summaryrefslogtreecommitdiffstats
path: root/base/java-tools
diff options
context:
space:
mode:
Diffstat (limited to 'base/java-tools')
-rw-r--r--base/java-tools/man/man1/pki.112
-rw-r--r--base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java151
2 files changed, 80 insertions, 83 deletions
diff --git a/base/java-tools/man/man1/pki.1 b/base/java-tools/man/man1/pki.1
index b5a35f1f6..4e77bd6eb 100644
--- a/base/java-tools/man/man1/pki.1
+++ b/base/java-tools/man/man1/pki.1
@@ -28,10 +28,10 @@ These services include certificates, groups, keys, security domains, and users.
.SH CLI OPTIONS
.TP
.B -c <client security database password>
-Specifies the client security database password (mutually exclusive to the '-C' option; requires the '-n' client authentication option).
+Specifies the client security database password (mutually exclusive to the '-C' option).
.TP
.B -C <client-side password file>
-Specifies the file which contains the client security database password (mutually exclusive to the '-c' option; requires the '-n' client authentication option).
+Specifies the file which contains the client security database password (mutually exclusive to the '-c' option).
.TP
.B -d <client security database location>
Specifies the client security database location (default: \fI~/.dogtag/nssdb\fP).
@@ -49,7 +49,7 @@ Comma-separated list of ignored certificate validity statuses.
Message format: xml (default), json.
.TP
.B -n <client certificate nickname>
-Specifies the nickname of the client certificate (signifies client authentication which is mutually exclusive to the '-u' basic authentication option).
+Specifies the nickname for client certificate authentication (mutually exclusive to the '-u' option). This authentication requires a security database password.
.TP
.B --output <folder>
Folder to store HTTP messages.
@@ -68,7 +68,7 @@ PKI subsystem type - [CA, KRA, OCSP, TKS, or TPS] (non-case-sensitive).
Specifies the server URI.
.TP
.B -u <username>
-Specifies the username (signifies basic authentication which is mutually exclusive to the '-n' client authentication option).
+Specifies the username for basic authentication (mutually exclusive to the '-n' option). This authentication requires a user password.
.TP
.B -v
Displays verbose information.
@@ -77,10 +77,10 @@ Displays verbose information.
Displays CLI version information.
.TP
.B -w <password>
-Specifies the user password (mutually exclusive to the '-W' option; requires the '-u' basic authentication option).
+Specifies the user password (mutually exclusive to the '-W' option).
.TP
.B -W <client-side password file>
-Specifies the file which contains the user password (mutually exclusive to the '-w' option; requires the '-u' basic authentication option).
+Specifies the file which contains the user password (mutually exclusive to the '-w' option).
.SH OPERATIONS
To view available commands and options, simply type \fBpki\fP. Some commands have sub-commands.
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index becd84524..186c9827e 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -19,9 +19,9 @@
package com.netscape.cmstools.cli;
import java.io.BufferedReader;
-import java.io.FileReader;
import java.io.Console;
import java.io.File;
+import java.io.FileReader;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.InetAddress;
@@ -291,93 +291,90 @@ public class MainCLI extends CLI {
String passwordFile = cmd.getOptionValue("W");
String[] tokenPasswordPair = { null, null };
- // check for mutually exclusive options
- if ((certNickname != null) && (username != null)) {
- System.err.println("Error: The '-n' (client authentication) and '-u' (basic authentication) options are mutually exclusive!");
- System.exit(-1);
- }
- if ((certPasswordFile != null) && (certPassword != null)) {
- System.err.println("Error: The '-C' and '-c' options are mutually exclusive!");
- System.exit(-1);
- }
- if ((passwordFile != null) && (password != null)) {
- System.err.println("Error: The '-W' and '-w' options are mutually exclusive!");
+ // check authentication parameters
+ if (certNickname != null && username != null) {
+ System.err.println("Error: The '-n' and '-u' options are mutually exclusive.");
System.exit(-1);
- }
- // check for mutually dependent options
- if (((certPasswordFile != null) || (certPassword != null)) &&
- (certNickname == null)) {
- System.err.println("Error: If either of the '-C' or '-c' options are specified, the '-n' client authentication option must also be specified!");
