Search in sources :

Example 11 with IntegerArgument

use of com.unboundid.util.args.IntegerArgument in project ldapsdk by pingidentity.

the class IndentLDAPFilter method addToolArguments.

/**
 * Adds the command-line arguments supported for use with this tool to the
 * provided argument parser.  The tool may need to retain references to the
 * arguments (and/or the argument parser, if trailing arguments are allowed)
 * to it in order to obtain their values for use in later processing.
 *
 * @param  parser  The argument parser to which the arguments are to be added.
 *
 * @throws  ArgumentException  If a problem occurs while adding any of the
 *                             tool-specific arguments to the provided
 *                             argument parser.
 */
@Override()
public void addToolArguments(@NotNull final ArgumentParser parser) throws ArgumentException {
    this.parser = parser;
    final IntegerArgument indentColumnsArg = new IntegerArgument(null, ARG_INDENT_SPACES, false, 1, "{numSpaces}", "Specifies the number of spaces that should be used to indent each " + "additional level of filter hierarchy.  A value of zero " + "indicates that the hierarchy should be displayed without any " + "additional indenting.  If this argument is not provided, a " + "default indent of two spaces will be used.", 0, Integer.MAX_VALUE, 2);
    indentColumnsArg.addLongIdentifier("indentSpaces", true);
    indentColumnsArg.addLongIdentifier("indent-columns", true);
    indentColumnsArg.addLongIdentifier("indentColumns", true);
    indentColumnsArg.addLongIdentifier("indent", true);
    parser.addArgument(indentColumnsArg);
    final BooleanArgument doNotSimplifyArg = new BooleanArgument(null, ARG_DO_NOT_SIMPLIFY, 1, "Indicates that the tool should not make any attempt to simplify " + "the provided filter.  If this argument is not provided, then " + "the tool will try to simplify the provided filter (for " + "example, by removing unnecessary levels of hierarchy, like an " + "AND embedded in an AND).");
    doNotSimplifyArg.addLongIdentifier("doNotSimplify", true);
    doNotSimplifyArg.addLongIdentifier("do-not-simplify-filter", true);
    doNotSimplifyArg.addLongIdentifier("doNotSimplifyFilter", true);
    doNotSimplifyArg.addLongIdentifier("dont-simplify", true);
    doNotSimplifyArg.addLongIdentifier("dontSimplify", true);
    doNotSimplifyArg.addLongIdentifier("dont-simplify-filter", true);
    doNotSimplifyArg.addLongIdentifier("dontSimplifyFilter", true);
    parser.addArgument(doNotSimplifyArg);
}
Also used : IntegerArgument(com.unboundid.util.args.IntegerArgument) BooleanArgument(com.unboundid.util.args.BooleanArgument)

Example 12 with IntegerArgument

use of com.unboundid.util.args.IntegerArgument in project ldapsdk by pingidentity.

the class CommandLineToolInteractiveModeProcessor method promptForLDAPArguments.

/**
 * Interactively prompts for the arguments used to connect and optionally
 * authenticate to the directory server.
 *
 * @param  argList  The list to which the string representations of all LDAP
 *                  arguments should be added.
 * @param  test     Indicates whether to attempt to use the arguments to
 *                  establish an LDAP connection.
 *
 * @throws  LDAPException  If a problem is encountered while interacting with
 *                         the user, or if the user wants to quit.
 */
private void promptForLDAPArguments(@NotNull final List<String> argList, final boolean test) throws LDAPException {
    final LDAPCommandLineTool ldapTool = (LDAPCommandLineTool) tool;
    argList.clear();
    // Get the address of the directory server.
    final String defaultHostname;
    final StringArgument hostnameArgument = parser.getStringArgument("hostname");
    if (hostnameArgument.isPresent()) {
        defaultHostname = hostnameArgument.getValue();
    } else {
        defaultHostname = "localhost";
    }
    ArgumentHelper.reset(hostnameArgument);
    final String hostname = promptForString(INFO_INTERACTIVE_LDAP_PROMPT_HOST.get(), defaultHostname, true);
    ArgumentHelper.addValueSuppressException(hostnameArgument, hostname);
    argList.add("--hostname");
    argList.add(hostname);
    // If this tool is running with access to Directory Server data, and if the
    // selected hostname is "localhost" or a loopback address, then try to load
    // information about the server's connection handlers.
    List<LDAPConnectionHandlerConfiguration> serverListenerConfigs = null;
    final File dsInstanceRoot = InternalSDKHelper.getPingIdentityServerRoot();
    if (dsInstanceRoot != null) {
        final File configFile = StaticUtils.constructPath(dsInstanceRoot, "config", "config.ldif");
        if (configFile.exists() && configFile.isFile()) {
            try {
                serverListenerConfigs = LDAPConnectionHandlerConfiguration.readConfiguration(configFile, true);
            } catch (final Exception e) {
                Debug.debugException(e);
            }
        }
    }
    // Determine the type of connection security to use.
    final BooleanArgument useSSLArgument = parser.getBooleanArgument("useSSL");
    final BooleanArgument useStartTLSArgument = parser.getBooleanArgument("useStartTLS");
    final String defaultSecurityChoice;
    if (useSSLArgument.isPresent()) {
        defaultSecurityChoice = "1";
    } else if (useStartTLSArgument.isPresent()) {
        defaultSecurityChoice = "3";
    } else if ((serverListenerConfigs != null) && (!serverListenerConfigs.isEmpty())) {
        final LDAPConnectionHandlerConfiguration cfg = serverListenerConfigs.get(0);
        if (cfg.usesSSL()) {
            defaultSecurityChoice = "1";
        } else if (cfg.supportsStartTLS()) {
            defaultSecurityChoice = "3";
        } else {
            defaultSecurityChoice = "5";
        }
    } else {
        defaultSecurityChoice = "1";
    }
    ArgumentHelper.reset(useSSLArgument);
    ArgumentHelper.reset(useStartTLSArgument);
    final boolean useSSL;
    final boolean useStartTLS;
    final boolean defaultTrust;
    final int securityType = getNumberedMenuChoice(INFO_INTERACTIVE_LDAP_SECURITY_PROMPT.get(), false, defaultSecurityChoice, INFO_INTERACTIVE_LDAP_SECURITY_OPTION_SSL_DEFAULT.get(), INFO_INTERACTIVE_LDAP_SECURITY_OPTION_SSL_MANUAL.get(), INFO_INTERACTIVE_LDAP_SECURITY_OPTION_START_TLS_DEFAULT.get(), INFO_INTERACTIVE_LDAP_SECURITY_OPTION_START_TLS_MANUAL.get(), INFO_INTERACTIVE_LDAP_SECURITY_OPTION_NONE.get());
    switch(securityType) {
        case 0:
            useSSL = true;
            useStartTLS = false;
            defaultTrust = true;
            argList.add("--useSSL");
            ArgumentHelper.incrementOccurrencesSuppressException(useSSLArgument);
            break;
        case 1:
            useSSL = true;
            useStartTLS = false;
            defaultTrust = false;
            argList.add("--useSSL");
            ArgumentHelper.incrementOccurrencesSuppressException(useSSLArgument);
            break;
        case 2:
            useSSL = false;
            useStartTLS = true;
            defaultTrust = true;
            argList.add("--useStartTLS");
            ArgumentHelper.incrementOccurrencesSuppressException(useStartTLSArgument);
            break;
        case 3:
            useSSL = false;
            useStartTLS = true;
            defaultTrust = false;
            argList.add("--useStartTLS");
            ArgumentHelper.incrementOccurrencesSuppressException(useStartTLSArgument);
            break;
        case 4:
        default:
            useSSL = false;
            useStartTLS = false;
            defaultTrust = false;
            break;
    }
    // If we are to use security without default trust configuration, then
    // prompt for the appropriate settings.
    BindRequest bindRequest = null;
    boolean trustAll = false;
    byte[] keyStorePIN = null;
    byte[] trustStorePIN = null;
    File keyStorePath = null;
    File trustStorePath = null;
    String certificateNickname = null;
    String keyStoreFormat = null;
    String trustStoreFormat = null;
    final StringArgument keyStorePasswordArgument = parser.getStringArgument("keyStorePassword");
    final StringArgument trustStorePasswordArgument = parser.getStringArgument("trustStorePassword");
    final StringArgument saslOptionArgument = parser.getStringArgument("saslOption");
    if (!defaultTrust) {
        // If the user wants to connect securely, then get the appropriate set of
        // arguments pertaining to key and trust managers.
        ArgumentHelper.reset(keyStorePasswordArgument);
        ArgumentHelper.reset(trustStorePasswordArgument);
        ArgumentHelper.reset(parser.getNamedArgument("keyStorePasswordFile"));
        ArgumentHelper.reset(parser.getNamedArgument("promptForKeyStorePassword"));
        ArgumentHelper.reset(parser.getNamedArgument("trustStorePasswordFile"));
        ArgumentHelper.reset(parser.getNamedArgument("promptForTrustStorePassword"));
        if (useSSL || useStartTLS) {
            final StringArgument keyStorePathArgument = parser.getStringArgument("keyStorePath");
            final StringArgument keyStoreFormatArgument = parser.getStringArgument("keyStoreFormat");
            // Determine if a client certificate should be presented.
            final String defaultStoreTypeChoice;
            if (keyStoreFormatArgument.isPresent()) {
                final String format = keyStoreFormatArgument.getValue();
                if (format.equalsIgnoreCase(CryptoHelper.KEY_STORE_TYPE_PKCS_12)) {
                    defaultStoreTypeChoice = "3";
                } else {
                    defaultStoreTypeChoice = "2";
                }
            } else if (keyStorePathArgument.isPresent()) {
                defaultStoreTypeChoice = "2";
            } else {
                defaultStoreTypeChoice = "1";
            }
            final String defaultKeyStorePath;
            if (keyStorePathArgument.isPresent()) {
                defaultKeyStorePath = keyStorePathArgument.getValue();
            } else {
                defaultKeyStorePath = null;
            }
            final String defaultCertNickname;
            final StringArgument certNicknameArgument = parser.getStringArgument("certNickname");
            if (certNicknameArgument.isPresent()) {
                defaultCertNickname = certNicknameArgument.getValue();
            } else {
                defaultCertNickname = null;
            }
            ArgumentHelper.reset(keyStorePathArgument);
            ArgumentHelper.reset(keyStoreFormatArgument);
            ArgumentHelper.reset(certNicknameArgument);
            final int keystoreType = getNumberedMenuChoice(INFO_INTERACTIVE_LDAP_CLIENT_CERT_PROMPT.get(), false, defaultStoreTypeChoice, INFO_INTERACTIVE_LDAP_CLIENT_CERT_OPTION_NO.get(), INFO_INTERACTIVE_LDAP_CLIENT_CERT_OPTION_JKS.get(), INFO_INTERACTIVE_LDAP_CLIENT_CERT_OPTION_PKCS12.get());
            ArgumentHelper.reset(keyStoreFormatArgument);
            switch(keystoreType) {
                case 1:
                    keyStoreFormat = CryptoHelper.KEY_STORE_TYPE_JKS;
                    break;
                case 2:
                    keyStoreFormat = CryptoHelper.KEY_STORE_TYPE_PKCS_12;
                    break;
                case 0:
                default:
                    break;
            }
            if (keyStoreFormat != null) {
                ArgumentHelper.addValueSuppressException(keyStoreFormatArgument, keyStoreFormat);
                // Get the path to the keystore file.
                keyStorePath = promptForPath(INFO_INTERACTIVE_LDAP_KEYSTORE_PATH_PROMPT.get(), defaultKeyStorePath, true, true, true, true, false);
                argList.add("--keyStorePath");
                argList.add(keyStorePath.getAbsolutePath());
                ArgumentHelper.addValueSuppressException(keyStorePathArgument, keyStorePath.getAbsolutePath());
                // Get the PIN needed to access the keystore.
                keyStorePIN = promptForPassword(INFO_INTERACTIVE_LDAP_KEYSTORE_PIN_PROMPT.get(), null, false);
                if (keyStorePIN != null) {
                    argList.add("--keyStorePassword");
                    argList.add("***REDACTED***");
                    ArgumentHelper.addValueSuppressException(keyStorePasswordArgument, StaticUtils.toUTF8String(keyStorePIN));
                }
                argList.add("--keyStoreFormat");
                argList.add(keyStoreFormat);
                certificateNickname = promptForString(INFO_INTERACTIVE_LDAP_CERT_NICKNAME_PROMPT.get(), defaultCertNickname, false);
                if (certificateNickname != null) {
                    argList.add("--certNickname");
                    argList.add(certificateNickname);
                    ArgumentHelper.addValueSuppressException(certNicknameArgument, certificateNickname);
                }
                if (ldapTool.supportsAuthentication() && promptForYesNo(INFO_INTERACTIVE_LDAP_CERT_AUTH_PROMPT.get(), false, true)) {
                    bindRequest = new EXTERNALBindRequest();
                    argList.add("--saslOption");
                    argList.add("mech=EXTERNAL");
                    ArgumentHelper.reset(saslOptionArgument);
                    ArgumentHelper.addValueSuppressException(saslOptionArgument, "mech=EXTERNAL");
                }
            }
            // Determine how to trust the server certificate.
            final BooleanArgument trustAllArgument = parser.getBooleanArgument("trustAll");
            final StringArgument trustStorePathArgument = parser.getStringArgument("trustStorePath");
            final StringArgument trustStoreFormatArgument = parser.getStringArgument("trustStoreFormat");
            final String defaultTrustTypeChoice;
            if (trustAllArgument.isPresent()) {
                defaultTrustTypeChoice = "4";
            } else if (trustStoreFormatArgument.isPresent()) {
                final String format = trustStoreFormatArgument.getValue();
                if (format.equalsIgnoreCase(CryptoHelper.KEY_STORE_TYPE_PKCS_12)) {
                    defaultTrustTypeChoice = "3";
                } else {
                    defaultTrustTypeChoice = "2";
                }
            } else if (trustStorePathArgument.isPresent()) {
                defaultTrustTypeChoice = "2";
            } else {
                defaultTrustTypeChoice = "1";
            }
            final String defaultTrustStorePath;
            if (trustStorePathArgument.isPresent()) {
                defaultTrustStorePath = trustStorePathArgument.getValue();
            } else {
                defaultTrustStorePath = null;
            }
            ArgumentHelper.reset(trustAllArgument);
            ArgumentHelper.reset(trustStorePathArgument);
            ArgumentHelper.reset(trustStoreFormatArgument);
            final int trustType = getNumberedMenuChoice(INFO_INTERACTIVE_LDAP_TRUST_PROMPT.get(), false, defaultTrustTypeChoice, INFO_INTERACTIVE_LDAP_TRUST_OPTION_PROMPT.get(), INFO_INTERACTIVE_LDAP_TRUST_OPTION_JKS.get(), INFO_INTERACTIVE_LDAP_TRUST_OPTION_PKCS12.get(), INFO_INTERACTIVE_LDAP_TRUST_OPTION_BLIND.get());
            switch(trustType) {
                case 1:
                    trustStoreFormat = CryptoHelper.KEY_STORE_TYPE_JKS;
                    break;
                case 2:
                    trustStoreFormat = CryptoHelper.KEY_STORE_TYPE_PKCS_12;
                    break;
                case 3:
                    trustAll = true;
                    argList.add("--trustAll");
                    ArgumentHelper.incrementOccurrencesSuppressException(trustAllArgument);
                    break;
                case 0:
                default:
                    // We will interactively prompt the user about whether to trust the
                    // certificate in the test section below.  However, to avoid
                    // prompting the user twice, we will configure the tool behind the
                    // scenes to trust all certificates.
                    ArgumentHelper.incrementOccurrencesSuppressException(trustAllArgument);
                    break;
            }
            if (trustStoreFormat != null) {
                ArgumentHelper.addValueSuppressException(trustStoreFormatArgument, trustStoreFormat);
                // Get the path to the truststore file.
                trustStorePath = promptForPath(INFO_INTERACTIVE_LDAP_TRUSTSTORE_PATH_PROMPT.get(), defaultTrustStorePath, true, true, true, true, false);
                argList.add("--trustStorePath");
                argList.add(trustStorePath.getAbsolutePath());
                ArgumentHelper.addValueSuppressException(trustStorePathArgument, trustStorePath.getAbsolutePath());
                // Get the PIN needed to access the truststore.
                trustStorePIN = promptForPassword(INFO_INTERACTIVE_LDAP_TRUSTSTORE_PIN_PROMPT.get(), null, false);
                if (trustStorePIN != null) {
                    argList.add("--trustStorePassword");
                    argList.add("***REDACTED***");
                    ArgumentHelper.addValueSuppressException(trustStorePasswordArgument, StaticUtils.toUTF8String(trustStorePIN));
                }
                argList.add("--trustStoreFormat");
                argList.add(trustStoreFormat);
            }
        } else {
            ArgumentHelper.reset(parser.getNamedArgument("keyStorePath"));
            ArgumentHelper.reset(parser.getNamedArgument("keyStoreFormat"));
            ArgumentHelper.reset(parser.getNamedArgument("trustStorePath"));
            ArgumentHelper.reset(parser.getNamedArgument("trustStoreFormat"));
            ArgumentHelper.reset(parser.getNamedArgument("certNickname"));
        }
    }
    // Get the port of the directory server.
    int defaultPort;
    final IntegerArgument portArgument = parser.getIntegerArgument("port");
    if (portArgument.getNumOccurrences() > 0) {
        // Note -- We're using getNumOccurrences here because isPresent also
        // returns true if there is a default value, and that could be wrong in
        // this case because the default value doesn't know about SSL.
        defaultPort = portArgument.getValue();
    } else if (useSSL) {
        defaultPort = 636;
        if (serverListenerConfigs != null) {
            for (final LDAPConnectionHandlerConfiguration cfg : serverListenerConfigs) {
                if (cfg.usesSSL()) {
                    defaultPort = cfg.getPort();
                    break;
                }
            }
        }
    } else if (useStartTLS) {
        defaultPort = 389;
        if (serverListenerConfigs != null) {
            for (final LDAPConnectionHandlerConfiguration cfg : serverListenerConfigs) {
                if (cfg.supportsStartTLS()) {
                    defaultPort = cfg.getPort();
                    break;
                }
            }
        }
    } else {
        defaultPort = 389;
        if (serverListenerConfigs != null) {
            for (final LDAPConnectionHandlerConfiguration cfg : serverListenerConfigs) {
                if (!cfg.usesSSL()) {
                    defaultPort = cfg.getPort();
                    break;
                }
            }
        }
    }
    ArgumentHelper.reset(portArgument);
    final int port = promptForInteger(INFO_INTERACTIVE_LDAP_PROMPT_PORT.get(), defaultPort, 1, 65_535, true);
    argList.add("--port");
    argList.add(String.valueOf(port));
    ArgumentHelper.addValueSuppressException(portArgument, String.valueOf(port));
    // Determine how to authenticate to the directory server.
    if (ldapTool.supportsAuthentication()) {
        final DNArgument bindDNArgument = parser.getDNArgument("bindDN");
        final StringArgument bindPasswordArgument = parser.getStringArgument("bindPassword");
        ArgumentHelper.reset(bindPasswordArgument);
        ArgumentHelper.reset(parser.getNamedArgument("bindPasswordFile"));
        ArgumentHelper.reset(parser.getNamedArgument("promptForBindPassword"));
        if (bindRequest == null) {
            final String defaultAuthTypeChoice;
            final String defaultBindDN;
            if (saslOptionArgument.isPresent()) {
                defaultAuthTypeChoice = "2";
                defaultBindDN = null;
            } else {
                defaultAuthTypeChoice = "1";
                if (bindDNArgument.isPresent()) {
                    defaultBindDN = bindDNArgument.getStringValue();
                } else {
                    defaultBindDN = null;
                }
            }
            ArgumentHelper.reset(bindDNArgument);
            boolean useSimpleAuth = false;
            boolean useSASLAuth = false;
            final int authMethod = getNumberedMenuChoice(INFO_INTERACTIVE_LDAP_AUTH_PROMPT.get(), false, defaultAuthTypeChoice, INFO_INTERACTIVE_LDAP_AUTH_OPTION_SIMPLE.get(), INFO_INTERACTIVE_LDAP_AUTH_OPTION_SASL.get(), INFO_INTERACTIVE_LDAP_AUTH_OPTION_NONE.get());
            switch(authMethod) {
                case 0:
                    useSimpleAuth = true;
                    break;
                case 1:
                    useSASLAuth = true;
                    break;
                case 2:
                default:
                    break;
            }
            if (useSimpleAuth) {
                ArgumentHelper.reset(saslOptionArgument);
                final DN bindDN = promptForDN(INFO_INTERACTIVE_LDAP_AUTH_BIND_DN_PROMPT.get(), defaultBindDN, true);
                if (bindDN.isNullDN()) {
                    bindRequest = new SimpleBindRequest();
                    argList.add("--bindDN");
                    argList.add("");
                    argList.add("--bindPassword");
                    argList.add("");
                    ArgumentHelper.addValueSuppressException(bindDNArgument, "");
                    ArgumentHelper.addValueSuppressException(bindPasswordArgument, "");
                } else {
                    final byte[] bindPassword = promptForPassword(INFO_INTERACTIVE_LDAP_AUTH_PW_PROMPT.get(), null, true);
                    bindRequest = new SimpleBindRequest(bindDN, bindPassword);
                    argList.add("--bindDN");
                    argList.add(bindDN.toString());
                    argList.add("--bindPassword");
                    argList.add("***REDACTED***");
                    ArgumentHelper.addValueSuppressException(bindDNArgument, bindDN.toString());
                    ArgumentHelper.addValueSuppressException(bindPasswordArgument, StaticUtils.toUTF8String(bindPassword));
                }
            } else if (useSASLAuth) {
                String defaultMechChoice = null;
                String defaultAuthID = null;
                String defaultAuthzID = null;
                String defaultRealm = null;
                if (saslOptionArgument.isPresent()) {
                    for (final String saslOption : saslOptionArgument.getValues()) {
                        final String lowerOption = StaticUtils.toLowerCase(saslOption);
                        if (lowerOption.equals("mech=cram-md5")) {
                            defaultMechChoice = "1";
                        } else if (lowerOption.equals("mech=digest-md5")) {
                            defaultMechChoice = "2";
                        } else if (lowerOption.equals("mech=plain")) {
                            defaultMechChoice = "3";
                        } else if (lowerOption.startsWith("authid=")) {
                            defaultAuthID = saslOption.substring(7);
                        } else if (lowerOption.startsWith("authzid=")) {
                            defaultAuthzID = saslOption.substring(8);
                        } else if (lowerOption.startsWith("realm=")) {
                            defaultRealm = saslOption.substring(6);
                        }
                    }
                }
                ArgumentHelper.reset(saslOptionArgument);
                final int mech = getNumberedMenuChoice(INFO_INTERACTIVE_LDAP_AUTH_SASL_PROMPT.get(), false, defaultMechChoice, INFO_INTERACTIVE_LDAP_SASL_OPTION_CRAM_MD5.get(), INFO_INTERACTIVE_LDAP_SASL_OPTION_DIGEST_MD5.get(), INFO_INTERACTIVE_LDAP_SASL_OPTION_PLAIN.get());
                switch(mech) {
                    case 0:
                        String authID = promptForString(INFO_INTERACTIVE_LDAP_AUTH_AUTHID_PROMPT.get(), defaultAuthID, true);
                        byte[] pw = promptForPassword(INFO_INTERACTIVE_LDAP_AUTH_PW_PROMPT.get(), null, true);
                        bindRequest = new CRAMMD5BindRequest(authID, pw);
                        argList.add("--saslOption");
                        argList.add("mech=CRAM-MD5");
                        argList.add("--saslOption");
                        argList.add("authID=" + authID);
                        argList.add("--bindPassword");
                        argList.add("***REDACTED***");
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "mech=CRAM-MD5");
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "authID=" + authID);
                        ArgumentHelper.addValueSuppressException(bindPasswordArgument, StaticUtils.toUTF8String(pw));
                        break;
                    case 1:
                        authID = promptForString(INFO_INTERACTIVE_LDAP_AUTH_AUTHID_PROMPT.get(), defaultAuthID, true);
                        String authzID = promptForString(INFO_INTERACTIVE_LDAP_AUTH_AUTHZID_PROMPT.get(), defaultAuthzID, false);
                        final String realm = promptForString(INFO_INTERACTIVE_LDAP_AUTH_REALM_PROMPT.get(), defaultRealm, false);
                        pw = promptForPassword(INFO_INTERACTIVE_LDAP_AUTH_PW_PROMPT.get(), null, true);
                        bindRequest = new DIGESTMD5BindRequest(authID, authzID, pw, realm);
                        argList.add("--saslOption");
                        argList.add("mech=DIGEST-MD5");
                        argList.add("--saslOption");
                        argList.add("authID=" + authID);
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "mech=DIGEST-MD5");
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "authID=" + authID);
                        if (authzID != null) {
                            argList.add("--saslOption");
                            argList.add("authzID=" + authzID);
                            ArgumentHelper.addValueSuppressException(saslOptionArgument, "authzID=" + authzID);
                        }
                        if (realm != null) {
                            argList.add("--saslOption");
                            argList.add("realm=" + realm);
                            ArgumentHelper.addValueSuppressException(saslOptionArgument, "realm=" + realm);
                        }
                        argList.add("--bindPassword");
                        argList.add("***REDACTED***");
                        ArgumentHelper.addValueSuppressException(bindPasswordArgument, StaticUtils.toUTF8String(pw));
                        break;
                    case 2:
                        authID = promptForString(INFO_INTERACTIVE_LDAP_AUTH_AUTHID_PROMPT.get(), defaultAuthID, true);
                        authzID = promptForString(INFO_INTERACTIVE_LDAP_AUTH_AUTHZID_PROMPT.get(), defaultAuthzID, false);
                        pw = promptForPassword(INFO_INTERACTIVE_LDAP_AUTH_PW_PROMPT.get(), null, true);
                        bindRequest = new PLAINBindRequest(authID, authzID, pw);
                        argList.add("--saslOption");
                        argList.add("mech=PLAIN");
                        argList.add("--saslOption");
                        argList.add("authID=" + authID);
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "mech=PLAIN");
                        ArgumentHelper.addValueSuppressException(saslOptionArgument, "authID=" + authID);
                        if (authzID != null) {
                            argList.add("--saslOption");
                            argList.add("authzID=" + authzID);
                            ArgumentHelper.addValueSuppressException(saslOptionArgument, "authzID=" + authzID);
                        }
                        argList.add("--bindPassword");
                        argList.add("***REDACTED***");
                        ArgumentHelper.addValueSuppressException(bindPasswordArgument, StaticUtils.toUTF8String(pw));
                        break;
                }
            }
        } else {
            ArgumentHelper.reset(bindDNArgument);
        }
    }
    if (test) {
        // Perform the necessary initialization for SSL/TLS communication.
        final SSLUtil sslUtil;
        if (useSSL || useStartTLS) {
            final KeyManager keyManager;
            if (keyStorePath == null) {
                keyManager = null;
            } else {
                final char[] pinChars;
                if (keyStorePIN == null) {
                    pinChars = null;
                } else {
                    final String pinString = StaticUtils.toUTF8String(keyStorePIN);
                    pinChars = pinString.toCharArray();
                }
                try {
                    keyManager = new KeyStoreKeyManager(keyStorePath, pinChars, keyStoreFormat, certificateNickname, true);
                } catch (final Exception e) {
                    Debug.debugException(e);
                    tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_CREATE_KEY_MANAGER.get(StaticUtils.getExceptionMessage(e)));
                    if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                        promptForLDAPArguments(argList, test);
                        return;
                    } else {
                        throw new LDAPException(ResultCode.LOCAL_ERROR, "", e);
                    }
                }
            }
            final TrustManager trustManager;
            if (trustAll) {
                trustManager = new TrustAllTrustManager();
            } else if (trustStorePath == null) {
                trustManager = InternalSDKHelper.getPreferredPromptTrustManagerChain(null);
            } else {
                final char[] pinChars;
                if (trustStorePIN == null) {
                    pinChars = null;
                } else {
                    final String pinString = StaticUtils.toUTF8String(trustStorePIN);
                    pinChars = pinString.toCharArray();
                }
                try {
                    trustManager = new TrustStoreTrustManager(trustStorePath, pinChars, trustStoreFormat, true);
                } catch (final Exception e) {
                    Debug.debugException(e);
                    tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_CREATE_TRUST_MANAGER.get(StaticUtils.getExceptionMessage(e)));
                    if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                        promptForLDAPArguments(argList, test);
                        return;
                    } else {
                        throw new LDAPException(ResultCode.LOCAL_ERROR, "", e);
                    }
                }
            }
            sslUtil = new SSLUtil(keyManager, trustManager);
        } else {
            sslUtil = null;
        }
        // Create and establish the connection.
        final LDAPConnection conn;
        if (useSSL) {
            try {
                conn = new LDAPConnection(sslUtil.createSSLSocketFactory());
            } catch (final Exception e) {
                Debug.debugException(e);
                tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_CREATE_SOCKET_FACTORY.get(StaticUtils.getExceptionMessage(e)), e);
                if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                    promptForLDAPArguments(argList, test);
                    return;
                } else {
                    throw new LDAPException(ResultCode.LOCAL_ERROR, "", e);
                }
            }
        } else {
            conn = new LDAPConnection();
        }
        try {
            try {
                conn.connect(hostname, port);
            } catch (final LDAPException le) {
                Debug.debugException(le);
                tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_CONNECT.get(hostname, port, le.getResultString()));
                if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                    promptForLDAPArguments(argList, test);
                    return;
                } else {
                    throw new LDAPException(le.getResultCode(), "", le);
                }
            }
            // If we should use StartTLS to secure the connection, then do so now.
            if (useStartTLS) {
                try {
                    final ExtendedResult startTLSResult = conn.processExtendedOperation(new StartTLSExtendedRequest(sslUtil.createSSLContext()));
                    if (startTLSResult.getResultCode() != ResultCode.SUCCESS) {
                        throw new LDAPException(startTLSResult);
                    }
                } catch (final Exception e) {
                    Debug.debugException(e);
                    final String msg;
                    if (e instanceof LDAPException) {
                        msg = ((LDAPException) e).getResultString();
                    } else {
                        msg = StaticUtils.getExceptionMessage(e);
                    }
                    tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_PERFORM_STARTTLS.get(msg));
                    if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                        promptForLDAPArguments(argList, test);
                        return;
                    } else {
                        throw new LDAPException(ResultCode.LOCAL_ERROR, "", e);
                    }
                }
            }
            // Authenticate the connection if appropriate.
            if (bindRequest != null) {
                try {
                    conn.bind(bindRequest);
                } catch (final LDAPException le) {
                    Debug.debugException(le);
                    tool.wrapErr(0, wrapColumn, ERR_INTERACTIVE_LDAP_CANNOT_AUTHENTICATE.get(le.getResultString()));
                    if (promptForYesNo(INFO_INTERACTIVE_LDAP_RETRY_PROMPT.get(), true, true)) {
                        promptForLDAPArguments(argList, test);
                        return;
                    } else {
                        throw new LDAPException(le.getResultCode(), "", le);
                    }
                }
            }
        } finally {
            conn.close();
        }
    }
}
Also used : TrustStoreTrustManager(com.unboundid.util.ssl.TrustStoreTrustManager) BindRequest(com.unboundid.ldap.sdk.BindRequest) EXTERNALBindRequest(com.unboundid.ldap.sdk.EXTERNALBindRequest) DIGESTMD5BindRequest(com.unboundid.ldap.sdk.DIGESTMD5BindRequest) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) CRAMMD5BindRequest(com.unboundid.ldap.sdk.CRAMMD5BindRequest) PLAINBindRequest(com.unboundid.ldap.sdk.PLAINBindRequest) DN(com.unboundid.ldap.sdk.DN) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager) SSLUtil(com.unboundid.util.ssl.SSLUtil) DNArgument(com.unboundid.util.args.DNArgument) SimpleBindRequest(com.unboundid.ldap.sdk.SimpleBindRequest) IntegerArgument(com.unboundid.util.args.IntegerArgument) DIGESTMD5BindRequest(com.unboundid.ldap.sdk.DIGESTMD5BindRequest) KeyStoreKeyManager(com.unboundid.util.ssl.KeyStoreKeyManager) KeyManager(javax.net.ssl.KeyManager) KeyStoreKeyManager(com.unboundid.util.ssl.KeyStoreKeyManager) LDAPConnectionHandlerConfiguration(com.unboundid.ldap.sdk.unboundidds.LDAPConnectionHandlerConfiguration) BooleanArgument(com.unboundid.util.args.BooleanArgument) CRAMMD5BindRequest(com.unboundid.ldap.sdk.CRAMMD5BindRequest) LDAPConnection(com.unboundid.ldap.sdk.LDAPConnection) ArgumentException(com.unboundid.util.args.ArgumentException) LDAPException(com.unboundid.ldap.sdk.LDAPException) StringArgument(com.unboundid.util.args.StringArgument) TrustManager(javax.net.ssl.TrustManager) TrustAllTrustManager(com.unboundid.util.ssl.TrustAllTrustManager) TrustStoreTrustManager(com.unboundid.util.ssl.TrustStoreTrustManager) EXTERNALBindRequest(com.unboundid.ldap.sdk.EXTERNALBindRequest) LDAPException(com.unboundid.ldap.sdk.LDAPException) ExtendedResult(com.unboundid.ldap.sdk.ExtendedResult) File(java.io.File) StartTLSExtendedRequest(com.unboundid.ldap.sdk.extensions.StartTLSExtendedRequest)

