[Pki-devel] [PATCH] 647 Added default subject DN for pki client-cert-request.

Endi Sukma Dewata edewata at redhat.com
Wed Sep 30 19:40:05 UTC 2015 

The pki client-cert-request CLI has been modified to generate a
default subject DN if it's not specified. The man page has been
updated accordingly.

https://fedorahosted.org/pki/ticket/1463

-- 
Endi S. Dewata
-------------- next part --------------
From 249b85ce6fcbc772acc54ce76103793b44ad303a Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata at redhat.com>
Date: Sun, 27 Sep 2015 17:23:48 +0200
Subject: [PATCH] Added default subject DN for pki client-cert-request.

The pki client-cert-request CLI has been modified to generate a
default subject DN if it's not specified. The man page has been
updated accordingly.

https://fedorahosted.org/pki/ticket/1463
---
 base/java-tools/man/man1/pki-client.1              | 10 ++++++---
 .../cmstools/client/ClientCertRequestCLI.java      | 24 ++++++++++++++--------
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/base/java-tools/man/man1/pki-client.1 b/base/java-tools/man/man1/pki-client.1
index 65e61855574e0801bdbf936b6299e54ee3857beb..e659397a7fba4b034fae579a350f9285d9c3bde2 100644
--- a/base/java-tools/man/man1/pki-client.1
+++ b/base/java-tools/man/man1/pki-client.1
@@ -21,7 +21,7 @@ pki-client \- Command-Line Interface for managing the security database on Certi
 \fBpki\fR [CLI options] \fBclient\fR
 \fBpki\fR [CLI options] \fBclient-init\fR [command options]
 \fBpki\fR [CLI options] \fBclient-cert-find\fR [command options]
-\fBpki\fR [CLI options] \fBclient-cert-request\fR <subject DN> [command options]
+\fBpki\fR [CLI options] \fBclient-cert-request\fR [subject DN] [command options]
 \fBpki\fR [CLI options] \fBclient-cert-import\fR [nickname] [command options]
 \fBpki\fR [CLI options] \fBclient-cert-mod\fR <nickname> [command options]
 \fBpki\fR [CLI options] \fBclient-cert-show\fR <nickname> [command options]
@@ -47,7 +47,7 @@ This command is to create a new security database for the client.
 This command is to list certificates in the client security database.
 .RE
 .PP
-\fBpki\fR [CLI options] \fBclient-cert-request\fR <subject DN> [command options]
+\fBpki\fR [CLI options] \fBclient-cert-request\fR [subject DN] [command options]
 .RS 4
 This command is to generate and submit a certificate request.
 .RE
@@ -88,7 +88,11 @@ To view certificates in the security database:
 
 To request a certificate:
 
-.B pki -d <security database location> -c <security database password> client-cert-request <subject DN>
+.B pki -d <security database location> -c <security database password> client-cert-request [subject DN]
+
+Some certificate profiles may require authentication using username and password. They can be specified
+using --username and --password options. If the subject DN is not specififed the CLI will generate a
+default subject DN "UID=<username>".
 
 To import a certificate from a file into the security database:
 
diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
index 370a7be5b1d09b8b445a82fce3c2185607e9ccae..3ec4745e6a38058d7bb697df5f367c8831bfa216 100644
--- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertRequestCLI.java
@@ -68,7 +68,7 @@ public class ClientCertRequestCLI extends CLI {
     }
 
     public void printHelp() {
-        formatter.printHelp(getFullName() + " <Subject DN> [OPTIONS...]", options);
+        formatter.printHelp(getFullName() + " [Subject DN] [OPTIONS...]", options);
     }
 
     public void createOptions() {
@@ -151,14 +151,23 @@ public class ClientCertRequestCLI extends CLI {
             System.exit(-1);
         }
 
-        if (cmdArgs.length < 1) {
-            System.err.println("Error: Missing subject DN.");
-            printHelp();
-            System.exit(-1);
+        String certRequestUsername = cmd.getOptionValue("username");
+
+        String subjectDN;
+
+        if (cmdArgs.length == 0) {
+            if (certRequestUsername == null) {
+                System.err.println("Error: Missing subject DN or request username.");
+                printHelp();
+                System.exit(-1);
+            }
+
+            subjectDN = "UID=" + certRequestUsername;
+
+        } else {
+            subjectDN = cmdArgs[0];
         }
 
-        String subjectDN = cmdArgs[0];
-
         // pkcs10, crmf
         String requestType = cmd.getOptionValue("type", "pkcs10");
 
@@ -316,7 +325,6 @@ public class ClientCertRequestCLI extends CLI {
             }
         }
 
-        String certRequestUsername = cmd.getOptionValue("username");
         if (certRequestUsername != null) {
             request.setAttribute("uid", certRequestUsername);
         }
-- 
2.4.3

More information about the Pki-devel mailing list