From 4ef1422a303c035735afd84d98ee7baba325c2fa Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Thu, 20 Jul 2017 07:31:46 +0200
Subject: Updated TPS scripts.

---
 scripts/tps-admin-setup.sh    | 17 ++++++++++-------
 scripts/tps-agent-setup.sh    | 14 +++++++-------
 scripts/tps-auth-user-add.sh  | 16 ++++++++++++++++
 scripts/tps-auth-user-del.sh  |  7 +++++++
 scripts/tps-build.sh          |  2 +-
 scripts/tps-config-mod.sh     | 11 +++++++++++
 scripts/tps-config-show.sh    |  7 +++++++
 scripts/tps-configure.sh      |  2 +-
 scripts/tps-create.sh         |  2 +-
 scripts/tps-operator-setup.sh | 16 ++++++++--------
 scripts/tps-remote-create.sh  |  5 +++++
 scripts/tps-token-enroll.sh   | 34 ++++++++++++++++++++++++++++++++++
 scripts/tps-token-format.sh   | 36 ++++++++++++++++++++++++++++++++++++
 13 files changed, 144 insertions(+), 25 deletions(-)
 create mode 100755 scripts/tps-auth-user-add.sh
 create mode 100755 scripts/tps-auth-user-del.sh
 create mode 100755 scripts/tps-config-mod.sh
 create mode 100755 scripts/tps-config-show.sh
 create mode 100755 scripts/tps-remote-create.sh
 create mode 100755 scripts/tps-token-enroll.sh
 create mode 100755 scripts/tps-token-format.sh

diff --git a/scripts/tps-admin-setup.sh b/scripts/tps-admin-setup.sh
index daacecd..53b0298 100755
--- a/scripts/tps-admin-setup.sh
+++ b/scripts/tps-admin-setup.sh
@@ -1,15 +1,18 @@
 #!/bin/sh -x
 
-#pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-add tpsadmin --fullName "TPS Administrator"
-#pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-group-member-add "Administrators" tpsadmin
+USERNAME=tpsadmin
+#USERNAME=admin
 
-REQUEST_ID=`pki -c Secret123 client-cert-request uid=tpsadmin | grep "Request ID:" | awk -F ': ' '{print $2;}'`
+#pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-add $USERNAME --fullName "TPS Administrator"
+#pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-group-member-add "Administrators" $USERNAME
+
+REQUEST_ID=`pki -c Secret.123 client-cert-request uid=$USERNAME | grep "Request ID:" | awk -F ': ' '{print $2;}'`
 echo Request ID: $REQUEST_ID
 
-CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
+CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
 echo Certificate ID: $CERT_ID
 
-pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-cert-add tpsadmin --serial $CERT_ID
-pki -c Secret123 client-cert-import tpsadmin --serial $CERT_ID
+pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-cert-add $USERNAME --serial $CERT_ID
+pki -c Secret.123 client-cert-import $USERNAME --serial $CERT_ID
 
-pki -c Secret123 client-cert-show tpsadmin --pkcs12 tpsadmin.p12 --pkcs12-password Secret123
+pki -c Secret.123 client-cert-show $USERNAME --pkcs12 $USERNAME.p12 --pkcs12-password Secret.123
diff --git a/scripts/tps-agent-setup.sh b/scripts/tps-agent-setup.sh
index 49f86b9..1f8bddf 100755
--- a/scripts/tps-agent-setup.sh
+++ b/scripts/tps-agent-setup.sh
@@ -1,15 +1,15 @@
 #!/bin/sh -x
 
-pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-add tpsagent --fullName "TPS Agent"
-pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-group-member-add "TPS Agents" tpsagent
+pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-add tpsagent --fullName "TPS Agent"
+pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-group-member-add "TPS Agents" tpsagent
 
-REQUEST_ID=`pki -c Secret123 client-cert-request uid=tpsagent | grep "Request ID:" | awk -F ': ' '{print $2;}'`
+REQUEST_ID=`pki -c Secret.123 client-cert-request uid=tpsagent | grep "Request ID:" | awk -F ': ' '{print $2;}'`
 echo Request ID: $REQUEST_ID
 
-CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
+CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
 echo Certificate ID: $CERT_ID
 
-pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-cert-add tpsagent --serial $CERT_ID
-pki -c Secret123 client-cert-import tpsagent --serial $CERT_ID
+pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-cert-add tpsagent --serial $CERT_ID
+pki -c Secret.123 client-cert-import tpsagent --serial $CERT_ID
 
-pki -c Secret123 client-cert-show tpsagent --pkcs12 tpsagent.p12 --pkcs12-password Secret123
+pki -c Secret.123 client-cert-show tpsagent --pkcs12 tpsagent.p12 --pkcs12-password Secret.123
diff --git a/scripts/tps-auth-user-add.sh b/scripts/tps-auth-user-add.sh
new file mode 100755
index 0000000..bf4527d
--- /dev/null
+++ b/scripts/tps-auth-user-add.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+uid=$1
+
+ldapadd -h $HOSTNAME -p 389 -D "cn=Directory Manager" -w Secret.123 << EOF
+dn: uid=$uid,ou=people,dc=example,dc=com
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+uid: $uid
+cn: Test User
+sn: User
+givenName: Test
+userPassword: Secret.123
+EOF
diff --git a/scripts/tps-auth-user-del.sh b/scripts/tps-auth-user-del.sh
new file mode 100755
index 0000000..9c94c63
--- /dev/null
+++ b/scripts/tps-auth-user-del.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+uid=$1
+
+ldapdelete -h $HOSTNAME -p 389 -D "cn=Directory Manager" -w Secret.123 << EOF
+uid=$uid,ou=people,dc=example,dc=com
+EOF
diff --git a/scripts/tps-build.sh b/scripts/tps-build.sh
index 170b9e9..c02cf72 100755
--- a/scripts/tps-build.sh
+++ b/scripts/tps-build.sh
@@ -11,7 +11,7 @@ cd $BUILD_DIR
 rm -rf rpmbuild
 mkdir -p rpmbuild
 
-$COMPOSE --work-dir $BUILD_DIR/rpmbuild rpms 2>&1 | tee build.log
+$COMPOSE --work-dir $BUILD_DIR/rpmbuild rpms
 
 rm -rf repo
 mkdir -p repo
diff --git a/scripts/tps-config-mod.sh b/scripts/tps-config-mod.sh
new file mode 100755
index 0000000..f7d4b26
--- /dev/null
+++ b/scripts/tps-config-mod.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+INPUT=$1
+
+#    -H "Accept: application/xml" \
+
+SSL_DIR=~/.dogtag/pki-tomcat/ca/alias curl -E "caadmin:Secret123" \
+    -H "Content-Type: application/xml" \
+    -X PATCH \
+    --data @$INPUT \
+    https://$HOSTNAME:8443/tps/rest/config | xmllint --format -
diff --git a/scripts/tps-config-show.sh b/scripts/tps-config-show.sh
new file mode 100755
index 0000000..f92ba2a
--- /dev/null
+++ b/scripts/tps-config-show.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# -H "Content-Type: application/xml"
+
+SSL_DIR=~/.dogtag/pki-tomcat/ca/alias curl -E "caadmin:Secret123" \
+ -H "Accept: application/json" \
+ https://$HOSTNAME:8443/tps/rest/config
diff --git a/scripts/tps-configure.sh b/scripts/tps-configure.sh
index 32b0afe..9b020fc 100755
--- a/scripts/tps-configure.sh
+++ b/scripts/tps-configure.sh
@@ -58,7 +58,7 @@ pkisilent ConfigureTPS \
         -admin_password "$TPS_ADMIN_PASSWORD" \
         -agent_key_size 2048 \
         -agent_key_type rsa \
-        -agent_cert_subject "$TPS_ADMIN_CERT_SUBJECT" 2>&1 | tee tps-configure.out
+        -agent_cert_subject "$TPS_ADMIN_CERT_SUBJECT"
 
 echo $PASSWORD > "$CERTS/password.txt"
 PKCS12Export -d "$CERTS" -o "$CERTS/tps-client-certs.p12" -p "$CERTS/password.txt" -w "$CERTS/password.txt"
diff --git a/scripts/tps-create.sh b/scripts/tps-create.sh
index caa6554..36d33f7 100755
--- a/scripts/tps-create.sh
+++ b/scripts/tps-create.sh
@@ -1,3 +1,3 @@
 #!/bin/sh -x
 