Example 13 with IntegerArgument

use of com.unboundid.util.args.IntegerArgument in project ldapsdk by pingidentity.

the class LDIFModify method addToolArguments.

/**
 * {@inheritDoc}
 */
@Override()
public void addToolArguments(@NotNull final ArgumentParser parser) throws ArgumentException {
    sourceLDIF = new FileArgument('s', "sourceLDIF", (sourceReader == null), 1, null, INFO_LDIFMODIFY_ARG_DESC_SOURCE_LDIF.get(), true, true, true, false);
    sourceLDIF.addLongIdentifier("source-ldif", true);
    sourceLDIF.addLongIdentifier("sourceFile", true);
    sourceLDIF.addLongIdentifier("source-file", true);
    sourceLDIF.addLongIdentifier("source", true);
    sourceLDIF.addLongIdentifier("inputLDIF", true);
    sourceLDIF.addLongIdentifier("input-ldif", true);
    sourceLDIF.addLongIdentifier("inputFile", true);
    sourceLDIF.addLongIdentifier("input-file", true);
    sourceLDIF.addLongIdentifier("input", true);
    sourceLDIF.addLongIdentifier("ldifFile", true);
    sourceLDIF.addLongIdentifier("ldif-file", true);
    sourceLDIF.addLongIdentifier("ldif", true);
    sourceLDIF.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_INPUT.get());
    parser.addArgument(sourceLDIF);
    final String sourcePWDesc;
    if (PING_SERVER_AVAILABLE) {
        sourcePWDesc = INFO_LDIFMODIFY_ARG_DESC_SOURCE_PW_FILE_PING_SERVER.get();
    } else {
        sourcePWDesc = INFO_LDIFMODIFY_ARG_DESC_SOURCE_PW_FILE_STANDALONE.get();
    }
    sourceEncryptionPassphraseFile = new FileArgument(null, "sourceEncryptionPassphraseFile", false, 1, null, sourcePWDesc, true, true, true, false);
    sourceEncryptionPassphraseFile.addLongIdentifier("source-encryption-passphrase-file", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("sourcePassphraseFile", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("source-passphrase-file", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("sourceEncryptionPasswordFile", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("source-encryption-password-file", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("sourcePasswordFile", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("source-password-file", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("inputEncryptionPassphraseFile", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("input-encryption-passphrase-file", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("inputPassphraseFile", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("input-passphrase-file", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("inputEncryptionPasswordFile", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("input-encryption-password-file", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("inputPasswordFile", true);
    sourceEncryptionPassphraseFile.addLongIdentifier("input-password-file", true);
    sourceEncryptionPassphraseFile.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_INPUT.get());
    parser.addArgument(sourceEncryptionPassphraseFile);
    changesLDIF = new FileArgument('m', "changesLDIF", (changesReader == null), 1, null, INFO_LDIFMODIFY_ARG_DESC_CHANGES_LDIF.get(), true, true, true, false);
    changesLDIF.addLongIdentifier("changes-ldif", true);
    changesLDIF.addLongIdentifier("changesFile", true);
    changesLDIF.addLongIdentifier("changes-file", true);
    changesLDIF.addLongIdentifier("changes", true);
    changesLDIF.addLongIdentifier("updatesLDIF", true);
    changesLDIF.addLongIdentifier("updates-ldif", true);
    changesLDIF.addLongIdentifier("updatesFile", true);
    changesLDIF.addLongIdentifier("updates-file", true);
    changesLDIF.addLongIdentifier("updates", true);
    changesLDIF.addLongIdentifier("modificationsLDIF", true);
    changesLDIF.addLongIdentifier("modifications-ldif", true);
    changesLDIF.addLongIdentifier("modificationsFile", true);
    changesLDIF.addLongIdentifier("modifications-file", true);
    changesLDIF.addLongIdentifier("modifications", true);
    changesLDIF.addLongIdentifier("modsLDIF", true);
    changesLDIF.addLongIdentifier("mods-ldif", true);
    changesLDIF.addLongIdentifier("modsFile", true);
    changesLDIF.addLongIdentifier("mods-file", true);
    changesLDIF.addLongIdentifier("mods", true);
    changesLDIF.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_INPUT.get());
    parser.addArgument(changesLDIF);
    final String changesPWDesc;
    if (PING_SERVER_AVAILABLE) {
        changesPWDesc = INFO_LDIFMODIFY_ARG_DESC_CHANGES_PW_FILE_PING_SERVER.get();
    } else {
        changesPWDesc = INFO_LDIFMODIFY_ARG_DESC_CHANGES_PW_FILE_STANDALONE.get();
    }
    changesEncryptionPassphraseFile = new FileArgument(null, "changesEncryptionPassphraseFile", false, 1, null, changesPWDesc, true, true, true, false);
    changesEncryptionPassphraseFile.addLongIdentifier("changes-encryption-passphrase-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("changesPassphraseFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("changes-passphrase-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("changesEncryptionPasswordFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("changes-encryption-password-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("changesPasswordFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("changes-password-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("updatesEncryptionPassphraseFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("updates-encryption-passphrase-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("updatesPassphraseFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("updates-passphrase-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("updatesEncryptionPasswordFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("updates-encryption-password-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("updatesPasswordFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("updates-password-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modificationsEncryptionPassphraseFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modifications-encryption-passphrase-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modificationsPassphraseFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modifications-passphrase-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modificationsEncryptionPasswordFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modifications-encryption-password-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modificationsPasswordFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modifications-password-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modsEncryptionPassphraseFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("mods-encryption-passphrase-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modsPassphraseFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("mods-passphrase-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modsEncryptionPasswordFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("mods-encryption-password-file", true);
    changesEncryptionPassphraseFile.addLongIdentifier("modsPasswordFile", true);
    changesEncryptionPassphraseFile.addLongIdentifier("mods-password-file", true);
    changesEncryptionPassphraseFile.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_INPUT.get());
    parser.addArgument(changesEncryptionPassphraseFile);
    stripTrailingSpaces = new BooleanArgument(null, "stripTrailingSpaces", 1, INFO_LDIFMODIFY_ARG_DESC_STRIP_TRAILING_SPACES.get());
    stripTrailingSpaces.addLongIdentifier("strip-trailing-spaces", true);
    stripTrailingSpaces.addLongIdentifier("ignoreTrailingSpaces", true);
    stripTrailingSpaces.addLongIdentifier("ignore-trailing-spaces", true);
    stripTrailingSpaces.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_INPUT.get());
    parser.addArgument(stripTrailingSpaces);
    lenientModifications = new BooleanArgument(null, "lenientModifications", 1, INFO_LDIFMODIFY_ARG_DESC_LENIENT_MODIFICATIONS.get());
    lenientModifications.addLongIdentifier("lenient-modifications", true);
    lenientModifications.addLongIdentifier("lenientModification", true);
    lenientModifications.addLongIdentifier("lenient-modification", true);
    lenientModifications.addLongIdentifier("lenientMods", true);
    lenientModifications.addLongIdentifier("lenient-mods", true);
    lenientModifications.addLongIdentifier("lenientMod", true);
    lenientModifications.addLongIdentifier("lenient-mod", true);
    lenientModifications.addLongIdentifier("lenient", true);
    lenientModifications.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_INPUT.get());
    lenientModifications.setHidden(true);
    parser.addArgument(lenientModifications);
    strictModifications = new BooleanArgument(null, "strictModifications", 1, INFO_LDIFMODIFY_ARG_DESC_STRICT_MODIFICATIONS.get());
    strictModifications.addLongIdentifier("strict-modifications", true);
    strictModifications.addLongIdentifier("strictModification", true);
    strictModifications.addLongIdentifier("strict-modification", true);
    strictModifications.addLongIdentifier("strictMods", true);
    strictModifications.addLongIdentifier("strict-mods", true);
    strictModifications.addLongIdentifier("strictMod", true);
    strictModifications.addLongIdentifier("strict-mod", true);
    strictModifications.addLongIdentifier("strict", true);
    strictModifications.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_INPUT.get());
    parser.addArgument(strictModifications);
    ignoreDuplicateDeletes = new BooleanArgument(null, "ignoreDuplicateDeletes", 1, INFO_LDIFMODIFY_ARG_DESC_IGNORE_DUPLICATE_DELETES.get());
    ignoreDuplicateDeletes.addLongIdentifier("ignore-duplicate-deletes", true);
    ignoreDuplicateDeletes.addLongIdentifier("ignoreRepeatedDeletes", true);
    ignoreDuplicateDeletes.addLongIdentifier("ignore-repeated-deletes", true);
    ignoreDuplicateDeletes.addLongIdentifier("ignoreRepeatDeletes", true);
    ignoreDuplicateDeletes.addLongIdentifier("ignore-repeat-deletes", true);
    ignoreDuplicateDeletes.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_INPUT.get());
    parser.addArgument(ignoreDuplicateDeletes);
    ignoreDeletesOfNonexistentEntries = new BooleanArgument(null, "ignoreDeletesOfNonexistentEntries", 1, INFO_LDIFMODIFY_ARG_DESC_IGNORE_NONEXISTENT_DELETES.get());
    ignoreDeletesOfNonexistentEntries.addLongIdentifier("ignore-deletes-of-nonexistent-entries", true);
    ignoreDeletesOfNonexistentEntries.addLongIdentifier("ignoreNonexistentDeletes", true);
    ignoreDeletesOfNonexistentEntries.addLongIdentifier("ignore-nonexistent-deletes", true);
    ignoreDeletesOfNonexistentEntries.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_INPUT.get());
    parser.addArgument(ignoreDeletesOfNonexistentEntries);
    ignoreModifiesOfNonexistentEntries = new BooleanArgument(null, "ignoreModifiesOfNonexistentEntries", 1, INFO_LDIFMODIFY_ARG_DESC_IGNORE_NONEXISTENT_MODIFIES.get());
    ignoreModifiesOfNonexistentEntries.addLongIdentifier("ignore-modifies-of-nonexistent-entries", true);
    ignoreModifiesOfNonexistentEntries.addLongIdentifier("ignoreNonexistentModifies", true);
    ignoreModifiesOfNonexistentEntries.addLongIdentifier("ignore-nonexistent-modifies", true);
    ignoreModifiesOfNonexistentEntries.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_INPUT.get());
    parser.addArgument(ignoreModifiesOfNonexistentEntries);
    targetLDIF = new FileArgument('t', "targetLDIF", (targetWriter == null), 1, null, INFO_LDIFMODIFY_ARG_DESC_TARGET_LDIF.get(), false, true, true, false);
    targetLDIF.addLongIdentifier("target-ldif", true);
    targetLDIF.addLongIdentifier("targetFile", true);
    targetLDIF.addLongIdentifier("target-file", true);
    targetLDIF.addLongIdentifier("target", true);
    targetLDIF.addLongIdentifier("outputLDIF", true);
    targetLDIF.addLongIdentifier("output-ldif", true);
    targetLDIF.addLongIdentifier("outputFile", true);
    targetLDIF.addLongIdentifier("output-file", true);
    targetLDIF.addLongIdentifier("output", true);
    targetLDIF.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_OUTPUT.get());
    parser.addArgument(targetLDIF);
    compressTarget = new BooleanArgument(null, "compressTarget", 1, INFO_LDIFMODIFY_ARG_DESC_COMPRESS_TARGET.get());
    compressTarget.addLongIdentifier("compress-target", true);
    compressTarget.addLongIdentifier("compressOutput", true);
    compressTarget.addLongIdentifier("compress-output", true);
    compressTarget.addLongIdentifier("compress", true);
    compressTarget.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_OUTPUT.get());
    parser.addArgument(compressTarget);
    encryptTarget = new BooleanArgument(null, "encryptTarget", 1, INFO_LDIFMODIFY_ARG_DESC_ENCRYPT_TARGET.get());
    encryptTarget.addLongIdentifier("encrypt-target", true);
    encryptTarget.addLongIdentifier("encryptOutput", true);
    encryptTarget.addLongIdentifier("encrypt-output", true);
    encryptTarget.addLongIdentifier("encrypt", true);
    encryptTarget.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_OUTPUT.get());
    parser.addArgument(encryptTarget);
    targetEncryptionPassphraseFile = new FileArgument(null, "targetEncryptionPassphraseFile", false, 1, null, INFO_LDIFMODIFY_ARG_DESC_TARGET_PW_FILE.get(), true, true, true, false);
    targetEncryptionPassphraseFile.addLongIdentifier("target-encryption-passphrase-file", true);
    targetEncryptionPassphraseFile.addLongIdentifier("targetPassphraseFile", true);
    targetEncryptionPassphraseFile.addLongIdentifier("target-passphrase-file", true);
    targetEncryptionPassphraseFile.addLongIdentifier("targetEncryptionPasswordFile", true);
    targetEncryptionPassphraseFile.addLongIdentifier("target-encryption-password-file", true);
    targetEncryptionPassphraseFile.addLongIdentifier("targetPasswordFile", true);
    targetEncryptionPassphraseFile.addLongIdentifier("target-password-file", true);
    targetEncryptionPassphraseFile.addLongIdentifier("outputEncryptionPassphraseFile", true);
    targetEncryptionPassphraseFile.addLongIdentifier("output-encryption-passphrase-file", true);
    targetEncryptionPassphraseFile.addLongIdentifier("outputPassphraseFile", true);
    targetEncryptionPassphraseFile.addLongIdentifier("output-passphrase-file", true);
    targetEncryptionPassphraseFile.addLongIdentifier("outputEncryptionPasswordFile", true);
    targetEncryptionPassphraseFile.addLongIdentifier("output-encryption-password-file", true);
    targetEncryptionPassphraseFile.addLongIdentifier("outputPasswordFile", true);
    targetEncryptionPassphraseFile.addLongIdentifier("output-password-file", true);
    targetEncryptionPassphraseFile.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_OUTPUT.get());
    parser.addArgument(targetEncryptionPassphraseFile);
    wrapColumn = new IntegerArgument(null, "wrapColumn", false, 1, null, INFO_LDIFMODIFY_ARG_DESC_WRAP_COLUMN.get(), 5, Integer.MAX_VALUE);
    wrapColumn.addLongIdentifier("wrap-column", true);
    wrapColumn.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_OUTPUT.get());
    parser.addArgument(wrapColumn);
    doNotWrap = new BooleanArgument('T', "doNotWrap", 1, INFO_LDIFMODIFY_ARG_DESC_DO_NOT_WRAP.get());
    doNotWrap.addLongIdentifier("do-not-wrap", true);
    doNotWrap.addLongIdentifier("dontWrap", true);
    doNotWrap.addLongIdentifier("dont-wrap", true);
    doNotWrap.addLongIdentifier("noWrap", true);
    doNotWrap.addLongIdentifier("no-wrap", true);
    doNotWrap.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_OUTPUT.get());
    parser.addArgument(doNotWrap);
    suppressComments = new BooleanArgument(null, "suppressComments", 1, INFO_LDIFMODIFY_ARG_DESC_SUPPRESS_COMMENTS.get());
    suppressComments.addLongIdentifier("suppress-comments", true);
    suppressComments.addLongIdentifier("excludeComments", true);
    suppressComments.addLongIdentifier("exclude-comments", true);
    suppressComments.addLongIdentifier("noComments", true);
    suppressComments.addLongIdentifier("no-comments", true);
    suppressComments.setArgumentGroupName(INFO_LDIFMODIFY_ARG_GROUP_OUTPUT.get());
    parser.addArgument(suppressComments);
    noSchemaCheck = new BooleanArgument(null, "noSchemaCheck", 1, INFO_LDIFMODIFY_ARG_DESC_NO_SCHEMA_CHECK.get());
    noSchemaCheck.addLongIdentifier("no-schema-check", true);
    noSchemaCheck.setHidden(true);
    parser.addArgument(noSchemaCheck);
    parser.addExclusiveArgumentSet(lenientModifications, strictModifications);
    parser.addExclusiveArgumentSet(wrapColumn, doNotWrap);
    parser.addDependentArgumentSet(targetEncryptionPassphraseFile, encryptTarget);
}
Also used : BooleanArgument(com.unboundid.util.args.BooleanArgument) IntegerArgument(com.unboundid.util.args.IntegerArgument) FileArgument(com.unboundid.util.args.FileArgument)

