From d3bbfe07b1cb2d65a7af6530ea01374b20a761e4 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Fri, 15 Apr 2016 02:30:00 +0200 Subject: Updated pki pkcs12-export CLI. For consistency the pki pkcs12-export has been modified to overwrite the PKCS #12 output file by default. A new option has been added to append the exported certificates and keys into the output file if the file already exists. The same option has been added to the The pki-server instance-cert-export and subsystem-cert-export commands. https://fedorahosted.org/pki/ticket/1736 --- base/common/python/pki/nssdb.py | 10 +++++++++- .../netscape/cmstools/pkcs12/PKCS12ExportCLI.java | 14 +++++++------- .../com/netscape/cmscore/base/PropConfigStore.java | 2 +- base/server/python/pki/server/cli/instance.py | 18 ++++++++++++++---- base/server/python/pki/server/cli/subsystem.py | 20 +++++++++++++++----- 5 files changed, 46 insertions(+), 18 deletions(-) diff --git a/base/common/python/pki/nssdb.py b/base/common/python/pki/nssdb.py index 9d276332a..503bd412b 100644 --- a/base/common/python/pki/nssdb.py +++ b/base/common/python/pki/nssdb.py @@ -543,7 +543,9 @@ class NSSDatabase(object): def export_pkcs12(self, pkcs12_file, pkcs12_password=None, pkcs12_password_file=None, - nicknames=None): + nicknames=None, + append=False, + debug=False): tmpdir = tempfile.mkdtemp() @@ -575,6 +577,12 @@ class NSSDatabase(object): '--pkcs12-password-file', password_file ]) + if append: + cmd.extend(['--append']) + + if debug: + cmd.extend(['--debug']) + if nicknames: cmd.extend(nicknames) diff --git a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java index fab5ecdda..728a9efd1 100644 --- a/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/pkcs12/PKCS12ExportCLI.java @@ -61,7 +61,7 @@ public class PKCS12ExportCLI extends CLI { option.setArgName("path"); options.addOption(option); - options.addOption(null, "new-file", false, "Create a new PKCS #12 file"); + options.addOption(null, "append", false, "Append into an existing PKCS #12 file"); options.addOption(null, "no-trust-flags", false, "Do not include trust flags"); options.addOption(null, "no-key", false, "Do not include private key"); options.addOption(null, "no-chain", false, "Do not include certificate chain"); @@ -128,7 +128,7 @@ public class PKCS12ExportCLI extends CLI { Password password = new Password(passwordString.toCharArray()); - boolean newFile = cmd.hasOption("new-file"); + boolean append = cmd.hasOption("append"); boolean includeTrustFlags = !cmd.hasOption("no-trust-flags"); boolean includeKey = !cmd.hasOption("no-key"); boolean includeChain = !cmd.hasOption("no-chain"); @@ -139,13 +139,13 @@ public class PKCS12ExportCLI extends CLI { PKCS12 pkcs12; - if (newFile || !new File(filename).exists()) { - // if new file requested or file does not exist, create a new file - pkcs12 = new PKCS12(); + if (append && new File(filename).exists()) { + // if append requested and file exists, export into the existing file + pkcs12 = util.loadFromFile(filename, password); } else { - // otherwise, export into the existing file - pkcs12 = util.loadFromFile(filename, password); + // otherwise, create a new file + pkcs12 = new PKCS12(); } if (nicknames.length == 0) { diff --git a/base/server/cmscore/src/com/netscape/cmscore/base/PropConfigStore.java b/base/server/cmscore/src/com/netscape/cmscore/base/PropConfigStore.java index eb3f6c312..cc16e247d 100644 --- a/base/server/cmscore/src/com/netscape/cmscore/base/PropConfigStore.java +++ b/base/server/cmscore/src/com/netscape/cmscore/base/PropConfigStore.java @@ -255,7 +255,7 @@ public class PropConfigStore implements IConfigStore, Cloneable { if (str == null) { CMS.traceHashKey(mDebugType, getFullName(name), ""); - throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name)); + throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getFullName(name))); } // should we check for empty string ? // if (str.length() == 0) { diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py