diff options
5 files changed, 102 insertions, 99 deletions
diff --git a/base/common/src/com/netscape/certsrv/cert/CertClient.java b/base/common/src/com/netscape/certsrv/cert/CertClient.java index c209bf9b8..04295c7a3 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertClient.java +++ b/base/common/src/com/netscape/certsrv/cert/CertClient.java @@ -84,6 +84,10 @@ public class CertClient extends PKIClient { certRequestResource.approveRequest(id, data); } + public void rejectRequest(RequestId id, CertReviewResponse data) { + certRequestResource.rejectRequest(id, data); + } + public CertRequestInfos listRequests(String requestState, String requestType, RequestId start, Integer pageSize, Integer maxResults, Integer maxTime) { return certRequestResource.listRequests(requestState, requestType, start, pageSize, maxResults, maxTime); diff --git a/base/java-tools/man/man1/pki.1 b/base/java-tools/man/man1/pki.1 index 5729861e8..fdeac0a11 100644 --- a/base/java-tools/man/man1/pki.1 +++ b/base/java-tools/man/man1/pki.1 @@ -163,13 +163,17 @@ Then submit the request for review. This can be done without authentication. .B pki cert-request-submit <request file> -Then, an agent needs to review the request. +Then, an agent needs to review the request by running the following command: .B pki <agent authentication> cert-request-review <request ID> --output <request review file> -The output file contains details about the request, as well as the defaults and constraints of the enrollment profile. It contains all the values that can be overridden by the agent. To approve a request, run the following command as an agent: +The request, as well as the defaults and constraints of the enrollment profile, will be stored in the output file. The agent can examine the file and override any values if necessary. To approve or reject the request, enter the appropriate action when prompted: -.B pki <agent authentication> cert-request-approve <request review file> +.B Action (accept/reject): + +Alternatively, the agent can approve or reject the request in a single step with the following command: + +.B pki <agent authentication> cert-request-review <request ID> --action <action> .SS Group Management Commands All group commands must be executed as an administrator. Some representative commands are shown below. Type \fBpki group\fP to get a list of additional commands. diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java index d3bf51e32..b9122531c 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java @@ -27,6 +27,7 @@ import com.netscape.certsrv.cert.CertClient; import com.netscape.certsrv.cert.CertData; import com.netscape.certsrv.cert.CertDataInfo; import com.netscape.certsrv.cert.CertRequestInfo; +import com.netscape.certsrv.cert.CertReviewResponse; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; @@ -51,7 +52,6 @@ public class CertCLI extends CLI { addModule(new CertRequestFindCLI(this)); addModule(new CertRequestSubmitCLI(this)); addModule(new CertRequestReviewCLI(this)); - addModule(new CertRequestApproveCLI(this)); } public void printHelp() { @@ -146,7 +146,14 @@ public class CertCLI extends CLI { public static void printCertRequestInfo(CertRequestInfo info) { System.out.println(" Request ID: " + info.getRequestId()); - System.out.println(" Status: " + info.getRequestStatus()); System.out.println(" Type: " + info.getRequestType()); + System.out.println(" Status: " + info.getRequestStatus()); + } + + public static void printCertReviewResponse(CertReviewResponse response) { + System.out.println(" Request ID: " + response.getRequestId()); + System.out.println(" Profile: " + response.getProfileName()); + System.out.println(" Type: " + response.getRequestType()); + System.out.println(" Status: " + response.getRequestStatus()); } } diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java deleted file mode 100644 index 0c6db8a90..000000000 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java +++ /dev/null @@ -1,58 +0,0 @@ -package com.netscape.cmstools.cert; - -import java.io.FileInputStream; - -import javax.xml.bind.JAXBContext; -import javax.xml.bind.Unmarshaller; - -import org.apache.commons.cli.CommandLine; -import org.apache.commons.cli.ParseException; - -import com.netscape.certsrv.cert.CertReviewResponse; -import com.netscape.cmstools.cli.CLI; -import com.netscape.cmstools.cli.MainCLI; - -public class CertRequestApproveCLI extends CLI { - CertCLI parent; - - public CertRequestApproveCLI(CertCLI parent) { - super("request-approve", "Approve certificate request"); - this.parent = parent; - } - - @Override - public void execute(String[] args) throws Exception { - CommandLine cmd = null; - - try { - cmd = parser.parse(options, args); - } catch (ParseException e) { - System.err.println("Error: " + e.getMessage()); - printHelp(); - System.exit(-1); - } - - String[] cLineArgs = cmd.getArgs(); - - if (cLineArgs.length < 1) { - System.err.println("Error: No file name specified."); - printHelp(); - System.exit(-1); - } - - FileInputStream fis = new FileInputStream(cLineArgs[0].trim()); - - JAXBContext context = JAXBContext.newInstance(CertReviewResponse.class); - Unmarshaller unmarshaller = context.createUnmarshaller(); - CertReviewResponse reviewInfo = (CertReviewResponse) unmarshaller.unmarshal(fis); - - parent.client.approveRequest(reviewInfo.getRequestId(), reviewInfo); - - MainCLI.printMessage("Approved