diff options
60 files changed, 1016 insertions, 0 deletions
diff --git a/dogtag-9.0/ca-certs.sh b/dogtag-9.0/ca-certs.sh new file mode 100755 index 0000000..449f532 --- /dev/null +++ b/dogtag-9.0/ca-certs.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +certutil -L -d /var/lib/pki-ca/alias + +certutil -L -d /var/lib/pki-ca/certs diff --git a/dogtag-9.0/ca-chaining.sh b/dogtag-9.0/ca-chaining.sh new file mode 100755 index 0000000..fb25fdd --- /dev/null +++ b/dogtag-9.0/ca-chaining.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +certutil -O -d /var/lib/pki-ca/alias -n "ocspSigningCert cert-pki-ca" +certutil -O -d /var/lib/pki-ca/certs -n "caadmin" diff --git a/dogtag-9.0/ca-configure.sh b/dogtag-9.0/ca-configure.sh new file mode 100755 index 0000000..42ed7d8 --- /dev/null +++ b/dogtag-9.0/ca-configure.sh @@ -0,0 +1,57 @@ +#!/bin/sh -x + +. ./ca-include.sh + +PIN=`grep preop.pin= $INSTANCE_ROOT/$CA_INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'` +NSSDB_PASSWORD=`grep internal= $INSTANCE_ROOT/$CA_INSTANCE_NAME/conf/password.conf | awk -F = '{ print $2; }'` + +CERTS=$INSTANCE_ROOT/$CA_INSTANCE_NAME/certs +rm -rf $CERTS +mkdir -p $CERTS +echo $PASSWORD > $CERTS/password.txt + +pkisilent ConfigureCA \ + -cs_hostname $HOSTNAME \ + -cs_port $CA_SECURE_PORT \ + -preop_pin $PIN \ + -client_certdb_dir "$CERTS" \ + -client_certdb_pwd "$PASSWORD" \ + -token_name "internal" \ + -domain_name "$REALM" \ + -subsystem_name "$CA_SUBSYSTEM_NAME" \ + -ldap_host "$CA_LDAP_HOST" \ + -ldap_port "$CA_LDAP_PORT" \ + -base_dn "$CA_LDAP_BASE_DN" \ + -db_name "$CA_LDAP_DATABASE" \ + -bind_dn "$CA_LDAP_BIND_DN" \ + -bind_password "$CA_LDAP_PASSWORD" \ + -remove_data true \ + -key_type rsa \ + -key_size 2048 \ + -key_algorithm SHA256withRSA \ + -signing_signingalgorithm SHA256withRSA \ + -save_p12 true \ + -backup_fname "$CERTS/ca-server-certs.p12" \ + -backup_pwd "$PASSWORD" \ + -ca_sign_cert_subject_name "$CA_SIGN_CERT_SUBJECT_NAME" \ + -ca_ocsp_cert_subject_name "$CA_OCSP_CERT_SUBJECT_NAME" \ + -ca_server_cert_subject_name "$CA_SERVER_CERT_SUBJECT_NAME" \ + -ca_subsystem_cert_subject_name "$CA_SUBSYSTEM_CERT_SUBJECT_NAME" \ + -ca_audit_signing_cert_subject_name "$CA_AUDIT_SIGNING_CERT_SUBJECT_NAME" \ + -admin_user "$CA_ADMIN_USER" \ + -agent_name "$CA_ADMIN_NAME" \ + -admin_email "$CA_ADMIN_EMAIL" \ + -admin_password "$CA_ADMIN_PASSWORD" \ + -agent_key_size 2048 \ + -agent_key_type rsa \ + -agent_cert_subject "$CA_ADMIN_CERT_SUBJECT" + +# -external true \ +# -ext_csr_file /tmp/ca_signing.csr + +echo $PASSWORD > "$CERTS/password.txt" +PKCS12Export -d "$CERTS" -o "$CERTS/ca-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt" + +/sbin/service pki-cad restart $CA_INSTANCE_NAME + +#/bin/cp -f /tmp/ca_signing.csr . diff --git a/dogtag-9.0/ca-configure2.sh b/dogtag-9.0/ca-configure2.sh new file mode 100755 index 0000000..1ecdd6b --- /dev/null +++ b/dogtag-9.0/ca-configure2.sh @@ -0,0 +1,48 @@ +#!/bin/sh -x + +. ./ca-include.sh + +cp ca_signing.crt /tmp +cp external.crt /tmp + +PIN=`grep preop.pin= $INSTANCE_ROOT/$CA_INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'` +NSSDB_PASSWORD=`grep internal= $INSTANCE_ROOT/$CA_INSTANCE_NAME/conf/password.conf | awk -F = '{ print $2; }'` + +pkisilent ConfigureCA \ + -cs_hostname $HOSTNAME \ + -cs_port $CA_SECURE_PORT \ + -preop_pin $PIN \ + -client_certdb_dir "$NSSDB_DIR" \ + -client_certdb_pwd "$NSSDB_PASSWORD" \ + -token_name "internal" \ + -domain_name "$REALM" \ + -subsystem_name "$CA_SUBSYSTEM_NAME" \ + -ldap_host "$CA_LDAP_HOST" \ + -ldap_port "$CA_LDAP_PORT" \ + -base_dn "$CA_LDAP_BASE_DN" \ + -db_name "$CA_LDAP_DATABASE" \ + -bind_dn "$CA_LDAP_BIND_DN" \ + -bind_password "$CA_LDAP_PASSWORD" \ + -remove_data true \ + -key_type rsa \ + -key_size 2048 \ + -key_algorithm SHA256withRSA \ + -signing_signingalgorithm SHA256withRSA \ + -save_p12 true \ + -backup_fname "$CERTS/ca-server-certs.p12" \ + -backup_pwd "$PASSWORD" \ + -ca_sign_cert_subject_name "$CA_SIGN_CERT_SUBJECT_NAME" \ + -ca_ocsp_cert_subject_name "$CA_OCSP_CERT_SUBJECT_NAME" \ + -ca_server_cert_subject_name "$CA_SERVER_CERT_SUBJECT_NAME" \ + -ca_subsystem_cert_subject_name "$CA_SUBSYSTEM_CERT_SUBJECT_NAME" \ + -ca_audit_signing_cert_subject_name "$CA_AUDIT_SIGNING_CERT_SUBJECT_NAME" \ + -admin_user "$CA_ADMIN_USER" \ + -agent_name "$CA_ADMIN_NAME" \ + -admin_email "$CA_ADMIN_EMAIL" \ + -admin_password "$CA_ADMIN_PASSWORD" \ + -agent_key_size 2048 \ + -agent_key_type rsa \ + -agent_cert_subject "$CA_ADMIN_CERT_SUBJECT" \ + -external true \ + -ext_ca_cert_file /tmp/ca_signing.crt \ + -ext_ca_cert_chain_file /tmp/external.crt diff --git a/dogtag-9.0/ca-console.sh b/dogtag-9.0/ca-console.sh new file mode 100755 index 0000000..f596e6a --- /dev/null +++ b/dogtag-9.0/ca-console.