diff options
Diffstat (limited to 'base/java-tools/bin/pki')
-rw-r--r-- | base/java-tools/bin/pki | 321 |
1 files changed, 225 insertions, 96 deletions
diff --git a/base/java-tools/bin/pki b/base/java-tools/bin/pki index 5e7a7a438..e476cfcfe 100644 --- a/base/java-tools/bin/pki +++ b/base/java-tools/bin/pki @@ -19,111 +19,240 @@ # All rights reserved. # +from __future__ import absolute_import +from __future__ import print_function import shlex import subprocess import sys +import traceback -def run_java_cli(args): - - # read RESTEasy library path - value = subprocess.check_output( - '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $RESTEASY_LIB', - shell=True) - resteasy_lib = str(value).strip() - - # read logging configuration path - value = subprocess.check_output( - '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $LOGGING_CONFIG', - shell=True) - logging_config = value.decode(sys.getfilesystemencoding()).strip() - - # construct classpath - classpath = [ - '/usr/share/java/commons-cli.jar', - '/usr/share/java/commons-codec.jar', - '/usr/share/java/commons-httpclient.jar', - '/usr/share/java/commons-io.jar', - '/usr/share/java/commons-lang.jar', - '/usr/share/java/commons-logging.jar', - '/usr/share/java/httpcomponents/httpclient.jar', - '/usr/share/java/httpcomponents/httpcore.jar', - '/usr/share/java/jackson/jackson-core-asl.jar', - '/usr/share/java/jackson/jackson-jaxrs.jar', - '/usr/share/java/jackson/jackson-mapper-asl.jar', - '/usr/share/java/jackson/jackson-mrbean.jar', - '/usr/share/java/jackson/jackson-smile.jar', - '/usr/share/java/jackson/jackson-xc.jar', - '/usr/share/java/jaxb-api.jar', - '/usr/share/java/ldapjdk.jar', - '/usr/share/java/servlet.jar', - resteasy_lib + '/jaxrs-api.jar', - resteasy_lib + '/resteasy-atom-provider.jar', - resteasy_lib + '/resteasy-client.jar', - resteasy_lib + '/resteasy-jaxb-provider.jar', - resteasy_lib + '/resteasy-jaxrs.jar', - resteasy_lib + '/resteasy-jaxrs-jandex.jar', - resteasy_lib + '/resteasy-jackson-provider.jar', - '/usr/share/java/pki/pki-nsutil.jar', - '/usr/share/java/pki/pki-cmsutil.jar', - '/usr/share/java/pki/pki-certsrv.jar', - '/usr/share/java/pki/pki-tools.jar', - '/usr/lib64/java/jss4.jar', - '/usr/lib/java/jss4.jar' - ] - - command = [ - 'java', - '-cp', - ':'.join(classpath), - '-Djava.util.logging.config.file=' + logging_config, - 'com.netscape.cmstools.cli.MainCLI' - ] - - command.extend(args) - - rv = subprocess.call(command) - exit(rv) - - -# pylint: disable=W0613 -def run_python_cli(args): - - raise Exception('Not implemented') - - -def main(argv): - - # read global options - value = subprocess.check_output( - '. /etc/pki/pki.conf && echo $PKI_CLI_OPTIONS', - shell=True) - args = shlex.split(value.strip()) - args.extend(argv[1:]) - - client_type = 'java' - - new_args = [] - - # read --client-type parameter and remove it from the argument list - i = 0 - while i < len(args): - if args[i] == '--client-type': - client_type = args[i + 1] +import pki.cli +import pki.cli.pkcs12 + + +PYTHON_COMMANDS = ['pkcs12-import'] + + +class PKICLI(pki.cli.CLI): + + def __init__(self): + super(PKICLI, self).__init__( + 'pki', 'PKI command-line interface') + + self.database = None + self.password = None + self.password_file = None + self.token = None + + self.add_module(pki.cli.pkcs12.PKCS12CLI()) + + def get_full_module_name(self, module_name): + return module_name + + def print_help(self): + print('Usage: pki [OPTIONS]') + print() + print(' --client-type <type> PKI client type (default: java)') + print(' -d <path> Client security database location ' + + '(default: ~/.dogtag/nssdb)') + print(' -c <password> Client security database password ' + + '(mutually exclusive to the -C option)') + print(' -C <path> Client-side password file ' + + '(mutually exclusive to the -c option)') + print(' --token <name> Security token name') + print() + print(' -v, --verbose Run in verbose mode.') + print(' --debug Show debug messages.') + print(' --help Show help message.') + print() + + super(PKICLI, self).print_help() + + def execute_java(self, args, stdout=sys.stdout): + + # read RESTEasy library path + value = subprocess.check_output( + '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $RESTEASY_LIB', + shell=True) + resteasy_lib = value.decode(sys.getfilesystemencoding()).strip() + + # read logging configuration path + value = subprocess.check_output( + '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $LOGGING_CONFIG', + shell=True) + logging_config = value.decode(sys.getfilesystemencoding()).strip() + + # construct classpath + classpath = [ + '/usr/share/java/commons-cli.jar', + '/usr/share/java/commons-codec.jar', + '/usr/share/java/commons-httpclient.jar', + '/usr/share/java/commons-io.jar', + '/usr/share/java/commons-lang.jar', + '/usr/share/java/commons-logging.jar', + '/usr/share/java/httpcomponents/httpclient.jar', + '/usr/share/java/httpcomponents/httpcore.jar', + '/usr/share/java/jackson/jackson-core-asl.jar', + '/usr/share/java/jackson/jackson-jaxrs.jar', + '/usr/share/java/jackson/jackson-mapper-asl.jar', + '/usr/share/java/jackson/jackson-mrbean.jar', + '/usr/share/java/jackson/jackson-smile.jar', + '/usr/share/java/jackson/jackson-xc.jar', + '/usr/share/java/jaxb-api.jar', + '/usr/share/java/ldapjdk.jar', + '/usr/share/java/servlet.jar', + resteasy_lib + '/jaxrs-api.jar', + resteasy_lib + '/resteasy-atom-provider.jar', + resteasy_lib + '/resteasy-client.jar', + resteasy_lib + '/resteasy-jaxb-provider.jar', + resteasy_lib + '/resteasy-jaxrs.jar', + resteasy_lib + '/resteasy-jaxrs-jandex.jar', + resteasy_lib + '/resteasy-jackson-provider.jar', + '/usr/share/java/pki/pki-nsutil.jar', + '/usr/share/java/pki/pki-cmsutil.jar', + '/usr/share/java/pki/pki-certsrv.jar', + '/usr/share/java/pki/pki-tools.jar', + '/usr/lib64/java/jss4.jar', + '/usr/lib/java/jss4.jar' + ] + + cmd = [ + 'java', + '-cp', + ':'.join(classpath), + '-Djava.util.logging.config.file=' + logging_config, + 'com.netscape.cmstools.cli.MainCLI' + ] + + # restore options for Java commands + + if self.database: + cmd.extend(['-d', self.database]) + + if self.password: + cmd.extend(['-c', self.password]) + + if self.password_file: + cmd.extend(['-C', self.password_file]) + + if self.token and self.token != 'internal': + cmd.extend(['--token', self.token]) + + cmd.extend(args) + + if self.verbose: + print('Java command: %s' % ' '.join(cmd)) + + subprocess.check_call(cmd, stdout=stdout) + + def execute(self, argv): + + # append global options + value = subprocess.check_output( + '. /usr/share/pki/etc/pki.conf && . /etc/pki/pki.conf && echo $PKI_CLI_OPTIONS', + shell=True) + value = value.decode(sys.getfilesystemencoding()).strip() + args = shlex.split(value) + args.extend(argv[1:]) + + client_type = 'java' + + pki_options = [] + command = None + cmd_args = [] + + # read pki options before the command + # remove options for Python module + + i = 0 + while i < len(args): + # if arg is a command, stop + if args[i][0] != '-': + command = args[i] + break + + # get database path + if args[i] == '-d': + self.database = args[i + 1] + pki_options.append(args[i]) + pki_options.append(args[i + 1]) + i = i + 2 + + # get database password + elif args[i] == '-c': + self.password = args[i + 1] + pki_options.append(args[i]) + pki_options.append(args[i + 1]) + i = i + 2 + + # get database password file path + elif args[i] == '-C': + self.password_file = args[i + 1] + pki_options.append(args[i]) + pki_options.append(args[i + 1]) + i = i + 2 + + # get token name + elif args[i] == '--token': + self.token = args[i + 1] + pki_options.append(args[i]) + pki_options.append(args[i + 1]) + i = i + 2 + + # check verbose option + elif args[i] == '-v' or args[i] == '--verbose': + self.set_verbose(True) + pki_options.append(args[i]) + i = i + 1 + + # check debug option + elif args[i] == '--debug': + self.set_verbose(True) + self.set_debug(True) + pki_options.append(args[i]) + i = i + 1 + + # get client type + elif args[i] == '--client-type': + client_type = args[i + 1] + pki_options.append(args[i]) + pki_options.append(args[i + 1]) + i = i + 2 + + else: # otherwise, save the arg for the next module + cmd_args.append(args[i]) + i = i + 1 + + # save the rest of the args + while i < len(args): + cmd_args.append(args[i]) i = i + 1 - else: - new_args.append(args[i]) + if self.verbose: + print('PKI options: %s' % ' '.join(pki_options)) + print('PKI command: %s %s' % (command, ' '.join(cmd_args))) - i = i + 1 + if client_type == 'python' or command in PYTHON_COMMANDS: + (module, module_args) = self.parse_args(cmd_args) + module.execute(module_args) - if client_type == 'java': - run_java_cli(new_args) + elif client_type == 'java': + self.execute_java(cmd_args) - elif client_type == 'python': - run_python_cli(new_args) + else: + raise Exception('Unsupported client type: ' + client_type) - else: - raise Exception('Unsupported client type: ' + client_type) if __name__ == '__main__': - main(sys.argv) + + cli = PKICLI() + + try: + cli.execute(sys.argv) + + except subprocess.CalledProcessError as e: + if cli.verbose: + print('ERROR: %s' % e) + elif cli.debug: + traceback.print_exc() + exit(e.returncode) |