def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'tomcat=',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
tomcat_version = None
for o, a in opts:
if o == '--tomcat':
tomcat_version = pki.util.Version(a)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if len(args) != 1:
logger.error('Missing instance ID')
self.print_help()
sys.exit(1)
instance_name = args[0]
if not tomcat_version:
tomcat_version = pki.server.Tomcat.get_version()
logger.info('Migrating to Tomcat %s', tomcat_version)
module = self.get_top_module().find_module('migrate')
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
module.migrate( # pylint: disable=no-member,maybe-no-member
instance,
tomcat_version)
self.print_message('%s instance migrated' % instance_name)
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(
argv, 'i:v', ['instance=', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: %s' % e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: Unknown option: %s' % o)
self.print_help()
sys.exit(1)
if len(args) < 1:
raise Exception('Missing connector ID')
connector_name = args[0]
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.is_valid():
print('ERROR: Invalid instance: %s' % instance_name)
sys.exit(1)
instance.load()
server_config = instance.get_server_config()
connector = server_config.get_connector(connector_name)
sslhosts = server_config.get_sslhosts(connector)
self.print_message('%s entries matched' % len(sslhosts))
first = True
for sslhost in sslhosts:
if first:
first = False
else:
print()
SSLHostCLI.print_sslhost(sslhost)
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(
argv, 'i:v',
['instance=', 'tomcat=', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
instance_name = None
tomcat_version = None
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--tomcat':
tomcat_version = pki.util.Version(a)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if not tomcat_version:
tomcat_version = pki.server.Tomcat.get_version()
if len(args) > 0:
instance_name = args[0]
if instance_name:
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
self.migrate(instance, tomcat_version)
else:
instances = pki.server.instance.PKIInstance.instances()
for instance in instances:
self.migrate(instance, tomcat_version)
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(
argv, 'i:v',
['instance=', 'as-current-user', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
as_current_user = False
verbose = False
debug = False
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--as-current-user':
as_current_user = True
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
verbose = True
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
debug = True
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Invalid option: %s', o)
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance: %s', instance_name)
sys.exit(1)
instance.load()
# upgrade all subsystems
for subsystem in instance.subsystems:
cmd = [subsystem.name + '-db-upgrade']
if verbose:
cmd.append('--verbose')
elif debug:
cmd.append('--debug')
subsystem.run(cmd, as_current_user=as_current_user)
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(argv, 'i:v', [
'instance=', 'nickname=', 'token=',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
nickname = None
token = pki.nssdb.INTERNAL_TOKEN_NAME
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--nickname':
nickname = a
elif o == '--token':
token = a
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if not nickname:
logger.error('Missing nickname')
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
self.remove_cert(instance, nickname, token)
instance.delete_external_cert(nickname, token)
self.print_message('Certificate removed from instance %s.' %
instance_name)
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(argv, 'i:v', [
'instance=', 'force', 'as-current-user', 'verbose', 'debug',
'help'
])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
subsystem_name = self.parent.parent.name
force = False
as_current_user = False
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--force':
force = True
elif o == '--as-current-user':
as_current_user = True
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Invalid option: %s', o)
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance: %s', instance_name)
sys.exit(1)
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
if not subsystem:
logger.error('No %s subsystem in instance %s',
subsystem_name.upper(), instance_name)
sys.exit(1)
subsystem.remove_database(force=force, as_current_user=as_current_user)
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v',
['instance=', 'verbose', 'help'])
except getopt.GetoptError as e:
logging.error(e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--help':
self.print_help()
sys.exit()
else:
logging.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if len(args) < 1:
logging.error('Missing %s configuration parameter name',
self.parent.parent.name.upper())
self.print_help()
sys.exit(1)
if len(args) < 2:
logging.error('Missing %s configuration parameter value',
self.parent.parent.name.upper())
self.print_help()
sys.exit(1)
name = args[0]
value = args[1]
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logging.error('Invalid instance: %s', instance_name)
sys.exit(1)
instance.load()
subsystem_name = self.parent.parent.name
subsystem = instance.get_subsystem(subsystem_name)
if not subsystem:
logging.error('No such subsystem: %s', subsystem_name.upper())
sys.exit(1)
subsystem.config[name] = value
subsystem.save()
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(
argv, 'i:v', ['instance=', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: %s' % e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: Unknown option: %s' % o)
self.print_help()
sys.exit(1)
if len(args) < 1:
raise Exception('Missing connector ID')
connector_name = args[0]
if len(args) < 2:
raise Exception('Missing hostname')
hostname = args[1]
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.is_valid():
print('ERROR: Invalid instance: %s' % instance_name)
sys.exit(1)
instance.load()
server_config = instance.get_server_config()
connector = server_config.get_connector(connector_name)
server_config.remove_sslhost(connector, hostname)
server_config.save()
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(argv, 'i:d:v', [
'instance=', 'password='******'password-file=', 'force', 'verbose',
'debug', 'help'
])
except getopt.GetoptError as e:
print('ERROR: %s' % e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
force = False
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--force':
force = True
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: unknown option: %s' % o)
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.is_valid():
raise Exception('Invalid instance: %s' % instance_name)
if not force:
value = pki.util.read_text('Are you sure (Yes/No)',
options=['Y', 'N'],
default='N',
delimiter='?',
case_sensitive=False).lower()
if value != 'y':
return
instance.remove_nssdb(force=force)
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(
argv, 'i:v',
['instance=', 'password='******'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: %s' % e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
password = None
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--password':
password = a
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: Unknown option: %s' % o)
self.print_help()
sys.exit(1)
if len(args) < 1:
raise Exception('Missing password ID')
name = args[0]
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.is_valid():
raise Exception('Invalid instance: %s' % instance_name)
instance.load()
if name in instance.passwords:
raise Exception('Password already exists: %s' % name)
instance.passwords[name] = password
instance.store_passwords()
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(
argv, 'i:v', ['instance=', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.usage()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.usage()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.usage()
sys.exit(1)
if len(args) != 1:
logger.error('Missing subsystem ID')
self.usage()
sys.exit(1)
subsystem_name = args[0]
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
if not subsystem:
logger.error('ERROR: No %s subsystem in instance %s.',
subsystem_name, instance_name)
sys.exit(1)
SubsystemCLI.print_subsystem(subsystem)
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'descriptor=', 'doc-base=',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: %s' % e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
descriptor = None
doc_base = None
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--descriptor':
descriptor = a
elif o == '--doc-base':
doc_base = a
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: Unknown option: %s' % o)
self.print_help()
sys.exit(1)
if len(args) < 1:
raise Exception('Missing Webapp ID')
instance = pki.server.instance.PKIServerFactory.create(instance_name)
webapp_id = args[0]
if not instance.is_valid():
raise Exception('Invalid instance: %s' % instance_name)
instance.deploy_webapp(webapp_id, descriptor, doc_base)
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(argv, 'i:D:w:x:g:v', [
'instance=', 'bind-dn=', 'bind-password='******'generate-ldif=',
'verbose', 'debug', 'help'
])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
bind_dn = None
bind_password = None