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +pkiconsole https://$HOSTNAME:9443/ca diff --git a/dogtag-9.0/ca-create.sh b/dogtag-9.0/ca-create.sh new file mode 100755 index 0000000..82654c6 --- /dev/null +++ b/dogtag-9.0/ca-create.sh @@ -0,0 +1,28 @@ +#!/bin/sh -x + +. ./ca-include.sh + +pkicreate \ + -pki_instance_root=$INSTANCE_ROOT \ + -pki_instance_name=$CA_INSTANCE_NAME \ + -subsystem_type=$CA_SUBSYSTEM_TYPE \ + -secure_port=$CA_SECURE_PORT \ + -unsecure_port=$CA_UNSECURE_PORT \ + -tomcat_server_port=$CA_TOMCAT_SERVER_PORT \ + -user=$INSTANCE_USER \ + -group=$INSTANCE_GROUP \ + -redirect conf=/etc/$CA_INSTANCE_NAME \ + -redirect logs=/var/log/$CA_INSTANCE_NAME \ + -verbose + +#cd $INSTANCE_ROOT/$CA_INSTANCE_NAME + +#ln -s /usr/share/tomcat6/bin bin +#ln -s /usr/share/tomcat6/lib lib +#rm -f webapps/ca/WEB-INF/lib/pki-* + +#rm -rf webapps/ca/WEB-INF/classes +#ln -s $SRC_DIR/pki/build/classes webapps/ca/WEB-INF + +#systemctl restart pki-cad@$CA_INSTANCE_NAME.service +#/sbin/service pki-cad restart pki-ca diff --git a/dogtag-9.0/ca-export.sh b/dogtag-9.0/ca-export.sh new file mode 100755 index 0000000..f5564db --- /dev/null +++ b/dogtag-9.0/ca-export.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +grep "internal=" /var/lib/pki-ca/conf/password.conf | awk -F= '{print $2}' > internal.txt + +PKCS12Export -debug \ + -d /var/lib/pki-ca/alias \ + -p internal.txt \ + -o ../scripts/ca_backup_keys.p12 \ + -w password.txt diff --git a/dogtag-9.0/ca-include.sh b/dogtag-9.0/ca-include.sh new file mode 100755 index 0000000..0020729 --- /dev/null +++ b/dogtag-9.0/ca-include.sh @@ -0,0 +1,45 @@ +#!/bin/sh -x + +SRC_DIR="`cd ../.. ; pwd`" + +DOMAIN="example.com" +REALM="EXAMPLE" +PASSWORD="Secret123" + +INSTANCE_ROOT="/var/lib" +INSTANCE_USER="pkiuser" +INSTANCE_GROUP="pkiuser" + +CA_INSTANCE_NAME="pki-ca" + +NSSDB_DIR="$INSTANCE_ROOT/$CA_INSTANCE_NAME/alias" + +CA_SUBSYSTEM_TYPE="ca" +CA_SUBSYSTEM_NAME="Certificate Authority" + +CA_SECURE_PORT="9443" +CA_AGENT_SECURE_PORT="9443" +CA_EE_SECURE_PORT="9444" +CA_ADMIN_SECURE_PORT="9445" +CA_EE_SECURE_CLIENT_AUTH_PORT="9446" +CA_UNSECURE_PORT="9180" +CA_TOMCAT_SERVER_PORT="9701" + +CA_LDAP_HOST="$HOSTNAME" +CA_LDAP_PORT="389" +CA_LDAP_DATABASE="ca" +CA_LDAP_BASE_DN="dc=ca,dc=pki,dc=example,dc=com" +CA_LDAP_BIND_DN="cn=Directory Manager" +CA_LDAP_PASSWORD="$PASSWORD" + +CA_SIGN_CERT_SUBJECT_NAME="CN=$CA_SUBSYSTEM_NAME,O=$REALM" +CA_OCSP_CERT_SUBJECT_NAME="CN=OCSP Signing Certificate,O=$REALM" +CA_SERVER_CERT_SUBJECT_NAME="CN=$HOSTNAME,O=$REALM" +CA_SUBSYSTEM_CERT_SUBJECT_NAME="CN=CA Subsystem Certificate,O=$REALM" +CA_AUDIT_SIGNING_CERT_SUBJECT_NAME="CN=CA Audit Signing Certificate,O=$REALM" + +CA_ADMIN_USER="caadmin" +CA_ADMIN_NAME="$CA_ADMIN_USER" +CA_ADMIN_EMAIL="$CA_ADMIN_USER@$DOMAIN" +CA_ADMIN_PASSWORD="$PASSWORD" +CA_ADMIN_CERT_SUBJECT="CN=$CA_ADMIN_NAME,UID=$CA_ADMIN_USER,E=$CA_ADMIN_EMAIL,O=$REALM" diff --git a/dogtag-9.0/ca-keys.sh b/dogtag-9.0/ca-keys.sh new file mode 100755 index 0000000..a5f7acb --- /dev/null +++ b/dogtag-9.0/ca-keys.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +NSSDB_PASSWORD=`grep internal= /var/lib/pki-ca/conf/password.conf | awk -F = '{ print $2; }'` + +echo $NSSDB_PASSWORD > /var/lib/pki-ca/alias/password.txt + +certutil -K -d /var/lib/pki-ca/alias -f /var/lib/pki-ca/alias/password.txt + +#certutil -K -d /var/lib/pki-ca/certs -f /var/lib/pki-ca/certs/password.txt diff --git a/dogtag-9.0/ca-remove.sh b/dogtag-9.0/ca-remove.sh new file mode 100755 index 0000000..7a42c3d --- /dev/null +++ b/dogtag-9.0/ca-remove.sh @@ -0,0 +1,7 @@ +#!/bin/sh -x + +. ./ca-include.sh + +pkiremove -pki_instance_root=$INSTANCE_ROOT \ + -pki_instance_name=$CA_INSTANCE_NAME \ + -force diff --git a/dogtag-9.0/ca-restart.sh b/dogtag-9.0/ca-restart.sh new file mode 100755 index 0000000..5acad1d --- /dev/null +++ b/dogtag-9.0/ca-restart.sh @@ -0,0 +1,4 @@ +#!/bin/sh -x + +#systemctl restart pki-cad@pki-ca.service +/sbin/service pki-cad restart pki-ca diff --git a/dogtag-9.0/ca-start.sh b/dogtag-9.0/ca-start.sh new file mode 100755 index 0000000..7a32129 --- /dev/null +++ b/dogtag-9.0/ca-start.sh @@ -0,0 +1,4 @@ +#!/bin/sh -x + +#systemctl start pki-cad@pki-ca.service +/sbin/service pki-cad start pki-ca diff --git a/dogtag-9.0/ca-stop.sh b/dogtag-9.0/ca-stop.sh new file mode 100755 index 0000000..b317bce --- /dev/null +++ b/dogtag-9.0/ca-stop.sh @@ -0,0 +1,4 @@ +#!