From 249b85ce6fcbc772acc54ce76103793b44ad303a Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Sun, 27 Sep 2015 17:23:48 +0200 Subject: [PATCH] Added default subject DN for pki client-cert-request. The pki client-cert-request CLI has been modified to generate a default subject DN if it's not specified. The man page has been updated accordingly. https://fedorahosted.org/pki/ticket/1463 --- base/java-tools/man/man1/pki-client.1 | 10 ++++++--- .../cmstools/client/ClientCertRequestCLI.java | 24 ++++++++++++++-------- 2 files changed, 23 insertions(+), 11 deletions(-) diff --git a/base/java-tools/man/man1/pki-client.1 b/base/java-tools/man/man1/pki-client.1 index 65e61855574e0801bdbf936b6299e54ee3857beb..e659397a7fba4b034fae579a350f9285d9c3bde2 100644 --- a/base/java-tools/man/man1/pki-client.1 +++ b/base/java-tools/man/man1/pki-client.1 @@ -21,7 +21,7 @@ pki-client \- Command-Line Interface for managing the security database on Certi \fBpki\fR [CLI options] \fBclient\fR \fBpki\fR [CLI options] \fBclient-init\fR [command options] \fBpki\fR [CLI options] \fBclient-cert-find\fR [command options] -\fBpki\fR [CLI options] \fBclient-cert-request\fR [command options] +\fBpki\fR [CLI options] \fBclient-cert-request\fR [subject DN] [command options] \fBpki\fR [CLI options] \fBclient-cert-import\fR [nickname] [command options] \fBpki\fR [CLI options] \fBclient-cert-mod\fR [command options] \fBpki\fR [CLI options] \fBclient-cert-show\fR [command options] @@ -47,7 +47,7 @@ This command is to create a new security database for the client. This command is to list certificates in the client security database. .RE .PP -\fBpki\fR [CLI options] \fBclient-cert-request\fR [command options] +\fBpki\fR [CLI options] \fBclient-cert-request\fR [subject DN] [command options] .RS 4 This command is to generate and submit a certificate request. .RE @@ -88,7 +88,11 @@ To view certificates in the security database: To request a certificate: -.B pki -d -c client-cert-request +.B pki -d -c client-cert-request [subject DN] + +Some certificate profiles may require authentication using username and password. They can be specified +using --username and --password options. If the subject DN is not specififed the CLI will generate a +default subject DN "UID=". To import a certificate from a file into the security database: diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java index 370a7be5b1d09b8b445a82fce3c2185607e9ccae..3ec4745e6a38058d7bb697df5f367c8831bfa216 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java @@ -68,7 +68,7 @@ public class ClientCertRequestCLI extends CLI { } public void printHelp() { - formatter.printHelp(getFullName() + " [OPTIONS...]", options); + formatter.printHelp(getFullName() + " [Subject DN] [OPTIONS...]", options); } public void createOptions() { @@ -151,14 +151,23 @@ public class ClientCertRequestCLI extends CLI { System.exit(-1); } - if (cmdArgs.length < 1) { - System.err.println("Error: Missing subject DN."); - printHelp(); - System.exit(-1); + String certRequestUsername = cmd.getOptionValue("username"); + + String subjectDN; + + if (cmdArgs.length == 0) { + if (certRequestUsername == null) { + System.err.println("Error: Missing subject DN or request username."); + printHelp(); + System.exit(-1); + } + + subjectDN = "UID=" + certRequestUsername; + + } else { + subjectDN = cmdArgs[0]; } - String subjectDN = cmdArgs[0]; - // pkcs10, crmf String requestType = cmd.getOptionValue("type", "pkcs10"); @@ -316,7 +325,6 @@ public class ClientCertRequestCLI extends CLI { } } - String certRequestUsername = cmd.getOptionValue("username"); if (certRequestUsername != null) { request.setAttribute("uid", certRequestUsername); } -- 2.4.3