Example 14 with IntegerArgument

use of com.unboundid.util.args.IntegerArgument in project ldapsdk by pingidentity.

the class TransformLDIF method addToolArguments.

/**
 * {@inheritDoc}
 */
@Override()
public void addToolArguments(@NotNull final ArgumentParser parser) throws ArgumentException {
    // Add arguments pertaining to the source and target LDIF files.
    sourceLDIF = new FileArgument('l', "sourceLDIF", false, 0, null, INFO_TRANSFORM_LDIF_ARG_DESC_SOURCE_LDIF.get(), true, true, true, false);
    sourceLDIF.addLongIdentifier("inputLDIF", true);
    sourceLDIF.addLongIdentifier("source-ldif", true);
    sourceLDIF.addLongIdentifier("input-ldif", true);
    sourceLDIF.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_LDIF.get());
    parser.addArgument(sourceLDIF);
    sourceFromStandardInput = new BooleanArgument(null, "sourceFromStandardInput", 1, INFO_TRANSFORM_LDIF_ARG_DESC_SOURCE_STD_IN.get());
    sourceFromStandardInput.addLongIdentifier("source-from-standard-input", true);
    sourceFromStandardInput.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_LDIF.get());
    parser.addArgument(sourceFromStandardInput);
    parser.addRequiredArgumentSet(sourceLDIF, sourceFromStandardInput);
    parser.addExclusiveArgumentSet(sourceLDIF, sourceFromStandardInput);
    targetLDIF = new FileArgument('o', "targetLDIF", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_TARGET_LDIF.get(), false, true, true, false);
    targetLDIF.addLongIdentifier("outputLDIF", true);
    targetLDIF.addLongIdentifier("target-ldif", true);
    targetLDIF.addLongIdentifier("output-ldif", true);
    targetLDIF.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_LDIF.get());
    parser.addArgument(targetLDIF);
    targetToStandardOutput = new BooleanArgument(null, "targetToStandardOutput", 1, INFO_TRANSFORM_LDIF_ARG_DESC_TARGET_STD_OUT.get());
    targetToStandardOutput.addLongIdentifier("target-to-standard-output", true);
    targetToStandardOutput.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_LDIF.get());
    parser.addArgument(targetToStandardOutput);
    parser.addExclusiveArgumentSet(targetLDIF, targetToStandardOutput);
    sourceContainsChangeRecords = new BooleanArgument(null, "sourceContainsChangeRecords", INFO_TRANSFORM_LDIF_ARG_DESC_SOURCE_CONTAINS_CHANGE_RECORDS.get());
    sourceContainsChangeRecords.addLongIdentifier("source-contains-change-records", true);
    sourceContainsChangeRecords.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_LDIF.get());
    parser.addArgument(sourceContainsChangeRecords);
    appendToTargetLDIF = new BooleanArgument(null, "appendToTargetLDIF", INFO_TRANSFORM_LDIF_ARG_DESC_APPEND_TO_TARGET.get());
    appendToTargetLDIF.addLongIdentifier("append-to-target-ldif", true);
    appendToTargetLDIF.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_LDIF.get());
    parser.addArgument(appendToTargetLDIF);
    parser.addExclusiveArgumentSet(targetToStandardOutput, appendToTargetLDIF);
    wrapColumn = new IntegerArgument(null, "wrapColumn", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_WRAP_COLUMN.get(), 5, Integer.MAX_VALUE);
    wrapColumn.addLongIdentifier("wrap-column", true);
    wrapColumn.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_LDIF.get());
    parser.addArgument(wrapColumn);
    sourceCompressed = new BooleanArgument('C', "sourceCompressed", INFO_TRANSFORM_LDIF_ARG_DESC_SOURCE_COMPRESSED.get());
    sourceCompressed.addLongIdentifier("inputCompressed", true);
    sourceCompressed.addLongIdentifier("source-compressed", true);
    sourceCompressed.addLongIdentifier("input-compressed", true);
    sourceCompressed.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_LDIF.get());
    parser.addArgument(sourceCompressed);
    compressTarget = new BooleanArgument('c', "compressTarget", INFO_TRANSFORM_LDIF_ARG_DESC_COMPRESS_TARGET.get());
    compressTarget.addLongIdentifier("compressOutput", true);
    compressTarget.addLongIdentifier("compress", true);
    compressTarget.addLongIdentifier("compress-target", true);
    compressTarget.addLongIdentifier("compress-output", true);
    compressTarget.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_LDIF.get());
    parser.addArgument(compressTarget);
    encryptTarget = new BooleanArgument(null, "encryptTarget", INFO_TRANSFORM_LDIF_ARG_DESC_ENCRYPT_TARGET.get());
    encryptTarget.addLongIdentifier("encryptOutput", true);
    encryptTarget.addLongIdentifier("encrypt", true);
    encryptTarget.addLongIdentifier("encrypt-target", true);
    encryptTarget.addLongIdentifier("encrypt-output", true);
    encryptTarget.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_LDIF.get());
    parser.addArgument(encryptTarget);
    encryptionPassphraseFile = new FileArgument(null, "encryptionPassphraseFile", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_ENCRYPTION_PW_FILE.get(), true, true, true, false);
    encryptionPassphraseFile.addLongIdentifier("encryptionPasswordFile", true);
    encryptionPassphraseFile.addLongIdentifier("encryption-passphrase-file", true);
    encryptionPassphraseFile.addLongIdentifier("encryption-password-file", true);
    encryptionPassphraseFile.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_LDIF.get());
    parser.addArgument(encryptionPassphraseFile);
    // Add arguments pertaining to attribute scrambling.
    scrambleAttribute = new StringArgument('a', "scrambleAttribute", false, 0, INFO_TRANSFORM_LDIF_PLACEHOLDER_ATTR_NAME.get(), INFO_TRANSFORM_LDIF_ARG_DESC_SCRAMBLE_ATTR.get());
    scrambleAttribute.addLongIdentifier("attributeName", true);
    scrambleAttribute.addLongIdentifier("scramble-attribute", true);
    scrambleAttribute.addLongIdentifier("attribute-name", true);
    scrambleAttribute.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_SCRAMBLE.get());
    parser.addArgument(scrambleAttribute);
    scrambleJSONField = new StringArgument(null, "scrambleJSONField", false, 0, INFO_TRANSFORM_LDIF_PLACEHOLDER_FIELD_NAME.get(), INFO_TRANSFORM_LDIF_ARG_DESC_SCRAMBLE_JSON_FIELD.get(scrambleAttribute.getIdentifierString()));
    scrambleJSONField.addLongIdentifier("scramble-json-field", true);
    scrambleJSONField.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_SCRAMBLE.get());
    parser.addArgument(scrambleJSONField);
    parser.addDependentArgumentSet(scrambleJSONField, scrambleAttribute);
    randomSeed = new IntegerArgument('s', "randomSeed", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_RANDOM_SEED.get());
    randomSeed.addLongIdentifier("random-seed", true);
    randomSeed.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_SCRAMBLE.get());
    parser.addArgument(randomSeed);
    // Add arguments pertaining to replacing attribute values with a generated
    // value using a sequential counter.
    sequentialAttribute = new StringArgument('S', "sequentialAttribute", false, 0, INFO_TRANSFORM_LDIF_PLACEHOLDER_ATTR_NAME.get(), INFO_TRANSFORM_LDIF_ARG_DESC_SEQUENTIAL_ATTR.get(sourceContainsChangeRecords.getIdentifierString()));
    sequentialAttribute.addLongIdentifier("sequentialAttributeName", true);
    sequentialAttribute.addLongIdentifier("sequential-attribute", true);
    sequentialAttribute.addLongIdentifier("sequential-attribute-name", true);
    sequentialAttribute.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_SEQUENTIAL.get());
    parser.addArgument(sequentialAttribute);
    parser.addExclusiveArgumentSet(sourceContainsChangeRecords, sequentialAttribute);
    initialSequentialValue = new IntegerArgument('i', "initialSequentialValue", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_INITIAL_SEQUENTIAL_VALUE.get(sequentialAttribute.getIdentifierString()));
    initialSequentialValue.addLongIdentifier("initial-sequential-value", true);
    initialSequentialValue.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_SEQUENTIAL.get());
    parser.addArgument(initialSequentialValue);
    parser.addDependentArgumentSet(initialSequentialValue, sequentialAttribute);
    sequentialValueIncrement = new IntegerArgument(null, "sequentialValueIncrement", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_SEQUENTIAL_INCREMENT.get(sequentialAttribute.getIdentifierString()));
    sequentialValueIncrement.addLongIdentifier("sequential-value-increment", true);
    sequentialValueIncrement.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_SEQUENTIAL.get());
    parser.addArgument(sequentialValueIncrement);
    parser.addDependentArgumentSet(sequentialValueIncrement, sequentialAttribute);
    textBeforeSequentialValue = new StringArgument(null, "textBeforeSequentialValue", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_SEQUENTIAL_TEXT_BEFORE.get(sequentialAttribute.getIdentifierString()));
    textBeforeSequentialValue.addLongIdentifier("text-before-sequential-value", true);
    textBeforeSequentialValue.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_SEQUENTIAL.get());
    parser.addArgument(textBeforeSequentialValue);
    parser.addDependentArgumentSet(textBeforeSequentialValue, sequentialAttribute);
    textAfterSequentialValue = new StringArgument(null, "textAfterSequentialValue", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_SEQUENTIAL_TEXT_AFTER.get(sequentialAttribute.getIdentifierString()));
    textAfterSequentialValue.addLongIdentifier("text-after-sequential-value", true);
    textAfterSequentialValue.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_SEQUENTIAL.get());
    parser.addArgument(textAfterSequentialValue);
    parser.addDependentArgumentSet(textAfterSequentialValue, sequentialAttribute);
    // Add arguments pertaining to attribute value replacement.
    replaceValuesAttribute = new StringArgument(null, "replaceValuesAttribute", false, 1, INFO_TRANSFORM_LDIF_PLACEHOLDER_ATTR_NAME.get(), INFO_TRANSFORM_LDIF_ARG_DESC_REPLACE_VALUES_ATTR.get(sourceContainsChangeRecords.getIdentifierString()));
    replaceValuesAttribute.addLongIdentifier("replace-values-attribute", true);
    replaceValuesAttribute.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_REPLACE_VALUES.get());
    parser.addArgument(replaceValuesAttribute);
    parser.addExclusiveArgumentSet(sourceContainsChangeRecords, replaceValuesAttribute);
    replacementValue = new StringArgument(null, "replacementValue", false, 0, null, INFO_TRANSFORM_LDIF_ARG_DESC_REPLACEMENT_VALUE.get(replaceValuesAttribute.getIdentifierString()));
    replacementValue.addLongIdentifier("replacement-value", true);
    replacementValue.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_REPLACE_VALUES.get());
    parser.addArgument(replacementValue);
    parser.addDependentArgumentSet(replaceValuesAttribute, replacementValue);
    parser.addDependentArgumentSet(replacementValue, replaceValuesAttribute);
    // Add arguments pertaining to adding missing attributes.
    addAttributeName = new StringArgument(null, "addAttributeName", false, 1, INFO_TRANSFORM_LDIF_PLACEHOLDER_ATTR_NAME.get(), INFO_TRANSFORM_LDIF_ARG_DESC_ADD_ATTR.get("--addAttributeValue", sourceContainsChangeRecords.getIdentifierString()));
    addAttributeName.addLongIdentifier("add-attribute-name", true);
    addAttributeName.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_ADD_ATTR.get());
    parser.addArgument(addAttributeName);
    parser.addExclusiveArgumentSet(sourceContainsChangeRecords, addAttributeName);
    addAttributeValue = new StringArgument(null, "addAttributeValue", false, 0, null, INFO_TRANSFORM_LDIF_ARG_DESC_ADD_VALUE.get(addAttributeName.getIdentifierString()));
    addAttributeValue.addLongIdentifier("add-attribute-value", true);
    addAttributeValue.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_ADD_ATTR.get());
    parser.addArgument(addAttributeValue);
    parser.addDependentArgumentSet(addAttributeName, addAttributeValue);
    parser.addDependentArgumentSet(addAttributeValue, addAttributeName);
    addToExistingValues = new BooleanArgument(null, "addToExistingValues", INFO_TRANSFORM_LDIF_ARG_DESC_ADD_MERGE_VALUES.get(addAttributeName.getIdentifierString(), addAttributeValue.getIdentifierString()));
    addToExistingValues.addLongIdentifier("add-to-existing-values", true);
    addToExistingValues.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_ADD_ATTR.get());
    parser.addArgument(addToExistingValues);
    parser.addDependentArgumentSet(addToExistingValues, addAttributeName);
    addAttributeBaseDN = new DNArgument(null, "addAttributeBaseDN", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_ADD_BASE_DN.get(addAttributeName.getIdentifierString()));
    addAttributeBaseDN.addLongIdentifier("add-attribute-base-dn", true);
    addAttributeBaseDN.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_ADD_ATTR.get());
    parser.addArgument(addAttributeBaseDN);
    parser.addDependentArgumentSet(addAttributeBaseDN, addAttributeName);
    addAttributeScope = new ScopeArgument(null, "addAttributeScope", false, null, INFO_TRANSFORM_LDIF_ARG_DESC_ADD_SCOPE.get(addAttributeBaseDN.getIdentifierString(), addAttributeName.getIdentifierString()));
    addAttributeScope.addLongIdentifier("add-attribute-scope", true);
    addAttributeScope.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_ADD_ATTR.get());
    parser.addArgument(addAttributeScope);
    parser.addDependentArgumentSet(addAttributeScope, addAttributeName);
    addAttributeFilter = new FilterArgument(null, "addAttributeFilter", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_ADD_FILTER.get(addAttributeName.getIdentifierString()));
    addAttributeFilter.addLongIdentifier("add-attribute-filter", true);
    addAttributeFilter.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_ADD_ATTR.get());
    parser.addArgument(addAttributeFilter);
    parser.addDependentArgumentSet(addAttributeFilter, addAttributeName);
    // Add arguments pertaining to renaming attributes.
    renameAttributeFrom = new StringArgument(null, "renameAttributeFrom", false, 0, INFO_TRANSFORM_LDIF_PLACEHOLDER_ATTR_NAME.get(), INFO_TRANSFORM_LDIF_ARG_DESC_RENAME_FROM.get());
    renameAttributeFrom.addLongIdentifier("rename-attribute-from", true);
    renameAttributeFrom.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_RENAME.get());
    parser.addArgument(renameAttributeFrom);
    renameAttributeTo = new StringArgument(null, "renameAttributeTo", false, 0, INFO_TRANSFORM_LDIF_PLACEHOLDER_ATTR_NAME.get(), INFO_TRANSFORM_LDIF_ARG_DESC_RENAME_TO.get(renameAttributeFrom.getIdentifierString()));
    renameAttributeTo.addLongIdentifier("rename-attribute-to", true);
    renameAttributeTo.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_RENAME.get());
    parser.addArgument(renameAttributeTo);
    parser.addDependentArgumentSet(renameAttributeFrom, renameAttributeTo);
    parser.addDependentArgumentSet(renameAttributeTo, renameAttributeFrom);
    // Add arguments pertaining to flattening subtrees.
    flattenBaseDN = new DNArgument(null, "flattenBaseDN", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_FLATTEN_BASE_DN.get());
    flattenBaseDN.addLongIdentifier("flatten-base-dn", true);
    flattenBaseDN.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_FLATTEN.get());
    parser.addArgument(flattenBaseDN);
    parser.addExclusiveArgumentSet(sourceContainsChangeRecords, flattenBaseDN);
    flattenAddOmittedRDNAttributesToEntry = new BooleanArgument(null, "flattenAddOmittedRDNAttributesToEntry", 1, INFO_TRANSFORM_LDIF_ARG_DESC_FLATTEN_ADD_OMITTED_TO_ENTRY.get());
    flattenAddOmittedRDNAttributesToEntry.addLongIdentifier("flatten-add-omitted-rdn-attributes-to-entry", true);
    flattenAddOmittedRDNAttributesToEntry.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_FLATTEN.get());
    parser.addArgument(flattenAddOmittedRDNAttributesToEntry);
    parser.addDependentArgumentSet(flattenAddOmittedRDNAttributesToEntry, flattenBaseDN);
    flattenAddOmittedRDNAttributesToRDN = new BooleanArgument(null, "flattenAddOmittedRDNAttributesToRDN", 1, INFO_TRANSFORM_LDIF_ARG_DESC_FLATTEN_ADD_OMITTED_TO_RDN.get());
    flattenAddOmittedRDNAttributesToRDN.addLongIdentifier("flatten-add-omitted-rdn-attributes-to-rdn", true);
    flattenAddOmittedRDNAttributesToRDN.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_FLATTEN.get());
    parser.addArgument(flattenAddOmittedRDNAttributesToRDN);
    parser.addDependentArgumentSet(flattenAddOmittedRDNAttributesToRDN, flattenBaseDN);
    flattenExcludeFilter = new FilterArgument(null, "flattenExcludeFilter", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_FLATTEN_EXCLUDE_FILTER.get());
    flattenExcludeFilter.addLongIdentifier("flatten-exclude-filter", true);
    flattenExcludeFilter.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_FLATTEN.get());
    parser.addArgument(flattenExcludeFilter);
    parser.addDependentArgumentSet(flattenExcludeFilter, flattenBaseDN);
    // Add arguments pertaining to moving subtrees.
    moveSubtreeFrom = new DNArgument(null, "moveSubtreeFrom", false, 0, null, INFO_TRANSFORM_LDIF_ARG_DESC_MOVE_SUBTREE_FROM.get());
    moveSubtreeFrom.addLongIdentifier("move-subtree-from", true);
    moveSubtreeFrom.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_MOVE.get());
    parser.addArgument(moveSubtreeFrom);
    moveSubtreeTo = new DNArgument(null, "moveSubtreeTo", false, 0, null, INFO_TRANSFORM_LDIF_ARG_DESC_MOVE_SUBTREE_TO.get(moveSubtreeFrom.getIdentifierString()));
    moveSubtreeTo.addLongIdentifier("move-subtree-to", true);
    moveSubtreeTo.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_MOVE.get());
    parser.addArgument(moveSubtreeTo);
    parser.addDependentArgumentSet(moveSubtreeFrom, moveSubtreeTo);
    parser.addDependentArgumentSet(moveSubtreeTo, moveSubtreeFrom);
    // Add arguments pertaining to redacting attribute values.
    redactAttribute = new StringArgument(null, "redactAttribute", false, 0, INFO_TRANSFORM_LDIF_PLACEHOLDER_ATTR_NAME.get(), INFO_TRANSFORM_LDIF_ARG_DESC_REDACT_ATTR.get());
    redactAttribute.addLongIdentifier("redact-attribute", true);
    redactAttribute.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_REDACT.get());
    parser.addArgument(redactAttribute);
    hideRedactedValueCount = new BooleanArgument(null, "hideRedactedValueCount", INFO_TRANSFORM_LDIF_ARG_DESC_HIDE_REDACTED_COUNT.get());
    hideRedactedValueCount.addLongIdentifier("hide-redacted-value-count", true);
    hideRedactedValueCount.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_REDACT.get());
    parser.addArgument(hideRedactedValueCount);
    parser.addDependentArgumentSet(hideRedactedValueCount, redactAttribute);
    // Add arguments pertaining to excluding attributes and entries.
    excludeAttribute = new StringArgument(null, "excludeAttribute", false, 0, INFO_TRANSFORM_LDIF_PLACEHOLDER_ATTR_NAME.get(), INFO_TRANSFORM_LDIF_ARG_DESC_EXCLUDE_ATTR.get());
    excludeAttribute.addLongIdentifier("suppressAttribute", true);
    excludeAttribute.addLongIdentifier("exclude-attribute", true);
    excludeAttribute.addLongIdentifier("suppress-attribute", true);
    excludeAttribute.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_EXCLUDE.get());
    parser.addArgument(excludeAttribute);
    excludeEntryBaseDN = new DNArgument(null, "excludeEntryBaseDN", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_EXCLUDE_ENTRY_BASE_DN.get(sourceContainsChangeRecords.getIdentifierString()));
    excludeEntryBaseDN.addLongIdentifier("suppressEntryBaseDN", true);
    excludeEntryBaseDN.addLongIdentifier("exclude-entry-base-dn", true);
    excludeEntryBaseDN.addLongIdentifier("suppress-entry-base-dn", true);
    excludeEntryBaseDN.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_EXCLUDE.get());
    parser.addArgument(excludeEntryBaseDN);
    parser.addExclusiveArgumentSet(sourceContainsChangeRecords, excludeEntryBaseDN);
    excludeEntryScope = new ScopeArgument(null, "excludeEntryScope", false, null, INFO_TRANSFORM_LDIF_ARG_DESC_EXCLUDE_ENTRY_SCOPE.get(sourceContainsChangeRecords.getIdentifierString()));
    excludeEntryScope.addLongIdentifier("suppressEntryScope", true);
    excludeEntryScope.addLongIdentifier("exclude-entry-scope", true);
    excludeEntryScope.addLongIdentifier("suppress-entry-scope", true);
    excludeEntryScope.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_EXCLUDE.get());
    parser.addArgument(excludeEntryScope);
    parser.addExclusiveArgumentSet(sourceContainsChangeRecords, excludeEntryScope);
    excludeEntryFilter = new FilterArgument(null, "excludeEntryFilter", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_EXCLUDE_ENTRY_FILTER.get(sourceContainsChangeRecords.getIdentifierString()));
    excludeEntryFilter.addLongIdentifier("suppressEntryFilter", true);
    excludeEntryFilter.addLongIdentifier("exclude-entry-filter", true);
    excludeEntryFilter.addLongIdentifier("suppress-entry-filter", true);
    excludeEntryFilter.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_EXCLUDE.get());
    parser.addArgument(excludeEntryFilter);
    parser.addExclusiveArgumentSet(sourceContainsChangeRecords, excludeEntryFilter);
    excludeNonMatchingEntries = new BooleanArgument(null, "excludeNonMatchingEntries", INFO_TRANSFORM_LDIF_ARG_DESC_EXCLUDE_NON_MATCHING.get());
    excludeNonMatchingEntries.addLongIdentifier("exclude-non-matching-entries", true);
    excludeNonMatchingEntries.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_EXCLUDE.get());
    parser.addArgument(excludeNonMatchingEntries);
    parser.addDependentArgumentSet(excludeNonMatchingEntries, excludeEntryBaseDN, excludeEntryScope, excludeEntryFilter);
    // Add arguments for excluding records based on their change types.
    excludeChangeType = new StringArgument(null, "excludeChangeType", false, 0, INFO_TRANSFORM_LDIF_PLACEHOLDER_CHANGE_TYPES.get(), INFO_TRANSFORM_LDIF_ARG_DESC_EXCLUDE_CHANGE_TYPE.get(), StaticUtils.setOf("add", "delete", "modify", "moddn"));
    excludeChangeType.addLongIdentifier("exclude-change-type", true);
    excludeChangeType.addLongIdentifier("exclude-changetype", true);
    excludeChangeType.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_EXCLUDE.get());
    parser.addArgument(excludeChangeType);
    // Add arguments for excluding records that don't have a change type.
    excludeRecordsWithoutChangeType = new BooleanArgument(null, "excludeRecordsWithoutChangeType", 1, INFO_TRANSFORM_LDIF_EXCLUDE_WITHOUT_CHANGETYPE.get());
    excludeRecordsWithoutChangeType.addLongIdentifier("exclude-records-without-change-type", true);
    excludeRecordsWithoutChangeType.addLongIdentifier("exclude-records-without-changetype", true);
    excludeRecordsWithoutChangeType.setArgumentGroupName(INFO_TRANSFORM_LDIF_ARG_GROUP_EXCLUDE.get());
    parser.addArgument(excludeRecordsWithoutChangeType);
    // Add the remaining arguments.
    schemaPath = new FileArgument(null, "schemaPath", false, 0, null, INFO_TRANSFORM_LDIF_ARG_DESC_SCHEMA_PATH.get(), true, true, false, false);
    schemaPath.addLongIdentifier("schemaFile", true);
    schemaPath.addLongIdentifier("schemaDirectory", true);
    schemaPath.addLongIdentifier("schema-path", true);
    schemaPath.addLongIdentifier("schema-file", true);
    schemaPath.addLongIdentifier("schema-directory", true);
    parser.addArgument(schemaPath);
    numThreads = new IntegerArgument('t', "numThreads", false, 1, null, INFO_TRANSFORM_LDIF_ARG_DESC_NUM_THREADS.get(), 1, Integer.MAX_VALUE, 1);
    numThreads.addLongIdentifier("num-threads", true);
    parser.addArgument(numThreads);
    processDNs = new BooleanArgument('d', "processDNs", INFO_TRANSFORM_LDIF_ARG_DESC_PROCESS_DNS.get());
    processDNs.addLongIdentifier("process-dns", true);
    parser.addArgument(processDNs);
    // Ensure that at least one kind of transformation was requested.
    parser.addRequiredArgumentSet(scrambleAttribute, sequentialAttribute, replaceValuesAttribute, addAttributeName, renameAttributeFrom, flattenBaseDN, moveSubtreeFrom, redactAttribute, excludeAttribute, excludeEntryBaseDN, excludeEntryScope, excludeEntryFilter, excludeChangeType, excludeRecordsWithoutChangeType);
}
Also used : DNArgument(com.unboundid.util.args.DNArgument) ScopeArgument(com.unboundid.util.args.ScopeArgument) FilterArgument(com.unboundid.util.args.FilterArgument) BooleanArgument(com.unboundid.util.args.BooleanArgument) IntegerArgument(com.unboundid.util.args.IntegerArgument) FileArgument(com.unboundid.util.args.FileArgument) StringArgument(com.unboundid.util.args.StringArgument)

Example 15 with IntegerArgument

use of com.unboundid.util.args.IntegerArgument in project ldapsdk by pingidentity.

the class ManageCertificates method doGenerateOrSignCertificateOrCSR.