/bin/sh -x + +#systemctl stop pki-cad@pki-ca.service +/sbin/service pki-cad stop pki-ca diff --git a/dogtag-9.0/console-build.sh b/dogtag-9.0/console-build.sh new file mode 100755 index 0000000..28d036f --- /dev/null +++ b/dogtag-9.0/console-build.sh @@ -0,0 +1,21 @@ +#!/bin/sh -x + +WORK_DIR=`pwd` +PROJECT_DIR=`cd ../.. ; pwd` +COMPONENT=console + +mkdir -p $WORK_DIR/build +rm -rf $WORK_DIR/build/$COMPONENT + +cd $PROJECT_DIR +rm -rf packages +mkdir -p packages + +pki/scripts/compose_pki_${COMPONENT}_packages rpms | tee packages/build.log + +mv packages $WORK_DIR/build/$COMPONENT +cd $WORK_DIR/build/$COMPONENT + +mkdir -p repo +mv `find RPMS -name *.rpm` repo +createrepo repo diff --git a/dogtag-9.0/console-compile.sh b/dogtag-9.0/console-compile.sh new file mode 100755 index 0000000..fc52fe8 --- /dev/null +++ b/dogtag-9.0/console-compile.sh @@ -0,0 +1,24 @@ +#!/bin/sh -x + +SRC_DIR=`cd ../.. ; pwd` + +cd $SRC_DIR/pki + +mkdir -p build +cd build + +cmake\ + -DCMAKE_VERBOSE_MAKEFILE=ON\ + -DCMAKE_INSTALL_PREFIX:PATH=/usr\ + -DINCLUDE_INSTALL_DIR:PATH=/usr/include\ + -DLIB_INSTALL_DIR:PATH=/usr/lib64\ + -DSYSCONF_INSTALL_DIR:PATH=/etc\ + -DSHARE_INSTALL_PREFIX:PATH=/usr/share\ + -DLIB_SUFFIX=64\ + -DBUILD_SHARED_LIBS:BOOL=ON\ + -DVAR_INSTALL_DIR:PATH=/var\ + -DBUILD_PKI_CONSOLE:BOOL=ON\ + -DWITH_JAVADOC=OFF\ + -DJAVA_LIB_INSTALL_DIR=/usr/lib64/java .. + +make all install diff --git a/dogtag-9.0/console-install.sh b/dogtag-9.0/console-install.sh new file mode 100755 index 0000000..40b768d --- /dev/null +++ b/dogtag-9.0/console-install.sh @@ -0,0 +1,9 @@ +#!/bin/sh -x + +WORK_DIR=`pwd` +PROJECT_DIR=`cd ../.. ; pwd` +COMPONENT=console + +cd $WORK_DIR/build/$COMPONENT/repo + +yum install -y *.rpm diff --git a/dogtag-9.0/console-rebuild.sh b/dogtag-9.0/console-rebuild.sh new file mode 100755 index 0000000..c111895 --- /dev/null +++ b/dogtag-9.0/console-rebuild.sh @@ -0,0 +1,6 @@ +#!/bin/sh -x + +./console-build.sh + +./console-uninstall.sh +./console-install.sh diff --git a/dogtag-9.0/console-reinstall.sh b/dogtag-9.0/console-reinstall.sh new file mode 100755 index 0000000..94deeff --- /dev/null +++ b/dogtag-9.0/console-reinstall.sh @@ -0,0 +1,4 @@ +#!/bin/sh -x + +./console-uninstall.sh +./console-install.sh diff --git a/dogtag-9.0/console-uninstall.sh b/dogtag-9.0/console-uninstall.sh new file mode 100755 index 0000000..b330088 --- /dev/null +++ b/dogtag-9.0/console-uninstall.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +yum erase -y pki-console diff --git a/dogtag-9.0/core-9.0-build.sh b/dogtag-9.0/core-9.0-build.sh new file mode 100755 index 0000000..1caae37 --- /dev/null +++ b/dogtag-9.0/core-9.0-build.sh @@ -0,0 +1,17 @@ +#!/bin/sh -x + +SRC_DIR=`cd ../.. ; pwd` + +cd $SRC_DIR + +rm -rf packages +mkdir -p packages + +pki/scripts/compose_pki_core_packages hybrid_rpms + +mkdir -p repo +mv `find packages/RPMS -name *.rpm` repo +createrepo repo + +rm -rf packages.core +mv packages packages.core diff --git a/dogtag-9.0/core-build.sh b/dogtag-9.0/core-build.sh new file mode 100755 index 0000000..3b62983 --- /dev/null +++ b/dogtag-9.0/core-build.sh @@ -0,0 +1,21 @@ +#!/bin/sh -x + +WORK_DIR=`pwd` +PROJECT_DIR=`cd ../.. ; pwd` +COMPONENT=core + +mkdir -p $WORK_DIR/build +rm -rf $WORK_DIR/build/$COMPONENT + +cd $PROJECT_DIR +rm -rf packages +mkdir -p packages + +pki/scripts/compose_pki_${COMPONENT}_packages rpms 2>&1 | tee packages/build.log + +mv packages $WORK_DIR/build/$COMPONENT +cd $WORK_DIR/build/$COMPONENT + +mkdir -p repo +mv `find RPMS -name *.rpm` repo +createrepo repo diff --git a/dogtag-9.0/core-install.sh b/dogtag-9.0/core-install.sh new file mode 100755 index 0000000..2d26b10 --- /dev/null +++ b/dogtag-9.0/core-install.sh @@ -0,0 +1,5 @@ +#!/bin/sh -x + +cd build/core/repo + +yum install -y *.rpm diff --git a/dogtag-9.0/core-rebuild.sh b/dogtag-9.0/core-rebuild.sh new file mode 100755 index 0000000..3c79a1d --- /dev/null +++ b/dogtag-9.0/core-rebuild.sh @@ -0,0 +1,6 @@ +#!/bin/sh -x + +./core-build.sh + +./core-uninstall.sh +./core-install.sh diff --git a/dogtag-9.0/core-remove.sh b/dogtag-9.0/core-remove.sh new file mode 100755 index 0000000..5b48c48 --- /dev/null +++ b/dogtag-9.0/core-remove.sh @@ -0,0 +1,17 @@ +#!/bin/sh -x + +rpm -e --nodeps pki-native-tools +rpm -e --nodeps pki-symkey +rpm -e --nodeps pki-ca +rpm -e --nodeps ipa-pki-ca-theme +rpm -e --nodeps pki-util +rpm -e --nodeps pki-java-tools +rpm -e --nodeps ipa-pki-common-theme +rpm -e --nodeps pki-setup +rpm -e --nodeps pki-common +rpm -e --nodeps pki-silent +rpm -e --nodeps pki-java-tools-javadoc +rpm -e --nodeps pki-core-debuginfo +rpm -e --nodeps pki-selinux +rpm -e --nodeps pki-common-javadoc +rpm -e --nodeps pki-util-javadoc diff --git a/dogtag-9.0/core-uninstall.sh b/dogtag-9.0/core-uninstall.sh new file mode 100755 index 0000000..8c831ba --- /dev/null +++ b/dogtag-9.0/core-uninstall.sh @@ -0,0 +1,16 @@ +#!