rpms / pki-core

Clone
Source Code
GIT

Files

10.6 el5 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f22
  2.   pki-core-Added-default-subject-DN-for-pki-client-cert-request.patch
Blob Blame History Raw 
commit 1c1b9a1069650a12394848520a1dfb4753f8be72
Author: Endi S. Dewata <edewata@redhat.com>
Date:   Sun Sep 27 17:23:48 2015 +0200

    Added default subject DN for pki client-cert-request.
    
    The pki client-cert-request CLI has been modified to generate a
    default subject DN if it's not specified. The man page has been
    updated accordingly.
    
    https://fedorahosted.org/pki/ticket/1463
    (cherry picked from commit 3292de07ed01f6230de34120bf9cd1b8d164610a)

diff --git a/base/java-tools/man/man1/pki-client.1 b/base/java-tools/man/man1/pki-client.1
index 65e6185..da5de7c 100644
--- a/base/java-tools/man/man1/pki-client.1
+++ b/base/java-tools/man/man1/pki-client.1
@@ -21,7 +21,7 @@ pki-client \- Command-Line Interface for managing the security database on Certi
 \fBpki\fR [CLI options] \fBclient\fR
 \fBpki\fR [CLI options] \fBclient-init\fR [command options]
 \fBpki\fR [CLI options] \fBclient-cert-find\fR [command options]
-\fBpki\fR [CLI options] \fBclient-cert-request\fR <subject DN> [command options]
+\fBpki\fR [CLI options] \fBclient-cert-request\fR [subject DN] [command options]
 \fBpki\fR [CLI options] \fBclient-cert-import\fR [nickname] [command options]
 \fBpki\fR [CLI options] \fBclient-cert-mod\fR <nickname> [command options]
 \fBpki\fR [CLI options] \fBclient-cert-show\fR <nickname> [command options]
@@ -47,7 +47,7 @@ This command is to create a new security database for the client.
 This command is to list certificates in the client security database.
 .RE
 .PP
-\fBpki\fR [CLI options] \fBclient-cert-request\fR <subject DN> [command options]
+\fBpki\fR [CLI options] \fBclient-cert-request\fR [subject DN] [command options]
 .RS 4
 This command is to generate and submit a certificate request.
 .RE
@@ -82,13 +82,22 @@ To create a new database execute the following command:
 
 .B pki -d <security database location> -c <security database password> client-init
 
-To view certificates in the security database:
+To list certificates in the security database:
 
 .B pki -d <security database location> -c <security database password> client-cert-find
 
 To request a certificate:
 
-.B pki -d <security database location> -c <security database password> client-cert-request <subject DN>
+.B pki -d <security database location> -c <security database password> client-cert-request [subject DN]
+
+The subject DN requirement depends on the certificate profile being requested.
+Some profiles may require the user to provide a subject DN in a certain
+format. Some other profiles may generate their own subject DN.
+
+Certain profiles may also require additional authentication. To authenticate,
+a username and a password can be specified using the --username and --password
+options, respectively. If the subject DN is not specififed the CLI may use the
+username to generate a default subject DN "UID=<username>".
 
 To import a certificate from a file into the security database:
 
diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
index c08d156..938cc4b 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
@@ -68,7 +68,7 @@ public class ClientCertRequestCLI extends CLI {
     }
 
     public void printHelp() {
-        formatter.printHelp(getFullName() + " <Subject DN> [OPTIONS...]", options);
+        formatter.printHelp(getFullName() + " [Subject DN] [OPTIONS...]", options);
     }
 
     public void createOptions() {
@@ -151,13 +151,22 @@ public class ClientCertRequestCLI extends CLI {
             System.exit(-1);
         }
 
-        if (cmdArgs.length < 1) {
-            System.err.println("Error: Missing subject DN.");
-            printHelp();
-            System.exit(-1);
-        }
+        String certRequestUsername = cmd.getOptionValue("username");
+
+        String subjectDN;
 
-        String subjectDN = cmdArgs[0];
+        if (cmdArgs.length == 0) {
+            if (certRequestUsername == null) {
+                System.err.println("Error: Missing subject DN or request username.");
+                printHelp();
+                System.exit(-1);
+            }
+
+            subjectDN = "UID=" + certRequestUsername;
+
+        } else {
+            subjectDN = cmdArgs[0];
+        }
 
         // pkcs10, crmf
         String requestType = cmd.getOptionValue("type", "pkcs10");
@@ -316,7 +325,6 @@ public class ClientCertRequestCLI extends CLI {
             }
         }
 
-        String certRequestUsername = cmd.getOptionValue("username");
         if (certRequestUsername != null) {
             request.setAttribute("uid", certRequestUsername);
         }
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.