \fBtps-profile-mod <profile ID>\ --action <action>\fR [command options] +.RS 4 +This command is to change the status of a profile. +.RE +.PP +\fBpki\fR [CLI options] \fBtps-profile-mod <profile ID>\ --input <file path>\fR [command options] +.RS 4 +This command is to modify an existing profile. +.RE +.PP +\fBpki\fR [CLI options] \fBtps-profile-del <profile ID>\fR [command options] +.RS 4 +This command is to delete a profile. +.RE + +.SH OPTIONS +The CLI options are described in \fBpki\fR(1). + +.SH OPERATIONS + +To view available profile commands, type \fBpki tps-profile\fP. To view each command's usage, type \fB pki tps-profile-<command> \-\-help\fP. + +All the tps-profile commands require TPS admin or agent authentication. + +.SS Listing profiles + +To list all profile: + +.B pki <TPS admin/agent authentication> tps-profile-find + +The results can be paged using the \fB--start\fR and \fB--size\fR options described in \fBpki\fR(1). + +.SS Viewing a profile + +To view the status and properties of a profile: + +.B pki <TPS admin/agent authentication> tps-profile-show <profile ID> + +To store the output of the above operation into a file: + +.B pki <TPS admin/agent authentication> tps-profile-show <profile ID> --output <file path> + +.SS Adding a profile + +To add a new profile, prepare an input file specifying the +profile properties in the following format: + +.IP +.nf +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<Profile id="..." xmlns:ns2="http://www.w3.org/2005/Atom"> + <Properties> + <Property name="...">...</Property> + ... + </Properties> +</Profile> +.fi + +.PP +The profile properties are described in \fBpki-tps-profile\fR(5). +Then execute the following command: + +.B pki <TPS admin authentication> tps-profile-add --input <file path> + +.SS Changing profile status + +To change the profile status execute the following command: + +.B pki <TPS admin/agent authentication> tps-profile-mod <profile ID> --action <action> + +Available actions for admins: submit, cancel. +Available actions for agents: approve, reject. +Available actions for users with both admin and agent rights: enable, disable. + +.SS Modifying a profile + +To modify a profile, first disable the profile using the \fBtps-profile-mod +--action disable\fP command. Then download the current profile properties +using the \fBtps-profile-show --output\fP command. Make the modifications in +the file, then upload the updated file using the following command: + +.B pki <TPS admin authentication> tps-profile-mod <profile ID> --input <file path> + +Finally, the profile should be re-enabled using the \fBtps-profile-mod +--action enable\fP command. + +.SS Deleting a profile + +To delete a profile, first disable the profile using the \fBtps-profile-mod +--action disable\fP command, then execute: + +.B pki <TPS admin authentication> tps-profile-del <profile ID> + +.SH AUTHORS +Endi S. Dewata <edewata@redhat.com>. + +.SH COPYRIGHT +Copyright (c) 2015 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + +.SH SEE ALSO +.BR pki(1), +.BR pki-tps-profile(5) diff --git a/base/java-tools/src/com/netscape/cmstools/tps/profile/ProfileCLI.java b/base/java-tools/src/com/netscape/cmstools/tps/profile/ProfileCLI.java index b27578ffc..7c68c8ebb 100644 --- a/base/java-tools/src/com/netscape/cmstools/tps/profile/ProfileCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/tps/profile/ProfileCLI.java @@ -46,6 +46,11 @@ public class ProfileCLI extends CLI { addModule(new ProfileMappingCLI(this)); } + @Override + public String getManPage() { + return "pki-tps-profile"; + } + public void execute(String[] args) throws Exception { client = parent.getClient(); diff --git a/base/java-tools/src/com/netscape/cmstools/tps/profile/ProfileModifyCLI.java b/base/java-tools/src/com/netscape/cmstools/tps/profile/ProfileModifyCLI.java index 87580cdaf..c042552ab 100644 --- a/base/java-tools/src/com/netscape/cmstools/tps/profile/ProfileModifyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/tps/profile/ProfileModifyCLI.java @@ -50,7 +50,7 @@ public class ProfileModifyCLI extends CLI { } public void createOptions() { - Option option = new Option(null, "action", true, "Action: update (default), approve, reject, enable, disable."); + Option option = new Option(null, "action", true, "Action: update (default), submit, cancel, approve, reject, enable, disable."); option.setArgName("action"); options.addOption(option); diff --git a/base/tps/man/man5/pki-tps-profile.5 b/base/tps/man/man5/pki-tps-profile.5 index 2b864a05f..1007a0e4e 100644 --- a/base/tps/man/man5/pki-tps-profile.5 +++ b/base/tps/man/man5/pki-tps-profile.5 @@ -202,3 +202,6 @@ Dogtag Team <pki-devel@redhat.com>. .SH COPYRIGHT Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. + +.SH SEE ALSO +.BR pki-tps-profile(1) diff --git a/specs/pki-core.spec b/specs/pki-core.spec index e05568328..c7bea8f3a 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -868,6 +868,7 @@ systemctl daemon-reload %{_mandir}/man1/pki-user.1.gz %{_mandir}/man1/pki-user-cert.1.gz %{_mandir}/man1/pki-ca-profile.1.gz +%{_mandir}/man1/pki-tps-profile.1.gz %if %{with server} |