[Pki-devel] [PATCH] 987 Allowing pki client-init without NSS database password.

Mon, 20 Mar 2017 19:36:28 -0700 

The pki client-init has been modified to support creating NSS
database without password.

Pushed to master under trivial rule.

--
Endi S. Dewata

>From 4c6a98d79a02fd0bf6e5da56835e8dd0ce2e7485 Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edew...@redhat.com>
Date: Mon, 20 Mar 2017 01:21:34 +0100
Subject: [PATCH] Allowing pki client-init without NSS database password.

The pki client-init has been modified to support creating NSS
database without password.
---
 .../netscape/cmstools/client/ClientInitCLI.java    | 30 ++++++++++++++--------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java
index 96853913664d35012da4a4627ff9f96c9b8a9223..893b40b345c0aed00509295465a6d141cf524ed0 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java
@@ -23,7 +23,9 @@ import java.io.File;
 import java.io.FileWriter;
 import java.io.InputStreamReader;
 import java.io.PrintWriter;
+import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.List;
 
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.io.FileUtils;
@@ -67,10 +69,6 @@ public class ClientInitCLI extends CLI {
 
         MainCLI mainCLI = (MainCLI)parent.getParent();
 
-        if (mainCLI.config.getCertPassword() == null) {
-            throw new Exception("Security database password is required.");
-        }
-
         boolean force = cmd.hasOption("force");
         File certDatabase = mainCLI.certDatabase;
 
@@ -97,16 +95,28 @@ public class ClientInitCLI extends CLI {
         File passwordFile = new File(certDatabase, "password.txt");
 
         try {
-            try (PrintWriter out = new PrintWriter(new FileWriter(passwordFile))) {
-                out.println(mainCLI.config.getCertPassword());
-            }
-
             String[] commands = {
                     "/usr/bin/certutil", "-N",
                     "-d", certDatabase.getAbsolutePath(),
-                    "-f", passwordFile.getAbsolutePath()
             };
 
+            List<String> list = new ArrayList<>(Arrays.asList(commands));
+
+            if (mainCLI.config.getCertPassword() == null) {
+                list.add("--empty-password");
+
+            } else {
+                try (PrintWriter out = new PrintWriter(new FileWriter(passwordFile))) {
+                    out.println(mainCLI.config.getCertPassword());
+                }
+
+                list.add("-f");
+                list.add(passwordFile.getAbsolutePath());
+            }
+
+            commands = new String[list.size()];
+            list.toArray(commands);
+
             Runtime rt = Runtime.getRuntime();
             Process p = rt.exec(commands);
 
@@ -119,7 +129,7 @@ public class ClientInitCLI extends CLI {
             MainCLI.printMessage("Client initialized");
 
         } finally {
-            passwordFile.delete();
+            if (passwordFile.exists()) passwordFile.delete();
         }
     }
 }
-- 
2.9.3


_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

Reply via email to