summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rwxr-xr-xscripts/ca-cert-export.sh16
-rwxr-xr-xscripts/ca-certs.sh4
-rw-r--r--scripts/ca-clone.cfg28
-rw-r--r--scripts/ca-master.cfg17
-rwxr-xr-xscripts/ca-rebuild.sh7
-rwxr-xr-xscripts/ca-remove.sh2
-rwxr-xr-xscripts/ca-run.sh3
-rwxr-xr-xscripts/ca-start.sh2
-rwxr-xr-xscripts/ca-stop.sh2
-rwxr-xr-xscripts/ca-test.sh27
-rwxr-xr-xscripts/drm-java-test.sh5
-rwxr-xr-xscripts/drm-python-test.sh27
-rwxr-xr-xscripts/firefox-certs-import.sh58
-rwxr-xr-xscripts/firefox-certs-remove.sh14
-rwxr-xr-xscripts/firefox-certs.sh (renamed from scripts/firefox-certs-list.sh)10
-rwxr-xr-xscripts/kra-certs.sh5
-rwxr-xr-xscripts/kra-create.sh28
-rw-r--r--scripts/kra-master.cfg232
-rwxr-xr-xscripts/kra-remove.sh14
-rwxr-xr-xscripts/kra-restart.sh3
-rwxr-xr-xscripts/kra-run.sh3
-rwxr-xr-xscripts/kra-start.sh2
-rwxr-xr-xscripts/kra-stop.sh2
23 files changed, 384 insertions, 127 deletions
diff --git a/scripts/ca-cert-export.sh b/scripts/ca-cert-export.sh
deleted file mode 100755
index bdfa377..0000000
--- a/scripts/ca-cert-export.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh -x
-
-. ./ca-include.sh
-
-SRC_DIR=`cd ../.. ; pwd`
-INSTANCE_NAME=pki-master
-
-FIREFOX_DIR=~/.mozilla/firefox
-PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
-
-CLIENT_CERT_DIR=$SRC_DIR/certs/$INSTANCE_NAME
-CLIENT_CERT_PASSWORD=$CLIENT_CERT_DIR/password.txt
-CLIENT_CERT_PK12=$CLIENT_CERT_DIR/admin.p12
-
-echo $PASSWORD > $CLIENT_CERT_PASSWORD
-PKCS12Export -d "$CLIENT_CERT_DIR" -o "$CLIENT_CERT_PK12" -p "$CLIENT_CERT_PASSWORD" -w "$CLIENT_CERT_PASSWORD"
diff --git a/scripts/ca-certs.sh b/scripts/ca-certs.sh
index a340966..7e5ce68 100755
--- a/scripts/ca-certs.sh
+++ b/scripts/ca-certs.sh
@@ -1,5 +1,5 @@
#!/bin/sh -x
-CLIENT_DIR=/tmp/pki-master_client
+INSTANCE_DIR=/var/lib/pki/ca-master
-certutil -L -d $CLIENT_DIR/alias -w `cat $CLIENT_DIR/password.conf`
+certutil -L -d $INSTANCE_DIR/alias
diff --git a/scripts/ca-clone.cfg b/scripts/ca-clone.cfg
index 7d0c6eb..9bea41a 100644
--- a/scripts/ca-clone.cfg
+++ b/scripts/ca-clone.cfg
@@ -30,12 +30,12 @@ pki_token_password=Secret123
pki_admin_cert_request_type=crmf
pki_admin_domain_name=
pki_admin_dualkey=False
-pki_admin_email=admin@example.com
+pki_admin_email=caadmin@example.com
pki_admin_keysize=2048
-pki_admin_name=admin
-pki_admin_nickname=admin
+pki_admin_name=caadmin
+pki_admin_nickname=caadmin
pki_admin_subject_dn=
-pki_admin_uid=admin
+pki_admin_uid=caadmin
pki_audit_group=pkiaudit
pki_audit_signing_key_algorithm=SHA256withRSA
pki_audit_signing_key_size=2048
@@ -45,15 +45,15 @@ pki_audit_signing_signing_algorithm=SHA256withRSA
pki_audit_signing_subject_dn=
pki_audit_signing_token=
pki_backup_keys=False
-pki_client_database_dir=../../certs/pki-clone
+pki_client_database_dir=../../certs/ca-clone
pki_client_database_purge=False
pki_client_dir=
-pki_ds_base_dn=dc=pki-clone,dc=example,dc=com
+pki_ds_base_dn=dc=ca-clone,dc=example,dc=com
pki_ds_bind_dn=cn=Directory Manager
pki_ds_database=
pki_ds_hostname=
-pki_ds_ldap_port=390
-pki_ds_ldaps_port=637
+pki_ds_ldap_port=389
+pki_ds_ldaps_port=636
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_group=pkiuser
