From 262abc276a863f4e0469088e5983ab55d938bdce Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Thu, 2 Jul 2015 18:33:48 -0400
Subject: [PATCH] Fixed NPE in key-archive CLI.

The pki CLI has been modified such that if the security database
location (-d) is not specified, the config.certDatabase will be
initialized with the default value (i.e. ~/.dogtag/nssdb). The
config.certDatabase is needed by the CLI to prepare the client
library for key archival operations.
---
 .../src/com/netscape/cmstools/cli/MainCLI.java      | 21 ++++++++-------------
 .../src/com/netscape/cmstools/key/KeyCLI.java       | 10 ++++++++--
 2 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index 77245ec531a13769c633d879b81fc08f7d88803f..4d63d9bc12c012bc1db207f7a31a0b50cf5bc2af 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -330,9 +330,14 @@ public class MainCLI extends CLI {
             }
         }
 
-        // store security database path
-        if (certDatabase != null)
+        if (certDatabase != null) {
+            // store user-provided security database location
             config.setCertDatabase(new File(certDatabase).getAbsolutePath());
+        } else {
+            // store default security database location
+            config.setCertDatabase(System.getProperty("user.home") +
+                    File.separator + ".dogtag" + File.separator + "nssdb");
+        }
 
         // store token name
         config.setTokenName(tokenName);
@@ -395,17 +400,7 @@ public class MainCLI extends CLI {
         list = cmd.getOptionValue("ignore-cert-status");
         convertCertStatusList(list, ignoredCertStatuses);
 
-        if (config.getCertDatabase() == null) {
-            // Use default client security database
-            this.certDatabase = new File(
-                    System.getProperty("user.home") + File.separator +
-                    ".dogtag" + File.separator + "nssdb");
-
-        } else {
-            // Use existing client security database
-            this.certDatabase = new File(config.getCertDatabase());
-        }
-
+        this.certDatabase = new File(config.getCertDatabase());
         if (verbose) System.out.println("Client security database: "+this.certDatabase.getAbsolutePath());
 
         String messageFormat = cmd.getOptionValue("message-format");
diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java
index d83bcf2fc89a4d6bafb61dd45637e53e7660ea9f..582bf8ee4c6128161a42b261fdab3aa2e8cc3770 100644
--- a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java
@@ -81,12 +81,18 @@ public class KeyCLI extends CLI {
 
         // create new key client
         keyClient = new KeyClient(client, subsystem);
-        if (client.getConfig().getCertDatabase() != null && client.getConfig().getCertPassword() != null) {
+
+        // if security database password is specified,
+        // prepare key client for archival/retrieval
+        if (client.getConfig().getCertPassword() != null) {
+            // create crypto provider for key client
             keyClient.setCrypto(new NSSCryptoProvider(client.getConfig()));
 
-            // Set the transport cert for crypto operations
+            // download transport cert
             systemCertClient = new SystemCertClient(client, subsystem);
             String transportCert = systemCertClient.getTransportCert().getEncoded();
+
+            // set transport cert for key client
             transportCert = transportCert.substring(CertData.HEADER.length(),
                     transportCert.indexOf(CertData.FOOTER));
             keyClient.setTransportCert(transportCert);
-- 
1.9.3