From dbd722371a29009a392f8851c8979f8481272938 Mon Sep 17 00:00:00 2001
From: Endi Sukma Dewata <edewata@redhat.com>
Date: Sun, 5 May 2013 14:48:47 -0400
Subject: Updated deployment scripts.

---
 scripts/ca-merged-remove.sh            |   2 +-
 scripts/ca-remove.sh                   |   2 +-
 scripts/firefox-certs-import-merged.sh | 108 +++++++++++++++++++++++++++++++++
 scripts/firefox-certs-reload.sh        |   2 +-
 scripts/kra-merged-remove.sh           |   2 +-
 scripts/kra-remove.sh                  |   2 +-
 scripts/merged-certs.sh                |   2 +-
 scripts/merged.cfg                     |  47 +++-----------
 scripts/ocsp-merged-create.sh          |   3 +
 scripts/ocsp-merged-remove.sh          |   6 ++
 scripts/tks-merged-create.sh           |   2 +-
 scripts/tks-merged-remove.sh           |   2 +-
 12 files changed, 135 insertions(+), 45 deletions(-)
 create mode 100755 scripts/firefox-certs-import-merged.sh
 create mode 100755 scripts/ocsp-merged-create.sh
 create mode 100755 scripts/ocsp-merged-remove.sh

diff --git a/scripts/ca-merged-remove.sh b/scripts/ca-merged-remove.sh
index b9b5944..fea0500 100755
--- a/scripts/ca-merged-remove.sh
+++ b/scripts/ca-merged-remove.sh
@@ -1,6 +1,6 @@
 #!/bin/sh -x
 
 SRC_DIR=`cd ../.. ; pwd`
-INSTANCE_NAME=master
+INSTANCE_NAME=pki-tomcat
 
 pkidestroy -v -s CA -i $INSTANCE_NAME
diff --git a/scripts/ca-remove.sh b/scripts/ca-remove.sh
index b8719f2..438f8dd 100755
--- a/scripts/ca-remove.sh
+++ b/scripts/ca-remove.sh
@@ -3,4 +3,4 @@
 SRC_DIR=`cd ../.. ; pwd`
 INSTANCE_NAME=ca-master
 
-pkidestroy -s CA -i $INSTANCE_NAME
+pkidestroy -v -s CA -i $INSTANCE_NAME
diff --git a/scripts/firefox-certs-import-merged.sh b/scripts/firefox-certs-import-merged.sh
new file mode 100755
index 0000000..953984c
--- /dev/null
+++ b/scripts/firefox-certs-import-merged.sh
@@ -0,0 +1,108 @@
+#!/bin/sh
+
+user=$1
+
+if [ "$user" == "" ]; then
+    home=$HOME
+else
+    home=/home/$user
+fi
+
+echo HOME=$home
+
+SRC_DIR=`cd ../.. ; pwd`
+
+FIREFOX_DIR=$home/.mozilla/firefox
+PROFILE=`grep Path= $FIREFOX_DIR/profiles.ini | awk -F= '{print $2}'`
+
+CA_INSTANCE_NAME=pki-tomcat
+KRA_INSTANCE_NAME=pki-tomcat
+OCSP_INSTANCE_NAME=pki-tomcat
+TKS_INSTANCE_NAME=pki-tomcat
+
+CA_ADMIN_CERT_NICKNAME="PKI Administrator's idm.lab.bos.redhat.com Security Domain ID"
+KRA_ADMIN_CERT_NICKNAME="PKI Administrator's idm.lab.bos.redhat.com Security Domain ID"
+OCSP_ADMIN_CERT_NICKNAME="PKI Administrator's idm.lab.bos.redhat.com Security Domain ID"
+TKS_ADMIN_CERT_NICKNAME="PKI Administrator's idm.lab.bos.redhat.com Security Domain ID"
+
+CA_CERT_DIR=/var/lib/pki/$CA_INSTANCE_NAME/alias
+CA_CERT_P12=$CA_CERT_DIR/ca_admin_cert.p12
+
+KRA_CERT_DIR=/var/lib/pki/$KRA_INSTANCE_NAME/alias
+KRA_CERT_P12=$KRA_CERT_DIR/ca_admin_cert.p12
+
+OCSP_CERT_DIR=/var/lib/pki/$OCSP_INSTANCE_NAME/alias
+OCSP_CERT_P12=$OCSP_CERT_DIR/ca_admin_cert.p12
+
+TKS_CERT_DIR=/var/lib/pki/$TKS_INSTANCE_NAME/alias
+TKS_CERT_P12=$TKS_CERT_DIR/ca_admin_cert.p12
+
+################################################################################
+# Importing CA certificate
+################################################################################
+
+CA_CERT_NAME="caSigningCert cert-$CA_INSTANCE_NAME CA"
+
+echo Exporting CA certificate...
+certutil -L -d $CA_CERT_DIR -n "$CA_CERT_NAME" -a > $CA_CERT_DIR/ca.pem
+AtoB $CA_CERT_DIR/ca.pem $CA_CERT_DIR/ca.crt
+
+echo Importing CA certificate...
+certutil -A -d $FIREFOX_DIR/$PROFILE -n "$CA_CERT_NAME" -i $CA_CERT_DIR/ca.pem -t CT,C,C
+
+################################################################################
+# Importing server certificate
+################################################################################
+
+SERVER_CERT_NAME="Server-Cert cert-$CA_INSTANCE_NAME"
+
+echo Exporting server certificate...
+certutil -L -d $CA_CERT_DIR -n "$SERVER_CERT_NAME" -a > $CA_CERT_DIR/server.pem
+AtoB $CA_CERT_DIR/server.pem $CA_CERT_DIR/server.crt
+
+echo Importing server certificate...
+certutil -A -d $FIREFOX_DIR/$PROFILE -n "$SERVER_CERT_NAME" -i $CA_CERT_DIR/server.pem -t CT,C,C
+
+################################################################################
+# Importing CA admin certificate
+################################################################################
+
+if [ -e $CA_CERT_P12 ]
+then
+    echo Importing CA admin certificate...
+    pk12util -i $CA_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
+    certutil -M -n "$CA_ADMIN_CERT_NICKNAME" -t u,u,u -d $FIREFOX_DIR/$PROFILE
+fi
+
+################################################################################
+# Importing KRA admin certificate
+################################################################################
+
+if [ -e $KRA_CERT_P12 ]
+then
+    echo Importing KRA admin certificate...
+    pk12util -i $KRA_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
+    certutil -M -n "$KRA_ADMIN_CERT_NICKNAME" -t u,u,u -d $FIREFOX_DIR/$PROFILE
+fi
+
+################################################################################
+# Importing OCSP admin certificate
+################################################################################
+
+if [ -e $OCSP_CERT_P12 ]
+then
+    echo Importing OCSP admin certificate...
+    pk12util -i $OCSP_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
+    certutil -M -n "$OCSP_ADMIN_CERT_NICKNAME" -t u,u,u -d $FIREFOX_DIR/$PROFILE
+fi
+
+################################################################################
+# Importing TKS admin certificate
+################################################################################
+
+if [ -e $TKS_CERT_P12 ]
+then
+    echo Importing TKS admin certificate...
+    pk12util -i $TKS_CERT_P12 -d $FIREFOX_DIR/$PROFILE -W Secret123
+    certutil -M -n "$TKS_ADMIN_CERT_NICKNAME" -t u,u,u -d $FIREFOX_DIR/$PROFILE
+fi
diff --git a/scripts/firefox-certs-reload.sh b/scripts/firefox-certs-reload.sh
index 3692389..08100a2 100755
--- a/scripts/firefox-certs-reload.sh
+++ b/scripts/firefox-certs-reload.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/sh -x
 
 user=$1
 
diff --git a/scripts/kra-merged-remove.sh b/scripts/kra-merged-remove.sh
index cc0c0e8..ffcde43 100755
--- a/scripts/kra-merged-remove.sh
+++ b/scripts/kra-merged-remove.sh
@@ -1,6 +1,6 @@
 #!/bin/sh -x
 
 SRC_DIR=`cd ../.. ; pwd`
-INSTANCE_NAME=master
+INSTANCE_NAME=pki-tomcat
 
 pkidestroy -v -s KRA -i $INSTANCE_NAME
diff --git a/scripts/kra-remove.sh b/scripts/kra-remove.sh
index c639ae3..1be662a 100755
--- a/scripts/kra-remove.sh
+++ b/scripts/kra-remove.sh
@@ -3,4 +3,4 @@
 SRC_DIR=`cd ../.. ; pwd`
 INSTANCE_NAME=kra-master
 
-pkidestroy -v -s KRA -i $INSTANCE_NAME
+pkidestroy -v -s KRA -i $INSTANCE_NAME -u caadmin -W test
diff --git a/scripts/merged-certs.sh b/scripts/merged-certs.sh
index 2ab4c82..730bbd9 100755
--- a/scripts/merged-certs.sh
+++ b/scripts/merged-certs.sh
@@ -1,5 +1,5 @@
 #!/bin/sh -x
 
-INSTANCE_NAME=master
+INSTANCE_NAME=pki-tomcat
 
 certutil -L -d /var/lib/pki/$INSTANCE_NAME/alias
diff --git a/scripts/merged.cfg b/scripts/merged.cfg
index cd4073a..50d71f9 100644
--- a/scripts/merged.cfg
+++ b/scripts/merged.cfg
@@ -27,10 +27,16 @@ pki_token_password=Secret123
 ##         'common' data values which are left undefined.                    ##
 ###############################################################################
 [Common]
+pki_admin_cert_file=
 pki_admin_cert_request_type=crmf
 pki_admin_domain_name=
 pki_admin_dualkey=False
+pki_admin_email=
 pki_admin_keysize=2048
+pki_admin_name=
+pki_admin_nickname=
+pki_admin_subject_dn=
+pki_admin_uid=
 pki_audit_group=pkiaudit
 pki_audit_signing_key_algorithm=SHA256withRSA
 pki_audit_signing_key_size=2048
@@ -43,6 +49,7 @@ pki_backup_keys=False
 pki_client_database_dir=
 pki_client_database_purge=True
 pki_client_dir=
+pki_ds_base_dn=
 pki_ds_bind_dn=cn=Directory Manager
 pki_ds_database=
 pki_ds_hostname=
@@ -72,6 +79,7 @@ pki_subsystem_nickname=
 pki_subsystem_subject_dn=
 pki_subsystem_token=
 pki_token_name=internal
+pki_use_common_admin_user=true
 pki_user=pkiuser
 ###############################################################################
 ##  'Apache' Data:                                                           ##
@@ -112,7 +120,7 @@ pki_enable_java_debugger=False
 pki_enable_proxy=False
 pki_http_port=8080
 pki_https_port=8443
-pki_instance_name=master
+pki_instance_name=pki-tomcat
 pki_proxy_http_port=80
 pki_proxy_https_port=443
 pki_security_manager=true
@@ -134,11 +142,6 @@ pki_tomcat_server_port=8005
 ##                    are MUTUALLY EXCLUSIVE entities!!!                     ##
 ###############################################################################
 [CA]
-pki_admin_email=ca_admin@example.com
-pki_admin_name=CA Admin
-pki_admin_nickname=ca-admin
-pki_admin_subject_dn=cn=CA Admin,dc=ca,dc=example,dc=com
-pki_admin_uid=ca_admin
 pki_ca_signing_key_algorithm=SHA256withRSA
 pki_ca_signing_key_size=2048
 pki_ca_signing_key_type=rsa
@@ -146,7 +149,6 @@ pki_ca_signing_nickname=
 pki_ca_signing_signing_algorithm=SHA256withRSA
 pki_ca_signing_subject_dn=
 pki_ca_signing_token=
-pki_ds_base_dn=dc=ca,dc=example,dc=com
 pki_external=False
 pki_external_ca_cert_chain_path=
 pki_external_ca_cert_path=
@@ -162,6 +164,7 @@ pki_ocsp_signing_token=
 pki_subordinate=False
 pki_subsystem=CA
 pki_subsystem_name=
+pki_use_common_admin_user=false
 ###############################################################################
 ##  'KRA' Data:                                                              ##
 ##                                                                           ##
@@ -170,12 +173,6 @@ pki_subsystem_name=
 ##  required information which MAY be overridden by users as necessary.      ##
 ###############################################################################
 [KRA]
-pki_admin_email=kra_admin@example.com
-pki_admin_name=KRA Admin
-pki_admin_nickname=kra-admin
-pki_admin_subject_dn=cn=KRA Admin,dc=kra,dc=example,dc=com
-pki_admin_uid=kra_admin
-pki_ds_base_dn=dc=kra,dc=example,dc=com
 pki_storage_key_algorithm=SHA256withRSA
 pki_storage_key_size=2048
 pki_storage_key_type=rsa
@@ -200,12 +197,6 @@ pki_transport_token=
 ##  required information which MAY be overridden by users as necessary.      ##
 ###############################################################################
 [OCSP]
-pki_admin_email=ocsp_admin@example.com
-pki_admin_name=OCSP Admin
-pki_admin_nickname=ocsp-admin
-pki_admin_subject_dn=cn=OCSP Admin,dc=ocsp,dc=example,dc=com
-pki_admin_uid=ocsp_admin
-pki_ds_base_dn=dc=ocsp,dc=example,dc=com
 pki_ocsp_signing_key_algorithm=SHA256withRSA
 pki_ocsp_signing_key_size=2048
 pki_ocsp_signing_key_type=rsa
@@ -222,12 +213,6 @@ pki_subsystem_name=
 ##  required information which MAY be overridden by users as necessary.      ##
 ###############################################################################
 [RA]
-pki_admin_email=ra_admin@example.com
-pki_admin_name=RA Admin
-pki_admin_nickname=ra-admin
-pki_admin_subject_dn=cn=RA Admin,dc=ra,dc=example,dc=com
-pki_admin_uid=ra_admin
-pki_ds_base_dn=dc=ra,dc=example,dc=com
 pki_subsystem=RA
 pki_subsystem_name=
 ###############################################################################
@@ -238,12 +223,6 @@ pki_subsystem_name=
 ##  required information which MAY be overridden by users as necessary.      ##
 ###############################################################################
 [TKS]
-pki_admin_email=tks_admin@example.com
-pki_admin_name=TKS Admin
-pki_admin_nickname=tks-admin
-pki_admin_subject_dn=cn=TKS Admin,dc=tks,dc=example,dc=com
-pki_admin_uid=tks_admin
-pki_ds_base_dn=dc=tks,dc=example,dc=com
 pki_subsystem=TKS
 pki_subsystem_name=
 ###############################################################################
@@ -253,11 +232,5 @@ pki_subsystem_name=
 ##  required information which MAY be overridden by users as necessary.      ##
 ###############################################################################
 [TPS]
-pki_admin_email=tps_admin@example.com
-pki_admin_name=TPS Admin
-pki_admin_nickname=tps-admin
-pki_admin_subject_dn=cn=TPS Admin,dc=tps,dc=example,dc=com
-pki_admin_uid=tps_admin
-pki_ds_base_dn=dc=tps,dc=example,dc=com
 pki_subsystem=TPS
 pki_subsystem_name=
diff --git a/scripts/ocsp-merged-create.sh b/scripts/ocsp-merged-create.sh
new file mode 100755
index 0000000..0b2a779
--- /dev/null
+++ b/scripts/ocsp-merged-create.sh
@@ -0,0 +1,3 @@
+#!/bin/sh -x
+
+pkispawn -f merged.cfg -s OCSP -v 2>&1 | tee build/ocsp-merged-create.log
diff --git a/scripts/ocsp-merged-remove.sh b/scripts/ocsp-merged-remove.sh
new file mode 100755
index 0000000..dada49d
--- /dev/null
+++ b/scripts/ocsp-merged-remove.sh
@@ -0,0 +1,6 @@
+#!/bin/sh -x
+
+SRC_DIR=`cd ../.. ; pwd`
+INSTANCE_NAME=pki-tomcat
+
+pkidestroy -v -s OCSP -i $INSTANCE_NAME
diff --git a/scripts/tks-merged-create.sh b/scripts/tks-merged-create.sh
index bfb031b..14d29cf 100755
--- a/scripts/tks-merged-create.sh
+++ b/scripts/tks-merged-create.sh
@@ -1,3 +1,3 @@
 #!/bin/sh -x
 
-pkispawn -f tks-merged.cfg -s TKS -v 2>&1 | tee build/tks-merged-create.log
+pkispawn -f merged.cfg -s TKS -v 2>&1 | tee build/tks-merged-create.log
diff --git a/scripts/tks-merged-remove.sh b/scripts/tks-merged-remove.sh
index dd94f0b..5718dfa 100755
--- a/scripts/tks-merged-remove.sh
+++ b/scripts/tks-merged-remove.sh
@@ -1,6 +1,6 @@
 #!/bin/sh -x
 
 SRC_DIR=`cd ../.. ; pwd`
-INSTANCE_NAME=master
+INSTANCE_NAME=pki-tomcat
 
 pkidestroy -v -s TKS -i $INSTANCE_NAME
-- 
cgit