@@ -61,7 +61,7 @@ pki_restart_configured_instance=True
pki_security_domain_hostname=
pki_security_domain_https_port=8443
pki_security_domain_name=EXAMPLE
-pki_security_domain_user=admin
+pki_security_domain_user=caadmin
pki_ssl_server_key_algorithm=SHA256withRSA
pki_ssl_server_key_size=2048
pki_ssl_server_key_type=rsa
@@ -103,20 +103,20 @@ pki_https_port=443
## are MUTUALLY EXCLUSIVE entities!!! ##
###############################################################################
[Tomcat]
-pki_ajp_port=8010
+pki_ajp_port=9009
pki_clone=False
pki_clone_pkcs12_path=
pki_clone_replication_security=None
pki_clone_uri=
pki_enable_java_debugger=False
pki_enable_proxy=False
-pki_http_port=8013
-pki_https_port=8015
-pki_instance_name=pki-clone
+pki_http_port=9080
+pki_https_port=9443
+pki_instance_name=ca-clone
pki_proxy_http_port=80
pki_proxy_https_port=443
pki_security_manager=false
-pki_tomcat_server_port=8019
+pki_tomcat_server_port=9005
###############################################################################
## 'CA' Data: ##
## ##
diff --git a/scripts/ca-master.cfg b/scripts/ca-master.cfg
index 477dd2a..b634c1d 100644
--- a/scripts/ca-master.cfg
+++ b/scripts/ca-master.cfg
@@ -30,12 +30,12 @@ pki_token_password=Secret123
pki_admin_cert_request_type=crmf
pki_admin_domain_name=
pki_admin_dualkey=False
-pki_admin_email=admin@example.com
+pki_admin_email=caadmin@example.com
pki_admin_keysize=2048
-pki_admin_name=admin
-pki_admin_nickname=admin
+pki_admin_name=caadmin
+pki_admin_nickname=caadmin
pki_admin_subject_dn=
-pki_admin_uid=admin
+pki_admin_uid=caadmin
pki_audit_group=pkiaudit
pki_audit_signing_key_algorithm=SHA256withRSA
pki_audit_signing_key_size=2048
@@ -45,10 +45,10 @@ pki_audit_signing_signing_algorithm=SHA256withRSA
pki_audit_signing_subject_dn=
pki_audit_signing_token=
pki_backup_keys=False
-pki_client_database_dir=../../certs/pki-master
+pki_client_database_dir=../../certs/ca-master
pki_client_database_purge=False
pki_client_dir=
-pki_ds_base_dn=dc=pki-master,dc=example,dc=com
+pki_ds_base_dn=dc=ca-master,dc=example,dc=com
pki_ds_bind_dn=cn=Directory Manager
pki_ds_database=
pki_ds_hostname=
@@ -57,11 +57,12 @@ pki_ds_ldaps_port=636
pki_ds_remove_data=True
pki_ds_secure_connection=False
pki_group=pkiuser
+pki_issuing_ca=
pki_restart_configured_instance=True
pki_security_domain_hostname=
pki_security_domain_https_port=8443
pki_security_domain_name=EXAMPLE
-pki_security_domain_user=admin
+pki_security_domain_user=caadmin
pki_ssl_server_key_algorithm=SHA256withRSA
pki_ssl_server_key_size=2048
pki_ssl_server_key_type=rsa
@@ -112,7 +113,7 @@ pki_enable_java_debugger=False
pki_enable_proxy=False
pki_http_port=8080
pki_https_port=8443
-pki_instance_name=pki-master
+pki_instance_name=ca-master
pki_proxy_http_port=80
pki_proxy_https_port=443
pki_security_manager=false
diff --git a/scripts/ca-rebuild.sh b/scripts/ca-rebuild.sh
index 82a781c..1824368 100755
--- a/scripts/ca-rebuild.sh
+++ b/scripts/ca-rebuild.sh
@@ -1,12 +1,7 @@
#!/bin/sh -x
-./firefox-certs-remove.sh
./ca-remove.sh
-./core-uninstall.sh
-./core-remove-rpms.sh
-./core-build.sh
+./core-rebuild.sh
-./core-install.sh
./ca-create.sh
-./firefox-certs-import.sh