/bin/sh -x + +yum erase -y\ + pki-common\ + pki-silent\ + pki-core-debuginfo\ + pki-setup\ + pki-java-tools-javadoc\ + pki-java-tools\ + pki-util\ + pki-common-javadoc\ + pki-selinux\ + pki-util-javadoc\ + pki-symkey\ + pki-native-tools\ + pki-ca diff --git a/dogtag-9.0/core-update.sh b/dogtag-9.0/core-update.sh new file mode 100755 index 0000000..e38b85e --- /dev/null +++ b/dogtag-9.0/core-update.sh @@ -0,0 +1,4 @@ +#!/bin/sh -x + +./core-remove.sh +./core-install.sh diff --git a/dogtag-9.0/dev-init.sh b/dogtag-9.0/dev-init.sh new file mode 100755 index 0000000..c4454ac --- /dev/null +++ b/dogtag-9.0/dev-init.sh @@ -0,0 +1,88 @@ +#!/bin/sh -x + +useradd dirsrv -d /usr/share/dirsrv +useradd pkiuser -d /usr/share/pki + +# development +yum install -y\ + git + +yum install -y --skip-broken\ + gcc-c++\ + jakarta-commons-io\ + jakarta-commons-lang\ + cmake\ + java-1.6.0-openjdk-devel\ + jpackage-utils\ + jss\ + ldapjdk\ + nspr-devel\ + nss-devel\ + openldap-devel\ + osutil\ + tomcatjss\ + velocity\ + xalan-j2\ + xerces-j2 + +exit + +# build +yum-builddep --skip-broken ../../pki/specs/pki-core.spec +yum install -y --skip-broken\ + gcc-c++\ + rpm-build\ + createrepo + +# test +yum install -y --skip-broken\ + 389-ds-base + +# obsolete +#yum install -y\ +# kdiff3\ +# cmake\ +# gcc\ +# mock\ +# java-devel\ +# ldapjdk\ +# idm-console-framework\ +# apache-commons-cli\ +# apache-commons-codec\ +# httpcomponents-client\ +# httpcomponents-core\ +# nspr-devel\ +# nss-devel\ +# openldap-clients\ +# openldap-devel\ +# openssl-devel\ +# velocity\ +# xalan-j2\ +# xerces-j2\ +# selinux-policy-devel\ +# 389-ds-base\ +# java-1.7.0-openjdk\ +# junit\ +# jss\ +# javassist\ +# jettison\ +# resteasy\ +# tomcatjss\ +# perl-File-Slurp\ +# perl-XML-LibXML\ +# perl-Crypt-SSLeay\ +# pylint\ +# python-ldap\ +# python-lxml\ +# python-nss\ +# python-sphinx\ +# freeipa-python\ +# eclipse-jdt\ +# fedora-packager\ +# apr-devel\ +# apr-util-devel\ +# httpd-devel\ +# pcre-devel\ +# dnf\ +# dnf-plugins-core\ +# @development-tools diff --git a/dogtag-9.0/ds-create.sh b/dogtag-9.0/ds-create.sh new file mode 100755 index 0000000..69c7db2 --- /dev/null +++ b/dogtag-9.0/ds-create.sh @@ -0,0 +1,17 @@ +#!/bin/sh -x + +setup-ds.pl --silent --\ + General.FullMachineName=$HOSTNAME\ + General.SuiteSpotUserID=nobody\ + General.SuiteSpotGroup=nobody\ + slapd.ServerPort=389\ + slapd.ServerIdentifier=pki-tomcat\ + slapd.Suffix=dc=example,dc=com\ + slapd.RootDN="cn=Directory Manager"\ + slapd.RootDNPwd=Secret123 + +ldapadd -x -D "cn=Directory Manager" -w Secret123 << EOF +dn: dc=pki,dc=example,dc=com +objectClass: domain +dc: pki +EOF diff --git a/dogtag-9.0/ds-install.sh b/dogtag-9.0/ds-install.sh new file mode 100755 index 0000000..679a8ae --- /dev/null +++ b/dogtag-9.0/ds-install.sh @@ -0,0 +1,15 @@ +#!/bin/sh -x + +yum install -y\ + 389-ds-base\ + 389-adminutil\ + 389-admin-console\ + 389-admin-console-doc\ + 389-console\ + 389-dsgw\ + 389-ds-console\ + 389-ds-console-doc\ + 389-ds-base-libs\ + 389-admin\ + 389-ds\ + 389-ds-base-devel diff --git a/dogtag-9.0/ds-remove.sh b/dogtag-9.0/ds-remove.sh new file mode 100755 index 0000000..980a354 --- /dev/null +++ b/dogtag-9.0/ds-remove.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +remove-ds.pl -f -i slapd-pki-tomcat diff --git a/dogtag-9.0/ds-restart.sh b/dogtag-9.0/ds-restart.sh new file mode 100755 index 0000000..94b92ea --- /dev/null +++ b/dogtag-9.0/ds-restart.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +systemctl restart dirsrv@pki-master.service diff --git a/dogtag-9.0/ds-start.sh b/dogtag-9.0/ds-start.sh new file mode 100755 index 0000000..6f38aa6 --- /dev/null +++ b/dogtag-9.0/ds-start.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +systemctl start dirsrv@pki-master.service diff --git a/dogtag-9.0/ds-status.sh b/dogtag-9.0/ds-status.sh new file mode 100755 index 0000000..1e1715f --- /dev/null +++ b/dogtag-9.0/ds-status.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +systemctl status dirsrv@pki-master.service diff --git a/dogtag-9.0/ds-stop.sh b/dogtag-9.0/ds-stop.sh new file mode 100755 index 0000000..61d56e9 --- /dev/null +++ b/dogtag-9.0/ds-stop.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +systemctl stop dirsrv@pki-master.service diff --git a/dogtag-9.0/ds-uninstall.sh b/dogtag-9.0/ds-uninstall.sh new file mode 100755 index 0000000..6b8d448 --- /dev/null +++ b/dogtag-9.0/ds-uninstall.sh @@ -0,0 +1,17 @@ +#!/bin/sh -x + +yum erase -y\ + 389-ds-base-devel\ + 389-ds-base\ + 389-adminutil\ + 389-admin-console\ + 389-admin-console-doc\ + 389-console\ + 389-dsgw\ + 389-ds-console\ + 389-ds-console-doc\ + 389-ds-base-libs\ + 389-admin\ + 389-ds + +rm -rf /var/lock/dirsrv diff --git a/dogtag-9.0/external-ca-sign.sh b/dogtag-9.0/external-ca-sign.sh new file mode 100755 index 0000000..bc7c7bd --- /dev/null +++ b/dogtag-9.0/external-ca-sign.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +PROFILE=caCACert +#PROFILE=caInstallCACert + +REQUEST_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin ca-cert-request-submit --profile $PROFILE --csr-file ca_signing.csr | grep "Request ID:" | awk -F ': ' '{print $2;}'` +echo Request ID: $REQUEST_ID + +CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'` +echo Certificate ID: $CERT_ID + +pki cert-show --output ca_signing.crt $CERT_ID + +pki cert-show --output external.crt 0x1 diff --git a/dogtag-9.0/external-create.sh b/dogtag-9.0/external-create.sh new file mode 100755 index 0000000..a057d9b --- /dev/null +++ b/dogtag-9.0/external-create.sh @@ -0,0 +1,20 @@ +#!/bin/sh -x + +mkdir -p build + +rm -f /tmp/ca_signing.csr +rm -r /tmp/external.crt +rm -r /tmp/cert_chain.p7b +rm -f /tmp/ca_signing.crt + +pkicreate \ + -pki_instance_root=/var/lib \ + -pki_instance_name=pki-ca \ + -subsystem_type=ca \ + -secure_port=9443 \ + -unsecure_port=9180 \ + -tomcat_server_port=9701 \ + -user=pkiuser \ + -group=pkiuser \ + -redirect conf=/etc/pki-ca \ + -redirect logs=/var/log/pki-ca | tee build/external-create.log diff --git a/dogtag-9.0/external-nss-sign.sh b/dogtag-9.0/external-nss-sign.sh new file mode 100755 index 0000000..e7e471c --- /dev/null +++ b/dogtag-9.0/external-nss-sign.sh @@ -0,0 +1,49 @@ +#!/bin/sh + +#pki ca-cert-request-profile-show caCACert --output caCACert.xml +#pki cert-request-submit caCACert.xml + +#pki -d ~/.dogtag/pki-tomcat/ca/alias/ -c Secret123 -n caadmin ca-cert-request-review --action approve 10 + +#pki cert-show --output ca.crt 0x7 +#pki cert-show --output external.crt 0x1 + +rm -rf nssdb +mkdir nssdb +echo Secret123 > nssdb/password.txt +certutil -N -d nssdb -f nssdb/password.txt + +openssl rand -out nssdb/noise.bin 2048 +echo -e "y\n\ny\n" | \ + certutil -S \ + -d nssdb \ + -f nssdb/password.txt \ + -z nssdb/noise.bin \ + -n "External CA" \ + -s "CN=CA Signing Certificate,O=EXAMPLE" \ + -x \ + -t "CTu,CTu,CTu" \ + -m 1\ + -2 \ + --keyUsage certSigning \ + --nsCertType sslCA,smimeCA,objectSigningCA + +certutil -L -d nssdb -n "External CA" -a > ./external.crt + +echo -e "0\n1\n5\n6\n9\ny\ny\n\ny\n" | \ + certutil -C \ + -d nssdb \ + -f nssdb/password.txt \ + -m $RANDOM \ + -a -i ca_signing.csr \ + -o ca_signing.crt \ + -c "External CA" \ + -1 -2 + +#certutil -C \ +# -d nssdb \ +# -f nssdb/password.txt \ +# -m $RANDOM \ +# -a -i ca_signing.csr \ +# -o ca_signing.crt \ +# -c "External CA" diff --git a/dogtag-9.0/external-step1.sh b/dogtag-9.0/external-step1.sh new file mode 100755 index 0000000..8666633 --- /dev/null +++ b/dogtag-9.0/external-step1.sh @@ -0,0 +1,53 @@ +#!/bin/sh -x + +mkdir -p build + +PIN=`grep preop.pin= /var/lib/pki-ca/conf/CS.cfg | awk -F= '{ print $2; }'` +NSSDB_PASSWORD=`grep internal= /var/lib/pki-ca/conf/password.conf | awk -F = '{ print $2; }'` +echo $NSSDB_PASSWORD > /var/lib/pki-ca/alias/password.txt + +CERTS=/var/lib/pki-ca/certs +rm -rf $CERTS +mkdir -p $CERTS +echo Secret123 > /var/lib/pki-ca/certs/password.txt + +pkisilent ConfigureCA \ + -cs_hostname $HOSTNAME \ + -cs_port 9443 \ + -preop_pin $PIN \ + -client_certdb_dir /var/lib/pki-ca/certs \ + -client_certdb_pwd Secret123 \ + -token_name internal \ + -domain_name EXAMPLE-COM \ + -subsystem_name 'Certificate Authority' \ + -ldap_host $HOSTNAME \ + -ldap_port 389 \ + -base_dn ou=ca,dc=example,dc=com \ + -db_name example.com-pki-ca \ + -bind_dn 'cn=Directory Manager' \ + -bind_password Secret123 \ + -remove_data true \ + -key_type rsa \ + -key_size 2048 \ + -key_algorithm SHA256withRSA \ + -signing_signingalgorithm SHA256withRSA \ + -save_p12 true \ + -backup_fname /var/lib/pki-ca/certs/ca-server-certs.p12 \ + -backup_pwd Secret123 \ + -ca_sign_cert_subject_name 'CN=Certificate Authority,O=EXAMPLE-COM' \ + -ca_ocsp_cert_subject_name 'CN=OCSP Signing Certificate,O=EXAMPLE-COM' \ + -ca_server_cert_subject_name CN=$HOSTNAME,O=EXAMPLE-COM \ + -ca_subsystem_cert_subject_name 'CN=CA Subsystem Certificate,O=EXAMPLE-COM' \ + -ca_audit_signing_cert_subject_name 'CN=CA Audit Signing Certificate,O=EXAMPLE-COM' \ + -admin_user caadmin \ + -agent_name caadmin \ + -admin_email caadmin@example.com \ + -admin_password Secret123 \ + -agent_key_size 2048 \ + -agent_key_type rsa \ + -agent_cert_subject CN=caadmin,UID=caadmin,E=caadmin@example.com,O=EXAMPLE-COM \ + -external true \ + -ext_csr_file /tmp/ca_signing.csr | tee build/external-step1.log + +/bin/cp -f /tmp/ca_signing.csr . + diff --git a/dogtag-9.0/external-step2.sh b/dogtag-9.0/external-step2.sh new file mode 100755 index 0000000..2fdecde --- /dev/null +++ b/dogtag-9.0/external-step2.sh @@ -0,0 +1,49 @@ +#!/bin/sh -x + +mkdir -p build + +cp ca_signing.crt /tmp +cp external.crt /tmp + +PIN=`grep preop.pin= /var/lib/pki-ca/conf/CS.cfg | awk -F= '{ print $2; }'` +NSSDB_PASSWORD=`grep internal= /var/lib/pki-ca/conf/password.conf | awk -F = '{ print $2; }'` + +pkisilent ConfigureCA \ + -cs_hostname $HOSTNAME \ + -cs_port 9443 \ + -preop_pin $PIN \ + -client_certdb_dir /var/lib/pki-ca/certs \ + -client_certdb_pwd Secret123 \ + -token_name internal \ + -domain_name EXAMPLE-COM \ + -subsystem_name 'Certificate Authority' \ + -ldap_host $HOSTNAME \ + -ldap_port 389 \ + -base_dn ou=ca,dc=example,dc=com \ + -db_name example.com-pki-ca \ + -bind_dn 'cn=Directory Manager' \ + -bind_password Secret123 \ + -remove_data true \ + -key_type rsa \ + -key_size 2048 \ + -key_algorithm SHA256withRSA \ + -signing_signingalgorithm SHA256withRSA \ + -save_p12 true \ + -backup_fname /var/lib/pki-ca/certs/ca-server-certs.p12 \ + -backup_pwd Secret123 \ + -ca_sign_cert_subject_name 'CN=Certificate Authority,O=EXAMPLE-COM' \ + -ca_ocsp_cert_subject_name 'CN=OCSP Signing Certificate,O=EXAMPLE-COM' \ + -ca_server_cert_subject_name CN=$HOSTNAME,O=EXAMPLE-COM \ + -ca_subsystem_cert_subject_name 'CN=CA Subsystem Certificate,O=EXAMPLE-COM' \ + -ca_audit_signing_cert_subject_name 'CN=CA Audit Signing Certificate,O=EXAMPLE-COM' \ + -admin_user caadmin \ + -agent_name caadmin \ + -admin_email caadmin@example.com \ + -admin_password Secret123 \ + -agent_key_size 2048 \ + -agent_key_type rsa \ + -agent_cert_subject CN=caadmin,UID=caadmin,E=caadmin@example.com,O=EXAMPLE-COM \ + -external true \ + -ext_ca_cert_file /tmp/ca_signing.crt \ + -ext_ca_cert_chain_file /tmp/external.crt | tee build/external-step2.log + diff --git a/dogtag-9.0/firefox-certs-import.sh b/dogtag-9.0/firefox-certs-import.sh new file mode 100755 index 0000000..b2490bf --- /dev/null +++ b/dogtag-9.0/firefox-certs-import.sh @@ -0,0 +1,12 @@ +#!/bin/sh -x + +. ./ca-include.sh + +FIREFOX_DIR=~/.mozilla/firefox +PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` + +pk12util -i /var/lib/pki-ca/certs/ca-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123 +certutil -M -n caadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE + +pk12util -i /var/lib/pki-kra/certs/kra-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123 +certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE diff --git a/dogtag-9.0/firefox-certs-remove.sh b/dogtag-9.0/firefox-certs-remove.sh new file mode 100755 index 0000000..97439e1 --- /dev/null +++ b/dogtag-9.0/firefox-certs-remove.sh @@ -0,0 +1,15 @@ +#!/bin/sh -x + +. ./ca-include.sh + +FIREFOX_DIR=~/.mozilla/firefox +PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` + +cd $FIREFOX_DIR/$PROFILE + +certutil -D -n "$CA_ADMIN_NAME" -d . +certutil -D -n "kraadmin" -d . +certutil -D -n "$CA_SUBSYSTEM_NAME - $REALM" -d . +certutil -D -n "$HOSTNAME" -d . +certutil -D -n "$HOSTNAME #2" -d . +certutil -D -n "$HOSTNAME #3" -d . diff --git a/dogtag-9.0/firefox-certs.sh b/dogtag-9.0/firefox-certs.sh new file mode 100755 index 0000000..4e55245 --- /dev/null +++ b/dogtag-9.0/firefox-certs.sh @@ -0,0 +1,8 @@ +#!/bin/sh -x + +FIREFOX_DIR=~/.mozilla/firefox +PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'` + +cd $FIREFOX_DIR/$PROFILE + +certutil -L -d . diff --git a/dogtag-9.0/kra-build.sh b/dogtag-9.0/kra-build.sh new file mode 100755 index 0000000..26e887c --- /dev/null +++ b/dogtag-9.0/kra-build.sh @@ -0,0 +1,21 @@ +#!/bin/sh -x + +WORK_DIR=`pwd` +PROJECT_DIR=`cd ../.. ; pwd` +COMPONENT=kra + +mkdir -p $WORK_DIR/build +rm -rf $WORK_DIR/build/$COMPONENT + +cd $PROJECT_DIR +rm -rf packages +mkdir -p packages + +pki/scripts/compose_pki_${COMPONENT}_packages hybrid_rpms 2>&1 | tee packages/build.log + +mv packages $WORK_DIR/build/$COMPONENT +cd $WORK_DIR/build/$COMPONENT + +mkdir -p repo +mv `find RPMS -name *.rpm` repo +createrepo repo diff --git a/dogtag-9.0/kra-configure.sh b/dogtag-9.0/kra-configure.sh new file mode 100755 index 0000000..366c4a3 --- /dev/null +++ b/dogtag-9.0/kra-configure.sh @@ -0,0 +1,60 @@ +#!