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o in ('-D', '--bind-dn'):
bind_dn = a
elif o in ('-w', '--bind-password'):
bind_password = a
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
subsystem = instance.get_subsystem('tps')
if not subsystem:
logger.error('No TPS subsystem in instance %s.', instance_name)
sys.exit(1)
self.find_vlv(subsystem, bind_dn, bind_password)
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(
argv, 'i:v', ['instance=', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: %s' % e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: unknown option: %s' % o)
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.is_valid():
raise Exception('Invalid instance: %s' % instance_name)
server_config = instance.get_server_config()
first = True
counter = 0
for listener in server_config.get_listeners():
if first:
first = False
else:
print()
counter += 1
listener_name = 'Listener%d' % counter
ListenerCLI.print_listener(listener_name, listener)
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'force',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
name = 'acme'
instance_name = 'pki-tomcat'
force = False
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--force':
force = True
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if len(args) > 0:
name = args[0]
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.is_valid():
raise Exception('Invalid instance: %s' % instance_name)
instance.load()
acme_conf_dir = os.path.join(instance.conf_dir, name)
logging.info('Removing %s', acme_conf_dir)
pki.util.rmtree(acme_conf_dir, force=force)
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
name = 'acme'
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if len(args) > 0:
name = args[0]
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.is_valid():
raise Exception('Invalid instance: %s' % instance_name)
instance.load()
descriptor = os.path.join(pki.server.PKIServer.SHARE_DIR,
'acme/conf/Catalina/localhost/acme.xml')
doc_base = os.path.join(pki.server.PKIServer.SHARE_DIR,
'acme/webapps/acme')
logging.info('Deploying %s webapp', name)
instance.deploy_webapp(name, descriptor, doc_base)
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: %s' % e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: Unknown option: %s' % o)
self.print_help()
sys.exit(1)
if len(args) > 0:
instance_name = args[0]
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.is_valid():
raise Exception('Invalid instance: %s' % instance_name)
webapps = instance.get_webapps()
first = True
for webapp in webapps:
if first:
first = False
else:
print()
WebappCLI.print_webapp(webapp)
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(
argv, 'i:v',
['instance=', 'force', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: %s' % e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: unknown option: %s' % o)
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.is_valid():
raise Exception('Invalid instance: %s' % instance_name)
instance.load()
first = True
for name in instance.passwords:
if first:
first = False
else:
print()
PasswordCLI.print_password(name)
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(
argv, 'i:v', ['instance=', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.usage()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.usage()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.usage()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
self.print_message('%s entries matched' % len(instance.subsystems))
first = True
for subsystem in instance.subsystems:
if first:
first = False
else:
print()
SubsystemCLI.print_subsystem(subsystem)
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
for o, _ in opts:
if o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if len(args) != 1:
logger.error('Missing instance ID')
self.print_help()
sys.exit(1)
instance_name = args[0]
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
if not instance.is_active():
self.print_message('%s instance already stopped' % instance_name)
return
instance.load()
instance.stop()
self.print_message('%s instance stopped' % instance_name)
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(
argv, 'i:v', ['instance=', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
print('ERROR: %s' % e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
print('ERROR: unknown option: %s' % o)
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.is_valid():
print("ERROR: Invalid instance: %s" % instance_name)
sys.exit(1)
jss_config = instance.load_jss_config()
jss_config['certdbDir'] = instance.nssdb_dir
jss_config['passwordFile'] = instance.password_conf
instance.store_jss_config(jss_config)
server_config = instance.get_server_config()