diff --git a/scripts/ca-remove.sh b/scripts/ca-remove.sh
index 6c90c78..404767d 100755
--- a/scripts/ca-remove.sh
+++ b/scripts/ca-remove.sh
@@ -1,7 +1,7 @@
#!/bin/sh -x
SRC_DIR=`cd ../.. ; pwd`
-INSTANCE_NAME=pki-master
+INSTANCE_NAME=ca-master
pkidestroy -s CA -i $INSTANCE_NAME
diff --git a/scripts/ca-run.sh b/scripts/ca-run.sh
new file mode 100755
index 0000000..75603b1
--- /dev/null
+++ b/scripts/ca-run.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+java -agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n -classpath :/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/ca-master -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/ca-master/temp -Djava.util.logging.config.file=/var/lib/pki/ca-master/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
diff --git a/scripts/ca-start.sh b/scripts/ca-start.sh
index e417e03..93f1595 100755
--- a/scripts/ca-start.sh
+++ b/scripts/ca-start.sh
@@ -1,3 +1,3 @@
#!/bin/sh -x
-systemctl start pki-tomcatd@pki-master.service
+systemctl start pki-tomcatd@ca-master.service
diff --git a/scripts/ca-stop.sh b/scripts/ca-stop.sh
index 59be94a..fc7166e 100755
--- a/scripts/ca-stop.sh
+++ b/scripts/ca-stop.sh
@@ -1,3 +1,3 @@
#!/bin/sh -x
-systemctl stop pki-tomcatd@pki-master.service
+systemctl stop pki-tomcatd@ca-master.service
diff --git a/scripts/ca-test.sh b/scripts/ca-test.sh
index 16e8f06..31fc717 100755
--- a/scripts/ca-test.sh
+++ b/scripts/ca-test.sh
@@ -1,22 +1,22 @@
#!/bin/sh -x
SRC_DIR=`cd ../.. ; pwd`
+CERTS=$SRC_DIR/certs
-INSTANCE_NAME=pki-master
-TEST_DIR=/tmp/${INSTANCE_NAME}_client
-CLIENT_CERT_DB=$TEST_DIR/alias
-SERVER_CERT_DB=/var/lib/pki/$INSTANCE_NAME/alias
+INSTANCE_NAME=ca-master
+CLIENT_CERT_DIR=$CERTS/$INSTANCE_NAME
+SERVER_CERT_DIR=/var/lib/pki/$INSTANCE_NAME/alias
CERT_NAME="caSigningCert cert-${INSTANCE_NAME}"
-# Add admin to RA agent group
-pki -p 8013 -u admin -w Secret123 group-add-member "Registration Manager Agents" admin
+# add admin to RA agent group
+pki -u caadmin -w Secret123 group-add-member "Registration Manager Agents" caadmin
-# Export CA cert
-certutil -L -d $SERVER_CERT_DB -n "$CERT_NAME" -a > $TEST_DIR/ca.pem
-AtoB $TEST_DIR/ca.pem $TEST_DIR/ca.crt
+# export CA cert
+certutil -L -d $SERVER_CERT_DIR -n "$CERT_NAME" -a > $CERTS/ca.pem
+AtoB $CERTS/ca.pem $CERTS/ca.crt
-# Import CA cert
-certutil -A -d $CLIENT_CERT_DB -n "$CERT_NAME" -i $TEST_DIR/ca.pem -t CT,c,c
+# import CA cert
+certutil -A -d $CLIENT_CERT_DIR -n "$CERT_NAME" -i $CERTS/ca.pem -t CT,c,c
CLASSPATH=$SRC_DIR/pki/build/classes
CLASSPATH=$CLASSPATH:/usr/lib64/java/jss4.jar
@@ -34,6 +34,5 @@ CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-jaxrs.jar
CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-jaxb-provider.jar
CLASSPATH=$CLASSPATH:/usr/share/java/servlet.jar
-# Run CA test
-CLIENT_CERT_PASSWORD=`cat $TEST_DIR/password.conf`
-java -classpath $CLASSPATH com.netscape.cms.servlet.test.CATest -h localhost -p 8015 -s true -d $CLIENT_CERT_DB -w $CLIENT_CERT_PASSWORD -c "admin"
+# run CA test
+java -classpath $CLASSPATH com.netscape.cms.servlet.test.CATest -h localhost -p 8443 -s true -d $CLIENT_CERT_DIR -w Secret123 -c "caadmin"
diff --git a/scripts/drm-java-test.sh b/scripts/drm-java-test.sh
index a8cb7b9..80fcef5 100755
--- a/scripts/drm-java-test.sh
+++ b/scripts/drm-java-test.sh
@@ -2,6 +2,9 @@
SRC_DIR=`cd ../.. ; pwd`
+INSTANCE_NAME=kra-master
+CLIENT_CERT_DIR=$SRC_DIR/certs/$INSTANCE_NAME
+
CLASSPATH=$SRC_DIR/pki/build/classes
CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-cli.jar
CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-logging.jar
@@ -17,4 +20,4 @@ CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-jaxrs.jar
CLASSPATH=$CLASSPATH:/usr/share/java/resteasy/resteasy-jaxb-provider.jar
CLASSPATH=$CLASSPATH:/usr/share/java/servlet.jar
-java -classpath $CLASSPATH com.netscape.cms.servlet.test.DRMTest -h localhost -p 10180 -w Secret123 -d /tmp/drmtest
+java -classpath $CLASSPATH com.netscape.cms.servlet.test.DRMTest -h localhost -p 12080 -w Secret123 -d $CLIENT_CERT_DIR
diff --git a/scripts/drm-python-test.sh b/scripts/drm-python-test.sh
index 0a54c9f..873d5d9 100755
--- a/scripts/drm-python-test.sh
+++ b/scripts/drm-python-test.sh
@@ -2,26 +2,29 @@
SRC_DIR=`cd ../.. ; pwd`
-TEST_DIR=/tmp/drmtest
-CERT_NAME="transportCert cert-pki-kra"
+INSTANCE_NAME=kra-master
+CLIENT_CERT_DIR=$SRC_DIR/certs/$INSTANCE_NAME
+SERVER_CERT_DIR=/var/lib/pki/$INSTANCE_NAME
+CERT_NAME="transportCert cert-$INSTANCE_NAME"
CLASSPATH=$SRC_DIR/pki/build/classes
CLASSPATH=$CLASSPATH:/usr/share/java/apache-commons-cli.jar
CLASSPATH=$CLASSPATH:/usr/lib64/java/jss4.jar
CLASSPATH=$CLASSPATH:/usr/share/java/commons-codec.jar
-rm -rf $TEST_DIR
-mkdir -p $TEST_DIR
+#echo Secret123 > $CLIENT_CERT_DIR/password.txt
+#certutil -N -d $CLIENT_CERT_DIR -f $CLIENT_CERT_DIR/password.txt
-echo Secret123 > $TEST_DIR/pwfile.txt
-certutil -N -d $TEST_DIR -f $TEST_DIR/pwfile.txt
+# export transport certificate
+certutil -L -d $SERVER_CERT_DIR/alias -n "$CERT_NAME" -a > $CLIENT_CERT_DIR/transport.pem
+AtoB $CLIENT_CERT_DIR/transport.pem $CLIENT_CERT_DIR/transport.crt
-certutil -L -d /var/lib/pki-kra/alias -n "$CERT_NAME" -a > $TEST_DIR/transport.pem
-AtoB $TEST_DIR/transport.pem $TEST_DIR/transport.crt
+# import transport certificate
+certutil -A -d $CLIENT_CERT_DIR -n "$CERT_NAME" -i $CLIENT_CERT_DIR/transport.pem -t u,u,u
-certutil -A -d $TEST_DIR -n "$CERT_NAME" -i $TEST_DIR/transport.pem -t u,u,u
-
-java -classpath $CLASSPATH com.netscape.cms.servlet.test.GeneratePKIArchiveOptions -d $TEST_DIR -k $TEST_DIR/symkey.out -o $TEST_DIR/options.out -t $TEST_DIR/transport.crt -w Secret123
+# generate options
+java -classpath $CLASSPATH com.netscape.cms.servlet.test.GeneratePKIArchiveOptions -d $CLIENT_CERT_DIR -k $CLIENT_CERT_DIR/symkey.out -o $CLIENT_CERT_DIR/options.out -t $CLIENT_CERT_DIR/transport.crt -w Secret123
+# run KRA test
cd $SRC_DIR/pki/base/kra/functional
-python drmclient.py -d $TEST_DIR --options=options.out --symkey=symkey.out -p 10180 -n "$CERT_NAME"
+python drmclient.py -d $CLIENT_CERT_DIR --options=options.out --symkey=symkey.out -p 12080 -n "$CERT_NAME"
diff --git a/scripts/firefox-certs-import.sh b/scripts/firefox-certs-import.sh
index af25540..0ea1984 100755
--- a/scripts/firefox-certs-import.sh
+++ b/scripts/firefox-certs-import.sh
@@ -1,22 +1,56 @@
#!/bin/sh -x
-. ./ca-include.sh
+user=$1
+
+if [ "$user" == "" ]; then
+ home=$HOME
+else
+ home=/home/$user
+fi
+
+echo HOME=$home
SRC_DIR=`cd ../.. ; pwd`
-INSTANCE_NAME=pki-master
+CERTS=$SRC_DIR/certs
-FIREFOX_DIR=~/.mozilla/firefox
+FIREFOX_DIR=$home/.mozilla/firefox
PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
-CLIENT_CERT_DIR=$SRC_DIR/certs/$INSTANCE_NAME
-CLIENT_CERT_PASSWORD=$CLIENT_CERT_DIR/password.txt
-CLIENT_CERT_PK12=$CLIENT_CERT_DIR/admin.p12
+CA_INSTANCE_NAME=ca-master
+KRA_INSTANCE_NAME=kra-master
+
+################################################################################
+# Importing CA certificate
+################################################################################
+
+CA_CERT_NAME="caSigningCert cert-$CA_INSTANCE_NAME"
+CA_CERT_DIR=/var/lib/pki/$CA_INSTANCE_NAME/alias
+
+# export CA cert
+certutil -L -d $CA_CERT_DIR -n "$CA_CERT_NAME" -a > $CERTS/ca.pem
+AtoB $CERTS/ca.pem $CERTS/ca.crt
+
+# import CA cert
+certutil -A -d $FIREFOX_DIR/$PROFILE -n "$CA_CERT_NAME" -i $CERTS/ca.pem -t CT,C,C
+
+################################################################################
+# Importing CA admin certificate
+################################################################################
+
+CA_CERT_DIR=/var/lib/pki/$CA_INSTANCE_NAME/alias
+CA_CERT_P12=$CA_CERT_DIR/ca_admin_cert.p12
+
+# import CA admin cert
+pk12util -i $CA_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
+certutil -M -n caadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE
-echo $PASSWORD > $CLIENT_CERT_PASSWORD
-PKCS12Export -d "$CLIENT_CERT_DIR" -o "$CLIENT_CERT_PK12" -p "$CLIENT_CERT_PASSWORD" -w "$CLIENT_CERT_PASSWORD"
+################################################################################
+# Importing KRA admin certificate
+################################################################################
-pk12util -i $CLIENT_CERT_PK12 -d $FIREFOX_DIR/$PROFILE -w $CLIENT_CERT_PASSWORD
-certutil -M -n admin -t u,u,u -d $FIREFOX_DIR/$PROFILE
+KRA_CERT_DIR=/var/lib/pki/$KRA_INSTANCE_NAME/alias
+KRA_CERT_P12=$KRA_CERT_DIR/kra_admin_cert.p12
-#pk12util -i $SRC_DIR/pki-dev/certs/kra/kra-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123
-#certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE
+# import KRA admin cert
+pk12util -i $KRA_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
+certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE
diff --git a/scripts/firefox-certs-remove.sh b/scripts/firefox-certs-remove.sh
index 907e8ed..71a6630 100755
--- a/scripts/firefox-certs-remove.sh
+++ b/scripts/firefox-certs-remove.sh
@@ -1,16 +1,22 @@
#!/bin/sh -x
-. ./ca-include.sh
+user=$1
-FIREFOX_DIR=~/.mozilla/firefox
+if [ "$user" == "" ]; then
+ home=$HOME
+else
+ home=/home/$user
+fi
+
+FIREFOX_DIR=$home/.mozilla/firefox
PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
cd $FIREFOX_DIR/$PROFILE
certutil -D -n "admin" -d .
-certutil -D -n "$CA_ADMIN_NAME" -d .
+certutil -D -n "caadmin" -d .
certutil -D -n "kraadmin" -d .
-certutil -D -n "$CA_SUBSYSTEM_NAME - $REALM" -d .
+certutil -D -n "caSigningCert cert-ca-master" -d .
certutil -D -n "$HOSTNAME" -d .
certutil -D -n "$HOSTNAME #2" -d .
certutil -D -n "$HOSTNAME #3" -d .
diff --git a/scripts/firefox-certs-list.sh b/scripts/firefox-certs.sh
index bb14fb2..4691a0c 100755
--- a/scripts/firefox-certs-list.sh
+++ b/scripts/firefox-certs.sh
@@ -1,6 +1,14 @@
#!/bin/sh -x
-FIREFOX_DIR=~/.mozilla/firefox
+user=$1
+
+if [ "$user" == "" ]; then
+ home=$HOME
+else
+ home=/home/$user
+fi
+
+FIREFOX_DIR=$home/.mozilla/firefox
PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
certutil -L -d $FIREFOX_DIR/$PROFILE
diff --git a/scripts/kra-certs.sh b/scripts/kra-certs.sh
new file mode 100755
index 0000000..e443b22
--- /dev/null
+++ b/scripts/kra-certs.sh
@@ -0,0 +1,5 @@
+#!/bin/sh -x
+
+INSTANCE_DIR=/var/lib/pki/kra-master
+
+certutil -L -d $INSTANCE_DIR/alias
diff --git a/scripts/kra-create.sh b/scripts/kra-create.sh
index 77a4d86..7bd0686 100755
--- a/scripts/kra-create.sh
+++ b/scripts/kra-create.sh
@@ -1,29 +1,3 @@
#!/bin/sh -x
-SRC_DIR=`cd ../.. ; pwd`
-
-INSTANCE_NAME=pki-kra
-
-pkicreate -pki_instance_root=/var/lib \
- -pki_instance_name=$INSTANCE_NAME \
- -subsystem_type=kra \
- -secure_port=10443 \
- -unsecure_port=10180 \
- -tomcat_server_port=10701 \
- -user=pkiuser \
- -group=pkiuser \
- -audit_group=pkiaudit \
- -redirect conf=/etc/$INSTANCE_NAME \
- -redirect logs=/var/log/$INSTANCE_NAME \
- -verbose
-
-cd /var/lib/$INSTANCE_NAME
-
-ln -s /usr/share/tomcat6/bin bin
-ln -s /usr/share/tomcat6/lib lib
-rm -f webapps/kra/WEB-INF/lib/pki-*
-
-rm -rf webapps/kra/WEB-INF/classes
-ln -s $SRC_DIR/pki/build/classes webapps/kra/WEB-INF
-
-systemctl restart pki-krad@$INSTANCE_NAME.service
+pkispawn -f kra-master.cfg -s KRA -v
diff --git a/scripts/kra-master.cfg b/scripts/kra-master.cfg
new file mode 100644
index 0000000..8fcfb38
--- /dev/null
+++ b/scripts/kra-master.cfg
@@ -0,0 +1,232 @@
+###############################################################################
+## 'Sensitive' Data: ##
+## ##
+## Values in this section pertain to various PKI subsystems, and contain ##
+## required 'sensitive' information which MUST ALWAYS be provided by users. ##
+## ##
+## IMPORTANT: Sensitive data values must NEVER be displayed to the ##
+## console NOR stored in log files!!! ##
+###############################################################################
+[Sensitive]
+pki_admin_password=Secret123
+pki_backup_password=Secret123
+pki_client_database_password=Secret123
+pki_client_pkcs12_password=Secret123
+pki_clone_pkcs12_password=Secret123
+pki_ds_password=Secret123
+pki_security_domain_password=Secret123
+pki_token_password=Secret123
+###############################################################################
+## 'Common' Data: ##
+## ##
+## Values in this section are common to more than one PKI subsystem, and ##
+## contain required information which MAY be overridden by users as ##
+## necessary. ##
+## ##
+## NOTE: Default values will be generated for any and all required ##
+## 'common' data values which are left undefined. ##
+###############################################################################
+[Common]
+pki_admin_cert_request_type=crmf
+pki_admin_domain_name=
+pki_admin_dualkey=False
+pki_admin_email=kraadmin@example.com
+pki_admin_keysize=2048
+pki_admin_name=kraadmin
+pki_admin_nickname=kraadmin
+pki_admin_subject_dn=
+pki_admin_uid=kraadmin
+pki_audit_group=pkiaudit
+pki_audit_signing_key_algorithm=SHA256withRSA
+pki_audit_signing_key_size=2048
+pki_audit_signing_key_type=rsa
+pki_audit_signing_nickname=
+pki_audit_signing_signing_algorithm=SHA256withRSA
+pki_audit_signing_subject_dn=
+pki_audit_signing_token=
+pki_backup_keys=False
+pki_client_database_dir=../../certs/kra-master
+pki_client_database_purge=False
+pki_client_dir=
+pki_ds_base_dn=dc=kra-master,dc=example,dc=com
+pki_ds_bind_dn=cn=Directory Manager
+pki_ds_database=
+pki_ds_hostname=
+pki_ds_ldap_port=389
+pki_ds_ldaps_port=636
+pki_ds_remove_data=True
+pki_ds_secure_connection=False
+pki_group=pkiuser
+pki_issuing_ca=
+pki_restart_configured_instance=True
+pki_security_domain_hostname=
+pki_security_domain_https_port=8443
+pki_security_domain_name=EXAMPLE
+pki_security_domain_user=caadmin
+pki_ssl_server_key_algorithm=SHA256withRSA
+pki_ssl_server_key_size=2048
+pki_ssl_server_key_type=rsa
+pki_ssl_server_nickname=
+pki_ssl_server_subject_dn=
+pki_ssl_server_token=
+pki_subsystem_key_algorithm=SHA256withRSA
+pki_subsystem_key_size=2048
+pki_subsystem_key_type=rsa
+pki_subsystem_nickname=
+pki_subsystem_subject_dn=
+pki_subsystem_token=
+pki_token_name=internal
+pki_user=pkiuser
+###############################################################################
+## 'Apache' Data: ##
+## ##
+## Values in this section are common to PKI subsystems that run ##
+## as an instance of 'Apache' (RA and TPS subsystems), and contain ##
+## required information which MAY be overridden by users as necessary. ##
+###############################################################################
+[Apache]
+pki_instance_name=pki-apache
+pki_http_port=80
+pki_https_port=443
+###############################################################################
+## 'Tomcat' Data: ##
+## ##
+## Values in this section are common to PKI subsystems that run ##
+## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ##
+## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ##
+## required information which MAY be overridden by users as necessary. ##
+## ##
+## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ##
+## or a 'TKS Clone', change the value of 'pki_clone' ##
+## from 'False' to 'True'. ##
+## ##
+## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
+## are MUTUALLY EXCLUSIVE entities!!! ##
+###############################################################################
+[Tomcat]
+pki_ajp_port=12009
+pki_clone=False
+pki_clone_pkcs12_path=
+pki_clone_replication_security=None
+pki_clone_uri=
+pki_enable_java_debugger=False
+pki_enable_proxy=False
+pki_http_port=12080
+pki_https_port=12443
+pki_instance_name=kra-master
+pki_proxy_http_port=80
+pki_proxy_https_port=443
+pki_security_manager=false
+pki_tomcat_server_port=12005
+###############################################################################
+## 'CA' Data: ##
+## ##
+## Values in this section are common to CA subsystems including 'PKI CAs', ##
+## 'Cloned CAs', 'Subordinate CAs', and 'External CAs', and contain ##
+## required information which MAY be overridden by users as necessary. ##
+## ##
+## EXTERNAL CAs: To specify an 'External CA', change the value ##
+## of 'pki_external' from 'False' to 'True'. ##
+## ##
+## SUBORDINATE CAs: To specify a 'Subordinate CA', change the value ##
+## of 'pki_subordinate' from 'False' to 'True'. ##
+## ##
+## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ##
+## are MUTUALLY EXCLUSIVE entities!!! ##
+###############################################################################
+[CA]
+pki_ca_signing_key_algorithm=SHA256withRSA
+pki_ca_signing_key_size=2048
+pki_ca_signing_key_type=rsa
+pki_ca_signing_nickname=
+pki_ca_signing_signing_algorithm=SHA256withRSA
+pki_ca_signing_subject_dn=
+pki_ca_signing_token=
+pki_external=False
+pki_external_ca_cert_chain_path=
+pki_external_ca_cert_path=
+pki_external_csr_path=
+pki_external_step_two=False
+pki_ocsp_signing_key_algorithm=SHA256withRSA
+pki_ocsp_signing_key_size=2048
+pki_ocsp_signing_key_type=rsa
+pki_ocsp_signing_nickname=
+pki_ocsp_signing_signing_algorithm=SHA256withRSA
+pki_ocsp_signing_subject_dn=
+pki_ocsp_signing_token=
+pki_subordinate=False
+pki_subsystem=CA
+pki_subsystem_name=
+pki_war_file=ca.war
+###############################################################################
+## 'KRA' Data: ##
+## ##
+## Values in this section are common to KRA subsystems ##
+## including 'PKI KRAs' and 'Cloned KRAs', and contain ##
+## required information which MAY be overridden by users as necessary. ##
+###############################################################################
+[KRA]
+pki_storage_key_algorithm=SHA256withRSA
+pki_storage_key_size=2048
+pki_storage_key_type=rsa
+pki_storage_nickname=
+pki_storage_signing_algorithm=SHA256withRSA
+pki_storage_subject_dn=
+pki_storage_token=
+pki_subsystem=KRA
+pki_subsystem_name=
+pki_transport_key_algorithm=SHA256withRSA
+pki_transport_key_size=2048
+pki_transport_key_type=rsa
+pki_transport_nickname=
+pki_transport_signing_algorithm=SHA256withRSA
+pki_transport_subject_dn=
+pki_transport_token=
+pki_war_file=kra.war
+###############################################################################
+## 'OCSP' Data: ##
+## ##
+## Values in this section are common to OCSP subsystems ##
+## including 'PKI OCSPs' and 'Cloned OCSPs', and contain ##
+## required information which MAY be overridden by users as necessary. ##
+###############################################################################
+[OCSP]
+pki_ocsp_signing_key_algorithm=SHA256withRSA
+pki_ocsp_signing_key_size=2048
+pki_ocsp_signing_key_type=rsa
+pki_ocsp_signing_nickname=
+pki_ocsp_signing_signing_algorithm=SHA256withRSA
+pki_ocsp_signing_subject_dn=
+pki_ocsp_signing_token=
+pki_subsystem=OCSP
+pki_subsystem_name=
+pki_war_file=ocsp.war
+###############################################################################
+## 'RA' Data: ##
+## ##
+## Values in this section are common to PKI RA subsystems, and contain ##
+## required information which MAY be overridden by users as necessary. ##
+###############################################################################
+[RA]
+pki_subsystem=RA
+pki_subsystem_name=
+###############################################################################
+## 'TKS' Data: ##
+## ##
+## Values in this section are common to TKS subsystems ##
+## including 'PKI TKSs' and 'Cloned TKSs', and contain ##
+## required information which MAY be overridden by users as necessary. ##
+###############################################################################
+[TKS]
+pki_subsystem=TKS
+pki_subsystem_name=
+pki_war_file=tks.war
+###############################################################################
+## 'TPS' Data: ##
+## ##
+## Values in this section are common to PKI TPS subsystems, and contain ##
+## required information which MAY be overridden by users as necessary. ##
+###############################################################################
+[TPS]
+pki_subsystem=TPS
+pki_subsystem_name=
diff --git a/scripts/kra-remove.sh b/scripts/kra-remove.sh
index 3ddfa9d..1a08c91 100755
--- a/scripts/kra-remove.sh
+++ b/scripts/kra-remove.sh
@@ -1,7 +1,13 @@
#!/bin/sh -x
-INSTANCE_NAME=pki-kra
+SRC_DIR=`cd ../.. ; pwd`
+INSTANCE_NAME=kra-master
-pkiremove -pki_instance_root=/var/lib\
- -pki_instance_name=$INSTANCE_NAME\
- -force
+pkidestroy -s KRA -i $INSTANCE_NAME
+
+rm -rf /etc/pki/$INSTANCE_NAME
+rm -rf /etc/sysconfig/$INSTANCE_NAME
+rm -rf /etc/sysconfig/pki/tomcat/$INSTANCE_NAME
+rm -rf /var/lib/pki/$INSTANCE_NAME
+rm -rf /var/log/pki/$INSTANCE_NAME
+rm -rf $SRC_DIR/certs/$INSTANCE_NAME
diff --git a/scripts/kra-restart.sh b/scripts/kra-restart.sh
index 914945c..e53b6db 100755
--- a/scripts/kra-restart.sh
+++ b/scripts/kra-restart.sh
@@ -1,3 +1,4 @@
#!/bin/sh -x
-systemctl restart pki-krad@pki-kra.service
+./kra-stop.sh
+./kra-start.sh
diff --git a/scripts/kra-run.sh b/scripts/kra-run.sh
new file mode 100755
index 0000000..a83b102
--- /dev/null
+++ b/scripts/kra-run.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+java -agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n -classpath :/usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar:/usr/share/java/commons-daemon.jar -Dcatalina.base=/var/lib/pki/kra-master -Dcatalina.home=/usr/share/tomcat -Djava.endorsed.dirs= -Djava.io.tmpdir=/var/lib/pki/kra-master/temp -Djava.util.logging.config.file=/var/lib/pki/kra-master/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start
diff --git a/scripts/kra-start.sh b/scripts/kra-start.sh
index a66efc5..2776d23 100755
--- a/scripts/kra-start.sh
+++ b/scripts/kra-start.sh
@@ -1,3 +1,3 @@
#!/bin/sh -x
-systemctl start pki-krad@pki-kra.service
+systemctl start pki-tomcatd@kra-master.service
diff --git a/scripts/kra-stop.sh b/scripts/kra-stop.sh
index 1927603..e876dc0 100755
--- a/scripts/kra-stop.sh
+++ b/scripts/kra-stop.sh
@@ -1,3 +1,3 @@
#!/bin/sh -x
-systemctl stop pki-krad@pki-kra.service
+systemctl stop pki-tomcatd@kra-master.service
generated by cgit (git 2.34.1) at 2024-04-30 14:46:58 +0000