2 files changed, 21 insertions, 17 deletions

diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java
index 6c9d8032e..ce7b3dd79 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12CertAddCLI.java
@@ -63,10 +63,8 @@ public class PKCS12CertAddCLI extends CLI {
         option.setArgName("path");
         options.addOption(option);
 
+        options.addOption(null, "new-file", false, "Create a new PKCS #12 file");
         options.addOption(null, "no-trust-flags", false, "Do not include trust flags");
-        options.addOption(null, "no-cert", false, "Do not include certificate itself");
-        options.addOption(null, "no-key", false, "Do not include certificate key");
-        options.addOption(null, "no-chain", false, "Do not include certificate chain");
 
         options.addOption("v", "verbose", false, "Run in verbose mode.");
         options.addOption(null, "debug", false, "Run in debug mode.");
@@ -139,10 +137,8 @@ public class PKCS12CertAddCLI extends CLI {
 
         Password password = new Password(passwordString.toCharArray());
 
+        boolean newFile = cmd.hasOption("new-file");
         boolean includeTrustFlags = !cmd.hasOption("no-trust-flags");
-        boolean includeCert = !cmd.hasOption("no-cert");
-        boolean includeKey = !cmd.hasOption("no-key");
-        boolean includeChain = !cmd.hasOption("no-chain");
 
         try {
             PKCS12Util util = new PKCS12Util();
@@ -150,13 +146,16 @@ public class PKCS12CertAddCLI extends CLI {
 
             PKCS12 pkcs12;
 
-            if (new File(filename).exists()) {
-                pkcs12 = util.loadFromFile(filename, password);
-            } else {
+            if (newFile || !new File(filename).exists()) {
+                // if new file requested or file does not exist, create a new file
                 pkcs12 = new PKCS12();
+
+            } else {
+                // otherwise, add into the same file
+                pkcs12 = util.loadFromFile(filename, password);
             }
 
-            util.loadFromNSS(pkcs12, nickname, includeCert, includeKey, includeChain);
+            util.loadCertFromNSS(pkcs12, nickname);
             util.storeIntoFile(pkcs12, filename, password);
 
         } finally {
diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
index a5c9e2823..f17251284 100644
--- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java
@@ -18,7 +18,6 @@
 package com.netscape.cmstools.pkcs12;
 
 import java.io.BufferedReader;
-import java.io.File;
 import java.io.FileReader;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -45,7 +44,7 @@ public class PKCS12ExportCLI extends CLI {
     }
 
     public void printHelp() {
-        formatter.printHelp(getFullName() + " [OPTIONS...]", options);
+        formatter.printHelp(getFullName() + " [OPTIONS...] [nicknames...]", options);
     }
 
     public void createOptions() {
@@ -96,6 +95,7 @@ public class PKCS12ExportCLI extends CLI {
             Logger.getLogger("netscape").setLevel(Level.FINE);
         }
 
+        String[] nicknames = cmd.getArgs();
         String filename = cmd.getOptionValue("pkcs12");
 
         if (filename == null) {
@@ -130,15 +130,20 @@ public class PKCS12ExportCLI extends CLI {
             PKCS12Util util = new PKCS12Util();
             util.setTrustFlagsEnabled(trustFlagsEnabled);
 
-            PKCS12 pkcs12;
+            // overwrite existing file
+            PKCS12 pkcs12 = new PKCS12();
+
+            if (nicknames.length == 0) {
+                // load all certificates
+                util.loadFromNSS(pkcs12);
 
-            if (new File(filename).exists()) {
-                pkcs12 = util.loadFromFile(filename, password);
             } else {
-                pkcs12 = new PKCS12();
+                // load specified certificates
+                for (String nickname : nicknames) {
+                    util.loadCertFromNSS(pkcs12, nickname);
+                }
             }
 
-            util.loadFromNSS(pkcs12);
             util.storeIntoFile(pkcs12, filename, password);
 
         } finally {