diff options
-rwxr-xr-x | scripts/caclone-configure.sh | 66 | ||||
-rwxr-xr-x | scripts/caclone-create.sh | 3 | ||||
-rwxr-xr-x | scripts/caclone-remove.sh | 6 | ||||
-rwxr-xr-x | scripts/caclone-restart.sh | 4 | ||||
-rwxr-xr-x | scripts/caclone-start.sh | 3 | ||||
-rwxr-xr-x | scripts/caclone-stop.sh | 3 | ||||
-rw-r--r-- | scripts/caclone.cfg | 28 | ||||
-rwxr-xr-x | scripts/existing-export.sh | 3 | ||||
-rw-r--r-- | scripts/existing-step1.cfg | 19 | ||||
-rwxr-xr-x | scripts/existing-step1.sh | 8 | ||||
-rw-r--r-- | scripts/external-step1.cfg | 20 | ||||
-rwxr-xr-x | scripts/external-step1.sh | 9 | ||||
-rw-r--r-- | scripts/external-step2.cfg | 21 | ||||
-rwxr-xr-x | scripts/external-step2.sh | 5 | ||||
-rwxr-xr-x | scripts/sub-restart.sh | 4 | ||||
-rwxr-xr-x | scripts/sub-start.sh | 5 | ||||
-rwxr-xr-x | scripts/sub-stop.sh | 5 | ||||
-rw-r--r-- | scripts/subca.cfg | 29 | ||||
-rw-r--r-- | scripts/subkra.cfg | 29 | ||||
-rwxr-xr-x | scripts/tps-enroll.sh | 34 | ||||
-rwxr-xr-x | scripts/tps-format.sh | 36 | ||||
-rwxr-xr-x | scripts/tps-user.sh | 16 |
22 files changed, 0 insertions, 356 deletions
diff --git a/scripts/caclone-configure.sh b/scripts/caclone-configure.sh deleted file mode 100755 index fe9af29..0000000 --- a/scripts/caclone-configure.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/sh -x - -PKI_DEV_SRC=`cd .. ; pwd` - -INSTANCE_NAME=pki-caclone -PASSWORD=Secret123 -PIN=`grep preop.pin= /var/lib/$INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'` - -REALM=EXAMPLE-COM -CERTS=$PKI_DEV_SRC/certs/caclone -rm -rf $CERTS -mkdir -p $CERTS - -./caclone-certs.sh - -pkisilent ConfigureCA \ - -cs_hostname "$HOSTNAME" \ - -cs_port "9444" \ - -preop_pin "$PIN" \ - -client_certdb_dir "$CERTS" \ - -client_certdb_pwd "$PASSWORD" \ - -token_name "internal" \ - -domain_name "$REALM" \ - -subsystem_name "Certificate Authority Clone" \ - -clone "true" \ - -clone_uri "https://$HOSTNAME:9443" \ - -clone_p12_file "ca-server-certs.p12" \ - -clone_p12_password "$PASSWORD" \ - -sd_hostname "$HOSTNAME" \ - -sd_admin_port 9443 \ - -sd_ssl_port 9443 \ - -sd_agent_port 9443 \ - -sd_admin_name "caadmin" \ - -sd_admin_password "$PASSWORD" \ - -ldap_host "localhost" \ - -ldap_port "390" \ - -base_dn "dc=ca,dc=example,dc=com" \ - -db_name "example.com-$INSTANCE_NAME" \ - -bind_dn "cn=Directory Manager" \ - -bind_password "$PASSWORD" \ - -remove_data "true" \ - -key_type rsa \ - -key_size 2048 \ - -key_algorithm SHA256withRSA \ - -signing_signingalgorithm SHA256withRSA \ - -save_p12 true \ - -backup_fname "$CERTS/caclone-server-certs.p12" \ - -backup_pwd "$PASSWORD" \ - -ca_sign_cert_subject_name "CN=Certificate Authority,O=$REALM" \ - -ca_ocsp_cert_subject_name "CN=OCSP Signing Certificate,O=$REALM" \ - -ca_server_cert_subject_name "CN=$HOSTNAME,O=$REALM" \ - -ca_subsystem_cert_subject_name "CN=CA Subsystem Certificate,O=$REALM" \ - -ca_audit_signing_cert_subject_name "CN=CA Audit Signing Certificate,O=$REALM" \ - -admin_user "caadmin" \ - -agent_name "caadmin" \ - -admin_email "caadmin@example.com" \ - -admin_password "$PASSWORD" \ - -agent_key_size 2048 \ - -agent_key_type rsa \ - -agent_cert_subject "CN=caadmin,UID=caadmin,E=caadmin@example.com,O=$REALM" - - -echo $PASSWORD > "$CERTS/password.txt" -PKCS12Export -d "$CERTS" -o "$CERTS/caclone-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt" - -systemctl restart pki-cad@$INSTANCE_NAME.service diff --git a/scripts/caclone-create.sh b/scripts/caclone-create.sh deleted file mode 100755 index 1bd0b4f..0000000 --- a/scripts/caclone-create.