[Pki-devel] [PATCH] 923 Refactored restricted command list in PKI CLI.

Mon, 30 Jan 2017 13:59:40 -0800 

The names of restricted commands have been moved into a list for
clarity.

Pushed to master under trivial rule.

--
Endi S. Dewata

>From cfa678d2e41d46a0d108a8a8c05938fa0d024f4f Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <[email protected]>
Date: Tue, 17 Jan 2017 15:17:02 +0100
Subject: [PATCH] Refactored restricted command list in PKI CLI.

The names of restricted commands have been moved into a list for
clarity.
---
 .../src/com/netscape/cmstools/cli/MainCLI.java       | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index caccdafcbcb4fb071cc51210cb1df67de2450ddd..c5f20711a5c93f0886f8b017216b24ba22123f18 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -28,6 +28,7 @@ import java.lang.reflect.Field;
 import java.net.InetAddress;
 import java.net.URI;
 import java.net.UnknownHostException;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
 
@@ -62,6 +63,19 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
  */
 public class MainCLI extends CLI {
 
+    /**
+     * These commands should not be executed after CryptoManager.initialize()
+     * since they may modify the NSS database or execute external commands
+     * using the same NSS database.
+     */
+    public final static Collection<String> RESTRICTED_COMMANDS = Arrays.asList(
+            "client-init",
+            "client-cert-import",
+            "client-cert-mod",
+            "client-cert-request",
+            "client-cert-show"
+    );
+
     public ClientConfig config = new ClientConfig();
 
     public Collection<Integer> rejectedCertStatuses = new HashSet<Integer>();
@@ -522,11 +536,7 @@ public class MainCLI extends CLI {
         // Do not call CryptoManager.initialize() on some commands
         // because otherwise the database will be locked.
         String command = cmdArgs[0];
-        if (!command.equals("client-init") &&
-                !command.equals("client-cert-import") &&
-                !command.equals("client-cert-mod") &&
-                !command.equals("client-cert-request") &&
-                !command.equals("client-cert-show")) {
+        if (!RESTRICTED_COMMANDS.contains(command)) {
             init();
         }
 
-- 
2.5.5


_______________________________________________
Pki-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/pki-devel

Reply via email to