- System.exit(-1);
- }
- if (((passwordFile != null) || (password != null)) &&
- (username == null)) {
- System.err.println("Error: If either of the '-W' or '-w' options are specified, the '-u' basic authentication option must also be specified!");
- System.exit(-1);
+ } else if (certNickname != null) { // client certificate authentication
+
+ if (certPasswordFile != null && certPassword != null) {
+ System.err.println("Error: The '-C' and '-c' options are mutually exclusive.");
+ System.exit(-1);
+
+ } else if (certPasswordFile == null && certPassword == null) {
+ System.err.println("Error: Missing security database password.");
+ System.exit(-1);
+ }
+
+ } else if (username != null) { // basic authentication
+
+ if (passwordFile != null && password != null) {
+ System.err.println("Error: The '-W' and '-w' options are mutually exclusive.");
+ System.exit(-1);
+
+ } else if (passwordFile == null && password == null) {
+ System.err.println("Error: Missing user password.");
+ System.exit(-1);
+ }
}
- // convert into absolute path
+ // store security database path
if (certDatabase != null)
config.setCertDatabase(new File(certDatabase).getAbsolutePath());
- // check for client authentication or basic authentication
- if (certNickname != null) {
- // client authentication
- config.setCertNickname(certNickname);
-
- if (certPassword != null) {
- // set client security database password
- config.setCertPassword(certPassword);
- } else if (certPasswordFile != null) {
- // read client security database password from specified file
- tokenPasswordPair = readPlaintextPasswordFromFile(certPasswordFile);
- // XXX TBD set client security database token
-
- // set client security database password
- config.setCertPassword(tokenPasswordPair[1]);
- } else {
- // prompt for client security database password
- //
- // NOTE: This overrides the password callback provided
- // by JSS for NSS security database authentication.
- //
- try {
- certPassword = promptForPassword("Enter Client Security Database Password: ");
- // set client security database password
- config.setCertPassword(certPassword);
- } catch (Exception e) {
- System.err.println("Error: " + e.getMessage());
- System.exit(-1);
- }
+ // store certificate nickname
+ config.setCertNickname(certNickname);
+
+ if (certPasswordFile != null) {
+ // read client security database password from specified file
+ tokenPasswordPair = readPlaintextPasswordFromFile(certPasswordFile);
+ // XXX TBD set client security database token
+
+ certPassword = tokenPasswordPair[1];
+
+ } else if (certNickname != null && certPassword == null) {
+ // prompt for security database password if required for authentication
+ //
+ // NOTE: This overrides the password callback provided
+ // by JSS for NSS security database authentication.
+ //
+ try {
+ certPassword = promptForPassword("Enter Client Security Database Password: ");
+
+ } catch (Exception e) {
+ System.err.println("Error: " + e.getMessage());
+ System.exit(-1);
}
- } else if (username != null) {
- // basic authentication
- config.setUsername(username);
-
- if (password != null) {
- // set user password
- config.setPassword(password);
- } else if (passwordFile != null) {
- // read user password from specified file
- tokenPasswordPair = readPlaintextPasswordFromFile(passwordFile);
- // XXX TBD set user token
-
- // set user password
- config.setPassword(tokenPasswordPair[1]);
- } else {
- // prompt for user password
- try {
- password = promptForPassword();
- // set user password
- config.setPassword(password);
- } catch (Exception e) {
- System.err.println("Error: " + e.getMessage());
- System.exit(-1);
- }
+ }
+
+ // store security database password
+ config.setCertPassword(certPassword);
+
+ // store user name
+ config.setUsername(username);
+
+ if (passwordFile != null) {
+ // read user password from specified file
+ tokenPasswordPair = readPlaintextPasswordFromFile(passwordFile);
+ // XXX TBD set user token
+
+ password = tokenPasswordPair[1];
+
+ } else if (username != null && password == null) {
+ // prompt for user password if required for authentication
+ try {
+ password = promptForPassword();
+
+ } catch (Exception e) {
+ System.err.println("Error: " + e.getMessage());
+ System.exit(-1);
}
}
+ // store user password
+ config.setPassword(password);
+
String list = cmd.getOptionValue("reject-cert-status");
convertCertStatusList(list, rejectedCertStatuses);
generated by cgit (git 2.34.1) at 2026-01-08 16:04:29 +0000