diff options
author | Endi S. Dewata <edewata@redhat.com> | 2017-07-20 07:31:46 +0200 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2017-07-20 07:31:46 +0200 |
commit | 4ef1422a303c035735afd84d98ee7baba325c2fa (patch) | |
tree | 327638031e99a091d4cb3087862e74521db63b5c | |
parent | cc84991f7ebf911d3b5303738c84d6778accc537 (diff) | |
download | pki-dev-4ef1422a303c035735afd84d98ee7baba325c2fa.tar.gz pki-dev-4ef1422a303c035735afd84d98ee7baba325c2fa.tar.xz pki-dev-4ef1422a303c035735afd84d98ee7baba325c2fa.zip |
Updated TPS scripts.
-rwxr-xr-x | scripts/tps-admin-setup.sh | 17 | ||||
-rwxr-xr-x | scripts/tps-agent-setup.sh | 14 | ||||
-rwxr-xr-x | scripts/tps-auth-user-add.sh | 16 | ||||
-rwxr-xr-x | scripts/tps-auth-user-del.sh | 7 | ||||
-rwxr-xr-x | scripts/tps-build.sh | 2 | ||||
-rwxr-xr-x | scripts/tps-config-mod.sh | 11 | ||||
-rwxr-xr-x | scripts/tps-config-show.sh | 7 | ||||
-rwxr-xr-x | scripts/tps-configure.sh | 2 | ||||
-rwxr-xr-x | scripts/tps-create.sh | 2 | ||||
-rwxr-xr-x | scripts/tps-operator-setup.sh | 16 | ||||
-rwxr-xr-x | scripts/tps-remote-create.sh | 5 | ||||
-rwxr-xr-x | scripts/tps-token-enroll.sh | 34 | ||||
-rwxr-xr-x | scripts/tps-token-format.sh | 36 |
13 files changed, 144 insertions, 25 deletions
diff --git a/scripts/tps-admin-setup.sh b/scripts/tps-admin-setup.sh index daacecd..53b0298 100755 --- a/scripts/tps-admin-setup.sh +++ b/scripts/tps-admin-setup.sh @@ -1,15 +1,18 @@ #!/bin/sh -x -#pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-add tpsadmin --fullName "TPS Administrator" -#pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-group-member-add "Administrators" tpsadmin +USERNAME=tpsadmin +#USERNAME=admin -REQUEST_ID=`pki -c Secret123 client-cert-request uid=tpsadmin | grep "Request ID:" | awk -F ': ' '{print $2;}'` +#pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-add $USERNAME --fullName "TPS Administrator" +#pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-group-member-add "Administrators" $USERNAME + +REQUEST_ID=`pki -c Secret.123 client-cert-request uid=$USERNAME | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID -CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID -pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-cert-add tpsadmin --serial $CERT_ID -pki -c Secret123 client-cert-import tpsadmin --serial $CERT_ID +pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-cert-add $USERNAME --serial $CERT_ID +pki -c Secret.123 client-cert-import $USERNAME --serial $CERT_ID -pki -c Secret123 client-cert-show tpsadmin --pkcs12 tpsadmin.p12 --pkcs12-password Secret123 +pki -c Secret.123 client-cert-show $USERNAME --pkcs12 $USERNAME.p12 --pkcs12-password Secret.123 diff --git a/scripts/tps-agent-setup.sh b/scripts/tps-agent-setup.sh index 49f86b9..1f8bddf 100755 --- a/scripts/tps-agent-setup.sh +++ b/scripts/tps-agent-setup.sh @@ -1,15 +1,15 @@ #!/bin/sh -x -pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-add tpsagent --fullName "TPS Agent" -pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-group-member-add "TPS Agents" tpsagent +pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-add tpsagent --fullName "TPS Agent" +pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-group-member-add "TPS Agents" tpsagent -REQUEST_ID=`pki -c Secret123 client-cert-request uid=tpsagent | grep "Request ID:" | awk -F ': ' '{print $2;}'` +REQUEST_ID=`pki -c Secret.123 client-cert-request uid=tpsagent | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID -CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID -pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-cert-add tpsagent --serial $CERT_ID -pki -c Secret123 client-cert-import tpsagent --serial $CERT_ID +pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-cert-add tpsagent --serial $CERT_ID +pki -c Secret.123 client-cert-import tpsagent --serial $CERT_ID -pki -c Secret123 client-cert-show tpsagent --pkcs12 tpsagent.p12 --pkcs12-password Secret123 +pki -c Secret.123 client-cert-show tpsagent --pkcs12 tpsagent.p12 --pkcs12-password Secret.123 diff --git a/scripts/tps-auth-user-add.sh b/scripts/tps-auth-user-add.sh new file mode 100755 index 0000000..bf4527d --- /dev/null +++ b/scripts/tps-auth-user-add.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +uid=$1 + +ldapadd -h $HOSTNAME -p 389 -D "cn=Directory Manager" -w Secret.123 << EOF +dn: uid=$uid,ou=people,dc=example,dc=com +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +uid: $uid +cn: Test User +sn: User +givenName: Test +userPassword: Secret.123 +EOF diff --git a/scripts/tps-auth-user-del.sh b/scripts/tps-auth-user-del.sh new file mode 100755 index 0000000..9c94c63 --- /dev/null +++ b/scripts/tps-auth-user-del.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +uid=$1 + +ldapdelete -h $HOSTNAME -p 389 -D "cn=Directory Manager" -w Secret.123 << EOF +uid=$uid,ou=people,dc=example,dc=com +EOF diff --git a/scripts/tps-build.sh b/scripts/tps-build.sh index 170b9e9..c02cf72 100755 --- a/scripts/tps-build.sh +++ b/scripts/tps-build.sh @@ -11,7 +11,7 @@ cd $BUILD_DIR rm -rf rpmbuild mkdir -p rpmbuild -$COMPOSE --work-dir $BUILD_DIR/rpmbuild rpms 2>&1 | tee build.log +$COMPOSE --work-dir $BUILD_DIR/rpmbuild rpms rm -rf repo mkdir -p repo diff --git a/scripts/tps-config-mod.sh b/scripts/tps-config-mod.sh new file mode 100755 index 0000000..f7d4b26 --- /dev/null +++ b/scripts/tps-config-mod.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +INPUT=$1 + +# -H "Accept: application/xml" \ + +SSL_DIR=~/.dogtag/pki-tomcat/ca/alias curl -E "caadmin:Secret123" \ + -H "Content-Type: application/xml" \ + -X PATCH \ + --data @$INPUT \ + https://$HOSTNAME:8443/tps/rest/config | xmllint --format - diff --git a/scripts/tps-config-show.sh b/scripts/tps-config-show.sh new file mode 100755 index 0000000..f92ba2a --- /dev/null +++ b/scripts/tps-config-show.sh @@ -0,0 +1,7 @@ +#!/bin/sh + +# -H "Content-Type: application/xml" + +SSL_DIR=~/.dogtag/pki-tomcat/ca/alias curl -E "caadmin:Secret123" \ + -H "Accept: application/json" \ + https://$HOSTNAME:8443/tps/rest/config diff --git a/scripts/tps-configure.sh b/scripts/tps-configure.sh index 32b0afe..9b020fc 100755 --- a/scripts/tps-configure.sh +++ b/scripts/tps-configure.sh @@ -58,7 +58,7 @@ pkisilent ConfigureTPS \ -admin_password "$TPS_ADMIN_PASSWORD" \ -agent_key_size 2048 \ -agent_key_type rsa \ - -agent_cert_subject "$TPS_ADMIN_CERT_SUBJECT" 2>&1 | tee tps-configure.out + -agent_cert_subject "$TPS_ADMIN_CERT_SUBJECT" echo $PASSWORD > "$CERTS/password.txt" PKCS12Export -d "$CERTS" -o "$CERTS/tps-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt" diff --git a/scripts/tps-create.sh b/scripts/tps-create.sh index caa6554..36d33f7 100755 --- a/scripts/tps-create.sh +++ b/scripts/tps-create.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkispawn -f tps.cfg -s TPS -vvv 2>&1 | tee build/tps-create.log +pkispawn -f tps.cfg -s TPS -vvv diff --git a/scripts/tps-operator-setup.sh b/scripts/tps-operator-setup.sh index 60b9b5a..84a9ac7 100755 --- a/scripts/tps-operator-setup.sh +++ b/scripts/tps-operator-setup.sh @@ -1,17 +1,17 @@ #!/bin/sh -x -pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-add tpsoperator --fullName "TPS Operator" -pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-group-member-add "TPS Operators" tpsoperator +pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-add tpsoperator --fullName "TPS Operator" +pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-group-member-add "TPS Operators" tpsoperator -pki -c Secret123 client-init --force +pki -c Secret.123 client-init --force -REQUEST_ID=`pki -c Secret123 client-cert-request uid=tpsoperator | grep "Request ID:" | awk -F ': ' '{print $2;}'` +REQUEST_ID=`pki -c Secret.123 client-cert-request uid=tpsoperator | grep "Request ID:" | awk -F ': ' '{print $2;}'` echo Request ID: $REQUEST_ID -CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` echo Certificate ID: $CERT_ID -pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-cert-add tpsoperator --serial $CERT_ID -pki -c Secret123 client-cert-import tpsoperator --serial $CERT_ID +pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-cert-add tpsoperator --serial $CERT_ID +pki -c Secret.123 client-cert-import tpsoperator --serial $CERT_ID -pki -c Secret123 client-cert-show tpsoperator --pkcs12 tpsoperator.p12 --pkcs12-password Secret123 +pki -c Secret.123 client-cert-show tpsoperator --pkcs12 tpsoperator.p12 --pkcs12-password Secret.123 diff --git a/scripts/tps-remote-create.sh b/scripts/tps-remote-create.sh new file mode 100755 index 0000000..5199707 --- /dev/null +++ b/scripts/tps-remote-create.sh @@ -0,0 +1,5 @@ +#!/bin/sh -x + +echo $HOSTNAME > tps.host + +pkispawn -f tps-remote.cfg -s TPS -vvv diff --git a/scripts/tps-token-enroll.sh b/scripts/tps-token-enroll.sh new file mode 100755 index 0000000..a2dfd74 --- /dev/null +++ b/scripts/tps-token-enroll.sh @@ -0,0 +1,34 @@ +#!/bin/sh + +uid=$1 +cuid=$2 + +if [ "$cuid" == "" ]; then + #cuid=a00192030405060708c9 + cuid=`hexdump -v -n "10" -e '1/1 "%02x"' /dev/urandom` +fi + +echo $cuid + +tpsclient <<EOF +op=var_set name=ra_host value=localhost +op=var_set name=ra_port value=8080 +op=var_set name=ra_uri value=/tps/tps +op=var_list + +#op=token_status + +op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0 + +op=token_set auth_key=404142434445464748494a4b4c4d4e4f +op=token_set mac_key=404142434445464748494a4b4c4d4e4f +op=token_set kek_key=404142434445464748494a4b4c4d4e4f + +op=token_status + +op=ra_enroll uid=$uid pwd=Secret.123 new_pin=Secret.123 num_threads=1 extensions=tokenType=userKey + +#op=token_status + +op=exit +EOF diff --git a/scripts/tps-token-format.sh b/scripts/tps-token-format.sh new file mode 100755 index 0000000..6961380 --- /dev/null +++ b/scripts/tps-token-format.sh @@ -0,0 +1,36 @@ +#!/bin/sh + +uid=$1 +cuid=$2 + +if [ "$cuid" == "" ]; then + #cuid=a00192030405060708c9 + #cuid=A7D05D2BA7D1AFB4E7C1 + cuid=`hexdump -v -n "10" -e '1/1 "%02x"' /dev/urandom` +fi + +echo $cuid + +tpsclient <<EOF +op=var_set name=ra_host value=localhost +op=var_set name=ra_port value=8080 +op=var_set name=ra_uri value=/tps/tps +op=var_list + +#op=token_status + +op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0 +#op=token_set cuid=$cuid app_ver=6FBBC105 key_info=0101 + +op=token_set auth_key=404142434445464748494a4b4c4d4e4f +op=token_set mac_key=404142434445464748494a4b4c4d4e4f +op=token_set kek_key=404142434445464748494a4b4c4d4e4f + +op=token_status + +op=ra_format uid=$uid pwd=Secret.123 new_pin=Secret.123 num_threads=1 extensions=tokenType=userKey + +#op=token_status + +op=exit +EOF |