-pkispawn -f tps.cfg -s TPS -vvv 2>&1 | tee build/tps-create.log
+pkispawn -f tps.cfg -s TPS -vvv
diff --git a/scripts/tps-operator-setup.sh b/scripts/tps-operator-setup.sh
index 60b9b5a..84a9ac7 100755
--- a/scripts/tps-operator-setup.sh
+++ b/scripts/tps-operator-setup.sh
@@ -1,17 +1,17 @@
 #!/bin/sh -x
 
-pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-add tpsoperator --fullName "TPS Operator"
-pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-group-member-add "TPS Operators" tpsoperator
+pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-add tpsoperator --fullName "TPS Operator"
+pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-group-member-add "TPS Operators" tpsoperator
 
-pki -c Secret123 client-init --force
+pki -c Secret.123 client-init --force
 
-REQUEST_ID=`pki -c Secret123 client-cert-request uid=tpsoperator | grep "Request ID:" | awk -F ': ' '{print $2;}'`
+REQUEST_ID=`pki -c Secret.123 client-cert-request uid=tpsoperator | grep "Request ID:" | awk -F ': ' '{print $2;}'`
 echo Request ID: $REQUEST_ID
 
-CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
+CERT_ID=`pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin ca-cert-request-review --action approve $REQUEST_ID | grep "Certificate ID:" | awk -F ': ' '{print $2;}'`
 echo Certificate ID: $CERT_ID
 
-pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret123 -n caadmin tps-user-cert-add tpsoperator --serial $CERT_ID
-pki -c Secret123 client-cert-import tpsoperator --serial $CERT_ID
+pki -d ~/.dogtag/pki-tomcat/ca/alias -c Secret.123 -n caadmin tps-user-cert-add tpsoperator --serial $CERT_ID
+pki -c Secret.123 client-cert-import tpsoperator --serial $CERT_ID
 
-pki -c Secret123 client-cert-show tpsoperator --pkcs12 tpsoperator.p12 --pkcs12-password Secret123
+pki -c Secret.123 client-cert-show tpsoperator --pkcs12 tpsoperator.p12 --pkcs12-password Secret.123
diff --git a/scripts/tps-remote-create.sh b/scripts/tps-remote-create.sh
new file mode 100755
index 0000000..5199707
--- /dev/null
+++ b/scripts/tps-remote-create.sh
@@ -0,0 +1,5 @@
+#!/bin/sh -x
+
+echo $HOSTNAME > tps.host
+
+pkispawn -f tps-remote.cfg -s TPS -vvv
diff --git a/scripts/tps-token-enroll.sh b/scripts/tps-token-enroll.sh
new file mode 100755
index 0000000..a2dfd74
--- /dev/null
+++ b/scripts/tps-token-enroll.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+uid=$1
+cuid=$2
+
+if [ "$cuid" == "" ]; then
+    #cuid=a00192030405060708c9
+    cuid=`hexdump -v -n "10" -e '1/1 "%02x"' /dev/urandom`
+fi
+
+echo $cuid
+
+tpsclient <<EOF
+op=var_set name=ra_host value=localhost
+op=var_set name=ra_port value=8080
+op=var_set name=ra_uri value=/tps/tps
+op=var_list
+
+#op=token_status
+
+op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
+
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+
+op=token_status
+
+op=ra_enroll uid=$uid pwd=Secret.123 new_pin=Secret.123 num_threads=1 extensions=tokenType=userKey
+
+#op=token_status
+
+op=exit
+EOF
diff --git a/scripts/tps-token-format.sh b/scripts/tps-token-format.sh
new file mode 100755
index 0000000..6961380
--- /dev/null
+++ b/scripts/tps-token-format.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+uid=$1
+cuid=$2
+
+if [ "$cuid" == "" ]; then
+    #cuid=a00192030405060708c9
+    #cuid=A7D05D2BA7D1AFB4E7C1
+    cuid=`hexdump -v -n "10" -e '1/1 "%02x"' /dev/urandom`
+fi
+
+echo $cuid
+
+tpsclient <<EOF
+op=var_set name=ra_host value=localhost
+op=var_set name=ra_port value=8080
+op=var_set name=ra_uri value=/tps/tps
+op=var_list
+
+#op=token_status
+
+op=token_set cuid=$cuid msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
+#op=token_set cuid=$cuid app_ver=6FBBC105 key_info=0101
+
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+
+op=token_status
+
+op=ra_format uid=$uid pwd=Secret.123 new_pin=Secret.123 num_threads=1 extensions=tokenType=userKey
+
+#op=token_status
+
+op=exit
+EOF
-- 
cgit