From 058f1cf1e657ba441f1fcd590fa4cec8ca96e5b0 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Tue, 1 Sep 2015 09:57:42 -0400 Subject: Lightweight CAs: REST cert request param to specify authority Add the optional "ca" query parameter for REST cert request submission. Also update the ca-cert-request-submit CLI command with an option to provide an AuthorityID. Part of: https://fedorahosted.org/pki/ticket/1213 --- .../cmstools/cert/CertRequestSubmitCLI.java | 44 +++++++++++++++++++++- .../cmstools/client/ClientCertRequestCLI.java | 2 +- 2 files changed, 44 insertions(+), 2 deletions(-) (limited to 'base/java-tools/src/com/netscape/cmstools') diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java index 608490bb7..961115968 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java @@ -2,18 +2,22 @@ package com.netscape.cmstools.cert; import java.io.File; import java.io.FileNotFoundException; +import java.io.IOException; import java.util.Arrays; import java.util.Scanner; import javax.xml.bind.JAXBException; import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.Option; import org.apache.commons.cli.ParseException; +import com.netscape.certsrv.ca.AuthorityID; import com.netscape.certsrv.cert.CertEnrollmentRequest; import com.netscape.certsrv.cert.CertRequestInfos; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import netscape.security.x509.X500Name; public class CertRequestSubmitCLI extends CLI { @@ -22,6 +26,14 @@ public class CertRequestSubmitCLI extends CLI { public CertRequestSubmitCLI(CertCLI certCLI) { super("request-submit", "Submit certificate request", certCLI); this.certCLI = certCLI; + + Option optAID = new Option(null, "issuer-id", true, "Authority ID (host authority if omitted)"); + optAID.setArgName("id"); + options.addOption(optAID); + + Option optADN = new Option(null, "issuer-dn", true, "Authority DN (host authority if omitted)"); + optADN.setArgName("dn"); + options.addOption(optADN); } public void printHelp() { @@ -55,9 +67,39 @@ public class CertRequestSubmitCLI extends CLI { System.exit(-1); } + AuthorityID aid = null; + if (cmd.hasOption("issuer-id")) { + String aidString = cmd.getOptionValue("issuer-id"); + try { + aid = new AuthorityID(aidString); + } catch (IllegalArgumentException e) { + System.err.println("Bad AuthorityID: " + aidString); + printHelp(); + System.exit(-1); + } + } + + X500Name adn = null; + if (cmd.hasOption("issuer-dn")) { + String adnString = cmd.getOptionValue("issuer-dn"); + try { + adn = new X500Name(adnString); + } catch (IOException e) { + System.err.println("Bad DN: " + adnString); + printHelp(); + System.exit(-1); + } + } + + if (aid != null && adn != null) { + System.err.println("--issuer-id and --issuer-dn options are mutually exclusive"); + printHelp(); + System.exit(-1); + } + try { CertEnrollmentRequest erd = getEnrollmentRequest(cmdArgs[0]); - CertRequestInfos cri = certCLI.certClient.enrollRequest(erd); + CertRequestInfos cri = certCLI.certClient.enrollRequest(erd, aid, adn); MainCLI.printMessage("Submitted certificate request"); CertCLI.printCertRequestInfos(cri); diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java index e6bd0d981..db71c8a0f 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java @@ -283,7 +283,7 @@ public class ClientCertRequestCLI extends CLI { System.out.println("Sending certificate request."); } - CertRequestInfos infos = certClient.enrollRequest(request); + CertRequestInfos infos = certClient.enrollRequest(request, null, null); MainCLI.printMessage("Submitted certificate request"); CertCLI.printCertRequestInfos(infos); -- cgit