The pki client-init has been modified to support creating NSS database without password.
Pushed to master under trivial rule. -- Endi S. Dewata
>From 4c6a98d79a02fd0bf6e5da56835e8dd0ce2e7485 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Mon, 20 Mar 2017 01:21:34 +0100 Subject: [PATCH] Allowing pki client-init without NSS database password. The pki client-init has been modified to support creating NSS database without password. --- .../netscape/cmstools/client/ClientInitCLI.java | 30 ++++++++++++++-------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java index 96853913664d35012da4a4627ff9f96c9b8a9223..893b40b345c0aed00509295465a6d141cf524ed0 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientInitCLI.java @@ -23,7 +23,9 @@ import java.io.File; import java.io.FileWriter; import java.io.InputStreamReader; import java.io.PrintWriter; +import java.util.ArrayList; import java.util.Arrays; +import java.util.List; import org.apache.commons.cli.CommandLine; import org.apache.commons.io.FileUtils; @@ -67,10 +69,6 @@ public class ClientInitCLI extends CLI { MainCLI mainCLI = (MainCLI)parent.getParent(); - if (mainCLI.config.getCertPassword() == null) { - throw new Exception("Security database password is required."); - } - boolean force = cmd.hasOption("force"); File certDatabase = mainCLI.certDatabase; @@ -97,16 +95,28 @@ public class ClientInitCLI extends CLI { File passwordFile = new File(certDatabase, "password.txt"); try { - try (PrintWriter out = new PrintWriter(new FileWriter(passwordFile))) { - out.println(mainCLI.config.getCertPassword()); - } - String[] commands = { "/usr/bin/certutil", "-N", "-d", certDatabase.getAbsolutePath(), - "-f", passwordFile.getAbsolutePath() }; + List<String> list = new ArrayList<>(Arrays.asList(commands)); + + if (mainCLI.config.getCertPassword() == null) { + list.add("--empty-password"); + + } else { + try (PrintWriter out = new PrintWriter(new FileWriter(passwordFile))) { + out.println(mainCLI.config.getCertPassword()); + } + + list.add("-f"); + list.add(passwordFile.getAbsolutePath()); + } + + commands = new String[list.size()]; + list.toArray(commands); + Runtime rt = Runtime.getRuntime(); Process p = rt.exec(commands); @@ -119,7 +129,7 @@ public class ClientInitCLI extends CLI { MainCLI.printMessage("Client initialized"); } finally { - passwordFile.delete(); + if (passwordFile.exists()) passwordFile.delete(); } } } -- 2.9.3
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel