diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-07-25 09:24:54 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-07-25 23:24:27 -0500 |
| commit | 08e99e5721c99db5e5780c0d7eb2dab1a8199778 (patch) | |
| tree | 4e4fa194677c59653ab7b55fc3342784d73e01c8 /scripts | |
| parent | b9e6ba218f7be8b92402cc469c7d3a0d95d83dec (diff) | |
| download | pki-dev-08e99e5721c99db5e5780c0d7eb2dab1a8199778.tar.gz pki-dev-08e99e5721c99db5e5780c0d7eb2dab1a8199778.tar.xz pki-dev-08e99e5721c99db5e5780c0d7eb2dab1a8199778.zip | |
Added scripts for Tomcat 7.
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/ca-console.sh | 2 | ||||
| -rwxr-xr-x | scripts/ca-destroy.sh | 3 | ||||
| -rwxr-xr-x | scripts/ca-nuke.sh | 9 | ||||
| -rwxr-xr-x | scripts/ca-restart.sh | 3 | ||||
| -rwxr-xr-x | scripts/ca-spawn.sh | 3 | ||||
| -rwxr-xr-x | scripts/ca-start.sh | 2 | ||||
| -rwxr-xr-x | scripts/ca-stop.sh | 2 | ||||
| -rw-r--r-- | scripts/ca.cfg | 218 | ||||
| -rwxr-xr-x | scripts/certs-import.sh | 9 | ||||
| -rwxr-xr-x | scripts/clean.sh | 19 | ||||
| -rwxr-xr-x | scripts/ds-create.sh | 2 | ||||
| -rwxr-xr-x | scripts/jarfinder.sh | 19 |
12 files changed, 283 insertions, 8 deletions
diff --git a/scripts/ca-console.sh b/scripts/ca-console.sh index f596e6a..6fda547 100755 --- a/scripts/ca-console.sh +++ b/scripts/ca-console.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -pkiconsole https://$HOSTNAME:9443/ca +pkiconsole https://$HOSTNAME:8443/ca diff --git a/scripts/ca-destroy.sh b/scripts/ca-destroy.sh new file mode 100755 index 0000000..0d4d382 --- /dev/null +++ b/scripts/ca-destroy.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +pkidestroy -s CA -i pki-master diff --git a/scripts/ca-nuke.sh b/scripts/ca-nuke.sh new file mode 100755 index 0000000..ef2d6f5 --- /dev/null +++ b/scripts/ca-nuke.sh @@ -0,0 +1,9 @@ +#!/bin/sh -x + +INSTANCE=pki-master + +rm -rf /etc/pki/$INSTANCE +rm -rf /var/lib/pki/$INSTANCE +rm -rf /etc/sysconfig/pki/tomcat/$INSTANCE +rm -rf /var/log/pki/$INSTANCE +rm -rf /etc/sysconfig/$INSTANCE diff --git a/scripts/ca-restart.sh b/scripts/ca-restart.sh index eb7f0c1..e8a90b4 100755 --- a/scripts/ca-restart.sh +++ b/scripts/ca-restart.sh @@ -1,3 +1,4 @@ #!/bin/sh -x -systemctl restart pki-cad@pki-ca.service +./ca-stop.sh +./ca-start.sh diff --git a/scripts/ca-spawn.sh b/scripts/ca-spawn.sh new file mode 100755 index 0000000..21ba088 --- /dev/null +++ b/scripts/ca-spawn.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +pkispawn -f ca.cfg -s CA diff --git a/scripts/ca-start.sh b/scripts/ca-start.sh index ff7ba41..e417e03 100755 --- a/scripts/ca-start.sh +++ b/scripts/ca-start.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -systemctl start pki-cad@pki-ca.service +systemctl start pki-tomcatd@pki-master.service diff --git a/scripts/ca-stop.sh b/scripts/ca-stop.sh index 55254fc..59be94a 100755 --- a/scripts/ca-stop.sh +++ b/scripts/ca-stop.sh @@ -1,3 +1,3 @@ #!/bin/sh -x -systemctl stop pki-cad@pki-ca.service +systemctl stop pki-tomcatd@pki-master.service diff --git a/scripts/ca.cfg b/scripts/ca.cfg new file mode 100644 index 0000000..51d0a33 --- /dev/null +++ b/scripts/ca.cfg @@ -0,0 +1,218 @@ +############################################################################### +## 'Sensitive' Data: ## +## ## +## Values in this section pertain to various PKI subsystems, and contain ## +## required 'sensitive' information which MUST ALWAYS be provided by users. ## +## ## +## IMPORTANT: Sensitive data values must NEVER be displayed to the ## +## console NOR stored in log files!!! ## +############################################################################### +[Sensitive] +pki_admin_password=Secret123 +pki_backup_password= +pki_client_pkcs12_password=Secret123 +pki_ds_password=Secret123 +pki_pkcs12_password=Secret123 +pki_security_domain_password=Secret123 +############################################################################### +## 'Common' Data: ## +## ## +## Values in this section are common to more than one PKI subsystem, and ## +## contain required information which MAY be overridden by users as ## +## necessary. ## +## ## +## NOTE: Default values will be generated for any and all required ## +## 'common' data values which are left undefined. ## +############################################################################### +[Common] +pki_admin_cert_request_type=crmf +pki_admin_domain_name= +pki_admin_dualkey=False +pki_admin_email= +pki_admin_keysize=2048 +pki_admin_name=admin +pki_admin_nickname= +pki_admin_subject_dn= +pki_admin_uid=admin +pki_audit_group=pkiaudit +pki_audit_signing_key_algorithm=SHA256withRSA +pki_audit_signing_key_size=2048 +pki_audit_signing_key_type=rsa +pki_audit_signing_nickname= +pki_audit_signing_signing_algorithm=SHA256withRSA +pki_audit_signing_subject_dn= +pki_audit_signing_token= +pki_backup_file= +pki_backup_keys=False +pki_ds_base_dn= +pki_ds_bind_dn=cn=Directory Manager +pki_ds_database= +pki_ds_hostname= +pki_ds_ldap_port=389 +pki_ds_ldaps_port=636 +pki_ds_remove_data=True +pki_ds_secure_connection=False +pki_group=pkiuser +pki_security_domain_hostname= +pki_security_domain_https_port=8443 +pki_security_domain_name=EXAMPLE +pki_security_domain_user=admin +pki_ssl_server_key_algorithm=SHA256withRSA +pki_ssl_server_key_size=2048 +pki_ssl_server_key_type=rsa +pki_ssl_server_nickname= +pki_ssl_server_subject_dn= +pki_ssl_server_token= +pki_subsystem_key_algorithm=SHA256withRSA +pki_subsystem_key_size=2048 +pki_subsystem_key_type=rsa +pki_subsystem_nickname= +pki_subsystem_subject_dn= +pki_subsystem_token= +pki_user=pkiuser +############################################################################### +## 'Apache' Data: ## +## ## +## Values in this section are common to PKI subsystems that run ## +## as an instance of 'Apache' (RA and TPS subsystems), and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[Apache] +pki_instance_name=apache +pki_http_port=80 +pki_https_port=443 +############################################################################### +## 'Tomcat' Data: ## +## ## +## Values in this section are common to PKI subsystems that run ## +## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## +## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## +## required information which MAY be overridden by users as necessary. ## +## ## +## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## +## or a 'TKS Clone', change the value of 'pki_clone' ## +## from 'False' to 'True'. ## +## ## +## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## +## are MUTUALLY EXCLUSIVE entities!!! ## +############################################################################### +[Tomcat] +pki_ajp_port=8010 +pki_clone=False +pki_enable_java_debugger=False +pki_http_port=8013 +pki_https_port=8015 +pki_instance_name=pki-master +pki_proxy_http_port= +pki_proxy_https_port= +pki_security_manager=false +pki_tomcat_server_port=8019 +############################################################################### +## 'CA' Data: ## +## ## +## Values in this section are common to CA subsystems including 'PKI CAs', ## +## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ## +## required information which MAY be overridden by users as necessary. ## +## ## +## EXTERNAL CAs: To specify an 'External CA', change the value ## +## of 'pki_external' from 'False' to 'True'. ## +## ## +## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ## +## of 'pki_subordinate' from 'False' to 'True'. ## +## ## +## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## +## are MUTUALLY EXCLUSIVE entities!!! ## +############################################################################### +[CA] +pki_ca_signing_key_algorithm=SHA256withRSA +pki_ca_signing_key_size=2048 +pki_ca_signing_key_type=rsa +pki_ca_signing_nickname= +pki_ca_signing_signing_algorithm=SHA256withRSA +pki_ca_signing_subject_dn= +pki_ca_signing_token= +pki_external=False +pki_ocsp_signing_key_algorithm=SHA256withRSA +pki_ocsp_signing_key_size=2048 +pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= +pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= +pki_subordinate=False +pki_subsystem=CA +pki_subsystem_name= +pki_war_name=ca.war +############################################################################### +## 'KRA' Data: ## +## ## +## Values in this section are common to KRA subsystems ## +## including 'PKI KRAs' and 'Cloned KRAs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[KRA] +pki_storage_key_algorithm=SHA256withRSA +pki_storage_key_size=2048 +pki_storage_key_type=rsa +pki_storage_nickname= +pki_storage_signing_algorithm=SHA256withRSA +pki_storage_subject_dn= +pki_storage_token= +pki_subsystem=KRA +pki_subsystem_name= +pki_transport_key_algorithm=SHA256withRSA +pki_transport_key_size=2048 +pki_transport_key_type=rsa +pki_transport_nickname= +pki_transport_signing_algorithm=SHA256withRSA +pki_transport_subject_dn= +pki_transport_token= +pki_war_name=kra.war +############################################################################### +## 'OCSP' Data: ## +## ## +## Values in this section are common to OCSP subsystems ## +## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[OCSP] +pki_ocsp_signing_key_algorithm=SHA256withRSA +pki_ocsp_signing_key_size=2048 +pki_ocsp_signing_key_type=rsa +pki_ocsp_signing_nickname= +pki_ocsp_signing_signing_algorithm=SHA256withRSA +pki_ocsp_signing_subject_dn= +pki_ocsp_signing_token= +pki_subordinate=False +pki_subsystem=OCSP +pki_subsystem_name= +pki_war_name=ocsp.war +############################################################################### +## 'RA' Data: ## +## ## +## Values in this section are common to PKI RA subsystems, and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[RA] +pki_subsystem=RA +pki_subsystem_name= +############################################################################### +## 'TKS' Data: ## +## ## +## Values in this section are common to TKS subsystems ## +## including 'PKI TKSs' and 'Cloned TKSs', and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[TKS] +pki_subsystem=TKS +pki_subsystem_name= +pki_war_name=tks.war +############################################################################### +## 'TPS' Data: ## +## ## +## Values in this section are common to PKI TPS subsystems, and contain ## +## required information which MAY be overridden by users as necessary. ## +############################################################################### +[TPS] +pki_subsystem=TPS +pki_subsystem_name= diff --git a/scripts/certs-import.sh b/scripts/certs-import.sh index 7b98b29..6c25805 100755 --- a/scripts/certs-import.sh +++ b/scripts/certs-import.sh @@ -5,8 +5,11 @@ FIREFOX_DIR=~/.mozilla/firefox PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` -pk12util -i $SRC_DIR/pki-dev/certs/ca/ca-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123 +input=$SRC_DIR/pki-dev/certs/ca/ca-client-certs.p12 +input=/tmp/pki-master_client/ca_admin_cert.p12 + +pk12util -i $input -d $FIREFOX_DIR/$PROFILE -W Secret123 certutil -M -n $CA_ADMIN_NAME -t u,u,u -d $FIREFOX_DIR/$PROFILE -pk12util -i $SRC_DIR/pki-dev/certs/kra/kra-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123 -certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE +#pk12util -i $SRC_DIR/pki-dev/certs/kra/kra-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123 +#certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE diff --git a/scripts/clean.sh b/scripts/clean.sh new file mode 100755 index 0000000..dc3724d --- /dev/null +++ b/scripts/clean.sh @@ -0,0 +1,19 @@ +#!/bin/sh -x + +SRC_DIR=`cd ../.. ; pwd` + +cd $SRC_DIR/pki + +mkdir -p build +cd build + +cmake\ + -DCMAKE_VERBOSE_MAKEFILE=ON\ + -DCMAKE_INSTALL_PREFIX:PATH=/usr\ + -DLIB_INSTALL_DIR:PATH=/usr/lib64\ + -DSYSCONF_INSTALL_DIR:PATH=/etc\ + -DSHARE_INSTALL_PREFIX:PATH=/usr/share\ + -DLIB_SUFFIX=64\ + .. + +make clean-dist clean-cmake diff --git a/scripts/ds-create.sh b/scripts/ds-create.sh index 7a8dfb1..ee68802 100755 --- a/scripts/ds-create.sh +++ b/scripts/ds-create.sh @@ -8,4 +8,4 @@ setup-ds.pl --silent --\ slapd.ServerIdentifier=pki-master\ slapd.Suffix=dc=example,dc=com\ slapd.RootDN="cn=Directory Manager"\ - slapd.RootDNPwd=Secret123\ + slapd.RootDNPwd=Secret123 diff --git a/scripts/jarfinder.sh b/scripts/jarfinder.sh new file mode 100755 index 0000000..5db604c --- /dev/null +++ b/scripts/jarfinder.sh @@ -0,0 +1,19 @@ +#!/bin/sh + +dir=$1 +class=$2 + +echo Searching for $class in $dir + +for file in `find $dir -name '*.jar'` +do + echo -n Checking $file... + result=`jar tvf $file | grep $class` + if [ "$result" ] + then + echo found! + jar tvf $file | grep $class + else + echo + fi +done |