Hi, Please review this patch.
Fixes : https://bugzilla.redhat.com/show_bug.cgi?id=1348531 Thanks Amol K
>From d0e514e4f3c96ce5f8c6dba9efc05aaa819d94e6 Mon Sep 17 00:00:00 2001 From: Amol Kahat <aka...@redhat.com> Date: Wed, 22 Jun 2016 13:36:33 +0530 Subject: [PATCH] Added --token-password option in pki-server-externalcert-add / del command. Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1348531 --- base/server/python/pki/server/cli/instance.py | 76 ++++++++++++++++++++++----- 1 file changed, 63 insertions(+), 13 deletions(-) diff --git a/base/server/python/pki/server/cli/instance.py b/base/server/python/pki/server/cli/instance.py index b2b31e1b806162caf74277504cfb08f79810a3ef..0cf60cb8a2db615aa1f5e987c5f5621b934a5981 100644 --- a/base/server/python/pki/server/cli/instance.py +++ b/base/server/python/pki/server/cli/instance.py @@ -629,6 +629,7 @@ class InstanceExternalCertAddCLI(pki.cli.CLI): print(' --trust-args <trust-args> Trust args (default \",,\").') print(' --nickname <nickname> Nickname to be used.') print(' --token <token_name> Token (default: internal).') + print(' --token-password <password> Token password.') print(' -v, --verbose Run in verbose mode.') print(' --help Show help message.') print() @@ -636,8 +637,8 @@ class InstanceExternalCertAddCLI(pki.cli.CLI): def execute(self, argv): try: opts, _ = getopt.gnu_getopt(argv, 'i:v', [ - 'instance=', - 'cert-file=', 'trust-args=', 'nickname=','token=', + 'instance=', 'cert-file=', 'trust-args=', + 'nickname=','token=', 'token-password=', 'verbose', 'help']) except getopt.GetoptError as e: @@ -650,6 +651,7 @@ class InstanceExternalCertAddCLI(pki.cli.CLI): trust_args = '\",,\"' nickname = None token = 'internal' + token_password = None for o, a in opts: if o in ('-i', '--instance'): @@ -667,6 +669,9 @@ class InstanceExternalCertAddCLI(pki.cli.CLI): elif o == '--token': token = a + elif o == '--token-password': + token_password = a + elif o in ('-v', '--verbose'): self.set_verbose(True) @@ -683,12 +688,27 @@ class InstanceExternalCertAddCLI(pki.cli.CLI): print('ERROR: missing input file containing certificate') self.print_help() sys.exit(1) + + if os.path.isfile(cert_file): + pass + + else: + print('ERROR: Invalid certificate file, no such file or directory.') + sys.exit(1) if not nickname: print('ERROR: missing nickname') self.print_help() sys.exit(1) + if token is 'internal' and token_password is None: + pass + + elif token is not 'internal' and token_password is None: + print('ERROR: Specify token password') + self.print_help() + sys.exit(1) + instance = pki.server.PKIInstance(instance_name) if instance.is_valid(): @@ -703,14 +723,23 @@ class InstanceExternalCertAddCLI(pki.cli.CLI): sys.exit(1) nicks = self.import_certs( - instance, cert_file, nickname, token, trust_args) - self.update_instance_config(instance, nicks, token) + instance, cert_file, nickname, token, trust_args, token_password) + + try: + self.update_instance_config(instance, nicks, token) - self.print_message('Certificate imported for instance %s.' % + self.print_message('Certificate imported for instance %s.' % instance_name) + except: + print('ERROR: Failed to run pki-server instance-externalcert-add command') + sys.exit(1) + + def import_certs(self, instance, cert_file, nickname, token, trust_args, token_password): + if not token_password: + password = instance.get_password(token) + else: + password = token_password - def import_certs(self, instance, cert_file, nickname, token, trust_args): - password = instance.get_password(token) certdb = pki.nssdb.NSSDatabase( directory=instance.nssdb_dir, password=password, @@ -737,6 +766,7 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI): print(' -i, --instance <instance ID> Instance ID (default: pki-tomcat).') print(' --nickname <nickname> Nickname to be used.') print(' --token <token_name> Token (default: internal).') + print(' --token-password <password> Token password.') print(' -v, --verbose Run in verbose mode.') print(' --help Show help message.') print() @@ -745,7 +775,7 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI): try: opts, _ = getopt.gnu_getopt(argv, 'i:v', [ 'instance=', 'nickname=','token=', - 'verbose', 'help']) + 'token-password=', 'verbose', 'help']) except getopt.GetoptError as e: print('ERROR: ' + str(e)) @@ -755,6 +785,7 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI): instance_name = 'pki-tomcat' nickname = None token = 'internal' + token_password = None for o, a in opts: if o in ('-i', '--instance'): @@ -766,6 +797,9 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI): elif o == '--token': token = a + elif o == '--token-password': + token_password = a + elif o in ('-v', '--verbose'): self.set_verbose(True) @@ -783,6 +817,14 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI): self.print_help() sys.exit(1) + if token is 'internal' and token_password is None: + pass + + elif token is not 'internal' and token_password is None: + print('ERROR: Specify token password') + self.print_help() + sys.exit(1) + instance = pki.server.PKIInstance(instance_name) if instance.is_valid(): @@ -791,14 +833,22 @@ class InstanceExternalCertDeleteCLI(pki.cli.CLI): print('ERROR: Invalid tomcat instance specified.') sys.exit(1) - self.remove_cert(instance, nickname, token) - instance.delete_external_cert(nickname, token) + try: + self.remove_cert(instance, nickname, token, token_password) + instance.delete_external_cert(nickname, token) - self.print_message('Certificate removed from instance %s.' % + self.print_message('Certificate removed from instance %s.' % instance_name) + except: + print('ERROR: Failed to run pki-server instance-externalcert-del command.') + sys.exit(1) + + def remove_cert(self, instance, nickname, token, token_password): + if not token_password: + password = instance.get_password(token) + else: + password = token_password - def remove_cert(self, instance, nickname, token): - password = instance.get_password(token) certdb = pki.nssdb.NSSDatabase( directory=instance.nssdb_dir, password=password, -- 2.5.5
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel