Fix client-cert-import to set provided trust bits Ticket 2412
From 0fd441eee679001a0c137193e32759a1068e839e Mon Sep 17 00:00:00 2001 From: Ade Lee <a...@redhat.com> Date: Fri, 29 Jul 2016 14:42:35 +0100 Subject: [PATCH] Fix client-cert-import to set provided trust bits
Ticket 2412 --- .../netscape/cmstools/client/ClientCertImportCLI.java | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java b/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java index 9625440c01f85935b3a1d3fde8ccd82aad146452..a920079c456ab14d1c5d47b5432ee725859b4357 100644 --- a/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/client/ClientCertImportCLI.java @@ -83,7 +83,7 @@ public class ClientCertImportCLI extends CLI { option.setArgName("serial number"); options.addOption(option); - option = new Option(null, "trust", true, "Trust attributes. Default: u,u,u."); + option = new Option(null, "trust", true, "Trust attributes."); option.setArgName("trust attributes"); options.addOption(option); } @@ -140,13 +140,16 @@ public class ClientCertImportCLI extends CLI { String pkcs12PasswordPath = cmd.getOptionValue("pkcs12-password-file"); boolean importFromCAServer = cmd.hasOption("ca-server"); String serialNumber = cmd.getOptionValue("serial"); - String trustAttributes = cmd.getOptionValue("trust", "u,u,u"); + String trustAttributes = cmd.getOptionValue("trust"); // load the certificate if (certPath != null) { if (verbose) System.out.println("Importing certificate from " + certPath + "."); + if (trustAttributes == null) + trustAttributes = "u,u,u"; + importCert( mainCLI.certDatabase.getAbsolutePath(), certPath, @@ -157,7 +160,8 @@ public class ClientCertImportCLI extends CLI { if (verbose) System.out.println("Importing CA certificate from " + caCertPath + "."); - trustAttributes = "CT,c,"; + if (trustAttributes == null) + trustAttributes = "CT,c,"; importCert( mainCLI.certDatabase.getAbsolutePath(), @@ -218,7 +222,8 @@ public class ClientCertImportCLI extends CLI { out.write(bytes); } - trustAttributes = "CT,c,"; + if (trustAttributes == null) + trustAttributes = "CT,c,"; importCert( mainCLI.certDatabase.getAbsolutePath(), @@ -250,6 +255,9 @@ public class ClientCertImportCLI extends CLI { out.write(encoded); } + if (trustAttributes == null) + trustAttributes = "u,u,u"; + importCert( mainCLI.certDatabase.getAbsolutePath(), certFile.getAbsolutePath(), -- 2.4.3
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel