>From 5fc1eccd1e9b8c9503bbfe01bb7b6ef370d3474b Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sun, 27 Sep 2015 17:23:48 +0200 Subject: [PATCH] Added support for directory-authenticated profiles in CLI. The pki cert-request-submit and client-cert-request CLIs have been modified to provide options to specify the username and password for directory-authenticated certificate enrollments. https://fedorahosted.org/pki/ticket/1463 --- .../cmstools/cert/CertRequestSubmitCLI.java | 47 ++++++++------ .../cmstools/client/ClientCertRequestCLI.java | 72 ++++++++++++++++++---- 2 files changed, 89 insertions(+), 30 deletions(-) diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java index 9611159681b65844c1fc32937ca0a65c2c31980d..cec1cff4f2c8167c7c16a3d095963039840b1486 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestSubmitCLI.java @@ -1,5 +1,6 @@ package com.netscape.cmstools.cert; +import java.io.Console; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; @@ -17,6 +18,7 @@ import com.netscape.certsrv.cert.CertEnrollmentRequest; import com.netscape.certsrv.cert.CertRequestInfos; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; + import netscape.security.x509.X500Name; public class CertRequestSubmitCLI extends CLI { @@ -27,13 +29,20 @@ public class CertRequestSubmitCLI extends CLI { super("request-submit", "Submit certificate request", certCLI); this.certCLI = certCLI; - Option optAID = new Option(null, "issuer-id", true, "Authority ID (host authority if omitted)"); - optAID.setArgName("id"); - options.addOption(optAID); + Option option = new Option(null, "issuer-id", true, "Authority ID (host authority if omitted)"); + option.setArgName("id"); + options.addOption(option); - Option optADN = new Option(null, "issuer-dn", true, "Authority DN (host authority if omitted)"); - optADN.setArgName("dn"); - options.addOption(optADN); + option = new Option(null, "issuer-dn", true, "Authority DN (host authority if omitted)"); + option.setArgName("dn"); + options.addOption(option); + + option = new Option(null, "username", true, "Username for request authentication"); + option.setArgName("username"); + options.addOption(option); + + option = new Option(null, "password", false, "Prompt password for request authentication"); + options.addOption(option); } public void printHelp() { @@ -41,7 +50,7 @@ public class CertRequestSubmitCLI extends CLI { } @Override - public void execute(String[] args) { + public void execute(String[] args) throws Exception { // Always check for "--help" prior to parsing if (Arrays.asList(args).contains("--help")) { // Display usage @@ -97,20 +106,22 @@ public class CertRequestSubmitCLI extends CLI { System.exit(-1); } - try { - CertEnrollmentRequest erd = getEnrollmentRequest(cmdArgs[0]); - CertRequestInfos cri = certCLI.certClient.enrollRequest(erd, aid, adn); - MainCLI.printMessage("Submitted certificate request"); - CertCLI.printCertRequestInfos(cri); + CertEnrollmentRequest request = getEnrollmentRequest(cmdArgs[0]); - } catch (FileNotFoundException e) { - System.err.println("Error: " + e.getMessage()); - System.exit(-1); + String certRequestUsername = cmd.getOptionValue("username"); + if (certRequestUsername != null) { + request.setAttribute("uid", certRequestUsername); + } - } catch (JAXBException e) { - System.err.println("Error: " + e.getMessage()); - System.exit(-1); + if (cmd.hasOption("password")) { + Console console = System.console(); + String certRequestPassword = new String(console.readPassword("Password: ")); + request.setAttribute("pwd", certRequestPassword); } + + CertRequestInfos cri = certCLI.certClient.enrollRequest(request, aid, adn); + MainCLI.printMessage("Submitted certificate request"); + CertCLI.printCertRequestInfos(cri); } private CertEnrollmentRequest getEnrollmentRequest(String fileName) throws JAXBException, FileNotFoundException { diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java index db71c8a0f7db4644290efb766178b76668c22377..370a7be5b1d09b8b445a82fce3c2185607e9ccae 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java @@ -19,13 +19,13 @@ package com.netscape.cmstools.client; import java.io.ByteArrayOutputStream; +import java.io.Console; import java.io.File; import java.security.KeyPair; +import java.util.HashMap; +import java.util.Map; import java.util.Vector; -import netscape.ldap.util.DN; -import netscape.ldap.util.RDN; - import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; import org.apache.commons.io.FileUtils; @@ -50,6 +50,9 @@ import com.netscape.cmstools.cli.MainCLI; import com.netscape.cmsutil.util.Cert; import com.netscape.cmsutil.util.Utils; +import netscape.ldap.util.DN; +import netscape.ldap.util.RDN; + /** * @author Endi S. Dewata */ @@ -73,6 +76,13 @@ public class ClientCertRequestCLI extends CLI { option.setArgName("request type"); options.addOption(option); + option = new Option(null, "username", true, "Username for request authentication"); + option.setArgName("username"); + options.addOption(option); + + option = new Option(null, "password", false, "Prompt password for request authentication"); + options.addOption(option); + option = new Option(null, "attribute-encoding", false, "Enable Attribute encoding"); options.addOption(option); @@ -265,20 +275,58 @@ public class ClientCertRequestCLI extends CLI { } } + // parse subject DN and put the values in a map + DN dn = new DN(subjectDN); + Vector rdns = dn.getRDNs(); + + Map subjectAttributes = new HashMap(); + for (int i=0; i< rdns.size(); i++) { + RDN rdn = (RDN)rdns.elementAt(i); + String type = rdn.getTypes()[0].toLowerCase(); + String value = rdn.getValues()[0]; + subjectAttributes.put(type, value); + } + ProfileInput sn = request.getInput("Subject Name"); if (sn != null) { - DN dn = new DN(subjectDN); - Vector rdns = dn.getRDNs(); - - for (int i=0; i< rdns.size(); i++) { - RDN rdn = (RDN)rdns.elementAt(i); - String type = rdn.getTypes()[0].toLowerCase(); - String value = rdn.getValues()[0]; - ProfileAttribute uidAttr = sn.getAttribute("sn_" + type); - uidAttr.setValue(value); + if (verbose) System.out.println("Subject Name:"); + + for (ProfileAttribute attribute : sn.getAttributes()) { + String name = attribute.getName(); + String value = null; + + if (name.equals("subject")) { + // get the whole subject DN + value = subjectDN; + + } else if (name.startsWith("sn_")) { + // get value from subject DN + value = subjectAttributes.get(name.substring(3)); + + } else { + // unknown attribute, ignore + if (verbose) System.out.println(" - " + name); + continue; + } + + if (value == null) continue; + + if (verbose) System.out.println(" - " + name + ": " + value); + attribute.setValue(value); } } + String certRequestUsername = cmd.getOptionValue("username"); + if (certRequestUsername != null) { + request.setAttribute("uid", certRequestUsername); + } + + if (cmd.hasOption("password")) { + Console console = System.console(); + String certRequestPassword = new String(console.readPassword("Password: ")); + request.setAttribute("pwd", certRequestPassword); + } + if (verbose) { System.out.println("Sending certificate request."); } -- 2.4.3