server_config.create_listener('org.dogtagpki.tomcat.JSSListener')
server_config.save()
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
for o, _ in opts:
if o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if len(args) != 1:
logger.error('Missing instance ID')
self.print_help()
sys.exit(1)
instance_name = args[0]
module = self.get_top_module().find_module('nuxwdog-disable')
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
module.disable_nuxwdog(
instance) # pylint: disable=no-member,maybe-no-member
self.print_message('Nuxwdog disabled for instance %s.' % instance_name)
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(
argv, 'i:v', ['instance=', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Invalid option: %s', o)
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance: %s', instance_name)
sys.exit(1)
instance.load()
subsystem_name = self.parent.parent.parent.name
subsystem = instance.get_subsystem(subsystem_name)
if not subsystem:
logger.error('No %s subsystem in instance %s.',
subsystem_name.upper(), instance_name)
sys.exit(1)
SubsystemDBCLI.print_config(subsystem)
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(
argv, 'i:v', ['instance=', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.usage()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.usage()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.usage()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
if not instance.banner_installed():
logger.error('Banner is not installed')
sys.exit(1)
print(instance.get_banner())
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(argv, 'i:v',
['instance=', 'verbose', 'help'])
except getopt.GetoptError as e:
logging.error(e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--help':
self.print_help()
sys.exit()
else:
logging.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logging.error('Invalid instance: %s', instance_name)
sys.exit(1)
instance.load()
subsystem_name = self.parent.parent.name
subsystem = instance.get_subsystem(subsystem_name)
if not subsystem:
logging.error('No such subsystem: %s', subsystem_name.upper())
sys.exit(1)
for name, value in subsystem.config.items():
print('%s=%s' % (name, value))
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'cert-file=', 'trust-args=', 'nickname=', 'token=',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
cert_file = None
trust_args = '\",,\"'
nickname = None
token = pki.nssdb.INTERNAL_TOKEN_NAME
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--cert-file':
cert_file = a
elif o == '--trust-args':
trust_args = a
elif o == '--nickname':
nickname = a
elif o == '--token':
token = a
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if not cert_file:
logger.error('Missing input file containing certificate')
self.print_help()
sys.exit(1)
if not nickname:
logger.error('Missing nickname')
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
if instance.external_cert_exists(nickname, token):
logger.error('Certificate already imported for instance %s.', instance_name)
sys.exit(1)
nicks = self.import_certs(
instance, cert_file, nickname, token, trust_args)
self.update_instance_config(instance, nicks, token)
self.print_message('Certificate imported for instance %s.' %
instance_name)
def execute(self, argv):
try:
opts, _ = getopt.gnu_getopt(argv, 'i:v', [
'instance=', 'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=',
'no-key',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
instance_name = 'pki-tomcat'
pkcs12_file = None
pkcs12_password = None
no_key = False
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--pkcs12-file':
pkcs12_file = a
elif o == '--pkcs12-password':
pkcs12_password = a.encode()
elif o == '--pkcs12-password-file':
with io.open(a, 'rb') as f:
pkcs12_password = f.read()
elif o == '--no-key':
no_key = True
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if not pkcs12_file:
logger.error('Missing PKCS #12 file')
self.print_help()
sys.exit(1)
if not pkcs12_password:
logger.error('Missing PKCS #12 password')
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
subsystem = instance.get_subsystem('ocsp')
if not subsystem:
logger.error('No OCSP subsystem in instance %s.', instance_name)
sys.exit(1)
tmpdir = tempfile.mkdtemp()
try:
pkcs12_password_file = os.path.join(tmpdir, 'pkcs12_password.txt')
with open(pkcs12_password_file, 'wb') as f:
f.write(pkcs12_password)
subsystem.export_system_cert(
'subsystem', pkcs12_file, pkcs12_password_file, no_key=no_key)
subsystem.export_system_cert(
'signing', pkcs12_file, pkcs12_password_file, no_key=no_key, append=True)
subsystem.export_system_cert(
'audit_signing', pkcs12_file, pkcs12_password_file, no_key=no_key, append=True)
instance.export_external_certs(
pkcs12_file, pkcs12_password_file, append=True)