/bin/sh -x + +PKI_DEV_SRC=`cd .. ; pwd` + +INSTANCE_NAME=pki-kra +PASSWORD=Secret123 +PIN=`grep preop.pin= /var/lib/$INSTANCE_NAME/conf/CS.cfg | awk -F= '{ print $2; }'` + +REALM=EXAMPLE-COM +CERTS=/var/lib/$INSTANCE_NAME/certs +rm -rf $CERTS +mkdir -p $CERTS + +pkisilent ConfigureDRM \ + -cs_hostname "$HOSTNAME" \ + -cs_port 10443 \ + -preop_pin "$PIN" \ + -client_certdb_dir "$CERTS" \ + -client_certdb_pwd "$PASSWORD" \ + -token_name "internal" \ + -sd_hostname "$HOSTNAME" \ + -sd_admin_port 9443 \ + -sd_ssl_port 9443 \ + -sd_agent_port 9443 \ + -sd_admin_name "caadmin" \ + -sd_admin_password "$PASSWORD" \ + -domain_name "$REALM" \ + -subsystem_name "Data Recovery Manager" \ + -ldap_host "localhost" \ + -ldap_port "389" \ + -base_dn "ou=kra,dc=example,dc=com" \ + -db_name "example.com-$INSTANCE_NAME" \ + -bind_dn "cn=Directory Manager" \ + -bind_password "$PASSWORD" \ + -remove_data true \ + -key_type rsa \ + -key_size 2048 \ + -signing_algorithm SHA256withRSA \ + -drm_transport_cert_subject_name "CN=DRM Transport Certificate,O=$REALM" \ + -drm_storage_cert_subject_name "CN=DRM Storage Certificate,O=$REALM" \ + -drm_server_cert_subject_name "CN=$HOSTNAME,O=$REALM" \ + -drm_subsystem_cert_subject_name "CN=DRM Subsystem Certificate,O=$REALM" \ + -drm_audit_signing_cert_subject_name "CN=DRM Audit Signing Certificate,O=$REALM" \ + -ca_hostname "$HOSTNAME" \ + -ca_port 9180 \ + -ca_ssl_port 9443 \ + -backup_fname "$CERTS/kra-server-certs.p12" \ + -backup_pwd "$PASSWORD" \ + -admin_user "kraadmin" \ + -agent_name "kraadmin" \ + -admin_email "kraadmin@example.com" \ + -admin_password "$PASSWORD" \ + -agent_key_size 2048 \ + -agent_key_type rsa \ + -agent_cert_subject "CN=kraadmin,UID=kraadmin,E=kraadmin@example.com,O=$REALM" + +echo $PASSWORD > "$CERTS/password.txt" +PKCS12Export -d "$CERTS" -o "$CERTS/kra-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt" + +systemctl restart pki-krad@$INSTANCE_NAME.service diff --git a/dogtag-9.0/kra-console.sh b/dogtag-9.0/kra-console.sh new file mode 100755 index 0000000..8a1263c --- /dev/null +++ b/dogtag-9.0/kra-console.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +pkiconsole https://$HOSTNAME:10443/kra diff --git a/dogtag-9.0/kra-create.sh b/dogtag-9.0/kra-create.sh new file mode 100755 index 0000000..4dd88c8 --- /dev/null +++ b/dogtag-9.0/kra-create.sh @@ -0,0 +1,30 @@ +#!/bin/sh -x + +SRC_DIR=`cd ../.. ; pwd` + +INSTANCE_NAME=pki-kra + +pkicreate -pki_instance_root=/var/lib \ + -pki_instance_name=$INSTANCE_NAME \ + -subsystem_type=kra \ + -secure_port=10443 \ + -unsecure_port=10180 \ + -tomcat_server_port=10701 \ + -user=pkiuser \ + -group=pkiuser \ + -audit_group=pkiaudit \ + -redirect conf=/etc/$INSTANCE_NAME \ + -redirect logs=/var/log/$INSTANCE_NAME \ + -verbose + +#cd /var/lib/$INSTANCE_NAME + +#ln -s /usr/share/tomcat6/bin bin +#ln -s /usr/share/tomcat6/lib lib +#rm -f webapps/kra/WEB-INF/lib/pki-* + +#rm -rf webapps/kra/WEB-INF/classes +#ln -s $SRC_DIR/pki/build/classes webapps/kra/WEB-INF + +#systemctl restart pki-krad@$INSTANCE_NAME.service +/sbin/service pki-krad restart pki-kra diff --git a/dogtag-9.0/kra-install.sh b/dogtag-9.0/kra-install.sh new file mode 100755 index 0000000..98cfdde --- /dev/null +++ b/dogtag-9.0/kra-install.sh @@ -0,0 +1,9 @@ +#!/bin/sh -x + +WORK_DIR=`pwd` +PROJECT_DIR=`cd ../.. ; pwd` +COMPONENT=kra + +cd $WORK_DIR/build/$COMPONENT/repo + +yum install -y *.rpm diff --git a/dogtag-9.0/kra-remove.sh b/dogtag-9.0/kra-remove.sh new file mode 100755 index 0000000..3ddfa9d --- /dev/null +++ b/dogtag-9.0/kra-remove.sh @@ -0,0 +1,7 @@ +#!/bin/sh -x + +INSTANCE_NAME=pki-kra + +pkiremove -pki_instance_root=/var/lib\ + -pki_instance_name=$INSTANCE_NAME\ + -force diff --git a/dogtag-9.0/kra-restart.sh b/dogtag-9.0/kra-restart.sh new file mode 100755 index 0000000..914945c --- /dev/null +++ b/dogtag-9.0/kra-restart.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +systemctl restart pki-krad@pki-kra.service diff --git a/dogtag-9.0/kra-start.sh b/dogtag-9.0/kra-start.sh new file mode 100755 index 0000000..a66efc5 --- /dev/null +++ b/dogtag-9.0/kra-start.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +systemctl start pki-krad@pki-kra.service diff --git a/dogtag-9.0/kra-stop.sh b/dogtag-9.0/kra-stop.sh new file mode 100755 index 0000000..1927603 --- /dev/null +++ b/dogtag-9.0/kra-stop.