/**
 * Performs the necessary processing for the generate-self-signed-certificate,
 * generate-certificate-signing-request, and sign-certificate-signing-request
 * subcommands.
 *
 * @return  A result code that indicates whether the processing completed
 *          successfully.
 */
@NotNull()
private ResultCode doGenerateOrSignCertificateOrCSR() {
    // Figure out which subcommand we're processing.
    final boolean isGenerateCertificate;
    final boolean isGenerateCSR;
    final boolean isSignCSR;
    final SubCommand selectedSubCommand = globalParser.getSelectedSubCommand();
    if (selectedSubCommand.hasName("generate-self-signed-certificate")) {
        isGenerateCertificate = true;
        isGenerateCSR = false;
        isSignCSR = false;
    } else if (selectedSubCommand.hasName("generate-certificate-signing-request")) {
        isGenerateCertificate = false;
        isGenerateCSR = true;
        isSignCSR = false;
    } else {
        Validator.ensureTrue(selectedSubCommand.hasName("sign-certificate-signing-request"));
        isGenerateCertificate = false;
        isGenerateCSR = false;
        isSignCSR = true;
    }
    // Get the values of a number of configured arguments.
    final StringArgument aliasArgument = subCommandParser.getStringArgument("alias");
    final String alias = aliasArgument.getValue();
    final File keystorePath = getKeystorePath();
    final boolean isNewKeystore = (!keystorePath.exists());
    DN subjectDN = null;
    final DNArgument subjectDNArgument = subCommandParser.getDNArgument("subject-dn");
    if ((subjectDNArgument != null) && subjectDNArgument.isPresent()) {
        subjectDN = subjectDNArgument.getValue();
    }
    File inputFile = null;
    final FileArgument inputFileArgument = subCommandParser.getFileArgument("input-file");
    if ((inputFileArgument != null) && inputFileArgument.isPresent()) {
        inputFile = inputFileArgument.getValue();
    }
    File outputFile = null;
    final FileArgument outputFileArgument = subCommandParser.getFileArgument("output-file");
    if ((outputFileArgument != null) && outputFileArgument.isPresent()) {
        outputFile = outputFileArgument.getValue();
    }
    boolean outputPEM = true;
    final StringArgument outputFormatArgument = subCommandParser.getStringArgument("output-format");
    if ((outputFormatArgument != null) && outputFormatArgument.isPresent()) {
        final String format = outputFormatArgument.getValue().toLowerCase();
        if (format.equals("der") || format.equals("binary") || format.equals("bin")) {
            outputPEM = false;
        }
    }
    if ((!outputPEM) && (outputFile == null)) {
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_FILE_WITH_DER.get());
        return ResultCode.PARAM_ERROR;
    }
    final BooleanArgument replaceExistingCertificateArgument = subCommandParser.getBooleanArgument("replace-existing-certificate");
    final boolean replaceExistingCertificate = ((replaceExistingCertificateArgument != null) && replaceExistingCertificateArgument.isPresent());
    if (replaceExistingCertificate && (!keystorePath.exists())) {
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_WITHOUT_KS.get());
        return ResultCode.PARAM_ERROR;
    }
    final BooleanArgument inheritExtensionsArgument = subCommandParser.getBooleanArgument("inherit-extensions");
    final boolean inheritExtensions = ((inheritExtensionsArgument != null) && inheritExtensionsArgument.isPresent());
    final BooleanArgument includeRequestedExtensionsArgument = subCommandParser.getBooleanArgument("include-requested-extensions");
    final boolean includeRequestedExtensions = ((includeRequestedExtensionsArgument != null) && includeRequestedExtensionsArgument.isPresent());
    final BooleanArgument noPromptArgument = subCommandParser.getBooleanArgument("no-prompt");
    final boolean noPrompt = ((noPromptArgument != null) && noPromptArgument.isPresent());
    final BooleanArgument displayKeytoolCommandArgument = subCommandParser.getBooleanArgument("display-keytool-command");
    final boolean displayKeytoolCommand = ((displayKeytoolCommandArgument != null) && displayKeytoolCommandArgument.isPresent());
    int daysValid = 365;
    final IntegerArgument daysValidArgument = subCommandParser.getIntegerArgument("days-valid");
    if ((daysValidArgument != null) && daysValidArgument.isPresent()) {
        daysValid = daysValidArgument.getValue();
    }
    Date validityStartTime = null;
    final TimestampArgument validityStartTimeArgument = subCommandParser.getTimestampArgument("validity-start-time");
    if ((validityStartTimeArgument != null) && validityStartTimeArgument.isPresent()) {
        validityStartTime = validityStartTimeArgument.getValue();
    }
    PublicKeyAlgorithmIdentifier keyAlgorithmIdentifier = null;
    String keyAlgorithmName = null;
    final StringArgument keyAlgorithmArgument = subCommandParser.getStringArgument("key-algorithm");
    if ((keyAlgorithmArgument != null) && keyAlgorithmArgument.isPresent()) {
        final String name = keyAlgorithmArgument.getValue();
        keyAlgorithmIdentifier = PublicKeyAlgorithmIdentifier.forName(name);
        if (keyAlgorithmIdentifier == null) {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_KEY_ALG.get(name));
            return ResultCode.PARAM_ERROR;
        } else {
            keyAlgorithmName = keyAlgorithmIdentifier.getName();
        }
    }
    Integer keySizeBits = null;
    final IntegerArgument keySizeBitsArgument = subCommandParser.getIntegerArgument("key-size-bits");
    if ((keySizeBitsArgument != null) && keySizeBitsArgument.isPresent()) {
        keySizeBits = keySizeBitsArgument.getValue();
    }
    if ((keyAlgorithmIdentifier != null) && (keyAlgorithmIdentifier != PublicKeyAlgorithmIdentifier.RSA) && (keySizeBits == null)) {
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_KEY_SIZE_FOR_NON_RSA_KEY.get());
        return ResultCode.PARAM_ERROR;
    }
    String signatureAlgorithmName = null;
    SignatureAlgorithmIdentifier signatureAlgorithmIdentifier = null;
    final StringArgument signatureAlgorithmArgument = subCommandParser.getStringArgument("signature-algorithm");
    if ((signatureAlgorithmArgument != null) && signatureAlgorithmArgument.isPresent()) {
        final String name = signatureAlgorithmArgument.getValue();
        signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forName(name);
        if (signatureAlgorithmIdentifier == null) {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG.get(name));
            return ResultCode.PARAM_ERROR;
        } else {
            signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
        }
    }
    if ((keyAlgorithmIdentifier != null) && (keyAlgorithmIdentifier != PublicKeyAlgorithmIdentifier.RSA) && (signatureAlgorithmIdentifier == null)) {
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_SIG_ALG_FOR_NON_RSA_KEY.get());
        return ResultCode.PARAM_ERROR;
    }
    // Build a subject alternative name extension, if appropriate.
    final ArrayList<X509CertificateExtension> extensionList = new ArrayList<>(10);
    final GeneralNamesBuilder sanBuilder = new GeneralNamesBuilder();
    final LinkedHashSet<String> sanValues = new LinkedHashSet<>(StaticUtils.computeMapCapacity(10));
    final StringArgument sanDNSArgument = subCommandParser.getStringArgument("subject-alternative-name-dns");
    if ((sanDNSArgument != null) && sanDNSArgument.isPresent()) {
        for (final String value : sanDNSArgument.getValues()) {
            sanBuilder.addDNSName(value);
            sanValues.add("DNS:" + value);
        }
    }
    final StringArgument sanIPArgument = subCommandParser.getStringArgument("subject-alternative-name-ip-address");
    if ((sanIPArgument != null) && sanIPArgument.isPresent()) {
        for (final String value : sanIPArgument.getValues()) {
            try {
                sanBuilder.addIPAddress(LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(value));
                sanValues.add("IP:" + value);
            } catch (final Exception e) {
                // This should never happen.
                Debug.debugException(e);
                throw new RuntimeException(e);
            }
        }
    }
    final StringArgument sanEmailArgument = subCommandParser.getStringArgument("subject-alternative-name-email-address");
    if ((sanEmailArgument != null) && sanEmailArgument.isPresent()) {
        for (final String value : sanEmailArgument.getValues()) {
            sanBuilder.addRFC822Name(value);
            sanValues.add("EMAIL:" + value);
        }
    }
    final StringArgument sanURIArgument = subCommandParser.getStringArgument("subject-alternative-name-uri");
    if ((sanURIArgument != null) && sanURIArgument.isPresent()) {
        for (final String value : sanURIArgument.getValues()) {
            sanBuilder.addUniformResourceIdentifier(value);
            sanValues.add("URI:" + value);
        }
    }
    final StringArgument sanOIDArgument = subCommandParser.getStringArgument("subject-alternative-name-oid");
    if ((sanOIDArgument != null) && sanOIDArgument.isPresent()) {
        for (final String value : sanOIDArgument.getValues()) {
            sanBuilder.addRegisteredID(new OID(value));
            sanValues.add("OID:" + value);
        }
    }
    if (!sanValues.isEmpty()) {
        try {
            extensionList.add(new SubjectAlternativeNameExtension(false, sanBuilder.build()));
        } catch (final Exception e) {
            // This should never happen.
            Debug.debugException(e);
            throw new RuntimeException(e);
        }
    }
    // Build a set of issuer alternative name extension values.
    final GeneralNamesBuilder ianBuilder = new GeneralNamesBuilder();
    final LinkedHashSet<String> ianValues = new LinkedHashSet<>(StaticUtils.computeMapCapacity(10));
    final StringArgument ianDNSArgument = subCommandParser.getStringArgument("issuer-alternative-name-dns");
    if ((ianDNSArgument != null) && ianDNSArgument.isPresent()) {
        for (final String value : ianDNSArgument.getValues()) {
            ianBuilder.addDNSName(value);
            ianValues.add("DNS:" + value);
        }
    }
    final StringArgument ianIPArgument = subCommandParser.getStringArgument("issuer-alternative-name-ip-address");
    if ((ianIPArgument != null) && ianIPArgument.isPresent()) {
        for (final String value : ianIPArgument.getValues()) {
            try {
                ianBuilder.addIPAddress(LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(value));
                ianValues.add("IP:" + value);
            } catch (final Exception e) {
                // This should never happen.
                Debug.debugException(e);
                throw new RuntimeException(e);
            }
        }
    }
    final StringArgument ianEmailArgument = subCommandParser.getStringArgument("issuer-alternative-name-email-address");
    if ((ianEmailArgument != null) && ianEmailArgument.isPresent()) {
        for (final String value : ianEmailArgument.getValues()) {
            ianBuilder.addRFC822Name(value);
            ianValues.add("EMAIL:" + value);
        }
    }
    final StringArgument ianURIArgument = subCommandParser.getStringArgument("issuer-alternative-name-uri");
    if ((ianURIArgument != null) && ianURIArgument.isPresent()) {
        for (final String value : ianURIArgument.getValues()) {
            ianBuilder.addUniformResourceIdentifier(value);
            ianValues.add("URI:" + value);
        }
    }
    final StringArgument ianOIDArgument = subCommandParser.getStringArgument("issuer-alternative-name-oid");
    if ((ianOIDArgument != null) && ianOIDArgument.isPresent()) {
        for (final String value : ianOIDArgument.getValues()) {
            ianBuilder.addRegisteredID(new OID(value));
            ianValues.add("OID:" + value);
        }
    }
    if (!ianValues.isEmpty()) {
        try {
            extensionList.add(new IssuerAlternativeNameExtension(false, ianBuilder.build()));
        } catch (final Exception e) {
            // This should never happen.
            Debug.debugException(e);
            throw new RuntimeException(e);
        }
    }
    // Build a basic constraints extension, if appropriate.
    BasicConstraintsExtension basicConstraints = null;
    final BooleanValueArgument basicConstraintsIsCAArgument = subCommandParser.getBooleanValueArgument("basic-constraints-is-ca");
    if ((basicConstraintsIsCAArgument != null) && basicConstraintsIsCAArgument.isPresent()) {
        final boolean isCA = basicConstraintsIsCAArgument.getValue();
        Integer pathLength = null;
        final IntegerArgument pathLengthArgument = subCommandParser.getIntegerArgument("basic-constraints-maximum-path-length");
        if ((pathLengthArgument != null) && pathLengthArgument.isPresent()) {
            if (isCA) {
                pathLength = pathLengthArgument.getValue();
            } else {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_BC_PATH_LENGTH_WITHOUT_CA.get());
                return ResultCode.PARAM_ERROR;
            }
        }
        basicConstraints = new BasicConstraintsExtension(false, isCA, pathLength);
        extensionList.add(basicConstraints);
    }
    // Build a key usage extension, if appropriate.
    KeyUsageExtension keyUsage = null;
    final StringArgument keyUsageArgument = subCommandParser.getStringArgument("key-usage");
    if ((keyUsageArgument != null) && keyUsageArgument.isPresent()) {
        boolean digitalSignature = false;
        boolean nonRepudiation = false;
        boolean keyEncipherment = false;
        boolean dataEncipherment = false;
        boolean keyAgreement = false;
        boolean keyCertSign = false;
        boolean crlSign = false;
        boolean encipherOnly = false;
        boolean decipherOnly = false;
        for (final String value : keyUsageArgument.getValues()) {
            if (value.equalsIgnoreCase("digital-signature") || value.equalsIgnoreCase("digitalSignature")) {
                digitalSignature = true;
            } else if (value.equalsIgnoreCase("non-repudiation") || value.equalsIgnoreCase("nonRepudiation") || value.equalsIgnoreCase("content-commitment") || value.equalsIgnoreCase("contentCommitment")) {
                nonRepudiation = true;
            } else if (value.equalsIgnoreCase("key-encipherment") || value.equalsIgnoreCase("keyEncipherment")) {
                keyEncipherment = true;
            } else if (value.equalsIgnoreCase("data-encipherment") || value.equalsIgnoreCase("dataEncipherment")) {
                dataEncipherment = true;
            } else if (value.equalsIgnoreCase("key-agreement") || value.equalsIgnoreCase("keyAgreement")) {
                keyAgreement = true;
            } else if (value.equalsIgnoreCase("key-cert-sign") || value.equalsIgnoreCase("keyCertSign")) {
                keyCertSign = true;
            } else if (value.equalsIgnoreCase("crl-sign") || value.equalsIgnoreCase("crlSign")) {
                crlSign = true;
            } else if (value.equalsIgnoreCase("encipher-only") || value.equalsIgnoreCase("encipherOnly")) {
                encipherOnly = true;
            } else if (value.equalsIgnoreCase("decipher-only") || value.equalsIgnoreCase("decipherOnly")) {
                decipherOnly = true;
            } else {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_INVALID_KEY_USAGE.get(value));
                return ResultCode.PARAM_ERROR;
            }
        }
        keyUsage = new KeyUsageExtension(false, digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, crlSign, encipherOnly, decipherOnly);
        extensionList.add(keyUsage);
    }
    // Build an extended key usage extension, if appropriate.
    ExtendedKeyUsageExtension extendedKeyUsage = null;
    final StringArgument extendedKeyUsageArgument = subCommandParser.getStringArgument("extended-key-usage");
    if ((extendedKeyUsageArgument != null) && extendedKeyUsageArgument.isPresent()) {
        final List<String> values = extendedKeyUsageArgument.getValues();
        final ArrayList<OID> keyPurposeIDs = new ArrayList<>(values.size());
        for (final String value : values) {
            if (value.equalsIgnoreCase("server-auth") || value.equalsIgnoreCase("serverAuth") || value.equalsIgnoreCase("server-authentication") || value.equalsIgnoreCase("serverAuthentication") || value.equalsIgnoreCase("tls-server-authentication") || value.equalsIgnoreCase("tlsServerAuthentication")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.TLS_SERVER_AUTHENTICATION.getOID());
            } else if (value.equalsIgnoreCase("client-auth") || value.equalsIgnoreCase("clientAuth") || value.equalsIgnoreCase("client-authentication") || value.equalsIgnoreCase("clientAuthentication") || value.equalsIgnoreCase("tls-client-authentication") || value.equalsIgnoreCase("tlsClientAuthentication")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.TLS_CLIENT_AUTHENTICATION.getOID());
            } else if (value.equalsIgnoreCase("code-signing") || value.equalsIgnoreCase("codeSigning")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.CODE_SIGNING.getOID());
            } else if (value.equalsIgnoreCase("email-protection") || value.equalsIgnoreCase("emailProtection")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.EMAIL_PROTECTION.getOID());
            } else if (value.equalsIgnoreCase("time-stamping") || value.equalsIgnoreCase("timeStamping")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.TIME_STAMPING.getOID());
            } else if (value.equalsIgnoreCase("ocsp-signing") || value.equalsIgnoreCase("ocspSigning")) {
                keyPurposeIDs.add(ExtendedKeyUsageID.OCSP_SIGNING.getOID());
            } else if (OID.isStrictlyValidNumericOID(value)) {
                keyPurposeIDs.add(new OID(value));
            } else {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_INVALID_EXTENDED_KEY_USAGE.get(value));
                return ResultCode.PARAM_ERROR;
            }
        }
        try {
            extendedKeyUsage = new ExtendedKeyUsageExtension(false, keyPurposeIDs);
        } catch (final Exception e) {
            // This should never happen.
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXTENDED_KEY_USAGE_ERROR.get());
            e.printStackTrace(getErr());
            return ResultCode.PARAM_ERROR;
        }
        extensionList.add(extendedKeyUsage);
    }
    // Build a list of generic extensions.
    final ArrayList<X509CertificateExtension> genericExtensions = new ArrayList<>(5);