finally:
shutil.rmtree(tmpdir)
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(
argv, 'i:v', ['instance=', 'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.usage()
sys.exit(1)
instance_name = 'pki-tomcat'
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.usage()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.usage()
sys.exit(1)
if len(args) < 1:
logger.error('Missing subsystem ID')
self.usage()
sys.exit(1)
subsystem_name = args[0]
if len(args) >= 2:
cert_id = args[1]
else:
cert_id = None
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
subsystem = instance.get_subsystem(subsystem_name)
if not subsystem:
logger.error('No %s subsystem in instance %s.', subsystem_name,
instance_name)
sys.exit(1)
if cert_id is not None:
certs = [subsystem.get_subsystem_cert(cert_id)]
else:
certs = subsystem.find_system_certs()
first = True
certs_valid = True
for cert in certs:
if first:
first = False
else:
print()
certs_valid &= self.validate_certificate(instance, cert)
if certs_valid:
self.print_message("Validation succeeded")
sys.exit(0)
else:
self.print_message("Validation failed")
sys.exit(1)
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=',
'pkcs12-file=', 'pkcs12-password='******'pkcs12-password-file=',
'append', 'no-trust-flags', 'no-key', 'no-chain',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
nicknames = args
instance_name = 'pki-tomcat'
pkcs12_file = None
pkcs12_password = None
pkcs12_password_file = None
append = False
include_trust_flags = True
include_key = True
include_chain = True
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--pkcs12-file':
pkcs12_file = a
elif o == '--pkcs12-password':
pkcs12_password = a
elif o == '--pkcs12-password-file':
pkcs12_password_file = a
elif o == '--append':
append = True
elif o == '--no-trust-flags':
include_trust_flags = False
elif o == '--no-key':
include_key = False
elif o == '--no-chain':
include_chain = False
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if not pkcs12_file:
logger.error('missing output file')
self.print_help()
sys.exit(1)
instance = pki.server.instance.PKIInstance(instance_name)
if not instance.is_valid():
logger.error('Invalid instance %s.', instance_name)
sys.exit(1)
instance.load()
if not pkcs12_password and not pkcs12_password_file:
pkcs12_password = getpass.getpass(prompt='Enter password for PKCS #12 file: ')
nssdb = instance.open_nssdb()
try:
nssdb.export_pkcs12(
pkcs12_file=pkcs12_file,
pkcs12_password=pkcs12_password,
pkcs12_password_file=pkcs12_password_file,
nicknames=nicknames,
append=append,
include_trust_flags=include_trust_flags,
include_key=include_key,
include_chain=include_chain)
finally:
nssdb.close()
def execute(self, argv):
try:
opts, args = getopt.gnu_getopt(argv, 'i:v', [
'instance=', 'database=', 'backend=',
'force',
'verbose', 'debug', 'help'])
except getopt.GetoptError as e:
logger.error(e)
self.print_help()
sys.exit(1)
name = 'acme'
instance_name = 'pki-tomcat'
force = False
for o, a in opts:
if o in ('-i', '--instance'):
instance_name = a
elif o == '--force':
force = True
elif o in ('-v', '--verbose'):
logging.getLogger().setLevel(logging.INFO)
elif o == '--debug':
logging.getLogger().setLevel(logging.DEBUG)
elif o == '--help':
self.print_help()
sys.exit()
else:
logger.error('Unknown option: %s', o)
self.print_help()
sys.exit(1)
if len(args) > 0:
name = args[0]
instance = pki.server.instance.PKIServerFactory.create(instance_name)
if not instance.is_valid():
raise Exception('Invalid instance: %s' % instance_name)
instance.load()
acme_conf_dir = os.path.join(instance.conf_dir, name)
logging.info('Creating %s', acme_conf_dir)
instance.makedirs(acme_conf_dir, force=force)
acme_share_dir = os.path.join(pki.server.PKIServer.SHARE_DIR, 'acme')
metadata_template = os.path.join(acme_share_dir, 'conf', 'metadata.json')
metadata_conf = os.path.join(acme_conf_dir, 'metadata.json')
logging.info('Creating %s', metadata_conf)
instance.copy(metadata_template, metadata_conf, force=force)
database_template = os.path.join(acme_share_dir, 'conf', 'database.json')
database_conf = os.path.join(acme_conf_dir, 'database.json')
logging.info('Creating %s', database_conf)
instance.copy(database_template, database_conf, force=force)
validators_template = os.path.join(acme_share_dir, 'conf', 'validators.json')
validators_conf = os.path.join(acme_conf_dir, 'validators.json')
logging.info('Creating %s', validators_conf)
instance.copy(validators_template, validators_conf, force=force)
backend_template = os.path.join(acme_share_dir, 'conf', 'backend.json')
backend_conf = os.path.join(acme_conf_dir, 'backend.json')
logging.info('Creating %s', backend_conf)
instance.copy(backend_template, backend_conf, force=force)