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -x - -pkispawn -v -f caclone.cfg -s CA 2>&1 | tee build/calclone-create.log diff --git a/scripts/caclone-remove.sh b/scripts/caclone-remove.sh deleted file mode 100755 index 2f5640b..0000000 --- a/scripts/caclone-remove.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -SRC_DIR=`cd ../.. ; pwd` -INSTANCE_NAME=pki-tomcat - -pkidestroy -v -s CA -i $INSTANCE_NAME diff --git a/scripts/caclone-restart.sh b/scripts/caclone-restart.sh deleted file mode 100755 index 7c65fb1..0000000 --- a/scripts/caclone-restart.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -x - -./caclone-stop.sh -./caclone-start.sh diff --git a/scripts/caclone-start.sh b/scripts/caclone-start.sh deleted file mode 100755 index 9ebfd59..0000000 --- a/scripts/caclone-start.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -x - -systemctl start pki-tomcatd@ca-clone.service diff --git a/scripts/caclone-stop.sh b/scripts/caclone-stop.sh deleted file mode 100755 index 63e7b51..0000000 --- a/scripts/caclone-stop.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -x - -systemctl stop pki-tomcatd@ca-clone.service diff --git a/scripts/caclone.cfg b/scripts/caclone.cfg deleted file mode 100644 index bba9e7c..0000000 --- a/scripts/caclone.cfg +++ /dev/null @@ -1,28 +0,0 @@ -[DEFAULT] -pki_instance_name=pki-clone -pki_http_port=18080 -pki_https_port=18443 -pki_ajp_port=18009 -pki_tomcat_server_port=18005 - -[CA] -pki_admin_email=caadmin@example.com -pki_admin_name=caadmin -pki_admin_nickname=caadmin -pki_admin_password=Secret123 -pki_admin_uid=caadmin -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_database_purge=False -pki_client_pkcs12_password=Secret123 -pki_ds_base_dn=dc=ca,dc=example,dc=com -pki_ds_database=ca -pki_ds_password=Secret123 -pki_ds_ldap_port=10389 -pki_security_domain_password=Secret123 -pki_security_domain_https_port=8443 -pki_security_domain_user=caadmin -pki_clone=True -pki_clone_pkcs12_password=Secret123 -pki_clone_pkcs12_path=/tmp/ca_backup_keys.p12 -pki_clone_replicate_schema=True diff --git a/scripts/existing-export.sh b/scripts/existing-export.sh deleted file mode 100755 index e3080c7..0000000 --- a/scripts/existing-export.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh -x - -pki-server subsystem-cert-export ca signing --pkcs12-file ca.p12 --pkcs12-password-file password.txt --csr-file ca_signing.csr diff --git a/scripts/existing-step1.cfg b/scripts/existing-step1.cfg deleted file mode 100644 index 2ff209c..0000000 --- a/scripts/existing-step1.cfg +++ /dev/null @@ -1,19 +0,0 @@ -[CA] -pki_admin_email=caadmin@example.com -pki_admin_name=caadmin -pki_admin_nickname=caadmin -pki_admin_password=Secret123 -pki_admin_uid=caadmin -pki_backup_keys=True -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_database_purge=False -pki_client_pkcs12_password=Secret123 -pki_ds_base_dn=dc=ca,dc=example,dc=com -pki_ds_database=ca -pki_ds_password=Secret123 -pki_security_domain_name=EXAMPLE -pki_token_password=Secret123 - -pki_external=True -pki_external_step_two=False diff --git a/scripts/existing-step1.sh b/scripts/existing-step1.sh deleted file mode 100755 index 422febb..0000000 --- a/scripts/existing-step1.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -x - -mkdir -p build - -rm -rf /tmp/ca_signing.csr -rm -rf /tmp/ca.p12 - -pkispawn -v -f existing-step1.cfg -s CA 2>&1 | tee build/existing-step1.log diff --git a/scripts/external-step1.cfg b/scripts/external-step1.cfg deleted file mode 100644 index 967289c..0000000 --- a/scripts/external-step1.cfg +++ /dev/null @@ -1,20 +0,0 @@ -[CA] -pki_admin_email=caadmin@example.com -pki_admin_name=caadmin -pki_admin_nickname=caadmin -pki_admin_password=Secret123 -pki_admin_uid=caadmin -pki_backup_keys=True -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_database_purge=False -pki_client_pkcs12_password=Secret123 -pki_ds_base_dn=dc=ca,dc=example,dc=com -pki_ds_database=ca -pki_ds_password=Secret123 -pki_security_domain_name=EXTERNAL -pki_token_password=Secret123 - -pki_external=True -pki_external_step_two=False -pki_external_csr_path=/tmp/ca_signing.csr diff --git a/scripts/external-step1.sh b/scripts/external-step1.sh deleted file mode 100755 index 5f7676c..0000000 --- a/scripts/external-step1.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh -x - -mkdir -p build - -rm -f /tmp/ca_signing.csr -rm -f /tmp/ca_signing.crt -rm -f /tmp/external.crt - -pkispawn -v -f external-step1.cfg -s CA 2>&1 | tee build/external-step1.log diff --git a/scripts/external-step2.cfg b/scripts/external-step2.cfg deleted file mode 100644 index 2092c48..0000000 --- a/scripts/external-step2.cfg +++ /dev/null @@ -1,21 +0,0 @@ -[CA] -pki_admin_email=caadmin@example.com -pki_admin_name=caadmin -pki_admin_nickname=caadmin -pki_admin_password=Secret123 -pki_admin_uid=caadmin -pki_backup_keys=True -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_database_purge=False -pki_client_pkcs12_password=Secret123 -pki_ds_base_dn=dc=ca,dc=example,dc=com -pki_ds_database=ca -pki_ds_password=Secret123 -pki_security_domain_name=EXTERNAL -pki_token_password=Secret123 - -pki_external=True -pki_external_step_two=True -pki_external_ca_cert_chain_path=/tmp/external.crt -pki_external_ca_cert_path=/tmp/ca_signing.crt diff --git a/scripts/external-step2.sh b/scripts/external-step2.sh deleted file mode 100755 index 78f9c9d..0000000 --- a/scripts/external-step2.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -x - -mkdir -p build - -pkispawn -v -f external-step2.cfg -s CA 2>&1 | tee build/external-step2.log diff --git a/scripts/sub-restart.sh b/scripts/sub-restart.sh deleted file mode 100755 index 661e7cd..0000000 --- a/scripts/sub-restart.sh +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -x - -./sub-stop.sh -./sub-start.sh diff --git a/scripts/sub-start.sh b/scripts/sub-start.sh deleted file mode 100755 index 67d31af..0000000 --- a/scripts/sub-start.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -x - -INSTANCE_NAME=pki-sub - -systemctl start pki-tomcatd@$INSTANCE_NAME.service diff --git a/scripts/sub-stop.sh b/scripts/sub-stop.sh deleted file mode 100755 index dc9dc05..0000000 --- a/scripts/sub-stop.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -x - -INSTANCE_NAME=pki-sub - -systemctl stop pki-tomcatd@$INSTANCE_NAME.service diff --git a/scripts/subca.cfg b/scripts/subca.cfg deleted file mode 100644 index 346fbd0..0000000 --- a/scripts/subca.cfg +++ /dev/null @@ -1,29 +0,0 @@ -[DEFAULT] -pki_instance_name=pki-subca -pki_http_port=18080 -pki_https_port=18443 -pki_ajp_port=18010 -pki_tomcat_server_port=18006 - -[CA] -pki_admin_password=Secret123 -pki_admin_email=caadmin@example.com -pki_admin_name=caadmin -pki_admin_nickname=caadmin -pki_admin_uid=caadmin -pki_subordinate=True -pki_issuing_ca_https_port=8443 -pki_ca_signing_subject_dn=cn=CA Subordinate Signing,dc=example,dc=com -pki_backup_keys=True -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_database_purge=False -pki_client_pkcs12_password=Secret123 -pki_ds_base_dn=dc=ca,dc=sub,dc=example,dc=com -pki_ds_database=subca -pki_ds_password=Secret123 -pki_security_domain_name=EXAMPLE -pki_security_domain_password=Secret123 -pki_security_domain_https_port=8443 -pki_security_domain_user=caadmin -pki_token_password=Secret123 diff --git a/scripts/subkra.cfg b/scripts/subkra.cfg deleted file mode 100644 index a29139f..0000000 --- a/scripts/subkra.cfg +++ /dev/null @@ -1,29 +0,0 @@ -[DEFAULT] -pki_instance_name=pki-subkra -pki_http_port=28080 -pki_https_port=28443 -pki_ajp_port=28010 -pki_tomcat_server_port=28006 - -[KRA] -pki_import_admin_cert=False -#pki_admin_cert_file=/root/.dogtag/pki-sub/ca_admin.cert -pki_admin_email=kraadmin@example.com -pki_admin_name=kraadmin -pki_admin_nickname=kraadmin -pki_admin_password=Secret123 -pki_admin_uid=kraadmin -pki_backup_password=Secret123 -pki_client_database_password=Secret123 -pki_client_database_purge=False -pki_client_pkcs12_password=Secret123 -pki_clone_pkcs12_password=Secret123 -pki_ds_base_dn=dc=kra,dc=sub,dc=example,dc=com -pki_ds_database=subkra -pki_ds_password=Secret123 -pki_security_domain_name=EXAMPLE -pki_security_domain_user=caadmin -pki_security_domain_password=Secret123 -pki_security_domain_https_port=8443 -pki_issuing_ca_https_port=18443 -pki_token_password=Secret123 diff --git a/scripts/tps-enroll.sh b/scripts/tps-enroll.sh deleted file mode 100755 index 73f9d44..0000000 --- a/scripts/tps-enroll.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/sh - -uid=$1 -cuid=$2 - -if [ "$cuid" == "" ]; then - #cuid=a00192030405060708c9 - cuid=`hexdump -v -n "10" -e '1/1 "%02x"' /dev/urandom` -fi - -echo $cuid - -tpsclient <<EOF -op=var_set name=ra_host value=localhost -op=var_set name=ra_port value=8080 -op=var_set name=ra_uri value=/tps/tps -op=var_list - -#op=token_status - -op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0 - -op=token_set auth_key=404142434445464748494a4b4c4d4e4f -op=token_set mac_key=404142434445464748494a4b4c4d4e4f -op=token_set kek_key=404142434445464748494a4b4c4d4e4f - -op=token_status - -op=ra_enroll uid=$uid pwd=Secret123 new_pin=Secret123 num_threads=1 extensions=tokenType=userKey - -#op=token_status - -op=exit -EOF diff --git a/scripts/tps-format.sh b/scripts/tps-format.sh deleted file mode 100755 index 6f7be24..0000000 --- a/scripts/tps-format.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh - -uid=$1 -cuid=$2 - -if [ "$cuid" == "" ]; then - #cuid=a00192030405060708c9 - #cuid=A7D05D2BA7D1AFB4E7C1 - cuid=`hexdump -v -n "10" -e '1/1 "%02x"' /dev/urandom` -fi - -echo $cuid - -tpsclient <<EOF -op=var_set name=ra_host value=localhost -op=var_set name=ra_port value=8080 -op=var_set name=ra_uri value=/tps/tps -op=var_list - -#op=token_status - -op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0 -#op=token_set cuid=$cuid app_ver=6FBBC105 key_info=0101 - -op=token_set auth_key=404142434445464748494a4b4c4d4e4f -op=token_set mac_key=404142434445464748494a4b4c4d4e4f -op=token_set kek_key=404142434445464748494a4b4c4d4e4f - -op=token_status - -op=ra_format uid=$uid pwd=Secret123 new_pin=Secret123 num_threads=1 extensions=tokenType=userKey - -#op=token_status - -op=exit -EOF diff --git a/scripts/tps-user.sh b/scripts/tps-user.sh deleted file mode 100755 index 8fc3b60..0000000 --- a/scripts/tps-user.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -uid=$1 - -ldapadd -h $HOSTNAME -p 389 -D "cn=Directory Manager" -w Secret123 << EOF -dn: uid=$uid,ou=people,dc=example,dc=com -objectClass: top -objectClass: person -objectClass: organizationalPerson -objectClass: inetOrgPerson -uid: $uid -cn: Test User -sn: User -givenName: Test -userPassword: Secret123 -EOF |