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +systemctl stop pki-krad@pki-kra.service diff --git a/dogtag-9.0/kra-uninstall.sh b/dogtag-9.0/kra-uninstall.sh new file mode 100755 index 0000000..93b7c54 --- /dev/null +++ b/dogtag-9.0/kra-uninstall.sh @@ -0,0 +1,3 @@ +#!/bin/sh -x + +yum erase -y pki-kra diff --git a/dogtag-9.0/pki-nuke.sh b/dogtag-9.0/pki-nuke.sh new file mode 100755 index 0000000..53cbcc4 --- /dev/null +++ b/dogtag-9.0/pki-nuke.sh @@ -0,0 +1,23 @@ +#!/bin/sh + +SUBSYSTEM_NAME=$1 + +if [ "$SUBSYSTEM_NAME" == "" ]; then + echo "usage: pki-nuke.sh <instance name>" + exit 1 +fi + +echo "Deleting subsystem $SUBSYSTEM_NAME" + +pids="`ps -ef | grep catalina.base=/var/lib/pki-$SUBSYSTEM_NAME | grep -v grep | awk '{print $2}'`" +for pid in $pids; do + kill -9 $pid +done + +rm -rf /etc/pki-$SUBSYSTEM_NAME +rm -rf /etc/sysconfig/pki-$SUBSYSTEM_NAME +rm -rf /etc/sysconfig/pki/ca/pki-$SUBSYSTEM_NAME +rm -rf /var/lib/pki-$SUBSYSTEM_NAME +rm -rf /var/log/pki-$SUBSYSTEM_NAME +rm -rf /var/log/pki-*.log +#rm -rf /var/lib/ipa/pki-$SUBSYSTEM_NAME diff --git a/dogtag-9.0/test.sh b/dogtag-9.0/test.sh new file mode 100644 index 0000000..89877c2 --- /dev/null +++ b/dogtag-9.0/test.sh @@ -0,0 +1,35 @@ +pkisilent ConfigureCA \ + -cs_hostname `hostname` \ + -cs_port 9445 \ + -client_certdb_dir /tmp/tmp-DyO1lT \ + -client_certdb_pwd Secret123 \ + -preop_pin Secret123 \ + -domain_name IPA \ + -admin_user admin \ + -admin_email root@localhost \ + -admin_password Secret123 \ + -agent_name ipa-ca-agent \ + -agent_key_size 2048 \ + -agent_key_type rsa \ + -agent_cert_subject CN=ipa-ca-agent,O=EXAMPLE.COM \ + -ldap_host `localhost` \ + -ldap_port 7389 \ + -bind_dn "cn=Directory Manager" \ + -bind_password Secret123 \ + -base_dn o=ipaca \ + -db_name ipaca \ + -key_size 2048 \ + -key_type rsa \ + -key_algorithm SHA256withRSA \ + -save_p12 true \ + -backup_pwd Secret123 \ + -subsystem_name pki-cad \ + -token_name internal \ + -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=EXAMPLE.COM" \ + -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=EXAMPLE.COM" \ + -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=EXAMPLE.COM" \ + -ca_server_cert_subject_name CN=`hostname`,O=EXAMPLE.COM \ + -ca_audit_signing_cert_subject_name "CN=CA Audit,O=EXAMPLE.COM" \ + -ca_sign_cert_subject_name "CN=Certificate Authority,O=EXAMPLE.COM" \ + -external false \ + -clone false diff --git a/dogtag-9.0/theme-build.sh b/dogtag-9.0/theme-build.sh new file mode 100755 index 0000000..225c24b --- /dev/null +++ b/dogtag-9.0/theme-build.sh @@ -0,0 +1,21 @@ +#!/bin/sh -x + +WORK_DIR=`pwd` +PROJECT_DIR=`cd ../.. ; pwd` +COMPONENT=theme + +mkdir -p $WORK_DIR/build +rm -rf $WORK_DIR/build/$COMPONENT + +cd $PROJECT_DIR +rm -rf packages +mkdir -p packages + +pki/scripts/compose_dogtag_pki_theme_packages rpms | tee packages/build.log + +mv packages $WORK_DIR/build/$COMPONENT +cd $WORK_DIR/build/$COMPONENT + +mkdir -p repo +mv `find RPMS -name *.rpm` repo +createrepo repo diff --git a/dogtag-9.0/theme-install.sh b/dogtag-9.0/theme-install.sh new file mode 100755 index 0000000..b353fbe --- /dev/null +++ b/dogtag-9.0/theme-install.sh @@ -0,0 +1,9 @@ +#!/bin/sh -x + +WORK_DIR=`pwd` +PROJECT_DIR=`cd ../.. ; pwd` +COMPONENT=theme + +cd $WORK_DIR/build/$COMPONENT/repo + +yum install -y *.rpm diff --git a/dogtag-9.0/theme-uninstall.sh b/dogtag-9.0/theme-uninstall.sh new file mode 100755 index 0000000..8f714d8 --- /dev/null +++ b/dogtag-9.0/theme-uninstall.sh @@ -0,0 +1,11 @@ +#!/bin/sh -x + +yum erase -y\ + dogtag-pki-ca-theme\ + dogtag-pki-kra-theme\ + dogtag-pki-tps-theme\ + dogtag-pki-tks-theme\ + dogtag-pki-console-theme\ + dogtag-pki-ra-theme\ + dogtag-pki-common-theme\ + dogtag-pki-ocsp-theme diff --git a/dogtag-9.0/tps-create.sh b/dogtag-9.0/tps-create.sh new file mode 100755 index 0000000..24e444c --- /dev/null +++ b/dogtag-9.0/tps-create.sh @@ -0,0 +1,15 @@ +#!/bin/sh -x + +. ./tps-include.sh + +pkicreate -pki_instance_root=$INSTANCE_ROOT \ + -pki_instance_name=$TPS_INSTANCE_NAME \ + -subsystem_type=$TPS_SUBSYSTEM_TYPE \ + -secure_port=$TPS_SECURE_PORT \ + -non_clientauth_secure_port=$TPS_NON_CLIENTAUTH_SECURE_PORT \ + -unsecure_port=$TPS_UNSECURE_PORT \ + -user=$INSTANCE_USER \ + -group=$INSTANCE_GROUP \ + -redirect conf=/etc/$TPS_INSTANCE_NAME \ + -redirect logs=/var/log/$TPS_INSTANCE_NAME \ + -verbose diff --git a/dogtag-9.0/tps-remove.sh b/dogtag-9.0/tps-remove.sh new file mode 100755 index 0000000..8d6848d --- /dev/null +++ b/dogtag-9.0/tps-remove.sh @@ -0,0 +1,8 @@ +#!/bin/sh -x + +. ./tps-include.sh + +pkiremove -pki_instance_root=$INSTANCE_ROOT \ + -pki_instance_name=$TPS_INSTANCE_NAME \ + -force \ + -verbose |