    final StringArgument extensionArgument = subCommandParser.getStringArgument("extension");
    if ((extensionArgument != null) && extensionArgument.isPresent()) {
        for (final String value : extensionArgument.getValues()) {
            try {
                final int firstColonPos = value.indexOf(':');
                final int secondColonPos = value.indexOf(':', firstColonPos + 1);
                final OID oid = new OID(value.substring(0, firstColonPos));
                if (!oid.isStrictlyValidNumericOID()) {
                    wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_MALFORMED_OID.get(value, oid.toString()));
                    return ResultCode.PARAM_ERROR;
                }
                final boolean criticality;
                final String criticalityString = value.substring(firstColonPos + 1, secondColonPos);
                if (criticalityString.equalsIgnoreCase("true") || criticalityString.equalsIgnoreCase("t") || criticalityString.equalsIgnoreCase("yes") || criticalityString.equalsIgnoreCase("y") || criticalityString.equalsIgnoreCase("on") || criticalityString.equalsIgnoreCase("1")) {
                    criticality = true;
                } else if (criticalityString.equalsIgnoreCase("false") || criticalityString.equalsIgnoreCase("f") || criticalityString.equalsIgnoreCase("no") || criticalityString.equalsIgnoreCase("n") || criticalityString.equalsIgnoreCase("off") || criticalityString.equalsIgnoreCase("0")) {
                    criticality = false;
                } else {
                    wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_INVALID_CRITICALITY.get(value, criticalityString));
                    return ResultCode.PARAM_ERROR;
                }
                final byte[] valueBytes;
                try {
                    valueBytes = StaticUtils.fromHex(value.substring(secondColonPos + 1));
                } catch (final Exception e) {
                    Debug.debugException(e);
                    wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_INVALID_VALUE.get(value));
                    return ResultCode.PARAM_ERROR;
                }
                final X509CertificateExtension extension = new X509CertificateExtension(oid, criticality, valueBytes);
                genericExtensions.add(extension);
                extensionList.add(extension);
            } catch (final Exception e) {
                Debug.debugException(e);
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_EXT_MALFORMED.get(value));
                return ResultCode.PARAM_ERROR;
            }
        }
    }
    final String keystoreType;
    try {
        keystoreType = inferKeystoreType(keystorePath);
    } catch (final LDAPException le) {
        Debug.debugException(le);
        wrapErr(0, WRAP_COLUMN, le.getMessage());
        return le.getResultCode();
    }
    final char[] keystorePassword;
    try {
        keystorePassword = getKeystorePassword(keystorePath);
    } catch (final LDAPException le) {
        Debug.debugException(le);
        wrapErr(0, WRAP_COLUMN, le.getMessage());
        return le.getResultCode();
    }
    // Get the keystore.
    final KeyStore keystore;
    try {
        keystore = getKeystore(keystoreType, keystorePath, keystorePassword);
    } catch (final LDAPException le) {
        Debug.debugException(le);
        wrapErr(0, WRAP_COLUMN, le.getMessage());
        return le.getResultCode();
    }
    // If there is a private key, then see if we need to use a private key
    // password that is different from the keystore password.
    final char[] privateKeyPassword;
    try {
        privateKeyPassword = getPrivateKeyPassword(keystore, alias, keystorePassword);
    } catch (final LDAPException le) {
        Debug.debugException(le);
        wrapErr(0, WRAP_COLUMN, le.getMessage());
        return le.getResultCode();
    }
    // perform the appropriate processing for that.
    if (replaceExistingCertificate) {
        // specified alias.
        if (!hasKeyAlias(keystore, alias)) {
            if (hasCertificateAlias(keystore, alias)) {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_ALIAS_IS_CERT.get(alias, keystorePath.getAbsolutePath()));
                return ResultCode.PARAM_ERROR;
            } else {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_NO_SUCH_ALIAS.get(alias, keystorePath.getAbsolutePath()));
                return ResultCode.PARAM_ERROR;
            }
        }
        // Get the certificate to replace, along with its key pair.
        final X509Certificate certToReplace;
        final KeyPair keyPair;
        try {
            final Certificate[] chain = keystore.getCertificateChain(alias);
            certToReplace = new X509Certificate(chain[0].getEncoded());
            final PublicKey publicKey = chain[0].getPublicKey();
            final PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, privateKeyPassword);
            keyPair = new KeyPair(publicKey, privateKey);
        } catch (final Exception e) {
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_REPLACE_COULD_NOT_GET_CERT.get(alias));
            e.printStackTrace(getErr());
            return ResultCode.LOCAL_ERROR;
        }
        // Assign the remaining values using information in the existing
        // certificate.
        signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forOID(certToReplace.getSignatureAlgorithmOID());
        if (signatureAlgorithmIdentifier == null) {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG_IN_CERT.get(certToReplace.getSignatureAlgorithmOID()));
            return ResultCode.PARAM_ERROR;
        } else {
            signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
        }
        if (subjectDN == null) {
            subjectDN = certToReplace.getSubjectDN();
        }
        if (inheritExtensions) {
            for (final X509CertificateExtension extension : certToReplace.getExtensions()) {
                if ((extension instanceof AuthorityKeyIdentifierExtension) || (extension instanceof IssuerAlternativeNameExtension)) {
                // This extension applies to the issuer.  We won't include this in
                // the set of inherited extensions.
                } else if (extension instanceof SubjectKeyIdentifierExtension) {
                // The generated certificate will automatically include a subject
                // key identifier extension, so we don't need to include it.
                } else if (extension instanceof BasicConstraintsExtension) {
                    // Don't override a value already provided on the command line.
                    if (basicConstraints == null) {
                        basicConstraints = (BasicConstraintsExtension) extension;
                        extensionList.add(basicConstraints);
                    }
                } else if (extension instanceof ExtendedKeyUsageExtension) {
                    // Don't override a value already provided on the command line.
                    if (extendedKeyUsage == null) {
                        extendedKeyUsage = (ExtendedKeyUsageExtension) extension;
                        extensionList.add(extendedKeyUsage);
                    }
                } else if (extension instanceof KeyUsageExtension) {
                    // Don't override a value already provided on the command line.
                    if (keyUsage == null) {
                        keyUsage = (KeyUsageExtension) extension;
                        extensionList.add(keyUsage);
                    }
                } else if (extension instanceof SubjectAlternativeNameExtension) {
                    // line.
                    if (sanValues.isEmpty()) {
                        final SubjectAlternativeNameExtension e = (SubjectAlternativeNameExtension) extension;
                        for (final String dnsName : e.getDNSNames()) {
                            sanValues.add("DNS:" + dnsName);
                        }
                        for (final InetAddress ipAddress : e.getIPAddresses()) {
                            sanValues.add("IP:" + ipAddress.getHostAddress());
                        }
                        for (final String emailAddress : e.getRFC822Names()) {
                            sanValues.add("EMAIL:" + emailAddress);
                        }
                        for (final String uri : e.getUniformResourceIdentifiers()) {
                            sanValues.add("URI:" + uri);
                        }
                        for (final OID oid : e.getRegisteredIDs()) {
                            sanValues.add("OID:" + oid.toString());
                        }
                        extensionList.add(extension);
                    }
                } else {
                    genericExtensions.add(extension);
                    extensionList.add(extension);
                }
            }
        }
        // Create an array with the final set of extensions to include in the
        // certificate or certificate signing request.
        final X509CertificateExtension[] extensions = new X509CertificateExtension[extensionList.size()];
        extensionList.toArray(extensions);
        // a keytool command that we could use to accomplish it.
        if (isGenerateCertificate) {
            if (displayKeytoolCommand) {
                final ArrayList<String> keytoolArguments = new ArrayList<>(30);
                keytoolArguments.add("-selfcert");
                keytoolArguments.add("-keystore");
                keytoolArguments.add(keystorePath.getAbsolutePath());
                keytoolArguments.add("-storetype");
                keytoolArguments.add(keystoreType);
                keytoolArguments.add("-storepass");
                keytoolArguments.add("*****REDACTED*****");
                keytoolArguments.add("-keypass");
                keytoolArguments.add("*****REDACTED*****");
                keytoolArguments.add("-alias");
                keytoolArguments.add(alias);
                keytoolArguments.add("-dname");
                keytoolArguments.add(subjectDN.toString());
                keytoolArguments.add("-sigalg");
                keytoolArguments.add(signatureAlgorithmName);
                keytoolArguments.add("-validity");
                keytoolArguments.add(String.valueOf(daysValid));
                if (validityStartTime != null) {
                    keytoolArguments.add("-startdate");
                    keytoolArguments.add(formatValidityStartTime(validityStartTime));
                }
                addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
                displayKeytoolCommand(keytoolArguments);
            }
            // Generate the self-signed certificate.
            final long notBefore;
            if (validityStartTime == null) {
                notBefore = System.currentTimeMillis();
            } else {
                notBefore = validityStartTime.getTime();
            }
            final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
            final X509Certificate certificate;
            final Certificate[] chain;
            try {
                certificate = X509Certificate.generateSelfSignedCertificate(signatureAlgorithmIdentifier, keyPair, subjectDN, notBefore, notAfter, extensions);
                chain = new Certificate[] { certificate.toCertificate() };
            } catch (final Exception e) {
                Debug.debugException(e);
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CERT.get());
                e.printStackTrace(getErr());
                return ResultCode.LOCAL_ERROR;
            }
            // Update the keystore with the new certificate.
            try {
                keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, chain);
                writeKeystore(keystore, keystorePath, keystorePassword);
            } catch (final Exception e) {
                Debug.debugException(e);
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_UPDATING_KEYSTORE.get());
                e.printStackTrace(getErr());
                return ResultCode.LOCAL_ERROR;
            }
            // Display the certificate we just generated to the end user.
            out();
            wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_SELF_CERT.get());
            printCertificate(certificate, "", false);
            // If we should write an output file, then do that now.
            if (outputFile != null) {
                try (PrintStream ps = new PrintStream(outputFile)) {
                    final byte[] certBytes = certificate.getX509CertificateBytes();
                    if (outputPEM) {
                        writePEMCertificate(ps, certBytes);
                    } else {
                        ps.write(certBytes);
                    }
                    out();
                    wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_WROTE_OUTPUT_FILE.get(outputFile.getAbsolutePath()));
                } catch (final Exception e) {
                    Debug.debugException(e);
                    err();
                    wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CERT.get(outputFile.getAbsolutePath()));
                    e.printStackTrace(getErr());
                    return ResultCode.LOCAL_ERROR;
                }
            }
            return ResultCode.SUCCESS;
        } else {
            // Build the keytool command used to generate the certificate signing
            // request.
            Validator.ensureTrue(isGenerateCSR);
            if (displayKeytoolCommand) {
                final ArrayList<String> keytoolArguments = new ArrayList<>(30);
                keytoolArguments.add("-certreq");
                keytoolArguments.add("-keystore");
                keytoolArguments.add(keystorePath.getAbsolutePath());
                keytoolArguments.add("-storetype");
                keytoolArguments.add(keystoreType);
                keytoolArguments.add("-storepass");
                keytoolArguments.add("*****REDACTED*****");
                keytoolArguments.add("-keypass");
                keytoolArguments.add("*****REDACTED*****");
                keytoolArguments.add("-alias");
                keytoolArguments.add(alias);
                keytoolArguments.add("-dname");
                keytoolArguments.add(subjectDN.toString());
                keytoolArguments.add("-sigalg");
                keytoolArguments.add(signatureAlgorithmName);
                addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
                if (outputFile != null) {
                    keytoolArguments.add("-file");
                    keytoolArguments.add(outputFile.getAbsolutePath());
                }
                displayKeytoolCommand(keytoolArguments);
            }
            // Generate the certificate signing request.
            final PKCS10CertificateSigningRequest certificateSigningRequest;
            try {
                certificateSigningRequest = PKCS10CertificateSigningRequest.generateCertificateSigningRequest(signatureAlgorithmIdentifier, keyPair, subjectDN, extensions);
            } catch (final Exception e) {
                Debug.debugException(e);
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CSR.get());
                e.printStackTrace(getErr());
                return ResultCode.LOCAL_ERROR;
            }
            // location.
            try {
                final PrintStream ps;
                if (outputFile == null) {
                    ps = getOut();
                } else {
                    ps = new PrintStream(outputFile);
                }
                if (outputPEM) {
                    writePEMCertificateSigningRequest(ps, certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
                } else {
                    ps.write(certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
                }
                if (outputFile != null) {
                    ps.close();
                }
            } catch (final Exception e) {
                Debug.debugException(e);
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CSR.get());
                e.printStackTrace(getErr());
                return ResultCode.LOCAL_ERROR;
            }
            // able to see it.
            if (outputFile != null) {
                out();
                wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_CSR.get(outputFile.getAbsolutePath()));
            }
            return ResultCode.SUCCESS;
        }
    }
    // certificate.  Perform any remaining argument assignment and validation.
    if ((subjectDN == null) && (!isSignCSR)) {
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_NO_SUBJECT_DN_WITHOUT_REPLACE.get());
        return ResultCode.PARAM_ERROR;
    }
    if (keyAlgorithmIdentifier == null) {
        keyAlgorithmIdentifier = PublicKeyAlgorithmIdentifier.RSA;
        keyAlgorithmName = keyAlgorithmIdentifier.getName();
    }
    if (keySizeBits == null) {
        keySizeBits = 2048;
    }
    if ((signatureAlgorithmIdentifier == null) && (!isSignCSR)) {
        signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.SHA_256_WITH_RSA;
        signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
    }
    // certificate.
    if (isGenerateCertificate || isGenerateCSR) {
        // keystore.
        if (hasKeyAlias(keystore, alias) || hasCertificateAlias(keystore, alias)) {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ALIAS_EXISTS_WITHOUT_REPLACE.get(alias));
            return ResultCode.PARAM_ERROR;
        }
        if (displayKeytoolCommand) {
            final ArrayList<String> keytoolArguments = new ArrayList<>(30);
            keytoolArguments.add("-genkeypair");
            keytoolArguments.add("-keystore");
            keytoolArguments.add(keystorePath.getAbsolutePath());
            keytoolArguments.add("-storetype");
            keytoolArguments.add(keystoreType);
            keytoolArguments.add("-storepass");
            keytoolArguments.add("*****REDACTED*****");
            keytoolArguments.add("-keypass");
            keytoolArguments.add("*****REDACTED*****");
            keytoolArguments.add("-alias");
            keytoolArguments.add(alias);
            keytoolArguments.add("-dname");
            keytoolArguments.add(subjectDN.toString());
            keytoolArguments.add("-keyalg");
            keytoolArguments.add(keyAlgorithmName);
            keytoolArguments.add("-keysize");
            keytoolArguments.add(String.valueOf(keySizeBits));
            keytoolArguments.add("-sigalg");
            keytoolArguments.add(signatureAlgorithmName);
            keytoolArguments.add("-validity");
            keytoolArguments.add(String.valueOf(daysValid));
            if (validityStartTime != null) {
                keytoolArguments.add("-startdate");
                keytoolArguments.add(formatValidityStartTime(validityStartTime));
            }
            addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
            displayKeytoolCommand(keytoolArguments);
        }
        // Generate the self-signed certificate.
        final long notBefore;
        if (validityStartTime == null) {
            notBefore = System.currentTimeMillis();
        } else {
            notBefore = validityStartTime.getTime();
        }
        final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
        final X509CertificateExtension[] extensions = new X509CertificateExtension[extensionList.size()];
        extensionList.toArray(extensions);
        final Certificate[] chain;
        final KeyPair keyPair;
        final X509Certificate certificate;
        try {
            final ObjectPair<X509Certificate, KeyPair> p = X509Certificate.generateSelfSignedCertificate(signatureAlgorithmIdentifier, keyAlgorithmIdentifier, keySizeBits, subjectDN, notBefore, notAfter, extensions);
            certificate = p.getFirst();
            chain = new Certificate[] { certificate.toCertificate() };
            keyPair = p.getSecond();
        } catch (final Exception e) {
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CERT.get());
            e.printStackTrace(getErr());
            return ResultCode.LOCAL_ERROR;
        }
        // Update the keystore with the new certificate.
        try {
            keystore.setKeyEntry(alias, keyPair.getPrivate(), privateKeyPassword, chain);
            writeKeystore(keystore, keystorePath, keystorePassword);
        } catch (final Exception e) {
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_UPDATING_KEYSTORE.get());
            e.printStackTrace(getErr());
            return ResultCode.LOCAL_ERROR;
        }
        if (isNewKeystore) {
            out();
            wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_CERT_CREATED_KEYSTORE.get(getUserFriendlyKeystoreType(keystoreType)));
        }
        // file.
        if (isGenerateCertificate) {
            out();
            wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_SELF_CERT.get());
            printCertificate(certificate, "", false);
            // If we should write an output file, then do that now.
            if (outputFile != null) {
                try (PrintStream ps = new PrintStream(outputFile)) {
                    final byte[] certBytes = certificate.getX509CertificateBytes();
                    if (outputPEM) {
                        writePEMCertificate(ps, certBytes);
                    } else {
                        ps.write(certBytes);
                    }
                    out();
                    wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_WROTE_OUTPUT_FILE.get(outputFile.getAbsolutePath()));
                } catch (final Exception e) {
                    Debug.debugException(e);
                    err();
                    wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CERT.get(outputFile.getAbsolutePath()));
                    e.printStackTrace(getErr());
                    return ResultCode.LOCAL_ERROR;
                }
            }
            return ResultCode.SUCCESS;
        }
        // If we're generating a certificate signing request, then put together
        // the appropriate set of arguments for that.
        Validator.ensureTrue(isGenerateCSR);
        out();
        wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_KEYPAIR.get());
        if (displayKeytoolCommand) {
            final ArrayList<String> keytoolArguments = new ArrayList<>(30);
            keytoolArguments.add("-certreq");
            keytoolArguments.add("-keystore");
            keytoolArguments.add(keystorePath.getAbsolutePath());
            keytoolArguments.add("-storetype");
            keytoolArguments.add(keystoreType);
            keytoolArguments.add("-storepass");
            keytoolArguments.add("*****REDACTED*****");
            keytoolArguments.add("-keypass");
            keytoolArguments.add("*****REDACTED*****");
            keytoolArguments.add("-alias");
            keytoolArguments.add(alias);
            keytoolArguments.add("-dname");
            keytoolArguments.add(subjectDN.toString());
            keytoolArguments.add("-sigalg");
            keytoolArguments.add(signatureAlgorithmName);
            addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
            if (outputFile != null) {
                keytoolArguments.add("-file");
                keytoolArguments.add(outputFile.getAbsolutePath());
            }
            displayKeytoolCommand(keytoolArguments);
        }
        // Generate the certificate signing request.
        final PKCS10CertificateSigningRequest certificateSigningRequest;
        try {
            certificateSigningRequest = PKCS10CertificateSigningRequest.generateCertificateSigningRequest(signatureAlgorithmIdentifier, keyPair, subjectDN, extensions);
        } catch (final Exception e) {
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_GENERATING_CSR.get());
            e.printStackTrace(getErr());
            return ResultCode.LOCAL_ERROR;
        }
        // location.
        try {
            final PrintStream ps;
            if (outputFile == null) {
                ps = getOut();
            } else {
                ps = new PrintStream(outputFile);
            }
            if (outputPEM) {
                writePEMCertificateSigningRequest(ps, certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
            } else {
                ps.write(certificateSigningRequest.getPKCS10CertificateSigningRequestBytes());
            }
            if (outputFile != null) {
                ps.close();
            }
        } catch (final Exception e) {
            Debug.debugException(e);
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_CSR.get());
            e.printStackTrace(getErr());
            return ResultCode.LOCAL_ERROR;
        }
        // able to see it.
        if (outputFile != null) {
            out();
            wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_GENERATED_CSR.get(outputFile.getAbsolutePath()));
        }
        return ResultCode.SUCCESS;
    }
    // If we've gotten here, then we should be signing a certificate signing
    // request.  Make sure that the keystore already has a private key entry
    // with the specified alias.
    Validator.ensureTrue(isSignCSR);
    if (!hasKeyAlias(keystore, alias)) {
        if (hasCertificateAlias(keystore, alias)) {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_ALIAS_IS_CERT.get(alias, keystorePath.getAbsolutePath()));
            return ResultCode.PARAM_ERROR;
        } else {
            wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_NO_SUCH_ALIAS.get(alias, keystorePath.getAbsolutePath()));
            return ResultCode.PARAM_ERROR;
        }
    }
    // Get the signing certificate and its key pair.
    final PrivateKey issuerPrivateKey;
    final X509Certificate issuerCertificate;
    try {
        final Certificate[] chain = keystore.getCertificateChain(alias);
        issuerCertificate = new X509Certificate(chain[0].getEncoded());
        issuerPrivateKey = (PrivateKey) keystore.getKey(alias, privateKeyPassword);
    } catch (final Exception e) {
        Debug.debugException(e);
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_CANNOT_GET_SIGNING_CERT.get(alias));
        e.printStackTrace(getErr());
        return ResultCode.LOCAL_ERROR;
    }
    // Make sure that we can decode the certificate signing request.
    final PKCS10CertificateSigningRequest csr;
    try {
        csr = readCertificateSigningRequestFromFile(inputFile);
    } catch (final LDAPException le) {
        Debug.debugException(le);
        wrapErr(0, WRAP_COLUMN, le.getMessage());
        return le.getResultCode();
    }
    // Make sure that we can verify the certificate signing request's signature.
    try {
        csr.verifySignature();
    } catch (final CertException ce) {
        Debug.debugException(ce);
        wrapErr(0, WRAP_COLUMN, ce.getMessage());
        return ResultCode.PARAM_ERROR;
    }
    // Prompt about whether to sign the request, if appropriate.
    if (!noPrompt) {
        out();
        wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SIGN_CONFIRM.get());
        out();
        printCertificateSigningRequest(csr, false, "");
        out();
        try {
            if (!promptForYesNo(INFO_MANAGE_CERTS_GEN_CERT_PROMPT_SIGN.get())) {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_SIGN_CANCELED.get());
                return ResultCode.USER_CANCELED;
            }
        } catch (final LDAPException le) {
            Debug.debugException(le);
            err();
            wrapErr(0, WRAP_COLUMN, le.getMessage());
            return le.getResultCode();
        }
    }
    // from it.
    if ((subjectDN == null) || (signatureAlgorithmIdentifier == null) || includeRequestedExtensions) {
        if (subjectDN == null) {
            subjectDN = csr.getSubjectDN();
        }
        if (signatureAlgorithmIdentifier == null) {
            signatureAlgorithmIdentifier = SignatureAlgorithmIdentifier.forOID(csr.getSignatureAlgorithmOID());
            if (signatureAlgorithmIdentifier == null) {
                wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_UNKNOWN_SIG_ALG_IN_CSR.get(csr.getSignatureAlgorithmOID()));
                return ResultCode.PARAM_ERROR;
            } else {
                signatureAlgorithmName = signatureAlgorithmIdentifier.getJavaName();
            }
        }
        if (includeRequestedExtensions) {
            for (final X509CertificateExtension extension : csr.getExtensions()) {
                if ((extension instanceof AuthorityKeyIdentifierExtension) || (extension instanceof IssuerAlternativeNameExtension)) {
                // This extension applies to the issuer.  We won't include this in
                // the set of inherited extensions.
                } else if (extension instanceof SubjectKeyIdentifierExtension) {
                // The generated certificate will automatically include a subject
                // key identifier extension, so we don't need to include it.
                } else if (extension instanceof BasicConstraintsExtension) {
                    // Don't override a value already provided on the command line.
                    if (basicConstraints == null) {
                        basicConstraints = (BasicConstraintsExtension) extension;
                        extensionList.add(basicConstraints);
                    }
                } else if (extension instanceof ExtendedKeyUsageExtension) {
                    // Don't override a value already provided on the command line.
                    if (extendedKeyUsage == null) {
                        extendedKeyUsage = (ExtendedKeyUsageExtension) extension;
                        extensionList.add(extendedKeyUsage);
                    }
                } else if (extension instanceof KeyUsageExtension) {
                    // Don't override a value already provided on the command line.
                    if (keyUsage == null) {
                        keyUsage = (KeyUsageExtension) extension;
                        extensionList.add(keyUsage);
                    }
                } else if (extension instanceof SubjectAlternativeNameExtension) {
                    // line.
                    if (sanValues.isEmpty()) {
                        final SubjectAlternativeNameExtension e = (SubjectAlternativeNameExtension) extension;
                        for (final String dnsName : e.getDNSNames()) {
                            sanBuilder.addDNSName(dnsName);
                            sanValues.add("DNS:" + dnsName);
                        }
                        for (final InetAddress ipAddress : e.getIPAddresses()) {
                            sanBuilder.addIPAddress(ipAddress);
                            sanValues.add("IP:" + ipAddress.getHostAddress());
                        }
                        for (final String emailAddress : e.getRFC822Names()) {
                            sanBuilder.addRFC822Name(emailAddress);
                            sanValues.add("EMAIL:" + emailAddress);
                        }
                        for (final String uri : e.getUniformResourceIdentifiers()) {
                            sanBuilder.addUniformResourceIdentifier(uri);
                            sanValues.add("URI:" + uri);
                        }
                        for (final OID oid : e.getRegisteredIDs()) {
                            sanBuilder.addRegisteredID(oid);
                            sanValues.add("OID:" + oid.toString());
                        }
                        try {
                            extensionList.add(new SubjectAlternativeNameExtension(false, sanBuilder.build()));
                        } catch (final Exception ex) {
                            // This should never happen.
                            Debug.debugException(ex);
                            throw new RuntimeException(ex);
                        }
                    }
                } else {
                    genericExtensions.add(extension);
                    extensionList.add(extension);
                }
            }
        }
    }
    // Generate the keytool arguments to use to sign the requested certificate.
    final ArrayList<String> keytoolArguments = new ArrayList<>(30);
    keytoolArguments.add("-gencert");
    keytoolArguments.add("-keystore");
    keytoolArguments.add(keystorePath.getAbsolutePath());
    keytoolArguments.add("-storetype");
    keytoolArguments.add(keystoreType);
    keytoolArguments.add("-storepass");
    keytoolArguments.add("*****REDACTED*****");
    keytoolArguments.add("-keypass");
    keytoolArguments.add("*****REDACTED*****");
    keytoolArguments.add("-alias");
    keytoolArguments.add(alias);
    keytoolArguments.add("-dname");
    keytoolArguments.add(subjectDN.toString());
    keytoolArguments.add("-sigalg");
    keytoolArguments.add(signatureAlgorithmName);
    keytoolArguments.add("-validity");
    keytoolArguments.add(String.valueOf(daysValid));
    if (validityStartTime != null) {
        keytoolArguments.add("-startdate");
        keytoolArguments.add(formatValidityStartTime(validityStartTime));
    }
    addExtensionArguments(keytoolArguments, basicConstraints, keyUsage, extendedKeyUsage, sanValues, ianValues, genericExtensions);
    keytoolArguments.add("-infile");
    keytoolArguments.add(inputFile.getAbsolutePath());
    if (outputFile != null) {
        keytoolArguments.add("-outfile");
        keytoolArguments.add(outputFile.getAbsolutePath());
    }
    if (outputPEM) {
        keytoolArguments.add("-rfc");
    }
    if (displayKeytoolCommand) {
        displayKeytoolCommand(keytoolArguments);
    }
    // Generate the signed certificate.
    final long notBefore;
    if (validityStartTime == null) {
        notBefore = System.currentTimeMillis();
    } else {
        notBefore = validityStartTime.getTime();
    }
    final long notAfter = notBefore + TimeUnit.DAYS.toMillis(daysValid);
    final X509CertificateExtension[] extensions = new X509CertificateExtension[extensionList.size()];
    extensionList.toArray(extensions);
    final X509Certificate signedCertificate;
    try {
        signedCertificate = X509Certificate.generateIssuerSignedCertificate(signatureAlgorithmIdentifier, issuerCertificate, issuerPrivateKey, csr.getPublicKeyAlgorithmOID(), csr.getPublicKeyAlgorithmParameters(), csr.getEncodedPublicKey(), csr.getDecodedPublicKey(), subjectDN, notBefore, notAfter, extensions);
    } catch (final Exception e) {
        Debug.debugException(e);
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_SIGNING_CERT.get());
        e.printStackTrace(getErr());
        return ResultCode.LOCAL_ERROR;
    }
    // Write the signed certificate signing request to the appropriate location.
    try {
        final PrintStream ps;
        if (outputFile == null) {
            ps = getOut();
        } else {
            ps = new PrintStream(outputFile);
        }
        if (outputPEM) {
            writePEMCertificate(ps, signedCertificate.getX509CertificateBytes());
        } else {
            ps.write(signedCertificate.getX509CertificateBytes());
        }
        if (outputFile != null) {
            ps.close();
        }
    } catch (final Exception e) {
        Debug.debugException(e);
        wrapErr(0, WRAP_COLUMN, ERR_MANAGE_CERTS_GEN_CERT_ERROR_WRITING_SIGNED_CERT.get());
        e.printStackTrace(getErr());
        return ResultCode.LOCAL_ERROR;
    }
    // able to see it.
    if (outputFile != null) {
        out();
        wrapOut(0, WRAP_COLUMN, INFO_MANAGE_CERTS_GEN_CERT_SUCCESSFULLY_SIGNED_CERT.get(outputFile.getAbsolutePath()));
    }
    return ResultCode.SUCCESS;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) PrivateKey(java.security.PrivateKey) ArrayList(java.util.ArrayList) DN(com.unboundid.ldap.sdk.DN) ASN1BitString(com.unboundid.asn1.ASN1BitString) FileArgument(com.unboundid.util.args.FileArgument) DNArgument(com.unboundid.util.args.DNArgument) IntegerArgument(com.unboundid.util.args.IntegerArgument) TimestampArgument(com.unboundid.util.args.TimestampArgument) KeyPair(java.security.KeyPair) SubCommand(com.unboundid.util.args.SubCommand) PublicKey(java.security.PublicKey) OID(com.unboundid.util.OID) LDAPException(com.unboundid.ldap.sdk.LDAPException) File(java.io.File) InetAddress(java.net.InetAddress) Certificate(java.security.cert.Certificate) BooleanValueArgument(com.unboundid.util.args.BooleanValueArgument) PrintStream(java.io.PrintStream) BooleanArgument(com.unboundid.util.args.BooleanArgument) KeyStore(java.security.KeyStore) Date(java.util.Date) ArgumentException(com.unboundid.util.args.ArgumentException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) LDAPException(com.unboundid.ldap.sdk.LDAPException) IOException(java.io.IOException) StringArgument(com.unboundid.util.args.StringArgument) NotNull(com.unboundid.util.NotNull)

Aggregations

IntegerArgument (com.unboundid.util.args.IntegerArgument)38 BooleanArgument (com.unboundid.util.args.BooleanArgument)35 StringArgument (com.unboundid.util.args.StringArgument)34 FileArgument (com.unboundid.util.args.FileArgument)29 DNArgument (com.unboundid.util.args.DNArgument)23 FilterArgument (com.unboundid.util.args.FilterArgument)13 ControlArgument (com.unboundid.util.args.ControlArgument)11 ScopeArgument (com.unboundid.util.args.ScopeArgument)9 ASN1OctetString (com.unboundid.asn1.ASN1OctetString)6 DurationArgument (com.unboundid.util.args.DurationArgument)6 LDAPException (com.unboundid.ldap.sdk.LDAPException)5 NotNull (com.unboundid.util.NotNull)5 ArgumentException (com.unboundid.util.args.ArgumentException)5 BooleanValueArgument (com.unboundid.util.args.BooleanValueArgument)5 TimestampArgument (com.unboundid.util.args.TimestampArgument)5 File (java.io.File)5 ASN1BitString (com.unboundid.asn1.ASN1BitString)4 DN (com.unboundid.ldap.sdk.DN)3 ArgumentParser (com.unboundid.util.args.ArgumentParser)3 SubCommand (com.unboundid.util.args.SubCommand)3