[Pki-devel] [PATCH] 781 Added instance and subsystem validation for pki-server ca-* commands.

[Endi Sukma Dewata]

The pki-server ca-* commands have been modified to validate
the instance and the CA subsystem before proceeding with the
operation.

The usage() methods and invocations have been renamed into
print_help() for consistency.

https://fedorahosted.org/pki/ticket/2364

--
Endi S. Dewata

>From fce674b7e79065b582d631303ff9809065787a37 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edew...@redhat.com>
Date: Fri, 1 Jul 2016 03:26:23 +0200
Subject: [PATCH] Added instance and subsystem validation for pki-server ca-*
 commands.

The pki-server ca-* commands have been modified to validate
the instance and the CA subsystem before proceeding with the
operation.

The usage() methods and invocations have been renamed into
print_help() for consistency.

https://fedorahosted.org/pki/ticket/2364
---
 base/server/python/pki/server/cli/ca.py | 44 +++++++++++++++++++++++++++------
 1 file changed, 37 insertions(+), 7 deletions(-)

diff --git a/base/server/python/pki/server/cli/ca.py b/base/server/python/pki/server/cli/ca.py
index dbf8239f4f548714beb0c68d7bca2c84f6c0fb74..1d1c00f0f977d63066d68a9ae960aefcd183ad13 100644
--- a/base/server/python/pki/server/cli/ca.py
+++ b/base/server/python/pki/server/cli/ca.py
@@ -129,9 +129,16 @@ class CACertChainExportCLI(pki.cli.CLI):
             sys.exit(1)
 
         instance = pki.server.PKIInstance(instance_name)
+        if not instance.is_valid():
+            print('ERROR: Invalid instance %s.' % instance_name)
+            sys.exit(1)
+
         instance.load()
 
         subsystem = instance.get_subsystem('ca')
+        if not subsystem:
+            print('ERROR: No CA subsystem in instance %s.' % instance_name)
+            sys.exit(1)
 
         tmpdir = tempfile.mkdtemp()
 
@@ -171,7 +178,7 @@ class CACertRequestFindCLI(pki.cli.CLI):
         super(CACertRequestFindCLI, self).__init__(
             'find', 'Find CA certificate requests')
 
-    def usage(self):
+    def print_help(self):
         print('Usage: pki-server ca-cert-request-find [OPTIONS]')
         print()
         print('  -i, --instance <instance ID>    Instance ID (default: pki-tomcat).')
@@ -190,7 +197,7 @@ class CACertRequestFindCLI(pki.cli.CLI):
 
         except getopt.GetoptError as e:
             print('ERROR: ' + str(e))
-            self.usage()
+            self.print_help()
             sys.exit(1)
 
         instance_name = 'pki-tomcat'
@@ -216,13 +223,21 @@ class CACertRequestFindCLI(pki.cli.CLI):
 
             else:
                 print('ERROR: unknown option ' + o)
-                self.usage()
+                self.print_help()
                 sys.exit(1)
 
         instance = pki.server.PKIInstance(instance_name)
+        if not instance.is_valid():
+            print('ERROR: Invalid instance %s.' % instance_name)
+            sys.exit(1)
+
         instance.load()
 
         subsystem = instance.get_subsystem('ca')
+        if not subsystem:
+            print('ERROR: No CA subsystem in instance %s.' % instance_name)
+            sys.exit(1)
+
         results = subsystem.find_cert_requests(cert=cert)
 
         self.print_message('%s entries matched' % len(results))
@@ -243,7 +258,7 @@ class CACertRequestShowCLI(pki.cli.CLI):
         super(CACertRequestShowCLI, self).__init__(
             'show', 'Show CA certificate request')
 
-    def usage(self):
+    def print_help(self):
         print('Usage: pki-server ca-cert-request-show <request ID> [OPTIONS]')
         print()
         print('  -i, --instance <instance ID>    Instance ID (default: pki-tomcat).')
@@ -260,12 +275,12 @@ class CACertRequestShowCLI(pki.cli.CLI):
 
         except getopt.GetoptError as e:
             print('ERROR: ' + str(e))
-            self.usage()
+            self.print_help()
             sys.exit(1)
 
         if len(args) != 1:
             print('ERROR: missing request ID')
-            self.usage()
+            self.print_help()
             sys.exit(1)
 
         request_id = args[0]
@@ -288,13 +303,21 @@ class CACertRequestShowCLI(pki.cli.CLI):
 
             else:
                 print('ERROR: unknown option ' + o)
-                self.usage()
+                self.print_help()
                 sys.exit(1)
 
         instance = pki.server.PKIInstance(instance_name)
+        if not instance.is_valid():
+            print('ERROR: Invalid instance %s.' % instance_name)
+            sys.exit(1)
+
         instance.load()
 
         subsystem = instance.get_subsystem('ca')
+        if not subsystem:
+            print('ERROR: No CA subsystem in instance %s.' % instance_name)
+            sys.exit(1)
+
         request = subsystem.get_cert_requests(request_id)
 
         if output_file:
@@ -384,9 +407,16 @@ class CAClonePrepareCLI(pki.cli.CLI):
             sys.exit(1)
 
         instance = pki.server.PKIInstance(instance_name)
+        if not instance.is_valid():
+            print('ERROR: Invalid instance %s.' % instance_name)
+            sys.exit(1)
+
         instance.load()
 
         subsystem = instance.get_subsystem('ca')
+        if not subsystem:
+            print('ERROR: No CA subsystem in instance %s.' % instance_name)
+            sys.exit(1)
 
         tmpdir = tempfile.mkdtemp()
 
-- 
2.4.11


_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel