The PKI CLI has been modified to retrieve access banner from the server and ask for user confirmation at the beginning of the program. An --ignore-banner option was added to allow bypassing the banner for automation.
https://fedorahosted.org/pki/ticket/2582 -- Endi S. Dewata
>From 49caa70185e1dec270ddd0ba599905b832dc3679 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" <edew...@redhat.com> Date: Tue, 17 Jan 2017 15:20:28 +0100 Subject: [PATCH] Added access banner for PKI CLI. The PKI CLI has been modified to retrieve access banner from the server and ask for user confirmation at the beginning of the program. An --ignore-banner option was added to allow bypassing the banner for automation. https://fedorahosted.org/pki/ticket/2582 --- .../com/netscape/cmstools/cli/CLIException.java | 46 ++++++++++++++++++++++ .../src/com/netscape/cmstools/cli/MainCLI.java | 37 +++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 base/java-tools/src/com/netscape/cmstools/cli/CLIException.java diff --git a/base/java-tools/src/com/netscape/cmstools/cli/CLIException.java b/base/java-tools/src/com/netscape/cmstools/cli/CLIException.java new file mode 100644 index 0000000000000000000000000000000000000000..f36d259a1ffd6d3cf8a8fa844f08bc7f3c1b1daf --- /dev/null +++ b/base/java-tools/src/com/netscape/cmstools/cli/CLIException.java @@ -0,0 +1,46 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2017 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +package com.netscape.cmstools.cli; + +public class CLIException extends Exception { + + private static final long serialVersionUID = 1L; + + int code; + + public CLIException() { + } + + public CLIException(int code) { + this.code = code; + } + + public CLIException(String message) { + super(message); + } + + public CLIException(String message, int code) { + super(message); + this.code = code; + } + + public int getCode() { + return code; + } +} diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index c5f20711a5c93f0886f8b017216b24ba22123f18..0a9ddf0a6db3a205cdc0a11bdaa521d883f22d05 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -38,6 +38,8 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; import org.apache.commons.cli.UnrecognizedOptionException; import org.apache.commons.lang.StringUtils; +import org.dogtagpki.common.Info; +import org.dogtagpki.common.InfoClient; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.CryptoManager.NotInitializedException; import org.mozilla.jss.crypto.CryptoToken; @@ -81,6 +83,7 @@ public class MainCLI extends CLI { public Collection<Integer> rejectedCertStatuses = new HashSet<Integer>(); public Collection<Integer> ignoredCertStatuses = new HashSet<Integer>(); + public boolean ignoreBanner; public File certDatabase; String output; @@ -213,6 +216,9 @@ public class MainCLI extends CLI { option.setArgName("list"); options.addOption(option); + option = new Option(null, "ignore-banner", false, "Ignore access banner"); + options.addOption(option); + option = new Option(null, "message-format", true, "Message format: xml (default), json"); option.setArgName("format"); options.addOption(option); @@ -432,6 +438,8 @@ public class MainCLI extends CLI { list = cmd.getOptionValue("ignore-cert-status"); convertCertStatusList(list, ignoredCertStatuses); + ignoreBanner = cmd.hasOption("ignore-banner"); + this.certDatabase = new File(config.getCertDatabase()); if (verbose) System.out.println("Client security database: "+this.certDatabase.getAbsolutePath()); @@ -503,6 +511,28 @@ public class MainCLI extends CLI { PKIConnection connection = client.getConnection(); connection.setOutput(file); } + + if (!ignoreBanner) { + + InfoClient infoClient = new InfoClient(client); + Info info = infoClient.getInfo(); + String banner = info.getBanner(); + + if (banner != null) { + + System.out.println(banner.trim()); + System.out.println(); + System.out.print("Do you want to proceed (y/N)? "); + System.out.flush(); + + BufferedReader reader = new BufferedReader(new InputStreamReader(System.in)); + String line = reader.readLine().trim(); + + if (!line.equalsIgnoreCase("Y")) { + throw new CLIException(); + } + } + } } public void execute(String[] args) throws Exception { @@ -578,6 +608,13 @@ public class MainCLI extends CLI { MainCLI cli = new MainCLI(); cli.execute(args); + } catch (CLIException e) { + String message = e.getMessage(); + if (message != null) { + System.err.println(message); + } + System.exit(e.getCode()); + } catch (Throwable t) { handleException(t); System.exit(-1); -- 2.9.3
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