certificate request " + reviewInfo.getRequestId().toString()); - } - - @Override - public void printHelp() { - formatter.printHelp(parent.name + "-" + name + " <file name>", options); - } -} diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestReviewCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestReviewCLI.java index 682314b25..6706ff13a 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestReviewCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestReviewCLI.java @@ -1,11 +1,13 @@ package com.netscape.cmstools.cert; -import java.io.FileNotFoundException; +import java.io.BufferedReader; +import java.io.FileInputStream; import java.io.FileOutputStream; +import java.io.InputStreamReader; import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; @@ -27,11 +29,21 @@ public class CertRequestReviewCLI extends CLI { } @Override - public void execute(String[] args) { + public void printHelp() { + formatter.printHelp(parent.name + "-" + name + " <Request ID> [OPTIONS...]", options); + } + + @Override + public void execute(String[] args) throws Exception { CommandLine cmd = null; - Option output = new Option(null, "output", true, "Output Filename"); - options.addOption(output); + Option option = new Option(null, "action", true, "Action (approve/reject)"); + option.setArgName("action"); + options.addOption(option); + + option = new Option(null, "output", true, "Output filename"); + option.setArgName("filename"); + options.addOption(option); try { cmd = parser.parse(options, args); @@ -42,62 +54,96 @@ public class CertRequestReviewCLI extends CLI { } String[] cLineArgs = cmd.getArgs(); - if (cLineArgs.length < 1) { - System.err.println("Error: No request id specified."); - printHelp(); - System.exit(-1); - } - String filename = null; - if (cmd.hasOption("output")) { - filename = cmd.getOptionValue("output"); - } else { - System.err.println("No output option specified."); - printHelp(); - System.exit(-1); - } - - if (filename == null || filename.trim().length() == 0) { - System.err.println("Specify the filename to write the request information"); + System.err.println("Error: Missing certificate request ID."); printHelp(); System.exit(-1); } - RequestId reqId = null; + RequestId requestId = null; try { - reqId = new RequestId(cLineArgs[0]); + requestId = new RequestId(cLineArgs[0]); } catch (NumberFormatException e) { - System.err.println("Error: Invalid RequestID: " + cLineArgs[0]); + System.err.println("Error: Invalid certificate request ID " + cLineArgs[0] + "."); System.exit(-1); } + String action = cmd.getOptionValue("action"); + String filename = null; + + if (action == null) { + if (cmd.hasOption("output")) { + filename = cmd.getOptionValue("output"); + } else { + System.err.println("Error: Missing output file name."); + printHelp(); + System.exit(-1); + } + + if (filename == null || filename.trim().length() == 0) { + System.err.println("Error: Missing output file name."); + printHelp(); + System.exit(-1); + } + } + + // Retrieve certificate request. CertReviewResponse reviewInfo = null; try { - reviewInfo = parent.client.reviewRequest(reqId); + reviewInfo = parent.client.reviewRequest(requestId); } catch (PKIException e) { System.err.println(e.getMessage()); System.exit(-1); } - try { + if (action == null) { + // Store certificate request in a file. JAXBContext context = JAXBContext.newInstance(CertReviewResponse.class); Marshaller marshaller = context.createMarshaller(); marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); FileOutputStream stream = new FileOutputStream(filename); - marshaller.marshal(reviewInfo, stream); - MainCLI.printMessage("Downloaded certificate request " + cLineArgs[0]); - } catch (JAXBException e) { - System.err.println("Cannot write to the file. " + e); - } catch (FileNotFoundException e) { - System.err.println("File not found at " + filename); + + MainCLI.printMessage("Retrieved certificate request " + requestId); + CertCLI.printCertReviewResponse(reviewInfo); + System.out.println(" Filename: " + filename); + if (verbose) System.out.println(" Nonce: " + reviewInfo.getNonce()); + System.out.println(); + + while (action == null) { + // Wait for action. + System.out.print("Action (approve/reject): "); + System.out.flush(); + + BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); + action = reader.readLine(); + + if (action.equalsIgnoreCase("a") || action.equalsIgnoreCase("approve")) { + action = "approve"; + } else if (action.equalsIgnoreCase("r") || action.equalsIgnoreCase("reject")) { + action = "reject"; + } else { + action = null; + } + } + + // Read certificate request file. + Unmarshaller unmarshaller = context.createUnmarshaller(); + FileInputStream fis = new FileInputStream(filename); + reviewInfo = (CertReviewResponse) unmarshaller.unmarshal(fis); } - } + if (action.equalsIgnoreCase("approve")) { + parent.client.approveRequest(reviewInfo.getRequestId(), reviewInfo); + MainCLI.printMessage("Approved certificate request " + requestId); - @Override - public void printHelp() { - formatter.printHelp(parent.name + "-" + name + " <request id>", options); + } else if (action.equalsIgnoreCase("reject")) { + parent.client.rejectRequest(reviewInfo.getRequestId(), reviewInfo); + MainCLI.printMessage("Rejected certificate request " + requestId); + + } else { + throw new Error("Invalid action: " + action); + } } } |