index a779f3c16..4eeee5d60 100644 --- a/base/server/python/pki/server/cli/instance.py +++ b/base/server/python/pki/server/cli/instance.py @@ -76,7 +76,9 @@ class InstanceCertExportCLI(pki.cli.CLI): print(' --pkcs12-file Output file to store the exported certificate and key in PKCS #12 format.') print(' --pkcs12-password Password for the PKCS #12 file.') print(' --pkcs12-password-file Input file containing the password for the PKCS #12 file.') + print(' --append Append into an existing PKCS #12 file.') print(' -v, --verbose Run in verbose mode.') + print(' --debug Run in debug mode.') print(' --help Show help message.') print() @@ -86,7 +88,7 @@ class InstanceCertExportCLI(pki.cli.CLI): opts, args = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', 'pkcs12-file=', 'pkcs12-password=', 'pkcs12-password-file=', - 'verbose', 'help']) + 'append', 'verbose', 'debug', 'help']) except getopt.GetoptError as e: print('ERROR: ' + str(e)) @@ -99,6 +101,8 @@ class InstanceCertExportCLI(pki.cli.CLI): pkcs12_file = None pkcs12_password = None pkcs12_password_file = None + append = False + debug = False for o, a in opts: if o in ('-i', '--instance'): @@ -113,9 +117,15 @@ class InstanceCertExportCLI(pki.cli.CLI): elif o == '--pkcs12-password-file': pkcs12_password_file = a + elif o == '--append': + append = True + elif o in ('-v', '--verbose'): self.set_verbose(True) + elif o == '--debug': + debug = True + elif o == '--help': self.print_help() sys.exit() @@ -142,12 +152,12 @@ class InstanceCertExportCLI(pki.cli.CLI): pkcs12_file=pkcs12_file, pkcs12_password=pkcs12_password, pkcs12_password_file=pkcs12_password_file, - nicknames=nicknames) + nicknames=nicknames, + append=append, + debug=debug) finally: nssdb.close() - self.print_message('Exported certificates') - class InstanceFindCLI(pki.cli.CLI): diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py index 5ab232cc1..fe395aad6 100644 --- a/base/server/python/pki/server/cli/subsystem.py +++ b/base/server/python/pki/server/cli/subsystem.py @@ -464,7 +464,9 @@ class SubsystemCertExportCLI(pki.cli.CLI): print(' --pkcs12-file Output file to store the exported certificate and key in PKCS #12 format.') print(' --pkcs12-password Password for the PKCS #12 file.') print(' --pkcs12-password-file Input file containing the password for the PKCS #12 file.') + print(' --append Append into an existing PKCS #12 file.') print(' -v, --verbose Run in verbose mode.') + print(' --debug Run in debug mode.') print(' --help Show help message.') print() @@ -474,7 +476,7 @@ class SubsystemCertExportCLI(pki.cli.CLI): opts, args = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', 'cert-file=', 'csr-file=', 'pkcs12-file=', 'pkcs12-password=', 'pkcs12-password-file=', - 'verbose', 'help']) + 'append', 'verbose', 'debug', 'help']) except getopt.GetoptError as e: print('ERROR: ' + str(e)) @@ -494,6 +496,8 @@ class SubsystemCertExportCLI(pki.cli.CLI): pkcs12_file = None pkcs12_password = None pkcs12_password_file = None + append = False + debug = False for o, a in opts: if o in ('-i', '--instance'): @@ -514,9 +518,15 @@ class SubsystemCertExportCLI(pki.cli.CLI): elif o == '--pkcs12-password-file': pkcs12_password_file = a + elif o == '--append': + append = True + elif o in ('-v', '--verbose'): self.set_verbose(True) + elif o == '--debug': + debug = True + elif o == '--help': self.print_help() sys.exit() @@ -526,7 +536,7 @@ class SubsystemCertExportCLI(pki.cli.CLI): self.print_help() sys.exit(1) - if not pkcs12_file: + if not (cert_file or csr_file or pkcs12_file): print('ERROR: missing output file') self.print_help() sys.exit(1) @@ -579,13 +589,13 @@ class SubsystemCertExportCLI(pki.cli.CLI): pkcs12_file=pkcs12_file, pkcs12_password=pkcs12_password, pkcs12_password_file=pkcs12_password_file, - nicknames=nicknames) + nicknames=nicknames, + append=append, + debug=debug) finally: nssdb.close() - self.print_message('Export complete') - class SubsystemCertUpdateCLI(pki.cli.CLI): -- cgit