[Pki-devel] [PATCH] Added --token-password in pki-server instance-externalcert-add / del command.

Amol Kahat Wed, 22 Jun 2016 01:13:42 -0700

Hi,

Please review this patch.


Fixes : https://bugzilla.redhat.com/show_bug.cgi?id=1348531

Thanks
Amol K

>From d0e514e4f3c96ce5f8c6dba9efc05aaa819d94e6 Mon Sep 17 00:00:00 2001
From: Amol Kahat <aka...@redhat.com>
Date: Wed, 22 Jun 2016 13:36:33 +0530
Subject: [PATCH] Added --token-password option in pki-server-externalcert-add
 / del command.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1348531
---
 base/server/python/pki/server/cli/instance.py | 76 ++++++++++++++++++++++-----
 1 file changed, 63 insertions(+), 13 deletions(-)

diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py
index b2b31e1b806162caf74277504cfb08f79810a3ef..0cf60cb8a2db615aa1f5e987c5f5621b934a5981 100644
--- a/base/server/python/pki/server/cli/instance.py
+++ b/base/server/python/pki/server/cli/instance.py
@@ -629,6 +629,7 @@ class InstanceExternalCertAddCLI(pki.cli.CLI):
         print('      --trust-args <trust-args>      Trust args (default \",,\").')
         print('      --nickname <nickname>          Nickname to be used.')
         print('      --token <token_name>           Token (default: internal).')
+        print('      --token-password <password>    Token password.')
         print('  -v, --verbose                      Run in verbose mode.')
         print('      --help                         Show help message.')
         print()
@@ -636,8 +637,8 @@ class InstanceExternalCertAddCLI(pki.cli.CLI):
     def execute(self, argv):
         try:
             opts, _ = getopt.gnu_getopt(argv, 'i:v', [
-                'instance=',
-                'cert-file=', 'trust-args=', 'nickname=','token=',
+                'instance=', 'cert-file=', 'trust-args=',
+                'nickname=','token=', 'token-password=',
                 'verbose', 'help'])
 
         except getopt.GetoptError as e:
@@ -650,6 +651,7 @@ class InstanceExternalCertAddCLI(pki.cli.CLI):
         trust_args = '\",,\"'
         nickname = None
         token = 'internal'
+        token_password = None
 
         for o, a in opts:
             if o in ('-i', '--instance'):
@@ -667,6 +669,9 @@ class InstanceExternalCertAddCLI(pki.cli.CLI):
             elif o == '--token':
                 token = a
 
+            elif o == '--token-password':
+                token_password = a
+
             elif o in ('-v', '--verbose'):
                 self.set_verbose(True)
 
@@ -683,12 +688,27 @@ class InstanceExternalCertAddCLI(pki.cli.CLI):
             print('ERROR: missing input file containing certificate')
             self.print_help()
             sys.exit(1)
+        
+        if os.path.isfile(cert_file):
+            pass
+
+        else:
+            print('ERROR: Invalid certificate file, no such file or directory.')
+            sys.exit(1)
 
         if not nickname:
             print('ERROR: missing nickname')
             self.print_help()
             sys.exit(1)
 
+        if token is 'internal' and token_password is None:
+            pass
+
+        elif token is not 'internal' and token_password is None:
+            print('ERROR: Specify token password')
+            self.print_help()
+            sys.exit(1)
+
         instance = pki.server.PKIInstance(instance_name)
         
         if instance.is_valid():
@@ -703,14 +723,23 @@ class InstanceExternalCertAddCLI(pki.cli.CLI):
             sys.exit(1)
 
         nicks = self.import_certs(
-            instance, cert_file, nickname, token, trust_args)
-        self.update_instance_config(instance, nicks, token)
+            instance, cert_file, nickname, token, trust_args, token_password)
+        
+        try:
+            self.update_instance_config(instance, nicks, token)
 
-        self.print_message('Certificate imported for instance %s.' %
+            self.print_message('Certificate imported for instance %s.' %
                            instance_name)
+        except:
+            print('ERROR: Failed to run pki-server instance-externalcert-add command')
+            sys.exit(1)
+
+    def import_certs(self, instance, cert_file, nickname, token, trust_args, token_password):
+        if not token_password:
+            password = instance.get_password(token)
+        else:
+            password = token_password
 
-    def import_certs(self, instance, cert_file, nickname, token, trust_args):
-        password = instance.get_password(token)
         certdb = pki.nssdb.NSSDatabase(
             directory=instance.nssdb_dir,
             password=password,
@@ -737,6 +766,7 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI):
         print('  -i, --instance <instance ID>       Instance ID (default: pki-tomcat).')
         print('      --nickname <nickname>          Nickname to be used.')
         print('      --token <token_name>           Token (default: internal).')
+        print('      --token-password <password>    Token password.')
         print('  -v, --verbose                      Run in verbose mode.')
         print('      --help                         Show help message.')
         print()
@@ -745,7 +775,7 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI):
         try:
             opts, _ = getopt.gnu_getopt(argv, 'i:v', [
                 'instance=', 'nickname=','token=',
-                'verbose', 'help'])
+                'token-password=', 'verbose', 'help'])
 
         except getopt.GetoptError as e:
             print('ERROR: ' + str(e))
@@ -755,6 +785,7 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI):
         instance_name = 'pki-tomcat'
         nickname = None
         token = 'internal'
+        token_password = None
 
         for o, a in opts:
             if o in ('-i', '--instance'):
@@ -766,6 +797,9 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI):
             elif o == '--token':
                 token = a
 
+            elif o == '--token-password':
+                token_password = a
+
             elif o in ('-v', '--verbose'):
                 self.set_verbose(True)
 
@@ -783,6 +817,14 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI):
             self.print_help()
             sys.exit(1)
 
+        if token is 'internal' and token_password is None:
+            pass
+
+        elif token is not 'internal' and token_password is None:
+            print('ERROR: Specify token password')
+            self.print_help()
+            sys.exit(1)
+
         instance = pki.server.PKIInstance(instance_name)
         
         if instance.is_valid():
@@ -791,14 +833,22 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI):
             print('ERROR: Invalid tomcat instance specified.')
             sys.exit(1)
         
-        self.remove_cert(instance, nickname, token)
-        instance.delete_external_cert(nickname, token)
+        try:
+            self.remove_cert(instance, nickname, token, token_password)
+            instance.delete_external_cert(nickname, token)
 
-        self.print_message('Certificate removed from instance %s.' %
+            self.print_message('Certificate removed from instance %s.' %
                            instance_name)
+        except:
+            print('ERROR: Failed to run pki-server instance-externalcert-del command.')
+            sys.exit(1)
+
+    def remove_cert(self, instance, nickname, token, token_password):
+        if not token_password:
+            password = instance.get_password(token)
+        else:
+            password = token_password
 
-    def remove_cert(self, instance, nickname, token):
-        password = instance.get_password(token)
         certdb = pki.nssdb.NSSDatabase(
             directory=instance.nssdb_dir,
             password=password,
-- 
2.5.5

_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

[Pki-devel] [PATCH] Added --token-password in pki-server instance-externalcert-add / del command.

Reply via email to