From cc24216c89b276932cec08f8f462962b41abd24f Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Fri, 27 Jul 2012 11:08:04 -0500
Subject: Fixed CA and cert scripts.

---
 scripts/ca-certs.sh             |  5 +++++
 scripts/ca-create.sh            | 46 ++---------------------------------------
 scripts/ca-destroy.sh           |  3 ---
 scripts/ca-remove.sh            | 12 +++++++----
 scripts/ca-spawn.sh             |  3 ---
 scripts/ca.cfg                  |  7 +++----
 scripts/certs-import.sh         | 15 --------------
 scripts/certs-list.sh           |  8 -------
 scripts/certs-remove.sh         | 15 --------------
 scripts/f17-setup.sh            |  1 +
 scripts/firefox-certs-import.sh | 15 ++++++++++++++
 scripts/firefox-certs-list.sh   |  6 ++++++
 scripts/firefox-certs-remove.sh | 16 ++++++++++++++
 13 files changed, 56 insertions(+), 96 deletions(-)
 create mode 100755 scripts/ca-certs.sh
 delete mode 100755 scripts/ca-destroy.sh
 delete mode 100755 scripts/ca-spawn.sh
 delete mode 100755 scripts/certs-import.sh
 delete mode 100755 scripts/certs-list.sh
 delete mode 100755 scripts/certs-remove.sh
 create mode 100755 scripts/firefox-certs-import.sh
 create mode 100755 scripts/firefox-certs-list.sh
 create mode 100755 scripts/firefox-certs-remove.sh

diff --git a/scripts/ca-certs.sh b/scripts/ca-certs.sh
new file mode 100755
index 0000000..a340966
--- /dev/null
+++ b/scripts/ca-certs.sh
@@ -0,0 +1,5 @@
+#!/bin/sh -x
+
+CLIENT_DIR=/tmp/pki-master_client
+
+certutil -L -d $CLIENT_DIR/alias -w `cat $CLIENT_DIR/password.conf`
diff --git a/scripts/ca-create.sh b/scripts/ca-create.sh
index 5b61bcc..b131f3d 100755
--- a/scripts/ca-create.sh
+++ b/scripts/ca-create.sh
@@ -1,47 +1,5 @@
 #!/bin/sh -x
 
-. ./ca-include.sh
+pkispawn -f ca.cfg -s CA -v
 
-if [ "$CA_SECURE_PORT" == "" ]; then
-
-    pkicreate -pki_instance_root=$INSTANCE_ROOT		\
-          -pki_instance_name=$CA_INSTANCE_NAME		\
-          -subsystem_type=$CA_SUBSYSTEM_TYPE		\
-          -agent_secure_port=$CA_AGENT_SECURE_PORT	\
-          -ee_secure_port=$CA_EE_SECURE_PORT		\
-          -ee_secure_client_auth_port=$CA_EE_SECURE_CLIENT_AUTH_PORT	\
-          -admin_secure_port=$CA_ADMIN_SECURE_PORT	\
-          -unsecure_port=$CA_UNSECURE_PORT		\
-          -tomcat_server_port=$CA_TOMCAT_SERVER_PORT	\
-          -user=$INSTANCE_USER				\
-          -group=$INSTANCE_GROUP			\
-          -redirect conf=/etc/$CA_INSTANCE_NAME		\
-          -redirect logs=/var/log/$CA_INSTANCE_NAME	\
-          -verbose
-
-else
-
-    pkicreate -pki_instance_root=$INSTANCE_ROOT		\
-          -pki_instance_name=$CA_INSTANCE_NAME		\
-          -subsystem_type=$CA_SUBSYSTEM_TYPE		\
-          -secure_port=$CA_SECURE_PORT			\
-          -unsecure_port=$CA_UNSECURE_PORT		\
-          -tomcat_server_port=$CA_TOMCAT_SERVER_PORT	\
-          -user=$INSTANCE_USER				\
-          -group=$INSTANCE_GROUP			\
-          -redirect conf=/etc/$CA_INSTANCE_NAME		\
-          -redirect logs=/var/log/$CA_INSTANCE_NAME	\
-          -verbose
-
-fi
-
-cd $INSTANCE_ROOT/$CA_INSTANCE_NAME
-
-ln -s /usr/share/tomcat6/bin bin
-ln -s /usr/share/tomcat6/lib lib
-rm -f webapps/ca/WEB-INF/lib/pki-*
-
-rm -rf webapps/ca/WEB-INF/classes
-ln -s $SRC_DIR/pki/build/classes webapps/ca/WEB-INF
-
-systemctl restart pki-cad@$CA_INSTANCE_NAME.service
+./ca-restart.sh
diff --git a/scripts/ca-destroy.sh b/scripts/ca-destroy.sh
deleted file mode 100755
index 0d4d382..0000000
--- a/scripts/ca-destroy.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh -x
-
-pkidestroy -s CA -i pki-master
diff --git a/scripts/ca-remove.sh b/scripts/ca-remove.sh
index 7a42c3d..8394720 100755
--- a/scripts/ca-remove.sh
+++ b/scripts/ca-remove.sh
@@ -1,7 +1,11 @@
 #!/bin/sh -x
 
-. ./ca-include.sh
+INSTANCE_NAME=pki-master
 
-pkiremove -pki_instance_root=$INSTANCE_ROOT	\
-	-pki_instance_name=$CA_INSTANCE_NAME	\
-	-force
+pkidestroy -s CA -i $INSTANCE_NAME
+
+rm -rf /etc/pki/$INSTANCE_NAME
+rm -rf /etc/sysconfig/$INSTANCE_NAME
+rm -rf /etc/sysconfig/pki/tomcat/$INSTANCE_NAME
+rm -rf /var/lib/pki/$INSTANCE_NAME
+rm -rf /var/log/pki/$INSTANCE_NAME
diff --git a/scripts/ca-spawn.sh b/scripts/ca-spawn.sh
deleted file mode 100755
index 21ba088..0000000
--- a/scripts/ca-spawn.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh -x
-
-pkispawn -f ca.cfg -s CA
diff --git a/scripts/ca.cfg b/scripts/ca.cfg
index 51d0a33..c175c6d 100644
--- a/scripts/ca.cfg
+++ b/scripts/ca.cfg
@@ -11,8 +11,8 @@
 pki_admin_password=Secret123
 pki_backup_password=
 pki_client_pkcs12_password=Secret123
+pki_clone_pkcs12_password=Secret123
 pki_ds_password=Secret123
-pki_pkcs12_password=Secret123
 pki_security_domain_password=Secret123
 ###############################################################################
 ##  'Common' Data:                                                           ##
@@ -31,7 +31,7 @@ pki_admin_dualkey=False
 pki_admin_email=
 pki_admin_keysize=2048
 pki_admin_name=admin
-pki_admin_nickname=
+pki_admin_nickname=admin
 pki_admin_subject_dn=
 pki_admin_uid=admin
 pki_audit_group=pkiaudit
@@ -78,7 +78,7 @@ pki_user=pkiuser
 ##  required information which MAY be overridden by users as necessary.      ##
 ###############################################################################
 [Apache]
-pki_instance_name=apache
+pki_instance_name=pki-apache
 pki_http_port=80
 pki_https_port=443
 ###############################################################################
@@ -183,7 +183,6 @@ pki_ocsp_signing_nickname=
 pki_ocsp_signing_signing_algorithm=SHA256withRSA
 pki_ocsp_signing_subject_dn=
 pki_ocsp_signing_token=
-pki_subordinate=False
 pki_subsystem=OCSP
 pki_subsystem_name=
 pki_war_name=ocsp.war
diff --git a/scripts/certs-import.sh b/scripts/certs-import.sh
deleted file mode 100755
index 6c25805..0000000
--- a/scripts/certs-import.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh -x
-
-. ./ca-include.sh
-
-FIREFOX_DIR=~/.mozilla/firefox
-PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
-
-input=$SRC_DIR/pki-dev/certs/ca/ca-client-certs.p12
-input=/tmp/pki-master_client/ca_admin_cert.p12
-
-pk12util -i $input -d $FIREFOX_DIR/$PROFILE -W Secret123
-certutil -M -n $CA_ADMIN_NAME -t u,u,u -d $FIREFOX_DIR/$PROFILE
-
-#pk12util -i $SRC_DIR/pki-dev/certs/kra/kra-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123
-#certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE
diff --git a/scripts/certs-list.sh b/scripts/certs-list.sh
deleted file mode 100755
index 4e55245..0000000
--- a/scripts/certs-list.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh -x
-
-FIREFOX_DIR=~/.mozilla/firefox
-PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
-
-cd $FIREFOX_DIR/$PROFILE
-
-certutil -L -d .
diff --git a/scripts/certs-remove.sh b/scripts/certs-remove.sh
deleted file mode 100755
index 97439e1..0000000
--- a/scripts/certs-remove.sh
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh -x
-
-. ./ca-include.sh
-
-FIREFOX_DIR=~/.mozilla/firefox
-PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
-
-cd $FIREFOX_DIR/$PROFILE
-
-certutil -D -n "$CA_ADMIN_NAME" -d .
-certutil -D -n "kraadmin" -d .
-certutil -D -n "$CA_SUBSYSTEM_NAME - $REALM" -d .
-certutil -D -n "$HOSTNAME" -d .
-certutil -D -n "$HOSTNAME #2" -d .
-certutil -D -n "$HOSTNAME #3" -d .
diff --git a/scripts/f17-setup.sh b/scripts/f17-setup.sh
index 7a669cc..215263a 100755
--- a/scripts/f17-setup.sh
+++ b/scripts/f17-setup.sh
@@ -21,6 +21,7 @@ yum install -y\
 	snakeyaml\
 	glassfish-fi\
 	txw2\
+	tomcat\
 	jetty-version-maven-plugin\
 	maven\
 	maven-checkstyle-plugin\
diff --git a/scripts/firefox-certs-import.sh b/scripts/firefox-certs-import.sh
new file mode 100755
index 0000000..35b6939
--- /dev/null
+++ b/scripts/firefox-certs-import.sh
@@ -0,0 +1,15 @@
+#!/bin/sh -x
+
+. ./ca-include.sh
+
+FIREFOX_DIR=~/.mozilla/firefox
+PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
+
+CLIENT_DIR=/tmp/pki-master_client
+input=$CLIENT_DIR/ca_admin_cert.p12
+
+pk12util -i $input -d $FIREFOX_DIR/$PROFILE -W Secret123
+certutil -M -n admin -t u,u,u -d $FIREFOX_DIR/$PROFILE
+
+#pk12util -i $SRC_DIR/pki-dev/certs/kra/kra-client-certs.p12 -d $FIREFOX_DIR/$PROFILE -W Secret123
+#certutil -M -n kraadmin -t u,u,u -d $FIREFOX_DIR/$PROFILE
diff --git a/scripts/firefox-certs-list.sh b/scripts/firefox-certs-list.sh
new file mode 100755
index 0000000..bb14fb2
--- /dev/null
+++ b/scripts/firefox-certs-list.sh
@@ -0,0 +1,6 @@
+#!/bin/sh -x
+
+FIREFOX_DIR=~/.mozilla/firefox
+PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
+
+certutil -L -d $FIREFOX_DIR/$PROFILE
diff --git a/scripts/firefox-certs-remove.sh b/scripts/firefox-certs-remove.sh
new file mode 100755
index 0000000..907e8ed
--- /dev/null
+++ b/scripts/firefox-certs-remove.sh
@@ -0,0 +1,16 @@
+#!/bin/sh -x
+
+. ./ca-include.sh
+
+FIREFOX_DIR=~/.mozilla/firefox
+PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
+
+cd $FIREFOX_DIR/$PROFILE
+
+certutil -D -n "admin" -d .
+certutil -D -n "$CA_ADMIN_NAME" -d .
+certutil -D -n "kraadmin" -d .
+certutil -D -n "$CA_SUBSYSTEM_NAME - $REALM" -d .
+certutil -D -n "$HOSTNAME" -d .
+certutil -D -n "$HOSTNAME #2" -d .
+certutil -D -n "$HOSTNAME #3" -d .
-- 
cgit