diff options
| author | Matthew Harmsen <mharmsen@redhat.com> | 2014-08-27 19:52:03 -0700 |
|---|---|---|
| committer | Matthew Harmsen <mharmsen@redhat.com> | 2014-08-28 15:59:49 -0700 |
| commit | 93a8e9aa5c68f50ca3a9c971691b58390d453950 (patch) | |
| tree | 47f42cd2fef1ba1a00af11097dc67aba464f9137 | |
| parent | a1c75503d9839c5b68b42562afbc59c125fe3067 (diff) | |
| download | pki-93a8e9aa5c68f50ca3a9c971691b58390d453950.tar.gz pki-93a8e9aa5c68f50ca3a9c971691b58390d453950.tar.xz pki-93a8e9aa5c68f50ca3a9c971691b58390d453950.zip | |
Remove RA and pkicreate and pkisilent
- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent'
packages . . .
260 files changed, 9 insertions, 56520 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 2748a51d1..3eca8edfe 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -25,8 +25,6 @@ elseif (BUILD_REDHAT_PKI_THEME) set(APPLICATION_FLAVOR_REDHAT_PKI_THEME TRUE) elseif (BUILD_PKI_CORE) set(APPLICATION_FLAVOR_PKI_CORE TRUE) -elseif (BUILD_PKI_RA) - set(APPLICATION_FLAVOR_PKI_RA TRUE) elseif (BUILD_PKI_TPS) set(APPLICATION_FLAVOR_PKI_TPS TRUE) elseif (BUILD_PKI_CONSOLE) @@ -60,9 +58,8 @@ include(Java) file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/classes) file(MAKE_DIRECTORY ${CMAKE_BINARY_DIR}/dist) -# required for all PKI components EXCEPT IPA_PKI_THEME, PKI_RA, and PKI_TPS +# required for all PKI components EXCEPT IPA_PKI_THEME and PKI_TPS if (NOT APPLICATION_FLAVOR_IPA_PKI_THEME AND - NOT APPLICATION_FLAVOR_PKI_RA AND NOT APPLICATION_FLAVOR_PKI_TPS) include(JUnit) @@ -157,7 +154,6 @@ add_custom_target(clean-cmake # check subdirectories if (APPLICATION_FLAVOR_PKI_CORE OR - APPLICATION_FLAVOR_PKI_RA OR APPLICATION_FLAVOR_PKI_TPS OR APPLICATION_FLAVOR_PKI_CONSOLE OR APPLICATION_FLAVOR_PKI_MIGRATE) diff --git a/base/CMakeLists.txt b/base/CMakeLists.txt index ad3410c36..5cd14a9dd 100644 --- a/base/CMakeLists.txt +++ b/base/CMakeLists.txt @@ -17,7 +17,6 @@ if (APPLICATION_FLAVOR_PKI_CORE) add_subdirectory(tks) add_subdirectory(tps) add_subdirectory(setup) - add_subdirectory(silent) if(WITH_JAVADOC) add_subdirectory(javadoc) @@ -39,10 +38,6 @@ if (APPLICATION_FLAVOR_PKI_CORE) endif (APPLICATION_FLAVOR_PKI_CORE) -if (APPLICATION_FLAVOR_PKI_RA) - add_subdirectory(ra) -endif (APPLICATION_FLAVOR_PKI_RA) - if (APPLICATION_FLAVOR_PKI_TPS) add_subdirectory(tps-client) endif (APPLICATION_FLAVOR_PKI_TPS) diff --git a/base/ra/CMakeLists.txt b/base/ra/CMakeLists.txt deleted file mode 100644 index ece6713c6..000000000 --- a/base/ra/CMakeLists.txt +++ /dev/null @@ -1,94 +0,0 @@ -project(ra) - -add_subdirectory(doc) -add_subdirectory(setup) - -# install systemd scripts -install( - FILES - lib/systemd/system/pki-rad.target - lib/systemd/system/pki-rad@.service - DESTINATION - ${SYSTEMD_LIB_INSTALL_DIR} - PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) - -# install init script -install( - FILES - etc/init.d/pki-rad - DESTINATION - ${SYSCONF_INSTALL_DIR}/rc.d/init.d - PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) - -install( - DIRECTORY - apache/conf/ - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf -) - -install( - DIRECTORY - apache/docroot - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME} -) - -install( - DIRECTORY - emails/ - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf -) - -install( - DIRECTORY - lib/ - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/lib -) - -install( - FILES - scripts/nss_pcache - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/scripts - PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) - -install( - FILES - scripts/schema.sql - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/scripts -) - -# install empty directories -install( - DIRECTORY - DESTINATION - ${VAR_INSTALL_DIR}/lock/pki/ra -) - -install( - DIRECTORY - DESTINATION - ${VAR_INSTALL_DIR}/run/pki/ra -) - -install( - DIRECTORY - DESTINATION - ${SYSTEMD_ETC_INSTALL_DIR}/pki-rad.target.wants -) diff --git a/base/ra/LICENSE b/base/ra/LICENSE deleted file mode 100644 index e281f4362..000000000 --- a/base/ra/LICENSE +++ /dev/null @@ -1,291 +0,0 @@ -This Program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published -by the Free Software Foundation; version 2 of the License. - -This Program is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -for more details. - -You should have received a copy of the GNU General Public License -along with this Program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. diff --git a/base/ra/apache/conf/httpd.conf b/base/ra/apache/conf/httpd.conf deleted file mode 100644 index c4a38620a..000000000 --- a/base/ra/apache/conf/httpd.conf +++ /dev/null @@ -1,1076 +0,0 @@ -# -# Based upon the NCSA server configuration files originally by Rob McCool. -# -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See <URL:http://httpd.apache.org/docs-2.0/> for detailed information about -# the directives. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/export/apache" will be interpreted by the -# server as "/export/apache/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation (available -# at <URL:http://httpd.apache.org/docs-2.0/mod/mpm_common.html#lockfile>); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -ServerRoot "[PKI_INSTANCE_PATH]" - -# -# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. -# -<IfModule !mpm_winnt.c> -<IfModule !mpm_netware.c> -#LockFile logs/accept.lock -</IfModule> -</IfModule> - -# -# ScoreBoardFile: File used to store internal server process information. -# If unspecified (the default), the scoreboard will be stored in an -# anonymous shared memory segment, and will be unavailable to third-party -# applications. -# If specified, ensure that no two invocations of Apache share the same -# scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK. -# -<IfModule !mpm_netware.c> -<IfModule !perchild.c> -#ScoreBoardFile logs/apache_runtime_status -</IfModule> -</IfModule> - - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -<IfModule !mpm_netware.c> -PidFile run/[PKI_INSTANCE_NAME].pid -</IfModule> - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 300 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 15 - -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule prefork.c> -StartServers 5 -MinSpareServers 5 -MaxSpareServers 10 -MaxClients 150 -MaxRequestsPerChild 0 -</IfModule> - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves - -# MPM worker module is a loadable module as of 2.4 -# Module must be loaded before the configuration stanza -LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so - -<IfModule worker.c> -ServerLimit 1 -StartServers 1 -MaxClients 64 -MinSpareThreads 1 -MaxSpareThreads 75 -ThreadsPerChild 64 -MaxRequestsPerChild 0 -</IfModule> - -# perchild MPM -# NumServers: constant number of server processes -# StartThreads: initial number of worker threads in each server process -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# MaxThreadsPerChild: maximum number of worker threads in each server process -# MaxRequestsPerChild: maximum number of connections per server process -<IfModule perchild.c> -NumServers 5 -StartThreads 5 -MinSpareThreads 5 -MaxSpareThreads 10 -MaxThreadsPerChild 20 -MaxRequestsPerChild 0 -</IfModule> - -# WinNT MPM -# ThreadsPerChild: constant number of worker threads in the server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_winnt.c> -ThreadsPerChild 250 -MaxRequestsPerChild 0 -</IfModule> - -# BeOS MPM -# StartThreads: how many threads do we initially spawn? -# MaxClients: max number of threads we can have (1 thread == 1 client) -# MaxRequestsPerThread: maximum number of requests each thread will process -<IfModule beos.c> -StartThreads 10 -MaxClients 50 -MaxRequestsPerThread 10000 -</IfModule> - -# NetWare MPM -# ThreadStackSize: Stack size allocated for each worker thread -# StartThreads: Number of worker threads launched at server startup -# MinSpareThreads: Minimum number of idle threads, to handle request spikes -# MaxSpareThreads: Maximum number of idle threads -# MaxThreads: Maximum number of worker threads alive at the same time -# MaxRequestsPerChild: Maximum number of requests a thread serves. It is -# recommended that the default value of 0 be set for this -# directive on NetWare. This will allow the thread to -# continue to service requests indefinitely. -<IfModule mpm_netware.c> -ThreadStackSize 65536 -StartThreads 250 -MinSpareThreads 25 -MaxSpareThreads 250 -MaxThreads 1000 -MaxRequestsPerChild 0 -MaxMemFree 100 -</IfModule> - -# OS/2 MPM -# StartServers: Number of server processes to maintain -# MinSpareThreads: Minimum number of idle threads per process, -# to handle request spikes -# MaxSpareThreads: Maximum number of idle threads per process -# MaxRequestsPerChild: Maximum number of connections per server process -<IfModule mpmt_os2.c> -StartServers 2 -MinSpareThreads 5 -MaxSpareThreads 10 -MaxRequestsPerChild 0 -</IfModule> - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the <VirtualHost> -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) -# -#Listen 12.34.56.78:80 - -Listen [PKI_UNSECURE_PORT] - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# - -LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so -[FORTITUDE_AUTH_MODULES] -# Module for User and Group -LoadModule unixd_module /etc/httpd/modules/mod_unixd.so -# Required module for command 'UserDir': -LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so -# Required module for command 'DirectoryIndex': -LoadModule dir_module [FORTITUDE_LIB_DIR]/modules/mod_dir.so -# Required module for command 'TypesConfig': -LoadModule mime_module [FORTITUDE_LIB_DIR]/modules/mod_mime.so -# Required module for command 'LogFormat': -LoadModule log_config_module [FORTITUDE_LIB_DIR]/modules/mod_log_config.so -# Required module for command 'Alias': -LoadModule alias_module [FORTITUDE_LIB_DIR]/modules/mod_alias.so -# Required module for command 'SetEnvIf': -LoadModule setenvif_module [FORTITUDE_LIB_DIR]/modules/mod_setenvif.so -# Required module for command 'IndexOptions': -LoadModule autoindex_module [FORTITUDE_LIB_DIR]/modules/mod_autoindex.so -# Required module for command 'LanguagePriority': -LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so -# Required module for command 'CGI Scripts': -LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so -# Required module for commands in nss.conf: -[FORTITUDE_NSS_MODULES] - -<Location /nk_service> - SetHandler nk_service -</Location> - -<Location /tus> - SetHandler tus -</Location> - -# -# Load config files from the config directory "[PKI_INSTANCE_PATH]/conf". -# -#Include conf.d/*.conf -Include [PKI_INSTANCE_PATH]/conf/perl.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# <VirtualHost> definition. These values also provide defaults for -# any <VirtualHost> containers you may define later in the file. -# -# All of these directives may appear inside <VirtualHost> containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -<IfModule !mpm_winnt.c> -<IfModule !mpm_netware.c> -# -# If you wish [PKI_INSTANCE_NAME] to run as a different user or group, you must run -# [PKI_INSTANCE_NAME] as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run [PKI_INSTANCE_NAME] as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# -User [PKI_USER] -Group [PKI_GROUP] -#Group #-1 -</IfModule> -</IfModule> - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin you@example.com - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. -# -#ServerName www.example.com:80 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the PKI_HOSTNAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "[PKI_INSTANCE_PATH]/docroot" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# -<Directory /> - Options FollowSymLinks - AllowOverride None -</Directory> - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# -<Directory "[PKI_INSTANCE_PATH]/docroot"> - -# -# Possible values for the Options directive are "None", "All", -# or any combination of: -# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# -# The Options directive is both complicated and important. Please see -# http://httpd.apache.org/docs-2.0/mod/core.html#options -# for more information. -# - Options Indexes ExecCGI FollowSymLinks - -# -# AllowOverride controls what directives may be placed in .htaccess files. -# It can be "All", "None", or any combination of the keywords: -# Options FileInfo AuthConfig Limit -# - AllowOverride None - -# -# Controls who can get stuff from this server. -# - Require all granted - -</Directory> - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -UserDir public_html - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -#<Directory /home/*/public_html> -# AllowOverride FileInfo AuthConfig Limit Indexes -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# <Limit GET POST OPTIONS PROPFIND> -# Order allow,deny -# Allow from all -# </Limit> -# <LimitExcept GET POST OPTIONS PROPFIND> -# Order deny,allow -# Deny from all -# </LimitExcept> -#</Directory> - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the -# same purpose, but it is much slower. -# -DirectoryIndex index.html index.html.var index.cgi - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# -<Files ~ "^\.ht"> - Require all denied -</Files> - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig conf/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -<IfModule mod_mime_magic.c> - MIMEMagicFile conf/magic -</IfModule> - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile -# -#EnableSendfile off - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a <VirtualHost> -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a <VirtualHost> -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error_log - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -#LogLevel warn -LogLevel debug - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# You need to enable mod_logio.c to use %I and %O -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a <VirtualHost> -# container, they will be logged here. Contrariwise, if you *do* -# define per-<VirtualHost> access logfiles, transactions will be -# logged therein and *not* in this file. -# -CustomLog logs/access_log common - -# -# If you would like to have agent and referer logfiles, uncomment the -# following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# If you prefer a single logfile with access, agent, and referer information -# (Combined Logfile Format) you can use the following directive. -# -#CustomLog logs/access_log combined - -# -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minor | Minimal | Major | Prod -# where Full conveys the most information, and Prod the least. -# -ServerTokens Prod - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature Off - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "[PKI_INSTANCE_PATH]/icons/" - -<Directory "[PKI_INSTANCE_PATH]/icons"> - Options Indexes MultiViews - AllowOverride None - Require all granted -</Directory> - -# -# This should be changed to the ServerRoot/manual/. The alias provides -# the manual, even if you choose to move your DocumentRoot. You may comment -# this out if you do not care for the documentation. -# -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[PKI_INSTANCE_PATH]/manual$1" - -<Directory "[PKI_INSTANCE_PATH]/manual"> - Options Indexes - AllowOverride None - Require all granted - - <Files *.html> - SetHandler type-map - </Files> - - SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1 - RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2 -</Directory> - -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "[PKI_INSTANCE_PATH]/cgi-bin/" - -<IfModule mod_cgid.c> -# -# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path> -# for setting UNIX socket for communicating with cgid. -# -#Scriptsock logs/cgisock -</IfModule> - -# -# "[PKI_INSTANCE_PATH]/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# -<Directory "[PKI_INSTANCE_PATH]/cgi-bin"> - AllowOverride None - Options ExecCGI - Require all granted -</Directory> - -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar - -# -# Directives controlling the display of server-generated directory listings. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing VersionSort - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Commonly used filename extensions to character sets. You probably -# want to avoid clashes with the language extensions, unless you -# are good at carefully testing your setup after each change. -# See http://www.iana.org/assignments/character-sets for the -# official list of charset names and their respective RFCs. -# -AddCharset ISO-8859-1 .iso8859-1 .latin1 -AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen -AddCharset ISO-8859-3 .iso8859-3 .latin3 -AddCharset ISO-8859-4 .iso8859-4 .latin4 -AddCharset ISO-8859-5 .iso8859-5 .latin5 .cyr .iso-ru -AddCharset ISO-8859-6 .iso8859-6 .latin6 .arb -AddCharset ISO-8859-7 .iso8859-7 .latin7 .grk -AddCharset ISO-8859-8 .iso8859-8 .latin8 .heb -AddCharset ISO-8859-9 .iso8859-9 .latin9 .trk -AddCharset ISO-2022-JP .iso2022-jp .jis -AddCharset ISO-2022-KR .iso2022-kr .kis -AddCharset ISO-2022-CN .iso2022-cn .cis -AddCharset Big5 .Big5 .big5 -# For russian, more than one charset is used (depends on client, mostly): -AddCharset WINDOWS-1251 .cp-1251 .win-1251 -AddCharset CP866 .cp866 -AddCharset KOI8-r .koi8-r .koi8-ru -AddCharset KOI8-ru .koi8-uk .ua -AddCharset ISO-10646-UCS-2 .ucs2 -AddCharset ISO-10646-UCS-4 .ucs4 -AddCharset UTF-8 .utf8 - -# The set below does not map to a specific (iso) standard -# but works on a fairly wide range of browsers. Note that -# capitalization actually matters (it should not, but it -# does for some browsers). -# -# See http://www.iana.org/assignments/character-sets -# for a list of sorts. But browsers support few. -# -AddCharset GB2312 .gb2312 .gb -AddCharset utf-7 .utf7 -AddCharset utf-8 .utf8 -AddCharset big5 .big5 .b5 -AddCharset EUC-TW .euc-tw -AddCharset EUC-JP .euc-jp -AddCharset EUC-KR .euc-kr -AddCharset shift_jis .sjis - -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz -# -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -AddHandler cgi-script .cgi - -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis - -# -# For server-parsed imagemap files: -# -#AddHandler imap-file map - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -#AddType text/html .shtml -#AddOutputFilter INCLUDES .shtml - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_<error>.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_<error>.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /export/apache/error/include/ files and copying them to /your/include/path/, -# even on a per-VirtualHost basis. The default include files will display -# your Apache version number and your ServerAdmin email address regardless -# of the setting of ServerSignature. -# -# The internationalized error documents require mod_alias, mod_include -# and mod_negotiation. To activate them, uncomment the following 30 lines. - -# Alias /error/ "/export/apache/error/" -# -# <Directory "/export/apache/error"> -# AllowOverride None -# Options IncludesNoExec -# AddOutputFilter Includes html -# AddHandler type-map var -# Order allow,deny -# Allow from all -# LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr -# ForceLanguagePriority Prefer Fallback -# </Directory> -# -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var -#[ErrorDocument_404] -#[ErrorDocument_500] - - -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully -BrowserMatch "^gnome-vfs" redirect-carefully - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# -#<Location /server-status> -# SetHandler server-status -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Location> - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -#<Location /server-info> -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Location> - - -# -# Bring in additional module-specific configurations -# -#<IfModule mod_ssl.c> -# Include conf/ssl.conf -#</IfModule> -Include [PKI_INSTANCE_PATH]/conf/nss.conf - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# <URL:http://httpd.apache.org/docs-2.0/vhosts/> -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -#NameVirtualHost *:80 - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -#<VirtualHost *:80> -# ServerAdmin webmaster@dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common -#</VirtualHost> diff --git a/base/ra/apache/conf/magic b/base/ra/apache/conf/magic deleted file mode 100644 index 0de73361f..000000000 --- a/base/ra/apache/conf/magic +++ /dev/null @@ -1,382 +0,0 @@ -# Magic data for mod_mime_magic Apache module (originally for file(1) command) -# The module is described in /manual/mod/mod_mime_magic.html -# -# The format is 4-5 columns: -# Column #1: byte number to begin checking from, ">" indicates continuation -# Column #2: type of data to match -# Column #3: contents of data to match -# Column #4: MIME type of result -# Column #5: MIME encoding of result (optional) - -#------------------------------------------------------------------------------ -# Localstuff: file(1) magic for locally observed files -# Add any locally observed files here. - -#------------------------------------------------------------------------------ -# end local stuff -#------------------------------------------------------------------------------ - -#------------------------------------------------------------------------------ -# Java - -0 short 0xcafe ->2 short 0xbabe application/java - -#------------------------------------------------------------------------------ -# audio: file(1) magic for sound formats -# -# from Jan Nicolai Langfeldt <janl@ifi.uio.no>, -# - -# Sun/NeXT audio data -0 string .snd ->12 belong 1 audio/basic ->12 belong 2 audio/basic ->12 belong 3 audio/basic ->12 belong 4 audio/basic ->12 belong 5 audio/basic ->12 belong 6 audio/basic ->12 belong 7 audio/basic - ->12 belong 23 audio/x-adpcm - -# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format -# that uses little-endian encoding and has a different magic number -# (0x0064732E in little-endian encoding). -0 lelong 0x0064732E ->12 lelong 1 audio/x-dec-basic ->12 lelong 2 audio/x-dec-basic ->12 lelong 3 audio/x-dec-basic ->12 lelong 4 audio/x-dec-basic ->12 lelong 5 audio/x-dec-basic ->12 lelong 6 audio/x-dec-basic ->12 lelong 7 audio/x-dec-basic -# compressed (G.721 ADPCM) ->12 lelong 23 audio/x-dec-adpcm - -# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" -# AIFF audio data -8 string AIFF audio/x-aiff -# AIFF-C audio data -8 string AIFC audio/x-aiff -# IFF/8SVX audio data -8 string 8SVX audio/x-aiff - -# Creative Labs AUDIO stuff -# Standard MIDI data -0 string MThd audio/unknown -#>9 byte >0 (format %d) -#>11 byte >1 using %d channels -# Creative Music (CMF) data -0 string CTMF audio/unknown -# SoundBlaster instrument data -0 string SBI audio/unknown -# Creative Labs voice data -0 string Creative\ Voice\ File audio/unknown -## is this next line right? it came this way... -#>19 byte 0x1A -#>23 byte >0 - version %d -#>22 byte >0 \b.%d - -# [GRR 950115: is this also Creative Labs? Guessing that first line -# should be string instead of unknown-endian long...] -#0 long 0x4e54524b MultiTrack sound data -#0 string NTRK MultiTrack sound data -#>4 long x - version %ld - -# Microsoft WAVE format (*.wav) -# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] -# Microsoft RIFF -0 string RIFF audio/unknown -# - WAVE format ->8 string WAVE audio/x-wav -# MPEG audio. -0 beshort&0xfff0 0xfff0 audio/mpeg -# C64 SID Music files, from Linus Walleij <triad@df.lth.se> -0 string PSID audio/prs.sid - -#------------------------------------------------------------------------------ -# c-lang: file(1) magic for C programs or various scripts -# - -# XPM icons (Greg Roelofs, newt@uchicago.edu) -# ideally should go into "images", but entries below would tag XPM as C source -0 string /*\ XPM image/x-xbm 7bit - -# this first will upset you if you're a PL/1 shop... (are there any left?) -# in which case rm it; ascmagic will catch real C programs -# C or REXX program text -0 string /* text/plain -# C++ program text -0 string // text/plain - -#------------------------------------------------------------------------------ -# compress: file(1) magic for pure-compression formats (no archives) -# -# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. -# -# Formats for various forms of compressed data -# Formats for "compress" proper have been moved into "compress.c", -# because it tries to uncompress it to figure out what's inside. - -# standard unix compress -0 string \037\235 application/octet-stream x-compress - -# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) -0 string \037\213 application/octet-stream x-gzip - -# According to gzip.h, this is the correct byte order for packed data. -0 string \037\036 application/octet-stream -# -# This magic number is byte-order-independent. -# -0 short 017437 application/octet-stream - -# XXX - why *two* entries for "compacted data", one of which is -# byte-order independent, and one of which is byte-order dependent? -# -# compacted data -0 short 0x1fff application/octet-stream -0 string \377\037 application/octet-stream -# huf output -0 short 0145405 application/octet-stream - -# Squeeze and Crunch... -# These numbers were gleaned from the Unix versions of the programs to -# handle these formats. Note that I can only uncrunch, not crunch, and -# I didn't have a crunched file handy, so the crunch number is untested. -# Keith Waclena <keith@cerberus.uchicago.edu> -#0 leshort 0x76FF squeezed data (CP/M, DOS) -#0 leshort 0x76FE crunched data (CP/M, DOS) - -# Freeze -#0 string \037\237 Frozen file 2.1 -#0 string \037\236 Frozen file 1.0 (or gzip 0.5) - -# lzh? -#0 string \037\240 LZH compressed data - -#------------------------------------------------------------------------------ -# frame: file(1) magic for FrameMaker files -# -# This stuff came on a FrameMaker demo tape, most of which is -# copyright, but this file is "published" as witness the following: -# -0 string \<MakerFile application/x-frame -0 string \<MIFFile application/x-frame -0 string \<MakerDictionary application/x-frame -0 string \<MakerScreenFon application/x-frame -0 string \<MML application/x-frame -0 string \<Book application/x-frame -0 string \<Maker application/x-frame - -#------------------------------------------------------------------------------ -# html: file(1) magic for HTML (HyperText Markup Language) docs -# -# from Daniel Quinlan <quinlan@yggdrasil.com> -# and Anna Shergold <anna@inext.co.uk> -# -0 string \<!DOCTYPE\ HTML text/html -0 string \<!doctype\ html text/html -0 string \<HEAD text/html -0 string \<head text/html -0 string \<TITLE text/html -0 string \<title text/html -0 string \<html text/html -0 string \<HTML text/html -0 string \<!-- text/html -0 string \<h1 text/html -0 string \<H1 text/html - -# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se> -0 string \<?xml text/xml - -#------------------------------------------------------------------------------ -# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps) -# -# originally from jef@helios.ee.lbl.gov (Jef Poskanzer), -# additions by janl@ifi.uio.no as well as others. Jan also suggested -# merging several one- and two-line files into here. -# -# XXX - byte order for GIF and TIFF fields? -# [GRR: TIFF allows both byte orders; GIF is probably little-endian] -# - -# [GRR: what the hell is this doing in here?] -#0 string xbtoa btoa'd file - -# PBMPLUS -# PBM file -0 string P1 image/x-portable-bitmap 7bit -# PGM file -0 string P2 image/x-portable-greymap 7bit -# PPM file -0 string P3 image/x-portable-pixmap 7bit -# PBM "rawbits" file -0 string P4 image/x-portable-bitmap -# PGM "rawbits" file -0 string P5 image/x-portable-greymap -# PPM "rawbits" file -0 string P6 image/x-portable-pixmap - -# NIFF (Navy Interchange File Format, a modification of TIFF) -# [GRR: this *must* go before TIFF] -0 string IIN1 image/x-niff - -# TIFF and friends -# TIFF file, big-endian -0 string MM image/tiff -# TIFF file, little-endian -0 string II image/tiff - -# possible GIF replacements; none yet released! -# (Greg Roelofs, newt@uchicago.edu) -# -# GRR 950115: this was mine ("Zip GIF"): -# ZIF image (GIF+deflate alpha) -0 string GIF94z image/unknown -# -# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better): -# FGF image (GIF+deflate beta) -0 string FGF95a image/unknown -# -# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal -# (best; not yet implemented): -# PBF image (deflate compression) -0 string PBF image/unknown - -# GIF -0 string GIF image/gif - -# JPEG images -0 beshort 0xffd8 image/jpeg - -# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu) -0 string BM image/bmp -#>14 byte 12 (OS/2 1.x format) -#>14 byte 64 (OS/2 2.x format) -#>14 byte 40 (Windows 3.x format) -#0 string IC icon -#0 string PI pointer -#0 string CI color icon -#0 string CP color pointer -#0 string BA bitmap array - - -#------------------------------------------------------------------------------ -# lisp: file(1) magic for lisp programs -# -# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) -0 string ;; text/plain 8bit -# Emacs 18 - this is always correct, but not very magical. -0 string \012( application/x-elc -# Emacs 19 -0 string ;ELC\023\000\000\000 application/x-elc - -#------------------------------------------------------------------------------ -# mail.news: file(1) magic for mail and news -# -# There are tests to ascmagic.c to cope with mail and news. -0 string Relay-Version: message/rfc822 7bit -0 string #!\ rnews message/rfc822 7bit -0 string N#!\ rnews message/rfc822 7bit -0 string Forward\ to message/rfc822 7bit -0 string Pipe\ to message/rfc822 7bit -0 string Return-Path: message/rfc822 7bit -0 string Path: message/news 8bit -0 string Xref: message/news 8bit -0 string From: message/rfc822 7bit -0 string Article message/news 8bit -#------------------------------------------------------------------------------ -# msword: file(1) magic for MS Word files -# -# Contributor claims: -# Reversed-engineered MS Word magic numbers -# - -0 string \376\067\0\043 application/msword -0 string \333\245-\0\0\0 application/msword - -# disable this one because it applies also to other -# Office/OLE documents for which msword is not correct. See PR#2608. -#0 string \320\317\021\340\241\261 application/msword - - - -#------------------------------------------------------------------------------ -# printer: file(1) magic for printer-formatted files -# - -# PostScript -0 string %! application/postscript -0 string \004%! application/postscript - -# Acrobat -# (due to clamen@cs.cmu.edu) -0 string %PDF- application/pdf - -#------------------------------------------------------------------------------ -# sc: file(1) magic for "sc" spreadsheet -# -38 string Spreadsheet application/x-sc - -#------------------------------------------------------------------------------ -# tex: file(1) magic for TeX files -# -# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) -# -# From <conklin@talisman.kaleida.com> - -# Although we may know the offset of certain text fields in TeX DVI -# and font files, we can't use them reliably because they are not -# zero terminated. [but we do anyway, christos] -0 string \367\002 application/x-dvi -#0 string \367\203 TeX generic font data -#0 string \367\131 TeX packed font data -#0 string \367\312 TeX virtual font data -#0 string This\ is\ TeX, TeX transcript text -#0 string This\ is\ METAFONT, METAFONT transcript text - -# There is no way to detect TeX Font Metric (*.tfm) files without -# breaking them apart and reading the data. The following patterns -# match most *.tfm files generated by METAFONT or afm2tfm. -#2 string \000\021 TeX font metric data -#2 string \000\022 TeX font metric data -#>34 string >\0 (%s) - -# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) -#0 string \\input\ texinfo Texinfo source text -#0 string This\ is\ Info\ file GNU Info text - -# correct TeX magic for Linux (and maybe more) -# from Peter Tobias (tobias@server.et-inf.fho-emden.de) -# -0 leshort 0x02f7 application/x-dvi - -# RTF - Rich Text Format -0 string {\\rtf application/rtf - -#------------------------------------------------------------------------------ -# animation: file(1) magic for animation/movie formats -# -# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) -# MPEG file -0 string \000\000\001\263 video/mpeg -# -# The contributor claims: -# I couldn't find a real magic number for these, however, this -# -appears- to work. Note that it might catch other files, too, -# so BE CAREFUL! -# -# Note that title and author appear in the two 20-byte chunks -# at decimal offsets 2 and 22, respectively, but they are XOR'ed with -# 255 (hex FF)! DL format SUCKS BIG ROCKS. -# -# DL file version 1 , medium format (160x100, 4 images/screen) -0 byte 1 video/unknown -0 byte 2 video/unknown -# Quicktime video, from Linus Walleij <triad@df.lth.se> -# from Apple quicktime file format documentation. -4 string moov video/quicktime -4 string mdat video/quicktime - diff --git a/base/ra/apache/conf/mime.types b/base/ra/apache/conf/mime.types deleted file mode 100644 index 3485692d1..000000000 --- a/base/ra/apache/conf/mime.types +++ /dev/null @@ -1,592 +0,0 @@ -# This is a comment. I love comments. - -# This file controls what Internet media types are sent to the client for -# given file extension(s). Sending the correct media type to the client -# is important so they know how to handle the content of the file. -# Extra types can either be added here or by using an AddType directive -# in your config files. For more information about Internet media types, -# please read RFC 2045, 2046, 2047, 2048, and 2077. The Internet media type -# registry is at <http://www.iana.org/assignments/media-types/>. - -# MIME type Extensions -application/activemessage -application/andrew-inset ez -application/applefile -application/atom+xml atom -application/atomicmail -application/batch-smtp -application/beep+xml -application/cals-1840 -application/cnrp+xml -application/commonground -application/cpl+xml -application/cybercash -application/dca-rft -application/dec-dx -application/dvcs -application/edi-consent -application/edifact -application/edi-x12 -application/eshop -application/font-tdpfr -application/http -application/hyperstudio -application/iges -application/index -application/index.cmd -application/index.obj -application/index.response -application/index.vnd -application/iotp -application/ipp -application/isup -application/mac-binhex40 hqx -application/mac-compactpro cpt -application/macwriteii -application/marc -application/mathematica -application/mathml+xml mathml -application/msword doc -application/news-message-id -application/news-transmission -application/ocsp-request -application/ocsp-response -application/octet-stream bin dms lha lzh exe class so dll dmg -application/oda oda -application/ogg ogg -application/parityfec -application/pdf pdf -application/pgp-encrypted -application/pgp-keys -application/pgp-signature -application/pkcs10 -application/pkcs7-mime -application/pkcs7-signature -application/pkix-cert -application/pkix-crl -application/pkixcmp -application/postscript ai eps ps -application/prs.alvestrand.titrax-sheet -application/prs.cww -application/prs.nprend -application/prs.plucker -application/qsig -application/rdf+xml rdf -application/reginfo+xml -application/remote-printing -application/riscos -application/rtf -application/sdp -application/set-payment -application/set-payment-initiation -application/set-registration -application/set-registration-initiation -application/sgml -application/sgml-open-catalog -application/sieve -application/slate -application/smil smi smil -application/srgs gram -application/srgs+xml grxml -application/timestamp-query -application/timestamp-reply -application/tve-trigger -application/vemmi -application/vnd.3gpp.pic-bw-large -application/vnd.3gpp.pic-bw-small -application/vnd.3gpp.pic-bw-var -application/vnd.3gpp.sms -application/vnd.3m.post-it-notes -application/vnd.accpac.simply.aso -application/vnd.accpac.simply.imp -application/vnd.acucobol -application/vnd.acucorp -application/vnd.adobe.xfdf -application/vnd.aether.imp -application/vnd.amiga.ami -application/vnd.anser-web-certificate-issue-initiation -application/vnd.anser-web-funds-transfer-initiation -application/vnd.audiograph -application/vnd.blueice.multipass -application/vnd.bmi -application/vnd.businessobjects -application/vnd.canon-cpdl -application/vnd.canon-lips -application/vnd.cinderella -application/vnd.claymore -application/vnd.commerce-battelle -application/vnd.commonspace -application/vnd.contact.cmsg -application/vnd.cosmocaller -application/vnd.criticaltools.wbs+xml -application/vnd.ctc-posml -application/vnd.cups-postscript -application/vnd.cups-raster -application/vnd.cups-raw -application/vnd.curl -application/vnd.cybank -application/vnd.data-vision.rdz -application/vnd.dna -application/vnd.dpgraph -application/vnd.dreamfactory -application/vnd.dxr -application/vnd.ecdis-update -application/vnd.ecowin.chart -application/vnd.ecowin.filerequest -application/vnd.ecowin.fileupdate -application/vnd.ecowin.series -application/vnd.ecowin.seriesrequest -application/vnd.ecowin.seriesupdate -application/vnd.enliven -application/vnd.epson.esf -application/vnd.epson.msf -application/vnd.epson.quickanime -application/vnd.epson.salt -application/vnd.epson.ssf -application/vnd.ericsson.quickcall -application/vnd.eudora.data -application/vnd.fdf -application/vnd.ffsns -application/vnd.fints -application/vnd.flographit -application/vnd.framemaker -application/vnd.fsc.weblaunch -application/vnd.fujitsu.oasys -application/vnd.fujitsu.oasys2 -application/vnd.fujitsu.oasys3 -application/vnd.fujitsu.oasysgp -application/vnd.fujitsu.oasysprs -application/vnd.fujixerox.ddd -application/vnd.fujixerox.docuworks -application/vnd.fujixerox.docuworks.binder -application/vnd.fut-misnet -application/vnd.grafeq -application/vnd.groove-account -application/vnd.groove-help -application/vnd.groove-identity-message -application/vnd.groove-injector -application/vnd.groove-tool-message -application/vnd.groove-tool-template -application/vnd.groove-vcard -application/vnd.hbci -application/vnd.hhe.lesson-player -application/vnd.hp-hpgl -application/vnd.hp-hpid -application/vnd.hp-hps -application/vnd.hp-pcl -application/vnd.hp-pclxl -application/vnd.httphone -application/vnd.hzn-3d-crossword -application/vnd.ibm.afplinedata -application/vnd.ibm.electronic-media -application/vnd.ibm.minipay -application/vnd.ibm.modcap -application/vnd.ibm.rights-management -application/vnd.ibm.secure-container -application/vnd.informix-visionary -application/vnd.intercon.formnet -application/vnd.intertrust.digibox -application/vnd.intertrust.nncp -application/vnd.intu.qbo -application/vnd.intu.qfx -application/vnd.irepository.package+xml -application/vnd.is-xpr -application/vnd.japannet-directory-service -application/vnd.japannet-jpnstore-wakeup -application/vnd.japannet-payment-wakeup -application/vnd.japannet-registration -application/vnd.japannet-registration-wakeup -application/vnd.japannet-setstore-wakeup -application/vnd.japannet-verification -application/vnd.japannet-verification-wakeup -application/vnd.jisp -application/vnd.kde.karbon -application/vnd.kde.kchart -application/vnd.kde.kformula -application/vnd.kde.kivio -application/vnd.kde.kontour -application/vnd.kde.kpresenter -application/vnd.kde.kspread -application/vnd.kde.kword -application/vnd.kenameaapp -application/vnd.koan -application/vnd.liberty-request+xml -application/vnd.llamagraphics.life-balance.desktop -application/vnd.llamagraphics.life-balance.exchange+xml -application/vnd.lotus-1-2-3 -application/vnd.lotus-approach -application/vnd.lotus-freelance -application/vnd.lotus-notes -application/vnd.lotus-organizer -application/vnd.lotus-screencam -application/vnd.lotus-wordpro -application/vnd.mcd -application/vnd.mediastation.cdkey -application/vnd.meridian-slingshot -application/vnd.micrografx.flo -application/vnd.micrografx.igx -application/vnd.mif mif -application/vnd.minisoft-hp3000-save -application/vnd.mitsubishi.misty-guard.trustweb -application/vnd.mobius.daf -application/vnd.mobius.dis -application/vnd.mobius.mbk -application/vnd.mobius.mqy -application/vnd.mobius.msl -application/vnd.mobius.plc -application/vnd.mobius.txf -application/vnd.mophun.application -application/vnd.mophun.certificate -application/vnd.motorola.flexsuite -application/vnd.motorola.flexsuite.adsi -application/vnd.motorola.flexsuite.fis -application/vnd.motorola.flexsuite.gotap -application/vnd.motorola.flexsuite.kmr -application/vnd.motorola.flexsuite.ttc -application/vnd.motorola.flexsuite.wem -application/vnd.mozilla.xul+xml xul -application/vnd.ms-artgalry -application/vnd.ms-asf -application/vnd.ms-excel xls -application/vnd.ms-lrm -application/vnd.ms-powerpoint ppt -application/vnd.ms-project -application/vnd.ms-tnef -application/vnd.ms-works -application/vnd.ms-wpl -application/vnd.mseq -application/vnd.msign -application/vnd.music-niff -application/vnd.musician -application/vnd.netfpx -application/vnd.noblenet-directory -application/vnd.noblenet-sealer -application/vnd.noblenet-web -application/vnd.novadigm.edm -application/vnd.novadigm.edx -application/vnd.novadigm.ext -application/vnd.obn -application/vnd.osa.netdeploy -application/vnd.palm -application/vnd.pg.format -application/vnd.pg.osasli -application/vnd.powerbuilder6 -application/vnd.powerbuilder6-s -application/vnd.powerbuilder7 -application/vnd.powerbuilder7-s -application/vnd.powerbuilder75 -application/vnd.powerbuilder75-s -application/vnd.previewsystems.box -application/vnd.publishare-delta-tree -application/vnd.pvi.ptid1 -application/vnd.pwg-multiplexed -application/vnd.pwg-xhtml-print+xml -application/vnd.quark.quarkxpress -application/vnd.rapid -application/vnd.s3sms -application/vnd.sealed.net -application/vnd.seemail -application/vnd.shana.informed.formdata -application/vnd.shana.informed.formtemplate -application/vnd.shana.informed.interchange -application/vnd.shana.informed.package -application/vnd.smaf -application/vnd.sss-cod -application/vnd.sss-dtf -application/vnd.sss-ntf -application/vnd.street-stream -application/vnd.svd -application/vnd.swiftview-ics -application/vnd.triscape.mxs -application/vnd.trueapp -application/vnd.truedoc -application/vnd.ufdl -application/vnd.uplanet.alert -application/vnd.uplanet.alert-wbxml -application/vnd.uplanet.bearer-choice -application/vnd.uplanet.bearer-choice-wbxml -application/vnd.uplanet.cacheop -application/vnd.uplanet.cacheop-wbxml -application/vnd.uplanet.channel -application/vnd.uplanet.channel-wbxml -application/vnd.uplanet.list -application/vnd.uplanet.list-wbxml -application/vnd.uplanet.listcmd -application/vnd.uplanet.listcmd-wbxml -application/vnd.uplanet.signal -application/vnd.vcx -application/vnd.vectorworks -application/vnd.vidsoft.vidconference -application/vnd.visio -application/vnd.visionary -application/vnd.vividence.scriptfile -application/vnd.vsf -application/vnd.wap.sic -application/vnd.wap.slc -application/vnd.wap.wbxml wbxml -application/vnd.wap.wmlc wmlc -application/vnd.wap.wmlscriptc wmlsc -application/vnd.webturbo -application/vnd.wrq-hp3000-labelled -application/vnd.wt.stf -application/vnd.wv.csp+wbxml -application/vnd.xara -application/vnd.xfdl -application/vnd.yamaha.hv-dic -application/vnd.yamaha.hv-script -application/vnd.yamaha.hv-voice -application/vnd.yellowriver-custom-menu -application/voicexml+xml vxml -application/watcherinfo+xml -application/whoispp-query -application/whoispp-response -application/wita -application/wordperfect5.1 -application/x-bcpio bcpio -application/x-cdlink vcd -application/x-chess-pgn pgn -application/x-compress -application/x-cpio cpio -application/x-csh csh -application/x-director dcr dir dxr -application/x-dvi dvi -application/x-futuresplash spl -application/x-gtar gtar -application/x-gzip -application/x-hdf hdf -application/x-javascript js -application/x-koan skp skd skt skm -application/x-latex latex -application/x-netcdf nc cdf -application/x-sh sh -application/x-shar shar -application/x-shockwave-flash swf -application/x-stuffit sit -application/x-sv4cpio sv4cpio -application/x-sv4crc sv4crc -application/x-tar tar -application/x-tcl tcl -application/x-tex tex -application/x-texinfo texinfo texi -application/x-troff t tr roff -application/x-troff-man man -application/x-troff-me me -application/x-troff-ms ms -application/x-ustar ustar -application/x-wais-source src -application/x400-bp -application/xhtml+xml xhtml xht -application/xslt+xml xslt -application/xml xml xsl -application/xml-dtd dtd -application/xml-external-parsed-entity -application/zip zip -audio/32kadpcm -audio/amr -audio/amr-wb -audio/basic au snd -audio/cn -audio/dat12 -audio/dsr-es201108 -audio/dvi4 -audio/evrc -audio/evrc0 -audio/g722 -audio/g.722.1 -audio/g723 -audio/g726-16 -audio/g726-24 -audio/g726-32 -audio/g726-40 -audio/g728 -audio/g729 -audio/g729D -audio/g729E -audio/gsm -audio/gsm-efr -audio/l8 -audio/l16 -audio/l20 -audio/l24 -audio/lpc -audio/midi mid midi kar -audio/mpa -audio/mpa-robust -audio/mp4a-latm -audio/mpeg mpga mp2 mp3 -audio/parityfec -audio/pcma -audio/pcmu -audio/prs.sid -audio/qcelp -audio/red -audio/smv -audio/smv0 -audio/telephone-event -audio/tone -audio/vdvi -audio/vnd.3gpp.iufp -audio/vnd.cisco.nse -audio/vnd.cns.anp1 -audio/vnd.cns.inf1 -audio/vnd.digital-winds -audio/vnd.everad.plj -audio/vnd.lucent.voice -audio/vnd.nortel.vbk -audio/vnd.nuera.ecelp4800 -audio/vnd.nuera.ecelp7470 -audio/vnd.nuera.ecelp9600 -audio/vnd.octel.sbc -audio/vnd.qcelp -audio/vnd.rhetorex.32kadpcm -audio/vnd.vmx.cvsd -audio/x-aiff aif aiff aifc -audio/x-alaw-basic -audio/x-mpegurl m3u -audio/x-pn-realaudio ram ra -audio/x-pn-realaudio-plugin -application/vnd.rn-realmedia rm -audio/x-wav wav -chemical/x-pdb pdb -chemical/x-xyz xyz -image/bmp bmp -image/cgm cgm -image/g3fax -image/gif gif -image/ief ief -image/jpeg jpeg jpg jpe -image/naplps -image/png png -image/prs.btif -image/prs.pti -image/svg+xml svg -image/t38 -image/tiff tiff tif -image/tiff-fx -image/vnd.cns.inf2 -image/vnd.djvu djvu djv -image/vnd.dwg -image/vnd.dxf -image/vnd.fastbidsheet -image/vnd.fpx -image/vnd.fst -image/vnd.fujixerox.edmics-mmr -image/vnd.fujixerox.edmics-rlc -image/vnd.globalgraphics.pgb -image/vnd.mix -image/vnd.ms-modi -image/vnd.net-fpx -image/vnd.svf -image/vnd.wap.wbmp wbmp -image/vnd.xiff -image/x-cmu-raster ras -image/x-icon ico -image/x-portable-anymap pnm -image/x-portable-bitmap pbm -image/x-portable-graymap pgm -image/x-portable-pixmap ppm -image/x-rgb rgb -image/x-xbitmap xbm -image/x-xpixmap xpm -image/x-xwindowdump xwd -message/delivery-status -message/disposition-notification -message/external-body -message/http -message/news -message/partial -message/rfc822 -message/s-http -message/sip -message/sipfrag -model/iges igs iges -model/mesh msh mesh silo -model/vnd.dwf -model/vnd.flatland.3dml -model/vnd.gdl -model/vnd.gs-gdl -model/vnd.gtw -model/vnd.mts -model/vnd.parasolid.transmit.binary -model/vnd.parasolid.transmit.text -model/vnd.vtu -model/vrml wrl vrml -multipart/alternative -multipart/appledouble -multipart/byteranges -multipart/digest -multipart/encrypted -multipart/form-data -multipart/header-set -multipart/mixed -multipart/parallel -multipart/related -multipart/report -multipart/signed -multipart/voice-message -text/calendar ics ifb -text/css css -text/directory -text/enriched -text/html html htm -text/parityfec -text/plain asc txt -text/prs.lines.tag -text/rfc822-headers -text/richtext rtx -text/rtf rtf -text/sgml sgml sgm -text/t140 -text/tab-separated-values tsv -text/uri-list -text/vnd.abc -text/vnd.curl -text/vnd.dmclientscript -text/vnd.fly -text/vnd.fmi.flexstor -text/vnd.in3d.3dml -text/vnd.in3d.spot -text/vnd.iptc.nitf -text/vnd.iptc.newsml -text/vnd.latex-z -text/vnd.motorola.reflex -text/vnd.ms-mediapackage -text/vnd.net2phone.commcenter.command -text/vnd.sun.j2me.app-descriptor -text/vnd.wap.si -text/vnd.wap.sl -text/vnd.wap.wml wml -text/vnd.wap.wmlscript wmls -text/x-setext etx -text/xml -text/xml-external-parsed-entity -video/bmpeg -video/bt656 -video/celb -video/dv -video/h261 -video/h263 -video/h263-1998 -video/h263-2000 -video/jpeg -video/mp1s -video/mp2p -video/mp2t -video/mp4v-es -video/mpv -video/mpeg mpeg mpg mpe -video/nv -video/parityfec -video/pointer -video/quicktime qt mov -video/smpte292m -video/vnd.fvt -video/vnd.motorola.video -video/vnd.motorola.videop -video/vnd.mpegurl mxu m4u -video/vnd.nokia.interleaved-multimedia -video/vnd.objectvideo -video/vnd.vivo -video/x-msvideo avi -video/x-sgi-movie movie -x-conference/x-cooltalk ice diff --git a/base/ra/apache/conf/nss.conf b/base/ra/apache/conf/nss.conf deleted file mode 100644 index 014a06c97..000000000 --- a/base/ra/apache/conf/nss.conf +++ /dev/null @@ -1,267 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support using. -# the mod_nss plugin. It contains the configuration directives to instruct -# the server how to serve pages over an https connection. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -# -# When we also provide SSL we have to listen to the -# standard HTTP port (see above) and to the HTTPS port -# -# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two -# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" -# -Listen [PKI_SECURE_PORT] - -Listen [NON_CLIENTAUTH_SECURE_PORT] - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -#NSSPassPhraseDialog builtin -NSSPassPhraseDialog defer:[PKI_INSTANCE_PATH]/conf/password.conf - - -# Pass Phrase Helper: -# This helper program stores the token password pins between -# restarts of Apache. -NSSPassPhraseHelper /usr/share/pki/ra/scripts/nss_pcache - -# Configure the SSL Session Cache. -# SSLSessionCacheSize is the number of entries in the cache. -# SSLSessionCacheTimeout is the SSL2 session timeout (in seconds). -# SSL3SessionCacheTimeout is the SSL3/TLS session timeout (in seconds). -NSSSessionCacheSize 10000 -NSSSessionCacheTimeout 100 -NSSSession3CacheTimeout 86400 - -## -## SSL Virtual Host Context -## - -<VirtualHost _default_:[PKI_SECURE_PORT]> - -# General setup for the virtual host -#DocumentRoot "/htdocs" -#ServerName [Server_Name]:[Secure_Port] -#ServerAdmin you@example.com - -# Configure OCSP checking of client certs - -#NSSOCSP on -#NSSOCSPDefaultResponder on - -# URL of the ocsp service -# -# Example of the built in ocsp service of the CS CA -# -#NSSOCSPDefaultURL http://localhost:9180/ca/ocsp - -# Nickname of ocsp signing cert -# -# Below is sufficient if using built in CS CA ocsp service -# If using outboard ocsp, make sure the cert listed below -# is imported into the local cert database. -# -#NSSOCSPDefaultName caCert - -# mod_ssl logs to separate log files, you can choose to do that if you'd like -ErrorLog [PKI_INSTANCE_PATH]/logs/error_log -TransferLog [PKI_INSTANCE_PATH]/logs/access_log - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -NSSEngine on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_nss documentation for a complete list. -NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha - -NSSProtocol SSLv3,TLSv1 - -# SSL Certificate Nickname: -# The nickname of the server certificate you are going to use. -NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]" - -# Server Certificate Database: -# The NSS security database directory that holds the certificates and -# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. -# Provide the directory that these files exist. -NSSCertificateDatabase [PKI_INSTANCE_PATH]/alias - -# Client Authentication (Type): -# Client certificate verification type. Types are none, optional and -# require. -NSSVerifyClient require - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_nss documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire -<Files ~ "\.(cgi|shtml|phtml|php3?)$"> - NSSOptions +StdEnvVars +ExportCertData -</Files> -<Directory "/cgi-bin"> - NSSOptions +StdEnvVars -</Directory> - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -#CustomLog [PKI_INSTANCE_PATH]/logs/ssl_request_log \ -# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> - -<VirtualHost _default_:[NON_CLIENTAUTH_SECURE_PORT]> - -# General setup for the virtual host -#DocumentRoot "/htdocs" -#ServerName [Server_Name]:[Non_Clientauth_Secure_Port] -#ServerAdmin you@example.com - -# mod_ssl logs to separate log files, you can choose to do that if you'd like -ErrorLog [PKI_INSTANCE_PATH]/logs/error_log -TransferLog [PKI_INSTANCE_PATH]/logs/access_log - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -NSSEngine on - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_nss documentation for a complete list. -NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha - -NSSProtocol SSLv3,TLSv1 - -# SSL Certificate Nickname: -# The nickname of the server certificate you are going to use. -NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]" - -# Server Certificate Database: -# The NSS security database directory that holds the certificates and -# keys. The database consists of 3 files: cert8.db, key3.db and secmod.db. -# Provide the directory that these files exist. -NSSCertificateDatabase [PKI_INSTANCE_PATH]/alias - -# Client Authentication (Type): -# Client certificate verification type. Types are none, optional and -# require. -NSSVerifyClient none - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_nss documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire -<Files ~ "\.(cgi|shtml|phtml|php3?)$"> - NSSOptions +StdEnvVars +ExportCertData -</Files> -<Directory "/cgi-bin"> - NSSOptions +StdEnvVars -</Directory> - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -#CustomLog [PKI_INSTANCE_PATH]/logs/ssl_request_log \ -# "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> diff --git a/base/ra/apache/conf/perl.conf b/base/ra/apache/conf/perl.conf deleted file mode 100644 index 259808e75..000000000 --- a/base/ra/apache/conf/perl.conf +++ /dev/null @@ -1,100 +0,0 @@ -# -# Mod_perl incorporates a Perl interpreter into the Apache web server, -# so that the Apache web server can directly execute Perl code. -# Mod_perl links the Perl runtime library into the Apache web server -# and provides an object-oriented Perl interface for Apache's C -# language API. The end result is a quicker CGI script turnaround -# process, since no external Perl interpreter has to be started. -# - -LoadModule perl_module [FORTITUDE_LIB_DIR]/modules/mod_perl.so - -# Uncomment this line to globally enable warnings, which will be -# written to the server's error log. Warnings should be enabled -# during the development process, but should be disabled on a -# production server as they affect performance. -# -#PerlWarn On - -# Uncomment this line to enable taint checking globally. When Perl is -# running in taint mode various checks are performed to reduce the -# risk of insecure data being passed to a subshell or being used to -# modify the filesystem. Unfortunatly many Perl modules are not -# taint-safe, so you should exercise care before enabling it on a -# production server. -# -#PerlTaintCheck On - -# This will allow execution of mod_perl to compile your scripts to -# subroutines which it will execute directly, avoiding the costly -# compile process for most requests. -# -#Alias /perl /var/www/perl -#<Directory /var/www/perl> -# SetHandler perl-script -# PerlResponseHandler ModPerl::Registry -# PerlOptions +ParseHeaders -# Options +ExecCGI -#</Directory> - -# This will allow remote server configuration reports, with the URL of -# http://servername/perl-status -# Change the ".your-domain.com" to match your domain to enable. -# -#PerlModule Apache::compat -#<Location /perl-status> -# SetHandler perl-script -# PerlResponseHandler Apache::Status -# Order deny,allow -# Deny from all -# Allow from .your-domain.com -#</Location> - -PerlModule ModPerl::Registry -PerlModule [FORTITUDE_APACHE]::compat -PerlModule PKI::RA::wizard -PerlSetEnv PKI_DOCROOT [PKI_INSTANCE_PATH]/docroot -PerlSetEnv PKI_ROOT [PKI_INSTANCE_PATH] -<Location /ra/admin/console/config/wizard> - SetHandler perl-script - PerlHandler PKI::RA::Wizard - Require all granted -</Location> - -<Location /ra/admin/console/config/login> - SetHandler perl-script - PerlHandler PKI::RA::Login - Require all granted -</Location> - -PerlModule ModPerl::PerlRun -Alias /ee/ [PKI_INSTANCE_PATH]/docroot/ee/ -<Location /ee/ > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> - -Alias /agent/ [PKI_INSTANCE_PATH]/docroot/agent/ -<Location /agent/ > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> - -Alias /admin/ [PKI_INSTANCE_PATH]/docroot/admin/ -<Location /admin/ > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> - -<Location /index.cgi > - SetHandler perl-script - PerlHandler ModPerl::PerlRun - Options Indexes ExecCGI - PerlSendHeader On -</Location> diff --git a/base/ra/apache/docroot/404.html b/base/ra/apache/docroot/404.html deleted file mode 100755 index 39997a669..000000000 --- a/base/ra/apache/docroot/404.html +++ /dev/null @@ -1,146 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2009 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<script language=javascript> -var url = document.URL; -var protocol = location.protocol; -var hostname = location.hostname; -var port = location.port; -</script> - -<head> -<title>RA 404 Error!</title> -<!-- always expand ALL relative paths --> -<script language=javascript> -document.write('<link rel="shortcut icon" href="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/images/favicon.ico'); -document.write('" />'); -document.write('<link rel="stylesheet" href="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/css/pki-base.css'); -document.write('" type="text/css" />'); -document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">'); -</script> -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> -<div id="header"> -<!-- always expand ALL relative paths --> -<script language=javascript> -document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/images/logo_header.gif'); -document.write('" alt="Dogtag" id="myLogo" /></a>'); -</script> - <div id="headertitle"> - <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> - </div> - <div id="account"> - <dl><dt><span></span></dt><dd></dd></dl> - </div> -</div> - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -Certificate System RA Error Page -</font><br> -<p> -</font> -<p> -<script language=javascript> -document.write('<center>'); -document.write('<table border="1" cellspacing="0" cellpadding="0">'); -document.write('<tr valign="TOP">'); -document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>'); -document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>'); -document.write('</tr>'); -document.write('<tr valign="TOP">'); -document.write('<td align="center"><b><font size="+3" color="red">'); -document.write('404'); -document.write('</font></b></td>'); -document.write('<td><b><font size="+1" color="RED">'); -document.write('The requested resource could not be found but may be available again in the future.'); -document.write('</font></b><br><b><font size="+1" color="RED">'); -document.write('Please check the validity of the URL listed below:'); -document.write('</font></b><br><br>'); -document.write('<center><b><font size="+1"><a href="'); -document.write(url); -document.write('">'); -document.write(url); -document.write('</a>'); -document.write('</font></b></center><br></td>'); -document.write('</tr>'); -document.write('</table>'); -document.write('</center>'); -</script> -<div id="footer"> -</div> -<!-- -To prevent Internet Explorer from overriding the display of this custom error -page by displaying it's own "Friendly HTTP Error Message", always include the -following 'padding' to ensure that the text size exceeds 512 bytes: - -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] ---> -</body> -</html> - diff --git a/base/ra/apache/docroot/500.html b/base/ra/apache/docroot/500.html deleted file mode 100755 index 2d560a684..000000000 --- a/base/ra/apache/docroot/500.html +++ /dev/null @@ -1,139 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2009 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<script language=javascript> -var url = document.URL; -var protocol = location.protocol; -var hostname = location.hostname; -var port = location.port; -</script> - -<head> -<title>RA 500 Error!</title> -<!-- always expand ALL relative paths --> -<script language=javascript> -document.write('<link rel="shortcut icon" href="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/images/favicon.ico'); -document.write('" />'); -document.write('<link rel="stylesheet" href="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/css/pki-base.css'); -document.write('" type="text/css" />'); -document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">'); -</script> -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> -<div id="header"> -<!-- always expand ALL relative paths --> -<script language=javascript> -document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="'); -document.write(protocol); -document.write('//'); -document.write(hostname); -document.write(':'); -document.write(port); -document.write('/pki/images/logo_header.gif'); -document.write('" alt="Dogtag" id="myLogo" /></a>'); -</script> - <div id="headertitle"> - <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> - </div> - <div id="account"> - <dl><dt><span></span></dt><dd></dd></dl> - </div> -</div> - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -Certificate System RA Error Page -</font><br> -<p> -</font> -<p> -<script language=javascript> -document.write('<center>'); -document.write('<table border="1" cellspacing="0" cellpadding="0">'); -document.write('<tr valign="TOP">'); -document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>'); -document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>'); -document.write('</tr>'); -document.write('<tr valign="TOP">'); -document.write('<td align="center"><b><font size="+3" color="red">'); -document.write('500'); -document.write('</font></b></td>'); -document.write('<td><b><font size="+1" color="RED">'); -document.write('The server encountered an unexpected condition which prevented it from fulfilling the request.<br>'); -document.write('Please consult your local administrator for further assistance. The Certificate System logs may provide further information.'); -document.write('</font></b><br></td>'); -document.write('</tr>'); -document.write('</table>'); -document.write('</center>'); -</script> -<div id="footer"> -</div> -<!-- -To prevent Internet Explorer from overriding the display of this custom error -page by displaying it's own "Friendly HTTP Error Message", always include the -following 'padding' to ensure that the text size exceeds 512 bytes: - -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] -[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding] ---> -</body> -</html> - diff --git a/base/ra/apache/docroot/admin/group/add.cgi b/base/ra/apache/docroot/admin/group/add.cgi deleted file mode 100755 index 212330d0d..000000000 --- a/base/ra/apache/docroot/admin/group/add.cgi +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - my $name = $util->get_val($q->param('name')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_group($gid); - if (defined($ref)) { - # gid used - print $q->redirect("/admin/group/add_new.cgi?error=exist"); - return; - } - my $ref = $store->add_group($gid, $name); - $store->close(); - - print $q->redirect("/admin/group/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/add_member.cgi b/base/ra/apache/docroot/admin/group/add_member.cgi deleted file mode 100755 index d60fe965e..000000000 --- a/base/ra/apache/docroot/admin/group/add_member.cgi +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->add_user_to_group($gid, $userid); - $store->close(); - - print $q->redirect("/admin/group/read.cgi?gid=" . $gid); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/add_new.cgi b/base/ra/apache/docroot/admin/group/add_new.cgi deleted file mode 100755 index 5a1ca7eda..000000000 --- a/base/ra/apache/docroot/admin/group/add_new.cgi +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - my $error = $q->param('error'); - $context{error} = $util->html_encode($error); - - my $result = $parser->execute_file_with_context("admin/group/add_new.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/add_new.vm b/base/ra/apache/docroot/admin/group/add_new.vm deleted file mode 100644 index e9fac77b8..000000000 --- a/base/ra/apache/docroot/admin/group/add_new.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Add New Group</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -#if ($error == 'exist') -<font color=red>Group already exists</font> -<p> -#end -<center> -<form name="add_new_form" method=post action="add.cgi"> -<table> -<tr> - <td><b>GID</b></td> - <td><input type=text name="gid" value=""></td> -</tr> -<tr> - <td><b>Name</b></td> - <td><input type=text name="name" value=""></td> -</tr> -</table> -</form> -<a href="#" onclick="document.add_new_form.submit();">Add Group</a> -</center> -<p> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/group/delete.cgi b/base/ra/apache/docroot/admin/group/delete.cgi deleted file mode 100755 index 5fb1f22ce..000000000 --- a/base/ra/apache/docroot/admin/group/delete.cgi +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->delete_group($gid); - $store->close(); - - print $q->redirect("/admin/group/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/delete_member.cgi b/base/ra/apache/docroot/admin/group/delete_member.cgi deleted file mode 100755 index 2e516eeee..000000000 --- a/base/ra/apache/docroot/admin/group/delete_member.cgi +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->delete_user_from_group($gid, $userid); - $store->close(); - - print $q->redirect("/admin/group/read.cgi?gid=" . $gid); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/index.cgi b/base/ra/apache/docroot/admin/group/index.cgi deleted file mode 100755 index 07dc653e6..000000000 --- a/base/ra/apache/docroot/admin/group/index.cgi +++ /dev/null @@ -1,115 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - - my $util = PKI::Base::Util->new(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my @groups = $store->list_groups($sp, $mc); - $store->close(); - - my @r; - my $i = 0; - foreach my $group (@groups) { - $r[$i] = new PKI::RA::GlobalVar( - getGID => sub { return $util->html_encode(Encode::decode('UTF-8', $group->{'gid'})) }, - getName => sub { return $util->html_encode(Encode::decode('UTF-8', $group->{'name'})) }, - ); - $i++; - } - $context{rows} = \@r; - - my $result = $parser->execute_file_with_context("admin/group/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/index.vm b/base/ra/apache/docroot/admin/group/index.vm deleted file mode 100644 index d19cacd2d..000000000 --- a/base/ra/apache/docroot/admin/group/index.vm +++ /dev/null @@ -1,81 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Admin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -<a href="add_new.cgi">Add New Group</a> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>GID</b></td> -<td><b>Name</b></td> -</tr> -#foreach($r in $rows) -<tr valign="TOP"> -<td><a href="read.cgi?gid=$r.getGID()">$r.getGID()</a></td> -<td>$r.getName()</td> -</tr> -#end -</table> -</center> -<p> -<a href="index.cgi?sp=$pp&mc=$mc">Previous</a> | <a href="index.cgi?sp=$np&mc=$mc">Next</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/group/read.cgi b/base/ra/apache/docroot/admin/group/read.cgi deleted file mode 100755 index 9ede3aa53..000000000 --- a/base/ra/apache/docroot/admin/group/read.cgi +++ /dev/null @@ -1,125 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $gid = $util->get_val($q->param('gid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_group($gid); - - $context{gid} = $util->html_encode(Encode::decode('UTF-8', $ref->{'gid'})); - $context{name} = $util->html_encode(Encode::decode('UTF-8', $ref->{'name'})); - - my @members = $store->list_all_members($gid); - my @users = $store->list_all_non_members($gid); - $store->close(); - - # new member in the group - my @r; - my $i = 0; - foreach my $member (@members) { - $r[$i] = new PKI::RA::GlobalVar( - getUID => sub { return $util->html_encode($member->{'uid'}) }, - ); - $i++; - } - $context{members} = \@r; - - # read users - my @u; - $i = 0; - foreach my $user (@users) { - $u[$i] = new PKI::RA::GlobalVar( - getUID => sub { return $util->html_encode($user->{'uid'}) }, - ); - $i++; - } - if ($i == 0) { - $context{non_member_exists} = 0; - } else { - $context{non_member_exists} = 1; - } - $context{users} = \@u; - - my $result = $parser->execute_file_with_context("admin/group/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/group/read.vm b/base/ra/apache/docroot/admin/group/read.vm deleted file mode 100644 index 9aa8c8e1f..000000000 --- a/base/ra/apache/docroot/admin/group/read.vm +++ /dev/null @@ -1,104 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Groups</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> - <td><b>GID</b></td> - <td>$gid</td> -</tr> -<tr valign="TOP"> - <td><b>Name</b></td> - <td>$name</td> -</tr> -</table> -</center> -<p> -<a href="delete.cgi?gid=$gid">Delete This Group</a> -<p> ------------------------------------------------ -<br/> -<b>Members</b> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -#foreach($r in $members) -<tr valign="TOP"> -<td><a href="../user/read.cgi?uid=$r.getUID()">$r.getUID()</a> <a href="delete_member.cgi?gid=$gid&uid=$r.getUID()">[Delete]</a></td> -</tr> -#end -</table> -</center> -<br/> ------------------------------------------------ -<br/> -#if ($non_member_exists) -<b>New Member</b> -<form name=new_member_form method=post action="add_member.cgi"> -<input type=hidden name=gid value="$gid"> -<select name=uid> -#foreach ($u in $users) - <option value="$u.getUID()">$u.getUID()</option> -#end -</select> <a href="#" onclick="document.new_member_form.submit();">Add</a> -</form> -#end -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/index.cgi b/base/ra/apache/docroot/admin/index.cgi deleted file mode 100755 index 2db7b2500..000000000 --- a/base/ra/apache/docroot/admin/index.cgi +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/agent/error.cgi?error=Authentication%20Error"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $result = $parser->execute_file_with_context("admin/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/index.vm b/base/ra/apache/docroot/admin/index.vm deleted file mode 100644 index c6add6e6a..000000000 --- a/base/ra/apache/docroot/admin/index.vm +++ /dev/null @@ -1,95 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Admin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -RA Admin Services -</font><br> -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/admin/user/index.cgi">List Users</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/admin/user/add_new.cgi">Add New User</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/admin/group/index.cgi">List Groups</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/admin/group/add_new.cgi">Add New Group</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/user/add.cgi b/base/ra/apache/docroot/admin/user/add.cgi deleted file mode 100755 index 94c4bae81..000000000 --- a/base/ra/apache/docroot/admin/user/add.cgi +++ /dev/null @@ -1,99 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $userid = $util->get_val($q->param('uid')); - my $name = $util->get_val($q->param('name')); - my $email = $util->get_val($q->param('email')); - my $certificate = $util->get_val($q->param('certificate')); - - if ($certificate =~ /BEGIN CERTIFICATE/ || - $certificate =~ /END CERTIFICATE/) { - # do nothing - } else { - print $q->redirect("/admin/user/add_new.cgi?error=cert_header"); - return; - } - $certificate =~ s/-----BEGIN CERTIFICATE-----//g; - $certificate =~ s/-----END CERTIFICATE-----//g; - $certificate =~ s/[\r\n]//g; - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_user($userid); - if (defined($ref)) { - # uid used - print $q->redirect("/admin/user/add_new.cgi?error=exist"); - return; - } - my $ref = $store->add_user($userid, $name, $email, $certificate); - $store->close(); - - print $q->redirect("/admin/user/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/user/add_new.cgi b/base/ra/apache/docroot/admin/user/add_new.cgi deleted file mode 100755 index 8bfbd0e9e..000000000 --- a/base/ra/apache/docroot/admin/user/add_new.cgi +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $error = $util->get_val($q->param('error')); - $context{error} = $error; - - my $result = $parser->execute_file_with_context("admin/user/add_new.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/user/add_new.vm b/base/ra/apache/docroot/admin/user/add_new.vm deleted file mode 100644 index 4d90d4840..000000000 --- a/base/ra/apache/docroot/admin/user/add_new.vm +++ /dev/null @@ -1,95 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Add New User</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -#if ($error == 'exist') -<font color=red>User already exists</font> -<p> -#end -#if ($error == 'cert_header') -<font color=red>Invalid Certificate header</font> -<p> -#end -<center> -<form name="add_new_form" method=post action="add.cgi"> -<table> -<tr> - <td><b>UID</b></td> - <td><input type=text name="uid" value=""></td> -</tr> -<tr> - <td><b>Name</b></td> - <td><input type=text name="name" value=""></td> -</tr> -<tr> - <td><b>Email</b></td> - <td><input type=text name="email" value=""></td> -</tr> -<tr> - <td><b>Certificate</b></td> - <td><textarea name=certificate></textarea></td> -</tr> -</table> -</form> -<a href="#" onclick="document.add_new_form.submit();">Add User</a> -</center> -<p> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/user/delete.cgi b/base/ra/apache/docroot/admin/user/delete.cgi deleted file mode 100755 index 707035edb..000000000 --- a/base/ra/apache/docroot/admin/user/delete.cgi +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $cfg = PKI::Base::Registry->get_config(); - - my $util = PKI::Base::Util->new(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - $store->delete_user($userid); - $store->close(); - - print $q->redirect("/admin/user/index.cgi"); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/user/index.cgi b/base/ra/apache/docroot/admin/user/index.cgi deleted file mode 100755 index c845ae1dc..000000000 --- a/base/ra/apache/docroot/admin/user/index.cgi +++ /dev/null @@ -1,118 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use PKI::Base::Registry; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my $util = PKI::Base::Util->new(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $status = $util->get_alphanum_val($q->param('status')); - $context{status} = $status; - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my @users = $store->list_users($sp, $mc); - $store->close(); - - my @r; - my $i = 0; - foreach my $user (@users) { - $r[$i] = new PKI::RA::GlobalVar( - getUID => sub { return $util->html_encode($user->{'uid'}) }, - getName => sub { return $util->html_encode(Encode::decode('UTF-8',$user->{'name'})) }, - getEmail => sub { return $util->html_encode($user->{'email'}) }, - ); - $i++; - } - $context{rows} = \@r; - - my $result = $parser->execute_file_with_context("admin/user/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/user/index.vm b/base/ra/apache/docroot/admin/user/index.vm deleted file mode 100644 index 7262561f6..000000000 --- a/base/ra/apache/docroot/admin/user/index.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Admin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -<a href="add_new.cgi">Add New User</a> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>UID</b></td> -<td><b>Name</b></td> -<td><b>Email</b></td> -</tr> -#foreach($r in $rows) -<tr valign="TOP"> -<td><a href="read.cgi?uid=$r.getUID()">$r.getUID()</a></td> -<td>$r.getName()</td> -<td>$r.getEmail()</td> -</tr> -#end -</table> -</center> -<p> -<a href="index.cgi?status=$status&sp=$pp&mc=$mc">Previous</a> | <a href="index.cgi?status=$status&sp=$np&mc=$mc">Next</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/admin/user/read.cgi b/base/ra/apache/docroot/admin/user/read.cgi deleted file mode 100755 index 08d2fd3f7..000000000 --- a/base/ra/apache/docroot/admin/user/read.cgi +++ /dev/null @@ -1,97 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->admin_auth($cfg)) { - print $q->redirect("/admin/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $uid; - - my $userid = $util->get_val($q->param('uid')); - - my $store = PKI::Base::UserStore->new(); - $store->open($cfg); - my $ref = $store->read_user($userid); - $store->close(); - - $context{userid} = $util->html_encode($ref->{'uid'}); - $context{name} = $util->html_encode(Encode::decode('UTF-8', $ref->{'name'})); - $context{email} = $util->html_encode($ref->{'email'}); - $context{certificate} = $util->breakline($util->html_encode($ref->{'certificate'}),40); - - my $result = $parser->execute_file_with_context("admin/user/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/admin/user/read.vm b/base/ra/apache/docroot/admin/user/read.vm deleted file mode 100644 index 354d9881f..000000000 --- a/base/ra/apache/docroot/admin/user/read.vm +++ /dev/null @@ -1,88 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Users</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/admin/index.cgi">Administrator Interface</a> -</font><br> -<p> -</font> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> - <td><b>UID</b></td> - <td>$userid</td> -</tr> -<tr valign="TOP"> - <td><b>Name</b></td> - <td>$name</td> -</tr> -<tr valign="TOP"> - <td><b>Email</b></td> - <td>$email</td> -</tr> -<tr valign="TOP"> - <td><b>Certificate</b></td> - <td>$certificate</td> -</tr> -</table> -</center> -<p> -<a href="delete.cgi?uid=$userid">[Delete]</a> -<p> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/cert/index.cgi b/base/ra/apache/docroot/agent/cert/index.cgi deleted file mode 100755 index 46e5b8c2c..000000000 --- a/base/ra/apache/docroot/agent/cert/index.cgi +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Base::CertStore; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my @roles = $self->get_current_roles($cfg); - my $r = join(",",@roles); - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my @certs = $cs->list_certs_by_approver($uid, $sp, $mc); - $cs->close(); - - my @r; - my $i = 0; - foreach my $cert (@certs) { - $r[$i] = new PKI::RA::GlobalVar( - getReqId => sub { return $util->html_encode($cert->{'rid'}) }, - getSerialno => sub { return $util->html_encode($cert->{'serialno'}) }, - getSubjectDN => sub { return $util->html_encode($cert->{'subject_dn'}) }, - getCertificate => sub { return $util->html_encode($cert->{'certificate'}) }, - getApprovedBy => sub { return $util->html_encode($cert->{'approved_by'}) }, - getCreatedAt => sub { return $util->html_encode($cert->{'created_at'}); }, - ); - $i++; - } - $context{rows} = \@r; - - my $result = $parser->execute_file_with_context("agent/cert/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/cert/index.vm b/base/ra/apache/docroot/agent/cert/index.vm deleted file mode 100644 index f9229b0f9..000000000 --- a/base/ra/apache/docroot/agent/cert/index.vm +++ /dev/null @@ -1,86 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Agent</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -<br>List Certificates Approved by: $uid -</font><br> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Serial#</b></td> -<td><b>Request ID</b></td> -<td><b>Subject DN</b></td> -<td><b>Approved By</b></td> -<td><b>Created At</b></td> -</tr> -#foreach($r in $rows) -<tr valign="TOP"> -<td><a href="read.cgi?serialno=$r.getSerialno()">$r.getSerialno()</a></td> -<td><a href="/agent/request/read.cgi?id=$r.getReqId()">$r.getReqId()</a></td> -<td>$r.getSubjectDN()</td> -<td>$r.getApprovedBy()</td> -<td>$r.getCreatedAt()</td> -</tr> -#end -</table> -</center> -<p> -<a href="index.cgi?sp=$pp&mc=$mc">Previous</a> | <a href="index.cgi?sp=$np&mc=$mc">Next</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/cert/read.cgi b/base/ra/apache/docroot/agent/cert/read.cgi deleted file mode 100755 index f434baedb..000000000 --- a/base/ra/apache/docroot/agent/cert/read.cgi +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Conn::CA; -use Encode; -use vars qw (@ISA); -use PKI::Service::Op; - -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $serialno = $util->get_alphanum_val($q->param('serialno')); - - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my $ref = $cs->read_certificate_by_approver($uid, $serialno); - $cs->close(); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - my $certStatus = $ca->getCertStatus("ca1", $serialno); - $ca->close(); - - - $context{certificate} = $util->breakline($util->html_encode($ref->{'certificate'}), 40); - - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8', $ref->{'subject_dn'})); - $context{created_at} = $util->html_encode($ref->{'created_at'}); - $context{approved_by} = $util->html_encode($ref->{'approved_by'}); - $context{rid} = $util->html_encode($ref->{'rid'}); - $context{certStatus} = $util->html_encode($certStatus); - - my $result = $parser->execute_file_with_context("agent/cert/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/cert/read.vm b/base/ra/apache/docroot/agent/cert/read.vm deleted file mode 100644 index 43c78ffa4..000000000 --- a/base/ra/apache/docroot/agent/cert/read.vm +++ /dev/null @@ -1,96 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificates</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -<br>Certificate Information -</font><br> -<p> -</font> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Serial Number</b></td> -<td><a href="read.cgi?serialno=$serialno">$serialno</a></td> -</tr> -<tr valign="TOP"> -<td><b>Subject DN</b></td> -<td>$subject_dn</td> -</tr> -<tr valign="TOP"> -<td><b>Certificate</b></td> -<td>$certificate</td> -</tr> -<tr valign="TOP"> -<td><b>Approved By</b></td> -<td>$approved_by</td> -</tr> -<tr valign="TOP"> -<td><b>Created At</b></td> -<td>$created_at</td> -</tr> -<tr valign="TOP"> -<td><b>Revocation Status</b></td> -<td>$certStatus</td> -</tr> -</table> -</center> -<br/> -<a href="/agent/cert/revoke.cgi?rid=$rid&serialno=$serialno&subject_dn=$subject_dn">Revoke</a> -<br/> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/cert/revoke.cgi b/base/ra/apache/docroot/agent/cert/revoke.cgi deleted file mode 100755 index 1e483aea0..000000000 --- a/base/ra/apache/docroot/agent/cert/revoke.cgi +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Base::Util; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $serialno = $util->get_alphanum_val($q->param('serialno')); - my $subject_dn = $util->get_val($q->param('subject_dn')); - my $rid = $util->get_alphanum_val($q->param('rid')); - - $context{serialno} = $util->html_encode($serialno); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8',$subject_dn)); - $context{rid} = $util->html_encode($rid); - - my $result = $parser->execute_file_with_context("agent/cert/revoke.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/cert/revoke.vm b/base/ra/apache/docroot/agent/cert/revoke.vm deleted file mode 100644 index 626bbed42..000000000 --- a/base/ra/apache/docroot/agent/cert/revoke.vm +++ /dev/null @@ -1,111 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificate Revocation</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -<br>Revoking Certificate: -</font><br> -<p> -</font> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Serial Number:</b></td> -<td>$serialno</td> -</tr> -<tr valign="TOP"> -<td><b>Subject DN:</b></td> -<td>$subject_dn</td> -</tr> -</table> -<br> -<b>Select A Reason:</b> -</br> -<table> -<form name=reason_form method=post action=submit.cgi> -<input type=hidden name=serialno value="$serialno"> -<input type=hidden name=subject_dn value="$subject_dn"> -<input type=hidden name=rid value="$rid"> -<tr> -<td><input checked type=radio name="reason" value="0">Unspecified</td> -</tr> -<tr> -<td><input type=radio name="reason" value="1">Key compromised</td> -</tr> -<tr> -<td><input type=radio name="reason" value="2">CA key compromised</td> -</tr> -<tr> -<td><input type=radio name="reason" value="3">Affiliation changed</td> -</tr> -<tr> -<td><input type=radio name="reason" value="4">Certificate superseded</td> -</tr> -<tr> -<td><input type=radio name="reason" value="5">Cessation of operation</td> -</tr> -<tr> -<td><input type=radio name="reason" value="6">Certificate is on hold</td> -</tr> -</form> -</table> -</center> -<br/> -<a href="#" onclick="document.reason_form.submit();">Submit</a> -<br/> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/cert/submit.cgi b/base/ra/apache/docroot/agent/cert/submit.cgi deleted file mode 100755 index 571385f3a..000000000 --- a/base/ra/apache/docroot/agent/cert/submit.cgi +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Conn::CA; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $serialno = $util->get_alphanum_val($q->param('serialno')); - my $subject_dn = $util->get_val($q->param('subject_dn')); - my $reason = $util->get_alphanum_val($q->param('reason')); - my $rid = $util->get_alphanum_val($q->param('rid')); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - $ca->revoke($rid, "ca1", $serialno, $reason); - $ca->close(); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - - my $ref = $queue->read_request($rid); - $context{errorString} = $util->html_encode($ref->{'errorString'}); - $queue->close(); - - $context{rid} = $util->html_encode($rid); - $context{serialno} = $util->html_encode($serialno); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8', $subject_dn)); - - my $result = $parser->execute_file_with_context("agent/cert/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/cert/submit.vm b/base/ra/apache/docroot/agent/cert/submit.vm deleted file mode 100644 index 730228715..000000000 --- a/base/ra/apache/docroot/agent/cert/submit.vm +++ /dev/null @@ -1,91 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificate Revocation Submission</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -<br>Revocation of Certificate: -</font><br> -<p> -</font> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Serial Number:</b></td> -<td>$serialno</td> -</tr> -<tr valign="TOP"> -<td><b>Subject DN:</b></td> -<td>$subject_dn</td> -</tr> -<tr> -<td><b>Result:</b></td> -#if ($errorString == "0") -<td>Revoked</td> -#else -<td>Failed: $errorString</td> -#end -</tr> -<tr> -<td><b>Request ID:</b></td> -<td><a href="/agent/request/read.cgi?id=$rid">$rid</a></td> -</tr> -</table> -<br> -</center> -<br/> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/error.cgi b/base/ra/apache/docroot/agent/error.cgi deleted file mode 100755 index fa13365a7..000000000 --- a/base/ra/apache/docroot/agent/error.cgi +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Util; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $util = PKI::Base::Util->new(); - - my $error = $util->get_val($q->param('error')); - - my %context; - if ($error ne "") { - $context{has_error} = 1; - $context{'error'} = $util->html_encode($error); - } - - my $result = $parser->execute_file_with_context("agent/error.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/error.vm b/base/ra/apache/docroot/agent/error.vm deleted file mode 100644 index dbe65cb58..000000000 --- a/base/ra/apache/docroot/agent/error.vm +++ /dev/null @@ -1,72 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Agent Error!</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -Agent Interface -</font><br> -<p> -</font> -<p> -<center> -You are not authorized to access the requested page. -<br> -#if ($has_error) - Error: $error -#end -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/index.cgi b/base/ra/apache/docroot/agent/index.cgi deleted file mode 100755 index c8f2040fe..000000000 --- a/base/ra/apache/docroot/agent/index.cgi +++ /dev/null @@ -1,83 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Registry; -use PKI::Base::Util; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi?error=Authentication%20Error"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $result = $parser->execute_file_with_context("agent/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/index.vm b/base/ra/apache/docroot/agent/index.vm deleted file mode 100644 index 5bd952ba2..000000000 --- a/base/ra/apache/docroot/agent/index.vm +++ /dev/null @@ -1,81 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Agent</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -RA Agent Services -</font><br> -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/agent/request/index.cgi">List Requests</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/agent/cert/index.cgi">List Certificates</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/request/add_note.cgi b/base/ra/apache/docroot/agent/request/add_note.cgi deleted file mode 100755 index 0ffac91c7..000000000 --- a/base/ra/apache/docroot/agent/request/add_note.cgi +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Base::TimeTool; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $id = $util->get_alphanum_val($q->param('id')); - my $note = $util->get_val($q->param('note')); - - if ($note eq "") { - # dont add anything - print $q->redirect("/agent/request/read.cgi?id=" . $id); - return; - } - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $new_note = "==== Note created by $uid at $now ====\n" . - $note . "\n"; - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $ref = $queue->read_request($id); - $queue->set_request($id, "note", $ref->{'note'} . $new_note); - $queue->close(); - - print $q->redirect("/agent/request/read.cgi?id=" . $id); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/request/index.cgi b/base/ra/apache/docroot/agent/request/index.cgi deleted file mode 100755 index 81b25977a..000000000 --- a/base/ra/apache/docroot/agent/request/index.cgi +++ /dev/null @@ -1,146 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::RA::GlobalVar; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Service::Op; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - $self->debug_log( $cfg, "in request/index.cgi, uid == $uid"); - - my %context; - $context{uid} = $util->html_encode($uid); - - my @roles = $self->get_current_roles($cfg); -# my $r = join(",",@roles); - - my $status = $util->get_alphanum_val($q->param('status')); - if ($status eq "") { - $context{status} = ""; - } else { - $context{status} = $util->html_encode($status); - } - - my $sp = $util->get_alphanum_val($q->param('sp')); - if ($sp eq "") { - $sp = "0"; - } - $context{sp} = $sp; - my $mc = $util->get_alphanum_val($q->param('mc')); - if ($mc eq "") { - $mc = "20"; - } - $context{mc} = $mc; - $context{pp} = $sp - $mc; # previous pos (for paging) - $context{np} = $sp + $mc; # next pos (for paging) - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $total = $queue->count_requests_by_roles(\@roles, $status); - $context{total} = $util->html_encode($total); - - my @reqs = $queue->list_requests_by_roles(\@roles, $status, $sp, $mc); -# my @reqs = $queue->list_requests_by_roles($r, $status, $sp, $mc); - $queue->close(); - - my @r; - my $i = 0; - foreach my $req (@reqs) { - $r[$i] = new PKI::RA::GlobalVar( - getId => sub { return $util->html_encode($req->{'rowid'}) }, - getType => sub { return $util->html_encode($req->{'type'}) }, - getStatus => sub { return $util->html_encode($req->{'status'}) }, - getError => sub { return $util->html_encode($req->{'errorString'}) }, - getAssignedTo => sub { return $util->html_encode($req->{'assigned_to'}) }, - getData => sub { return $util->html_encode($req->{'data'}); }, - getCreatedBy => sub { return $util->html_encode($req->{'created_by'}); }, - getCreatedAt => sub { return $util->html_encode($req->{'created_at'}); }, - ); - $i++; - } - $context{rows} = \@r; - - if ($sp - $mc < 0) { - $context{show_previous} = "no"; - } else { - $context{show_previous} = "yes"; - } - - if ($i < 20) { - $context{show_next} = "no"; - } else { - $context{show_next} = "yes"; - } - - my $result = $parser->execute_file_with_context("agent/request/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/request/index.vm b/base/ra/apache/docroot/agent/request/index.vm deleted file mode 100644 index dd9901fdb..000000000 --- a/base/ra/apache/docroot/agent/request/index.vm +++ /dev/null @@ -1,95 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Agent</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -</font><br> -<p> -<a href="index.cgi">All</a> | <a href="index.cgi?status=OPEN">OPEN</a> | <a href="index.cgi?status=APPROVED">APPROVED</a> | <a href="index.cgi?status=REJECTED">REJECTED</a> | <a href="index.cgi?status=ERROR">FAILED</a> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Id</b></td> -<td><b>Type</b></td> -<td><b>Status</b></td> -<td><b>Assigned To</b></td> -<td><b>Created By</b></td> -<td><b>Created At</b></td> -<td><b>Error</b></td> -</tr> -#foreach($r in $rows) -<tr valign="TOP"> -<td><a href="read.cgi?id=$r.getId()">$r.getId()</a></td> -<td>$r.getType()</td> -<td>$r.getStatus()</td> -<td>$r.getAssignedTo()</td> -<td>$r.getCreatedBy()</td> -<td>$r.getCreatedAt()</td> -<td>$r.getError()</td> -</tr> -#end -</table> -</center> -<p> -Total: $total -<br/> -<br/> -<a href="index.cgi?status=$status&sp=$pp&mc=$mc">Previous</a> | -<a href="index.cgi?status=$status&sp=$np&mc=$mc">Next</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/request/op.cgi b/base/ra/apache/docroot/agent/request/op.cgi deleted file mode 100755 index 363d7121b..000000000 --- a/base/ra/apache/docroot/agent/request/op.cgi +++ /dev/null @@ -1,153 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use Benchmark; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Base::Util; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $st = new Benchmark; - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - my $type = $util->get_alphanum_val($q->param('type')); - my $id = $util->get_alphanum_val($q->param('id')); - - my $db_st = new Benchmark; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - - my $ref; - - my @roles = $self->get_current_roles($cfg); - my $pref = $queue->read_request_by_roles(\@roles, $id); - - if (! defined $pref) { - $queue->close(); - $self->debug_log($cfg, "Invalid attempt to process request id= " . $id . - " by userid= " . $uid); - print $q->redirect("/agent/error.cgi"); - return; - } - - my $curr_status = $pref->{'status'}; - if ($type eq "approve") { - if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { - $queue->close(); - print $q->redirect("/agent/request/read.cgi?id=$id"); - return; - } - - $ref = $queue->approve_request($id, $uid); - } elsif ($type eq "reject") { - if (($curr_status ne "OPEN") && ($curr_status ne "ERROR")) { - $queue->close(); - print $q->redirect("/agent/request/read.cgi?id=$id"); - return; - } - - $ref = $queue->reject_request($id, $uid); - } - $queue->close(); - my $db_et = new Benchmark; - - $context{data} = $util->breakline($util->html_encode(Encode::decode('UTF-8', $ref->{'data'})), 40); - $context{output} = $util->breakline($util->html_encode($ref->{'output'}), 40); - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{type} = $util->html_encode($ref->{'type'}); - $context{ip} = $util->html_encode($ref->{'ip'}); - $context{note} = $util->html_encode($ref->{'note'}); - $context{note} =~ s/\n/<br\/>/g; - $context{created_at} = $util->html_encode($ref->{'created_at'}); - $context{updated_at} = $util->html_encode($ref->{'updated_at'}); - $context{assigned_to} = $util->html_encode($ref->{'assigned_to'}); - $context{processed_by} = $util->html_encode($ref->{'processed_by'}); - $context{created_by} = $util->html_encode($ref->{'created_by'}); - $context{status} = $util->html_encode($ref->{'status'}); - $context{errorString} = $util->html_encode($ref->{'errorString'}); - $context{id} = $util->html_encode($ref->{'rowid'}); - - my $t_st = new Benchmark; - my $result = $parser->execute_file_with_context("agent/request/op.vm", - \%context); - my $t_et = new Benchmark; - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } - - my $et = new Benchmark; - - $self->debug_log($cfg, "benchmark " . - "total=" . timestr(timediff($et, $st)) . " " . - "db total=" . timestr(timediff($db_et, $db_st)) . " " . - "template total=" . timestr(timediff($t_et, $t_st)) . " " - ); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/request/op.vm b/base/ra/apache/docroot/agent/request/op.vm deleted file mode 100644 index d5bc2dfe4..000000000 --- a/base/ra/apache/docroot/agent/request/op.vm +++ /dev/null @@ -1,127 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificate Request Operations</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -</font><br> -<p> -<a href="index.cgi">All</a> | <a href="index.cgi?status=OPEN">OPEN</a> | <a href="index.cgi?status=APPROVED">APPROVED</a> | <a href="index.cgi?status=REJECTED">REJECTED</a> | <a href="index.cgi?status=ERROR">FAILED</a> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Request Id</b></td> -<td><a href="read.cgi?id=$id">$id</a></td> -</tr> -<tr valign="TOP"> -<td><b>Type</b></td> -<td>$type</td> -</tr> -<tr valign="TOP"> -<td><b>Data</b></td> -<td>$data</td> -</tr> -<tr valign="TOP"> -<td><b>Output</b></td> -<td>$output</td> -</tr> -<tr valign="TOP"> -<td><b>Serial Number</b></td> -<td>$serialno</td> -</tr> -<tr valign="TOP"> -<td><b>Status</b></td> -<td>$status</td> -</tr> -<tr valign="TOP"> -<td><b>Error</b></td> -<td>$errorString</td> -</tr> -<tr valign="TOP"> -<td><b>Assigned To</b></td> -<td>$assigned_to</td> -</tr> -<tr valign="TOP"> -<td><b>Created By</b></td> -<td>$created_by</td> -</tr> -<tr valign="TOP"> -<td><b>Updated At</b></td> -<td>$updated_at</td> -</tr> -<tr valign="TOP"> -<td><b>Processed By</b></td> -<td>$processed_by</td> -</tr> -<tr valign="TOP"> -<td><b>Created At</b></td> -<td>$created_at</td> -</tr> -<tr valign="TOP"> -<td><b>IP</b></td> -<td>$ip</td> -</tr> -<tr valign="TOP"> -<td><b>Note</b></td> -<td>$note</td> -</tr> -</table> -</center> - -<br/> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/agent/request/read.cgi b/base/ra/apache/docroot/agent/request/read.cgi deleted file mode 100755 index d1633c164..000000000 --- a/base/ra/apache/docroot/agent/request/read.cgi +++ /dev/null @@ -1,119 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Base::Util; -use PKI::Request::Queue; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - if (!$self->agent_auth($cfg)) { - print $q->redirect("/agent/error.cgi"); - return; - } - my $uid = $self->get_current_uid($cfg); - - my %context; - $context{uid} = $util->html_encode($uid); - - - my @roles = $self->get_current_roles($cfg); -# my $r = join(",",@roles); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $ref = $queue->read_request_by_roles(\@roles, $id); - $queue->close(); - - $context{data} = $util->breakline($util->html_encode(Encode::decode('UTF-8',$ref->{'data'})), 40); - $context{output} = $util->breakline($util->html_encode($ref->{'output'}), 40); - $context{meta_info} = $util->breakline($util->html_encode($ref->{'meta_info'}), 40); - - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{subject_dn} = $util->html_encode($ref->{'subject_dn'}); - $context{type} = $util->html_encode($ref->{'type'}); - $context{created_at} = $util->html_encode($ref->{'created_at'}); - $context{created_by} = $util->html_encode($ref->{'created_by'}); - $context{updated_at} = $util->html_encode($ref->{'updated_at'}); - $context{ip} = $util->html_encode($ref->{'ip'}); - $context{processed_by} = $util->html_encode($ref->{'processed_by'}); - $context{note} = $util->html_encode($ref->{'note'}); - $context{note} =~ s/\n/<br\/>/g; - $context{assigned_to} = $util->html_encode($ref->{'assigned_to'}); - $context{status} = $util->html_encode($ref->{'status'}); - if ($ref->{'status'} eq "OPEN") { - $context{is_open} = 1; - } - if ($ref->{'status'} eq "ERROR") { - $context{is_error} = 1; - } - $context{errorString} = $util->html_encode($ref->{'errorString'}); - $context{id} = $util->html_encode($ref->{'rowid'}); - - my $result = $parser->execute_file_with_context("agent/request/read.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/agent/request/read.vm b/base/ra/apache/docroot/agent/request/read.vm deleted file mode 100644 index c583be021..000000000 --- a/base/ra/apache/docroot/agent/request/read.vm +++ /dev/null @@ -1,149 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificate Requests</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -UID: $uid -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/agent/index.cgi">Agent Interface</a> -</font><br> -<p> -<a href="index.cgi">All</a> | <a href="index.cgi?status=OPEN">OPEN</a> | <a href="index.cgi?status=APPROVED">APPROVED</a> | <a href="index.cgi?status=REJECTED">REJECTED</a>| <a href="index.cgi?status=ERROR">FAILED</a> -<p> -<center> -<table border="1" cellspacing="1" cellpadding="1"> -<tr valign="TOP"> -<td><b>Request Id</b></td> -<td><a href="read.cgi?id=$id">$id</a></td> -</tr> -<tr valign="TOP"> -<td><b>Type</b></td> -<td>$type</td> -</tr> -<tr valign="TOP"> -<td><b>Data</b></td> -<td>$data</td> -</tr> -<tr valign="TOP"> -<td><b>Output</b></td> -<td>$output</td> -</tr> -<tr valign="TOP"> -<td><b>Serial Number</b></td> -#if ($serialno == "unavailable") -<td>$serialno</td> -#else -<td><a href="/agent/cert/read.cgi?serialno=$serialno">$serialno</a></td> -#end -</tr> -<tr valign="TOP"> -<td><b>Subject DN</b></td> -<td>$subject_dn</td> -</tr> -<tr valign="TOP"> -<td><b>Meta Info</b></td> -<td>$meta_info</td> -</tr> -<tr valign="TOP"> -<td><b>Status</b></td> -<td>$status</td> -</tr> -<tr valign="TOP"> -<td><b>Error</b></td> -<td>$errorString</td> -</tr> -<tr valign="TOP"> -<td><b>Assigned To</b></td> -<td>$assigned_to</td> -</tr> -<tr valign="TOP"> -<td><b>Created By</b></td> -<td>$created_by</td> -</tr> -<tr valign="TOP"> -<td><b>Updated At</b></td> -<td>$updated_at</td> -</tr> -<tr valign="TOP"> -<td><b>Processed By</b></td> -<td>$processed_by</td> -</tr> -<tr valign="TOP"> -<td><b>Created At</b></td> -<td>$created_at</td> -</tr> -<tr valign="TOP"> -<td><b>IP</b></td> -<td>$ip</td> -</tr> -<tr valign="TOP"> -<td><b>Note</b></td> -<td>$note</td> -</tr> -</table> -</center> -<br/> -#if ($is_open || $is_error) -<a href="op.cgi?type=approve&id=$id">Approve</a> | <a href="op.cgi?type=reject&id=$id">Reject</a> -<br/> -<br/> -#end -<form name=note_form method=post action=add_note.cgi> -<input type=hidden name=id value="$id"> -<textarea name=note> -</textarea> -</form> -<a href="#" onclick="document.note_form.submit();">Add Note</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/agent/enroll.cgi b/base/ra/apache/docroot/ee/agent/enroll.cgi deleted file mode 100755 index 4f1af8f16..000000000 --- a/base/ra/apache/docroot/ee/agent/enroll.cgi +++ /dev/null @@ -1,127 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use MIME::Base64; -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; -use PKI::Request::Queue; -use PKI::Conn::CA; -use PKI::Base::PinStore; -use PKI::Base::Util; - -use vars qw (@ISA); -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $uid = $util->get_val($q->param('uid')); - my $pin = $util->get_alphanum_val($q->param('pin')); - my $csr = $util->get_val($q->param('csr')); - $csr = $util->normalize_csr($csr); - - my $key = $uid; - - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - my $pinref = $pin_store->read_pin($key); - if (defined($pinref) && $pinref->{'pin'} eq $pin) { - $pin_store->delete($key); - } else { - $pin_store->close(); - print $q->redirect("/ee/error.cgi?error=Invalid Pin"); - return; - } - my $rid = $pinref->{'rid'}; - $pin_store->close(); - - my $profile_id = $cfg->get("request.agent.profileId"); - my $cert_request_type = $cfg->get("request.agent.reqType"); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($rid); - $queue->set_request($rid, "subject_dn", "uid=$uid, e=$req->{'created_by'}"); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - my $cert = $ca->enroll($rid, "ca1", $profile_id, $cert_request_type, $csr); - $ca->close(); - $queue->set_request($rid, "output", $cert); - - $req = $queue->read_request($rid); - if ($cert eq "") { - my $error = $req->{'errorString'}; - $queue->close(); - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - - my $decoded = decode_base64($cert); - my $encoded = encode_base64($decoded); - - my %context; - $context{cert} = $encoded; - $context{rid} = $util->html_encode($rid); - $context{subject_dn} = $util->html_encode($req->{'subject_dn'}); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/agent/enroll.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/enroll.vm b/base/ra/apache/docroot/ee/agent/enroll.vm deleted file mode 100644 index 203b02696..000000000 --- a/base/ra/apache/docroot/ee/agent/enroll.vm +++ /dev/null @@ -1,74 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Agent Certificate Enrollment</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> -Enroll Interface -</font><br> -<p> -<b>Your Certificate:</b> -<br/> -<b>Subject DN:</b> $subject_dn -<br/> -<pre> ------BEGIN CERTIFICATE----- -$cert ------END CERTIFICATE----- -</pre> -<a href="/ee/request/importcert.cgi?id=$rid">import certificate</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/agent/index.cgi b/base/ra/apache/docroot/ee/agent/index.cgi deleted file mode 100755 index 66fceb8ff..000000000 --- a/base/ra/apache/docroot/ee/agent/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Registry; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/agent/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/index.vm b/base/ra/apache/docroot/ee/agent/index.vm deleted file mode 100644 index 9fc991d6a..000000000 --- a/base/ra/apache/docroot/ee/agent/index.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> -</font><br> -<p> -For RA agent enrollment, an agent must submit a pin creation request first before performing certificate enrollment. -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="new.cgi">Pin Creation Request</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="start.cgi">Certificate Enrollment</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/agent/new.cgi b/base/ra/apache/docroot/ee/agent/new.cgi deleted file mode 100755 index c209f5e74..000000000 --- a/base/ra/apache/docroot/ee/agent/new.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Registry; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/agent/new.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } - -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/new.vm b/base/ra/apache/docroot/ee/agent/new.vm deleted file mode 100644 index bca0a37fc..000000000 --- a/base/ra/apache/docroot/ee/agent/new.vm +++ /dev/null @@ -1,88 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Agent Certificate Request</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> -Agent Interface -</font><br> -<p> -This form is for new agent to request for agent certificate. -<p> -<center> -<form method=post action="submit.cgi"> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>UID:</td> - <td><input type=text name=uid value="" ></td> -</tr> -<tr> - <td>Your Email:</td> - <td><input type=text name=email value=""></td> -</tr> -<tr> - <td> </td> - <td> </td> -</tr> -<tr> - <td><input type=submit name=Submit value="Submit"></td> - <td></td> -</tr> -</table> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/agent/start.cgi b/base/ra/apache/docroot/ee/agent/start.cgi deleted file mode 100755 index 27aedb546..000000000 --- a/base/ra/apache/docroot/ee/agent/start.cgi +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Registry; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - - my $result = $parser->execute_file_with_context("ee/agent/start.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/start.vm b/base/ra/apache/docroot/ee/agent/start.vm deleted file mode 100644 index b2b21dc1b..000000000 --- a/base/ra/apache/docroot/ee/agent/start.vm +++ /dev/null @@ -1,114 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Agent Certificate Request Using a One-Time Pin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - -<SCRIPT LANGUAGE="JavaScript"> - -function validate() -{ - with (document.forms[0]) { - crmfObject = crypto.generateCRMFRequest( - "CN=x", - "regToken", "authenticator", - null, - "setCRMFRequest();", - 1024, null, "rsa-dual-use"); - return false; - } -} - -function setCRMFRequest() -{ - with (document.forms[0]) { - csr.value = crmfObject.request; - submit(); - } -} - -</SCRIPT> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> -Agent Interface -</font><br> -<p> -This form is for new RA agent to request a certificate. -<p> -<center> -<form onSubmit="return validate();" method=post action="enroll.cgi"> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>UID:</td> - <td><input type=text name=uid value="" ></td> -</tr> -<tr> - <td>One-Time Pin:</td> - <td><input type=text name=pin value=""></td> -</tr> -<tr> - <td> </td> - <td> </td> -</tr> -<tr> - <td><input type=submit name=Submit value="Submit"></td> - <td></td> -</tr> -</table> -<input type=hidden name="csr" value=""> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/agent/submit.cgi b/base/ra/apache/docroot/ee/agent/submit.cgi deleted file mode 100755 index a68242114..000000000 --- a/base/ra/apache/docroot/ee/agent/submit.cgi +++ /dev/null @@ -1,88 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my $uid = $util->get_val($q->param('uid')); - my $email = $util->get_val($q->param('email')); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("agent", - "uid=" . $uid, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/agent/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/agent/submit.vm b/base/ra/apache/docroot/ee/agent/submit.vm deleted file mode 100644 index aaabee929..000000000 --- a/base/ra/apache/docroot/ee/agent/submit.vm +++ /dev/null @@ -1,73 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Agent Certificate Request Submission</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br /> -</font><br> -<p> -Your request has been successfully submitted. -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Request ID:</td> - <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/error.cgi b/base/ra/apache/docroot/ee/error.cgi deleted file mode 100755 index 1417d4b61..000000000 --- a/base/ra/apache/docroot/ee/error.cgi +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::UserStore; -use PKI::Base::Util; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $util = PKI::Base::Util->new(); - - my %context; - - my $error = $util->get_val($q->param('error')); - if ($error ne "") { - $context{has_error} = 1; - $context{'error'} = $util->html_encode($error); - } - - my $result = $parser->execute_file_with_context("ee/error.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/error.vm b/base/ra/apache/docroot/ee/error.vm deleted file mode 100644 index 0c4e7afcb..000000000 --- a/base/ra/apache/docroot/ee/error.vm +++ /dev/null @@ -1,71 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity Error!</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -EE Interface -</font><br> -<p> -<center> -Request process error -<br> -#if ($has_error) - Error: $error -#end - -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/index.cgi b/base/ra/apache/docroot/ee/index.cgi deleted file mode 100755 index 453b2873b..000000000 --- a/base/ra/apache/docroot/ee/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/index.vm", \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/index.vm b/base/ra/apache/docroot/ee/index.vm deleted file mode 100644 index 70f3443ab..000000000 --- a/base/ra/apache/docroot/ee/index.vm +++ /dev/null @@ -1,102 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -RA EE Services -</font><br> -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/ee/scep/index.cgi">SCEP Enrollment</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/ee/server/index.cgi">Server Enrollment</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/ee/user/index.cgi">User Enrollment</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/ee/agent/index.cgi">Agent Enrollment</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="/ee/request/index.cgi">Request Status Check</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/request/getcert.cgi b/base/ra/apache/docroot/ee/request/getcert.cgi deleted file mode 100755 index b22444dc1..000000000 --- a/base/ra/apache/docroot/ee/request/getcert.cgi +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Template::Velocity; -use MIME::Base64; -use Encode; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($id); - $queue->close(); - - my %context; - $context{id} = $util->html_encode($req->{'rowid'}); - $context{serialno} = $util->html_encode($req->{'serialno'}); - $context{subject_dn} = $util->html_encode(Encode::decode('UTF-8', $req->{'subject_dn'})); - if ($req->{'serialno'} eq "unavailable") { - $context{output} = ""; - } else { - $context{output} = "-----BEGIN CERTIFICATE-----\n".$util->breakline($util->html_encode($req->{'output'}), 40)."\n-----END CERTIFICATE-----"; - } - my $result = $parser->execute_file_with_context("ee/request/getcert.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/getcert.vm b/base/ra/apache/docroot/ee/request/getcert.vm deleted file mode 100644 index 40387a7ef..000000000 --- a/base/ra/apache/docroot/ee/request/getcert.vm +++ /dev/null @@ -1,72 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Import Certificate</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status Check</a> -<br/> -Certificate Import -</font><br> -<p> -<p> -<b>Serial Number:</b>$serialno<br> -<b>Subject DN:</b>$subject_dn<br><br> -<b>Base64 Encoding:</b><br> - <pre>$output</pre> -<b>Import Certificate (click on the following link to import):</b><br> -<a href="importcert.cgi?id=$id">import certificate</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/request/importcert.cgi b/base/ra/apache/docroot/ee/request/importcert.cgi deleted file mode 100755 index fdc309746..000000000 --- a/base/ra/apache/docroot/ee/request/importcert.cgi +++ /dev/null @@ -1,82 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Template::Velocity; -use MIME::Base64; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($id); - $queue->close(); - - my %context; -# $::symbol{id} = $req->{'rowid'}; -# $::symbol{status} = $req->{'status'}; - -# my $result = $parser->execute_file("ee/request/status.vm"); - - my $cert = MIME::Base64::decode($req->{'output'}); - - print "Content-Type: application/x-x509-user-cert\n\n"; - print $cert; -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/index.cgi b/base/ra/apache/docroot/ee/request/index.cgi deleted file mode 100755 index ef2a68b23..000000000 --- a/base/ra/apache/docroot/ee/request/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/request/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/index.vm b/base/ra/apache/docroot/ee/request/index.vm deleted file mode 100644 index 42dc259ac..000000000 --- a/base/ra/apache/docroot/ee/request/index.vm +++ /dev/null @@ -1,67 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status</a><br /> -</font><br> -<p> -<form name=form method=post action="status.cgi"> -Request Id: <input type=text name=id value=""> -</form> -<a href="#" onclick="document.form.submit();">Check</a> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/request/status.cgi b/base/ra/apache/docroot/ee/request/status.cgi deleted file mode 100755 index 6a3154716..000000000 --- a/base/ra/apache/docroot/ee/request/status.cgi +++ /dev/null @@ -1,94 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; -use Template::Velocity; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - - my $util = PKI::Base::Util->new(); - - my $id = $util->get_alphanum_val($q->param('id')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($id); - $queue->close(); - if ($req == "") { - print $q->redirect("/ee/error.cgi?error=request%20not%20found"); - return; - } - - my %context; - $context{id} = $util->html_encode($req->{'rowid'}); - $context{type} =$util->html_encode($req->{'type'}); - $context{status} = $util->html_encode($req->{'status'}); - $context{serialno} = $util->html_encode($req->{'serialno'}); - $context{errorString} = $util->html_encode($req->{'errorString'}); - - my $result = $parser->execute_file_with_context("ee/request/status.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/request/status.vm b/base/ra/apache/docroot/ee/request/status.vm deleted file mode 100644 index ed61cdbe4..000000000 --- a/base/ra/apache/docroot/ee/request/status.vm +++ /dev/null @@ -1,91 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Certificate Request Status</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status Check</a> -<br/> -Request Status -</font><br> -<p> -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%><b>Request ID:</b></td> - <td><a href="status.cgi?id=$id">$id</a></td> -</tr> -<tr> - <td width=20%><b>Status:</b></td> - <td>$status</td> -</tr> -<tr> - <td width=20%><b>Error Message:</b></td> - <td>$errorString</td> -</tr> -#if ($status == "APPROVED") -#if ($serialno != "unavailable") -<tr> - <td width=20%><b>Import Certificate:</b></td> - <td><a href="getcert.cgi?id=$id">$id</td> -</tr> -#end -#end -</table> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/scep/enroll.cgi b/base/ra/apache/docroot/ee/scep/enroll.cgi deleted file mode 100755 index 53291636a..000000000 --- a/base/ra/apache/docroot/ee/scep/enroll.cgi +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use MIME::Base64; -use URI::URL; -use URI::Escape; -use XML::Simple; -use CGI; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Conn::CA; -use PKI::Base::PinStore; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $client_id = $util->get_val($q->param('client_id')); - my $site_id = $util->get_val($q->param('site_id')); - my $pin = $util->get_alphanum_val($q->param('pin')); - my $csr = $util->get_val($q->param('csr')); - - my $key = $client_id . "/" . $site_id; - - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - my $pinref = $pin_store->read_pin($key); - if (defined($pinref) && $pinref->{'pin'} eq $pin) { - $pin_store->delete($key); - } else { - $pin_store->close(); - # error, redirect user back to the original enrollment page - print $q->redirect("/ee/scep/installer.cgi"); - return; - } - $pin_store->close(); - - my $profile_id = $cfg->get("request.scep.profileId"); - my $cert_request_type = $cfg->get("request.scep.reqType"); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - my $cert = $ca->enroll($pinref->{'rid'}, "ca1", $profile_id, $cert_request_type, $csr); - $ca->close(); - my $decoded = decode_base64($cert); - my $encoded = encode_base64($decoded); - - my %context; - $context{cert} = $encoded; - - my $result = $parser->execute_file_with_context("ee/scep/enroll.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/enroll.vm b/base/ra/apache/docroot/ee/scep/enroll.vm deleted file mode 100644 index 2893eac1c..000000000 --- a/base/ra/apache/docroot/ee/scep/enroll.vm +++ /dev/null @@ -1,74 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>SCEP Router Enrollment</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> -Installer Interface -</font><br> -<p> -This form is for router installer to retrieve the requested certificate. -<p> - <b>Your Certificate:</b> -<br/> -<pre> ------BEGIN CERTIFICATE----- -$cert ------END CERTIFICATE----- -</pre> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/scep/index.cgi b/base/ra/apache/docroot/ee/scep/index.cgi deleted file mode 100755 index c73fc379a..000000000 --- a/base/ra/apache/docroot/ee/scep/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/scep/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/index.vm b/base/ra/apache/docroot/ee/scep/index.vm deleted file mode 100644 index 3d75a8d40..000000000 --- a/base/ra/apache/docroot/ee/scep/index.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> -</font><br> -<p> -In the SCEP enrollment, a manager must firstly submit a one-time pin creation request to the RA. RA Agent will then approve and generate an one-time pin. The pin will be returned to the manager who will give the pin to a local router installer. The router installer visits the enrollment form where certificate request, one time pin and other necessary information are submitted. The system will issue the certificate immediately. -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="manager.cgi">Request Submission - Manager</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="installer.cgi">SCEP Enrollment - Installer</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/scep/installer.cgi b/base/ra/apache/docroot/ee/scep/installer.cgi deleted file mode 100755 index 8453c2cc4..000000000 --- a/base/ra/apache/docroot/ee/scep/installer.cgi +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my %context; - $context{machine} = $cfg->get("service.machineName"); - $context{port} = $cfg->get("service.unsecurePort"); - - my $result = $parser->execute_file_with_context("ee/scep/installer.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/installer.vm b/base/ra/apache/docroot/ee/scep/installer.vm deleted file mode 100644 index be9f969ac..000000000 --- a/base/ra/apache/docroot/ee/scep/installer.vm +++ /dev/null @@ -1,73 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>SCEP Router Request Using a One-Time Pin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> -Installer Interface -</font><br> -<p> -This form is for router installer to request a certificate with the given one time pin. -<p> -<center> -The SCEP enrollment URL for the router is: -<br/> -<br/> -http://$machine:$port/ee/scep/pkiclient.cgi -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/scep/manager.cgi b/base/ra/apache/docroot/ee/scep/manager.cgi deleted file mode 100755 index 8b547a928..000000000 --- a/base/ra/apache/docroot/ee/scep/manager.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/scep/manager.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/manager.vm b/base/ra/apache/docroot/ee/scep/manager.vm deleted file mode 100644 index e5b6abed5..000000000 --- a/base/ra/apache/docroot/ee/scep/manager.vm +++ /dev/null @@ -1,123 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>SCEP Router Manager Request for a One-Time Pin</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<SCRIPT LANGUAGE="JavaScript"> - -function validate() -{ - var c = document.enrollment.client_id.value; - if (c == '') { - alert("client id is empty"); - return false; - } - var s = document.enrollment.site_id.value; - if (s == '') { - alert("site id is empty"); - return false; - } - var e = document.enrollment.email.value; - if (e == '') { - alert("email is empty"); - return false; - } -} - -</SCRIPT> - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> -Manager Interface -</font><br> -<p> -This form is for manager to request for a one time pin so that router installer can request for a certificate. -<p> -<script language=javascript> -<!-- - if (navigator.appName == "Microsoft Internet Explorer") { - document.writeln('<form name="enrollment" method=post action="submit.cgi">'); } else { - document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">'); } ---> -</script> - -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Client ID:</td> - <td><input type=text name=client_id value="" ></td> -</tr> -<tr> - <td>Site ID (IP Address):</td> - <td><input type=text name=site_id value=""></td> -</tr> -<tr> - <td>Your Email:</td> - <td><input type=text name=email value=""></td> -</tr> -<tr> - <td> </td> - <td> </td> -</tr> -<tr> - <td><input type=submit name=Submit value="Submit"></td> - <td></td> -</tr> -</table> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/scep/pkiclient.cgi b/base/ra/apache/docroot/ee/scep/pkiclient.cgi deleted file mode 100755 index a54558f37..000000000 --- a/base/ra/apache/docroot/ee/scep/pkiclient.cgi +++ /dev/null @@ -1,113 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use MIME::Base64; -use URI::URL; -use URI::Escape; -use XML::Simple; -use CGI; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Conn::CA; -use PKI::Base::PinStore; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $operation = $util->get_alphanum_val($q->param('operation')); - my $message = $util->get_val($q->param('message')); - $message = uri_escape($message); - - my $ca = PKI::Conn::CA->new(); - $ca->open($cfg); - if ($operation eq "GetCACert") { - my $content = $ca->scep_get_ca_cert("ca1", $operation, $message); - - print "Content-Type: application/x-x509-ca-cert\n\n"; - print $content; - } elsif ($operation eq "PKIOperation") { - my $decoded = $ca->scep_decode("ca1", $operation, $message); - $decoded =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $decoded = $1; - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($decoded); - - # one time pin - my $pin = $response->{'PKCS10'}->{'ChallengePassword'}->{'Password'} ; - # IP Address - my $key = $ENV{'REMOTE_ADDR'}; - - # check PIN - if (1) { - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - my $pinref = $pin_store->read_pin($key); - if (defined($pinref) && $pinref->{'pin'} eq $pin) { - $pin_store->delete($key); - } else { - $pin_store->close(); - # XXX - return SCEP error - print $q->redirect("/ee/scep/installer.cgi"); - return; - } - $pin_store->close(); - } - - my $content = $ca->scep_pki_message("ca1", $operation, $message); - - print "Content-Type: application/x-pki-message\n\n"; - print $content; - } - $ca->close(); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/submit.cgi b/base/ra/apache/docroot/ee/scep/submit.cgi deleted file mode 100755 index b3dfd7a5d..000000000 --- a/base/ra/apache/docroot/ee/scep/submit.cgi +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use DBI; -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $client_id = $util->get_val($q->param('client_id')); - my $site_id = $util->get_val($q->param('site_id')); - my $email = $util->get_val($q->param('email')); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("scep", - "client_id=" . $client_id . ";" . - "site_id=" . $site_id, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/scep/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/scep/submit.vm b/base/ra/apache/docroot/ee/scep/submit.vm deleted file mode 100644 index 6786bf936..000000000 --- a/base/ra/apache/docroot/ee/scep/submit.vm +++ /dev/null @@ -1,76 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>SCEP Router Request Submission</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br /> -Manager Interface -</font><br> -<p> -Your request has been successfully submitted. -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Request ID:</td> - <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</a></td> -</tr> -</table> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/server/admin.cgi b/base/ra/apache/docroot/ee/server/admin.cgi deleted file mode 100755 index 18945da02..000000000 --- a/base/ra/apache/docroot/ee/server/admin.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/server/admin.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/server/admin.vm b/base/ra/apache/docroot/ee/server/admin.vm deleted file mode 100644 index 35af32ca8..000000000 --- a/base/ra/apache/docroot/ee/server/admin.vm +++ /dev/null @@ -1,132 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Server Certificate Request</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - -<SCRIPT LANGUAGE="JavaScript"> - -function validate() -{ - var x = document.enrollment.server_id.value; - if (x == '') { - alert("server id is empty"); - return false; - } - var s = document.enrollment.site_id.value; - if (s == '') { - alert("site id is empty"); - return false; - } - var e = document.enrollment.email.value; - if (e == '') { - alert("email is empty"); - return false; - } - var c = document.enrollment.csr.value; - if (c == '') { - alert("csr is empty"); - return false; - } -} -</SCRIPT> - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/server/index.cgi">Server Enrollment</a><br /> -Server Administrator Interface -</font><br> -<p> -This form is for server administrator to request for a server certificate. -<p> - -<script language=javascript> -<!-- - if (navigator.appName == "Microsoft Internet Explorer") { - document.writeln('<form name="enrollment" method=post action="submit.cgi">'); - } else { - document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">'); - } ---> -</script> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Server ID:</td> - <td><input type=text name=server_id value="" ></td> -</tr> -<tr> - <td>Site ID:</td> - <td><input type=text name=site_id value=""></td> -</tr> -<tr> - <td>Your Email:</td> - <td><input type=text name=email value=""></td> -</tr> -<tr> - <td>CSR:</td> - <td><textarea cols=40 rows=5 name=csr></textarea></td> -</tr> -<tr> - <td> </td> - <td> </td> -</tr> -<tr> - <td><input type=submit name=Submit value="Submit"></td> - <td></td> -</tr> -</table> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/server/index.cgi b/base/ra/apache/docroot/ee/server/index.cgi deleted file mode 100755 index 830409a8b..000000000 --- a/base/ra/apache/docroot/ee/server/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/server/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/server/index.vm b/base/ra/apache/docroot/ee/server/index.vm deleted file mode 100644 index 04727ae41..000000000 --- a/base/ra/apache/docroot/ee/server/index.vm +++ /dev/null @@ -1,76 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/server/index.cgi">Server Enrollment</a><br /> -</font><br> -<p> -Server Administrator must use the following form to submit a request which will later be approved by a RA agent. Upon approval, the administrator will be notified by email and the server certificate can be retrieved. -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="admin.cgi">Request Submission - Administrator</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/server/submit.cgi b/base/ra/apache/docroot/ee/server/submit.cgi deleted file mode 100755 index 4916033ee..000000000 --- a/base/ra/apache/docroot/ee/server/submit.cgi +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Request::Queue; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $util = PKI::Base::Util->new(); - - my $server_id = $util->get_val($q->param('server_id')); - my $site_id = $util->get_val($q->param('site_id')); - my $email = $util->get_val($q->param('email')); - my $csr = $util->get_val($q->param('csr')); - - $csr = $util->normalize_csr($csr); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("server", - "server_id=" . $server_id . ";" . - "site_id=" . $site_id . ";" . - "csr=" . $csr, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - - my $result = $parser->execute_file_with_context("ee/server/submit.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/server/submit.vm b/base/ra/apache/docroot/ee/server/submit.vm deleted file mode 100644 index f08914583..000000000 --- a/base/ra/apache/docroot/ee/server/submit.vm +++ /dev/null @@ -1,75 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>Server Certificate Request Submission</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/server/index.cgi">Server Enrollment</a><br /> -Server Administrator Interface -</font><br> -<p> -Your request has been successfully submitted. -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Request ID:</td> - <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</a></td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/user/index.cgi b/base/ra/apache/docroot/ee/user/index.cgi deleted file mode 100755 index ef6b3aa47..000000000 --- a/base/ra/apache/docroot/ee/user/index.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/user/index.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/index.vm b/base/ra/apache/docroot/ee/user/index.vm deleted file mode 100644 index 76b06a91c..000000000 --- a/base/ra/apache/docroot/ee/user/index.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA End-Entity</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/user/index.cgi">User Enrollment</a><br /> -</font><br> -<p> -For user enrollment, user must access the following forms with appropriate client (i.e. browser) where key pair will be generated. -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="user.cgi">Request Submission - User</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="renewal.cgi">Renewal - User</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/user/renew.cgi b/base/ra/apache/docroot/ee/user/renew.cgi deleted file mode 100755 index 63d646ec9..000000000 --- a/base/ra/apache/docroot/ee/user/renew.cgi +++ /dev/null @@ -1,165 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Base::Conf; -use PKI::Request::Queue; -use Template::Velocity; -use PKI::Service::Op; -use PKI::Base::Util; -use PKI::Base::Registry; - -use vars qw (@ISA); -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my $util = PKI::Base::Util->new(); - my $error = ""; - - my $host = $cfg->get("service.machineName"); - my $port = $cfg->get("service.non_clientauth_securePort"); - - $self->debug_params($cfg, $q); - - my $cert = $self->get_cert_record($cfg); - $self->debug_log( $cfg, "after get_cert_record"); - if (!defined($cert) || ($cert eq "")) { - $self->debug_log( $cfg, "cert not defined"); - $error = "certificate not found in database"; - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - $self->debug_log( $cfg, "got cert"); - - my $csr = $cert->{'csr'}; - if ($csr eq "") { - $error = "csr not found in database"; - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - $self->debug_log( $cfg, "got csr"); - - my $req_id = $cert->{'rid'}; - if ($req_id eq "") { - $error = "reqid not found in database"; - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - $self->debug_log( $cfg, "got req_id = $req_id"); - $self->debug_log( $cfg, "before renewl read/create request"); - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $o_req = $queue->read_request($req_id); - if ($o_req eq "") { - $self->debug_log( $cfg, "got null o_req"); - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - - my $uid = ""; - my $site_id = ""; - my $org_csr = ""; - my $csr_type = ""; - - my $data = $o_req->{'data'}; - foreach $nv (split(/;/, $data)) { - my ($n, $v) = split(/=/, $nv); - if ($n eq "uid") { - $uid = $v; - } - if ($n eq "site_id") { - $site_id = $v; - } - if ($n eq "csr") { - $org_csr = $v; - } - if ($n eq "csr_type") { - $csr_type = $v; - } - } - - my $new_request = $queue->create_request("renewal", - "uid=" . $uid . ";" . - "site_id=" . $site_id . ";" . - "csr_type=" . $csr_type . ";" . - "csr=" . $csr, - "orig_reqid=" . $o_req->{'rowid'}, - $o_req->{'created_by'}); - - #self-renewal is created and processed by the same user - $ref = $queue->approve_request($new_request, $o_req->{'created_by'}); - my $nreq = $queue->read_request($new_request); - $error = $nreq->{'errorString'}; - if ($error ne "0") { - $self->debug_log( $cfg, "after approve request, got error=$error"); - print $q->redirect("/ee/error.cgi?error=$error"); - return; - } - - my %context; - $context{request_id} = $util->html_encode($new_request); - $self->debug_log($cfg, "request $new_request created"); - $queue->close(); - $self->debug_log( $cfg, "after renewl read/create request $new_request"); - - $context{data} = $util->breakline($util->html_encode($ref->{'data'}), 40); - $context{output} = $util->breakline($util->html_encode($ref->{'output'}), 40); - $context{serialno} = $util->html_encode($ref->{'serialno'}); - $context{host} = $util->html_encode($host); - $context{port} = $util->html_encode($port); - - #print $q->redirect("/ee/request/getcert.cgi?id=$new_request"); - my $result = $parser->execute_file_with_context("ee/user/renew.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/renew.vm b/base/ra/apache/docroot/ee/user/renew.vm deleted file mode 100644 index dee119c65..000000000 --- a/base/ra/apache/docroot/ee/user/renew.vm +++ /dev/null @@ -1,86 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>User Certificate Renewal Notification</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="https://$host:$port/ee/index.cgi">RA Services</a> : -<a href="https://$host:$port/ee/user/index.cgi">User Enrollment</a><br /> -Renewal Interface -</font><br> -<p> -Your certificate has been successfully renewed. -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Request ID:</td> - <td><a href="https://$host:$port/ee/request/status.cgi?id=$request_id">$request_id</a></td> -<tr valign="TOP"> -<td><b>Data</b></td> -<td>$data</td> -</tr> -<tr valign="TOP"> -<td><b>Output</b></td> -<td>$output</td> -</tr> -<tr valign="TOP"> -<td><b>Serial Number</b></td> -<td>$serialno</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/user/renewal.cgi b/base/ra/apache/docroot/ee/user/renewal.cgi deleted file mode 100755 index 63a211eff..000000000 --- a/base/ra/apache/docroot/ee/user/renewal.cgi +++ /dev/null @@ -1,74 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; - -use vars qw (@ISA); -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $host = $cfg->get("service.machineName"); - my $port = $cfg->get("service.securePort"); - - my %context; - $context{url} = "https://$host:$port/ee/user/renew.cgi"; - my $result = $parser->execute_file_with_context("ee/user/renewal.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/renewal.vm b/base/ra/apache/docroot/ee/user/renewal.vm deleted file mode 100644 index 1e2b438a1..000000000 --- a/base/ra/apache/docroot/ee/user/renewal.vm +++ /dev/null @@ -1,73 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>User Certificate Renewal</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/user/index.cgi">User Enrollment</a><br /> -User Renewal Interface -</font><br> -<p> -This form is for end user to renew his/her certificates.<br> -At popup, please select the user certificate to renew. -<p> -<center> -<form method=post action=$url> -<input type=submit name=Submit value="Renewal"> -</form> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/user/submit.cgi b/base/ra/apache/docroot/ee/user/submit.cgi deleted file mode 100755 index 26c900e00..000000000 --- a/base/ra/apache/docroot/ee/user/submit.cgi +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use Benchmark; -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Util; -use PKI::Base::Registry; -use PKI::Request::Queue; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $st = new Benchmark; - - my $util = PKI::Base::Util->new(); - - my $userid = $util->get_val($q->param('uid')); - my $fullname = $util->get_val($q->param('cn')); - my $site_id = $util->get_val($q->param('site_id')); - my $email = $util->get_val($q->param('email')); - my $csr_type = $util->get_alphanum_val($q->param('csr_type')); - my $csr = $util->get_val($q->param('csr')); - - $csr = $util->normalize_csr($csr); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - my $db_st = new Benchmark; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $request_id = $queue->create_request("user", - "uid=" . $userid . ";" . - "cn=" . $fullname . ";" . - "site_id=" . $site_id . ";" . - "csr_type=" . $csr_type . ";" . - "csr=" . $csr, - "0", - $email); - my %context; - $context{request_id} = $util->html_encode($request_id); - $self->debug_log($cfg, "request $request_id created"); - $queue->close(); - my $db_et = new Benchmark; - - my $t_st = new Benchmark; - my $result = $parser->execute_file_with_context("ee/user/submit.vm", - \%context); - my $t_et = new Benchmark; - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } - - my $et = new Benchmark; - $self->debug_log($cfg, "benchmark " . - "total=" . timestr(timediff($et, $st)) . " " . - "db total=" . timestr(timediff($db_et, $db_st)) . " " . - "template total=" . timestr(timediff($t_et, $t_st)) . " " - ); -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/submit.vm b/base/ra/apache/docroot/ee/user/submit.vm deleted file mode 100644 index 6c7a0cd44..000000000 --- a/base/ra/apache/docroot/ee/user/submit.vm +++ /dev/null @@ -1,75 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>User Certificate Request Submission</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/user/index.cgi">User Enrollment</a><br /> -Manager Interface -</font><br> -<p> -Your request has been successfully submitted. -<p> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td width=20%>Request ID:</td> - <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ee/user/user.cgi b/base/ra/apache/docroot/ee/user/user.cgi deleted file mode 100755 index 2d58a532b..000000000 --- a/base/ra/apache/docroot/ee/user/user.cgi +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - my %context; - my $result = $parser->execute_file_with_context("ee/user/user.vm", - \%context); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%context); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/ee/user/user.vm b/base/ra/apache/docroot/ee/user/user.vm deleted file mode 100644 index 04763d7cf..000000000 --- a/base/ra/apache/docroot/ee/user/user.vm +++ /dev/null @@ -1,435 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<OBJECT - classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1" - CODEBASE="/ee/xenroll.dll" - id="Enroll"> -</OBJECT> - -<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'> -</OBJECT> - -<title>User Certificate Request</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - -<SCRIPT LANGUAGE="JavaScript"> -function encode_utf8( s ) -{ - return unescape( encodeURIComponent( s ) ); -} - -function decode_utf8( s ) -{ - return decodeURIComponent( escape( s ) ); -} - -function validate() -{ - var x = document.enrollment.uid.value; - if (x == '') { - alert("uid is empty"); - return false; - } - var e = document.enrollment.email.value; - if (e == '') { - alert("email is empty"); - return false; - } - var cn = document.enrollment.cn.value; - if (cn == '') { - alert("Full name is empty"); - return false; - } - var dn = encode_utf8("uid="+x+",e="+e+",cn="+cn); - with (document.forms[0]) { - crmfObject = crypto.generateCRMFRequest( - dn, - "regToken", "authenticator", - null, - "setCRMFRequest();", - 1024, null, "rsa-dual-use"); - return false; - } -} - -function setCRMFRequest() -{ - with (document.forms[0]) { - csr.value = crmfObject.request; - submit(); - } -} - -</SCRIPT> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -<a href="/ee/index.cgi">RA Services</a> : -<a href="/ee/user/index.cgi">User Enrollment</a><br /> -User Interface -</font><br> -<p> -This form is for user to request for an end-user certificate. -<p> -<script language=javascript> -<!-- - if (navigator.appName == "Microsoft Internet Explorer") { - document.writeln('<form name="enrollment" method=post action="submit.cgi">'); - } else { - document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">'); - } ---> -</script> -<SCRIPT LANGUAGE=VBS> -<!-- -'Get OS Version, works for Vista and below only -Function GetOSVersion - dim agent - dim result - dim pos - - agent = Navigator.appVersion - pos = InStr(agent,"NT 6.") - - If pos > 0 Then - GetOSVersion = 6 ' Vista - Exit Function - End If - - pos = InStr(agent,"NT 5.") - - If pos > 0 Then - GetOSVersion = 5 ' XP etc - Exit Function - End If - -' Default - GetOSVersion = 5 -End Function - -Sub Send_OnClick - Dim TheForm - Dim szName - Dim options - Dim osVersion - Dim result - Set TheForm = Document.enrollment - - osVersion = GetOSVersion() - - If osVersion <> 6 Then 'Not Vista - - ' Contruct the X500 distinguished name - szName = "0.9.2342.19200300.100.1.1=" & TheForm.uid.Value & ",E=" & TheForm.email.Value & ",CN=" & TheForm.cn.Value - - On Error Resume Next - Enroll.HashAlgorithm = "MD5" - Enroll.KeySpec = 1 - - ' Pick the provider that is selected - set options = TheForm.all.cryptprovider.options - index = options.selectedIndex - Enroll.providerType = options(index).value - Enroll.providerName = options(index).text - - ' adding 2 to "GenKeyFlags" will enable the 'High Security' - ' (USER_PROTECTED) mode, which means IE will pop up a dialog - ' asking what level of protection you would like to give - ' the key - this varies from 'none' to 'confirm password - ' every time the key is used' - Enroll.GenKeyFlags = 1 ' key PKCS12-exportable - szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - theError = Err.Number - On Error Goto 0 - ' - ' If the user has cancelled things the we simply ignore whatever - ' they were doing ... need to think what should be done here - ' - If (szCertReq = Empty AND theError = 0) Then - Exit Sub - End If - - If (szCertReq = Empty OR theError <> 0) Then - ' - ' There was an error in the key pair generation. The error value - ' is found in the variable 'theError' which we snarfed above before - ' we did the 'On Error Goto 0' which cleared it again. - ' - sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated." - result = MsgBox(sz, 0, "Credentials Enrollment") - Exit Sub - End If - - TheForm.csr.Value = szCertReq - - ' TheForm.Submit - -Else 'Vista - Dim enrollment - Dim privateKey - Dim request - Dim csr - Dim objDN - - 'certUsage is "1.3.6.1.5.5.7.3.2" - - On Error Resume Next - 'CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory") - - If IsObject(g_objClassFactory) = False Then - result = MsgBox("Can't create Factory Object " & " Error: " & Err.number & " :" & Err.description,0,"") - Exit Sub - End If - - Set enrollment = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment") - - If IsObject(enrollment) = False Then - result = MsgBox("Can't create enroll Object! " & " Error: " & Err.number & " :" & Err.description,"") - Exit Sub - End If - - Set privateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey") - - If IsObject(privateKey) = False Then - result = MsgBox("Can't create Key Object! " & " Error: " & Err.number & " :" & Err.description,0,"") - Exit Sub - End If - - Set request = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10") - - If IsObject(request) = False Then - result = MsgBox("Can't create Request Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"") - Exit Sub - End If - - privateKey.KeySpec= "1" - - ' Pick the provider that is selected - set options = TheForm.all.cryptprovider.options - index = options.selectedIndex - privateKey.ProviderType= index - privateKey.ProviderName = options(index).text - - szName = "0.9.2342.19200300.100.1.1=" & TheForm.uid.Value & ",E=" & TheForm.email.Value & ",CN=" & TheForm.cn.Value - - Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName") - - If IsObject(objDN) = False Then - result = MsgBox("Can't create DN Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"") - Exit Sub - End If - - objDN.Encode szName,0 - - request.InitializeFromPrivateKey 1,privateKey,"" - request.Subject = objDN - - enrollment.InitializeFromRequest(request) - csr=enrollment.CreateRequest(1) - - If len(csr) = 0 Then - result = MsgBox("Error Creating Request! "& " Error: " & Err.number & " :" & Err.description,0,"") - Exit Sub - End If - - TheForm.csr.Value = csr - - End If - Exit Sub - -End Sub - ---> -</SCRIPT> -<center> -<table border="0" cellspacing="1" cellpadding="1"> -<tr> - <td>UID:</td> - <td><input type=text name=uid value=""></td> -</tr> -<tr> - <td>Full Name:</td> - <td><input type=text name=cn value=""></td> -</tr> -<tr> - <td>Site ID:</td> - <td><input type=text name=site_id value=""></td> -</tr> -<tr> - <td>Your Email:</td> - <td><input type=text name=email value=""></td> -</tr> -<tr> -</tr> -<tr> - <td> </td> - <td> </td> -</tr> -<script language=javascript> -<!-- - if (navigator.appName == "Microsoft Internet Explorer") { - document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>'); - } ---> -</script> -<tr> - <td> -<script language=javascript> -<!-- - if (navigator.appName == "Microsoft Internet Explorer") { - document.writeln('<input type=hidden name=csr_type value="pkcs10">'); - document.writeln('<input type=submit Name=Send value="Submit">'); - } else { - document.writeln('<input type=hidden name=csr_type value="crmf">'); - document.writeln('<input type=submit name=Submit value="Submit">'); - } ---> -</script> - </td> - <td></td> -</tr> -</table> -</center> -<input type=hidden name="csr" value=""> -<SCRIPT LANGUAGE=VBS> -<!-- -FindProviders - -Function FindProviders - Dim i, j - Dim providers() - i = 0 - j = 1 - Dim el - Dim temp - Dim first - Dim TheForm - Set TheForm = document.enrollment - On Error Resume Next - first = 0 - - Dim osVersion - Dim result - osVersion = GetOSVersion() - - If osVersion <> 6 Then 'Not Vista - Do While True - temp = "" - Enroll.providerType = j - temp = Enroll.enumProviders(i,0) - If Len(temp) = 0 Then - If j < 1 Then - j = j + 1 - i = 0 - Else - Exit Do - End If - Else - set el = document.createElement("OPTION") - el.text = temp - el.value = j - If temp = "Microsoft Base Cryptographic Provider v1.0" Then - first = i - End If - TheForm.cryptprovider.add(el) - If first = 0 Then - first = 1 - TheForm.cryptprovider.selectedIndex = 0 - Else - TheForm.cryptprovider.selectedIndex = first - End If - i = i + 1 - End If - Loop - Else 'Vista - - Dim csps - Set csps = g_objClassFactory.CreateObject("X509Enrollment.CCspInformations") - If IsObject(csps) = False Then - result = MsgBox("Can't create CSP List Object! " & " Error: " & Err.number & " :" & Err.description,0,"") - Exit Function - - End If - csps.AddAvailableCsps() - 'result = MsgBox(csps.Count,0,"Number of CSPS") - - Dim curName - Dim csp - Dim selected - selected = 0 - For i = 0 to csps.Count-1 - - curName = csps.ItemByIndex(i).Name - If len(curName) > 0 Then - Set csp = document.createElement("OPTION") - csp.text = curName - csp.value = 1 - TheForm.cryptprovider.add(csp) - - If curName = "Microsoft Base Cryptographic Provider v1.0" Then - selected = i - End If - 'result = MsgBox(curName,0,"") - End If - Next -TheForm.cryptprovider.selectedIndex = selected - End If -End Function - ---> -</SCRIPT> -</form> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/footer.vm b/base/ra/apache/docroot/footer.vm deleted file mode 100644 index a596e45b1..000000000 --- a/base/ra/apache/docroot/footer.vm +++ /dev/null @@ -1,19 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - <div id="footer"> - </div> diff --git a/base/ra/apache/docroot/header.vm b/base/ra/apache/docroot/header.vm deleted file mode 100644 index 3824b87f3..000000000 --- a/base/ra/apache/docroot/header.vm +++ /dev/null @@ -1,26 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<div id="header"> - <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a> - <div id="headertitle"> - <a href="/" title="Dogtag homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> - </div> - <div id="account"> - <dl><dt><span></span></dt><dd></dd></dl> - </div> -</div> diff --git a/base/ra/apache/docroot/index.cgi b/base/ra/apache/docroot/index.cgi deleted file mode 100755 index 0e643166b..000000000 --- a/base/ra/apache/docroot/index.cgi +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package op; - -use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl"; - -use CGI; -use PKI::Service::Op; -use Template::Velocity; -use PKI::Base::Conf; -use PKI::Base::Registry; - -use vars qw (@ISA); -use PKI::Service::Op; -@ISA = qw(PKI::Service::Op); - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub process() -{ - my $self = shift; - - my $q = CGI->new(); - - my $docroot = PKI::Base::Registry->get_docroot(); - my $parser = PKI::Base::Registry->get_parser(); - my $cfg = PKI::Base::Registry->get_config(); - - $self->debug_params($cfg, $q); - - $::symbol{machineName} = $cfg->get("service.machineName"); - $::symbol{non_clientauth_securePort} = $cfg->get("service.non_clientauth_securePort"); - $::symbol{securePort} = $cfg->get("service.securePort"); - $::symbol{unsecurePort} = $cfg->get("service.unsecurePort"); - - my $result = $parser->execute_file("index.vm"); - - my $xml = $q->param('xml'); - if ($xml eq "true") { - print "Content-Type: text/xml\n\n"; - print $self->xml_output(\%::symbol); - } else { - print "Content-Type: text/html\n\n"; - print "$result"; - } -} - - -my $op = op->new(); -$op->execute(); diff --git a/base/ra/apache/docroot/index.vm b/base/ra/apache/docroot/index.vm deleted file mode 100644 index f17efb658..000000000 --- a/base/ra/apache/docroot/index.vm +++ /dev/null @@ -1,90 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> -<html> - -<title>RA Services</title> - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - -</head> -<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366"> - -#include ( "header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> - - -<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> -Certificate System RA Services Page -</font><br> -<p> -</font> -<p> -<center> -<table border="0" cellspacing="0" cellpadding="0"> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="https://$machineName:$non_clientauth_securePort/ee/index.cgi">SSL End Users Services</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="https://$machineName:$securePort/agent/index.cgi">Agent Services</a></li> -</font> -</td> -</tr> -<tr valign="TOP"> -<td> -<font size=4 face="PrimaSans BT, Verdana, sans-serif"> -<li><a href="https://$machineName:$securePort/admin/index.cgi">Administrator Services</a></li> -</font> -</td> -</tr> -</table> -</center> -#include ( "footer.vm" ) - -</body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/adminauthenticatepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/adminauthenticatepanel.vm deleted file mode 100644 index b27042cfb..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/adminauthenticatepanel.vm +++ /dev/null @@ -1,52 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<h2>Authentication</h2> -<p> -The uid and password are used to authenticate to the master subsystem. These are the administrator's credential information for the master subsystem. -#if ($systemType != "tps") -<br/> -If authentication is successful, a cloned subsystem will retrieve the configuration information from the master one. -#end -<br/> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end - <table class="details"> - <tr> - <th>Uid:</th> - - <td><input type="text" size="40" name="uid" value="$uid"/></td> - </tr> - <tr> - <th>Password:</th> - - <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td> - </tr> - </table> -<p> diff --git a/base/ra/apache/docroot/ra/admin/console/config/adminpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/adminpanel.vm deleted file mode 100644 index 3c32c4901..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/adminpanel.vm +++ /dev/null @@ -1,237 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT ID=Send_OnClick type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { -#if ($import == 'true' && $clone != 'clone') - var email = document.forms[0].email.value; - var name = document.forms[0].name.value; - var o = '$securityDomain'; - if (name == '') { - alert("Name is empty"); - return; - } - if (email == '') { - alert("Email is empty"); - return; - } - var dn = "cn=" + name + ",uid=admin,e="+email+",o="+o; - document.forms[0].subject.value = dn; - var keyGenAlg = "rsa-dual-use"; - - if (navigator.appName == "Netscape" && - typeof(crypto.version) != "undefined") { - - crmfObject = crypto.generateCRMFRequest( - dn, "regToken", "authenticator", null, - "setCRMFRequest();", 1024, null, keyGenAlg); - } else { - Send_OnClick(); - } -#else - with (document.forms[0]) { - submit(); - } -#end -} - -function setCRMFRequest() -{ - with (document.forms[0]) { - cert_request.value = crmfObject.request; - submit(); - } -} - -</SCRIPT> -<SCRIPT type="text/VBS"> -<!-- - -Sub Send_OnClick - Dim TheForm - Dim szName - Set TheForm = Document.f - - - ' Contruct the X500 distinguished name - szName = "CN=NAME" - - ' IE doesnt like the dn containing the O component - - On Error Resume Next - Enroll.HashAlgorithm = "MD5" - Enroll.KeySpec = 1 - - Enroll.providerType = 1 - Enroll.providerName = "Microsoft Base Cryptographic Provider v1.0" - - ' adding 2 to "GenKeyFlags" will enable the 'High Security' - ' (USER_PROTECTED) mode, which means IE will pop up a dialog - ' asking what level of protection the user would like to give - ' the key - this varies from 'none' to 'confirm password - ' every time the key is used' - Enroll.GenKeyFlags = 1 ' key PKCS12-exportable - szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") - - theError = Err.Number - On Error Goto 0 - ' - ' If the user has cancelled things the we simply ignore whatever - ' they were doing ... need to think what should be done here - ' - If (szCertReq = Empty AND theError = 0) Then - Exit Sub - End If - If (szCertReq = Empty OR theError <> 0) Then - ' - ' There was an error in the key pair generation. The error value - ' is found in the variable 'theError' which we snarfed above before - ' we did the 'On Error Goto 0' which cleared it again. - ' - sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "The credentials could not be generated." - result = MsgBox(sz, 0, "Credentials Enrollment") - Exit Sub - End If - - TheForm.cert_request.Value = szCertReq - TheForm.cert_request_type.Value = "pkcs10" - TheForm.subject.Value = "cn=" & TheForm.name.Value & ",uid=" & TheForm.uid.Value & ",e=" & TheForm.email.Value & ",o=" & TheForm.securitydomain.Value - - TheForm.Submit - Exit Sub - -End Sub - ---> -</SCRIPT> - -<SCRIPT type="text/VBS"> -<!-- -FindProviders - -Function FindProviders - Dim i, j - Dim providers() - i = 0 - j = 1 - Dim el - Dim temp - Dim first - Dim TheForm - Set TheForm = document.f - On Error Resume Next - first = 0 - - Do While True - temp = "" - Enroll.providerType = j - temp = Enroll.enumProviders(i,0) - If Len(temp) = 0 Then - If j < 1 Then - j = j + 1 - i = 0 - Else - Exit Do - End If - Else - set el = document.createElement("OPTION") - el.text = temp - el.value = j - If temp = "Microsoft Base Cryptographic Provider v1.0" Then - first = j - End If - TheForm.cryptprovider.add(el) - If first = 0 Then - first = 1 - TheForm.cryptprovider.selectedIndex = 0 - Else - TheForm.cryptprovider.selectedIndex = first - End If - i = i + 1 - End If - Loop -End Function - ---> -</SCRIPT> -The administrator is a privileged user who manages this subsystem. Please enter the following relevant information, and a certificate request will be automatically generated and submitted. An administrator's entry will be created in the internal database and an administrator's certificate will be imported into this browser automatically in the next panel. -<br/> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<br/> - <br/> - - <table class="details"> - <tr> - <th>UID:</th> -#if ($clone != 'clone') - <td><input type=text name=uid value="$admin_uid"></td> -#else - <td><input type=text name=uid value="$admin_uid" disabled="disabled"></td> -#end - </tr> - <tr> - <th>Name:</th> -#if ($clone != 'clone') - <td><input size=35 type=text name=name value="$admin_name"></td> -#else - <td><input size=35 type=text name=name value="$admin_name" disabled="disabled"></td> -#end - </tr> - <tr> - <th>Email:</th> -#if ($clone != 'clone') - <td><input size=35 type=text name=email value="$admin_email"></td> -#else - <td><input size=35 type=text name=email value="$admin_email" disabled="disabled"></td> -#end - </tr> - <tr> - <th>Password:</th> -#if ($clone != 'clone') - <td><input type="password" size="40" name="__pwd" value="$admin_pwd" autocomplete="off"/></td> -#else - <td><input type="password" size="40" name="__pwd" value="$admin_pwd" disabled="disabled" autocomplete="off"/></td> -#end - </tr> - <tr> - <th>Password (Again):</th> - -#if ($clone != 'clone') - <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" autocomplete="off"/></td> -#else - <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" disabled="disabled" autocomplete="off"/></td> -#end -<input type="hidden" name="cert_request" value=""/> -<input type="hidden" name="display" value=$displayStr /> -<input type="hidden" name="profileId" value="caAdminCert" /> -<input type="hidden" name="cert_request_type" value="crmf" /> -<input type="hidden" name="import" value=$import /> -<input type="hidden" name="uid" value="admin" /> -<input type="hidden" name="clone" value=$clone /> -<input type="hidden" name="securitydomain" value="$securityDomain" /> -<input type="hidden" name="subject" value="cn=x" /> - </tr> - </table> - <div align="right"> - <hr /> - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/agentauthenticatepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/agentauthenticatepanel.vm deleted file mode 100644 index abb7678ae..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/agentauthenticatepanel.vm +++ /dev/null @@ -1,48 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<h2>Authentication</h2> -<br/> -The uid and password are used to authenticate to the CA from which this subsystem's certificates are issued. Enter the uid and password of the Certificate Manager Agent who will approve the certificate requests. -<br/> -#if ($errorString != "") -<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end - <table class="details"> - <tr> - <th>Uid:</th> - - <td><input type="text" size="40" name="uid" value="$uid"/></td> - </tr> - <tr> - <th>Password:</th> - - <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td> - </tr> - </table> -<br/> diff --git a/base/ra/apache/docroot/ra/admin/console/config/authdbpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/authdbpanel.vm deleted file mode 100644 index f2e0697e7..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/authdbpanel.vm +++ /dev/null @@ -1,66 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> - Please provide information about the LDAP server that will be used to authenticate the identity of end users. <a href="javascript: toggle_details();">[Details]</a> -<script> -function toggle_details() { - d = document.getElementById('details'); if (d.style.display == "block") { - d.style.display="none"; } else { - d.style.display="block"; - } } </script> -<div id=details style="display: none;"> <p> - In order for ESC to submit certificate requests to TPS, the end user's identity must first be verified. To accomplish this, an end user first sends a uid and password to TPS. TPS must then contact an LDAP server (e.g. - a corporate LDAP directory server) to verify this end user's identity. -<p> -If the end user's identity is successfully verified, TPS will establish an authenticated connection with this ESC, and begin accepting certificate requests and issuing certificates to this end user. -<p> -If, however, the end user's identity fails to be verified, TPS will not establish a connection with this ESC. TPS never issues certificates to unauthenticated end users. -</div> -<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<p> - - <table class="details"> - <tr> - <th>Host:</th> - <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td> - </tr> - - <tr> - <th>Port:</th> - - <td><input type="text" length="64" size="40" name="port" value="$portStr" /></td> - </tr> - <tr> - <th>Base DN:</th> - <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td> - </tr> - </table> - - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/cainfopanel.vm b/base/ra/apache/docroot/ra/admin/console/config/cainfopanel.vm deleted file mode 100644 index 933861a93..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/cainfopanel.vm +++ /dev/null @@ -1,55 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} - -</SCRIPT> -A Certificate Authority (CA) is responsible for issuing different kinds of certificates. Select an HTTPS EE URL of a CA from the list below. -<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<p> - <table class="details"> - <tr> - <th>URL:</th> - <td><select name="urls"> - #if ($urls_size != 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #end - </select> - </td> - </tr> - </table> - - - <div align="right"> - <hr /> - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/certchainpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/certchainpanel.vm deleted file mode 100644 index 08bcc1331..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/certchainpanel.vm +++ /dev/null @@ -1,49 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<b>Pretty Print of Certificates on this subsystem. -<p> -#foreach ($item in $ppcerts) -<H2>$item.getDN()</H2> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Certificate: $item.getNickname()</b></td> -</tr> - -<tr> - <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td> -</tr> -</table> -#end - - <br/> - - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/certprettyprintpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/certprettyprintpanel.vm deleted file mode 100644 index ac8da10ee..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/certprettyprintpanel.vm +++ /dev/null @@ -1,49 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -The following certificates were installed on this instance. -<p> -#foreach ($item in $ppcerts) -<H2>$item.getDN()</H2> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Certificate: $item.getNickname()</b></td> -</tr> - -<tr> - <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td> -</tr> -</table> -#end - - <br/> - - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/certrequestpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/certrequestpanel.vm deleted file mode 100644 index f1327db47..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/certrequestpanel.vm +++ /dev/null @@ -1,225 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<style type="text/css"> - -.floating { - position: absolute; - left: 250px; - top: 50px; - width: 600px; - padding: 3px; - border: solid; - border-width: 5px; - background: white; - display: none; - margin: 5px; -} -</style> -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} - -function showcert(element, event) -{ - var x = event.clientX; - var y = event.clientY; - - var content = element.getAttribute("content"); - var content_d = element.getAttribute("content_desc"); - - if (content == null) { return false; } - - var n = element.getAttribute("n"); - - var editableType = element.getAttribute("editableType"); - var desc; - var d; - var c; - if (editableType == "cert") - { - d = document.getElementById(n+"_editCertDiv"); - c = document.getElementById(n+"_text"); - desc = document.getElementById(n+"_desc_t"); - } else if (editableType == "certchain") { - d = document.getElementById(n+"_editCertChainDiv"); - c = document.getElementById(n+"_cc_text"); - desc = document.getElementById(n+"_cc_desc_t"); - } else { - d = document.getElementById(n+"_showCertDiv"); - c = document.getElementById(n+"_pre"); - desc = document.getElementById(n+"_desc_p"); - } - - if (desc.hasChildNodes()) - { - desc.removeChild(desc.childNodes[0]); - } - var content_desc = document.createTextNode(content_d); - desc.appendChild(content_desc); - - if (c.hasChildNodes()) - { - c.removeChild(c.childNodes[0]); - } - var content_text = document.createTextNode(content); - c.appendChild(content_text); - - d.style.left = x+30; // x-offset of floating div - assumedheight = 1000; - - var offset = 20; // extra y-offset of floating div - var bottom = y + offset + assumedheight; - if (bottom > window.innerHeight) { - offset = 0 - (2*offset) - assumedheight; - } - - d.style.top = y+ offset +document.body.scrollTop; - - // unhide the window - d.style.display ="block"; - -} - -function hide(tag) -{ - document.getElementById(tag+"_showCertDiv").style.display ="none"; - document.getElementById(tag+"_editCertDiv").style.display ="none"; - document.getElementById(tag+"_editCertChainDiv").style.display ="none"; -} - -</SCRIPT> -A certificate signing request (CSR) contains a public key and is an unsigned copy of the certificate. -<p> -If a given CSR has been successfully signed by a CA, then the certificate will be designated below by a certificate icon labeled Certificate Generated Successfully. -<p> -However, if a given CSR contains an <font color="red">action required</font> label under its certificate icon, then those requests must be <i>manually</i> submitted to a CA for certificate generation. -<p> -Press the [Apply] button after certificates and chains are pasted in. -<p> -Press the [Next] button once all certificates have been generated successfully. -<p> -#foreach ($item in $reqscerts) -<H2>$item.getDN()</H2> -<table width=100%> -<tr> - <td width=10%></td> - <td width=20%></td> - <td width=70%></td> -</tr> - -<tr> - <td> </td> -#if ($item.getCert() == "...paste certificate here...") - <td><font color=red>action required</font><br> -<img src="/pki/images/no-certificate.png"/></td> -#else - #if ($item.getCert() == "...certificate be generated internally...") -<td> - <img src="/pki/images/no-certificate.png"/><br> - certificate will be generated internally - </td> - #else - #if ($item.getCert() == "") - <td> -<img src="/pki/images/no-certificate.png"/><br> - No Certificate Generated. Please import.<br> - </td> - #else - <td> -<img src="/pki/images/certificate.png"/><br> - Certificate Generated Successfully - </td> - #end - #end -#end - -<td> - - -#if ($item.getCert() == "...paste certificate here...") -<a content="$item.getRequest()" content_desc="Copy the following Certificate Request (CSR) and paste it in the external CA enrollment page for enrollment" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> Step 1: Copy the Certificate Request (CSR) to enroll at an external CA</a><p> -<a content="" content_desc="Copy the base64-encoded PKCS #7 certificate chain into the text box below and press 'X'" n="$item.getCertTag()" editableType="certchain" href="#" onclick="showcert(this,event);"> Step 2: Import the PKCS #7 Certificate Chain (optional if the certificate already contains the chain)</a><p> -<a content="$item.getCert()" content_desc="Copy the resulting base64-encoded certificate (NOTE: PKCS #7 not accepted) into the text box below and press 'X'" n="$item.getCertTag()" editableType="cert" href="#" onclick="showcert(this,event);"> Step 3: Paste in the Base64-encoded Certificate after enrollment at an external CA (NOTE: this text box does not accept PKCS #7 certificate chains)</a><p> -#else - #if ($item.getCert() == "...certificate be generated internally...") -<p> - #else -<a content="$item.getRequest()" content_desc="Certificate Request (CSR)" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Request (CSR)</a><p> -<a content="$item.getCert()" content_desc="Certificate in Base64 encoding" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate in Base64-Encoding</a><p> -<a content="$item.getCertpp()" content_desc="Certificate in pretty print" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Pretty Print</a><p> - #end -#end - - -</td> -</tr> -</table> - -<div id="$item.getCertTag()_showCertDiv" class="floating"> -<div align="right" onclick="hide('$item.getCertTag()');">X</div> -<table id="$item.getCertTag()_stable" width="100%"> -<tr> -<td id="$item.getCertTag()_desc_p"></td> -</tr> -<tr> -<td><pre name="$item.getCertTag()" id="$item.getCertTag()_pre">$item.getCert()</pre></td> -</tr> -</table> -</div> - -<div id="$item.getCertTag()_editCertDiv" class="floating"> -<div align="right" onclick="hide('$item.getCertTag()');">X</div> -<table id="$item.getCertTag()_etable" width="100%"> -<tr> -<td id="$item.getCertTag()_desc_t"></td> -</tr> -<tr> -<td><textarea rows=30 cols=90 name="$item.getCertTag()" id="$item.getCertTag()_text" style="font-family: monospace;">$item.getCert()</textarea></td> -</tr> -</table> -</div> - -<div id="$item.getCertTag()_editCertChainDiv" class="floating"> -<div align="right" onclick="hide('$item.getCertTag()');">X</div> -<table id="$item.getCertTag()_cc_etable" width="100%"> -<tr> -<td id="$item.getCertTag()_cc_desc_t"></td> -</tr> -<tr> -<td><textarea rows=30 cols=90 name="$item.getCertTag()_cc" id="$item.getCertTag()_cc_text" style="font-family: monospace;"></textarea></td> -</tr> -</table> -</div> - - -#end - - <p> - - - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_addhsm.vm b/base/ra/apache/docroot/ra/admin/console/config/config_addhsm.vm deleted file mode 100644 index 839cff56a..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_addhsm.vm +++ /dev/null @@ -1,96 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> -<SCRIPT LANGUAGE="JavaScript"> - function checkClose() { - if ('$status' == "update" && '$error' == '') { - window.close(); - } - } - -</SCRIPT> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - - - <body onLoad="checkClose();"><div id="wrap"><div id="wrap"> - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td class="page-content" width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Security Modules</h1> -Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. -<p> -<H2>Registering a New Security Module</H2> -<form name=configForm action="config_addhsm" method="post"> -<p> -If the desired security module is not listed, it is possible that this security module's PKCS #11 library was not registered with the system. Please register a new security module here. -<table> -<tr> - <td> -Library Path: <input type=text name="modulePath" value=""> - </td> -</tr> -<tr> - <td> -Module Name: <input type=text name="moduleName" value=""> - </td> -<tr> -</tr> -</table> -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<input onclick="configForm.submit()" type=button name=config_addhsm_next value="Apply"> - </td> -</tr> -</table> -</form> - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_db.vm b/base/ra/apache/docroot/ra/admin/console/config/config_db.vm deleted file mode 100644 index 10e1cd2dc..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_db.vm +++ /dev/null @@ -1,126 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> - -<SCRIPT LANGUAGE="JavaScript"> - function donePanel(errorStr, displayS) { - if (displayS == "loaded") { - if (errorStr == '') { - window.close(); - } - } - } -</SCRIPT> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - - - <body onLoad="donePanel('$errorString', '$displayStr')"> -<div id="wrap"> -#include ( "admin/console/config/header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Internal Database </h1> - - <form name=configForm action="config_db" method="post"> - <b>Internal Database Connection</b> <p>This option allows sharing an internal database to improve managability.<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end - <table class="details"> - <tr> - <th>Host:</th> - - <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td> - </tr> - - <tr> - <th>Port:</th> - - <td><input type="text" length="64" size="40" name="port" value="$portStr" /></td> - </tr> - <tr> - <th>Base DN:</th> - <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td> - </tr> - <tr> - <th>Database:</th> - - <td><input type="text" length="128" size="40" name="database" value="$database" /></td> - </tr> - <tr> - <th>Bind DN:</th> - <td><input type="text" length="128" size="40" name="binddn" value="$binddn" /></td> - </tr> - <tr> - <th>Bind Password:</th> - - <td><input type="password" length="128" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td> - </tr> - <td><input type="hidden" name="display" value=$displayStr /></td> - </table> - - <div align="right"> - <hr /> - - </div> - - -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<input onclick="configForm.submit()" type="button" name="config_db_next" value="Apply"> - </td> -</tr> -</table> - - </form> - - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_hsm.vm b/base/ra/apache/docroot/ra/admin/console/config/config_hsm.vm deleted file mode 100644 index 8812c5b36..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_hsm.vm +++ /dev/null @@ -1,176 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> -<SCRIPT LANGUAGE="JavaScript"> - function checkClose() { - if ('$status' == "update" && '$error' == '') { - window.close(); - } - } - -</SCRIPT> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - - - <body onLoad="checkClose();"><div id="wrap"> - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -#include ( "admin/console/config/topmenu.vm" ) - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Security Modules </h1> - -<form name=configForm action="config_hsm" method="post"> - -Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. Please make sure that at least one security module is listed below. -<p> -<H2>Supported Security Modules</H2> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Module/Token</b></td> - <td width=10%><b>Status</b></td> - <td width=10%><b>Default</b></td> - <td width=10%><b>Operations</b></td> -</tr> -#foreach ($module in $sms) -<tr bgcolor="#eeeeee"> - <td><img src=$module.getImagePath()><br>$module.getUserFriendlyName()</td> - <td> - #if ($module.isFound()) - Found - #else - Not Found - #end - </td> - <td></td> - <td></td> -</tr> -#foreach ($token in $module.getTokens()) -<tr> - <td>- $token.getNickName()</td> - <td> - #if ($token.isLoggedIn()) - Logged In - #else - Not logged In - #end - </td> - <td> - #if ($defTok == $token.getNickName()) - <input checked type=radio name="choice" value="$token.getNickName()"> - #else - <input type=radio name="choice" value="$token.getNickName()"> - #end - </td> - <td></td> -</tr> -#end -#end - -</table> -<H2>Other Security Modules</H2> -<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Module/Token</b></td> - <td width=10%><b>Status</b></td> - <td width=10%><b>Default</b></td> - <td width=10%><b>Operations</b></td> -</tr> -#foreach ($module in $oms) -<tr bgcolor="#eeeeee"> - <td>$module.getUserFriendlyName()</td> - <td> - #if ($module.isFound()) - Found - #else - Not Found - #end - </td> - <td></td> - <td></td> -</tr> -#foreach ($token in $module.getTokens()) -<tr> - <td>- $token.getNickName()</td> - <td> - #if ($token.isLoggedIn()) - Logged In - #else - Not logged In - #end - </td> - <td> - #if ($defTok == $token.getNickName()) - <input checked type=radio name="choice" value="$token.getNickName()"> - #else - <input type=radio name="choice" value="$token.getNickName()"> - #end - </td> - <td></td> -</tr> -#end -#end - -</table> - - </td> -</tr> -</table> -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<input onclick="configForm.submit()" type=button name=config_hsm value="Apply"> - </td> -</tr> -</table> -</form> - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_hsmloginpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/config_hsmloginpanel.vm deleted file mode 100644 index 46d8ae0ea..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_hsmloginpanel.vm +++ /dev/null @@ -1,83 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> - <h1> - Security Modules Login Panel</h1> -Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. -<p> -<H2>Security Token Login</H2> -<form name=configHSMLoginForm action="config_hsmlogin" method="post"> -<p> -The user has chosen to login to the following security module: <b>$SecToken</b> -<p> -#if ($status == "alreadyLoggedIn") - Token already logged in. -#else - #if ($status == "tokenPasswordNotInitialized") - Token password not initialized. - #else - #if ($status == "justLoggedIn") - Token logged in successfully. - #else -<table> -<tr> - <td> -Security Module Token Name: <b><input type=text name="uTokName" value="$SecToken"></b> - </td> -</tr> -<tr> - <td> -Security Module Token Password: <input type=password name="__uPasswd" value="" autocomplete="off"> - </td> -<tr> -</tr> -</table> -<p> - #end - #end -#end - -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> - - </td> -</tr> -</table> - </td> - </tr> - </table> - - <p> - - <div align="right"> - <hr /> - - </div> - - diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_join.vm b/base/ra/apache/docroot/ra/admin/console/config/config_join.vm deleted file mode 100644 index d5adb78f3..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_join.vm +++ /dev/null @@ -1,125 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - -<SCRIPT LANGUAGE="JavaScript"> - function checkClose() { - if ('$status' == "update" && '$error' == '') { - window.close(); - } - } -</SCRIPT> - - - <body onLoad="checkClose();"> -<div id="wrap"> - -#include ( "admin/console/config/header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Join the PKI Network </h1> - -To join this PKI network, the setup wizard needs to submit the certificate request to a Root or another subordinate CA for signing. - <p> - <form action="config_join" method="post" name="f"> - -<input type=radio $check_manual name="choice" value="manual">Manually submit this request to a CA. -<p> -<table width=100%> -<tr> - <td width=50%>Certificate Request to a CA:</td> - <td>Certificate Chain From a CA:</td> - </td> -</tr> -<tr> - <td> -<textarea rows=8 cols=40 name="req">$certreq</textarea> - </td> - <td> -<textarea rows=8 cols=40 name="cert">$cert</textarea> - </td> -</tr> -</table> -<p> -<input type=radio $check_auto name="choice" value="auto">Automatically submit the request to a Dogtag Certificate Authority -<br> - <table class="details"> - <tr> - <th width=10%>URL:</th> - <td><input type="text" length="128" size="40" name="url" value="https://localhost" /></td> - </tr> - - <tr> - <th>UID:</th> - <td><input type="text" length="64" size="40" name="uid" value="agent" /></td> - </tr> - <tr> - <th>Password:</th> - <td><input type="password" length="64" size="40" name="__pwd" value="" autocomplete="off" /></td> - </tr> - </table> -<p> - - <div align="right"> - <hr /> - </div> - - </form> - -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<input onclick="javascript: document.f.submit();" type=button name=next value="Apply"> - </td> -</tr> -</table> - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/config_rootca.vm b/base/ra/apache/docroot/ra/admin/console/config/config_rootca.vm deleted file mode 100644 index 4cf5ea946..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/config_rootca.vm +++ /dev/null @@ -1,113 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - -<SCRIPT LANGUAGE="JavaScript"> - function checkClose() { - if ('$status' == "update" && '$error' == '') { - window.close(); - } - } -</SCRIPT> - - - <body onLoad="checkClose();"> -<div id="wrap"> - -#include ( "admin/console/config/header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Root CA </h1> - -A Root CA provides a set of predefined signing capabilities. Please select the capabilities that this CA needs to provide. - <p> - -<form name="f" action="config_rootca" method="post"> - -<H2>CA Certificate Profile</H2> - -<p> - <table class="details"> - <tr> - <th width=10%>Profile:</th> - - <td><select name="profile"> -#foreach ($p in $profiles) -#if ($p.getID() == $selected_profile_id) - <option selected value="$p.getID()">$p.getName()</option> -#else - <option value="$p.getID()">$p.getName()</option> -#end -#end - </select> - </td> - </tr> - </table> -<p> - - <div align="right"> - <hr /> - - </div> - - </form> - -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<input onclick="javascript: document.f.submit()" type=button name=next value="Apply"> - </td> -</tr> -</table> - - - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/createsubsystempanel.vm b/base/ra/apache/docroot/ra/admin/console/config/createsubsystempanel.vm deleted file mode 100644 index feee8962f..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/createsubsystempanel.vm +++ /dev/null @@ -1,95 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<h2>Subsystem Configuration</h2> -<p> -This instance can be configured as a new $systemname subsystem. -<br/> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<br/> -<b><input $check_newsubsystem type=radio name=choice value="newsubsystem"> Configure this Instance as a New $systemname Subsystem </b> -<br/> - <table class="details"> - <tr> - <th>Subsystem Name: </th> - <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname)</td> - </tr> - <tr> - <th>Subsystem HTTP URL (unsecure): </th> - <td>http://$machineName:$http_port</td> - </tr> - <tr> - <th>Subsystem HTTPS URL (clientauth): </th> - <td>https://$machineName:$https_port</td> - </tr> - <tr> - <th>Subsystem HTTPS URL (non-clientauth): </th> - <td>https://$machineName:$non_clientauth_https_port</td> - </tr> - </table> -<p> -#if ($disableClone) -<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem" disabled="disabled"> Clone an Existing $systemname Subsystem </b> -#else -<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem"> Clone an Existing $systemname Subsystem </b> -#end -<br/> - <table class="details"> - <tr> - <th>Subsystem Name: </th> -#if ($disableClone) - <td><input disabled="disabled" type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname - Clone 1)</td> -#else - <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname - Clone 1)</td> -#end - </tr> - <tr> - <th>Subsystem URL: </th> -#if ($disableClone) - <td><select name="urls" disabled="disabled"> -#else - <td><select name="urls"> -#end - #if ($urls_size != 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #else - <option selected value="none">NONE</option> - #end - </select> - </td> - </tr> - </table> -<br/> diff --git a/base/ra/apache/docroot/ra/admin/console/config/databasepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/databasepanel.vm deleted file mode 100644 index a887176ab..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/databasepanel.vm +++ /dev/null @@ -1,53 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -An SQL Lite database will be created to store RA internal information. -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> -<div id=details style="display: none;"> -<p> -</div> -<p> -<br/> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<br/> - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/displaycertchain2panel.vm b/base/ra/apache/docroot/ra/admin/console/config/displaycertchain2panel.vm deleted file mode 100644 index eff21eca4..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/displaycertchain2panel.vm +++ /dev/null @@ -1,41 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<p> -A certificate chain is a list of all certificates chained up to the root. -<p> -If the entire certificate chain is displayed below, click the Next button to import it into this subsystem. This certificate chain will then be trusted for this instance. -<p> -If no certificate chain is listed below, simply click the Next button to move on to the next panel. -<p> -<pre> -$certchain -</pre> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end diff --git a/base/ra/apache/docroot/ra/admin/console/config/displaycertchainpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/displaycertchainpanel.vm deleted file mode 100644 index d5e32263a..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/displaycertchainpanel.vm +++ /dev/null @@ -1,41 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<br/> -A certificate chain is a list of all certificates chained up to the root. -<br/> -If a certificate chain is displayed below, click the Next button to trust this certificate chain for this instance. -<br/> -If no certificate chain is listed below, simply click the Next button to move on to the next panel. -<br/> -<pre> -$certchain -</pre> -#if ($errorString != "") -<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end diff --git a/base/ra/apache/docroot/ra/admin/console/config/donepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/donepanel.vm deleted file mode 100644 index dcfe08ed4..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/donepanel.vm +++ /dev/null @@ -1,41 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<input type="hidden" name="host" value=$host /> -<input type="hidden" name="port" value=$port /> -<input type="hidden" name="systemType" value=$systemType /> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -As 'root', restart the server on the command line by typing "$restartCommand". After performing this restart, the server should become operational. -<br/> -Please go to the <A href="https://$host:$non_clientauth_port"><b>services page</b></A> to access all of the available interfaces. -<br/> -<br/> -To create additional instances, type "/usr/bin/pkicreate" on the command line. -<br/> diff --git a/base/ra/apache/docroot/ra/admin/console/config/drminfopanel.vm b/base/ra/apache/docroot/ra/admin/console/config/drminfopanel.vm deleted file mode 100644 index c26f3c0c2..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/drminfopanel.vm +++ /dev/null @@ -1,56 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function performPanel() { - with (document.forms[0]) { - submit(); - } -} - -</SCRIPT> -A Data Recovery Manager (DRM) is responsible for server-side key generation, archival, and recovery. If server-side key generation is not needed, this step can be skipped. -<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -<p> -#end -<b><input checked type=radio name=choice value="keygen"> Connect this instance to an HTTPS Agent URL of a DRM to support server-side key generation.</b> -<p> -<p> - <table class="details"> - <tr> - <th>URL:</th> - <td><select name="urls"> - #if ($urls_size != 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #end - </select> - </td> - </tr> - </table> - <div align="right"> - <hr /> - </div> -<p> -<b><input type=radio name=choice value="nokeygen"> Configure this instance to NOT support server-side key generation.</b> -<p> diff --git a/base/ra/apache/docroot/ra/admin/console/config/footer.vm b/base/ra/apache/docroot/ra/admin/console/config/footer.vm deleted file mode 100644 index 22d7213ba..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/footer.vm +++ /dev/null @@ -1,20 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - - <div id="footer"> - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/header.vm b/base/ra/apache/docroot/ra/admin/console/config/header.vm deleted file mode 100644 index e653da5c1..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/header.vm +++ /dev/null @@ -1,26 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<div id="header"> - <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a> - <div id="headerpaddedtitle"> - <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> - </div> - <div id="account"> - </div> -</div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/hierarchypanel.vm b/base/ra/apache/docroot/ra/admin/console/config/hierarchypanel.vm deleted file mode 100644 index 41cba696d..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/hierarchypanel.vm +++ /dev/null @@ -1,80 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { - setURL(); -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<h2>PKI Hierarchy</h2> -<p> -This CA instance can be either a Self-Signed Root CA or a Subordinate CA. <a href="javascript:toggle_details();">[Details]</a> -<script> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} - -function setURL() { - var cbox = document.forms[0].elements['urls']; - if (document.forms[0].choice[0].checked) { - cbox.disabled = "disabled"; - } else { - cbox.disabled = ""; - } -} - -</script> - -<div id=details style="display: none;"> -<p> -The PKI hierarchy establishes the trust relationships between this CA instance and the other PKI instances within this security domain. A CA can be chained under an internal CA, or alternatively, it can be chained under a public or an external CA. -</div> - -<p> -<b><input $check_root type=radio name=choice value="root" onChange="setURL();"> Make this a Self-Signed Root CA within this new PKI hierarchy. <img alt="" src="/pki/images/rootca.gif"></b> -<p> -<b><input $check_join type=radio name=choice value="join" onChange="setURL();"> Make this a subordinate CA of another CA. <img alt="" src="/pki/images/sub.gif"></b> - - <table class="details"> - <tr> - <th>URL:</th> - <td><select name="urls"> - #if ($urls.size() > 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #end - </select> - </td> - </tr> - </table> -<p> diff --git a/base/ra/apache/docroot/ra/admin/console/config/importadmincertpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/importadmincertpanel.vm deleted file mode 100644 index 37df00c02..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/importadmincertpanel.vm +++ /dev/null @@ -1,56 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT ID=ImportCertificate_OnClick LANGUAGE="JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -An administrator's certificate has been created and imported into this browser. This certificate is used to access the agent interface of this subsystem. -<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<font color="red">$info</font> -<p> - <p> - - <table class="details"> - <tr> -#if ($ca == 'true' && $import == 'true') -<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe> -#else -#if ($caType == 'ca' && $import == 'true') -<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe> -#else -<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe> -#end -#end -<input type="hidden" name="serialNumber" value=$serialNumber /> -<input type="hidden" name="caHost" value=$caHost /> -<input type="hidden" name="caPort" value=$caPort /> - </tr> - </table> - <div align="right"> - <hr /> - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/login.vm b/base/ra/apache/docroot/ra/admin/console/config/login.vm deleted file mode 100644 index 14593ad9c..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/login.vm +++ /dev/null @@ -1,110 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Certificate System</title> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - </head> - - - <body><div id="wrap"> - -#include ( "ra/admin/console/config/header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> - - -</div> - - -</div> -</div> - -</div> -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td class="sidebar"> - - </td> - <td class="page-content" width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Login</h1> - -A one time random pin has been generated during setup to protect unauthorized access to this configuration wizard. This pin has been stored in the "CS.cfg" configuration file as the value of the 'preop.pin' parameter. Please enter this pin to continue. - - <p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end - <p> - <form name="f" action="login" method="post"> - - <table class="details"> - <tr> - <th>PIN:</th> - <td><input type=password name="pin"></td> - </tr> - </table> - <div align="right"> - <hr /> - </div> - </form> - -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> -<td align=right> -<input type=button onclick="javascript: document.f.submit();" name=login value="Login"> -</td> -</tr> -</table> - - - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - -#include ( "ra/admin/console/config/footer.vm" ) - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/modulepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/modulepanel.vm deleted file mode 100644 index cb9a1eaf8..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/modulepanel.vm +++ /dev/null @@ -1,158 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -Two lists of security modules are provided below. The <b>Supported Security Modules</b> list consists of both software-based and hardware-based security modules that this PKI solution supports, while the <b>Other Security Modules</b> list consists of any other security modules found by this PKI subsystem that are not recognized as one of the supported security modules. <a href="javascript:toggle_details();">[Details]</a> -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> -<div id=details style="display: none;"> -<br/> -Key pairs for this instance will be generated and stored on a device called a security module. -<br/> -A <b><i>key pair</i></b> consists of a public key and a private key. A <b><i>private key</i></b> is a secret entity which is never exposed to the public, will generally be protected via a security module, and is commonly referred to simply as the <b><i>key</i></b>. A <b><i>public key</i></b> is open, distributable, and while it may also be stored on a security module, it is not protected by this device. A public key, once signed by a CA, is more generally referred to as a <b><i>certificate</i></b>. -<br/> -<b><i>Security modules</i></b> can be either hardware-based or software-based. Although hardware-based security modules provide more security for the secret, or private portion of this key, they must be obtained from a third-party vendor and installed prior to deployment of this PKI solution. For this particular PKI implementation, a software-based FIPS 140-1 security module has been included. -<br/> -Before any security module solution can be used, a user must first always be authenticated to this security module via a token. To support this, each security module consists of one or more <b><i>slots</i></b>. For hardware-based security modules, a slot often consists of one or more physical contact points to the device itself (e.g. - a card reader or USB receptacle), while for software-based security modules, these may be thought of as merely a functional entry point into the software. -<br/> -Finally, a <b><i>token</i></b> (often generically referred to as a <b><i>smartcard</i></b>), which contains the actual key material, interfaces with the security module via a slot. For hardware-based security modules, this may be something like a physical card containing a chip, or a USB device that can be physically inserted into a USB slot. For software-based security modules, this can be thought of as an entry in a database. In the case of both hardware-based as well as software-based security modules, a password is the most commonly used method to complete this authentication. -<br/> -Since a security module may consist of slots for one or more tokens, the user must be successfully authenticated to each token of the chosen security module before this configuration can continue. -</div> -<br/> -<H2>Supported Security Modules</H2> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Module/Token</b></td> - <td width=10%><b>Status</b></td> - <td width=10%><b>Default</b></td> - <td width=10%><b>Operations</b></td> -</tr> -#foreach ($module in $sms) -<tr bgcolor="#eeeeee"> - <td><img alt="" src=$module.getImagePath()><br>$module.getUserFriendlyName()</td> - <td> - #if ($module.isFound()) - Found - #else - Not Found - #end - </td> - <td></td> - <td></td> -</tr> -#foreach ($token in $module.getTokens()) -<tr> - <td>- $token.getNickName()</td> - <td> - #if ($token.isLoggedIn()) - Logged In - #else - Not logged In - #end - </td> - <td> - #if ($token.isLoggedIn()) - #if ($defTok == $token.getNickName()) - <input checked type=radio name="choice" value="$token.getNickName()"> - #else - <input type=radio name="choice" value="$token.getNickName()"> - #end - #end - </td> - <td> - #if (!$token.isLoggedIn()) -<a href="wizard?p=$subpanelno&SecToken=$token.getNickName()">Login</a> - #end -</td> -</tr> -#end -#end - -</table> -<H2>Other Security Modules</H2> -<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3> -<table width=100%> -<tr bgcolor="#cccccc"> - <td width=20%><b>Module/Token</b></td> - <td width=10%><b>Status</b></td> - <td width=10%><b>Default</b></td> - <td width=10%><b>Operations</b></td> -</tr> -#foreach ($module in $oms) -<tr bgcolor="#eeeeee"> - <td>$module.getUserFriendlyName()</td> - <td> - #if ($module.isFound()) - Found - #else - Not Found - #end - </td> - <td></td> - <td></td> -</tr> -#foreach ($token in $module.getTokens()) -<tr> - <td>- $token.getNickName()</td> - <td> - #if ($token.isLoggedIn()) - Logged In - #else - Not logged In - #end - </td> - <td> - #if ($defTok == $token.getNickName()) - <input checked type=radio name="choice" value="$token.getNickName()"> - #else - <input type=radio name="choice" value="$token.getNickName()"> - #end - </td> - <td></td> -</tr> -#end -#end - -</table> - - - <br/> - - <div align="right"> - <hr /> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/namepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/namepanel.vm deleted file mode 100644 index 071b523a9..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/namepanel.vm +++ /dev/null @@ -1,91 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -Each certificate associated with this instance needs to have a unique name within the PKI hierarchy. The following information will be used to generate these unique names. Each certificate will be stored in the security module using a unique nickname. <a href="javascript:toggle_details();">[Details]</a> -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> - -<div id=details style="display: none;"> -<p> -Each unique name, called the certificate's subject name, is referenced as the distinguished name (DN). A DN may be composed of multiple comma separated name=value fields. -<br/> -</div> - - <p> -#if ($errorString != "") -<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<br/> -#foreach ($item in $certs) -<H2>$item.getUserFriendlyName()</H2> - - <table class="details"> - <tr> - <th>DN:</th> - <td><input type="text" size="70" name="$item.getCertTag()" value="$item.getDN()"/></td> - </tr> - <tr> - <th>Nickname:</th> - <td><input type="text" size="70" name="$item.getCertTag()_nick" value="$item.getNickname()"/></td> - </tr> - </table> -<p> -#end -<p> -<hr> -<p> -Please select the CA to submit these system certificate requests: -<p> - <table class="details"> - <tr> - <th>URL:</th> - <td><select name="urls"> - #if ($urls_size != 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #end - </select> - </td> - </tr> - </table> - - <div align="right"> - <hr /> - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/securitydomainloginpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/securitydomainloginpanel.vm deleted file mode 100644 index 58ace3f68..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/securitydomainloginpanel.vm +++ /dev/null @@ -1,109 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> - <head> - - <title>Dogtag Certificate System</title> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> -<META http-equiv=Content-Type content="text/html; charset=UTF-8"> - </head> - - -<div id="wrap"> -<div id="header"> - <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a> - <div id="headerpaddedtitle"> - <a href="/" title="Dogtag">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> - </div> - <div id="account"> - <dl><dt><span></span></dt><dd></dd></dl> - </div> -</div> - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - Security Domain ($name) Login </h1> - - <form name=sdForm action="getCookie" method="post"> - <p>The Enterprise $subsystem Administrator will register this $subsystem Subsystem located at $host under this Security Domain located at $sdhost. The credential information will be provided to the Security Domain for authentication.<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end - <table class="details"> - <tr> - <th>Uid:</th> - - <td><input type="text" length="128" size="40" name="uid" value="$sd_uid" /></td> - </tr> - - <tr> - <th>Password:</th> - - <td><input type="password" length="64" size="40" name="pwd" value="$sd_pwd" autocomplete="off" /></td> - </tr> -<input type=hidden name=url value="$url"> - - </table> - - <div align="right"> - <hr /> - - </div> - - -<p> -<table width=100%> -<tr bgcolor="#eeeeee"> - <td> -<div align="right"> -<input onclick="sdForm.submit()" type="button" name="sd_next" value="Login"> -</div> - </td> -</tr> -</table> - - </form> - - </td> - </tr> - </table> - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/securitydomainpanel.vm b/base/ra/apache/docroot/ra/admin/console/config/securitydomainpanel.vm deleted file mode 100644 index 39c3af992..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/securitydomainpanel.vm +++ /dev/null @@ -1,115 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<h2>$panelname</h2> -<br/> -A security domain is a registry for all of the PKI services within an enterprise. Applications may use the security domain to locate other PKI services. <a href="javascript:toggle_details();">[Details]</a> -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> - -<div id=details style="display: none;"> -<br/> -This PKI solution allows multiple security domains within an organization, but each security domain must host a Certificate Authority. -<br/> -If the user is creating a new security domain, this CA Administrator is also -the security domain Administrator. -<br/> -If this subsystem is joining an existing security domain, the user will need to provide the credential information of the security domain Administrator -requested in the next panel. -</div> -#if ($errorString != "") -<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<br/> -#if ($cstype == "CA") -<b><input $check_newdomain type=radio name=choice value="newdomain"> Create a New Security Domain </b> -<br/> -If no security domain exists, a new one must be created for this CA. - <table class="details"> - <tr> - <th>Security Domain Name: </th> - <td><input type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td> - </tr> - <tr> - <th>Security Domain HTTP EE URL (unsecure): </th> - <td>http://$machineName:$http_ee_port</td> - </tr> - <tr> - <th>Security Domain HTTPS Agent URL (clientauth): </th> - <td>https://$machineName:$https_agent_port</td> - </tr> - <tr> - <th>Security Domain HTTPS EE URL (non-clientauth): </th> - <td>https://$machineName:$https_ee_port</td> - </tr> - <tr> - <th>Security Domain HTTPS Admin URL (non-clientauth): </th> - <td>https://$machineName:$https_admin_port</td> - </tr> - </table> -<br/> -<b><input $check_existingdomain type=radio name=choice value="existingdomain"> Join an Existing Security Domain </b> -#else -<b><input disabled="disabled" type=radio name=choice value="newdomain"> Create a New Security Domain </b> -<br/> -If no security domain exists, a new one must be created for this CA. - <table class="details"> - <tr> - <th>Security Domain Name: </th> - <td><input disabled="disabled" type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td> - </tr> - </table> -<br/> -<b><input checked type=radio name=choice value="existingdomain"> Join an Existing Security Domain </b> -#end -<br/> -Enter the URL to an existing security domain. -<br/> - <table class="details"> - <tr> - <th>Security Domain HTTPS Admin URL (non-clientauth): </th> - <td><input type=text size="40" name="sdomainURL" value="$sdomainURL"> (e.g. - https://example.com:9445)</td> - </tr> - </table> -<br/> -<table> -<tr> -<td valign="top"><b>NOTE: </b></td> -<td>Since a Security Domain MUST be a CA (although all CAs are NOT necessarily Security Domains), an appropriate value for this URL may be obtained by logging into the machine which hosts the desired Security Domain CA as 'root' and running the command "$statusCommand" from the command-line.</td> -</tr> -</table> -<br/> diff --git a/base/ra/apache/docroot/ra/admin/console/config/sidemenu.vm b/base/ra/apache/docroot/ra/admin/console/config/sidemenu.vm deleted file mode 100644 index 09fe16870..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/sidemenu.vm +++ /dev/null @@ -1,30 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<div id="sidenav"> -<ul> - <li><a href="welcome">Welcome</a></li> - <li><a href="database">Internal Database</a></li> - <li><a href="module">Security Modules</a></li> - <li><a href="size">Key Size</a></li> - <li><a href="name">Issuer Name</a></li> - <li><a href="hierarchy">PKI Hierarchy</a></li> - <li><a href="admin">Administrator</a></li> - <li><a href="done">Finish</a></li> -</ul> -</div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/sizepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/sizepanel.vm deleted file mode 100644 index 76b1d18a2..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/sizepanel.vm +++ /dev/null @@ -1,235 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<style type="text/css"> -div#advance -{ - margin: 0px 20px 0px 20px; - display: none; -} -div#simple -{ - margin: 0px 20px 0px 20px; - display: block; -} -</style> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} - -function toggleLayer(whichLayer) -{ - if (document.getElementById) { - // this is the way the standards work - var style2 = document.getElementById(whichLayer).style; - if (style2.display == "block") { - style2.display = "none"; - } else { - style2.display = "block"; - } - } -} - -function toggleLayer1(whichLayer) -{ - if (document.getElementById) { - // this is the way the standards work - var style2 = document.getElementById(whichLayer).style; - if (style2.display == "block") { - style2.display = "none"; - } else if (style2.display == "") { - style2.display = "none"; - } else { - style2.display = "block"; - } - } -} - -function keyTypeChange() -{ - var form = document.forms[0]; - var keyTypeSelect = document.forms[0].elements['keytype']; - for (var i = 0; i < form.length; i++) { - var name = form[i].name; - if (name.indexOf('_keytype') != -1) { - form.elements[name].selectedIndex = keyTypeSelect.selectedIndex; - } - } -} - -function defaultChange() -{ - var form = document.forms[0]; - var choiceSelect = document.forms[0].elements['choice']; - for (var i = 0; i < form.length; i++) { - var name = form[i].name; - if (name.indexOf('_choice') != -1) { - for (var j = 0; j < form.elements[name].length; j++) { - var c = form.elements[name]; - c[j].checked = choiceSelect[j].checked; - } - } - } -} - -function customChange() -{ - var form = document.forms[0]; - var choiceSelect = document.forms[0].elements['choice']; - for (var i = 0; i < form.length; i++) { - var name = form[i].name; - if (name.indexOf('_choice') != -1) { - for (var j = 0; j < form.elements[name].length; j++) { - var c = form.elements[name]; - c[j].checked = choiceSelect[j].checked; - } - } - } -} - -function textChange() -{ - var customSize = document.forms[0].elements['custom_size']; - var form = document.forms[0]; - for (var i = 0; i < form.length; i++) { - var name = form[i].name; - if (name.indexOf('_custom_size') != -1) { - form.elements[name].value = customSize.value; - } - } -} - -</SCRIPT> -Select the key pair type(s) and associated key pair size(s) from the pulldown menus. <a href="javascript:toggle_details();">[Details]</a> -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> -<div id=details style="display: none;"> -<p> -Each key pair is comprised of a <b><i>key type</i></b> and a <b><i>key size</i></b>. Based upon the key type selected from the first pulldown menu, associated key sizes (in bits) will be selectable from the second pulldown menu. -<p> -Within each key pair type (but not comparable between two different key pair types), the size of the key is a measure of how secure a given system is (i.e. - the longer the key pair size, the more secure the system). Unfortunately, longer key pair sizes increase the time required to perform operations such as signing certificates. -<p> -</div> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<p> -<div id="simple"> -<p> -<table width=100%> -<tr> - <td align=right><a href="javascript:toggleLayer1('simple'); toggleLayer('advance');" title="Advanced">[Advanced]</a></td> -</tr> -</table> -<p> -<H2>Common Key Settings</H2> -<p> -<table width=100% class="details"> - <tr> - <th width="30%">Key Type:</th> - <td><select name="keytype" onChange="keyTypeChange()"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td> - </tr> -</table> -<p> - <input -#if ($select == "default") - checked -#end - onChange="defaultChange()" type=radio name="choice" value="default"><b>Use the default key size ($default_keysize bits for RSA, $default_ecc_keysize bits for ECC)</b>. - <p> - <input -#if ($select == "custom") - checked -#end - onChange="customChange()" type=radio name="choice" value="custom"><b>Use the following custom key size:</b> - - <p> -<table width=100% class="details"> - <tr> - <th>Key Size:</th> - <td><input onChange="textChange()" type="text" size="20" name="custom_size" value="2048" /></td> - </tr> -</table> -</div> -<p> -<div id="advance"> -<p> -<table width=100%> -<tr> - <td align=right><a href="javascript:toggleLayer1('simple');toggleLayer('advance');" title="Simple">[Simple]</a></td> -</tr> -</table> -#foreach ($item in $certs) -<H2>Key for $item.getUserFriendlyName()</H2> -<p> -<table width=100% class="details"> - <tr> - <th width="30%">Key Type:</th> - <td><select name="$item.getCertTag()_keytype"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td> - </tr> -</table> -<p> - <input -#if ($item.useDefaultKey()) - checked -#end - type=radio name=$item.getCertTag()_choice value="default"><b>Use the default key size ($default_keysize bits for RSA, $default_ecc_keysize bits for ECC). - <p> - <input -#if (!$item.useDefaultKey()) - checked -#end - type=radio name=$item.getCertTag()_choice value="custom"><b>Use the following custom key size:</b> - - <p> -<table width=100% class="details"> - <tr> - <th>Key Size:</th> - <td><input type="text" size="20" name=$item.getCertTag()_custom_size value="$item.getCustomKeysize()" /></td> - </tr> -</table> -#end -</div> -<br/> -<br/> -<br/> -#if ($firsttime == 'false') -<input type="CHECKBOX" NAME="generateKeyPair">New Keys<p> -#end -<p> - <div align="right"> - <hr /> -<i>Note: After pressing Next, keys will be generated on the server, which will take some time to complete. Please wait for the next panel to appear.</i> - - </div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/tksinfopanel.vm b/base/ra/apache/docroot/ra/admin/console/config/tksinfopanel.vm deleted file mode 100644 index f4a0a3fd7..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/tksinfopanel.vm +++ /dev/null @@ -1,51 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT LANGUAGE="JavaScript"> -function performPanel() { - with (document.forms[0]) { - submit(); - } -} - -</SCRIPT> -The Token Key Service (TKS) is responsible for managing master keys that are used for establishing secure channels. Select an HTTPS Agent URL of a TKS from the list below. -<p> -#if ($errorString != "") -<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> -#end -<p> - <table class="details"> - <tr> - <th>URL:</th> - <td><select name="urls"> - #if ($urls_size != 0) - #set ($x=0) - #foreach ($p in $urls) - <option value="$x">$p</option> - #set ($x=$x+1) - #end - #end - </select> - </td> - </tr> - </table> - <div align="right"> - <hr /> - </div> -<p> diff --git a/base/ra/apache/docroot/ra/admin/console/config/topmenu.vm b/base/ra/apache/docroot/ra/admin/console/config/topmenu.vm deleted file mode 100644 index 64881066f..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/topmenu.vm +++ /dev/null @@ -1,21 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<ul> -<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">Setup Wizard</a></li> -</ul> diff --git a/base/ra/apache/docroot/ra/admin/console/config/welcomepanel.vm b/base/ra/apache/docroot/ra/admin/console/config/welcomepanel.vm deleted file mode 100644 index fd478d1a8..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/welcomepanel.vm +++ /dev/null @@ -1,57 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<SCRIPT type="text/JavaScript"> -function myOnLoad() { -} - -function performPanel() { - with (document.forms[0]) { - submit(); - } -} -</SCRIPT> -<H2>$wizardname</H2> -The $fullsystemname - configuration wizard will guide the administrator through the process of configuring a single instance of the $fullsystemname - ($systemname). <a href="javascript:toggle_details();">[Details]</a> - -<SCRIPT type="text/JavaScript"> -function toggle_details() -{ - d = document.getElementById('details'); - if (d.style.display == "block") { - d.style.display="none"; - } else { - d.style.display="block"; - } -} -</script> - -<div id=details style="display: none;"> -<p> -A Public Key Infrastructure (PKI) system creates, manages, and revokes keys and certificates. -<p> -Dogtag Certificate System (DCS) $productversion -is a robust PKI system consisting of numerous subsystems including a Certificate Authority (CA), a Registration Authority (RA), a Data Recovery Manager (DRM), an Online Certificate Status Protocol (OCSP) Manager, a Token Key Service (TKS), and a Token Processing System (TPS), as well as a multi-platform smartcard middleware software client called Enterprise Security Client (ESC). -<p> -For any subsystem to be useable, a user must use this wizard to configure an instance of this subsystem. -#if ($systemType != "tps") -<p> -#end -</div> diff --git a/base/ra/apache/docroot/ra/admin/console/config/wizard.vm b/base/ra/apache/docroot/ra/admin/console/config/wizard.vm deleted file mode 100644 index 4c7472817..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/wizard.vm +++ /dev/null @@ -1,144 +0,0 @@ -<!-- --- BEGIN COPYRIGHT BLOCK --- - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - - Copyright (C) 2007 Red Hat, Inc. - All rights reserved. - --- END COPYRIGHT BLOCK --- --> - -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> - -<html> - <head> - - <title>Dogtag Certificate System</title> - - <link rel="shortcut icon" href="/pki/images/favicon.ico" /> - <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> - - <META http-equiv=Content-Type content="text/html; charset=UTF-8"> - - </head> - -<SCRIPT LANGUAGE="JavaScript"> -function process(fop) { - with (document.forms[0]) { - op.value = fop; - if (fop == 'next') { - document.getElementById('progress').style.visibility = "visible"; - performPanel(); - } else if (fop == 'apply') { - document.getElementById('progress').style.visibility = "visible"; - performPanel(); - } else { - document.getElementById('progress').style.visibility = "visible"; - submit(); - } - } -} - -</SCRIPT> - - <body><div id="wrap"> - -#include ( "ra/admin/console/config/header.vm" ) - -<div id="mainNavOuter"> -<div id="mainNav"> - -<div id="mainNavInner"> - - -<ul> -<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">$name</a></li> -</ul> - -</div><!-- end mainNavInner --> -</div><!-- end mainNav --> -</div><!-- end mainNavOuter --> - - -<div id="bar"> - -<div id="systembar"> -<div id="systembarinner"> - -<div> -</div> - - -</div> -</div> - -</div> -<!-- close bar --> - - <div id="content"> - <table width="100%" cellspacing="0"> - <tr> - <td class="sidebar"> - -<div id="sidenav"> -<ul> -#foreach ($pn in $panels) -#if (!$pn.isSubPanel()) - <li><center><font color=black size="2">$pn.getName()</font></center></li> -#end -#end -</ul> -</div> - - </td> - <td class="page-content" width="100%"> - <h1><img src="/pki/images/icon-software.gif" /> - $title </h1> - -<form name=f method=post action="wizard"> -<input type=hidden name=p value="$p"> - -#parse ( $panel ) - -<input type=hidden name="op" value=''> - -</form> - -<table width=100% border=0 cellspacing=0 cellpadding=0> -<tr bgcolor="#eeeeee"> -<td><img id=progress style="visibility: hidden;" src="/pki/images/bigrotation2.gif" /></td> -<td align=right> - -#if ($showApplyButton == "true") -<input type=button onclick="process('apply')" name=back value="Apply"> -#end - -#if ($lastpanel) - -#else -<input type=button onclick="process('next')" name=back value="Next>"> -#end - -</td> -</tr> -</table> - - </td> - </tr> - </table> - -#include ( "ra/admin/console/config/footer.vm" ) - - </div> <!-- close content --> - </div> <!-- close wrap --> - - </body> -</html> diff --git a/base/ra/apache/docroot/ra/admin/console/config/xml.vm b/base/ra/apache/docroot/ra/admin/console/config/xml.vm deleted file mode 100644 index 31ff72aa2..000000000 --- a/base/ra/apache/docroot/ra/admin/console/config/xml.vm +++ /dev/null @@ -1,4 +0,0 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<response> - $xml -</response> diff --git a/base/ra/apache/docroot/ra/admin/console/js/misc.js b/base/ra/apache/docroot/ra/admin/console/js/misc.js deleted file mode 100644 index d4dc336ab..000000000 --- a/base/ra/apache/docroot/ra/admin/console/js/misc.js +++ /dev/null @@ -1,30 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// Copyright (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * This function is to submit the form's parameters and to decide if the - * window should remain open. - * - * @param f The form - * @param fclose true if you want to close the window; otherwise false. - */ -function saveConfig(f, fclose) { - f.submit(); - if (fclose == true) - window.close(); -} diff --git a/base/ra/doc/CMakeLists.txt b/base/ra/doc/CMakeLists.txt deleted file mode 100644 index 419289d03..000000000 --- a/base/ra/doc/CMakeLists.txt +++ /dev/null @@ -1,8 +0,0 @@ -configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY) - -install( - FILES - ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf -) diff --git a/base/ra/doc/CS.cfg.in b/base/ra/doc/CS.cfg.in deleted file mode 100644 index 227b117ce..000000000 --- a/base/ra/doc/CS.cfg.in +++ /dev/null @@ -1,242 +0,0 @@ -_000=## -_001=## Registration Authority (RA) Configuration File -_002=## -pidDir=[PKI_PIDDIR] -pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] -pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] -pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] -pkicreate.secure_port=[PKI_SECURE_PORT] -pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] -pkicreate.unsecure_port=[PKI_UNSECURE_PORT] -pkicreate.user=[PKI_USER] -pkicreate.group=[PKI_GROUP] -pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] -request._000=######################################### -request._001=# Request Queue Parameters -request._002=######################################### -agent.authorized_groups=administrators,agents -admin.authorized_groups=administrators -database.dbfile=[PKI_INSTANCE_PATH]/conf/dbfile -database.lockfile=[PKI_INSTANCE_PATH]/conf/dblock -request.renewal.approve_request.0.ca=ca1 -request.renewal.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA -request.renewal.approve_request.0.profileId=caDualRAuserCert -request.renewal.approve_request.0.reqType=crmf -request.renewal.approve_request.1.mailTo=$created_by -request.renewal.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.renewal.approve_request.1.templateDir=/usr/share/pki/ra/conf -request.renewal.approve_request.1.templateFile=mail_approve_request.vm -request.renewal.approve_request.num_plugins=2 -request.renewal.reject_request.num_plugins=0 -request.renewal.create_request.0.assignTo=agents -request.renewal.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.renewal.create_request.1.mailTo=$created_by -request.renewal.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.renewal.create_request.1.templateDir=/usr/share/pki/ra/conf -request.renewal.create_request.1.templateFile=mail_create_request.vm -request.renewal.create_request.num_plugins=2 -request.scep.profileId=caRARouterCert -request.scep.reqType=pkcs10 -request.scep.create_request.num_plugins=2 -request.scep.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.scep.create_request.0.assignTo=agents -request.scep.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.scep.create_request.1.mailTo= -request.scep.create_request.1.templateDir=/usr/share/pki/ra/conf -request.scep.create_request.1.templateFile=mail_create_request.vm -request.scep.approve_request.num_plugins=1 -request.scep.approve_request.0.plugin=PKI::Request::Plugin::CreatePin -request.scep.approve_request.0.pinFormat=$site_id -request.scep.reject_request.num_plugins=0 -request.agent.profileId=caRAagentCert -request.agent.reqType=crmf -request.agent.create_request.num_plugins=2 -request.agent.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.agent.create_request.0.assignTo=agents -request.agent.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.agent.create_request.1.mailTo= -request.agent.create_request.1.templateDir=/usr/share/pki/ra/conf -request.agent.create_request.1.templateFile=mail_create_request.vm -request.agent.approve_request.num_plugins=1 -request.agent.approve_request.0.plugin=PKI::Request::Plugin::CreatePin -request.agent.approve_request.0.pinFormat=$uid -request.agent.reject_request.num_plugins=0 -request.user.create_request.num_plugins=2 -request.user.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.user.create_request.0.assignTo=agents -request.user.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.user.create_request.1.templateDir=/usr/share/pki/ra/conf -request.user.create_request.1.templateFile=mail_create_request.vm -request.user.create_request.1.mailTo= -request.user.approve_request.num_plugins=2 -request.user.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA -request.user.approve_request.0.ca=ca1 -request.user.approve_request.0.profileId=caDualRAuserCert -request.user.approve_request.0.reqType=crmf -request.user.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.user.approve_request.1.mailTo=$created_by -request.user.approve_request.1.templateDir=/usr/share/pki/ra/conf -request.user.approve_request.1.templateFile=mail_approve_request.vm -request.user.reject_request.num_plugins=0 -request.server.create_request.num_plugins=2 -request.server.create_request.0.plugin=PKI::Request::Plugin::AutoAssign -request.server.create_request.0.assignTo=agents -request.server.create_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.server.create_request.1.mailTo= -request.server.create_request.1.templateDir=/usr/share/pki/ra/conf -request.server.create_request.1.templateFile=mail_create_request.vm -request.server.approve_request.num_plugins=2 -request.server.approve_request.0.plugin=PKI::Request::Plugin::RequestToCA -request.server.approve_request.0.ca=ca1 -request.server.approve_request.0.profileId=caRAserverCert -request.server.approve_request.0.reqType=pkcs10 -request.server.approve_request.1.plugin=PKI::Request::Plugin::EmailNotification -request.server.approve_request.1.mailTo=$created_by -request.server.approve_request.1.templateDir=/usr/share/pki/ra/conf -request.server.approve_request.1.templateFile=mail_approve_request.vm -request.server.reject_request.num_plugins=0 -cs.type=RA -service.machineName=[PKI_HOSTNAME] -service.instanceDir=[PKI_INSTANCE_PATH] -service.securePort=[PKI_SECURE_PORT] -service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] -service.unsecurePort=[PKI_UNSECURE_PORT] -service.instanceID=[PKI_INSTANCE_NAME] -logging._000=######################################### -logging._001=# RA configuration File -logging._002=# -logging._003=# All <...> must be replaced with -logging._004=# appropriate values. -logging._005=######################################### -logging._006=######################################## -logging._007=# logging -logging._008=# -logging._009=# logging.debug.enable: -logging._010=# logging.audit.enable: -logging._011=# logging.error.enable: -logging._012=# - enable or disable the corresponding logging -logging._013=# logging.debug.filename: -logging._014=# logging.audit.filename: -logging._015=# logging.error.filename: -logging._016=# - name of the log file -logging._017=# logging.debug.level: -logging._018=# logging.audit.level: -logging._019=# logging.error.level: -logging._020=# - level of logging. (0-10) -logging._021=# 0 - no logging, -logging._022=# 4 - LL_PER_SERVER these messages will occur only once -logging._023=# during the entire invocation of the -logging._024=# server, e. g. at startup or shutdown -logging._025=# time., reading the conf parameters. -logging._026=# Perhaps other infrequent events -logging._027=# relating to failing over of CA, TKS, -logging._028=# too -logging._029=# 6 - LL_PER_CONNECTION these messages happen once per -logging._030=# connection - most of the log events -logging._031=# will be at this level -logging._032=# 8 - LL_PER_PDU these messages relate to PDU -logging._033=# processing. If you have something that -logging._034=# is done for every PDU, such as -logging._035=# applying the MAC, it should be logged -logging._036=# at this level -logging._037=# 9 - LL_ALL_DATA_IN_PDU dump all the data in the PDU - a more -logging._038=# chatty version of the above -logging._039=# 10 - all logging -logging._040=######################################### -logging.debug.enable=true -logging.debug.filename=[PKI_INSTANCE_PATH]/logs/ra-debug.log -logging.debug.level=7 -logging.audit.enable=true -logging.audit.filename=[PKI_INSTANCE_PATH]/logs/ra-audit.log -logging.audit.level=10 -logging.error.enable=true -logging.error.filename=[PKI_INSTANCE_PATH]/logs/ra-error.log -logging.error.level=10 -conn.ca1._000=######################################### -conn.ca1._001=# CA connection -conn.ca1._002=# -conn.ca1._003=# conn.ca<n>.hostport: -conn.ca1._004=# - host name and port number of your CA, format is host:port -conn.ca1._005=# conn.ca<n>.clientNickname: -conn.ca1._006=# - nickname of the client certificate for -conn.ca1._007=# authentication -conn.ca1._008=# conn.ca<n>.servlet.enrollment: -conn.ca1._009=# - servlet to contact in CA -conn.ca1._010=# - must be '/ca/ee/ca/profileSubmitSSLClient' -conn.ca1._008=# conn.ca<n>.servlet.addagent: -conn.ca1._009=# - servlet to add ra agent on CA -conn.ca1._010=# - must be '/ca/admin/ca/registerRaUser -conn.ca1._011=# conn.ca<n>.retryConnect: -conn.ca1._012=# - number of reconnection attempts on failure -conn.ca1._013=# conn.ca<n>.timeout: -conn.ca1._014=# - connection timeout -conn.ca1._015=# conn.ca<n>.SSLOn: -conn.ca1._016=# - enable SSL or not -conn.ca1._017=# conn.ca<n>.keepAlive: -conn.ca1._018=# - enable keep alive or not -conn.ca1._019=# -conn.ca1._020=# where -conn.ca1._021=# <n> - CA connection ID -conn.ca1._022=######################################### -failover.pod.enable=false -conn.ca1.hostport=[PKI_CA_HOSTNAME]:[PKI_CA_PORT] -conn.ca1.clientNickname=[HSM_LABEL][NICKNAME] -conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient -conn.ca1.servlet.addagent=/ca/admin/ca/registerRaUser -conn.ca1.servlet.revoke=/ca/subsystem/ca/doRevoke -conn.ca1.servlet.unrevoke=/ca/subsystem/ca/doUnrevoke -conn.ca1.retryConnect=3 -conn.ca1.timeout=100 -conn.ca1.SSLOn=true -conn.ca1.keepAlive=true -preop.pin=[PKI_RANDOM_NUMBER] -cms.product.version=@APPLICATION_VERSION@ -preop.cert._000=######################################### -preop.cert._001=# Installation configuration "preop" certs parameters -preop.cert._002=######################################### -preop.cert.list=sslserver,subsystem -preop.cert.sslserver.enable=true -preop.cert.subsystem.enable=true -preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA -preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_NAME] -preop.cert.sslserver.keysize.customsize=2048 -preop.cert.sslserver.keysize.size=2048 -preop.cert.sslserver.keysize.select=custom -preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME] -preop.cert.sslserver.profile=caInternalAuthServerCert -preop.cert.sslserver.subsystem=ra -preop.cert._003=#preop.cert.sslserver.type=local -preop.cert.sslserver.userfriendlyname=SSL Server Certificate -preop.cert._004=#preop.cert.sslserver.cncomponent.override=false -preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA -preop.cert.subsystem.dn=CN=RA Subsystem Certificate, OU=[PKI_INSTANCE_NAME] -preop.cert.subsystem.keysize.customsize=2048 -preop.cert.subsystem.keysize.size=2048 -preop.cert.subsystem.keysize.select=custom -preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] -preop.cert.subsystem.profile=caInternalAuthSubsystemCert -preop.cert.subsystem.subsystem=ra -preop.cert._005=#preop.cert.subsystem.type=local -preop.cert.subsystem.userfriendlyname=Subsystem Certificate -preop.cert._006=#preop.cert.subsystem.cncomponent.override=true -preop.configModules._000=######################################### -preop.configModules._001=# Installation configuration "preop" module parameters -preop.configModules._002=######################################### -preop.configModules.count=3 -preop.configModules.module0.commonName=NSS Internal PKCS #11 Module -preop.configModules.module0.imagePath=/pki/images/clearpixel.gif -preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module -preop.configModules.module1.commonName=nfast -preop.configModules.module1.imagePath=/pki/images/clearpixel.gif -preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module -preop.configModules.module2.commonName=lunasa -preop.configModules.module2.imagePath=/pki/images/clearpixel.gif -preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module -preop.module.token=NSS Certificate DB -preop.keysize._000=######################################### -preop.keysize._001=# Installation configuration "preop" keysize parameters -preop.keysize._002=######################################### -preop.keysize.customsize=2048 -preop.keysize.select=default -preop.keysize.size=2048 -preop.keysize.ecc.size=256 diff --git a/base/ra/emails/mail_approve_request.vm b/base/ra/emails/mail_approve_request.vm deleted file mode 100644 index 461eb4d10..000000000 --- a/base/ra/emails/mail_approve_request.vm +++ /dev/null @@ -1,11 +0,0 @@ -Reply-to: $mail_to -Subject: Request #$request_id approved -To: $mail_to -Content-type: text/plain\n\n -Request #$request_id has been approved -for -Subject DN: $subject_dn - -Import certificate at: -https://$machineName:$nonClientAuthSecurePort/ee/request/getcert.cgi?id=$request_id - diff --git a/base/ra/emails/mail_create_request.vm b/base/ra/emails/mail_create_request.vm deleted file mode 100644 index 317270efa..000000000 --- a/base/ra/emails/mail_create_request.vm +++ /dev/null @@ -1,8 +0,0 @@ -Reply-to: $mail_to -Subject: New request #$request_id has been created -To: $mail_to -Content-type: text/plain\n\n -A new request has been created for you. You can access -the request by going to - -https://$machineName:$securePort/agent/request/read.cgi?id=$request_id diff --git a/base/ra/etc/init.d/pki-rad b/base/ra/etc/init.d/pki-rad deleted file mode 100755 index 7da9775f9..000000000 --- a/base/ra/etc/init.d/pki-rad +++ /dev/null @@ -1,87 +0,0 @@ -#!/bin/bash -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007-2010 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# pki-rad Startup script for the Apache HTTP pki-ra Server -# -# chkconfig: - 86 14 -# description: Registration Authority (Apache) -# processname: pki-rad -# piddir: /var/run/pki/ra -# config: ${PKI_INSTANCE_PATH}/conf/httpd.conf - -PROG_NAME=`basename $0` -SERVICE_NAME="pki-rad" -SERVICE_PROG="/sbin/service" -PKI_PATH="/usr/share/pki/ra" -PKI_REGISTRY="/etc/sysconfig/pki/ra" -PKI_TYPE="pki-ra" -PKI_TOTAL_PORTS=3 - -# Avoid using 'systemctl' for now -SYSTEMCTL_SKIP_REDIRECT=1 -export SYSTEMCTL_SKIP_REDIRECT - -# Disallow 'others' the ability to 'write' to new files -umask 00002 - -command="$1" -pki_instance="$2" - -# Source function library. -. /etc/init.d/functions - -# Source the PKI function library -. /usr/share/pki/scripts/functions - -# See how we were called. -case $command in - status) - registry_status - exit $? - ;; - start) - start - exit $? - ;; - restart) - restart - exit $? - ;; - stop) - stop - exit $? - ;; - condrestart|force-restart|try-restart) - [ ! -f ${lockfile} ] || restart - exit $? - ;; - reload) - echo "The 'reload' action is an unimplemented feature." - exit ${default_error} - ;; - *) - echo "unknown action ($command)" - usage - echo "where valid instance names include:" - list_instances - exit ${default_error} - ;; -esac - diff --git a/base/ra/lib/perl/PKI/Base/CertStore.pm b/base/ra/lib/perl/PKI/Base/CertStore.pm deleted file mode 100644 index 1a31ff971..000000000 --- a/base/ra/lib/perl/PKI/Base/CertStore.pm +++ /dev/null @@ -1,151 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::CertStore; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a cert store -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens this store -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); -} - -sub read_certificate { - my ($self, $serialno) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from certificates " . - "where serialno=" . $dbh->quote($serialno); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub map_certificate { - my ($self, $certificate) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from certificates " . - "where " . - "certificate=" . $dbh->quote($certificate); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub read_certificate_by_approver { - my ($self, $uid, $serialno) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from certificates " . - "where approved_by=". $dbh->quote($uid). - "AND serialno=" . $dbh->quote($serialno); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub list_certs_by_approver { - my ($self, $uid, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select *,approved_by from certificates " . - "where " . - "approved_by=". $dbh->quote($uid). - " limit $startpos, $maxcount"; - - my $sth = $dbh->prepare($select); - $sth->execute(); - my @certs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@certs, $ref); - } - $sth->finish(); - return @certs; - - -} - -sub add_certificate { - my ($self, $serialno, $csr, $subject_dn, $certificate, $reqid, $approved_by) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - # sqlite is not thread safe, do our own lock here - my $cmd = "insert into certificates (" . - "subject_dn" . "," . - "certificate" . "," . - "csr" . "," . - "serialno" . "," . - "rid" . "," . - "approved_by" . "," . - "created_at" . - ") values (" . - $dbh->quote($subject_dn) . "," . - $dbh->quote($certificate) . "," . - $dbh->quote($csr) . "," . - $dbh->quote($serialno) . "," . - $dbh->quote($reqid) . "," . - $dbh->quote($approved_by) . "," . - $dbh->quote($now) . - ")"; -REDO_ADD_CERT: - eval { - $dbh->do($cmd); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_ADD_CERT; - } - -} - -####################################### -# Closes this store -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/base/ra/lib/perl/PKI/Base/Conf.pm b/base/ra/lib/perl/PKI/Base/Conf.pm deleted file mode 100755 index 895ab28a3..000000000 --- a/base/ra/lib/perl/PKI/Base/Conf.pm +++ /dev/null @@ -1,130 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::Base::Conf; - -use strict; -use warnings; -use Exporter; - -$PKI::Base::Conf::VERSION = '1.00'; - -####################################################### -# Configuration Store -####################################################### -sub new { - my $class = shift; - my $self = {}; - my %hash = (); - $self->{filename} = ""; - $self->{hash} = \%hash; - bless $self,$class; - return $self; -} - -sub load_file -{ - my ($self, $filename) = @_; - - $self->{filename} = $filename; - if (-e $filename) { - open(CF, "<$filename"); - if (defined fileno CF) { - while (<CF>) { - if (/^#/) { - # comments - } elsif (/([^=]+)=(.*)$/) { - # print "$1 = $2\n"; - $self->{hash}{$1} = $2; - } else { - # preserve comments - } - } - } - close(CF); - } -} - -sub get_filename -{ - my ($self) = @_; - return $self->{filename}; -} - -sub get -{ - my ($self, $n) = @_; - return $self->{hash}{$n}; -} - -sub put -{ - my ($self, $n, $v) = @_; - $self->{hash}{$n} = $v; -} - -sub commit -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - - if (-e $self->{filename}) { - system("mv \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - } - - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); - - if (-e $self->{filename} . "." . $suffix) { - system("rm \"" . $self->{filename} . "." . $suffix . "\""); - } -} - -sub commit_with_backup -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - system("mv \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); -} - -1; diff --git a/base/ra/lib/perl/PKI/Base/PinStore.pm b/base/ra/lib/perl/PKI/Base/PinStore.pm deleted file mode 100644 index 437d259ff..000000000 --- a/base/ra/lib/perl/PKI/Base/PinStore.pm +++ /dev/null @@ -1,180 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::PinStore; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens request queue -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); -} - -####################################### -# Creates a new request -####################################### -sub generate_random -{ - my $low = $_[0]; - my $high = $_[1]; - - my $number = 0; - - if( $low >= $high || $low < 0 || $high < 0 ) { - return -1; - } - - $number = int( rand( $high -$low +1 ) ) + $low; - - return $number; -} - - -# arg0 length of string -# return random string -sub generate_random_string() -{ - my $length_of_randomstring=shift; # the length of the string - - my @chars=( 'a'..'z','A'..'Z','0'..'9' ); - my $random_string; - - foreach( 1..$length_of_randomstring ) { - $random_string .= $chars[rand @chars]; - } - - return $random_string; -} - -sub create_pin { - my ($self, $key, $rid, $created_by) = @_; - my $dbh = $self->{dbh}; - - my $pin = &generate_random_string(10); - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - # delete previous pin - my $delete = "delete from pins where key=" . $dbh->quote($key); - $dbh->do($delete); - - my $insert = "insert into pins (" . - "key" . "," . - "pin" . "," . - "rid" . "," . - "created_by" . "," . - "created_at" . - ") values (" . - $dbh->quote($key) . "," . - $dbh->quote($pin) . "," . - $dbh->quote($rid) . "," . - $dbh->quote($created_by) . "," . - $dbh->quote($now) . - ")"; -REDO_CREATE_PIN: - eval { - $dbh->do($insert); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_CREATE_PIN; - } - - my $rid = $dbh->func('last_insert_rowid'); - -# my $ref = $self->read_pin($rid); - - return $pin; -} - -####################################### -# Matches pin -####################################### -sub match { - my ($self, $key, $pin) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from pins " . - "where " . - "key=" . $dbh->quote($key) . " AND " . - "pin=" . $dbh->quote($pin); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - if (defined($ref)) { - return 1; - } else { - return 0; - } -} - -sub read_pin { - my ($self, $key) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from pins " . - "where " . - "key=" . $dbh->quote($key); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -####################################### -# Deletes pin -####################################### -sub delete { - my ($self, $key) = @_; - my $dbh = $self->{dbh}; - my $cmd = "delete from pins " . - "where " . - "key=" . $dbh->quote($key); - $dbh->do($cmd); -} - -####################################### -# Closes request queue -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/base/ra/lib/perl/PKI/Base/Registry.pm b/base/ra/lib/perl/PKI/Base/Registry.pm deleted file mode 100644 index a4fb83f28..000000000 --- a/base/ra/lib/perl/PKI/Base/Registry.pm +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::Registry; - -use PKI::Base::Conf; - -my $docroot; -my $cfg; -my $parser; - -BEGIN { - $docroot = $ENV{DOCUMENT_ROOT}; - $cfg = PKI::Base::Conf->new(); - $cfg->load_file("$docroot/../conf/CS.cfg"); - $parser = new Template::Velocity($docroot); - -} - -sub get_docroot { - my ($self) = @_; - return $docroot; -} - -sub get_parser { - my ($self) = @_; - return $parser; -} - -sub get_config { - my ($self) = @_; - return $cfg; -} - -1; diff --git a/base/ra/lib/perl/PKI/Base/TimeTool.pm b/base/ra/lib/perl/PKI/Base/TimeTool.pm deleted file mode 100755 index 11f4be208..000000000 --- a/base/ra/lib/perl/PKI/Base/TimeTool.pm +++ /dev/null @@ -1,54 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::TimeTool; - -use Time::Local; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub get_time() -{ - my ($self) = @_; - my ($sec, $min, $hr, $mday, $mnth, $y, $wd, $yd, $ds) = localtime(); - my $r_year = 1900 + $y; - my $r_mnth; - my $r_day; - $r_day = $mday; - $mnth = $mnth + 1; - $r_mnth = $mnth; - return "$r_year-$r_mnth-$r_day $hr:$min:$sec"; -} - - -1; diff --git a/base/ra/lib/perl/PKI/Base/UserStore.pm b/base/ra/lib/perl/PKI/Base/UserStore.pm deleted file mode 100644 index c05683792..000000000 --- a/base/ra/lib/perl/PKI/Base/UserStore.pm +++ /dev/null @@ -1,343 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::UserStore; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens this store -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); - my $timeout = $self->{dbh}->func("busy_timeout"); - $self->{dbh}->func($timeout * 10, "busy_timeout"); -} - -####################################### -# Maps user -####################################### -sub map_user { - my ($self, $certificate) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from users " . - "where " . - "certificate=" . $dbh->quote($certificate); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -####################################### -# Gets roles of the given user -####################################### -sub get_roles { - my ($self, $uid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from roles " . - "where " . - "uid=" . $dbh->quote($uid); - my @roles; - my $sth = $dbh->prepare($select); - $sth->execute(); - while (my $ref = $sth->fetchrow_hashref()) { - push(@roles, $ref->{'gid'}); - } - $sth->finish(); - return @roles; -} - - -####################################### -# Reads a user -####################################### -sub read_group { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from groups " . - "where gid=" . $dbh->quote($gid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub read_user { - my ($self, $uid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from users " . - "where uid=" . $dbh->quote($uid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub set_user { - my ($self, $uid, $name, $value) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update users set " . - $name . "=" . $dbh->quote($value) . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where uid=" . $dbh->quote($uid); - $dbh->do($update); - - my $select = "select * from users " . - "where uid=" . $dbh->quote($uid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -####################################### -# Lists all members in the given group -####################################### -sub list_all_members { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from roles where " . - "gid=" . $dbh->quote($gid) . " " . - "order by uid desc "; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -####################################### -# Lists -####################################### -sub list_all_non_members { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - # find members of the given group - my $select1 = "select * from roles where " . - "gid=" . $dbh->quote($gid); - my $sth1 = $dbh->prepare($select1); - $sth1->execute(); - my $filter = ""; - while (my $ref1 = $sth1->fetchrow_hashref()) { - if ($filter eq "") { - $filter = "uid<>" . $dbh->quote($ref1->{'uid'}); - } else { - $filter = $filter . " AND " . "uid<>" . $dbh->quote($ref1->{'uid'}); - } - } - $sth1->finish(); - - my $select; - if ($filter eq "") { - $select = "select * from users " . - "order by uid desc "; - } else { - $select = "select * from users where (" . - $filter . ") " . - "order by uid desc "; - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -sub delete_user { - my ($self, $userid) = @_; - my $dbh = $self->{dbh}; - - my $cmd = "delete from roles where uid=" . $dbh->quote($userid); - $dbh->do($cmd); - $cmd = "delete from users where uid=" . $dbh->quote($userid); - $dbh->do($cmd); -} - -sub add_user_to_group { - my ($self, $gid, $userid) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "insert into roles (" . - "gid" . "," . - "uid" . - ") values (" . - $dbh->quote($gid) . "," . - $dbh->quote($userid) . - ")"; - $dbh->do($cmd); -} - -sub delete_user_from_group { - my ($self, $gid, $userid) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "delete from roles where " . - "gid=" . $dbh->quote($gid) . " AND " . - "uid=" . $dbh->quote($userid); - $dbh->do($cmd); -} - -sub add_user { - my ($self, $userid, $name, $email, $certificate) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "insert into users (" . - "uid" . "," . - "name" . "," . - "email" . "," . - "certificate" . "," . - "created_at" . - ") values (" . - $dbh->quote($userid) . "," . - $dbh->quote($name) . "," . - $dbh->quote($email) . "," . - $dbh->quote($certificate) . "," . - $dbh->quote($now) . - ")"; -REDO_ADD_USER: - eval { - $dbh->do($cmd); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_ADD_USER; - } -} - -sub add_group { - my ($self, $gid, $name) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "insert into groups (" . - "gid" . "," . - "name" . "," . - "created_at" . - ") values (" . - $dbh->quote($gid) . "," . - $dbh->quote($name) . "," . - $dbh->quote($now) . - ")"; -REDO_ADD_GROUP: - eval { - $dbh->do($cmd); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_ADD_GROUP; - } -} - -sub delete_group { - my ($self, $gid) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $cmd = "delete from roles where gid=" . $dbh->quote($gid); - $dbh->do($cmd); - $cmd = "delete from groups where gid=" . $dbh->quote($gid); - $dbh->do($cmd); -} - -sub list_users { - my ($self, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from users " . - "order by uid desc " . - "limit $startpos, $maxcount"; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -sub list_groups { - my ($self, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select * from groups " . - "order by gid desc " . - "limit $startpos, $maxcount"; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} -####################################### -# Closes this store -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/base/ra/lib/perl/PKI/Base/Util.pm b/base/ra/lib/perl/PKI/Base/Util.pm deleted file mode 100755 index f01062e42..000000000 --- a/base/ra/lib/perl/PKI/Base/Util.pm +++ /dev/null @@ -1,155 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Base::Util; - -use Time::Local; - -use DBI; -use HTML::Entities; - -####################################### -# Constructs a util -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub get_val() -{ - my ($self, $s) = @_; - return $s; -} - -sub get_integer_val() -{ - my ($self, $s) = @_; - return $s; -} - -sub get_string_val() -{ - my ($self, $s) = @_; - return $s; -} - -sub get_alphanum_val() -{ - my ($self, $s) = @_; - $s =~ s/[^A-Za-z0-9 ]*//g; - return $s; -} - -sub normalize_csr() -{ - my ($self, $s) = @_; - $s =~ s/-----BEGIN CERTIFICATE REQUEST-----//g; - $s =~ s/-----END CERTIFICATE REQUEST-----//g; - $s =~ s/-----BEGIN NEW CERTIFICATE REQUEST-----//g; - $s =~ s/-----END NEW CERTIFICATE REQUEST-----//g; - $s =~ s/\s//g; - return $s; -} - -sub breakline() -{ - my ($self, $s, $maxlen) = @_; - - my $new_s; - my $i = 0; - foreach my $c (split(//, $s)) { - if ($i == $maxlen) { - $i = 0; - $new_s = $new_s . "<br/>"; - } - $new_s = $new_s . $c; - $i++; - } - return $new_s; -} - -sub nv_to_hash() -{ - my ($self, $s) = @_; - my %hash; - my @pairs = split(/;/, $s); - foreach $pair (@pairs) { - my $i = index('=', $pair); - my $n = substr($pair, 0, $i-1); - my $v = substr($pair, $i); - $hash{$n} = $v; - } - return \%hash; -} - -sub nv_to_str() -{ - my ($self, $hash) = @_; - my $s = ""; - foreach $k (keys %$hash) { - if ($s eq "") { - $s = $k . "=" . $$hash{$k}; - } else { - $s = $s . ";" . $k . "=" . $$hash{$k}; - } - } - return $s; -} - -sub test() -{ - my %h; - $h{'x'} = 'y'; - $h{'z'} = 'y'; - my $o = PKI::Base::NameValueUtil->new(); - print $o->to_str(\%h) . "\n"; - print $o->to_str($o->to_hash("5=1;c=2")) . "\n"; -} - -sub html_encode() -{ - my ($self, $s) = @_; - return HTML::Entities::encode($s); -} - -sub html_encode_and_break() -{ - my ($self, $s, $maxlen) = @_; - my $new_s = ''; - my $i = 0; - foreach my $c (split(//, $s)) { - if ($i == $maxlen) { - $i = 0; - $new_s = $new_s . '***'; - } - $new_s = $new_s . $c; - $i++; - } - $s = HTML::Entities::encode($new_s); - $s =~ s/\*\*\*/<br\/>/g; - return $s; -} - -1; diff --git a/base/ra/lib/perl/PKI/Conn/CA.pm b/base/ra/lib/perl/PKI/Conn/CA.pm deleted file mode 100644 index f3c8834ed..000000000 --- a/base/ra/lib/perl/PKI/Conn/CA.pm +++ /dev/null @@ -1,390 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Conn::CA; - -use URI::URL; -use URI::Escape; -use XML::Simple; -use Data::Dumper; -use DBI; -use PKI::Base::TimeTool; -use PKI::Base::CertStore; -use PKI::Base::Util; -use PKI::Request::Queue; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens request queue -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $certstore = PKI::Base::CertStore->new(); - $certstore->open($cfg); - $self->{certstore} = $certstore; -} - -####################################### -# Enrolls -####################################### -sub enroll { - my ($self, $rid, $con_id, $profile_id, $cert_request_type, $cert_request) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $req = $queue->read_request($rid); - if ($req->{'subject_dn'} ne "unavailable") { - $subject = $req->{'subject_dn'}; - } - - my $tmpfile = "/tmp/tmp-$rid-$$"; - my $params = "profileId=" . $profile_id . "&" . - "requestor_name=" . - URI::Escape::uri_escape("$requestor_name") . "&" . - "cert_request_type=" . $cert_request_type . "&" . - "subject=" . - URI::Escape::uri_escape("$subject") . "&" . - "cert_request=" . - URI::Escape::uri_escape("$cert_request") . "&" . - "xmlOutput=true"; - - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$port > $tmpfile"); - - my $content = `cat $tmpfile`; - if ($content eq "") { - $queue->set_request($rid, "errorString", "CA Connection Error"); - $queue->set_request($rid, "status", "ERROR"); - $queue->close(); - - $queue->close(); - return ""; - } - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - $content =~ s/\n//g; - - my $xmlparser = XML::Simple->new(); - my $response = $xmlparser->XMLin($content); - - my $status = $response->{Status}; - if ($status ne "0") { - my $errorString = $response->{Error}; - - $queue->set_request($rid, "errorString", "CA: ".$errorString); - $queue->set_request($rid, "status", "ERROR"); - - $queue->close(); - return ""; - } - - #reset to 0 in case of re-approval - $queue->set_request($rid, "errorString", "0"); - my $req = $queue->read_request($rid); - my $approved_by = $req->{'processed_by'}; - my $serialno = $response->{Requests}->{Request}->{serialno}; - $queue->set_request($rid, "serialno", $serialno); - my $subject_dn = $response->{Requests}->{Request}->{SubjectDN}; - $queue->set_request($rid, "subject_dn", $subject_dn); - my $cert = $response->{Requests}->{Request}->{b64}; - $queue->close(); - - my $util = PKI::Base::Util->new(); - my $csr = $cert_request; - $csr = $util->normalize_csr($csr); - - $self->{certstore}->add_certificate($serialno, $csr, $subject_dn, $cert, $rid, $approved_by); - - system("rm $tmpfile"); - - return $cert; -} - -sub get_http_content -{ - my ($self, $filename) = @_; - my $data = ""; - my $count = `grep -a Content-Length $filename | cut -d' ' -f2`; - chomp($count); - my $file_size = -s $filename; - my $offset = $file_size - $count; - - open(FP, "<$filename"); - binmode(FP); - seek(FP, $offset-1, 0); - read(FP, $data, $count); - close(FP); - return $data; -} - -####################################### -# Revoke -####################################### -sub revoke { - my ($self, $rid, $con_id, $serialno, $reason) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostagentport"); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-revoke-$serialno-$$"; - my ($host, $port) = split(/:/, $cahostport); - my $params = "op=" . "revoke" . "&" . - "revocationReason=" .$reason . "&" . - "revokeAll=(certRecordId=" ."0x".$serialno . ")&" . - "totalRecordCount=" ."1" . "&" . - "xml=true"; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/agent/ca/doRevoke\" $host:$port > $tmpfile"); - - my $content = `cat $tmpfile`; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - if ($content eq "") { - $queue->set_request($rid, "errorString", "CA Connection Error"); -# $queue->set_request($rid, "status", "ERROR"); - $queue->close(); - - $queue->close(); - return ""; - } - $content =~ s/\000//; - $content =~ /(\<xml\>.*\<\/xml\>)/s; - $content = $1; - $content =~ s/\n//g; - - my $req = $queue->read_request($rid); - - my $xmlparser = XML::Simple->new(NormalizeSpace => 2); - my $response = $xmlparser->XMLin($content); - - my $errorString = $response->{fixed}->{errorDetails}; - my $revoked = $response->{header}->{revoked}; - - if ($revoked ne "yes") { - $queue->set_request($rid, "errorString", "CA:".$errorString); - } else { - $queue->set_request($rid, "errorString", "0"); - } - system("rm $tmpfile"); - - $queue->close(); - return; -} - -####################################### -# Get Certificate Status -####################################### -sub getCertStatus { - my ($self, $con_id, $serialno) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - - my $tmpfile = "/tmp/tmp-$serialno-$$"; - my $params = "serialNumber=" . "0x".$serialno . "&" . - "xml=true"; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/displayBySerial\" $host:$port > $tmpfile"); - - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - if ($content eq "") { - return "CA: Connection Error"; - system("rm $tmpfile"); - } - - $content =~ /(\<xml\>.*\<\/xml\>)/s; - $content = $1; - $content =~ s/\n//g; - - my $xmlparser = XML::Simple->new(NormalizeSpace => 2); - my $response = $xmlparser->XMLin($content); - - my $errorString = $response->{fixed}->{errorDetails}; - my $revokeReason = $response->{header}->{revocationReason}; - - if ($revokeReason eq "") { - if ($errorString eq "") { - return "not revoked"; - } else { - return "CA:".$errorString; - } - } else { - return "revoked:".$revokeReason; - } -} - -####################################### -# SCEP -####################################### -sub scep_get_ca_cert { - my ($self, $con_id, $operation, $message) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-$$"; - my $params = "operation=" . $operation . "&" . - "message=" . $message; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -n \"$nickname\" -r \"/ca/ee/ca/pkiclient\" $host:$port > $tmpfile"); - - - my $content = $self->get_http_content($tmpfile); - - system("rm $tmpfile"); - - return $content; -} - -# decode PKI Message -sub scep_decode { - my ($self, $con_id, $operation, $message) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-$$"; - my $params = "operation=" . $operation . "&" . - "message=" . $message . "&" . - "decode=true"; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -n \"$nickname\" -r \"/ca/ee/ca/pkiclient\" $host:$port > $tmpfile"); - - - my $content = $self->get_http_content($tmpfile); - - system("rm $tmpfile"); - - return $content; -} - -sub scep_pki_message { - my ($self, $con_id, $operation, $message) = @_; - - my $cfg = $self->{cfg}; - my $instdir = $cfg->get("service.instanceDir"); - my $db_password; - - my $nickname = $cfg->get("conn." . $con_id . ".clientNickname"); - my $cahostport = $cfg->get("conn." . $con_id . ".hostport"); - my ($host, $port) = split(/:/, $cahostport); - - if ($nickname =~ /(.*):(.*)/) { - $db_password = `grep \"$1:\" \"$instdir/conf/password.conf\" | awk -F: '{print \$2}'`; - } else { - $db_password = `grep \"internal:\" \"$instdir/conf/password.conf\" | cut -c10-`; - } - $db_password =~ s/\n$//g; - - my $tmpfile = "/tmp/tmp-$$"; - my $params = "operation=" . $operation . "&" . - "message=" . $message; - system("/usr/bin/sslget -e \"$params\" -d \"$instdir/alias\" -p \"$db_password\" -n \"$nickname\" -r \"/ca/ee/ca/pkiclient\" $host:$port > $tmpfile"); - - - my $content = $self->get_http_content($tmpfile); - - system("rm $tmpfile"); - - return $content; -} - - -####################################### -# Closes connection -####################################### -sub close { - my ($self) = @_; - $self->{certstore}->close(); -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/AdminAuthPanel.pm b/base/ra/lib/perl/PKI/RA/AdminAuthPanel.pm deleted file mode 100755 index 656dc2d5e..000000000 --- a/base/ra/lib/perl/PKI/RA/AdminAuthPanel.pm +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::AdminAuthPanel; -$PKI::RA::AdminAuthPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(8); - $self->{"getName"} = &PKI::RA::Common::r("Admin Authentication"); - $self->{"vmfile"} = "adminauthenticatepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminAuthPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminAuthPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminAuthPanel: display"); - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/AdminPanel.pm b/base/ra/lib/perl/PKI/RA/AdminPanel.pm deleted file mode 100755 index a5538ef54..000000000 --- a/base/ra/lib/perl/PKI/RA/AdminPanel.pm +++ /dev/null @@ -1,227 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use URI::Escape; -use DBI; - -package PKI::RA::AdminPanel; -$PKI::RA::AdminPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(14); - $self->{"getName"} = &PKI::RA::Common::r("Administrator"); - $self->{"vmfile"} = "adminpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminPanel: validate"); - return 1; -} - - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminPanel: update"); - - my $uid = $q->param("uid"); - my $name = $q->param("name"); - my $email = $q->param("email"); - my $password = $q->param("__pwd"); - my $password_again = $q->param("__admin_password_again"); - - my $cert_request = $q->param("cert_request"); - my $subject = $q->param("subject"); - my $profile_id = $q->param("profileId"); - my $cert_request_type = $q->param("cert_request_type"); - - $cert_request =~ s/%0D%0A//g; # remove carraige return - - # submit request to CA - - # Admin Certificate should be obtained from the ca selected in the - # name panel. If name panel use External CA, the admin certificate - # will be issued by the security domain CA. - my $cainfo = $::config->get("preop.ca.url"); - &PKI::RA::Wizard::debug_log("AdminPanel: preop.ca.url=$cainfo"); - if ($cainfo eq "" || $cainfo =~ /:$/) { - $cainfo = $::config->get("config.sdomainEEURL"); - &PKI::RA::Wizard::debug_log("AdminPanel: config.sdomainEEURL=$cainfo"); - } - &PKI::RA::Wizard::debug_log("AdminPanel: Connecting to CA: $cainfo"); - my $cainfo_url = new URI::URL($cainfo); - my $sdom = $::config->get("config.sdomainEEURL"); - my $sdom_url = new URI::URL($sdom); - - my $machineName = $::config->get("service.machineName"); - my $securePort = $::config->get("service.securePort"); - my $session_id = $::config->get("preop.sessionID"); - - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $requestor_name = "RA-" . $machineName . "-" . $securePort; - - my $params = "profileId=" . $profile_id . "&" . - "requestor_name=" . $requestor_name . "&" . - "cert_request_type=" . $cert_request_type . "&" . - "subject=" . $subject . "&" . - "cert_request=" . - URI::Escape::uri_escape("$cert_request") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_url->host . "&" . - "auth_port=" . $sdom_url->port; - - my $ca_host = $cainfo_url->host; - my $https_ee_port = $cainfo_url->port; - my $content = ""; - my $tmpfile = "/tmp/admin-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile"); - $content = `cat $tmpfile`; - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile"); - $content = `cat $tmpfile`; - } - system("rm $tmpfile"); - &PKI::RA::Wizard::debug_log("req = " . $content); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - # create user in internal database - &PKI::RA::Wizard::debug_log("AdminPanel: Creating user in internal database"); - # use scripts/addAgents.ldif - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $admincert = $response->{Requests}->{Request}->{b64}; - &PKI::RA::Wizard::debug_log("AdminPanel: admincert " . $admincert); - - # create local database - my $dbh = DBI->connect( - "dbi:SQLite:dbname=$instanceDir/conf/dbfile","",""); - my $insert = "insert into users (" . - "uid" . "," . - "name" . "," . - "password" . "," . - "email" . "," . - "certificate" . - ") values (" . - $dbh->quote($uid) . "," . - $dbh->quote($name) . "," . - $dbh->quote($password) . "," . - $dbh->quote($email) . "," . - $dbh->quote($admincert) . - ")"; - $dbh->do($insert); - $insert = "insert into roles (" . - "uid" . "," . - "gid" . - ") values (" . - $dbh->quote($uid) . "," . - $dbh->quote("administrators") . - ")"; - $dbh->do($insert); - $insert = "insert into roles (" . - "uid" . "," . - "gid" . - ") values (" . - $dbh->quote($uid) . "," . - $dbh->quote("agents") . - ")"; - $dbh->do($insert); - $dbh->disconnect(); - - my $reqid = $response->{Requests}->{Request}->{Id}; - $::config->put("preop.admincert.requestId.0", $reqid); - my $sn = $response->{Requests}->{Request}->{serialno}; - $::config->put("preop.admincert.serialno.0", $sn); - - # update email address - $::config->put("request.agent.create_request.1.mailTo", $email); - $::config->put("request.scep.create_request.1.mailTo", $email); - $::config->put("request.server.create_request.1.mailTo", $email); - $::config->put("request.user.create_request.1.mailTo", $email); - - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AdminPanel: display"); - $::symbol{admin_uid} = "admin"; - $::symbol{admin_name} = "RA Administrator"; - $::symbol{admin_email} = ""; - $::symbol{admin_pwd} = ""; - $::symbol{admin_pwd_again} = ""; - $::symbol{import} = "true"; - my $domain_name = $::config->get("preop.securitydomain.name"); - $::symbol{securityDomain} = $domain_name; - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/AgentAuthPanel.pm b/base/ra/lib/perl/PKI/RA/AgentAuthPanel.pm deleted file mode 100755 index 1ada5ad54..000000000 --- a/base/ra/lib/perl/PKI/RA/AgentAuthPanel.pm +++ /dev/null @@ -1,86 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::AgentAuthPanel; -$PKI::RA::AgentAuthPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(7); - $self->{"getName"} = &PKI::RA::Common::r("Agent Authentication"); - $self->{"vmfile"} = "agentauthenticatepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AgentAuthPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AgentAuthPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("AgentAuthPanel: display"); - return 1; -} - - -1; diff --git a/base/ra/lib/perl/PKI/RA/BasePanel.pm b/base/ra/lib/perl/PKI/RA/BasePanel.pm deleted file mode 100755 index 5cb4d7697..000000000 --- a/base/ra/lib/perl/PKI/RA/BasePanel.pm +++ /dev/null @@ -1,40 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::BasePanel; -$PKI::RA::BasePanel::VERSION = '1.00'; - -sub new { - my ($class) = @_; - my $self = {}; - bless $self, $class; - return $self; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm b/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm deleted file mode 100755 index 4cc65e5cf..000000000 --- a/base/ra/lib/perl/PKI/RA/CAInfoPanel.pm +++ /dev/null @@ -1,289 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::CAInfoPanel; -$PKI::RA::CAInfoPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(4); - $self->{"getName"} = &PKI::RA::Common::r("CA Information"); - $self->{"vmfile"} = "cainfopanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CAInfoPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CAInfoPanel: update"); - - my $count = $q->param('urls'); - &PKI::RA::Wizard::debug_log("CAInfoPanel: update - got urls = $count"); - - &PKI::RA::Wizard::debug_log("CAInfoPanel: update - selected ca= $count"); - - my $instanceID = $::config->get("service.instanceID"); - my $host = ""; - my $https_ee_port = ""; - my $https_agent_port = ""; - my $https_admin_port = ""; - my $domain_xml = ""; - - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_ee_port = $info->port; - $domain_xml = get_domain_xml($host, $https_ee_port); - if ($domain_xml eq "") { - $::symbol{errorString} = "missing security domain. CA must be installed prior to RA installation"; - return 0; - } - - $https_agent_port = get_secure_agent_port_from_domain_xml($domain_xml, $host, $https_ee_port); - $https_admin_port = get_secure_admin_port_from_domain_xml($domain_xml, $host, $https_ee_port); - - if(($https_admin_port eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "missing secure CA admin or agent port. CA must be installed prior to RA installation"; - return 0; - } - } else { - $host = $::config->get("preop.securitydomain.ca$count.host"); - $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - $https_agent_port = $::config->get("preop.securitydomain.ca$count.secureagentport"); - $https_admin_port = $::config->get("preop.securitydomain.ca$count.secureadminport"); - } - - if (($host eq "") || ($https_ee_port eq "") || ($https_admin_port eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no CA found. CA must be installed prior to RA installation"; - return 0; - } - - &PKI::RA::Wizard::debug_log("CAInfoPanel: update - host= $host, https_ee_port= $https_ee_port"); - - $::config->put("preop.cainfo.select", "https://$host:$https_admin_port"); - my $serverCertNickName = $::config->get("preop.cert.sslserver.nickname"); - - my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); - $::config->put("conn.ca1.clientNickname", $subsystemCertNickName); - $::config->put("conn.ca1.hostport", $host . ":" . $https_ee_port); - $::config->put("conn.ca1.hostagentport", $host . ":" . $https_agent_port); - $::config->put("conn.ca1.hostadminport", $host . ":" . $https_admin_port); - - $::config->commit(); - - # connect to the CA, and retrieve the CA certificate - &PKI::RA::Wizard::debug_log("CAInfoPanel: update connecting to CA and retrieve cert chain"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - my $tmpfile = "/tmp/ca-$$"; - system("/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$serverCertNickName\" -r \"/ca/ee/ca/getCertChain\" $host:$https_ee_port > $tmpfile"); - my $cmd = `cat $tmpfile`; - system("rm $tmpfile"); - my $caCert; - if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) { - $caCert = $1; - &PKI::RA::Wizard::debug_log("CAInfoPanel: ca= $caCert"); - } - if ($caCert eq "") { - &PKI::RA::Wizard::debug_log("CAInfoPanel: update no cert chain found"); - return 0; - } - open(F, ">$instanceDir/conf/caCertChain2.txt"); - print F $cert_header."\n".$caCert."\n".$cert_footer; - close(F); - - &PKI::RA::Wizard::debug_log("CAInfoPanel: update retrieve cert chain done"); - - #import cert chain - system("p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt"); - my $r = $? >> 8; - my $failed = $? & 127; - if (($r > 0) && ($r < 10) && !$failed) { - my $i = 0; - while ($i ne $r) { - my $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA c2cert$i"`; - $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA c2cert$i" -t "CT,C,C" -i $instanceDir/conf/chain2cert$i.der`; - $i++; - } - } - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CAInfoPanel: display"); - - $::symbol{urls} = []; -# unshift(@{$::symbol{urls}}, "External CA"); - my $count = 0; - my $first = 1; - my $list = ""; - while (1) { - my $host = $::config->get("preop.securitydomain.ca$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - my $name = $::config->get("preop.securitydomain.ca$count.subsystemname"); - my $item = $name . " - https://" . $host . ":" . $https_ee_port; -# my $item = "https://" . $host . ":" . $https_ee_port; -# unshift(@{$::symbol{urls}}, $item); - $::symbol{urls}[$count++] = $item; - if ($first eq 1) { - $list = $item; - $first = 0; - } else { - $list = $list.",".$item; - } - } -DONE: -# $list = $list.",External CA"; - $::config->put("preop.ca.list", $list); - - $::symbol{urls_size} = $count; - if ($count eq 0) { - $::symbol{errorString} = "no CA found. CA, TKS, and optionally DRM must be installed prior to RA installation"; - return 0; - } - return 1; -} - -sub get_domain_xml -{ - my $host = $1; - my $https_ee_port = $2; - - # get the domain xml - # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $sd_host = $::config->get("securitydomain.host"); - my $sd_admin_port = $::config->get("securitydomain.httpsadminport"); - my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`; - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - return $content; -} - -sub get_secure_admin_port_from_domain_xml -{ - my $content = $1; - my $host = $2; - my $https_ee_port = $3; - - # Retrieve the secure admin port corresponding - # to the selected host and secure ee port. - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $xml = $parser->XMLin( $response->{'DomainInfo'}, - ForceArray => 1 ); - my $https_admin_port = ""; - my $count = 0; - foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) { - if( ( $host eq $c->{'Host'}[0] ) && - ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) { - $https_admin_port = https_$c->{'SecureAdminPort'}[0]; - } - - $count++; - } - - return $https_admin_port; -} - -sub get_secure_agent_port_from_domain_xml -{ - my $content = $1; - my $host = $2; - my $https_ee_port = $3; - - # Retrieve the secure agent port corresponding - # to the selected host and secure ee port. - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $xml = $parser->XMLin( $response->{'DomainInfo'}, - ForceArray => 1 ); - my $https_agent_port = ""; - my $count = 0; - foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) { - if( ( $host eq $c->{'Host'}[0] ) && - ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) { - $https_agent_port = https_$c->{'SecureAgentPort'}[0]; - } - - $count++; - } - - return $https_agent_port; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/CertInfo.pm b/base/ra/lib/perl/PKI/RA/CertInfo.pm deleted file mode 100755 index d1a8c3817..000000000 --- a/base/ra/lib/perl/PKI/RA/CertInfo.pm +++ /dev/null @@ -1,133 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::CertInfo; -$PKI::RA::CertInfo::VERSION = '1.00'; - -sub new { - my ($class, $name, $dn, $tag) = @_; - my $self = {}; - - &PKI::RA::Wizard::debug_log("CertInfo: start new"); - $self->{"getUserFriendlyName"} = \&get_user_friendly_name; - $self->{"getCertTag"} = \&get_cert_tag; - $self->{"getDN"} = \&get_dn; - $self->{"getNickname"} = \&get_nickname; - $self->{"useDefaultKey"} = \&use_default_key; - $self->{"getCustomKeysize"} = \&get_custom_keysize; - $self->{"keyOption"} = \&get_key_option; - &PKI::RA::Wizard::debug_log("CertInfo: end new"); - - $self->{name} = $name; - $self->{dn} = $dn; - $self->{tag} = $tag; - - bless $self, $class; - return $self; -} - -sub get_user_friendly_name -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_user_friendly_name"); - return $self->{name}; -} - -sub get_cert_tag -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_cert_tag"); - return $self->{tag}; -} - -sub get_dn -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_cert_dn"); - return $self->{dn}; -} - -sub use_default_key -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: use_default_key"); - my $option = $::config->get("preop.cert.$self->{tag}.keysize.select"); - if (($option ne "") && ($option ne "default")) { - return 0; - } - return 1; -} - -sub get_nickname -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_nickname"); - my $nickname = $::config->get("preop.cert.$self->{tag}.nickname"); - - my $flavor = "pki"; - $flavor =~ s/\n//g; - - if ($nickname ne "") { - return $nickname; - } else { - return $self->{tag}."cert cert-$flavor-ra"; - } -} - -sub get_key_option -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_key_option"); - my $option = $::config->get("preop.cert.$self->{tag}.keysize.select"); - - if ($option ne "") { - &PKI::RA::Wizard::debug_log("CertInfo: get_key_option from config = $option"); - return $option; - } else { - &PKI::RA::Wizard::debug_log("CertInfo: get_key_option not from config"); - return "default"; - } -} - -sub get_custom_keysize -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize"); - my $size = $::config->get("preop.cert.$self->{tag}.keysize.customsize"); - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize for preop.cert.$self->{tag}.keysize.customsize is $size"); - if ($size ne "") { - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize from config is $size"); - return $size; - } else { - &PKI::RA::Wizard::debug_log("CertInfo: get_custom_keysize not from config"); - return 2048; - } -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/CertPrettyPrintPanel.pm b/base/ra/lib/perl/PKI/RA/CertPrettyPrintPanel.pm deleted file mode 100755 index cf58d2327..000000000 --- a/base/ra/lib/perl/PKI/RA/CertPrettyPrintPanel.pm +++ /dev/null @@ -1,85 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::CertPrettyPrintPanel; -$PKI::RA::CertPrettyPrintPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(13); - $self->{"getName"} = &PKI::RA::Common::r("Certificates"); - $self->{"vmfile"} = "certprettyprintpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertPrettyPrintPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertPrettyPrintPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertPrettyPrintPanel: display"); - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm b/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm deleted file mode 100755 index 51eb1d400..000000000 --- a/base/ra/lib/perl/PKI/RA/CertRequestPanel.pm +++ /dev/null @@ -1,301 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::ReqCertInfo; -use FileHandle; - -package PKI::RA::CertRequestPanel; -$PKI::RA::CertRequestPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----"; -our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----"; -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(13); - $self->{"getName"} = &PKI::RA::Common::r("Certificate Requests"); - $self->{"vmfile"} = "certrequestpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertRequestPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertRequestPanel: update"); - - my $i = 0; - - my $instanceDir = $::config->get("service.instanceDir"); - - my $useExternalCA = $::config->get("preop.certenroll.useExternalCA"); - if ($useExternalCA eq "on") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: useExternalCA is on"); - } else { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: useExternalCA is off"); - &PKI::RA::Wizard::debug_log("CertRequestPanel: update auto enrollment should have been done, no more action needed"); - return 1; - } - - &PKI::RA::Wizard::debug_log("CertRequestPanel: update External CA selected, retrieve/process user input"); - - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("CertRequestPanel: update got token name = $tokenname"); - my $token_pwd = $::pwdconf->get($tokenname); - $token_pwd =~ s/\n//g; - open FILE, ">$instanceDir/conf/.pwfile"; - system( "chmod 00660 $instanceDir/conf/.pwfile" ); - print FILE $token_pwd; - close FILE; - - my $hw; - my $tk; - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - $tk = ""; - } else { - $hw = "-h $tokenname"; - $tk = $tokenname.":"; - } - - foreach my $certtag (@PKI::RA::Wizard::certtags) { - if ($certtag eq "subsystem") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: subsystem cert is pre-generated by the security domain"); - return 1; - } - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: for certag= $certtag"); - my $ccert = $::config->get("preop.cert.$certtag.cert"); - if ($ccert ne "") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: cert already exists in CS.cfg, go to next"); - next; - } - my $certchain = $q->param($certtag.'_cc'); - if ($certchain ne "") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: $certtag certchain is $certchain"); - my $cc_fn = "$instanceDir/conf/caCertChain.txt"; - my $tmp = `echo "$certchain" > $cc_fn`; - # remove existing one - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: try to delete existing certchain, if any....ok if it fails"); -# XXX remove should not be done lightly... - $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain1cert -a -i $cc_fn -o $instanceDir/conf/CAchain_pp.txt`; - my $r = $? >> 8; - my $failed = $? & 127; - if (($r > 0) && ($r < 10) && !$failed) { - my $i = 0; - while ($i ne $r) { - $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA $certtag cert$i"`; - $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA $certtag cert$i" -t "CT,C,C" -i $instanceDir/conf/chain1cert$i.der`; -# $tmp = `rm $cc_fn`; - $i++ - } - } - } else { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: no certchain included for certtag $certtag"); - } - - my $cert = $q->param($certtag); - if ($cert ne "") { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: $certtag cert is $cert"); - my $nickname = $::config->get("preop.cert.$certtag.nickname"); - if ($nickname eq "") { - $nickname = "RA ".$certtag." cert"; - $::config->put("preop.cert.$certtag.nickname", $nickname); - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: $certtag cert nickname not found in CS.cfg, generating one= $nickname"); - } - #remove existing one - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: try to delete existing cert $nickname, if any....ok if it fails"); -#XXX remove should not be done lightly... - my $tmp = `certutil -d $instanceDir/alias -D -n "$nickname"`; - $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$nickname"`; - #now import the cert - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: try to import cert"); - my $cert_fn = "$instanceDir/conf/$certtag"."_cert.txt"; - $tmp = `echo "$cert" > $cert_fn`; - -# $cert = extract_cert_from_file_sans_header_and_footer($cert_fn); - my $certa =""; - my $save_line = 0; - my @cert_a = split "\n", $cert; - foreach my $line (@cert_a) { - chomp( $line ); - $line =~ s/\r//g; - if ($line eq $cert_header) { - $save_line = 1; - } elsif( $line eq $cert_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $certa .= "$line"; - } - } - - &PKI::RA::Wizard::debug_log("CertRequestPanel: update putting cert in CS.cfg: $certa"); - - $::config->put("preop.cert.$certtag.cert", $certa); - - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: about to certutil -d $instanceDir/alias $hw -A -f $instanceDir/conf/.pwfile -n $nickname -t u,u,u -a -i $cert_fn"); - $tmp = `certutil -d $instanceDir/alias $hw -A -f $instanceDir/conf/.pwfile -n "$nickname" -t "u,u,u" -a -i $cert_fn`; - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: done certutil: $tmp"); - $tmp = `rm $cert_fn`; - - # changed the cert, need to change nickname too, if necessary - if ($hw ne "") { - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - if ($certtag eq "subsystem") { - $::config->put("conn.ca1.clientNickname","$tk$nickname"); - $::config->put("conn.drm1.clientNickname","$tk$nickname"); - $::config->put("conn.tks1.clientNickname","$tk$nickname"); - } - } - - } else { - &PKI::RA::Wizard::debug_log("CertRequestPanel: update: no cert"); - } - } - -DONE: - $::config->commit(); - my $tmp = `rm $instanceDir/conf/.pwfile`; - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("CertRequestPanel: display"); - - my $domain_name = $::config->get("preop.securitydomain.name"); - if ($domain_name eq "") { - $domain_name = "RA Domain"; - } - my $machine_name = $::config->get("service.machineName"); - my $instance_id = $::config->get("service.instanceID"); - - my $i = 0; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - my $cert_dn = $::config->get("preop.cert.".$certtag.".dn"); - if ($cert_dn eq "") { - if ($certtag eq "subsystem") { - $cert_dn = "CN=RA Subsystem, " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } elsif ($certtag eq "sslserver") { - $cert_dn ="CN=" . $machine_name . ", " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } else { - $cert_dn = $certtag; - } - } - - my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname"); - if ($name eq "") { - $name = $certtag."Cert ".$instance_id; - } - - my $reqcert = new PKI::RA::ReqCertInfo($name, - $cert_dn, $certtag); - $::symbol{reqscerts}[$i++] = $reqcert; - } - - $::symbol{errorString} = ""; - $::symbol{showApplyButton} = "true"; - - return 1; -} - -# arg0 message containing certificate -# return certificate sans header and footer -# -- all in a one-liner -sub extract_cert_from_file_sans_header_and_footer -{ - my $filename = $_[0]; - my $save_line = 0; - - my $fd = new FileHandle; - - my $cert = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - $line =~ s/^M//g; - - if( $line eq $cert_header ) { - $save_line = 1; - } elsif( $line eq $cert_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert .= "$line"; - } - } - - $fd->close(); - - return $cert; -} - - -1; diff --git a/base/ra/lib/perl/PKI/RA/Common.pm b/base/ra/lib/perl/PKI/RA/Common.pm deleted file mode 100755 index 8deab8c6c..000000000 --- a/base/ra/lib/perl/PKI/RA/Common.pm +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::RA::Common; - -use strict; -use warnings; -use Exporter; - -use vars qw(@ISA @EXPORT @EXPORT_OK); -@ISA = qw(Exporter Autoloader); -@EXPORT = qw(r yes no); - -$PKI::RA::Common::VERSION = '1.00'; - -sub yes { - return sub {1}; -} - -sub no { - return sub {0}; -} - -sub r { - my $a = shift; - return sub { $a; } -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/Config.pm b/base/ra/lib/perl/PKI/RA/Config.pm deleted file mode 100755 index f1ace5b03..000000000 --- a/base/ra/lib/perl/PKI/RA/Config.pm +++ /dev/null @@ -1,170 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::RA::Config; - -use strict; -use warnings; -use Exporter; - -$PKI::RA::Config::VERSION = '1.00'; - -####################################################### -# Configuration Store -####################################################### -sub new { - my $class = shift; - my $self = {}; - my %hash = (); - $self->{filename} = ""; - $self->{hash} = \%hash; - bless $self,$class; - return $self; -} - -sub load_file -{ - my ($self, $filename) = @_; - - $self->{filename} = $filename; - if (-e $filename) { - open(CF, "<$filename"); - if (defined fileno CF) { - while (<CF>) { - if (/^#/) { - # comments - } elsif (/([^=]+)=(.*)$/) { - # print "$1 = $2\n"; - $self->{hash}{$1} = $2; - } else { - # preserve comments - } - } - } - close(CF); - } -} - -sub get_filename -{ - my ($self) = @_; - return $self->{filename}; -} - -sub get -{ - my ($self, $n) = @_; - return $self->{hash}{$n}; -} - -sub put -{ - my ($self, $n, $v) = @_; - $self->{hash}{$n} = $v; -} - -sub deleteSubstore -{ - my ($self, $n) = @_; - foreach my $xkey (keys %{$self->{hash}}) { - if ($xkey =~ /^\Q$n\E/) { - delete $self->{hash}{$xkey}; - } - } -} - -sub commit -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - - if (-e $self->{filename}) { - # Create a copy of the original file which - # preserves the original file permissions - system("cp -p \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - } - - # Overwrite the contents of the original file - # to preserve the original file permissions - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); - - if (-e $self->{filename} . "." . $suffix) { - system("rm \"" . $self->{filename} . "." . $suffix . "\""); - } -} - -sub commit_with_backup -{ - my ($self) = @_; - - # write stuff back to the file -# print $self->{filename} . "\n"; - my $hash = $self->{hash}; - my $suffix = time(); - # Create a copy of the original file which - # preserves the original file permissions - system("cp -p \"" . $self->{filename} . "\" \"" . - $self->{filename} . "." . $suffix . "\""); - - # Overwrite the contents of the original file - # to preserve the original file permissions - open(F, ">" . $self->{filename}); - foreach my $k (sort keys %{$hash}) { - print F "$k=$self->{hash}{$k}\n"; - } - close(F); -} - -1; - -####################################################### -# Test Program -####################################################### -#my $config = PKI::RA::Config->new(); -#$config->load_file("/tmp/CS.cfg"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->put("tokendb.indexAdminTemplate", "Testing"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->commit(); - -1; - -####################################################### -# Test Program -####################################################### -#my $config = PKI::RA::Config->new(); -#$config->load_file("/tmp/CS.cfg"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->put("tokendb.indexAdminTemplate", "Testing"); -#print $config->get("tokendb.indexAdminTemplate") . "\n"; -#$config->commit(); diff --git a/base/ra/lib/perl/PKI/RA/ConfigHSMLoginPanel.pm b/base/ra/lib/perl/PKI/RA/ConfigHSMLoginPanel.pm deleted file mode 100755 index bf74890cc..000000000 --- a/base/ra/lib/perl/PKI/RA/ConfigHSMLoginPanel.pm +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::ConfigHSMLoginPanel; -$PKI::RA::ConfigHSMLoginPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(9); - $self->{"getName"} = &PKI::RA::Common::r("Security Modules Login"); - $self->{"vmfile"} = "config_hsmloginpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 1; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel: update"); - my $uTokName = $q->param('uTokName'); - my $uPasswd = $q->param('__uPasswd'); - -# &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel: update tokname= $uTokName pwd =$uPasswd"); - - $::pwdconf->put($uTokName, $uPasswd); - $::pwdconf->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - use Data::Dumper; - $Data::Dumper::Indent = 1; -# &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> dump of q= ". Dumper($q)); - $::symbol{SecToken} = $q->param('SecToken'); -# &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> display has ".$q->param('SecToken')); - - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> display retrieving $q->param('SecToken') "); - my $pwd = $::pwdconf->get( $q->param('SecToken')); - if ($pwd ne "") { - &PKI::RA::Wizard::debug_log("ConfigHSMLoginPanel -> display retrieved pwd from pwdconf"); - } - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/ConfigHSMPanel.pm b/base/ra/lib/perl/PKI/RA/ConfigHSMPanel.pm deleted file mode 100755 index 095ed5879..000000000 --- a/base/ra/lib/perl/PKI/RA/ConfigHSMPanel.pm +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::ConfigHSMPanel; -$PKI::RA::ConfigHSMPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&PKI::RA::Common::no; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(12); - $self->{"getName"} = &PKI::RA::Common::r("ConfigHSMLogin"); - $self->{"vmfile"} = "config_hsm.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMPanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ConfigHSMPanel: display"); - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm b/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm deleted file mode 100755 index fadd7727c..000000000 --- a/base/ra/lib/perl/PKI/RA/DRMInfoPanel.pm +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::DRMInfoPanel; -$PKI::RA::DRMInfoPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(6); - $self->{"getName"} = &PKI::RA::Common::r("DRM Information"); - $self->{"vmfile"} = "drminfopanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DRMInfoPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DRMInfoPanel: update"); - - my $choice = $q->param('choice'); - $::config->put("preop.krainfo.keygen", $choice); - - if ($choice eq "keygen") { - my $count = $q->param('urls'); - my $instanceID = $::config->get("service.instanceID"); - my $host = ""; - my $https_agent_port = ""; - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_agent_port = $info->port; - } else { - $host = $::config->get("preop.securitydomain.kra$count.host"); - $https_agent_port = $::config->get("preop.securitydomain.kra$count.secureagentport"); - } - if (($host eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no DRM found. CA, TKS and DRM must be installed prior to RA installation"; - return 0; - } - - $::config->put("preop.krainfo.select", "https://$host:$https_agent_port"); - my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); - $::config->put("conn.drm1.clientNickname", $subsystemCertNickName); - $::config->put("conn.drm1.hostport", $host . ":" . $https_agent_port); - $::config->put("conn.tks1.serverKeygen", "true"); - $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "true"); - $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "true"); - } else { - # no keygen - $::config->put("conn.tks1.serverKeygen", "false"); - $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "false"); - $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "false"); - $::config->put("conn.drm1.clientNickname", ""); - $::config->put("conn.drm1.hostport", ""); - } - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DRMInfoPanel: display"); - - $::symbol{urls} = []; - my $count = 0; - while (1) { - my $host = $::config->get("preop.securitydomain.kra$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_agent_port = $::config->get("preop.securitydomain.kra$count.secureagentport"); - my $name = $::config->get("preop.securitydomain.kra$count.subsystemname"); - $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port; - } -DONE: - $::symbol{urls_size} = $count; - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/DatabasePanel.pm b/base/ra/lib/perl/PKI/RA/DatabasePanel.pm deleted file mode 100755 index e469e51f8..000000000 --- a/base/ra/lib/perl/PKI/RA/DatabasePanel.pm +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -use DBI; -package PKI::RA::DatabasePanel; -$PKI::RA::DatabasePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(8); - $self->{"getName"} = &PKI::RA::Common::r("Internal Database"); - $self->{"vmfile"} = "databasepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DatabasePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DatabasePanel: update"); - my $instDir = $::config->get("service.instanceDir"); - - # create local database - my $dbh = DBI->connect( - "dbi:SQLite:dbname=$instDir/conf/dbfile","",""); - - # create database lockfile - system("touch $instDir/conf/dblock"); - - open(F, "/usr/share/pki/ra/scripts/schema.sql"); - while (<F>) { - if (!($_ =~ /^#/)) { - $dbh->do($_); - } - } - close(F); - - $dbh->disconnect(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DatabasePanel: display"); - - my $machineName = $::config->get("service.machineName"); - my $instanceId = $::config->get("service.instanceID"); - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/DisplayCertChain2Panel.pm b/base/ra/lib/perl/PKI/RA/DisplayCertChain2Panel.pm deleted file mode 100755 index 46c8a2902..000000000 --- a/base/ra/lib/perl/PKI/RA/DisplayCertChain2Panel.pm +++ /dev/null @@ -1,179 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use FileHandle; - -package PKI::RA::DisplayCertChain2Panel; -$PKI::RA::DisplayCertChain2Panel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(7); - $self->{"getName"} = &PKI::RA::Common::r("Display Certificate Chain"); - $self->{"vmfile"} = "displaycertchain2panel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: update"); - - my $instanceDir = $::config->get("service.instanceDir"); - -# my $caCert = readFile("$instanceDir/conf/caCertChain2.txt"); - my $caCert = extract_cert_from_file_sans_header_and_footer("$instanceDir/conf/caCertChain2.txt"); - - #store in config - $::config->put("preop.ca.certchain", $caCert); - $::config->commit(); - # import it into the security database - my $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt`; - my $r = $? >> 8; - my $failed = $? & 127; - if (($r > 0) && ($r < 10) && !$failed) { - my $i = 0; - while ($i ne $r) { - $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA c2cert$i"`; - $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA c2cert$i" -t "CT,C,C" -i $instanceDir/conf/chain2cert$i.der`; - $i++ - } - } - - # clean up -# my $tmp = `rm $instanceDir/conf/caCertChain2.txt`; -# $tmp = `rm $instanceDir/conf/CAchain2_pp.txt`; - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display"); - my $instanceDir = $::config->get("service.instanceDir"); - - my $found = -e "$instanceDir/conf/caCertChain2.txt"; - my $certpp = ""; - if ($found) { - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display found caCertChain2.txt"); - my $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt`; - - $certpp = readFile("$instanceDir/conf/CAchain2_pp.txt"); - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display read CAchain2_pp.txt"); - $certpp =~ s/"//g; - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: certpp2= $certpp"); - } - -# $symbol{certchain} = [ "cert1", "cert2" ]; -# $symbol{certchain_size} = 2; - $::symbol{certchain} = "$certpp"; - $::symbol{certchain_size} = 1; - - &PKI::RA::Wizard::debug_log("DisplayCertChain2Panel: display done"); - return 1; -} - -# return certificate sans header and footer -# -- all in a one-liner -sub extract_cert_from_file_sans_header_and_footer -{ - my $filename = $_[0]; - my $save_line = 0; - - my $fd = new FileHandle; - - my $cert = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - $line =~ s/^M//g; - - if( $line eq $cert_header ) { - $save_line = 1; - } elsif( $line eq $cert_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert .= "$line"; - } - } - - $fd->close(); - - return $cert; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm b/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm deleted file mode 100755 index dd991a917..000000000 --- a/base/ra/lib/perl/PKI/RA/DisplayCertChainPanel.pm +++ /dev/null @@ -1,348 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use MIME::Base64; - -package PKI::RA::DisplayCertChainPanel; -$PKI::RA::DisplayCertChainPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(2); - $self->{"getName"} = &PKI::RA::Common::r("Display Certificate Chain"); - $self->{"vmfile"} = "displaycertchainpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 1; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: validate"); - return 1; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: update"); - - my $instanceDir = $::config->get("service.instanceDir"); - - my $caCert = readFile("$instanceDir/conf/caCert.txt"); - - #store in config - $::config->put("preop.ca.certchain", $caCert); - $::config->commit(); - - # import it into the security database -# my $cmd1 = `/usr/bin/AtoB $instanceDir/conf/caCert.txt $instanceDir/conf/caCert.der`; - my $cmd2 = `/usr/bin/certutil -A -d \"$instanceDir/alias\" -t \"CT,CT,CT\" -n \"caCert\" -i $instanceDir/conf/caCert.der`; - - # clean up - my $tmp = `rm $instanceDir/conf/caCert.txt`; - $tmp = `rm $instanceDir/conf/caCert.der`; - $tmp = `rm $instanceDir/conf/caCert_pp.txt`; - - # complete the SecurityDomain task - my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); - if ($sdomainAdminURL eq "") { - return 2; - } - - my $machineName = $::config->get("service.machineName"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $unsecurePort = $::config->get("service.unsecurePort"); - - # check if url is accessible - # redirect to the security domain authentication - if ($ENV{'SERVER_PORT'} eq $unsecurePort) { - $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=http%3A%2F%2F" . $machineName . "%3A" . $unsecurePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA"; - } else { - $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2F" . $machineName . "%3A" . $non_clientauth_securePort . "%2Fra%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D3%26subsystem%3DRA"; - } - - get_domain_xml($sdomainAdminURL); - - - return 3; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: display"); - - # connect to the CA, and retrieve the CA certificate - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: update connecting to CA and retrieve cert chain"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); - if ($sdomainAdminURL eq "") { - return 2; - } - - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $url_info = new URI::URL($sdomainAdminURL); - my $sd_host = $url_info->host; - my $sd_admin_port = $url_info->port; - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getCertChain\" $sd_host:$sd_admin_port`; - - my $caCert = ""; - if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) { - $caCert = $1; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: ca= $caCert"); - } - - my $certpp = ""; - if ($caCert ne "") { - open(F, ">$instanceDir/conf/caCert.txt"); - print F $caCert; - close(F); - - # test to see if tmp directory exists, if not, create - my $found = -e "$instanceDir/conf/tmp"; - if (! $found) { - my $tmp = `mkdir $instanceDir/conf/tmp`; - } - - # import it into a temporary security database -# my $cmd1 = `/usr/bin/AtoB $instanceDir/conf/caCert.txt $instanceDir/conf/caCert.der`; - # my $cmd1 = `/usr/bin/openssl base64 -d -A -in $instanceDir/conf/caCert.txt -out $instanceDir/conf/caCert.der`; - - my $txt = `cat $instanceDir/conf/caCert.txt`; - open(OUT, ">$instanceDir/conf/caCert.der"); - print OUT MIME::Base64::decode($txt); - close(OUT); - - my $cmd2 = `/usr/bin/certutil -A -d \"$instanceDir/conf/tmp\" -t \"CT,CT,CT\" -n \"caCert\" -i $instanceDir/conf/caCert.der`; - - # get pretty print from temp db - my $tmp = `certutil -d $instanceDir/conf/tmp -n "caCert" -L > $instanceDir/conf/caCert_pp.txt`; - $certpp = readFile("$instanceDir/conf/caCert_pp.txt"); - $certpp =~ s/"//g; - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: certpp= $certpp"); - # clean up temp db - $tmp = `certutil -d $instanceDir/alias/tmp -D -n "caCert"`; - } else { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: update no certchain found"); - } - - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: display certchain=$caCert"); - -# $symbol{certchain} = [ "cert1", "cert2" ]; -# $symbol{certchain_size} = 2; - $::symbol{certchain} = "$certpp"; -# This certchain_size does not matter - $::symbol{certchain_size} = 1; - - return 1; -} - -sub get_domain_xml -{ - my ($sdomainAdminURL) = @_; - - my $sdom_info = new URI::URL($sdomainAdminURL); - # get the domain xml - # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $sd_host = $sdom_info->host; - my $sd_admin_port = $sdom_info->port; - my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`; - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - &PKI::RA::Wizard::debug_log("content = " . $content); - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $xml = $parser->XMLin($response->{'DomainInfo'}, - ForceArray => 1); - - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: security domain '" . - $xml->{'Name'}[0] . "'"); - $::config->put("preop.securitydomain.name", $xml->{'Name'}[0]); - $::config->put("securitydomain.name", $xml->{'Name'}[0]); - - # parse xml and store information in CS.cfg - my $count = 0; - $count = 0; - foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found CA '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.ca" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".secureport", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".secureagentport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".secureadminport", - $c->{'SecureAdminPort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.ca" . $count . ".host", - $c->{'Host'}[0]); - - # The user previously specified the CA Security Domain's - # SSL Admin URL in the "Security Domain Panel"; - # now retrieve this specified CA Security Domain's - # non-SSL EE, SSL Agent, and SSL EE URLs: - if( $sd_admin_port eq $c->{'SecureAdminPort'}[0] ) { - # Build the URLs - my $http_ee_port = "https://" - . $c->{'Host'}[0] - . ":" - . $c->{'UnSecurePort'}[0]; - my $https_agent_port = "https://" - . $c->{'Host'}[0] - . ":" - . $c->{'SecureAgentPort'}[0]; - my $https_ee_port = "https://" - . $c->{'Host'}[0] - . ":" - . $c->{'SecurePort'}[0]; - - # Store the URLs - $::config->put( "config.sdomainHttpURL", $http_ee_port ); - $::config->put( "config.sdomainAgentURL", $https_agent_port ); - $::config->put( "config.sdomainEEURL", $https_ee_port ); - - # Store additional values necessary for 'pkiremove' . . . - $::config->put( "securitydomain.httpport", - $c->{'UnSecurePort'}[0] ); - $::config->put( "securitydomain.httpsagentport", - $c->{'SecureAgentPort'}[0] ); - $::config->put( "securitydomain.httpseeport", - $c->{'SecurePort'}[0] ); - } - - $count++; - } - - $count = 0; - foreach my $c (@{$xml->{'TKSList'}[0]->{'TKS'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found TKS '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.tks" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".secureport", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".secureagentport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".secureadminport", - $c->{'SecureAdminPort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.tks" . $count . ".host", - $c->{'Host'}[0]); - $count++; - } - - $count = 0; - foreach my $c (@{$xml->{'KRAList'}[0]->{'KRA'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found KRA '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.kra" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".secureport", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".secureagentport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".secureadminport", - $c->{'SecureAdminPort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.kra" . $count . ".host", - $c->{'Host'}[0]); - $count++; - } - - $count = 0; - foreach my $c (@{$xml->{'RAList'}[0]->{'RA'}}) { - &PKI::RA::Wizard::debug_log("DisplayCertChainPanel: Found RA '" . - $c->{'SubsystemName'}[0] . "'"); - $::config->put("preop.securitydomain.ra" . $count . ".subsystemname", - $c->{'SubsystemName'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".secureport", - $c->{'SecureAgentPort'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".non_clientauth_secure_port", - $c->{'SecurePort'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".unsecureport", - $c->{'UnSecurePort'}[0]); - $::config->put("preop.securitydomain.ra" . $count . ".host", - $c->{'Host'}[0]); - $count++; - } - $::config->commit(); -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/DonePanel.pm b/base/ra/lib/perl/PKI/RA/DonePanel.pm deleted file mode 100755 index cf5f75df0..000000000 --- a/base/ra/lib/perl/PKI/RA/DonePanel.pm +++ /dev/null @@ -1,399 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use XML::Simple; - -package PKI::RA::DonePanel; -$PKI::RA::DonePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(16); - $self->{"getName"} = &PKI::RA::Common::r("Done"); - $self->{"vmfile"} = "donepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DonePanel: validate"); - return 1; -} -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("DonePanel: update"); - return 1; -} - -sub register_ra -{ - my ($sdom, $url, $uri, $xname) = @_; - - &PKI::RA::Wizard::debug_log("DonePanel: register_ra at $url"); - &PKI::RA::Wizard::debug_log("DonePanel: subsystem $xname uri=$uri"); - - my $url_info = new URI::URL($url); - my $sdom_info = new URI::URL($sdom); - - # register RA to Security Domain - # submit request to CA - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $session_id = $::config->get("preop.sessionID"); - - &PKI::RA::Wizard::debug_log("DonePanel: Security Domain Info " . $url); - - # add service.securityDomainPort to the config file in case pkiremove - # needs to remove system reference from the security domain - $::config->put("service.securityDomainPort", $securePort); - $::config->commit(); - - my $uid = "RA-" . $machineName . "-" . $securePort; - my $name = "Registration Authority Subsystem"; - - my $instDir = $::config->get("service.instanceDir"); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - - my $hw; - my $tk; - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("ReqCertInfo: update got token name = $tokenname"); - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - $tk = ""; - } else { - $hw = "-h $tokenname"; - $tk = $tokenname.":"; - } - - my $token_pwd = $::pwdconf->get($tokenname); - open FILE, ">$instDir/conf/.pwfile"; - system( "chmod 00660 $instDir/conf/.pwfile" ); - $token_pwd =~ s/\n//g; - print FILE $token_pwd; - close FILE; - - my $subsystemNickname = $::config->get("preop.cert.subsystem.nickname"); - my $certificate = `/usr/bin/certutil -d "$instDir/alias" -L $hw -f "$instDir/conf/.pwfile" -n "$subsystemNickname" -a`; - $certificate =~ s/-----BEGIN CERTIFICATE-----//g; - $certificate =~ s/-----END CERTIFICATE-----//g; - $certificate =~ s/\n$//g; - - - &PKI::RA::Wizard::debug_log("DonePanel: Connecting"); - - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $params = "uid=" . $uid . "&" . - "name=" . $name . "&" . - "certificate=" . - URI::Escape::uri_escape("$certificate") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_info->host . "&" . - "auth_port=" . $sdom_info->port; - - my $host = $url_info->host; - my $port = $url_info->port; - my $tmpfile = "/tmp/donepanel-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"$uri\" $host:$port > $tmpfile"); - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"$uri\" $host:$port > $tmpfile"); - } - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - - &PKI::RA::Wizard::debug_log("req = " . $content); - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - &PKI::RA::Wizard::debug_log("DonePanel: result " . $content); - my $tmp = `rm $instDir/conf/.pwfile`; -} - -sub get_kra_transport_cert -{ - my ($sdom) = @_; - - my $sdom_info = new URI::URL($sdom); - - # register RA to Security Domain - # submit request to CA - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to KRA"); - - my $krainfo = $::config->get("preop.krainfo.select"); - my $krainfo_url = new URI::URL($krainfo); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $session_id = $::config->get("preop.sessionID"); - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $params = "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_info->host . "&" . - "auth_port=" . $sdom_info->port; - - my $host = $krainfo_url->host; - my $port = $krainfo_url->port; - my $tmpfile = "/tmp/donepanel-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile"); - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile"); - } - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $transportCert = $response->{TransportCert}; - - &PKI::RA::Wizard::debug_log("DonePanel: TransportCert " . $transportCert); - - return $transportCert; -} - -sub send_kra_transport_cert -{ - my ($sdom, $certificate) = @_; - - my $sdom_info = new URI::URL($sdom); - - # register RA to Security Domain - # submit request to CA - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to TKS"); - my $tksinfo = $::config->get("preop.tksinfo.select"); - my $tksinfo_url = new URI::URL($tksinfo); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $session_id = $::config->get("preop.sessionID"); - - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - - my $name = "transportCert-" . $machineName . "-" . $securePort; - my $params = "name=" . $name . "&" . - "certificate=" . - URI::Escape::uri_escape("$certificate") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_info->host . "&" . - "auth_port=" . $sdom_info->port; - - my $host = $tksinfo_url->host; - my $port = $tksinfo_url->port; - my $tmpfile = "/tmp/donepanel-$$"; - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile"); - } else { - system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile"); - } - - my $content = `cat $tmpfile`; - system("rm $tmpfile"); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - &PKI::RA::Wizard::debug_log("DonePanel: Response from TKS " . $content); -} - -sub display -{ - my ($q) = @_; - # $symbol{systemType} = "ra"; - # $symbol{host} = "chico"; - # $symbol{port} = "443"; - &PKI::RA::Wizard::debug_log("DonePanel: display"); - - my $status = $::config->get("preop.done.status"); - if ($status eq "done") { - return 1; - } - - my $instDir = $::config->get("service.instanceDir"); - my $tokenname = $::config->get("preop.module.token"); - my $token_pwd = $::pwdconf->get($tokenname); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - if (($tokenname ne "") && ($tokenname ne "NSS Certificate DB")) { - open(PWD_CONF, ">>$instDir/conf/password.conf"); - print PWD_CONF "$tokenname:$token_pwd\n"; - close (PWD_CONF); - } - - # Add this RA's server certificate to the subsystems - my $sdom = $::config->get("config.sdomainEEURL"); - my $cainfo = $::config->get("preop.cainfo.select"); - $cainfo =~ s/.* - //g; - ®ister_ra($sdom, $cainfo, $::config->get("conn.ca1.servlet.addagent"), "CA"); - - $::config->put("preop.done.status", "done"); - $::config->commit(); - - # update httpd.conf - open(TMP_HTTPD_CONF, ">$instDir/conf/httpd.conf.tmp"); - system( "chmod 00660 $instDir/conf/httpd.conf.tmp" ); - open(HTTPD_CONF, "<$instDir/conf/httpd.conf"); - while (<HTTPD_CONF>) { - if (/^#\[ErrorDocument_404\]/) { - print TMP_HTTPD_CONF "ErrorDocument 404 /404.html\n"; - } elsif (/^#\[ErrorDocument_500\]/) { - print TMP_HTTPD_CONF "ErrorDocument 500 /500.html\n"; - } else { - print TMP_HTTPD_CONF $_; - } - } - close(HTTPD_CONF); - close(TMP_HTTPD_CONF); - - # Create a copy of the original file which - # preserves the original file permissions - system( "cp -p $instDir/conf/httpd.conf.tmp $instDir/conf/httpd.conf" ); - - # Remove the original file only if the backup copy was successful - if( -e "$instDir/conf/httpd.conf" ) { - system( "rm $instDir/conf/httpd.conf.tmp" ); - } - - # update nss.conf - open(TMP_NSS_CONF, ">$instDir/conf/nss.conf.tmp"); - system( "chmod 00660 $instDir/conf/nss.conf.tmp" ); - open(NSS_CONF, "<$instDir/conf/nss.conf"); - while (<NSS_CONF>) { - if (/^NSSNickname/) { - print TMP_NSS_CONF "NSSNickname \"$nickname\"\n"; - } else { - print TMP_NSS_CONF $_; - } - } - close(NSS_CONF); - close(TMP_NSS_CONF); - - # Create a copy of the original file which - # preserves the original file permissions - system( "cp -p $instDir/conf/nss.conf.tmp $instDir/conf/nss.conf" ); - - # Remove the original file only if the backup copy was successful - if( -e "$instDir/conf/nss.conf" ) { - system( "rm $instDir/conf/nss.conf.tmp" ); - } - - &PKI::RA::Wizard::debug_log("DonePanel: Connecting to Security Domain"); - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - my $instanceID = $::config->get("service.instanceID"); - - my $initDaemon = "pki-rad"; - my $restartCommand = ""; - if( $^O eq "linux" ) { - $restartCommand = "systemctl restart $initDaemon\@$instanceID.service"; - } else { - ## default case: e. g. - ( $^O eq "solaris" ) - $restartCommand = "/etc/init.d/$initDaemon restart $instanceID"; - } - - $::symbol{host} = $machineName; - $::symbol{unsecurePort} = $unsecurePort; - $::symbol{port} = $securePort; - $::symbol{non_clientauth_port} = $non_clientauth_securePort; - $::symbol{restartCommand} = $restartCommand; - $::symbol{instanceID} = $instanceID; - - $::config->deleteSubstore("preop."); - $::config->commit(); - - ## Create an empty file that designates the fact that although - ## this server instance has been configured, it has NOT yet - ## been restarted! - my $restart_server = "$instDir/conf/restart_server_after_configuration"; - system( "touch $restart_server" ); - system( "chmod 00660 $restart_server" ); - - system("rm $instDir/conf/*.txt $instDir/conf/*.der"); - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/GlobalVar.pm b/base/ra/lib/perl/PKI/RA/GlobalVar.pm deleted file mode 100755 index 388a41349..000000000 --- a/base/ra/lib/perl/PKI/RA/GlobalVar.pm +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; - -package PKI::RA::GlobalVar; -$PKI::RA::GlobalVar::VERSION = '1.00'; - -sub new { - my $class = shift; - my $self = {}; - my %args = (@_); - foreach my $q (keys %args) { - $self->{$q} = $args{$q}; - } - bless $self,$class; - return $self; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm b/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm deleted file mode 100755 index 9f9bef94a..000000000 --- a/base/ra/lib/perl/PKI/RA/ImportAdminCertPanel.pm +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::ImportAdminCertPanel; -$PKI::RA::ImportAdminCertPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(15); - $self->{"getName"} = &PKI::RA::Common::r("Import Administrator Certificate"); - $self->{"vmfile"} = "importadmincertpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: update"); - - # register to Security Domain - my $sdom = $::config->get("config.sdomainAgentURL"); - my $sdom_url = new URI::URL($sdom); - - # - # we need to authenticate to the security domain with the subsystem - # certificate - # - my $machineName = $::config->get("service.machineName"); - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $securePort = $::config->get("service.securePort"); - my $subsystemName = $::config->get("preop.subsystem.name"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - my $name = $subsystemName; - my $subCertNickName = $::config->get("preop.cert.subsystem.nickname"); - - $db_password =~ s/\n$//g; - - my $params = "list=" . "RAList" . "&" . - "type=" . "RA" . "&" . - "host=" . $machineName . "&" . - "name=" . $name . "&" . - "sport=" . $securePort . "&" . - "dm=false"; # domain manager or not - - my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$subCertNickName\" -r \"/ca/agent/ca/updateDomainXML?$params\" $sdom_url->host:$sdom_url->port`; - - # Fetch the "updated" security domain and display it - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: Dump contents of updated Security Domain . . ."); - my $sdomainAdminURL = $::config->get("config.sdomainAdminURL"); - my $sdom_info = new URI::URL($sdomainAdminURL); - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $sd_host = $sdom_info->host; - my $sd_admin_port = $sdom_info->port; - my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`; - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - &PKI::RA::Wizard::debug_log($content); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ImportAdminCertPanel: display"); - - my $cainfo = $::config->get("preop.cainfo.select"); - - my $cainfo_url = new URI::URL($cainfo); - my $serialNumber = $::config->get("preop.admincert.serialno.0"); - - $::symbol{info} = ""; - $::symbol{errorString} = ""; - $::symbol{import} = "true"; - $::symbol{ca} = "false"; - $::symbol{caType} = "ca"; - $::symbol{caHost} = $cainfo_url->host; - $::symbol{caPort} = $cainfo_url->port; - $::symbol{serialNumber} = $serialNumber; - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/Login.pm b/base/ra/lib/perl/PKI/RA/Login.pm deleted file mode 100755 index d248e5481..000000000 --- a/base/ra/lib/perl/PKI/RA/Login.pm +++ /dev/null @@ -1,466 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -# wizard - -# Fedora Certificate System - Registration Authority System configuration wizard - - -# This script is run as a 'mod_perl' CGI. Configure mod_perl by adding -# the following to /etc/httpd/conf.d/perl.conf -# -# PerlModule ModPerl::Registry -# PerlModule Apache::compat -# PerlModule PKI::RA::Wizard -# PerlSetEnv PKI_DOCROOT /u/sparkins/t/cs_tip/certsystem/prj/common/ui -# <Location /wizard> -# SetHandler perl-script -# PerlHandler PKI::RA::Wizard -# Order deny,allow -# Allow from all -# </Location> - - -# Note: The Velocity parser is not very helpful when it comes to -# errors right now. Here are some common errors, and what they mean: -# -# ERROR: -# [Mon Apr 03 13:57:33 2006] [error] [client 172.16.24.26] -# Can't use string ("0") as an ARRAY ref while "strict refs" -# in use at /usr/lib/perl5/site_perl/5.8.5/Template/Velocity.pm -# line 423.\n, referer: http://chico/wizard?p=2 -# MEANING -# This probably means that your *.vm file refers to an array -# variable in a foreach statement that is not defined -# Check your foreach array variables. - -use warnings; -use ModPerl::Registry; -use Template::Velocity; -use Getopt::Std; -use Data::Dumper; -use CGI::Carp qw(fatalsToBrowser); -use CGI; -use APR::Const -compile => qw(:error SUCCESS); -use PKI::RA::GlobalVar; -use PKI::RA::WelcomePanel; -use PKI::RA::SecurityDomainPanel; -use PKI::RA::DisplayCertChainPanel; -use PKI::RA::SubsystemTypePanel; -use PKI::RA::CAInfoPanel; -use PKI::RA::TKSInfoPanel; -use PKI::RA::DRMInfoPanel; -use PKI::RA::DisplayCertChain2Panel; -use PKI::RA::AdminAuthPanel; -use PKI::RA::AgentAuthPanel; -use PKI::RA::DatabasePanel; -use PKI::RA::ModulePanel; -use PKI::RA::SizePanel; -use PKI::RA::NamePanel; -use PKI::RA::ConfigHSMLoginPanel; -use PKI::RA::CertRequestPanel; -use PKI::RA::AdminPanel; -use PKI::RA::ImportAdminCertPanel; -use PKI::RA::LoginPanel; -use PKI::RA::DonePanel; -use PKI::RA::Config; - -use PKI::RA::Common qw(yes no r); - -package PKI::RA::Login; -$PKI::RA::Login::VERSION = '1.00'; - -# read configuration file -my $flavor = "pki"; -$flavor =~ s/\n//g; - -my $pkiroot = $ENV{PKI_ROOT}; - -my $config = PKI::RA::Config->new(); -$config->load_file("$pkiroot/conf/CS.cfg"); -# read password cache file -my $pwdconf = PKI::RA::Config->new(); -$pwdconf->load_file("$pkiroot/conf/pwcache.conf"); -# SELinux disallows performing a "chmod" on this file -if( $^O ne "linux" ) { - system( "chmod 00660 $pkiroot/conf/pwcache.conf" ); -} - -# create cfg debug log -my $logfile = $config->get("service.instanceDir") . "/logs/debug"; -open( DEBUG, ">>" . $logfile ) || -warn( "Could not open '" . $logfile . "': $!" ); - -# apache server - -our $debug; - -my $STATUS_OK = 1; -my $STATUS_ERROR = 2; -my $STATUS_REDIRECT = 3; - -&debug_log("RA wizard: starting up"); - -my $docroot = $ENV{PKI_DOCROOT}; - -if (! $docroot) { - &debug_log("RA wizard: ERROR: PKI_DOCROOT is null"); - return 0; -} - -our $parser = new Template::Velocity($docroot); -our $symbol; -our @certtags; - -makepanels(); - -&debug_log("RA wizard: start up complete"); - -1; - -sub debug_log -{ - my ($msg) = @_; - my $date = `date`; - chomp($date); - if( -w $logfile ) { - print DEBUG "$date - $msg\n"; - } -} - - # initializes entries in parser's global symbol table for panels -sub makepanels -{ - #REAL PANELS BELOW - my $login = new PKI::RA::LoginPanel(); - - $symbol{panels} = [ - $login, # com.netscape.cms.servlet.csadmin.WelcomePanel - ]; -}; - -sub render_panel -{ - my ($panelnum, $q) = @_; - - $symbol{errorString} = ""; - - my $currentpanel; - - if ($q->param('op') && $q->param('op') eq "next") { - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - my $status = "0"; - - if ($currentpanel->{update}) { - $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - - &debug_log("RA wizard: about to find out about sub panel"); - if ($status eq "1") { - if ($currentpanel->{hasSubPanel} && &{$currentpanel->{hasSubPanel}}($q)) { - &debug_log("RA wizard: has sub panel"); - $panelnum = $panelnum + 2; - } elsif ($currentpanel->{isSubPanel} && &{$currentpanel->{isSubPanel}}($q)) { - &debug_log("RA wizard: is sub panel"); - $panelnum = $panelnum - 1; - } else { - &debug_log("RA wizard: no sub panel and is not subpanel"); - $panelnum = $panelnum + 1; - } - } - } elsif ($q->param('op') && $q->param('op') eq "back") { - $panelnum = $panelnum - 1; - #check if this a subpanel, if so, go back to it's parent. - #only handles one-deep at this point - my $panel = $symbol{panels}[$panelnum]; - if (&{$panel->{isSubPanel}}($q)) { - $panelnum = $panelnum - 1; - } - } elsif ($q->param('op') && $q->param('op') eq "apply") { - &debug_log("RA wizard: update : apply button pressed"); - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - if ($currentpanel->{update}) { - my $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - } - - &debug_log("RA wizard: after looking into about sub panel"); - - # advance to next panel - $currentpanel = $symbol{panels}[$panelnum]; - - # initialize symbol table values - $symbol{showApplyButton} = "false"; - - # fill in variables for new panel - if ($currentpanel->{panelvars}) { - $Data::Dumper::Indent = 1; - # The '&debug_log("q=".Dumper($q));' call must be commented out to fix - # Bugzilla Bug #249923: Incorrect file permissions on - # various files and/or directories - # &debug_log("q=".Dumper($q)); - $currentpanel->{panelvars}($q); - } - - $symbol{panel} = "ra/admin/console/config/".$currentpanel->{vmfile}; - - #wizard.vm: - $symbol{name} = "Registration Authority System"; - $symbol{title} = $currentpanel->{getName}(); - if ($panelnum == 0) { - $symbol{firstpanel} = "1"; - } else { - $symbol{firstpanel} = "0"; - } - if ($panelnum == 17) { - $symbol{lastpanel} = "1"; - } else { - $symbol{lastpanel} = "0"; - } - $symbol{p} = $panelnum; - $symbol{subpanelno} = $panelnum+1; - $symbol{csstate} = "1"; - -# $symbol{urls} = [ "cert1", "cert2" ]; #createsubsystem -# $symbol{urls_size} = 2; -# $symbol{instanceId} = "ra"; -# $symbol{errorString} = ""; - - #modulepanel -# $symbol{certs} = [ ]; -# $symbol{reqscerts} = [ ]; - $symbol{ppcerts} = [ ]; - - return $STATUS_OK; -} - - - -sub dbg { - my $msg = shift; - $::symbol{dbg} .= "$msg\n"; -} - -sub handler { - my $r = shift; - - *::symbol = \%symbol; - *::s = \$s; - *::config = \$config; - *::pwdconf = \$pwdconf; - - &debug_log("RA wizard: in handler"); - if ($#ARGV == -1) { - $r->send_http_header('text/html'); - } - - my $q = new CGI; - - # check cookie - my $pin = $q->param('pin'); - if (defined($pin)) { - my $cookie = $q->cookie( - -name=>'pin', - -value=> $pin, - -expires=>'+1y', - -path=>'/'); - print $q->redirect(-location => "wizard", -cookie => $cookie); - return; - } - - # output http parameters - &debug_log("RA wizard: uri='" . $ENV{REQUEST_URI} . "'"); - my @pnames = $q->param(); - foreach $pn (@pnames) { - # added this facility so that password can be hidden, - # all sensitive parameters should be prefixed with - # __ (double underscores); however, in the event that - # a security parameter slips through, we perform multiple - # additional checks to insure that it is NOT displayed - if( $pn =~ /^__/ || - $pn =~ /password$/ || - $pn =~ /passwd$/ || - $pn =~ /pwd$/ || - $pn =~ /admin_password_again/i || - $pn =~ /directoryManagerPwd/i || - $pn =~ /bindpassword/i || - $pn =~ /bindpwd/i || - $pn =~ /passwd/i || - $pn =~ /password/i || - $pn =~ /pin/i || - $pn =~ /pwd/i || - $pn =~ /pwdagain/i || - $pn =~ /uPasswd/i ) { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='(sensitive)'"); - } else { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'"); - } - } - - my $panelnum = $q->param('p'); - if (!defined($panelnum) || $panelnum eq "") { - # Apache fails to pick up the p parameter after - # redirecting from the security domain. This is - # a quick hack to solve the issue. - if ($ENV{'QUERY_STRING'} ne "") { - $ENV{'QUERY_STRING'} =~ /p=([0-9]+)&/; - $panelnum = $1; - } - } - - use subs qw(debug); - *debug = \&Template::Velocity::Executor::debug; - - $::symbol{dbg} = ""; - - &debug_log("RA wizard: before argparsing"); - if ($#ARGV == -1) { - $Data::Dumper::Maxdepth = 7; - $startfile = "ra/admin/console/config/login.vm"; - } - - &debug_log("RA wizard: setting up test objects"); - - #initialize from config file - my $certlist = $::config->get("preop.cert.list"); - if ($certlist eq "") { - $certlist = "sslserver,subsystem"; - } - @certtags = split(/,/, $certlist); - $numtags = @certtags; - if ($numtags eq 0) { - @certtags = ("sslserver", "subsystem"); - } - &debug_log("RA wizard: found $numtags certtags"); - - if (! $panelnum) { - $panelnum = 0; - } - - my $status = render_panel($panelnum, $q); - if ($status == 3) { - $r->header_out(Location => $symbol{redirect}); - $r->status(301); - $r->send_http_header(); - return; - } - - use Data::Dumper; - &debug_log("RA wizard: executing file $startfile"); - foreach $q (sort keys %symbol) { - &debug_log("RA wizard:/config/wizard?p=9&SecToken=NSS%20Generic%20Crypto%20Services sym{$q}=".$symbol{$q}); - } - - my $result; - if ($q->param("xml") eq "true") { - $r->send_http_header('text/xml'); - $result = "<xml>"; - foreach $s (sort keys %symbol) { - if ($s =~ /^__/) { - next; - } - $result .= "<" . $s . ">"; - my $v = $symbol{$s}; - $result .= &get_xml($s, $v); - $result .= "</" . $s . ">"; - } - $result .= "</xml>"; - } else { - $result = $parser->execute_file($startfile); - if (!defined $result) { - die("Couldn't execute template file: $docroot/$startfile"); - } - } - - print "$result\n"; - return $STATUS_OK; -} - -sub get_xml -{ - my ($s, $v) = @_; - - my $result; - if (ref($v) eq "HASH") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $v{$xkey}); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "PKI::RA::CertInfo") { - my $certinfo = $v; - $result .= "<certinfo>"; - $result .= "<dn>" . $certinfo->get_dn() ."</dn>"; - $result .= "<tag>" . $certinfo->get_cert_tag() . "</tag>"; - $result .= "<friendly>" . $certinfo->get_user_friendly_name() . - "</friendly>"; - $result .= "</certinfo>"; - } elsif (ref($v) eq "PKI::RA::ReqCertInfo") { - my $reqcertinfo = $v; - $result .= "<reqcertinfo>"; - $result .= "<name>" . $reqcertinfo->get_user_friendly_name() ."</name>"; - $result .= "<req>" . $reqcertinfo->get_request() ."</req>"; - $result .= "<cert>" . $reqcertinfo->get_cert() ."</cert>"; - $result .= "<certpp>" . $reqcertinfo->get_cert_pp() ."</certpp>"; - $result .= "<tag>" . $reqcertinfo->get_cert_tag() ."</tag>"; - $result .= "<dn>" . $reqcertinfo->get_cert_tag() ."</dn>"; - $result .= "</reqcertinfo>"; - } elsif (ref($v) eq "ARRAY") { - my $pos = 0; - foreach my $item (@$v) { - $result .= "<element>"; - $result .= &get_xml("p" . $pos, $item); - # $result .= "-" . ref($item); - $result .= "</element>"; - $pos++; - } - } else { - $result .= $v; - } - return $result; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/LoginPanel.pm b/base/ra/lib/perl/PKI/RA/LoginPanel.pm deleted file mode 100755 index 66f40acfe..000000000 --- a/base/ra/lib/perl/PKI/RA/LoginPanel.pm +++ /dev/null @@ -1,91 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::LoginPanel; -$PKI::RA::LoginPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(0); - $self->{"getName"} = &PKI::RA::Common::r("Welcome"); - $self->{"vmfile"} = "login.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log($ENV{'SERVER_PORT'}); - &PKI::RA::Wizard::debug_log("Debug=" . $::config->get("logging.debug.enable")); - &PKI::RA::Wizard::debug_log("WelcomePanel: display"); - $::symbol{wizardname} = "RA Configuration Wizard"; - $::symbol{systemname} = "RA"; - $::symbol{fullsystemname} = "Registration Authority"; - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/ModulePanel.pm b/base/ra/lib/perl/PKI/RA/ModulePanel.pm deleted file mode 100755 index 87ce056bc..000000000 --- a/base/ra/lib/perl/PKI/RA/ModulePanel.pm +++ /dev/null @@ -1,273 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::Modutil; - -package PKI::RA::ModulePanel; -$PKI::RA::ModulePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -our $modutil; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(9); - $self->{"getName"} = &PKI::RA::Common::r("Security Modules"); - $self->{"vmfile"} = "modulepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - - my $flavor = "pki"; - $flavor =~ s/\n//g; - - my $pkiroot = $ENV{PKI_ROOT}; - $modutil = new PKI::RA::Modutil("$pkiroot/alias"); - - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 1; -} - -sub validate -{ - my ($q) = @_; - return 1; -} - -sub update -{ - my ($q) = @_; - my $defTok = $::config->get("preop.module.token"); - my $select = $q->param('choice'); - if ($select eq "") { - &PKI::RA::Wizard::debug_log("ModulePanel -> update no selection found"); - $::symbol{errorString} = "No selection found"; - return 0; - } elsif ($defTok ne $select) { - &PKI::RA::Wizard::debug_log("ModulePanel -> update changing defTok to $select"); - $::config->put("preop.module.token", $select); - $::config->put("preop.ModulePanel.done", "true"); - } else { - # this is not an error...just information - &PKI::RA::Wizard::debug_log("ModulePanel -> update defTok not changed"); - } - - $::config->commit(); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("ModulePanel -> display"); - getModules(); - my $defTok = $::config->get("preop.module.token"); - - $::symbol{defTok} = $defTok; - - return 1; -} - -use Data::Dumper; -sub getTokens { - my $modulename = shift; - - &PKI::RA::Wizard::debug_log("ModulePanel -> getTokens"); - -#$Data::Dumper::Indent = 0; -#PKI::RA::Wizard::dbg("in gettokens. modutil = ".Dumper($modutil)); - my @tokens; - my $mod = $modutil->getmodule($modulename); - foreach my $tokenname (keys %{$mod->{tokens}}) { - #PKI::RA::Wizard::dbg("found token $tokenname"); - if ($tokenname ne "NSS Generic Crypto Services") { - my $token = $modutil->gettoken($tokenname); - my $t = new PKI::RA::GlobalVar( - getNickName => sub { return $tokenname; }, - isLoggedIn => sub { return isLoggedIn($tokenname); }, - isPresent => sub { return 1; }, - ); - push @tokens, $t; - } else { - &PKI::RA::Wizard::debug_log("ModulePanel -> getTokens token NSS Generic Crypto Services not available for key generation"); - - } - } - - return \@tokens; -} - -# if password is found, then it's considered "logged in" -# otherwise it is "not logged in" -sub Login { - my $tokenname = $_[0]; - my $pwd = $::pwdconf->get($tokenname); - if ($pwd ne "") { - &PKI::RA::Wizard::debug_log("ModulePanel -> isLoggedIn retrieved pwd from pwdconf"); - return 1; - } - &PKI::RA::Wizard::debug_log("ModulePanel -> isLoggedIn pwd not found from pwdconf for token: $tokenname"); - - if ($tokenname eq "NSS Certificate DB") { - my $instanceDir = $::config->get("service.instanceDir"); - &PKI::RA::Wizard::debug_log("ModulePanel -> isLoggedIn get internal password for $tokenname"); - # these are referred as "internal" in password.conf - $pwd = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $pwd =~ s/\n//g; - $::pwdconf->put($tokenname, $pwd); - $::pwdconf->commit(); - - return 1; - } - return 0; -} - -sub isLoggedIn { - my $tokenname = $_[0]; - return &Login($tokenname); -} - -sub getModules { - my $count; - my $i; - my @supportedModules; - - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules"); - $count = $::config->get("preop.configModules.count"); - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules count =$count"); - - my @modules = $modutil->getmodules(); - # $::symbol{steve} = join ",Module:", @modules; - # $::symbol{steve}.= "\n"; - - my $x = " - preop.configModules.count=3 - preop.configModules.module0.commonName=NSS Internal PKCS #11 Module - preop.configModules.module0.imagePath=../img/mozilla.png - preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module - preop.configModules.module1.commonName=nfast - preop.configModules.module1.imagePath=../img/ncipher.png - preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module - preop.configModules.module2.commonName=lunasa - preop.configModules.module2.imagePath=../img/safenet.png - preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module - "; - - my %supmodules; - for ($i=0; $i <$count; $i++) { - my $cn; - my $pn; - my $img; -# &PKI::RA::Wizard::debug_log("ModulePanel -> getModules look for cn=","preop.configModules.module" , $i , ".commonName"); - $cn = $::config->get("preop.configModules.module$i.commonName"); - $supmodules{$cn} = 1; - - $pn = $::config->get("preop.configModules.module$i.userFriendlyName"); - $img = $::config->get("preop.configModules.module$i.imagePath"); - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: got module $cn from config"); - - my $module = $modutil->getmodule($cn); - my $file = $module->{detail}->{"Library file"}; - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules Library file = $file"); - my $found = 0; - if ($file) { - $found = ($file =~ /Internal ONLY module/) || -e $file; - } - - my $name = $module->{detail}->{Name}; -# PKI::RA::Wizard::dbg("name: $name"); - - $supportedModules[$i] = new PKI::RA::GlobalVar( - getImagePath => sub { return $img; }, - getUserFriendlyName => sub { return $pn; }, - isFound => sub { return $found; }, - getTokens => sub { return getTokens($name); }, - ); - - # login to tokens - &PKI::RA::Wizard::debug_log("Ready to login to tokens for $name"); - my $mod = $modutil->getmodule($name); - foreach my $tokenname (keys %{$mod->{tokens}}) { - &PKI::RA::Wizard::debug_log("Logging in Module $name Token " . $tokenname); - &Login($tokenname); - } - - } - - my @otherModules; - #compile the "others" modules - - foreach my $modname (@modules) { - #is this modname in the supported modules list? - if ($supmodules{$modname}) { - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: found module $modname supported"); - # does not belong to "others" - } else { - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: found module $modname unsupported"); - #add the module to "others" list - my $m = $modutil->getmodule($modname); - my $mod = new PKI::RA::GlobalVar( - getImagePath => sub { return ""; }, - getUserFriendlyName => sub { return $m->{modulename}; }, - isFound => sub { return 1; }, - getTokens => sub { return getTokens($m->{detail}->{Name});} - ); - - push @otherModules, $mod; - - &PKI::RA::Wizard::debug_log("ModulePanel -> getModules: module $modname added to otherModules list"); - } - } - - $::symbol{sms} = \@supportedModules; - $::symbol{oms} = \@otherModules; -# PKI::RA::Wizard::dbg("oms: ". Dumper([@otherModules])); -# PKI::RA::Wizard::dbg("sms: ". Dumper([@supportedModules])); - - &PKI::RA::Wizard::debug_log("ModulePanel -> set sms, oms"); -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/Modutil.pm b/base/ra/lib/perl/PKI/RA/Modutil.pm deleted file mode 100755 index 82c66e87d..000000000 --- a/base/ra/lib/perl/PKI/RA/Modutil.pm +++ /dev/null @@ -1,262 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::RA::Modutil; - - -sub new { - my $class = shift; - my ($dir) = @_; - - if (! $dir) { die "no module directory provided\n"; } - - my $self = {}; - - $self->{dir} = $dir; - $self->{modules} = makemodules($self); - - bless $self, $class; - return $self; -} - -sub exists { - my $self = shift; - - return -e "$self->{dir}/secmod.db"; -} - -sub create { - my $self = shift; - - my $mods = `modutil -force -dbdir '$self->{dir}' -nocertdb -create`; - return $mods; -} - -use Data::Dumper; - -sub makemodules { - my $self = shift; - my $modules = {}; - - my $mods = `modutil -force -dbdir '$self->{dir}' -nocertdb -list`; - #my $mods = join "",<::DATA>; - - #print "raw mods = $mods"; - - my (@modules) = ( - $mods =~ / - ^ #beginning of a line - \s+ #some spaces - \d+\.\s* #some digits - (.*?) #lots of text - ((?=^\s*\d+)|(?=------)) #if we would next match some spaces and digits - /msxg ); - - @modules = grep /.+/ms, @modules; - - foreach $module (@modules) { - #print "Module #$i:$module --\n"; - $module = "modulename:$module"; - my ($moduleheader, $rest) = ( - $module =~ / - (.*status: .*?\n) # moduleheader - (\s*slot:.*) # slot - (?=\n(\n|$)) #empty line - /msxg ); - #print "moduleheader: $moduleheader\n"; - my $m = makehash($moduleheader); - $modules->{$m->{modulename}} = $m; - $m->{tokens} = {}; - - my @tokens = split "\n\n", $rest; - - - -# get summary slot info with: -list - foreach my $token (@tokens) { - #print "slottext: $slot\n"; - my $slh = makehash($token); - $m->{tokens}->{$slh->{token}} = $slh; - } - -# get detailed slot info with: -list "modulename" - - my $moduledetail = `modutil -force -dbdir '$self->{dir}' -nocertdb -list "$m->{modulename}" 2> /dev/null`; - my @details= split "\n\n", $moduledetail; - while ($details[0] !~ /.*Name:.*/) { - shift @details; - }; - $m->{detail} = makehash(shift @details); - foreach $d (@details) { - my $sdh = makehash($d); - my $tokenname = $sdh->{"Token Name"}; - $tokenname =~ s/\s+$//; # remove trailing spaces - if ($tokenname) { - $m->{tokens}->{$tokenname}->{detail} = $sdh; - } - } - $i++; - - } - return $modules; -} - -# input: a multi-list string with nv/pairs -# return a hashtable reference -sub makehash { - my $str = shift; - my $ht = { }; - my @lines = split "\n", $str; - my $line; -LINE: - foreach $line (@lines) { - if ($line =~ /Using database directory/) { next LINE; } - if ($line =~ /--------------/) { next LINE; } - my ($name, $value) = ($line =~ /^\s*(.*?):\s*(.*?)\s*$/); - if ($name) { - #print "name:$name\n"; - #print "value:$value\n"; - $ht->{$name} = $value; - } - } - return $ht; -} - -sub getmodules { - my $self = shift; - #print "modules: ".$self->{modules}. "\n"; - #print "keys: ".(join ",",keys %{$self->{modules}})."\n"; - return keys %{$self->{modules}}; -} - -sub getmodule { - my $self = shift; - my $modulename = shift; - - #print Dumper($self->{modules}); - return $self->{modules}->{$modulename}; -} - - -sub gettokens { - my $self = shift; - my $module = shift; - - return keys %{$module->{tokens}}; -} - -sub gettoken { - my $self = shift; - my $token= shift; - foreach my $m (values %{$self->{modules}}) { - foreach $t (values %{$m->{tokens}}) { - #print join ",", keys %{$t}; - #print Dumper($t->{detail}); - if ($t->{detail}->{"Token Name"} eq $token) { - return $t; - } - } - } -} - - - -package main; - -sub ::test { - -# initialize - my $modutil = new PKI::RA::Modutil("."); - -#make database if it doesn't exist - if (! $modutil->exists()) { - $modutil->create(); - } - -#get an array of module names - my @mods = $modutil->getmodules(); - - print "Found ".@mods." pkcs#11 modules\n"; - -#for each module... - foreach my $modname (@mods) { - my $module = $modutil->getmodule($modname); - - print "Module: $modname\n"; - print "Library: ".$module->{detail}->{"Library file"}."\n"; - print "Other keys: ".(join ",", keys %{$module->{detail}})."\n"; - -#find all the tokens in a module, e.g. each partition for a lunasa - foreach my $tokenname ($modutil->gettokens($module)) { - print " token: $tokenname\n"; - my $token = $modutil->gettoken($tokenname); - -#dump out the information we have on the token - foreach my $key (keys %{$token}) { - print " token keys/values: $key: ".$token->{$key}."\n"; - } - my @detailkeys = (keys %{$token->{detail}}) ; - print " token detail keys:". (join ",", @detailkeys)."\n"; - print " token detail Manufacturer:". $token->{detail}->{Manufacturer}."\n"; - print "\n"; - } - print "\n"; - } - -} - -# this is where 'main' starts - -if ($ARGV[0] eq "--test") { - ::test(); -} - -1; - -__DATA__ -Listing of PKCS #11 Modules ------------------------------------------------------------ - 1. NSS Internal PKCS #11 Module - slots: 2 slots attached - status: loaded - - slot: NSS Internal Cryptographic Services - token: NSS Generic Crypto Services - - slot: NSS User Private Key and Certificate Services - token: NSS Certificate DB - - 2. lunasa - library name: /usr/lunasa/lib/libCryptoki2.so - slots: 2 slots attached - status: loaded - - slot: LunaNet Slot - token: lunasa1-ca - - slot: LunaNet Slot - token: lunasa2-ca ------------------------------------------------------------ - - diff --git a/base/ra/lib/perl/PKI/RA/NamePanel.pm b/base/ra/lib/perl/PKI/RA/NamePanel.pm deleted file mode 100755 index c30715aa2..000000000 --- a/base/ra/lib/perl/PKI/RA/NamePanel.pm +++ /dev/null @@ -1,570 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use FileHandle; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::CertInfo; -use URI::URL; -use URI::Escape; - -package PKI::RA::NamePanel; -$PKI::RA::NamePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); -our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----"; -our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----"; -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(12); - $self->{"getName"} = &PKI::RA::Common::r("Subject Names"); - $self->{"vmfile"} = "namepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("NamePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("NamePanel: update"); - my $instanceDir = $::config->get("service.instanceDir"); - - my $count = $q->param('urls'); - - &PKI::RA::Wizard::debug_log("NamePanel: update - selected ca= $count"); - - my $host = ""; - my $https_ee_port = ""; - - my $useExternalCA = "off"; - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_ee_port = $info->port; - } else { - $host = $::config->get("preop.securitydomain.ca$count.host"); - if ($host eq "") { - $useExternalCA = "on"; - } else { - $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - &PKI::RA::Wizard::debug_log("NamePanel: update - host= $host, https_ee_port= $https_ee_port"); - } - } - $::config->put("preop.certenroll.useExternalCA", $useExternalCA); - - $::config->put("preop.ca.url", "https://" . $host . ":" . $https_ee_port); - - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("NamePanel: update got token name = $tokenname"); - my $hw; - my $tk; - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - $tk = ""; - } else { - $hw = "-h $tokenname"; - $tk = $tokenname.":"; - } - - # is nickname changed because of token (hardware) selection? - my $changed = "false"; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - &PKI::RA::Wizard::debug_log("NamePanel: update begins for certag= $certtag"); - my $cert_dn = $q->param($certtag); - $::config->put("preop.cert.".$certtag.".dn", $cert_dn); - $::config->commit(); - - my $sslnickname = $::config->get("preop.cert.sslserver.nickname"); - my $nickname = $q->param($certtag . "_nick"); - if ($nickname ne "") { - &PKI::RA::Wizard::debug_log("NamePanel: update nickname for $certtag set to $nickname"); - &PKI::RA::Wizard::debug_log("NamePanel: update nickname for $certtag being updated in config file"); - $::config->put("preop.cert.".$certtag.".nickname", $nickname); - $::config->commit(); - } else { - $nickname = $::config->get("preop.cert.$certtag.nickname"); - if ($nickname eq "") { - $nickname = "RA ".$certtag." cert"; - &PKI::RA::Wizard::debug_log("NamePanel: update nickname not found for $certtag -- try $nickname"); - } - } - - my $cert_request = $::config->get("preop.cert.$certtag.certreq"); - if ($cert_request ne "") { - &PKI::RA::Wizard::debug_log("NamePanel: update do not generate new keys"); - goto GEN_CERT; - } - &PKI::RA::Wizard::debug_log("NamePanel: update generate new keys"); - - # =====generate requests======== - # getting new request should void old cert - - my $file= "$instanceDir/conf/".$certtag."_cert.txt"; - my $tmp = `rm $file`; - - &PKI::RA::Wizard::debug_log("NamePanel: retrieving $tokenname from pwdconf"); - my $token_pwd = $::pwdconf->get($tokenname); - &PKI::RA::Wizard::debug_log("NamePanel: creating pwfile"); - open FILE, ">$instanceDir/conf/.pwfile"; - system( "chmod 00660 $instanceDir/conf/.pwfile" ); - $token_pwd =~ s/\n//g; - print FILE $token_pwd; - close FILE; - - my $keytype = $::config->get("preop.cert.$certtag.keytype"); - if ($keytype eq "") { - $keytype = "rsa"; - } - - my $select = $::config->get("preop.cert.$certtag.keysize.select"); - - my $keysize; - - if ($keytype eq "rsa") { - $keysize = 2048; - } elsif ($keytype eq "ecc") { - $keysize = 256; - } - - if (($select eq "") || ($select eq "default")) { - my $size = $::config->get("preop.cert.$certtag.keysize.size"); - if ($size ne "") { - $keysize = $size; - } - } else { - my $size = $::config->get("preop.cert.$certtag.keysize.customsize"); - if ($size ne "") { - $keysize = $size; - } - if (($keytype eq "ecc") && ($keysize ne 256)) { - &PKI::RA::Wizard::debug_log("NamePanel: update got keysize from config= $keysize changing to 256, the only supported ECC strength"); - $keysize = 256; - } - } - - &PKI::RA::Wizard::debug_log("NamePanel: update got key type $keytype"); - my $req; - my $debug_req; - my $filename = "/tmp/random.$$"; - `dd if\=/dev/urandom of\=\"$filename\" count\=256 bs\=1`; - if ($keytype eq "rsa") { - #XXX temporary - &PKI::RA::Wizard::debug_log("NamePanel: update "."certutil -R -s $cert_dn -k $keytype -g $keysize -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -a -z $filename"); - my $tmpfile = "/tmp/req$$"; - system("certutil -R -s \"$cert_dn\" -k $keytype -g $keysize -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -a -z $filename > $tmpfile"); - $req = `cat $tmpfile`; - system("rm $tmpfile"); - } elsif ($keytype eq "ecc") { - #only support curve nistp256 for now - my $tmpfile = "/tmp/req$$"; - system("certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -R -s \"$cert_dn\" -k ec -q nistp256 -a -z $filename> $tmpfile"); - $req = `cat $tmpfile`; - system("rm $tmpfile"); - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update unsupported keytype $keytype"); - } - system("rm $filename"); - - my $save_line = 0; - my @req_a = split "\n", $req; - foreach my $line (@req_a) { - chomp( $line ); - $line =~ s/
//g; - if ($line eq $cert_req_header) { - $save_line = 1; - } elsif( $line eq $cert_req_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert_request .= "$line"; - } - } - &PKI::RA::Wizard::debug_log("NamePanel: update putting cert_request in CS.cfg: $cert_request"); - $::config->put("preop.cert.$certtag.certreq", $cert_request); - $::config->commit(); - -GEN_CERT: -# =====request for certs======== -# see if there is an existing cert - - my $cert = $::config->get("preop.cert.$certtag.cert"); - my $sdom = $::config->get("config.sdomainEEURL"); - my $sdom_url = new URI::URL($sdom); - - if (($useExternalCA eq "on") && ($certtag ne "subsystem")) { - &PKI::RA::Wizard::debug_log("NamePanel: update External CA selected"); - if ($cert eq "") { - &PKI::RA::Wizard::debug_log("NamePanel: update no cert found...need manual enrollment"); - } - } else { - if ($cert eq "") { - &PKI::RA::Wizard::debug_log("NamePanel: update External CA not selected...need automatic enrollment"); - - my $machineName = $::config->get("service.machineName"); - my $securePort = $::config->get("service.securePort"); - my $session_id = $::config->get("preop.sessionID"); - - if ($cert_request ne "") { - &PKI::RA::Wizard::debug_log("NamePanel: update found existing request: $cert_request"); - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update existing request not found"); - #something is wrong...no request, no cert - goto DONE; - return $cert; - } - - my $instanceID = $::config->get("service.instanceID"); - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = ""; - &PKI::RA::Wizard::debug_log("NamePanel: greping password"); - - my $tmpfile = "/tmp/grep$$"; - system ("grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10- > $tmpfile"); - $db_password = `cat $tmpfile`; - $db_password =~ s/\n$//g; - system("rm $tmpfile"); - - my $profile_id = $::config->get("preop.cert.$certtag.profile"); - &PKI::RA::Wizard::debug_log("NamePanel: profileId=" . $profile_id); - my $requestor_name = "RA-" . $machineName . "-" . $securePort; - my $params = "profileId=" . $profile_id . "&" . - "cert_request_type=" . "pkcs10" . "&" . - "requestor_name=" . $requestor_name . "&" . - "cert_request=" . - URI::Escape::uri_escape("$cert_request") . "&" . - "xmlOutput=true" . "&" . - "sessionID=" . $session_id . "&" . - "auth_hostname=" . $sdom_url->host . "&" . - "auth_port=" . $sdom_url->port; - - if ($certtag eq "subsystem") { - $host = $sdom_url->host; - $https_ee_port = $sdom_url->port; - } - if ($changed eq "true") { -$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; -$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; - } else { -$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; -$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port"; - } - - &PKI::RA::Wizard::debug_log("debug_req = " . $debug_req); - my $content = `$req`; - &PKI::RA::Wizard::debug_log("content = " . $content); - - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - if ($content eq "") { - $::symbol{errorString} = "CA returned no response. Please check that the CA is available and also check the host's firewall settings."; - return 0; - } - - my $parser = XML::Simple->new(); - &PKI::RA::Wizard::debug_log("NamePanel: response content= " . $content); - my $response = $parser->XMLin($content); - my $status = $response->{Status}; - if ($status ne "0") { - my $error = $response->{Error}; - &PKI::RA::Wizard::debug_log("NamePanel: Error = $error"); - $::symbol{errorString} = "CA response: $error. Please check previous related panels." . " Please check that the CA is available and also check the host's firewall settings."; - return 0; - } - $cert = $response->{Requests}->{Request}->{b64}; - &PKI::RA::Wizard::debug_log("NamePanel: new cert generated= " . $cert); - -# my $reqid = $response->{Requests}->{Request}->{Id}; -# $::config->put("preop.admincert.requestId.0", $reqid); -# my $sn = $response->{Requests}->{Request}->{serialno}; -# $::config->put("preop.admincert.serialno.0", $sn); -# $::config->commit(); - - &PKI::RA::Wizard::debug_log("NamePanel: update putting cert in CS.cfg: $cert"); - $::config->put("preop.cert.$certtag.cert", $cert); - $::config->commit(); - - } else { - # cert is not null - &PKI::RA::Wizard::debug_log("NamePanel: update External CA not selected. Cert found...no need for enrollment"); - } - -# write cert to file so certutil can import - my $cert_fn = "$instanceDir/conf/".$certtag."_cert.txt"; - open FILE, "> $cert_fn"; - print FILE $cert_header."\n".$cert."\n".$cert_footer; - close FILE; - - # import cert, whether it was imported before or not - my $nickname = $::config->get("preop.cert.$certtag.nickname"); - if ($nickname eq "") { - #XXX - $nickname = "RA ".$certtag." cert"; - &PKI::RA::Wizard::debug_log("NamePanel: update nickname not found for $certtag -- try $nickname"); - } - - if ($certtag ne "sslserver") { - &PKI::RA::Wizard::debug_log("NamePanel: update: try to delete existing cert $nickname, if any....ok if it fails"); - $tmp = `certutil -d $instanceDir/alias -D -n "$nickname"`; - $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$nickname"`; - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update: try to delete existing cert $sslnickname, if any....ok if it fails"); - $tmp = `certutil -d $instanceDir/alias -D -n "$sslnickname"`; - $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$sslnickname"`; - } - - &PKI::RA::Wizard::debug_log("NamePanel: update: try to import cert from $cert_fn"); - $tmp = `certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -A -n "$nickname" -t "u,u,u" -a -i $cert_fn`; - # changed the cert, need to change nickname too, if necessary - if ($hw ne "") { - if ($certtag eq "sslserver") { - if ($changed eq "false") { - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - } - $changed = "true"; - } elsif ($certtag eq "subsystem") { - &PKI::RA::Wizard::debug_log("NamePanel: update: subsystem nickname changed"); - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - $::config->put("conn.ca1.clientNickname", "$tk$nickname"); - $::config->put("conn.drm1.clientNickname", "$tk$nickname"); - $::config->put("conn.tks1.clientNickname", "$tk$nickname"); - $::config->put( "ra.cert.subsystem.nickname", "$tk$nickname"); - } else { - &PKI::RA::Wizard::debug_log("NamePanel: update: $certtag nickname changed"); - $::config->put("preop.cert.$certtag.nickname", "$tk$nickname"); - } - $::config->commit(); - } else { - if ($certtag eq "subsystem") { - # setting these just in case the subsystem nickname changed. - &PKI::RA::Wizard::debug_log("NamePanel: update: setting in case the subsystem nickname changed"); - $::config->put("conn.ca1.clientNickname", "$nickname"); - $::config->put("conn.drm1.clientNickname", "$nickname"); - $::config->put("conn.tks1.clientNickname", "$nickname"); - $::config->put("ra.cert.subsystem.nickname", "$nickname"); - } - $::config->commit(); - } - - &PKI::RA::Wizard::debug_log("NamePanel: update: done importing cert: $tk$nickname"); - $tmp = `rm $cert_fn`; - } - } - -DONE: - &PKI::RA::Wizard::debug_log("NamePanel: removing pwfile"); - my $tmp = `rm $instanceDir/conf/.pwfile`; - return 1; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -use Data::Dumper; - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("NamePanel: display"); - - my $domain_name = $::config->get("preop.securitydomain.name"); - if ($domain_name eq "") { - $domain_name = "RA Domain"; - } - my $machine_name = $::config->get("service.machineName"); - my $instance_id = $::config->get("service.instanceID"); - - my $i = 0; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - &PKI::RA::Wizard::debug_log("NamePanel: display certtag=$certtag"); - my $cert_dn = $::config->get("preop.cert.".$certtag.".dn"); - if ($cert_dn eq "") { - if ($certtag eq "subsystem") { - $cert_dn = "CN=RA Subsystem, " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } elsif ($certtag eq "sslserver") { - $cert_dn ="CN=" . $machine_name . ", " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } else { - &PKI::RA::Wizard::debug_log("NamePanel: display other certtag=$certtag"); - $cert_dn = $certtag; - } - $::config->put("preop.cert.".$certtag.".dn", $cert_dn); - $::config->commit(); - } else { - if (!($cert_dn =~ /O=/)) { - $cert_dn .= ", O=" . $domain_name; - $::config->put("preop.cert.".$certtag.".dn", $cert_dn); - $::config->commit(); - } - } - - my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname"); - if ($name eq "") { - $name = $certtag."Cert ".$instance_id; - $::config->put("preop.cert.".$certtag.".userfriendlyname", $name); - $::config->commit(); - } - - my $cert = new PKI::RA::CertInfo($name, - $cert_dn, $certtag); - $::symbol{certs}[$i++] = $cert; - } - - &PKI::RA::Wizard::debug_log("NamePanel: getting CA info"); - $::symbol{urls} = []; - my $count = 0; - - while (1) { - my $host = $::config->get("preop.securitydomain.ca$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport"); - my $name = $::config->get("preop.securitydomain.ca$count.subsystemname"); - my $item = $name . " - https://" . $host . ":" . $https_ee_port; - $::symbol{urls}[$count++] = $item; - - } -DONE: - - $::symbol{urls}[$count++] = "External CA"; - $::symbol{urls_size} = $count+1; - - return 1; -} - - -# arg0 filename containing certificate request -# return certificate request plus header and footer -sub extract_cert_req_from_file -{ - my $save_line = 0; - - my $filename = $_[0]; - - my $fd = new FileHandle; - - my $cert_request = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - - if( $line eq $cert_req_header ) { - $save_line = 1; - $cert_request .= "$line\n"; - } elsif( $line eq $cert_req_footer ) { - $cert_request .= "$line\n"; - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert_request .= "$line\n"; - } - } - - $fd->close(); - - return $cert_request; -} - -# arg0 message containing certificate request -# return certificate request sans header and footer -sub extract_cert_req_from_file_sans_header_and_footer -{ - my $filename = $_[0]; - my $save_line = 0; - - my $fd = new FileHandle; - - my $cert_request = ""; - - $fd->open( "<$filename" ) or die "Could not open '$filename'!\n"; - - while( <$fd> ) - { - my $line = $_; - chomp( $line ); - - if( $line eq $cert_req_header ) { - $save_line = 1; - } elsif( $line eq $cert_req_footer ) { - $save_line = 0; - last; - } elsif( $save_line == 1 ) { - $cert_request .= "$line\n"; - } - } - - $fd->close(); - - return $cert_request; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm b/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm deleted file mode 100755 index 51c22cd24..000000000 --- a/base/ra/lib/perl/PKI/RA/ReqCertInfo.pm +++ /dev/null @@ -1,235 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::ReqCertInfo; -$PKI::RA::ReqCertInfo::VERSION = '1.00'; - -our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----"; -our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----"; -our $cert_header="-----BEGIN CERTIFICATE-----"; -our $cert_footer="-----END CERTIFICATE-----"; - -sub new { - my ($class, $name, $dn, $tag) = @_; - my $self = {}; - &PKI::RA::Wizard::debug_log("ReqCertInfo: start new"); - &PKI::RA::Wizard::debug_log("ReqCertInfo: creating name: $name, dn: $dn, tag: $tag"); - - $self->{"getUserFriendlyName"} = \&get_user_friendly_name; - $self->{"getCertTag"} = \&get_cert_tag; - $self->{"getCert"} = \&get_cert; - $self->{"getCertpp"} = \&get_cert_pp; - $self->{"getRequest"} = \&get_request; - $self->{"getDN"} = \&get_dn; - $self->{"useDefaultKey"} = \&use_default_key; - $self->{"getCustomKeysize"} = \&get_custom_keysize; - &PKI::RA::Wizard::debug_log("ReqCertInfo: end new"); - - $self->{name} = $name; - $self->{dn} = $dn; - $self->{tag} = $tag; - - bless $self, $class; - return $self; -} - -sub get_user_friendly_name -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_user_friendly_name"); - return $self->{name}; -} - -sub readFile -{ - my $fn = $_[0]; - open FILE, "< $fn" or return ""; - my $content = join "",<FILE>; - close FILE; - - return $content; -} - -sub wrap_lines -{ - my $lines = shift; - my $temp ; - foreach my $line (split "\n", $lines) { - if (length $line > 59) { - $line =~ s/(.{0,60})/$1\n/g; - } - # get rid of a line that is just an empty newline - $line =~ s/^\n$//gms; - $temp .= $line; - } - # collapse multiple newlines into one - $temp =~ s/\n+/\n/gms; - $temp =~ s/\n$//gms; - $temp; - -} - -sub get_request -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_request"); - # first, try to see if request has been made before -# my $req = readFile( "/var/lib/pki-ra/conf/$self->{tag}_cert_request.txt"); - - my $req = $::config->get("preop.cert.$self->{tag}.certreq"); - - $req = wrap_lines($req); - - if ($req ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_request found existing request"); - return $cert_req_header."\n".$req."\n".$cert_req_footer;; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_request existing request not found"); - } - - return $req; -} - -sub get_cert -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert"); -# see if there is an existing cert -# my $cert = readFile("/var/lib/pki-ra/conf/".$self->{tag}."_cert.txt"); - my $cert = $::config->get("preop.cert.$self->{tag}.cert"); - - $cert = wrap_lines($cert); - if ($cert ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert found existing cert"); - return $cert_header."\n".$cert."\n".$cert_footer;; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert existing cert not found"); - } - if ($cert eq "") { - $cert = "...paste certificate here..."; - } - - - return $cert; -} - -sub get_cert_pp -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp"); - my $instanceDir = $::config->get("service.instanceDir"); - - my $hw; - my $tokenname = $::config->get("preop.module.token"); - &PKI::RA::Wizard::debug_log("ReqCertInfo: update got token name = $tokenname"); - - if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) { - $hw = ""; - } else { - $hw = "-h $tokenname"; - } - - my $token_pwd = $::pwdconf->get($tokenname); - open FILE, ">$instanceDir/conf/.pwfile"; - system( "chmod 00660 $instanceDir/conf/.pwfile" ); - $token_pwd =~ s/\n//g; - print FILE $token_pwd; - close FILE; - - my $nickname = $::config->get("preop.cert.$self->{tag}.nickname"); - if ($nickname eq "") { -#XXX - $nickname = "RA ".$self->{tag}." cert"; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp nickname not found for $self->{tag} -- try $nickname"); - } - my $certpp=""; -# my $found = -e "/var/lib/pki-ra/conf/$self->{tag}_cert.txt"; - my $cert = $::config->get("preop.cert.$self->{tag}.cert"); - - if ($cert ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp found request, ready to get prettyprint"); - my $tmp = `certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -n "$nickname" -L > $instanceDir/conf/$self->{tag}_cert_pp.txt`; - $certpp = readFile("$instanceDir/conf/$self->{tag}_cert_pp.txt"); - $certpp =~ s/"//g; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp pp=$certpp"); - $tmp =`rm $instanceDir/conf/$self->{tag}_cert_pp.txt`; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_pp cert not found, will not get prettyprint"); - } - my $tmp = `rm $instanceDir/conf/.pwfile`; - - return $certpp; -} - -sub get_cert_tag -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_tag"); - return $self->{tag}; -} - -sub get_dn -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_cert_dn"); - return $self->{dn}; -} - -sub use_default_key -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: use_default_key"); - my $select = $::config->get("preop.cert.$self->{tag}.keysize.select"); - if ($select ne "") { - if ($select eq "custom") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: use_default_key from config = $select returning 0"); - return 0; - } - } - - &PKI::RA::Wizard::debug_log("ReqCertInfo: use_default_key returning 1"); - return 1; -} - -sub get_custom_keysize -{ - my ($self) = @_; - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_custom_keysize"); - my $keysize = $::config->get("preop.cert.$self->{tag}.keysize.customsize"); - if ($keysize ne "") { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_custom_keysize from config = $keysize"); - return $keysize; - } else { - &PKI::RA::Wizard::debug_log("ReqCertInfo: get_custom_keysize not from config"); - } - return 2048; -} - - -1; diff --git a/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm b/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm deleted file mode 100755 index 3370b9d25..000000000 --- a/base/ra/lib/perl/PKI/RA/SecurityDomainPanel.pm +++ /dev/null @@ -1,199 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; -use XML::Simple; -use Data::Dumper; - -package PKI::RA::SecurityDomainPanel; -$PKI::RA::SecurityDomainPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(1); - $self->{"getName"} = &PKI::RA::Common::r("Security Domain"); - $self->{"vmfile"} = "securitydomainpanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SecurityPanel: validate"); - - return 1; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub pingCS -{ - my( $instanceDir ) = $_[0]; - my( $db_password ) = $_[1]; - my( $nickname ) = $_[2]; - my( $hostname ) = $_[3]; - my( $port ) = $_[4]; - - my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -r "/ca/admin/ca/getStatus" $hostname:$port`; - if( "$content" eq "" ) { - return 0; - } else { - $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/; - $content = $1; - - my $parser = XML::Simple->new(); - my $response = $parser->XMLin($content); - my $state = $response->{State}; - - if( "$state" eq "1" ) { - return 1; - } else { - return 0; - } - } -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SecurityPanel: display"); - $::symbol{panelname} = "Security Domain"; - $::symbol{sdomainName} = "Security Domain"; - - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $hostname = $::config->get("service.machineName"); - my $default_https_admin_port = 9445; - - # check to see if "default" security domain exists on local machine - my $status = pingCS( $instanceDir, - $db_password, - $nickname, - $hostname, - $default_https_admin_port ); - if( "$status" eq "1" ) { - # "default" security domain exists on local machine; - # fill "sdomainURL" in with "default" security domain - # as an initial "guess" - $::symbol{sdomainURL} = "https://" . $hostname . ":" - . $default_https_admin_port; - } else { - # "default" security domain does NOT exist on local machine; - # leave "sdomainURL" blank - $::symbol{sdomainURL} = ""; - } - - $::symbol{sdomainAdminURL} = "https://" . $hostname . ":" - . $default_https_admin_port; - - my $initDaemon = "pki-tomcatd"; - my $statusCommand = ""; - my $instanceID ="<security_domain_instance_name>"; - if( $^O eq "linux" ) { - $statusCommand = "systemctl status $initDaemon\@$instanceID.service"; - } else { - ## default case: e. g. - ( $^O eq "solaris" ) - $statusCommand = "/etc/init.d/$initDaemon status $instanceID"; - } - $::symbol{statusCommand} = $statusCommand; - $::symbol{instanceID} = $instanceID; - return 1; -} - - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SecurityPanel: update"); - my $sdomainURL = $q->param("sdomainURL"); - - if ($sdomainURL eq "") { - &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL has not been specified!"); - $::symbol{errorString} = "Security Domain HTTPS has not been specified!"; - return 0; - } - - my $sdomainURL_info = new URI::URL($sdomainURL); - - my $instanceDir = $::config->get("service.instanceDir"); - my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`; - $db_password =~ s/\n$//g; - my $nickname = $::config->get("preop.cert.sslserver.nickname"); - my $hostname = $sdomainURL_info->host; - my $https_admin_port = $sdomainURL_info->port; - - # check to see if "default" security domain exists on local machine - my $status = pingCS( $instanceDir, - $db_password, - $nickname, - $hostname, - $https_admin_port ); - if( "$status" ne "1" ) { - # invalid security domain specified - &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL not found"); - $::symbol{errorString} = "Security Domain HTTPS Admin URL not found"; - return 0; - } - - # save urls in CS.cfg - &PKI::RA::Wizard::debug_log("SecurityPanel: sdomainURL=" . $sdomainURL); - $::config->put("config.sdomainAdminURL", $sdomainURL); - - # Add values necessary for 'pkiremove' . . . - $::config->put("securitydomain.select", "existing"); - $::config->put("securitydomain.host", $sdomainURL_info->host); - $::config->put("securitydomain.httpsadminport", $sdomainURL_info->port); - $::config->commit(); - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/SizePanel.pm b/base/ra/lib/perl/PKI/RA/SizePanel.pm deleted file mode 100755 index f55dc41e9..000000000 --- a/base/ra/lib/perl/PKI/RA/SizePanel.pm +++ /dev/null @@ -1,245 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use PKI::RA::CertInfo; - -package PKI::RA::SizePanel; -$PKI::RA::SizePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(11); - $self->{"getName"} = &PKI::RA::Common::r("Key Pairs"); - $self->{"vmfile"} = "sizepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SizePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SizePanel: update"); - - my $instanceDir = $::config->get("service.instanceDir"); - my $done = $::config->get("preop.SizePanel.done"); - my $genKeyPair = $q->param('generateKeyPair'); - &PKI::RA::Wizard::debug_log("SizePanel: update generateKeyPair value=$genKeyPair"); - if ($done eq "true") { - if ($genKeyPair eq "") { - &PKI::RA::Wizard::debug_log("SizePanel: update generateKeyPair value not found, turn to off"); - $genKeyPair = "off"; - } - } else { - # firstime should always generate keys - $genKeyPair = "on"; - } - - foreach my $certtag (@PKI::RA::Wizard::certtags) { - my $select = $q->param($certtag.'_choice'); - my $keytype = $q->param($certtag.'_keytype'); - my $size = $q->param($certtag.'_custom_size'); - - &PKI::RA::Wizard::debug_log("SizePanel: update $certtag _choice=$select $certtag _keytype=$keytype customsize= $size"); - - $::config->put("preop.keysize.select", $select); - $::config->put("preop.cert.".$certtag.".keysize.select", $select); - - if (! isSupportedSize($keytype, $size)) { - &PKI::RA::Wizard::debug_log("SizePanel: update size $size not supported"); - return 0; - } - $::config->put("preop.cert.".$certtag.".keysize.customsize", $size); - $::config->put("preop.cert.".$certtag.".keytype", $keytype); - - if ($select eq "default") { - my $defaultSize = getDefaultSize($keytype); - &PKI::RA::Wizard::debug_log("SizePanel: update in default, defaultsize = $defaultSize"); - $::config->put("preop.keysize.customsize", $defaultSize); - $::config->put("preop.keysize.size", $defaultSize); - $::config->put("preop.cert.".$certtag.".keysize.size", $defaultSize); - - } elsif ($select eq "custom") { - &PKI::RA::Wizard::debug_log("SizePanel: update in custom, customsize = $size"); - $::config->put("preop.keysize.size", $size); - $::config->put("preop.cert.".$certtag.".keysize.size", $size); - } - - if ($genKeyPair eq "on") { - $::config->put("preop.cert.".$certtag.".certreq", ""); - $::config->put("preop.cert.".$certtag.".cert", ""); - } - } -#XXX should have better error checking to work better - $done = $::config->put("preop.SizePanel.done", "true"); - $::config->commit(); - - return 1; -} - -sub getDefaultSize { - my $keytype = $_[0]; - - if ($keytype eq "ecc") { - return 256; - } elsif ($keytype eq "rsa") { - return 2048; - } - - $::symbol{errorString} = "Unsupported keytype $keytype"; - return 0; -} - -sub isSupportedSize { - my $keytype = $_[0]; - my $size = $_[1]; - - if (($keytype eq "ecc") && ($size ne "256")) { - &PKI::RA::Wizard::debug_log("SizePanel: isSupportedSize ECC only supports size 256"); - $::symbol{errorString} = "Unsupported Size $size. ECC only supports size 256"; - return 0; - } - - if (($size eq "256") || ($size eq "512") || ($size eq "1024") || - ($size eq "2048") || ($size eq "4096")) { - return 1; - } - # wrong size - $::symbol{errorString} = "Unsupported Size $size. RSA only supports sizes 256, 512, 1024, 2048, and 4096"; - return 0; -} - -sub display -{ - my ($q) = @_; - - &PKI::RA::Wizard::debug_log("SizePanel: display"); - - my $done = $::config->get("preop.SizePanel.done"); - &PKI::RA::Wizard::debug_log("SizePanel: display is panel done? $done"); - if ($done eq "true") { - $::symbol{firsttime} = "false"; - } else { - $::symbol{firsttime} = "true"; - } - - my $domain_name = $::config->get("preop.securitydomain.name"); - if ($domain_name eq "") { - $domain_name = "RA Domain"; - } - - my $machine_name = $::config->get("service.machineName"); - my $instance_id = $::config->get("service.instanceID"); - - my $i = 0; - foreach my $certtag (@PKI::RA::Wizard::certtags) { - my $cert_dn = $::config->get("preop.cert.".$certtag.".dn"); - if ($cert_dn eq "") { - if ($certtag eq "subsystem") { - $cert_dn = "CN=RA Subsystem, " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } elsif ($certtag eq "sslserver") { - $cert_dn ="CN=" . $machine_name . ", " . - "OU=" . $instance_id . ", " . - "O=" . $domain_name; - } else { - $cert_dn = $certtag; - } - } - my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname"); - if ($name eq "") { - $name = $certtag."Cert ".$instance_id; - } - my $cert = new PKI::RA::CertInfo($name, - $cert_dn, $certtag); - $::symbol{certs}[$i++] = $cert; - } - - #for "common key settings" - my $select = $::config->get("preop.keysize.select"); - if (($select eq "") || ($select eq "default")) { - $::symbol{select} = "default"; - } else { - &PKI::RA::Wizard::debug_log("SizePanel: display keysize select= $select"); - $::symbol{select} = $select; - } - my $default_size = $::config->get("preop.keysize.size"); - if ($default_size eq "") { - $::symbol{default_keysize} = 2048; - } else { - $::symbol{default_keysize} = $default_size; - } - - my $default_ecc_size = $::config->get("preop.keysize.ecc.size"); - if ($default_ecc_size eq "") { - $::symbol{default_ecc_keysize} = 256; - } else { - $::symbol{default_ecc_keysize} = $default_ecc_size; - } - - my $custom_size = $::config->get("preop.keysize.customsize"); - if ($custom_size eq "") { - $::symbol{custom_size} = 2048; - } else { - $::symbol{custom_size} = $default_size; - } - - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm b/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm deleted file mode 100755 index 3d946bca0..000000000 --- a/base/ra/lib/perl/PKI/RA/SubsystemTypePanel.pm +++ /dev/null @@ -1,142 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::SubsystemTypePanel; -$PKI::RA::SubsystemTypePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(3); - $self->{"getName"} = &PKI::RA::Common::r("Subsystem Type"); - $self->{"vmfile"} = "createsubsystempanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SubsystemTypePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SubsystemTypePanel: update"); - $::symbol{systemname} = "Registration Authority "; - $::symbol{subsystemName} = "Registration Authority"; - $::symbol{fullsystemname} = "Registration Authority"; - $::symbol{machineName} = "localhost"; - $::symbol{http_port} = "12888"; - $::symbol{https_port} = "12889"; - $::symbol{non_clientauth_https_port} = "12890"; - $::symbol{check_clonesubsystem} = " "; - $::symbol{check_newsubsystem} = " "; - $::symbol{disableClone} = 1; - - my $subsystemName = $q->param('subsystemName'); - $::config->put("preop.subsystem.name", $subsystemName); - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("SubsystemTypePanel: display"); - $::symbol{systemname} = "Registration Authority "; - $::symbol{subsystemName} = "Registration Authority"; - $::symbol{fullsystemname} = "Registration Authority "; - - my $machineName = $::config->get("service.machineName"); - my $unsecurePort = $::config->get("service.unsecurePort"); - my $securePort = $::config->get("service.securePort"); - my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort"); - - - $::symbol{machineName} = $machineName; - $::symbol{http_port} = $unsecurePort; - $::symbol{https_port} = $securePort; - $::symbol{non_clientauth_https_port} = $non_clientauth_securePort; - $::symbol{check_clonesubsystem} = ""; - $::symbol{check_newsubsystem} = "checked "; - - my $session_id = $q->param("session_id"); - $::config->put("preop.sessionID", $session_id); - $::config->commit(); - - $::symbol{urls} = []; - my $count = 0; - while (1) { - my $host = $::config->get("preop.securitydomain.ra$count.host"); - if ($host eq "") { - goto DONE; - } - my $port = $::config->get("preop.securitydomain.ra$count.non_clientauth_secure_port"); - my $name = $::config->get("preop.securitydomain.ra$count.subsystemname"); - unshift(@{$::symbol{urls}}, "https://" . $host . ":" . $port); - $count++; - } -DONE: - $::symbol{urls_size} = $count; - -# if ($count == 0) { - $::symbol{disableClone} = 1; -# } - - # XXX - how to deal with urls - return 1; -} - - -1; diff --git a/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm b/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm deleted file mode 100755 index ddf1124a9..000000000 --- a/base/ra/lib/perl/PKI/RA/TKSInfoPanel.pm +++ /dev/null @@ -1,134 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; -use URI::URL; - -package PKI::RA::TKSInfoPanel; -$PKI::RA::TKSInfoPanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(5); - $self->{"getName"} = &PKI::RA::Common::r("TKS Information"); - $self->{"vmfile"} = "tksinfopanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("TKSInfoPanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("TKSInfoPanel: update"); - - my $count = $q->param('urls'); - - my $instanceID = $::config->get("service.instanceID"); - - my $host = ""; - my $https_agent_port = ""; - if ($count =~ /http/) { - my $info = new URI::URL($count); - $host = $info->host; - $https_agent_port = $info->port; - if (($host eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation"; - return 0; - } - $::config->put("preop.tksinfo.select", $count); - } else { - $host = $::config->get("preop.securitydomain.tks$count.host"); - $https_agent_port = $::config->get("preop.securitydomain.tks$count.secureagentport"); - if (($host eq "") || ($https_agent_port eq "")) { - $::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation"; - return 0; - } - $::config->put("preop.tksinfo.select", "https://$host:$https_agent_port"); - } - my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname"); - $::config->put("conn.tks1.clientNickname", $subsystemCertNickName); - $::config->put("conn.tks1.hostport", $host . ":" . $https_agent_port); - $::config->commit(); - - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("TKSInfoPanel: display"); - $::symbol{urls} = []; - my $count = 0; - while (1) { - my $host = $::config->get("preop.securitydomain.tks$count.host"); - if ($host eq "") { - goto DONE; - } - my $https_agent_port = $::config->get("preop.securitydomain.tks$count.secureagentport"); - my $name = $::config->get("preop.securitydomain.tks$count.subsystemname"); - $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port; - } -DONE: - $::symbol{urls_size} = $count; - if ($count eq 0) { - $::symbol{errorString} = "no TKS found. CA, TKS and optionally DRM must be installed prior to RA installation"; - return 0; - } - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/WelcomePanel.pm b/base/ra/lib/perl/PKI/RA/WelcomePanel.pm deleted file mode 100755 index c88c138be..000000000 --- a/base/ra/lib/perl/PKI/RA/WelcomePanel.pm +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; -use warnings; -use PKI::RA::GlobalVar; -use PKI::RA::Common; - -package PKI::RA::WelcomePanel; -$PKI::RA::WelcomePanel::VERSION = '1.00'; - -use PKI::RA::BasePanel; -our @ISA = qw(PKI::RA::BasePanel); - -sub new { - my $class = shift; - my $self = {}; - - $self->{"isSubPanel"} = \&is_sub_panel; - $self->{"hasSubPanel"} = \&has_sub_panel; - $self->{"isPanelDone"} = \&PKI::RA::Common::no; - $self->{"getPanelNo"} = &PKI::RA::Common::r(0); - $self->{"getName"} = &PKI::RA::Common::r("Welcome"); - $self->{"vmfile"} = "welcomepanel.vm"; - $self->{"update"} = \&update; - $self->{"panelvars"} = \&display; - bless $self,$class; - return $self; -} - -sub is_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub has_sub_panel -{ - my ($q) = @_; - return 0; -} - -sub validate -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: validate"); - return 1; -} - -sub update -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("WelcomePanel: update"); - return 1; -} - -sub display -{ - my ($q) = @_; - &PKI::RA::Wizard::debug_log("XXX " . $::config->get("logging.debug.enable")); - &PKI::RA::Wizard::debug_log("WelcomePanel: display"); - $::symbol{wizardname} = "RA Configuration Wizard"; - $::symbol{systemname} = "RA"; - $::symbol{fullsystemname} = "Registration Authority"; - - return 1; -} - -1; diff --git a/base/ra/lib/perl/PKI/RA/wizard.pm b/base/ra/lib/perl/PKI/RA/wizard.pm deleted file mode 100755 index fe23d62bb..000000000 --- a/base/ra/lib/perl/PKI/RA/wizard.pm +++ /dev/null @@ -1,502 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -# wizard - -# Fedora Certificate System - Registration Authority System configuration wizard - - -# This script is run as a 'mod_perl' CGI. Configure mod_perl by adding -# the following to /etc/httpd/conf.d/perl.conf -# -# PerlModule ModPerl::Registry -# PerlModule Apache::compat -# PerlModule PKI::RA::Wizard -# PerlSetEnv PKI_DOCROOT /u/sparkins/t/cs_tip/certsystem/prj/common/ui -# <Location /wizard> -# SetHandler perl-script -# PerlHandler PKI::RA::Wizard -# Order deny,allow -# Allow from all -# </Location> - - -# Note: The Velocity parser is not very helpful when it comes to -# errors right now. Here are some common errors, and what they mean: -# -# ERROR: -# [Mon Apr 03 13:57:33 2006] [error] [client 172.16.24.26] -# Can't use string ("0") as an ARRAY ref while "strict refs" -# in use at /usr/lib/perl5/site_perl/5.8.5/Template/Velocity.pm -# line 423.\n, referer: http://chico/wizard?p=2 -# MEANING -# This probably means that your *.vm file refers to an array -# variable in a foreach statement that is not defined -# Check your foreach array variables. - -use warnings; -use ModPerl::Registry; -use Template::Velocity; -use Getopt::Std; -use Data::Dumper; -use CGI::Carp qw(fatalsToBrowser); -use CGI; -use APR::Const -compile => qw(:error SUCCESS); -use PKI::RA::GlobalVar; -use PKI::RA::WelcomePanel; -use PKI::RA::SecurityDomainPanel; -use PKI::RA::DisplayCertChainPanel; -use PKI::RA::SubsystemTypePanel; -use PKI::RA::CAInfoPanel; -use PKI::RA::DisplayCertChain2Panel; -use PKI::RA::AdminAuthPanel; -use PKI::RA::AgentAuthPanel; -use PKI::RA::DatabasePanel; -use PKI::RA::ModulePanel; -use PKI::RA::SizePanel; -use PKI::RA::NamePanel; -use PKI::RA::ConfigHSMLoginPanel; -use PKI::RA::CertRequestPanel; -use PKI::RA::AdminPanel; -use PKI::RA::ImportAdminCertPanel; -use PKI::RA::DonePanel; -use PKI::RA::Config; - -use PKI::RA::Common qw(yes no r); - -package PKI::RA::Wizard; -$PKI::RA::Wizard::VERSION = '1.00'; - -# read configuration file -my $flavor = "pki"; -$flavor =~ s/\n//g; - -my $pkiroot = $ENV{PKI_ROOT}; - -my $config = PKI::RA::Config->new(); -$config->load_file("$pkiroot/conf/CS.cfg"); -# read password cache file -my $pwdconf = PKI::RA::Config->new(); -$pwdconf->load_file("$pkiroot/conf/pwcache.conf"); -# SELinux disallows performing a "chmod" on this file -if( $^O ne "linux" ) { - system( "chmod 00660 $pkiroot/conf/pwcache.conf" ); -} - -# create cfg debug log -my $logfile = $config->get("service.instanceDir") . "/logs/debug"; -system( "touch $logfile" ); -system( "chmod 00640 $logfile" ); -open( DEBUG, ">>" . $logfile ) || -warn( "Could not open '" . $logfile . "': $!" ); - -# apache server - -our $debug; - -my $HTTP_OK = 0; - -my $STATUS_OK = 0; # Apache 2 needs this to be zero -my $STATUS_ERROR = 2; -my $STATUS_REDIRECT = 3; - -&debug_log("RA wizard: starting up"); - -my $docroot = $ENV{PKI_DOCROOT}; - -if (! $docroot) { - &debug_log("RA wizard: ERROR: PKI_DOCROOT is null"); - return 0; -} - -our $parser = new Template::Velocity($docroot); -our $symbol; -our @certtags; - -makepanels(); - -&debug_log("RA wizard: start up complete"); - -1; - -sub debug_log -{ - my ($msg) = @_; - my $date = `date`; - chomp($date); - if( -w $logfile ) { - print DEBUG "$date - $msg\n"; - } -} - - # initializes entries in parser's global symbol table for panels -sub makepanels -{ - #REAL PANELS BELOW - my $welcome = new PKI::RA::WelcomePanel(); - my $securitydomain = new PKI::RA::SecurityDomainPanel(); - my $displaycertchain = new PKI::RA::DisplayCertChainPanel(); - my $subsystem = new PKI::RA::SubsystemTypePanel(); - my $cainfopanel = new PKI::RA::CAInfoPanel(); -# my $displaycertchain2 = new PKI::RA::DisplayCertChain2Panel(); - my $databasepanel = new PKI::RA::DatabasePanel(); - my $modulepanel = new PKI::RA::ModulePanel(); - my $confighsmloginpanel = new PKI::RA::ConfigHSMLoginPanel(); - my $sizepanel = new PKI::RA::SizePanel(); - my $namepanel = new PKI::RA::NamePanel(); - my $certrequestpanel = new PKI::RA::CertRequestPanel(); - my $adminpanel = new PKI::RA::AdminPanel(); - my $importadmincertpanel = new PKI::RA::ImportAdminCertPanel(); - my $donepanel = new PKI::RA::DonePanel(); - - $symbol{panels} = [ - $welcome, # com.netscape.cms.servlet.csadmin.WelcomePanel - $securitydomain, # com.netscape.cms.servlet.csadmin.SecurityDomainPanel - $displaycertchain, # com.netscape.cms.servlet.csadmin.DisplayCertChainPanel - $subsystem, # com.netscape.cms.servlet.csadmin.CreateSubsystemPanel - $cainfopanel, # com.netscape.cms.servlet.csadmin.CAInfoPanel -# $displaycertchain2, # com.netscape.cms.servlet.csadmin.DisplayCertChain2Panel - $databasepanel, # com.netscape.cms.servlet.csadmin.DatabasePanel - $modulepanel, # com.netscape.cms.servlet.csadmin.ModulePanel - $confighsmloginpanel, # com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel - $sizepanel, # com.netscape.cms.servlet.csadmin.SizePanel - $namepanel, # com.netscape.cms.servlet.csadmin.NamePanel - $certrequestpanel, # com.netscape.cms.servlet.csadmin.CertRequestPanel - $adminpanel, # com.netscape.cms.servlet.csadmin.AdminPanel - $importadmincertpanel, # com.netscape.cms.servlet.csadmin.ImportAdminCertPanel - $donepanel, # com.netscape.cms.servlet.csadmin.DonePanel</param-value> - ]; -}; - -sub render_panel -{ - my ($panelnum, $q) = @_; - - $symbol{errorString} = ""; - - my $currentpanel; - - if ($q->param('op') && $q->param('op') eq "next") { - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - my $status = "0"; - - if ($currentpanel->{update}) { - $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - - &debug_log("RA wizard: about to find out about sub panel"); - if ($status eq "1") { - if ($currentpanel->{hasSubPanel} && &{$currentpanel->{hasSubPanel}}($q)) { - &debug_log("RA wizard: has sub panel"); - $panelnum = $panelnum + 2; - } elsif ($currentpanel->{isSubPanel} && &{$currentpanel->{isSubPanel}}($q)) { - &debug_log("RA wizard: is sub panel"); - $panelnum = $panelnum - 1; - } else { - &debug_log("RA wizard: no sub panel and is not subpanel"); - $panelnum = $panelnum + 1; - } - } - } elsif ($q->param('op') && $q->param('op') eq "back") { - $panelnum = $panelnum - 1; - #check if this a subpanel, if so, go back to it's parent. - #only handles one-deep at this point - my $panel = $symbol{panels}[$panelnum]; - if (&{$panel->{isSubPanel}}($q)) { - $panelnum = $panelnum - 1; - } - } elsif ($q->param('op') && $q->param('op') eq "apply") { - &debug_log("RA wizard: update : apply button pressed"); - $currentpanel = $symbol{panels}[$panelnum]; - # validate variables for panel - if ($currentpanel->{validate}) { - $currentpanel->{validate}($q); - } - # execute current panel - if ($currentpanel->{update}) { - my $status = $currentpanel->{update}($q); - &debug_log("RA wizard: update returns status '" . - $status . "'"); - if ($status == $STATUS_REDIRECT) { - return $STATUS_REDIRECT; - } - - } - } - - &debug_log("RA wizard: after looking into about sub panel"); - - # advance to next panel - $currentpanel = $symbol{panels}[$panelnum]; - - # initialize symbol table values - $symbol{showApplyButton} = "false"; - - # fill in variables for new panel - if ($currentpanel->{panelvars}) { - $Data::Dumper::Indent = 1; - # The '&debug_log("q=".Dumper($q));' call must be commented out to fix - # Bugzilla Bug #249923: Incorrect file permissions on - # various files and/or directories - # &debug_log("q=".Dumper($q)); - $currentpanel->{panelvars}($q); - } - - $symbol{panel} = "ra/admin/console/config/".$currentpanel->{vmfile}; - - #wizard.vm: - $symbol{name} = "Registration Authority"; - $symbol{title} = $currentpanel->{getName}(); - if ($panelnum == 0) { - $symbol{firstpanel} = "1"; - } else { - $symbol{firstpanel} = "0"; - } - if ($panelnum == 13) { - $symbol{lastpanel} = "1"; - } else { - $symbol{lastpanel} = "0"; - } - $symbol{p} = $panelnum; - $symbol{subpanelno} = $panelnum+1; - $symbol{productversion} = $::config->get("cms.product.version"); - $symbol{csstate} = "1"; - -# $symbol{urls} = [ "cert1", "cert2" ]; #createsubsystem -# $symbol{urls_size} = 2; -# $symbol{instanceId} = "ra"; -# $symbol{errorString} = ""; - - #modulepanel -# $symbol{certs} = [ ]; -# $symbol{reqscerts} = [ ]; - $symbol{ppcerts} = [ ]; - - return $STATUS_OK; -} - - - -sub dbg { - my $msg = shift; - $::symbol{dbg} .= "$msg\n"; -} - -sub handler { - my $r = shift; - - *::symbol = \%symbol; - *::s = \$s; - *::config = \$config; - *::pwdconf = \$pwdconf; - - &debug_log("RA wizard: in handler"); - - my $q = new CGI; - - # check cookie - my $cookie = $q->cookie('pin'); - my $pin = $::config->get("preop.pin"); - if ($cookie ne $pin) { - print $q->redirect("login"); - return; - } - - # output http parameters - &debug_log("RA wizard: uri='" . $ENV{REQUEST_URI} . "'"); - my @pnames = $q->param(); - foreach $pn (@pnames) { - # added this facility so that password can be hidden, - # all sensitive parameters should be prefixed with - # __ (double underscores); however, in the event that - # a security parameter slips through, we perform multiple - # additional checks to insure that it is NOT displayed - if( $pn =~ /^__/ || - $pn =~ /password$/ || - $pn =~ /passwd$/ || - $pn =~ /pwd$/ || - $pn =~ /admin_password_again/i || - $pn =~ /directoryManagerPwd/i || - $pn =~ /bindpassword/i || - $pn =~ /bindpwd/i || - $pn =~ /passwd/i || - $pn =~ /password/i || - $pn =~ /pin/i || - $pn =~ /pwd/i || - $pn =~ /pwdagain/i || - $pn =~ /uPasswd/i ) { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='(sensitive)'"); - } else { - &debug_log("RA wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'"); - } - } - - my $panelnum = $q->param('p'); - if (!defined($panelnum) || $panelnum eq "") { - # Apache fails to pick up the p parameter after - # redirecting from the security domain. This is - # a quick hack to solve the issue. - if ($ENV{'QUERY_STRING'} ne "") { - $ENV{'QUERY_STRING'} =~ /p=([0-9]+)&/; - $panelnum = $1; - } - } - - use subs qw(debug); - *debug = \&Template::Velocity::Executor::debug; - - $::symbol{dbg} = ""; - - &debug_log("RA wizard: before argparsing"); - if ($#ARGV == -1) { - $Data::Dumper::Maxdepth = 7; - $startfile = "ra/admin/console/config/wizard.vm"; - } - - &debug_log("RA wizard: setting up test objects"); - - #initialize from config file - my $certlist = $::config->get("preop.cert.list"); - if ($certlist eq "") { - $certlist = "sslserver,subsystem"; - } - @certtags = split(/,/, $certlist); - $numtags = @certtags; - if ($numtags eq 0) { - @certtags = ("sslserver", "subsystem"); - } - &debug_log("RA wizard: found $numtags certtags"); - - if (! $panelnum) { - $panelnum = 0; - } - - my $status = render_panel($panelnum, $q); - if ($status == 3) { - $r->header_out(Location => $symbol{redirect}); - $r->status(301); - $r->send_http_header(); - return; - } - - use Data::Dumper; - &debug_log("RA wizard: executing file $startfile"); - foreach $q (sort keys %symbol) { - &debug_log("RA wizard:/config/wizard?p=9&SecToken=NSS%20Generic%20Crypto%20Services sym{$q}=".$symbol{$q}); - } - - my $result; - if ($q->param('xml') && $q->param('xml') eq "true") { - $r->send_http_header('text/xml'); - $result = "<xml>"; - foreach $s (sort keys %symbol) { - if ($s =~ /^__/) { - next; - } - $result .= "<" . $s . ">"; - my $v = $symbol{$s}; - $result .= &get_xml($s, $v); - $result .= "</" . $s . ">"; - } - $result .= "</xml>"; - } else { - $result = $parser->execute_file($startfile); - if (!defined $result) { - die("Couldn't execute template file: $docroot/$startfile"); - } - } - - $r->send_http_header('text/html'); - print "$result\n"; - - return $HTTP_OK; -} - -sub escape_xml -{ - my ($v) = @_; - $v =~ s/\"/"/g; - $v =~ s/\'/'/g; - $v =~ s/\&/&/g; - $v =~ s/</</g; - $v =~ s/>/>/g; - return $v; -} - -sub get_xml -{ - my ($s, $v) = @_; - - my $result; - if (ref($v) eq "HASH") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $v{$xkey}); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "PKI::RA::CertInfo") { - my $certinfo = $v; - $result .= "<certinfo>"; - $result .= "<dn>" . $certinfo->get_dn() ."</dn>"; - $result .= "<tag>" . $certinfo->get_cert_tag() . "</tag>"; - $result .= "<friendly>" . $certinfo->get_user_friendly_name() . - "</friendly>"; - $result .= "</certinfo>"; - } elsif (ref($v) eq "PKI::RA::ReqCertInfo") { - my $reqcertinfo = $v; - $result .= "<reqcertinfo>"; - $result .= "<name>" . $reqcertinfo->get_user_friendly_name() ."</name>"; - $result .= "<req>" . $reqcertinfo->get_request() ."</req>"; - $result .= "<cert>" . $reqcertinfo->get_cert() ."</cert>"; - $result .= "<certpp>" . &escape_xml($reqcertinfo->get_cert_pp()) ."</certpp>"; - $result .= "<tag>" . $reqcertinfo->get_cert_tag() ."</tag>"; - $result .= "<dn>" . $reqcertinfo->get_cert_tag() ."</dn>"; - $result .= "</reqcertinfo>"; - } elsif (ref($v) eq "ARRAY") { - my $pos = 0; - foreach my $item (@$v) { - $result .= "<element>"; - $result .= &get_xml("p" . $pos, $item); - # $result .= "-" . ref($item); - $result .= "</element>"; - $pos++; - } - } else { - $result .= &escape_xml($v); - } - return $result; -} - -1; diff --git a/base/ra/lib/perl/PKI/Request/Plugin/AutoAssign.pm b/base/ra/lib/perl/PKI/Request/Plugin/AutoAssign.pm deleted file mode 100644 index 671f2418d..000000000 --- a/base/ra/lib/perl/PKI/Request/Plugin/AutoAssign.pm +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins assigns a request to a group. -####################################### -package PKI::Request::Plugin::AutoAssign; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Instantiate this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - - my $assignTo = $cfg->get($prefix . ".assignTo"); - $queue->set_request($req->{'rowid'}, "assigned_to", $assignTo); -} - -1; diff --git a/base/ra/lib/perl/PKI/Request/Plugin/CreatePin.pm b/base/ra/lib/perl/PKI/Request/Plugin/CreatePin.pm deleted file mode 100644 index b90096664..000000000 --- a/base/ra/lib/perl/PKI/Request/Plugin/CreatePin.pm +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins creates a one time pin. -####################################### -package PKI::Request::Plugin::CreatePin; - -use DBI; -use PKI::Base::TimeTool; -use PKI::Base::PinStore; - -####################################### -# Instantiates this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - - my $pin_store = PKI::Base::PinStore->new(); - $pin_store->open($cfg); - - - my $pin_format = $cfg->get($prefix . ".pinFormat"); - - my $client_id = ""; - my $site_id = ""; - - my $data = $req->{'data'}; - foreach $nv (split(/;/, $data)) { - my ($n, $v) = split(/=/, $nv); - $pin_format =~ s/\$$n/$v/g; - } - my $created_by = "admin"; - my $pin = $pin_store->create_pin($pin_format, $req->{'rowid'}, $created_by); - - # save pin to output - $output = "pin=" . $pin; - $queue->set_request_output($req->{'rowid'}, $output); - - $req->{'output'} = $output; - - $pin_store->close(); -} - -1; diff --git a/base/ra/lib/perl/PKI/Request/Plugin/EmailNotification.pm b/base/ra/lib/perl/PKI/Request/Plugin/EmailNotification.pm deleted file mode 100644 index 95274bfa7..000000000 --- a/base/ra/lib/perl/PKI/Request/Plugin/EmailNotification.pm +++ /dev/null @@ -1,100 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins mails a notification -# to an email specified in the request. -####################################### -package PKI::Request::Plugin::EmailNotification; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Instantiate this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub substitute { - my ($self, $cfg, $queue, $prefix, $req, $line) = @_; - - my $mail_to = $cfg->get($prefix . ".mailTo"); - - # if mail_to starts with $, retrieve value from request - if ($mail_to =~ /^\$/) { - $mail_to =~ s/\$//g; - $mail_to = $req->{$mail_to}; - } - my $machineName = $cfg->get("service.machineName"); - my $securePort = $cfg->get("service.securePort"); - my $unsecurePort = $cfg->get("service.unsecurePort"); - my $nonClientAuthSecurePort = $cfg->get("service.non_clientauth_securePort"); - my $subject_dn = $req->{'subject_dn'}; - - $line =~ s/\$mail_to/$mail_to/g; - $line =~ s/\$request_id/$req->{'rowid'}/g; - $line =~ s/\$machineName/$machineName/g; - $line =~ s/\$securePort/$securePort/g; - $line =~ s/\$unsecurePort/$unsecurePort/g; - $line =~ s/\$subject_dn/$subject_dn/g; - $line =~ s/\$nonClientAuthSecurePort/$nonClientAuthSecurePort/g; - return $line; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - my $queue = PKI::Request::Queue->new(); - $queue->open($cfg); - my $ref = $queue->read_request($req->{rowid}); - - my $req_err = $ref->{errorString}; - if ($req_err ne "0") { - return; - } - - my $mail_to = $cfg->get($prefix . ".mailTo"); - if ($mail_to eq "") { - return; - } - - my $template_dir = $cfg->get($prefix . ".templateDir"); - my $template_file = $cfg->get($prefix . ".templateFile"); - - open(SENDMAIL, "|/usr/sbin/sendmail -t"); - open(F,"$template_dir/$template_file"); - while (<F>) { - print SENDMAIL $self->substitute($cfg, $queue, $prefix, $ref, $_); - } - close(F); - close(SENDMAIL); -} - -1; diff --git a/base/ra/lib/perl/PKI/Request/Plugin/RequestToCA.pm b/base/ra/lib/perl/PKI/Request/Plugin/RequestToCA.pm deleted file mode 100644 index 1c5b7d6b2..000000000 --- a/base/ra/lib/perl/PKI/Request/Plugin/RequestToCA.pm +++ /dev/null @@ -1,89 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -####################################### -# This plugins mails a notification -# to an email specified in the request. -####################################### -package PKI::Request::Plugin::RequestToCA; - -use DBI; -use PKI::Base::TimeTool; -use PKI::Conn::CA; - -####################################### -# Instantiate this plugin -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Processes plugin -####################################### -sub process { - my ($self, $cfg, $queue, $prefix, $req) = @_; - - my $ca = $cfg->get($prefix . ".ca"); - my $profile_id = $cfg->get($prefix . ".profileId"); - my $req_type = $cfg->get($prefix . ".reqType"); - - my $server_id = ""; - my $site_id = ""; - my $csr = ""; - my $csr_type = ""; - - my $data = $req->{'data'}; - foreach $nv (split(/;/, $data)) { - my ($n, $v) = split(/=/, $nv); - if ($n eq "server_id") { - $server_id = $v; - } - if ($n eq "site_id") { - $site_id = $v; - } - if ($n eq "csr") { - $csr = $v; - } - if ($n eq "csr_type") { - $csr_type = $v; - } - } - - if ($csr_type ne "") { - $req_type = $csr_type; - } - - my $ca_conn = PKI::Conn::CA->new(); - $ca_conn->open($cfg); - my $cert = $ca_conn->enroll($req->{'rowid'}, $ca, $profile_id, $req_type, $csr); - $queue->set_request($req->{'rowid'}, "output", $cert); - $req->{'output'} = $cert; - $ca_conn->close(); - -} - -1; diff --git a/base/ra/lib/perl/PKI/Request/Queue.pm b/base/ra/lib/perl/PKI/Request/Queue.pm deleted file mode 100644 index dc8418d22..000000000 --- a/base/ra/lib/perl/PKI/Request/Queue.pm +++ /dev/null @@ -1,387 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# -package PKI::Request::Queue; - -use DBI; -use PKI::Base::TimeTool; - -####################################### -# Constructs a request queue -####################################### -sub new { - my $self = {}; - bless ($self); - return $self; -} - -####################################### -# Opens request queue -####################################### -sub open { - my ($self, $cfg) = @_; - $self->{cfg} = $cfg; - my $dbfile = $cfg->get("database.dbfile"); - $self->{dbh} = DBI->connect("dbi:SQLite:dbname=$dbfile","",""); - my $timeout = $self->{dbh}->func("busy_timeout"); - $self->{dbh}->func($timeout * 10, "busy_timeout"); -} - -####################################### -# Creates a new request -####################################### -sub invoke_plugins { - my ($self, $prefix, $type, $ref) = @_; - - my $num_plugins = $self->{cfg}->get($prefix . ".num_plugins"); - for (my $i = 0; $i < $num_plugins; $i++) { - my $plugin = $self->{cfg}->get($prefix . "." . $i . ".plugin"); - eval("require $plugin"); - my $p = $plugin->new(); - $p->process($self->{cfg}, $self, $prefix . "." . $i, $ref); - } -} - -####################################### -# Creates a new request -####################################### -sub create_request { - my ($self, $type, $data, $meta_info, $created_by) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - - my $insert = "insert into requests (" . - "type" . "," . - "status" . "," . - "errorString" . "," . - "ip" . "," . - "data" . "," . - "serialno" . "," . - "subject_dn" . "," . - "meta_info" . "," . - "created_by" . "," . - "updated_at" . "," . - "created_at" . - ") values (" . - $dbh->quote($type) . "," . - $dbh->quote("OPEN") . "," . - $dbh->quote("0") . "," . - $dbh->quote($ENV{REMOTE_ADDR}) . "," . - $dbh->quote($data) . "," . - $dbh->quote("unavailable") . "," . - $dbh->quote("unavailable") . "," . - $dbh->quote($meta_info) . "," . - $dbh->quote($created_by) . "," . - $dbh->quote($now) . "," . - $dbh->quote($now) . - ")"; -REDO_CREATE_REQUEST: - eval { - $dbh->do($insert); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_CREATE_REQUEST; - } - my $rid = $dbh->func('last_insert_rowid'); - - my $ref = $self->read_request($rid); - - # call plugins - my $prefix = "request." . $type . ".create_request"; - $self->invoke_plugins($prefix, $type, $ref); - - return $rid; -} - -####################################### -# Reads a request -####################################### -sub read_request { - my ($self, $reqid) = @_; - my $dbh = $self->{dbh}; - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -sub read_request_by_roles { - my ($self, $roles, $reqid) = @_; - my $dbh = $self->{dbh}; - - my $select; - if (grep /^administrators/, @$roles) { - # administrator see all requests - $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - } else { - my $filter = $self->get_role_filter($roles); - $select = "select *,rowid from requests where " . - "(" . $filter . ")" . " AND " . - "rowid=" . $dbh->quote($reqid); - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref; -} - -####################################### -# Sets request attributes -####################################### -sub set_request { - my ($self, $reqid, $name, $value) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update requests set " . - $name . "=" . $dbh->quote($value) . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where rowid=" . $dbh->quote($reqid); -REDO_SET_REQUEST: - eval { - $dbh->do($update); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_SET_REQUEST; - } - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -####################################### -# Sets output -####################################### -sub set_request_output { - my ($self, $reqid, $output) = @_; - - return $self->set_request($reqid, "output", $output); -} - -####################################### -# Approves a request -####################################### -sub approve_request { - my ($self, $reqid, $processed_by) = @_; - my $dbh = $self->{dbh}; - - # XXX - check assigned_to - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update requests set " . - "processed_by=" . $dbh->quote($processed_by) . "," . - "status='APPROVED' " . "," . - "errorString='0' " . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where rowid=" . $dbh->quote($reqid); -REDO_APPROVE_REQUEST: - eval { - $dbh->do($update); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_APPROVE_REQUEST; - } - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - # call plugins - my $prefix = "request." . $ref->{'type'} . ".approve_request"; - $self->invoke_plugins($prefix, $ref->{'type'}, $ref); - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -####################################### -# Rejects a request -####################################### -sub reject_request { - my ($self, $reqid, $processed_by) = @_; - my $dbh = $self->{dbh}; - - my $timet = PKI::Base::TimeTool->new(); - my $now = $timet->get_time(); - my $update = "update requests set " . - "processed_by=" . $dbh->quote($processed_by) . "," . - "status='REJECTED' " . "," . - "updated_at=" . $dbh->quote($now) . " " . - "where rowid=" . $dbh->quote($reqid); -REDO_REJECT_REQUEST: - eval { - $dbh->do($update); - }; - if ($dbh->err == 5) { - sleep(1); - goto REDO_REJECT_REQUEST; - } - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - # call plugins - my $prefix = "request." . $ref->{'type'} . ".reject_request"; - $self->invoke_plugins($prefix, $ref->{'type'}, $ref); - - my $select = "select *,rowid from requests " . - "where rowid=" . $dbh->quote($reqid); - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - - return $ref; -} - -sub get_role_filter { - my ($self, $roles) = @_; - my $dbh = $self->{dbh}; - - my $filter = ""; - foreach $rr (@$roles) { - if ($filter eq "") { - $filter = "assigned_to=" . $dbh->quote($rr); - } else { - $filter = $filter . " OR " . "assigned_to=" . $dbh->quote($rr); - } - } - return $filter; -} - -####################################### -# Lists requests -####################################### -sub list_requests { - my ($self, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - my $select = "select *,rowid from requests " . - "order by rowid desc " . - "limit $startpos, $maxcount"; - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -sub count_requests_by_roles { - my ($self, $roles, $status) = @_; - my $dbh = $self->{dbh}; - - my $select; - - if (grep /^administrators$/, @$roles) { - # administrator sees everything - $select = "select count(*) from requests where " . - "status like '$status%' "; - } else { - # shows requests that are owned by the groups - my $filter = $self->get_role_filter($roles); - $select = "select count(*) from requests where " . - "status like '$status%' AND " . - "(" . $filter . ") "; - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my $ref = $sth->fetchrow_hashref(); - $sth->finish(); - return $ref->{'count(*)'}; -} - -sub list_requests_by_roles { - my ($self, $roles, $status, $startpos, $maxcount) = @_; - my $dbh = $self->{dbh}; - - my $select; - -# if ($roles =~ /administrators/) { - if (grep /^administrators$/, @$roles) { - # administrator sees everything - $select = "select *,rowid from requests where " . - "status like '$status%' " . - "order by rowid desc " . - "limit $startpos, $maxcount"; - } else { - # shows requests that are owned by the groups - my $filter = $self->get_role_filter($roles); - $select = "select *,rowid from requests where " . - "status like '$status%' AND " . - "(" . $filter . ") " . - "order by rowid desc " . - "limit $startpos, $maxcount"; - } - my $sth = $dbh->prepare($select); - $sth->execute(); - my @reqs; - while (my $ref = $sth->fetchrow_hashref()) { - push(@reqs, $ref); - } - $sth->finish(); - return @reqs; -} - -####################################### -# Closes request queue -####################################### -sub close { - my ($self) = @_; - my $dbh = $self->{dbh}; - $dbh->disconnect(); -} - -1; diff --git a/base/ra/lib/perl/PKI/Service/Op.pm b/base/ra/lib/perl/PKI/Service/Op.pm deleted file mode 100644 index 602f1a29f..000000000 --- a/base/ra/lib/perl/PKI/Service/Op.pm +++ /dev/null @@ -1,290 +0,0 @@ -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -package PKI::Service::Op; - -use PKI::Base::UserStore; -use PKI::Base::CertStore; - -sub new { - my $self = {}; - bless ($self); - return $self; -} - -sub debug_log() -{ - my ($self, $cfg, $msg) = @_; - - my $date = `date`; - chomp($date); - open(DEBUG, ">>" . $cfg->get("logging.debug.filename")); - print DEBUG "$date - $msg\n"; - close(DEBUG); -} - -sub debug_params() -{ - my ($self, $cfg, $q) = @_; - - my $date = `date`; - chomp($date); - $self->debug_log($cfg, "$date - URL '" . $ENV{REQUEST_URI} . "'"); - my @names = $q->param(); - foreach my $k (@names) { - $self->debug_log($cfg, "$date - Param $k='" . $q->param($k) . "'"); - } -} - -sub get_client_certificate() -{ - my ($self) = @_; - - my $user_cert = $ENV{"SSL_CLIENT_CERT"}; - $user_cert =~ s/-----BEGIN CERTIFICATE-----//g; - $user_cert =~ s/-----END CERTIFICATE-----//g; - $user_cert =~ s/\n//g; - - return $user_cert; -} - -sub get_current_uid() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my $ref = $us->map_user($user_cert); - if (!defined($ref)) { - return ""; - } - $us->close(); - - return $ref->{'uid'}; -} - -sub get_csr_by_cert() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my $ref = $cs->map_certificate($user_cert); - if (!defined($ref)) { - return ""; - } - $us->close(); - - return $ref->{'csr'}; -} - -sub get_cert_record() -{ - my ($self, $cfg) = @_; - -$self->debug_log( $cfg, "in get_cert_record"); - my $user_cert = $self->get_client_certificate(); - my $cs = PKI::Base::CertStore->new(); - $cs->open($cfg); - my $ref = $cs->map_certificate($user_cert); - if (!defined($ref)) { -$self->debug_log( $cfg, "in get_cert_record: map_certificate ref none"); - return ""; - } -$self->debug_log( $cfg, "in get_cert_record: got map_certificate ref"); - $cs->close(); - - return $ref; -} - -sub get_current_roles() -{ - my ($self, $cfg) = @_; - - my $uid = $self->get_current_uid($cfg); - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my @roles = $us->get_roles($uid); - $us->close(); - - return @roles; -} - -sub get_roles_of() -{ - my ($self, $cfg, $uid) = @_; - - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my @roles = $us->get_roles($uid); - $us->close(); - - return @roles; -} - -sub admin_auth() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - - # authentication - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my $ref = $us->map_user($user_cert); - if (!defined($ref)) { - return 0; - } - my @roles = $us->get_roles($ref->{'uid'}); - $us->close(); - - # authorization - my $authorized_groups = $cfg->get("admin.authorized_groups"); - $self->debug_log( $cfg, "in admin_auth: authorized groups are: $authorized_groups"); - my @authorizedGroups = split(/,/, $authorized_groups); - my $authorized = 0; - foreach my $role (@roles) { - $self->debug_log( $cfg, "in admin_auth: user has group $role"); - if (grep /^$role$/, @authorizedGroups) { - $self->debug_log( $cfg, "in admin_auth: group matched"); - $authorized = 1; - } - } - if (!$authorized) { - $self->debug_log( $cfg, "in admin_auth: no group matched"); - return 0; - } - return 1; -} - -sub agent_auth() -{ - my ($self, $cfg) = @_; - - my $user_cert = $self->get_client_certificate(); - - # authentication - my $us = PKI::Base::UserStore->new(); - $us->open($cfg); - my $ref = $us->map_user($user_cert); - if (!defined($ref)) { - return 0; - } - my @roles = $us->get_roles($ref->{'uid'}); - my $j = join(",", @roles); - $self->debug_log( $cfg, "in agent_auth: $ref->{'uid'} has roles: $j"); - $us->close(); - - # authorization - my $authorized_groups = $cfg->get("agent.authorized_groups"); - $self->debug_log( $cfg, "in agent_auth: authorized groups are: $authorized_groups"); - my @authorizedGroups = split(/,/, $authorized_groups); - my $authorized = 0; - foreach $role (@roles) { - if (grep /^$role$/, @authorizedGroups) { - $self->debug_log( $cfg, "in agent_auth: group matched"); - $authorized = 1; - } - } - if (!$authorized) { - $self->debug_log( $cfg, "in agent_auth: no group matched"); - return 0; - } - return 1; -} - -sub process { - my ($self) = @_; -} - -sub escape_xml -{ - my ($v) = @_; - $v =~ s/\"/"/g; - $v =~ s/\'/'/g; - $v =~ s/\&/&/g; - $v =~ s/</</g; - $v =~ s/>/>/g; - return $v; -} - -sub get_xml -{ - my ($s, $v) = @_; - - my $result; - if (ref($v) eq "HASH") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $v{$xkey}); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "PKI::RA::GlobalVar") { - foreach my $xkey (keys %$v) { - $result .= "<" . $xkey . ">"; - $result .= &get_xml($xkey, $$v{$xkey}->()); - # $result .= "-" . ref($xkey); - $result .= "</" . $xkey . ">"; - } - } elsif (ref($v) eq "ARRAY") { - my $pos = 0; - foreach my $item (@$v) { - $result .= "<element>"; - $result .= &get_xml("p" . $pos, $item); - # $result .= "-" . ref($item); - $result .= "</element>"; - $pos++; - } - } else { - $result .= &escape_xml($v); - } - return $result; -} - -sub xml_output { - my ($self, $c) = @_; - - my $result = "<xml>"; - foreach $s (sort keys %$c) { - if ($s =~ /^__/) { - next; - } - $result .= "<" . $s . ">"; - my $v = $$c{$s}; - $result .= &get_xml($s, $v); - $result .= "</" . $s . ">"; - } - $result .= "</xml>"; - return "$result\n"; -} - -sub execute { - my ($self) = @_; - $self->process(); -} - -1; diff --git a/base/ra/lib/perl/Template/Velocity.pm b/base/ra/lib/perl/Template/Velocity.pm deleted file mode 100755 index 848de65fd..000000000 --- a/base/ra/lib/perl/Template/Velocity.pm +++ /dev/null @@ -1,1099 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -use strict; - -package Template::Velocity::Executor; -sub new; - -package Template::Velocity; - - -# The Template::Velocity package implements a Template execution -# engine similar to the Java Velocity package. - -use Parse::RecDescent; -use Data::Dumper; -use Thread::Semaphore; - - -$Template::Velocity::parser; - -our $docroot="docroot"; -our $parser; -my %parsetrees = (); -my $debugflag = 0; -my $semaphore; - - -#GRAMMAR defined here - -my $vmgrammar = q{ - - { - use Data::Dumper; - sub Dumper - { - $::debugdumper = undef; - if ($::debugflag && $::debugdumper ) { return Data::Dumper(@_); } - else {""}; - } - - } - - -# Template is the top-level object - template: <skip:'[ \t]*'> section(s) /\Z/ - - section: blockdirective - | nonblockdirective - | plainline - - blockdirective: ifblock - | foreachblock - - plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n*/ - - HASH: '#' - -# HMM - this doesn't handle multiple variables on one line? - linecomp: variable - | <skip:'[ \t]*'> /[^\$\n]*/ - - nonblockdirective: '#' 'include' <commit> includeargs /\n*/ { $item[4] ; } - | '#' 'parse' <commit> parseargs /\n*/ { $item[4] ; } - | '#' 'set' <commit> setargs /\n*/ { $item[4] ; } - | <error:unknown command $text> - - - ifblock: ifdirective section(s) elseclause(?) enddirective - - -# this bubbles up the result of the expression inside the if() -# which is from the 'ifargs' rule - ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/ - - enddirective: <skip:'[ \t]*'> '#' 'end' "\n" - - elseclause: elsedirective section(s) - - elsedirective: '#' 'else' "\n" - - foreachblock: foreachdirective section(s) enddirective - - foreachdirective: '#' 'foreach' foreachargs "\n" - - ifargs: '(' expression ')' - | <error:Argument to if must be an expression: $text> - - foreachargs: '(' variablename 'in' variable ')' - | <error:Arguments to 'foreach' must be of form \$a in \$b: $text> - - includeargs: '(' string ')' - | <error:invalid argument to include: $text> - - parseargs: '(' expression ')' - | <error:invalid argument to parsearges: $text> - - - setargs: <skip:'[ \t]*'> '(' assignment ')' - | <error:Argument to set must be an assignment : $text> - - -# expression evaluation - -# this goes roughly in order of precendence: -# == -# &&, || -# +, - -# * -# ! - -# does not properly distinguish between lvalues and rvalues - - - expression: boolean - | <error> - - - assignment: variablename '=' boolean - - boolean: equality (boolean_operator equality)(?) - - boolean_operator: ( '&&' | '||' ) - - equality: summation (equality_operator summation)(?) - - - equality_operator: ( '==' | '!=' ) - - summation: product (summation_operator summation)(?) - - summation_operator: ( '+' | '-' ) - - -# must parenthesize operator '*' to get it to appear in the $item array - - product: negation ('*' product)(?) - -#XXX need to implement - negation: notoperator(?) factor - - notoperator: "!" - - factor: number - | string - | variable - - - -# These rules deal with variables -# handles $process -# $file.executablename -# $process.getpid() -# $person.getparent().getbrother().slap() -# $fred.getchildren() - -# You'd make a dependency on the 'variable' rule if you want the value -# of the variable. -# You'd make a dependency on the 'variablename' rule if you want the -# name of the variable. -# (There's no real difference here - the expression evaluation is -# in the variable() subroutine) - - variable: variablename { ["variable", $item[1][1] ]; } - - variablename: '$' identifier subfield(s?) - { - my $variableinfo = { - top => $item{identifier}, - fields => $item{'subfield(s?)'} - }; - $return = [ "variablename", \$variableinfo ]; - } - - subfield: '.' identifier arglist(?) - { - my $d; - my $a = $item{"arglist(?)"}; - my $args; - - #::debug "arglist = ".Dumper($a)."\n"; - if ($a) { - - my ($argcount, $al, $alpresent); - - #$args = @{$a}->[2]; - $args = $a->[0][2]; - #::debug "arglist args=".Dumper($args)."\n"; - $alpresent = $args; - $argcount = $#$args; - if ($alpresent && $argcount == -1) { - $args->[0] = [ ]; - } - } - - #::debug "arglist identifier=".$item{identifier}."\n"; - $return = [ "subfield", { - fieldname => $item{identifier}, - arglist => $args->[0], - } ]; - } - - arglist: '(' list(?) ')' - - list: expression (',' list)(s?) - - -# Basic data types -# identifiers, numbers and strings - - identifier: /[A-Za-z0-9_]+/ { $item[1]; } - - number: /\d+/ {$item[1]; } - - #XXX skip is all wrong here... should be in [] - string: <skip:'[ \t]'> '"' <skip:""> /[^"]*/ '"' { $return = ["string",$item[4]]; } - | <skip:'[ \t]'> "'" <skip:""> /[^']*/ "'" { $return = ["string",$item[4]]; } - - -# other literals - whitespace: /\s*/ - - -}; - - -# Get a parser object (transforming the built-in text grammar into RecDescent -# data structure). This object can be reused for parsing multiple velocity files -sub new -{ - #$::debugflag = 0; - my $class = shift; - $docroot = shift; - undef $::RD_HINT; - undef $::RD_WARN; - #$::RD_TRACE = 1; - $parser = new Parse::RecDescent($vmgrammar) or die "Bad Grammar\n"; - $semaphore = new Thread::Semaphore; - $Data::Dumper::Maxdepth = 1;; - my $self = {}; - $self->{parser} = $parser; - # ugly - :-( - $Template::Velocity::parser = $parser; - bless $self, $class; - return $self; -} - - -# Execute a template. Given a text string and a parser object, will return -# a parse tree, useful for feeding into the executor. -sub execute_string -{ - my $self = shift; - my $string = shift; - my $rule = shift; - if (! $rule ) { $rule = "template"; } - #print Dumper($self); - - my $parser = $self->{parser}; - my $parsetree = $parser->$rule($string); - my $executor = new Template::Velocity::Executor($parsetree, $parser ); - - my @value = $executor->run(); - #my @value = Template::Velocity::Executor::execute($parsetree, $parser); - my $value = shift @value; - return $value; -} - -sub execute_file_with_context -{ - - my $self = shift; - my $filename = shift; - my $hash = shift; - - # This perl Velocity implementation uses global variable to - # store values that go to the template. This is not thread - # safe and should be fixed in near future. - # - # For this release, we just a lock to prevent the global - # variable (i.e. symbol) being changed by multiple threads - # at the same time. - - $semaphore->down; - my %c = %$hash; - foreach my $h (keys %c) { - $::symbol{$h} = $c{$h}; - } - - my $rule; - my $tree = $parsetrees{$filename}; - - if (! $tree) { - $rule = "template"; - open my $fh, "<$docroot/$filename" or return undef; - my $string = join "",<$fh>; - close $fh; - $tree = $parser->$rule($string); - $parsetrees{$filename} = $tree; - } - - my $executor = new Template::Velocity::Executor($tree, $parser ); - - my @value = $executor->run(); - my $value = shift @value; - - $semaphore->up; - - return $value; - - -} - -sub execute_file -{ - - my $self = shift; - my $filename = shift; - - my $rule; - my $tree = $parsetrees{$filename}; - - if (! $tree) { - $rule = "template"; - open my $fh, "<$docroot/$filename" or return undef; - my $string = join "",<$fh>; - close $fh; - $tree = $parser->$rule($string); - $parsetrees{$filename} = $tree; - } - - my $executor = new Template::Velocity::Executor($tree, $parser ); - - my @value = $executor->run(); - my $value = shift @value; - return $value; - - -} - - - - - - - - -sub Dumper -{ - return ""; - if ($::debugflag && $::debugdumper) { - return Data::Dumper->Dump([@_]); - } - else {""}; -} - - - - -# This autoaction returns an array of each parse element -# The net result is a parse tree -# I couldn't use <autotree> because I wanted to preserve -# the order of the elements, and <autotree> returns a -# hashtable, not an array - -$::RD_AUTOACTION = q{ - [@item]; -}; - -# debug flags set here - - - - - - -######### EXECUTE FUNCTIONS - - -# These functions deal with executing the velocity parse tree -{ - package Template::Velocity::Executor::Rules; - use Data::Dumper; - - # this imports symbols from these other packages, so - # we don't have to always use the fully-qualified names - *exe_all = \&Template::Velocity::Executor::exe_all; - *exe_optional = \&Template::Velocity::Executor::exe_optional; - *execute = \&Template::Velocity::Executor::execute; - *debug = \&Template::Velocity::Executor::debug; - *indent = \&Template::Velocity::Executor::indent; - *deindent = \&Template::Velocity::Executor::deindent; -#XXX probably should be $, not & - *docroot = \&Template::Velocity::docroot; - - sub Dumper - { - return ""; - if ($::debugflag && $::debugdumper) { return Dumper(@_); } - else {""}; - } - - #template: <skip:'[ \t]*'> section(s) /\Z/ - sub template { - my $f = "template"; - my @item = exe_all(@_); - debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n"); - my $sections = $item[2]; - debug ("sections is a: ".(ref $sections)." - it should be an array\n"); - my $r= ( join "", @{$item[2]}); - return $r; - } - - - #linecomp: variable - # | <skip:'[ \t]*'> /[^\$\n]*/ - sub linecomp { - my $item; - debug ("linecomp: _[2] = '".$_[2]."'\n"); - if ($_[2]) { - debug ("linecomp: inside if\n"); - $item = $_[1].$_[2]; - } else { - debug ("linecomp: inside else{\n"); - ($item) = exe_all($_[1]); - debug ("linecomp: end of else}\n"); - debug ("linecomp: item =\n".Dumper($item)."\n"); - } - debug ("linecomp: returning $item\n"); - return $item; - } - - # plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n+/ - sub plainline { - my @item = exe_all(@_); - debug ("$::level in plainline - linecomps should be an array of text: .".Dumper($item[4])."\n"); - my $r = join "", @{$item[4]}; - debug ("$::level in plainline - joined as: $r\n"); - $r = $item[2] . $r. $item[5]; - debug ("$::level in plainline - returning : $r\n"); - return $r; - } - - sub expression { - debug ("$::level expression = ".Dumper($_[1])."\n"); - my ($item) = exe_all($_[1]); - debug ("$::level expression returning $item\n"); - return $item; - } - - #foreachblock: foreachdirective section(s) enddirective - sub foreachblock { - my $f = "foreachblock"; - debug ("$::level $f started!\n"); - my ($directive) = exe_all($_[1]); - debug ("$::level $f directive = \n".Dumper($directive)."\n"); - my ($variable, $list) = @{$directive}; - my $variablename = $$variable->{top}; - debug ("$::level $f variable = $variablename\n"); - debug ("$::level $f list = \n".Dumper($list)."\n"); - - my $result = ""; - foreach my $q (@{$list}) { - debug ("$::level $f q=$q\n"); - $::symbol{$variablename} = $q; - debug ("$::level $f setting variable $variablename = $q\n"); - - my ($sections) = exe_all($_[2]); - debug ("$::level $f sections was: ".Dumper($sections)."\n"); - $result .= join "",@{$sections}; - } - return $result; - } - - #foreachdirective: '#' 'foreach' foreachargs "\n" - sub foreachdirective { - my ($item) = exe_all($_[3]); - return $item; - } - - #foreachargs: '(' variablename 'in' expression ')' - sub foreachargs { - my $f = "foreachargs"; - my ($variable, $list) = exe_all($_[2], $_[4]); - debug ("$::level $f variable = \n".Dumper($variable)."\n"); - debug ("$::level $f list = \n".Dumper($list)."\n"); - return [$variable, $list]; - } - - # XXX if block should only execute section(s) if if arg is positve) - # likewise for else - #ifblock: ifdirective section(s) elseclause(?) enddirective - sub ifblock { - my $f = "ifblock"; - my @item = exe_all(@_); - debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n"); - my $sections = $item[2]; - my $else = $item[3]; - debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n"); - debug ("$::level item1: if expression = ".$item[1]."\n"); - debug ("$::level $f elseclause is a: ".(ref $else)." - it should be an scalar\n"); - my $r= ( - $item[1]>0 ? # if expression - (join "", @{$item[2]}) : - ($item[3] ? join "",@{$item[3]} : "") - ); - # this is not quite right ... elseclause returns a scalar (it joins the sections) - # so why do I have to join again here? possibly because it's a '?' - return $r; - } - - #elseclause: elsedirective section(s) - sub elseclause { - my $f = "elseclause"; - my ($sections) = exe_all($_[2]); - debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n"); - my $return = join "", @{$sections}; - debug ("$::level $f returning: $return\n"); - return $return; - } - - sub ifargs { - debug ("$::level ifargs [2] = ".Dumper($_[2])."\n"); - my ($item) = exe_all($_[2]); - debug ("$::level item = ".Dumper($item)."\n"); - my $r = $item>0 ? 1 : 0; - debug ("$::level ifargs returning $r\n"); - return $r; - } - - #ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/ - sub ifdirective { - my ($item) = exe_all($_[4]); - my $r = $item>0 ? 1 : 0; - debug ("$::level ifdirective returning $r\n"); - return $r; - } - - #boolean: equality (boolean_operator equality)(?) - sub boolean { - my $f = "boolean"; - my ($equality, $alt) = ( execute($_[1]), $_[2]); - my $r = $equality; - if (scalar @$alt) { - my ($op, $equality2) = exe_optional($alt, 1,2); - - if ($op eq '&&') { - $r = $equality && $equality2; - } - if ($op eq '||') { - $r = $equality || $equality2; - } - } - - return $r; - } - - - #summation: product (summation_operator summation)(?) - sub summation { - #my @item = exe_all(@_); - my $f = "summation"; - my ($product, $alt) = ( execute($_[1]), $_[2]); - debug("$::level $f - product = $product, alternation = $alt\n"); - debug("$::level $f - alternation = \n".Dumper($alt)."\n"); - - if (scalar @$alt) { - if (0) { - debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n"); - debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n"); - my ($operator, $summation) = ( execute($alt->[0][1]), execute($alt->[0][2]),); - } - my ($operator, $summation) = exe_optional($alt, 1,2); - - if ($operator eq '+') { return $product + $summation; - } else { return $product - $summation; } - } else { - return $product; - } - } - - - - #equality: summation (equality_operator summation)(?) - sub equality { - my $f = "equality"; - my ($summation, $alt) = ( execute($_[1]), $_[2] ); - - if (scalar @$alt) { - my ($operator, $summation2) = exe_optional($alt, 1,2); - - # string comparison used, so (0.0) is NOT equal to (0) - if ($operator eq '==') { return ($summation eq $summation2) ? 1:0; } - else { return ($summation eq $summation2) ? 0:1; } - } else { - return $summation; - } - } - - - sub product { - my $f = "product"; - my ($negation, $alt) = ( execute($_[1]), $_[2]); - debug("$::level $f negation = $negation, alternation = $alt\n"); - debug("$::level $f - alternation = ".Dumper($alt)."\n"); - - if (scalar @$alt) { - if (0) { - debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n"); - debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n"); - my ($operator, $product) = ( execute($alt->[0][1]), execute($alt->[0][2]),); - } - my ($operator, $product) = exe_optional($alt,1,2); - return ($negation * $product); - } else { - return $negation; - } - } - - sub factor { - my ($value) = exe_all($_[1]); - return $value; - } - - #negation: notoperator(?) factor - sub negation { - debug ("$::level in negation... input = ".(join ",",@_)."\n"); - #my @item = exe_all(@_); - my ($alt, $value) = ( $_[1], execute($_[2]) ); - debug ("$::level negation: alternation= $alt\n"); - debug ("$::level negation: value = $value\n"); - my $operator = execute($alt->[0][1]); - - my $r; - if ($operator && $operator eq '!') { - if ($value ) { $r = 0; } - else { $r = 1; } - debug ("$::level negation: inverting\n"); - } else { - debug ("$::level negation: not inverting\n"); - $r = $value; - } - debug ("$::level negation: returning $r\n"); - return $r; - } - - #setargs: <skip:'[ \t]*'> '(' assignment ')' - sub setargs { - my $f = "setargs"; - my ($args) = exe_all($_[3]); - debug("$::level $f args = \n".Dumper($args)."\n"); - my ($variable, $value) = @{$args}; - debug("$::level $f variable type =".(ref $variable)."\n"); - debug("$::level $f variable = \n".Dumper($variable)."\n"); - my $symbolname = $$variable->{top}; - debug("$::level $f setting variable '$symbolname' = $value\n"); - $::symbol{$symbolname} = $value; - return ""; - } - - #assignment: variablename '=' boolean - sub assignment { - my $f = "assignment"; - my ($variable, $value) = exe_all($_[1],$_[3]); - debug("$::level $f variable = \n".Dumper($variable)."\n"); - my $r = [ $variable, $value ]; - debug("$::level $f returning: \n".Dumper($r)."\n"); - return $r; - } - - #includeargs: '(' string ')' - sub includeargs { - my $f = "includeargs"; - my ($filename ) = execute($_[2]); - - debug("including file: $filename\n"); - open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n"; - my $file = join "", <$fh>; - close FILE; - - return $file; - } - - sub parseargs { - my $f = "parseargs"; - my ($filename ) = execute($_[2]); - - debug("parsing file: $filename\n"); - - #open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n"; - #my $file = join "", <$fh>; - #close FILE; - - #my $parsetree = $Template::Velocity::parser->template($file); - #my @value = execute($parsetree); - #my $value = shift @value; - - my @value = Template::Velocity::execute_file(undef,$filename); - my $value = shift @value; - - return $value; - } - -# variables - -# variables -# this rule converts a variable name/identifier into its value -# $main.subfield(argument1,argument2).subfield2(arg1,arg2) -# There are two data structures at work here. -# 1. the data structure specifying the variable name to be queried -# this represents $a.b.c(100,9,5,4) -#{ -# 'top' => 'a' -# 'fields' => [ -# { 'fieldname' => 'b', 'arglist' => undef }, -# { 'fieldname' => 'c', 'arglist' => [ '100', 9, 5, '4', ], } -# ], -#} -# 2. Data structure specifying the symbol table - -# return value could be: -# a scalar: either a string/number value or reference to an array of values -# an array - - sub variable { -# look up the root object in the symbol table - my $f = "variable"; - debug("$::level $f: input\n".Dumper(\@_)."\n"); - my $var = $_[1]; - debug("$::level $f var=\n".Dumper($var)."\n"); -# $$var works with # 27: '#set (\$a=1+3)\n\$a\n' -#0 REF(0x8fa0510) -# -> HASH(0x8fa1454) -# 'fields' => ARRAY(0x8fa8c08) -# empty array -# 'top' => 'a' - -# $var works with # 25: '$employee.add(100,4+5,2+3,4,4,5,6)' -#DB<2> x $var -#0 HASH(0x9c7a340) -# 'fields' => ARRAY(0xa06e7d8) -# 0 ARRAY(0xa06e9ac) -# 0 'subfield' -# 1 HASH(0xa06e880) -# 'arglist' => ARRAY(0xa074184) - - my $top = $$var->{top}; # name of the root object - debug("$::level $f top=\n".Dumper($top)."\n"); - my $fields = $$var->{fields}; # array of the subidentifiers - my $val = ""; - - debug("$::level $f - top_id = $top\n"); - debug("$::level $f : var: \n".Dumper($var)."\n"); - debug("$::level $f - fields = \n".Dumper($fields)."\n"); - - - debug("$::level $f : top = ".$top."\n"); - if (! defined $::symbol{$top} ) { -# XXX - debug ("symbol table = ",(join ",",sort keys %::symbol)."\n"); - debug ("undefined variable: $top\n"); - return 0; - } - debug("$::level $f symbol table: \n".Dumper(\%::symbol)."\n"); - $val = $::symbol{$top}; - debug("$::level $f val before: \n".Dumper($val)."\n"); - - debug("$::level $f - fields = \n".Dumper($fields)."\n"); - my $pass = 1; - foreach my $field (@$fields) { - my $args; - - my ($fieldname, $values); - { - debug("$::level $f pass $pass \@_=\n".Dumper(\@_)."\n"); - debug("$::level $f before strip field = \n".Dumper($field)."\n"); -#shift @$fn; # 'subfield' string -#$fn = $fn->[0]; -#$fn = [ (@{$fn}) ]; -#shift @$fn; - debug("$::level $f after strip fn = \n".Dumper($field)."\n"); - - $fieldname = $field->[1]->{fieldname}; - debug("$::level $f processing field: $fieldname\n"); - $args= $field->[1]->{arglist}; - - -# convert the argument list (which could be expressions, other -# variables, etc) into raw values - if ($args) { - debug("$::level $f executing $fieldname with args:\n".Dumper($args)."\n"); - ($values) = execute($args); - debug("$::level $f returned values:\n".Dumper($values)."\n"); - } - } - - debug("$::level $f after execute, \@_=\n".Dumper(\@_)."\n"); - -#call the function - if (ref $val) { - debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n"); - debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n"); - if ($args) { - debug("$::level $f: function call\n"); -#$val = $$val->$fieldname ($args); # method call - my $func = $val->{$fieldname}; # method call - debug("$::level $f: $fieldname func=\n ".Dumper($func)."\n"); - no strict; - $val = &$func($val, @$values); - debug("$::level $f: $fieldname result=$val\n"); - debug("$::level $f: $fieldname result=\n".Dumper($val)."\n"); - - } else { - &::debug("$::level $f: plain field access\n"); - if (ref $val eq "REF") { - $val = $$val->{$fieldname}; # field access - } else { - $val = $val->{$fieldname}; # field access - } - } - debug("$::level $f } inside loop(after val retrieval) val=\n".Dumper($val)."\n"); - } - $pass++; - - } - - return $val; - } - - #$return = [ "variablename", \$variableinfo ]; - sub variablename { - my $f = "variablename"; - debug("$::level $f: input\n".Dumper(\@_)."\n"); - my $var = $_[1]; - return $var; - } - - #arglist: '(' list(?) ')' - sub arglist { - my ($list) = exe_all($_[2]); - debug("$::level list: ".Dumper($list)."\n"); - if ($list) { - my $ll = $list->[0]; - debug("$::level ll \n".Dumper($ll)."\n"); - debug("$::level \$\$list: \n"); - return $ll; - } - return undef; - } - - #list: expression (',' list)(s?) - sub list { - my ($expr, $alt) = ( execute($_[1]), $_[2] ); - - if (scalar @$alt) { - my ($list) = exe_optional($alt, 2); - - debug("$::level list: expr: $expr\n"); - debug("$::level list: list: $list\n:"); - debug("$::level list ".Dumper($list)."\n"); - my $r = [ $expr, (@$list) ]; - return $r; - } - debug("$::level returning simple expression: $expr\n:"); - return [$expr]; - } - - - - sub _default { - debug ("$::level default rule {\n"); - indent(); - debug ("$::level parsing parameters\n"); - my @item = exe_all(@_); - debug ("$::level default rule - last item in array is: ".$item[$#item]."\n"); - my $r = join "",@item[1..$#item]; - debug ("$::level default rule - returning: $r\n"); - deindent(); - debug ("$::level }\n"); - return $r; - - } - - -} - - -package Template::Velocity::Executor; - -use Data::Dumper; - - - -sub new -{ - my $class = shift; - - my $parsetree = shift; - my $parser = shift; - - my $self = {}; - $self->{parser} = $parser; - $self->{parsetree} = $parsetree; - bless $self, $class; - return $self; -} - - -sub run { - my $self = shift; - - return (execute($self->{parsetree})); -} - - - -my $level = " "; - -sub debug { - if ($::debugflag) { - print @_; - } -} - -# This basically all works calling execute($parsetree). -# Execute will look the Parsetree, which is built by a special autoaction -# -# It will call top-down, into functions called 'Executor::XXX', (where XXX is -# the name of the production) -# -# Additional trees, representing child productions, will be passed in -# as arguments to the Executor::XXX function. These arguments be processed -# before the Executor::XXX function can proceed. -# -# If no such function is present, Executor:_default will be run -# -# To process the arguments, use this in the Executor function: -# my @item = exe(@_); -# Which will give you an @item array similar to that in the RD rules, one -# exception being that productions which return arrays are flattened into -# the @item array. (bad idea?) -# - - - -# executes a parsetree (gotten as a result of calling recdescent $parser->rule() -# and returns the string value of the result. - -sub Dumper { - ""; -} - -sub execute { - my $result; - my $tree = shift; # a reference to a tree is passed in - debug "$level execute: {\n"; - indent(); - debug ("$level tree = \n".Dumper($tree)."\n"); - -# there are 3 possible things this tree could be: - -# 1 a scalar .. in which case this rule represents a literal, and the -# the literal is just returned -# -# 2 an array of the form (array, ...) - in which case this is the result of a production -# which returned an array of trees. This happens -# if you specify (s), (?), etc, in a production. -# 3 an array of the form (scalar, ...) - in which case this refers to a subrule -# - -# case 1... - my $type = ref $tree; - if ($type) { - debug "\n$level tree type: ".(ref $tree)." \n"; - } else { - debug "\n$level tree type: scalar \n"; - } - if ($type ne "ARRAY") { - debug "$level returning literal: '$tree'\n"; - deindent(); - debug "$level }\n\n"; - return $tree; - } - - my @result; - -# if this tree is the result of a auto-generated rule (e.g. alternation) -# then tree[0] is not a name.. it is an array. just call the default action with -# the arguments - - my $rule = @{$tree}->[0]; # rule name is first - - if ($rule && ref $rule eq "ARRAY") { # case 2 - debug "$level element[0] is an array (case 2) \n"; - debug "$level contents of input: \n".Dumper(\@{$tree})."\n"; - #@result = exe(@{$rule}); - debug "$level running exe on the array..\n"; - # not sure about this... - @result = (exe_all(@{$tree})); - debug "$level contents of output: \n".Dumper(\@result)."\n"; - #shift @result; # get rid of function name - $result = \@result; - - } else { # case 3 - my @args = @{$tree}; - - debug "$level rule is a function to execute (case 3): '$rule'\n"; - indent(); - my $qr = "Template::Velocity::Executor::Rules::$rule"; - if (defined &$qr) { - no strict ; - $result = (&$qr(@args)); - } else { - debug "$level no function defined for: '$rule' - calling default action\n"; - $result = Template::Velocity::Executor::Rules::_default(@args); - } - } - deindent(); - debug "$level function: $rule returned=\n".Dumper($result)."\n"; - - debug "$level }\n"; - return $result; - - } - -# these hold and set the current indent level. It's only used for nested debug messages -sub indent { - if (!$debugflag) { return; } - $level .= " "; - $Data::Dumper::Pad = $level." "; -} -sub deindent { - if (!$debugflag) { return; } - $level = substr ($level,0,-2); - $Data::Dumper::Pad = $level." "; -} - - -sub exe_optional { - my @r; - my $f = shift; - foreach my $q (@_) { - debug("$level: getting arg# $q\n"); - push @r, execute($f->[0][$q]); - } - return @r; -} - -# exe: for each argument, run the 'execute' function -# - -sub exe_all { - my $d = $Data::Dumper::Maxdepth; - $Data::Dumper::Maxdepth = 9; - debug "\n$level exe_all (".$_[0].") arguments: {\n".Dumper(\@_)." \n"; - my @r; - indent(); - - foreach my $i (@_) { - push @r, execute($i); - } - deindent(); - debug "$level exe_all: returning: \n".Dumper(\@r)."$level}\n\n"; - $Data::Dumper::Maxdepth = $d; - return @r; -} - - - - - -#package PKI::RA::GlobalVar; - -#sub new { my $self = {}; bless $self; return $self; } - - -1; - diff --git a/base/ra/lib/systemd/system/pki-rad.target b/base/ra/lib/systemd/system/pki-rad.target deleted file mode 100644 index e1a4f808e..000000000 --- a/base/ra/lib/systemd/system/pki-rad.target +++ /dev/null @@ -1,6 +0,0 @@ -[Unit] -Description=PKI Registration Authority Server -After=syslog.target network.target - -[Install] -WantedBy=multi-user.target diff --git a/base/ra/lib/systemd/system/pki-rad@.service b/base/ra/lib/systemd/system/pki-rad@.service deleted file mode 100644 index 5432c62b2..000000000 --- a/base/ra/lib/systemd/system/pki-rad@.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=PKI Registration Authority Server %i -After=pki-rad.target -BindTo=pki-rad.target - -[Service] -Type=forking -ExecStart=/usr/bin/pkicontrol start ra %i -ExecStop=/usr/bin/pkicontrol stop ra %i - -[Install] -WantedBy=multi-user.target diff --git a/base/ra/scripts/nss_pcache b/base/ra/scripts/nss_pcache deleted file mode 100755 index c1f6b6c31..000000000 --- a/base/ra/scripts/nss_pcache +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# -# - -# Check to insure that this script's original invocation directory -# has not been deleted! -CWD=`/bin/pwd > /dev/null 2>&1` -if [ $? -ne 0 ] ; then - echo "Cannot invoke '$0' from non-existent directory!" - exit 255 -fi - -OS=`uname -s` - -if [ $OS = "Linux" ]; then - PLATFORM=`arch` - if [ $PLATFORM = "i686" ]; then - # 32-bit Linux - LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH - elif [ $PLATFORM = "x86_64" ]; then - # 64-bit Linux - LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:/usr/lib:$LD_LIBRARY_PATH - fi - export LD_LIBRARY_PATH -elif [ $OS = "SunOS" ]; then - PLATFORM=`uname -p` - if [ "${PLATFORM}" = "sparc" ] && - [ -d "/usr/lib/sparcv9/" ] ; then - PLATFORM="sparcv9" - fi - if [ $PLATFORM = "sparc" ]; then - # 32-bit Solaris - LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH - elif [ $PLATFORM = "sparcv9" ]; then - # 64-bit Solaris - LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH - fi - export LD_LIBRARY_PATH -fi - -FORTITUDE_DIR=/usr/sbin -if [ $OS = "SunOS" ]; then - FORTITUDE_DIR=/opt/fortitude/bin -fi - -$FORTITUDE_DIR/nss_pcache $@ diff --git a/base/ra/scripts/schema.sql b/base/ra/scripts/schema.sql deleted file mode 100644 index 18fd8a39c..000000000 --- a/base/ra/scripts/schema.sql +++ /dev/null @@ -1,33 +0,0 @@ -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# -# -# sql schema -# -CREATE TABLE requests ( type TEXT, ip TEXT, note TEXT, data TEXT, output TEXT, serialno TEXT, subject_dn TEXT, meta_info TEXT, status TEXT, errorString TEXT, processed_by TEXT, assigned_to TEXT, updated_at TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE users ( uid TEXT, name TEXT, password TEXT, email TEXT, certificate TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE groups ( gid TEXT, name TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE roles ( uid TEXT, gid TEXT ) -CREATE TABLE pins ( key TEXT, pin TEXT, rid TEXT, created_at TEXT, created_by TEXT ) -CREATE TABLE certificates ( rid TEXT, csr TEXT, subject_dn TEXT, certificate TEXT, serialno TEXT, approved_by TEXT, created_at TEXT ) -# -# add defaults -# -INSERT INTO groups (gid, name) values ('administrators','Administrators'); -INSERT INTO groups (gid, name) values ('agents','Agents'); diff --git a/base/ra/setup/CMakeLists.txt b/base/ra/setup/CMakeLists.txt deleted file mode 100644 index 0e81ca150..000000000 --- a/base/ra/setup/CMakeLists.txt +++ /dev/null @@ -1,7 +0,0 @@ -install( - FILES - pkidaemon_registry - registry_instance - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/setup -) diff --git a/base/ra/setup/pkidaemon_registry b/base/ra/setup/pkidaemon_registry deleted file mode 100644 index d0377ebbf..000000000 --- a/base/ra/setup/pkidaemon_registry +++ /dev/null @@ -1,119 +0,0 @@ -# Establish PKI Variable "Slot" Substitutions - -PKI_WEB_SERVER_TYPE=[PKI_WEB_SERVER_TYPE] -export PKI_WEB_SERVER_TYPE - -PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE] -export PKI_SUBSYSTEM_TYPE - -PKI_USER=[PKI_USER] -export PKI_USER - -PKI_GROUP=[PKI_GROUP] -export PKI_GROUP - -PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] -export PKI_INSTANCE_NAME - -PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] -export PKI_INSTANCE_PATH - -PKI_INSTANCE_INITSCRIPT=[PKI_INSTANCE_INITSCRIPT] -export PKI_INSTANCE_INITSCRIPT - -PKI_HTTPD_CONF=[HTTPD_CONF] -export PKI_HTTPD_CONF - -PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] -export PKI_INSTANCE_PATH - -PKI_SYSTEM_USER_LIBRARIES=[SYSTEM_USER_LIBRARIES] -export PKI_SYSTEM_USER_LIBRARIES - -PKI_FORTITUDE_DIR=[FORTITUDE_DIR] -export PKI_FORTITUDE_DIR - -PKI_NSS_CONF=[NSS_CONF] -export PKI_NSS_CONF - -PKI_HOSTNAME=[PKI_HOSTNAME] -export PKI_HOSTNAME - -PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_NAME}.pid" -export PKI_LOCK_FILE - -PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_NAME}.pid" -export PKI_PID_FILE - -PKI_SELINUX_TYPE="pki_ra_t" -export PKI_SELINUX_TYPE - -pki_instance_configuration_file=${PKI_INSTANCE_PATH}/conf/CS.cfg -export pki_instance_configuration_file - -RESTART_SERVER=${PKI_INSTANCE_PATH}/conf/restart_server_after_configuration -export RESTART_SERVER - -######################################################################## -# This section contains modified content of "/etc/sysconfig/httpd" # -######################################################################## -# Configuration file for the ${PKI_INSTANCE_NAME} service. - -# -# The default processing model (MPM) is the process-based -# 'prefork' model. A thread-based model, 'worker', is also -# available, but does not work with some modules (such as PHP). -# The service must be stopped before changing this variable. -# -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd -export PKI_HTTPD - -# -# To pass additional options (for instance, -D definitions) to the -# httpd binary at startup, set PKI_OPTIONS here. -# -PKI_OPTIONS="-f ${PKI_HTTPD_CONF}" -export PKI_OPTIONS - -# -# By default, the httpd process is started in the C locale; to -# change the locale in which the server runs, the PKI_HTTPD_LANG -# variable can be set. -# -PKI_HTTPD_LANG=C -export PKI_HTTPD_LANG -######################################################################## -# # -######################################################################## - -# This will prevent initlog from swallowing up a pass-phrase prompt if -# mod_ssl needs a pass-phrase from the user. -PKI_INITLOG_ARGS="" -export PKI_INITLOG_ARGS - -# Set PKI_HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server -# with the thread-based "worker" MPM; BE WARNED that some modules may not -# work correctly with a thread-based MPM; notably PHP will refuse to start. - -# Path to the server binary and short-form for messages. -httpd=${PKI_HTTPD} -export httpd - -pki_logs_directory=${PKI_INSTANCE_PATH}/logs -export pki_logs_directory - -# see if httpd is linked with the openldap libraries - we need to override -# their use of OpenSSL -if [ ${OS} = "Linux" ]; then - hasopenldap=0 - - /usr/bin/ldd ${httpd} 2>&1 | grep libldap- > /dev/null 2>&1 && hasopenldap=1 - - if [ ${hasopenldap} -eq 1 ] ; then - LD_PRELOAD="${PKI_SYSTEM_USER_LIBRARIES}/libssl3.so:${LD_PRELOAD}" - export LD_PRELOAD - fi -elif [ ${OS} = "SunOS" ]; then - LD_PRELOAD_64="${PKI_SYSTEM_USER_LIBRARIES}/dirsec/libssl3.so:${LD_PRELOAD_64}" - export LD_PRELOAD_64 -fi diff --git a/base/ra/setup/registry_instance b/base/ra/setup/registry_instance deleted file mode 100644 index b84fea379..000000000 --- a/base/ra/setup/registry_instance +++ /dev/null @@ -1,116 +0,0 @@ -# Establish PKI Variable "Slot" Substitutions - -PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE] -export PKI_SUBSYSTEM_TYPE - -PKI_USER=[PKI_USER] -export PKI_USER - -PKI_GROUP=[PKI_GROUP] -export PKI_GROUP - -PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] -export PKI_INSTANCE_NAME - -PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] -export PKI_INSTANCE_PATH - -PKI_INSTANCE_INITSCRIPT=[PKI_INSTANCE_INITSCRIPT] -export PKI_INSTANCE_INITSCRIPT - -PKI_HTTPD_CONF=[HTTPD_CONF] -export PKI_HTTPD_CONF - -PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] -export PKI_INSTANCE_PATH - -PKI_SYSTEM_USER_LIBRARIES=[SYSTEM_USER_LIBRARIES] -export PKI_SYSTEM_USER_LIBRARIES - -PKI_FORTITUDE_DIR=[FORTITUDE_DIR] -export PKI_FORTITUDE_DIR - -PKI_NSS_CONF=[NSS_CONF] -export PKI_NSS_CONF - -PKI_HOSTNAME=[PKI_HOSTNAME] -export PKI_HOSTNAME - -PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_NAME}.pid" -export PKI_LOCK_FILE - -PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_NAME}.pid" -export PKI_PID_FILE - -PKI_SELINUX_TYPE="pki_ra_t" -export PKI_SELINUX_TYPE - -pki_instance_configuration_file=${PKI_INSTANCE_PATH}/conf/CS.cfg -export pki_instance_configuration_file - -RESTART_SERVER=${PKI_INSTANCE_PATH}/conf/restart_server_after_configuration -export RESTART_SERVER - -######################################################################## -# This section contains modified content of "/etc/sysconfig/httpd" # -######################################################################## -# Configuration file for the ${PKI_INSTANCE_NAME} service. - -# -# The default processing model (MPM) is the process-based -# 'prefork' model. A thread-based model, 'worker', is also -# available, but does not work with some modules (such as PHP). -# The service must be stopped before changing this variable. -# -PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd -export PKI_HTTPD - -# -# To pass additional options (for instance, -D definitions) to the -# httpd binary at startup, set PKI_OPTIONS here. -# -PKI_OPTIONS="-f ${PKI_HTTPD_CONF}" -export PKI_OPTIONS - -# -# By default, the httpd process is started in the C locale; to -# change the locale in which the server runs, the PKI_HTTPD_LANG -# variable can be set. -# -PKI_HTTPD_LANG=C -export PKI_HTTPD_LANG -######################################################################## -# # -######################################################################## - -# This will prevent initlog from swallowing up a pass-phrase prompt if -# mod_ssl needs a pass-phrase from the user. -PKI_INITLOG_ARGS="" -export PKI_INITLOG_ARGS - -# Set PKI_HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server -# with the thread-based "worker" MPM; BE WARNED that some modules may not -# work correctly with a thread-based MPM; notably PHP will refuse to start. - -# Path to the server binary and short-form for messages. -httpd=${PKI_HTTPD} -export httpd - -pki_logs_directory=${PKI_INSTANCE_PATH}/logs -export pki_logs_directory - -# see if httpd is linked with the openldap libraries - we need to override -# their use of OpenSSL -if [ ${OS} = "Linux" ]; then - hasopenldap=0 - - /usr/bin/ldd ${httpd} 2>&1 | grep libldap- > /dev/null 2>&1 && hasopenldap=1 - - if [ ${hasopenldap} -eq 1 ] ; then - LD_PRELOAD="${PKI_SYSTEM_USER_LIBRARIES}/libssl3.so:${LD_PRELOAD}" - export LD_PRELOAD - fi -elif [ ${OS} = "SunOS" ]; then - LD_PRELOAD_64="${PKI_SYSTEM_USER_LIBRARIES}/dirsec/libssl3.so:${LD_PRELOAD_64}" - export LD_PRELOAD_64 -fi diff --git a/base/setup/CMakeLists.txt b/base/setup/CMakeLists.txt index 05f18332d..29244c67a 100644 --- a/base/setup/CMakeLists.txt +++ b/base/setup/CMakeLists.txt @@ -2,10 +2,7 @@ project(setup) install( FILES - pkicreate - pkiremove pki-setup-proxy - scripts/pkicontrol DESTINATION ${BIN_INSTALL_DIR} PERMISSIONS @@ -17,8 +14,6 @@ install( install( FILES pkicommon.pm - scripts/functions - scripts/pki_apache_initscript DESTINATION ${DATA_INSTALL_DIR}/scripts/ PERMISSIONS diff --git a/base/setup/pkicreate b/base/setup/pkicreate deleted file mode 100755 index 097b881a6..000000000 --- a/base/setup/pkicreate +++ /dev/null @@ -1,3334 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007-2010 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# - -use strict; -use warnings; - -use File::Slurp qw(read_file write_file); -use Getopt::Long qw(GetOptions); - -############################################################## -# This script is used to create a new instance of a -# subsystem within a PKI installation. -# -# Sample Invocation (for CA): -# -# ./pkicreate -pki_instance_root=/var/lib -# -pki_instance_name=pki-ca -# -subsystem_type=ca -# -agent_secure_port=9443 -# -ee_secure_port=9444 -# -ee_secure_client_auth_port=9446 -# -admin_secure_port=9445 -# -unsecure_port=9180 -# -tomcat_server_port=9701 -# -user=pkiuser -# -group=pkiuser -# -redirect conf=/etc/pki-ca -# -redirect logs=/var/log/pki-ca -# -verbose -# -############################################################## - - -############################################################## -# Execution Check -############################################################## - -# Disallow 'others' the ability to 'write' to new files -umask 00002; - -# Check to insure that this script's original -# invocation directory has not been deleted! -my $cwd = `/bin/pwd`; -chomp $cwd; -if (!$cwd) { - emit("Cannot invoke '$0' from non-existent directory!\n", "error"); - exit 255; -} - - -############################################################## -# Environment Variables -############################################################## - -# option to not run this script. -if (defined($ENV{'DONT_RUN_PKICREATE'})) { - if ($ENV{'DONT_RUN_PKICREATE'} == 1) { - emit("Env. variable DONT_RUN_PKICREATE is set. Exiting.\n", "error"); - exit 0; - } -} - -# untaint called subroutines -if (($^O ne 'Windows_NT') && ($^O ne 'MSWin32')) { - $> = $<; # set effective user ID to real UID - $) = $(; # set effective group ID to real GID - $ENV{'PATH'} = '/bin:/usr/bin'; - $ENV{'ENV'} = '' if !defined($ENV{'ENV'}); -} - - -############################################################## -# Command-Line Variables -############################################################## - -my $ARGS = ($#ARGV + 1); - - -############################################################## -# Shared Common Perl Data and Subroutines -############################################################## - -use lib "/usr/share/pki/scripts"; -use pkicommon; - -# Establish path to scripts -my $pki_subsystem_common_area = "/usr/share/pki"; - -# make -w happy by suppressing warnings of Global variables used only once -my $suppress = ""; -$suppress = $hostname; -$suppress = $obj_ext; -$suppress = $tmp_dir; -$suppress = $default_security_libraries; -$suppress = $default_system_libraries; -$suppress = $lib_prefix; -$suppress = $PKI_USER; -$suppress = $PKI_GROUP; -$suppress = $install_info_basename; - -############################################################## -# Local Constants -############################################################## - -# Base subsystem directory names -my $applets_base_subsystem_dir = "applets"; # TPS -my $cgibin_base_subsystem_dir = "cgi-bin"; # TPS (Apache) -my $conf_base_subsystem_dir = "conf"; # CA, KRA, OCSP, TKS, RA, TPS -my $docroot_base_subsystem_dir = "docroot"; # RA, TPS (Apache) -my $emails_base_subsystem_dir = "emails"; # CA -my $lib_base_subsystem_dir = "lib"; # RA, TPS -my $profiles_base_subsystem_dir = "profiles"; # CA, KRA, OCSP, TKS -my $samples_base_subsystem_dir = "samples"; # TPS -my $scripts_base_subsystem_dir = "scripts"; # RA, TPS -my $webapps_base_subsystem_dir = "webapps"; # CA, KRA, OCSP, TKS - -# Base instance directory names -my $alias_base_instance_dir = "alias"; # CA, KRA, OCSP, TKS, RA, TPS -my $bin_base_instance_dir = "bin"; # TPS -my $cgibin_base_instance_dir = "cgi-bin"; # TPS (Apache) -my $conf_base_instance_dir = "conf"; # CA, KRA, OCSP, TKS, RA, TPS -my $docroot_base_instance_dir = "docroot"; # RA, TPS (Apache) -my $emails_base_instance_dir = "emails"; # CA -my $lib_base_instance_dir = "lib"; # RA, TPS -my $logs_base_instance_dir = "logs"; # CA, KRA, OCSP, TKS, RA, TPS -my $profiles_base_instance_dir = "profiles"; # CA, KRA, OCSP, TKS -my $scripts_base_instance_dir = "scripts"; # RA, TPS -my $tomcat_instance_common_lib_dir = "common/lib"; # CA, KRA, OCSP, TKS (Tomcat) -my $shared_base_instance_dir = "shared"; # CA, KRA, OCSP, TKS (Tomcat) -my $temp_base_instance_dir = "temp"; # CA, KRA, OCSP, TKS (Tomcat) -my $webapps_base_instance_dir = "webapps"; # CA, KRA, OCSP, TKS -my $work_base_instance_dir = "work"; # CA, KRA, OCSP, TKS (Tomcat) - -# Base instance symbolic link names -my $common_base_instance_symlink = "common"; # CA, KRA, OCSP, TKS -my $conf_base_instance_symlink = "conf"; # CA, KRA, OCSP, TKS, RA, TPS -my $logs_base_instance_symlink = "logs"; # CA, KRA, OCSP, TKS, RA, TPS -my $run_base_instance_symlink = "run"; # RA, TPS - -# Base names -my $cgi_home_base_name = "home/index.cgi"; # TPS -my $cgi_demo_base_name = "demo/index.cgi"; # TPS -my $cgi_so_base_name = "so/index.cgi"; # TPS -my $cgi_so_enroll_name = "so/enroll.cgi"; # TPS -my $cgi_sow_dir_name = "sow"; # TPS -my $cgi_sow_cfg_pl_name = "sow/cfg.pl"; # TPS -my $addAgents_ldif_base_name = "addAgents.ldif"; # TPS -my $addIndexes_ldif_base_name = "addIndexes.ldif"; # TPS -my $addTokens_ldif_base_name = "addTokens.ldif"; # TPS -my $addVLVIndexes_ldif_base_name = "addVLVIndexes.ldif"; # TPS -my $nss_pcache_base_name = "nss_pcache"; # RA, TPS -my $pki_subsystem_jar_base_name = undef; # CA, KRA, OCSP, TKS - -my $pki_certsrv_jar_base_name = "pki-certsrv.jar"; # CA, KRA, OCSP, TKS -my $pki_cms_jar_base_name = "pki-cms.jar"; # CA, KRA, OCSP, TKS -my $pki_cmsbundle_jar_base_name = "pki-cmsbundle.jar"; # CA, KRA, OCSP, TKS -my $pki_cmscore_jar_base_name = "pki-cmscore.jar"; # CA, KRA, OCSP, TKS -my $pki_cmsutil_jar_base_name = "pki-cmsutil.jar"; # CA, KRA, OCSP, TKS -my $commons_collections_jar_base_name = undef; # CA, KRA, OCSP, TKS -my $commons_lang_jar_base_name = undef; # CA, KRA, OCSP, TKS -my $commons_logging_jar_base_name = undef; # CA, KRA, OCSP, TKS -my $jss_jar_base_name = "jss4.jar"; # CA, KRA, OCSP, TKS -my $ldapjdk_jar_base_name = "ldapjdk.jar"; # CA, KRA, OCSP, TKS -my $pki_nsutil_jar_base_name = "pki-nsutil.jar"; # CA, KRA, OCSP, TKS -my $commons_codec_jar_base_name = "commons-codec.jar"; # CA, KRA, OCSP, TKS -my $symkey_jar_base_name = "symkey.jar"; # CA, KRA, OCSP, TKS -my $tomcatjss_jar_base_name = "tomcatjss.jar"; # CA, KRA, OCSP, TKS -my $velocity_jar_base_name = "velocity.jar"; # CA, KRA, OCSP, TKS -my $xerces_jar_base_name = "xerces-j2.jar"; # CA, KRA, OCSP, TKS - -# resteasy jars -my $javassist_jar_base_name = "javassist.jar"; # CA, KRA, OCSP, TKS -my $jaxrs_api_jar_base_name = "jaxrs-api.jar"; # CA, KRA, OCSP, TKS -my $resteasy_jaxb_provider_jar_base_name = "resteasy-jaxb-provider.jar"; # CA, KRA, OCSP, TKS -my $resteasy_jaxrs_jar_base_name = "resteasy-jaxrs.jar"; # CA, KRA, OCSP, TKS -my $scannotation_jar_base_name = "scannotation.jar"; # CA, KRA, OCSP, TKS -my $jettison_jar_base_name = "jettison.jar"; # CA, KRA, OCSP, TKS -my $resteasy_atom_provider_jar_base_name = "resteasy-atom-provider.jar"; # CA, KRA, OCSP, TKS -my $resteasy_jettison_provider_jar_base_name = "resteasy-jettison-provider.jar"; # CA, KRA, OCSP, TKS - -my $apache_commons_collections_jar_base_name = "apache-commons-collections.jar"; -my $jakarta_commons_collections_jar_base_name = "jakarta-commons-collections.jar"; -my $apache_commons_logging_jar_base_name = "apache-commons-logging.jar"; -my $jakarta_commons_logging_jar_base_name = "jakarta-commons-logging.jar"; -my $apache_commons_lang_jar_base_name = "apache-commons-lang.jar"; -my $jakarta_commons_lang_jar_base_name = "jakarta-commons-lang.jar"; -my $xml_commons_apis_jar_base_name = "xml-commons-apis.jar"; -my $xml_commons_resolver_jar_base_name = "xml-commons-resolver.jar"; -my $httpclient_jar_base_name = "httpclient.jar"; - -my $conf_base_name = "conf"; # CA, KRA, OCSP, TKS, -my $catalina_properties_base_name = "catalina.properties"; # CA, KRA, OCSP, TKS - -my $httpd_conf_base_name = "httpd.conf"; # RA, TPS -my $index_jsp_base_name = "index.jsp"; # CA, KRA, OCSP, TKS - # RA, TPS -my $magic_base_name = "magic"; # RA, TPS -my $mime_types_base_name = "mime.types"; # RA, TPS -my $noise_base_name = "noise"; # CA, KRA, OCSP, TKS, - # RA, TPS -my $nss_conf_base_name = "nss.conf"; # RA, TPS -my $perl_conf_base_name = "perl.conf"; # RA, TPS -my $password_conf_base_name = "password.conf"; # CA, KRA, OCSP, TKS, - # RA, TPS -my $pfile_base_name = "pfile"; # CA, KRA, OCSP, TKS, - # RA, TPS -my $pwcache_conf_base_name = "pwcache.conf"; # RA, TPS -my $pki_cfg_base_name = "CS.cfg"; # CA, KRA, OCSP, TKS, - # RA, TPS -my $schemaMods_ldif_base_name = "schemaMods.ldif"; # RA, TPS -my $server_xml_base_name = "server.xml"; # CA, KRA, OCSP, TKS -my $servercertnick_conf_base_name = "serverCertNick.conf"; # CA, KRA, OCSP, TKS -my $tomcat6_conf_base_name = "tomcat6.conf"; # CA, KRA, OCSP, TKS -my $velocity_prop_base_name = "velocity.properties"; # CA, KRA, OCSP, TKS -my $web_xml_base_name = "web.xml"; # CA, KRA, OCSP, TKS -my $profile_select_base_name = "ProfileSelect.template"; # CA -my $proxy_conf_base_name = "proxy.conf"; # CA - -my $registry_template_base_name = "registry_instance"; # CA, KRA, OCSP, TKS, RA, TPS -my $pki_apache_initscript_base_name = "pki_apache_initscript"; # RA, TPS - -# Subdirectory names -my $perl_base_instance_symlink = "perl"; # RA, TPS -my $perl_base_subsystem_dir = "perl"; # RA, TPS -my $signed_audit_base_instance_dir = "signedAudit"; # CA, KRA, OCSP, TKS, TPS -my $webapps_root_base_instance_dir = "ROOT"; # CA, KRA, OCSP, TKS -my $webapps_root_base_subsystem_dir = "ROOT"; # CA, KRA, OCSP, TKS -my $webinf_base_instance_dir = "WEB-INF"; # CA, KRA, OCSP, TKS - -# Defaults -my $default_apache_pids_path = "/var/run/pki"; -my $default_tomcat_pids_path = "/var/run"; -my $default_tomcat_lib_path = "/usr/share/tomcat6/lib"; -my $default_security_token = "internal"; -my $default_nfast_group = "nfast"; - -# Default PKI user and group to give to PKI installed files -my $pki_user = $PKI_USER; -my $pki_group = $PKI_GROUP; - -# PKI creation constants -my $db_password_low = 100000000000; -my $db_password_high = 999999999999; - -# Template slot constants (RA, TPS) -my $HTTPD_CONF = "HTTPD_CONF"; -my $LIB_PREFIX = "LIB_PREFIX"; -my $NSS_CONF = "NSS_CONF"; -my $OBJ_EXT = "OBJ_EXT"; -my $PROCESS_ID = "PROCESS_ID"; -my $NON_CLIENTAUTH_SECURE_PORT = "NON_CLIENTAUTH_SECURE_PORT"; -my $SECURITY_LIBRARIES = "SECURITY_LIBRARIES"; -my $SYSTEM_LIBRARIES = "SYSTEM_LIBRARIES"; -my $SYSTEM_USER_LIBRARIES = "SYSTEM_USER_LIBRARIES"; -my $TMP_DIR = "TMP_DIR"; -my $TPS_DIR = "TPS_DIR"; -my $FORTITUDE_APACHE = "FORTITUDE_APACHE"; -my $FORTITUDE_DIR = "FORTITUDE_DIR"; -my $FORTITUDE_MODULE = "FORTITUDE_MODULE"; -my $FORTITUDE_LIB_DIR = "FORTITUDE_LIB_DIR"; -my $FORTITUDE_AUTH_MODULES = "FORTITUDE_AUTH_MODULES"; -my $FORTITUDE_NSS_MODULES = "FORTITUDE_NSS_MODULES"; -my $REQUIRE_CFG_PL = "REQUIRE_CFG_PL"; -my $PKI_PIDDIR = "PKI_PIDDIR"; -my $PKI_LOCKDIR = "PKI_LOCKDIR"; - -# Template slot constants (CA, KRA, OCSP, TKS, RA, TPS) -my $PKI_INSTANCE_NAME_SLOT = "PKI_INSTANCE_NAME"; -my $PKI_REGISTRY_FILE_SLOT = "PKI_REGISTRY_FILE"; -my $PKI_SECURE_PORT_SLOT = "PKI_SECURE_PORT"; -my $PKI_UNSECURE_PORT_SLOT = "PKI_UNSECURE_PORT"; -my $PKI_INSTANCE_PATH_SLOT = "PKI_INSTANCE_PATH"; -my $PKI_HOSTNAME_SLOT = "PKI_HOSTNAME"; - -# Template slot constants (CA, KRA, OCSP, TKS) -my $INSTALL_TIME = "INSTALL_TIME"; -my $PKI_AGENT_CLIENTAUTH_SLOT = "PKI_AGENT_CLIENTAUTH"; -my $PKI_CERT_DB_PASSWORD_SLOT = "PKI_CERT_DB_PASSWORD"; -my $PKI_CFG_PATH_NAME_SLOT = "PKI_CFG_PATH_NAME"; -my $PKI_GROUP_SLOT = "PKI_GROUP"; -my $PKI_INSTANCE_ROOT_SLOT = "PKI_INSTANCE_ROOT"; -my $PKI_RANDOM_NUMBER_SLOT = "PKI_RANDOM_NUMBER"; -my $PKI_EE_SECURE_PORT_SLOT = "PKI_EE_SECURE_PORT"; -my $PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT = "PKI_EE_SECURE_CLIENT_AUTH_PORT"; -my $PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT = "PKI_EE_SECURE_CLIENT_AUTH_PORT_UI"; -my $PKI_AGENT_SECURE_PORT_SLOT = "PKI_AGENT_SECURE_PORT"; -my $PKI_ADMIN_SECURE_PORT_SLOT = "PKI_ADMIN_SECURE_PORT"; -my $PKI_SERVER_XML_CONF = "PKI_SERVER_XML_CONF"; -my $PKI_SUBSYSTEM_TYPE_SLOT = "PKI_SUBSYSTEM_TYPE"; -my $PKI_USER_SLOT = "PKI_USER"; -my $TOMCAT_SERVER_PORT_SLOT = "TOMCAT_SERVER_PORT"; -my $TOMCAT_PIDFILE = "TOMCAT_PIDFILE"; -my $TOMCAT_CFG = "TOMCAT_CFG"; -my $TOMCAT_SSL_OPTIONS = "TOMCAT_SSL_OPTIONS"; -my $TOMCAT_SSL2_CIPHERS = "TOMCAT_SSL2_CIPHERS"; -my $TOMCAT_SSL3_CIPHERS = "TOMCAT_SSL3_CIPHERS"; -my $TOMCAT_TLS_CIPHERS = "TOMCAT_TLS_CIPHERS"; -my $TOMCAT_INSTANCE_COMMON_LIB = "TOMCAT_INSTANCE_COMMON_LIB"; -my $TOMCAT_LOG_DIR = "TOMCAT_LOG_DIR"; -my $PKI_INSTANCE_INITSCRIPT = "PKI_INSTANCE_INITSCRIPT"; -my $PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT = "PKI_UNSECURE_PORT_CONNECTOR_NAME"; -my $PKI_SECURE_PORT_CONNECTOR_NAME_SLOT = "PKI_SECURE_PORT_CONNECTOR_NAME"; -my $PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT = "PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME"; -my $PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT = "PKI_EE_SECURE_PORT_CONNECTOR_NAME"; -my $PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT = "PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME"; -my $PKI_UNSECURE_PORT_COMMENT_SERVER_SLOT = "PKI_UNSECURE_PORT_SERVER_COMMENT"; -my $PKI_SECURE_PORT_COMMENT_SERVER_SLOT = "PKI_SECURE_PORT_SERVER_COMMENT"; -my $PKI_ADMIN_SECURE_PORT_COMMENT_SERVER_SLOT = "PKI_ADMIN_SECURE_PORT_SERVER_COMMENT"; -my $PKI_EE_SECURE_PORT_COMMENT_SERVER_SLOT = "PKI_EE_SECURE_PORT_SERVER_COMMENT"; -my $PKI_EE_SECURE_CLIENT_AUTH_PORT_COMMENT_SERVER_SLOT = "PKI_EE_SECURE_CLIENT_AUTH_PORT_SERVER_COMMENT"; -my $PKI_OPEN_SEPARATE_PORTS_COMMENT_SERVER_SLOT = "PKI_OPEN_SEPARATE_PORTS_SERVER_COMMENT"; -my $PKI_CLOSE_SEPARATE_PORTS_COMMENT_SERVER_SLOT = "PKI_CLOSE_SEPARATE_PORTS_SERVER_COMMENT"; -my $PKI_OPEN_SEPARATE_PORTS_COMMENT_WEB_SLOT = "PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT"; -my $PKI_CLOSE_SEPARATE_PORTS_COMMENT_WEB_SLOT = "PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT"; -my $PKI_OPEN_AJP_PORT_COMMENT_SLOT = "PKI_OPEN_AJP_PORT_COMMENT"; -my $PKI_CLOSE_AJP_PORT_COMMENT_SLOT = "PKI_CLOSE_AJP_PORT_COMMENT"; -my $PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT = "PKI_OPEN_ENABLE_PROXY_COMMENT"; -my $PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT = "PKI_CLOSE_ENABLE_PROXY_COMMENT"; -my $PKI_AJP_REDIRECT_PORT_SLOT = "PKI_AJP_REDIRECT_PORT"; -my $PKI_AJP_PORT_SLOT = "PKI_AJP_PORT"; -my $PROXY_SECURE_PORT_SLOT = "PKI_PROXY_SECURE_PORT"; -my $PROXY_UNSECURE_PORT_SLOT = "PKI_PROXY_UNSECURE_PORT"; -my $PKI_SYSTEMD_SERVICENAME_SLOT = "PKI_SYSTEMD_SERVICENAME"; -my $PKI_UNSECURE_PORT_NAME = "Unsecure"; -my $PKI_AGENT_SECURE_PORT_NAME = "Agent"; -my $PKI_ADMIN_SECURE_PORT_NAME = "Admin"; -my $PKI_EE_SECURE_PORT_NAME = "EE"; -my $PKI_EE_SECURE_CLIENT_AUTH_PORT_NAME = "EEClientAuth"; -my $PKI_SECURE_PORT_NAME = "Secure"; -my $PKI_UNUSED_SECURE_PORT_NAME = "Unused"; -my $PKI_UNSECURE_SEPARATE_PORTS_COMMENT = "<!-- Port Separation: Unsecure Port Connector -->"; -my $PKI_AGENT_SECURE_SEPARATE_PORTS_COMMENT = "<!-- Port Separation: Agent Secure Port Connector -->"; -my $PKI_ADMIN_SECURE_SEPARATE_PORTS_COMMENT = "<!-- Port Separation: Admin Secure Port Connector -->"; -my $PKI_EE_SECURE_SEPARATE_PORTS_COMMENT = "<!-- Port Separation: EE Secure Port Connector -->"; -my $PKI_EE_SECURE_CLIENT_AUTH_SEPARATE_PORTS_COMMENT = "<!-- Port Separation: EE Secure Client Auth Port Connector -->"; -my $PKI_UNSECURE_SHARED_PORTS_COMMENT = "<!-- Shared Ports: Unsecure Port Connector -->"; -my $PKI_SECURE_SHARED_PORTS_COMMENT = "<!-- Shared Ports: Agent, EE, and Admin Secure Port Connector -->"; -my $PKI_OPEN_COMMENT = "<!--"; -my $PKI_CLOSE_COMMENT = "-->"; -my $PKI_WEBAPPS_NAME = "PKI_WEBAPPS_NAME"; - -#proxy defaults -my $PROXY_SECURE_PORT_DEFAULT = "443"; -my $PROXY_UNSECURE_PORT_DEFAULT = "80"; -my $AJP_PORT_DEFAULT = "9447"; - -############################################################## -# Local Data Structures -############################################################## - -# Useful pki references -my %redirects = (); -my %supported_sec_modules_hash = (); - -############################################################## -# Local Variables -############################################################## - -# Command-line variables (mandatory) -my $pki_instance_root = undef; -my $pki_instance_name = undef; -my $subsystem_type = undef; -my $secure_port = -1; -my $non_clientauth_secure_port = -1; -my $unsecure_port = -1; -my $tomcat_server_port = -1; - -# Command-line variables (optional) -my $agent_secure_port = -1; -my $ee_secure_port = -1; -my $ee_secure_client_auth_port = -1; -my $admin_secure_port = -1; -my $proxy_secure_port = -1; -my $proxy_unsecure_port = -1; -my $ajp_port = -1; -my $enable_proxy = undef; -my $username = undef; -my $groupname = undef; -my $redirected_conf_path = undef; -my $redirected_logs_path = undef; - -# Base subsystem directory paths -my $pki_subsystem_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $applets_subsystem_path = undef; # TPS -my $bin_subsystem_path = undef; # TPS -my $cgibin_subsystem_path = undef; # TPS (Apache) -my $conf_subsystem_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $docroot_subsystem_path = undef; # RA, TPS (Apache) -my $emails_subsystem_path = undef; # CA -my $lib_subsystem_path = undef; # RA, TPS -my $profiles_subsystem_path = undef; # CA, KRA, OCSP, TKS -my $samples_subsystem_path = undef; # TPS -my $scripts_subsystem_path = undef; # RA, TPS -my $webapps_subsystem_path = undef; # CA, KRA, OCSP, TKS -my $common_ui_subsystem_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $ui_subsystem_path = undef; # CA, KRA, OCSP, TKS, RA, TPS - -# Base instance directory paths -my $pki_instance_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $alias_instance_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $bin_instance_path = undef; # TPS -my $cgibin_instance_path = undef; # TPS (Apache) -my $conf_instance_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $docroot_instance_path = undef; # RA, TPS (Apache) -my $emails_instance_path = undef; # CA -my $lib_instance_path = undef; # RA, TPS -my $logs_instance_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $profiles_instance_path = undef; # CA, KRA, OCSP, TKS -my $scripts_instance_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $tomcat_instance_common_lib_path = undef; # CA, KRA, OCSP, TKS (Tomcat) -my $shared_instance_path = undef; # CA, KRA, OCSP, TKS (Tomcat) -my $temp_instance_path = undef; # CA, KRA, OCSP, TKS (Tomcat) -my $webapps_instance_path = undef; # CA, KRA, OCSP, TKS -my $webapps_subsystem_instance_path = undef; # CA, KRA, OCSP, TKS -my $work_instance_path = undef; # CA, KRA, OCSP, TKS (Tomcat) -my $pki_piddir_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $pki_lockdir_path = undef; # RA, TPS - -# Base instance symbolic link paths -my $conf_instance_symlink_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $logs_instance_symlink_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $run_instance_symlink_path = undef; # RA, TPS - -# Subdirectory paths -my $cgi_home_instance_file_path = undef; # TPS -my $cgi_home_subsystem_file_path = undef; # TPS -my $cgi_demo_instance_file_path = undef; # TPS -my $cgi_demo_subsystem_file_path = undef; # TPS -my $cgi_so_instance_file_path = undef; # TPS -my $cgi_so_subsystem_file_path = undef; # TPS -my $cgi_so_instance_enroll_file_path = undef; # TPS -my $cgi_so_subsystem_enroll_file_path = undef; # TPS -my $cgi_sow_instance_file_path = undef; # TPS -my $cgi_sow_subsystem_file_path = undef; # TPS -my $cgi_sow_instance_cgi_file_path = undef; # TPS -my $cgi_sow_subsystem_cgi_file_path = undef; # TPS -my $cgi_sow_instance_cfg_pl_path = undef; # TPS -my $addAgents_ldif_instance_file_path = undef; # TPS -my $addAgents_ldif_subsystem_file_path = undef; # TPS -my $addIndexes_ldif_instance_file_path = undef; # TPS -my $addIndexes_ldif_subsystem_file_path = undef; # TPS -my $addTokens_ldif_instance_file_path = undef; # TPS -my $addTokens_ldif_subsystem_file_path = undef; # TPS -my $addVLVIndexes_ldif_instance_file_path = undef; # TPS -my $addVLVIndexes_ldif_subsystem_file_path = undef; # TPS -my $pki_certsrv_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $pki_certsrv_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $pki_cms_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $pki_cms_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $pki_cmsbundle_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $pki_cmsbundle_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $pki_cmscore_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $pki_cmscore_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $pki_cmsutil_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $pki_cmsutil_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $javassist_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $javassist_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $jaxrs_api_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $jaxrs_api_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $resteasy_jaxb_provider_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $resteasy_jaxb_provider_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $resteasy_jaxrs_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $resteasy_jaxrs_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $scannotation_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $scannotation_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $jettison_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $jettison_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $resteasy_atom_provider_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $resteasy_atom_provider_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $resteasy_jettison_provider_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $resteasy_jettison_provider_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $commons_collections_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $commons_collections_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $commons_lang_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $commons_lang_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $commons_logging_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $commons_logging_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $httpclient_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $httpclient_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $jss_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $jss_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $ldapjdk_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $ldapjdk_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $pki_nsutil_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $pki_nsutil_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $commons_codec_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $commons_codec_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $symkey_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $symkey_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $tomcatjss_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $tomcatjss_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $velocity_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $velocity_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $xerces_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $xerces_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $xml_commons_apis_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $xml_commons_apis_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $xml_commons_resolver_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $xml_commons_resolver_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $httpd_conf_instance_file_path = undef; # RA, TPS -my $httpd_conf_subsystem_file_path = undef; # RA, TPS -my $index_jsp_instance_file_path = undef; # CA, KRA, OCSP, TKS -my $index_jsp_subsystem_file_path = undef; # CA, KRA, OCSP, TKS -my $magic_instance_file_path = undef; # RA, TPS -my $magic_subsystem_file_path = undef; # RA, TPS -my $mime_types_instance_file_path = undef; # RA, TPS -my $mime_types_subsystem_file_path = undef; # RA, TPS -my $noise_instance_file_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $nss_conf_instance_file_path = undef; # RA, TPS -my $nss_conf_subsystem_file_path = undef; # RA, TPS -my $nss_pcache_instance_file_path = undef; # RA, TPS -my $nss_pcache_subsystem_file_path = undef; # RA, TPS -my $perl_conf_instance_file_path = undef; # RA, TPS -my $perl_conf_subsystem_file_path = undef; # RA, TPS -my $password_conf_instance_file_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $perl_instance_symlink_path = undef; # RA, TPS -my $perl_subsystem_path = undef; # RA, TPS -my $pfile_instance_file_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $pwcache_conf_instance_file_path = undef; # RA, TPS -my $pki_cfg_subsystem_file_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $pki_cfg_instance_file_path = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $pki_apache_initscript_file_path = undef; # RA, TPS -my $schemaMods_ldif_instance_file_path = undef; # RA, TPS -my $schemaMods_ldif_subsystem_file_path = undef; # RA, TPS -my $server_xml_instance_file_path = undef; # CA, KRA, OCSP, TKS -my $server_xml_subsystem_file_path = undef; # CA, KRA, OCSP, TKS -my $servercertnick_conf_instance_file_path = undef; # CA, KRA, OCSP, TKS -my $servercertnick_conf_subsystem_file_path = undef; # CA, KRA, OCSP, TKS -my $pki_subsystem_jar_file_path = undef; # CA, KRA, OCSP, TKS -my $pki_subsystem_jar_symlink_path = undef; # CA, KRA, OCSP, TKS -my $tomcat6_conf_subsystem_file_path = undef; # CA, KRA, OCSP, TKS -my $tomcat6_conf_instance_file_path = undef; # CA, KRA, OCSP, TKS -my $tomcat6_instance_pid_file_path = undef; # CA, KRA, OCSP, TKS -my $velocity_prop_instance_file_path = undef; # CA, KRA, OCSP, TKS -my $velocity_prop_subsystem_file_path = undef; # CA, KRA, OCSP, TKS -my $web_xml_instance_file_path = undef; # CA, KRA, OCSP, TKS -my $web_xml_subsystem_file_path = undef; # CA, KRA, OCSP, TKS -my $catalina_properties_instance_file_path = undef; # CA, KRA, OCSP, TKS -my $catalina_properties_subsystem_file_path = undef; # CA, KRA, OCSP, TKS -my $webapps_root_instance_path = undef; # CA, KRA, OCSP, TKS -my $webapps_root_subsystem_path = undef; # CA, KRA, OCSP, TKS -my $webinf_instance_path = undef; # CA, KRA, OCSP, TKS -my $webinf_lib_instance_path = undef; # CA, KRA, OCSP, TKS -my $webinf_subsystem_path = undef; # CA, KRA, OCSP, TKS -my $profile_select_template_subsystem_file_path = undef; #CA -my $profile_select_template_instance_file_path = undef; #CA -my $proxy_conf_subsystem_file_path = undef; #CA -my $proxy_conf_instance_file_path = undef; #CA - -# PKI init script variables -my $pki_registry_initscript = undef; # CA, KRA, OCSP, TKS, RA, TPS -my $pki_registry_initscript_command = undef; # CA, KRA, OCSP, TKS, RA, TPS - -# PKI registry variables -my $pki_registry_subsystem_path = undef; # CA, KRA, OCSP, TKS RA, TPS -my $pki_registry_subsystem_file_path = undef; # CA, KRA, OCSP, TKS RA, TPS -my $pki_registry_instance_file_path = undef; # CA, KRA, OCSP, TKS RA, TPS - -# PKI creation variables -my $host = undef; -my $db_password = undef; -my $random = undef; - -# Linux specific variables -my $setup_base_subsystem_dir = "setup"; -my $setup_subsystem_path = undef; -my $tomcat6_initscript_path = undef; -my $tomcat6_instance_config_path = undef; -my $root_user = undef; -my $root_group = undef; -my $pki_instance_initscript_path = undef; - -#systemd specific variables -my $use_systemd = 0; -my $pki_subsystem_systemd_wants_path = undef; -my $pki_subsystem_systemd_service_path = undef; -my $pki_instance_systemd_service_name = undef; - - -############################################################## -# Platform-Dependent Data Initialization -############################################################## - -if ($^O eq "linux") { - if (is_Fedora() && (fedora_release() >= 16)) { - $use_systemd = 1; - } - - # Linux init scripts - if ($use_systemd) { - $tomcat6_initscript_path = "/usr/sbin/tomcat6-sysd"; - } else { - $tomcat6_initscript_path = "${default_initscripts_path}/tomcat6"; - } - - # Tomcat instance config directory - $tomcat6_instance_config_path = "/etc/sysconfig"; - - # Superuser and group to give to PKI installed files - $root_user = "root"; - $root_group = "root"; -} else { - emit("Unsupported platform '$^O'!\n", "error"); - exit 255; -} - - -############################################################## -# Local Data Initialization -############################################################## - -# Initialize Java-specific variables -if ($^O eq "linux") { - if ($default_hardware_platform eq "i686") { - # 32-bit Linux - - # Supported hardware token PKCS #11 modules - %supported_sec_modules_hash = ("lunasa" => "/usr/lunasa/lib/libCryptoki2.so", - "nfast" => "/opt/nfast/toolkits/pkcs11/libcknfast.so"); - } elsif ($default_hardware_platform eq "x86_64") { - # 64-bit Linux - - # Supported hardware token PKCS #11 modules - %supported_sec_modules_hash = ("lunasa" => "/usr/lunasa/lib/libCryptoki2_64.so", - "nfast" => "/opt/nfast/toolkits/pkcs11/libcknfast.so"); - } else { - emit("Unsupported '$^O' hardware platform '$default_hardware_platform'!\n", "error"); - exit 255; - } -} else { - emit("Unsupported platform '$^O'!\n", "error"); - exit 255; -} - -############################################################## -# PKI Instance Creation Subroutines -############################################################## - -# no args -# no return value -sub usage -{ - print STDOUT <<'EOF'; -############################################################################### -### USAGE: CA, KRA, OCSP, or TKS subsystem instance creation (Tomcat) ### -############################################################################### - -As of Dogtag 10, pkicreate is no longer supported for the creation of CA, KRA, -OCSP and TKS subsystems. To create instances of these subsystems, use -pkispawn instead. - -############################################################################### -### USAGE: RA or TPS subsystem instance creation (Apache) ### -############################################################################### - -pkicreate -pki_instance_root=<pki_instance_root> # Instance root directory - # destination - - -pki_instance_name=<pki_instance_id> # Unique PKI subsystem - # instance name - - -subsystem_type=<subsystem_type> # Subsystem type - # [ra | tps] - - -secure_port=<secure_port> # Secure port - # (clientauth) - # for each - # Apache instance - - -non_clientauth_secure_port=<non_clientauth_secure_port> - - # Secure port - # (non-clientauth) - # for each - # Apache instance - - -unsecure_port=<unsecure_port> # Unsecure port - - [-user=<username>] # User ownership - # (must ALSO specify - # group ownership) - # - # [Default=pkiuser] - - [-group=<groupname>] # Group ownership - # (must ALSO specify - # user ownership) - # - # [Default=pkiuser] - - [-redirect conf=<real conf dir path>] # Redirection of - # 'conf' directory - - [-redirect logs=<real logs dir path>] # Redirection of - # 'logs' directory - - [-verbose] # Print out liberal info - # during 'pkicreate'. - # Specify multiple times - # to increase verbosity. - - [-dry_run] # Do not perform any actions. - # Just report what would have - # been done. - - [-help] # Print out this screen - - -############################################################################### -### EXAMPLES: ### -### PKI (Apache) subsystem instance creation of an RA ### -### PKI (Apache) subsystem instance creation of a TPS ### -### PKI (Apache) subsystem instance creation of a second TPS ### -############################################################################### - -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-ra \ - -subsystem_type=ra \ - -secure_port=12889 \ - -non_clientauth_secure_port=12890 \ - -unsecure_port=12888 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-ra \ - -redirect logs=/var/log/pki-ra \ - -verbose - -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-tps \ - -subsystem_type=tps \ - -secure_port=7889 \ - -non_clientauth_secure_port=7890 \ - -unsecure_port=7888 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-tps \ - -redirect logs=/var/log/pki-tps \ - -verbose - -pkicreate -pki_instance_root=/var/lib \ - -pki_instance_name=pki-tps1 \ - -subsystem_type=tps \ - -secure_port=7989 \ - -non_clientauth_secure_port=7990 \ - -unsecure_port=7988 \ - -user=pkiuser \ - -group=pkiuser \ - -redirect conf=/etc/pki-tps1 \ - -redirect logs=/var/log/pki-tps1 \ - -verbose - -IMPORTANT: Must be run as root! -EOF - - return; -} - - -# arg0 instance name -# return 1 - exists, or -# return 0 - DOES NOT exist -sub pki_instance_already_exists -{ - my ($name) = @_; - my $result = 0; - my $instance = ""; - - $instance = $pki_registry_path - . "/" . $subsystem_type - . "/" . $name; - - if (-e $instance) { - $result = 1; - } - - return $result; -} - - -# no args -# return 1 - success, or -# return 0 - failure -sub parse_arguments -{ - my $l_secure_port = -1; - my $l_non_clientauth_secure_port = -1; - my $l_unsecure_port = -1; - my $l_tomcat_server_port = -1; - my $l_agent_secure_port = -1; - my $l_ee_secure_port = -1; - my $l_ee_secure_client_auth_port = -1; - my $l_admin_secure_port = -1; - my $l_proxy_secure_port = -1; - my $l_proxy_unsecure_port = -1; - my $l_ajp_port = -1; - my $show_help = 0; - - my $result = GetOptions("help" => \$show_help, - "pki_instance_root=s" => \$pki_instance_root, - "pki_instance_name=s" => \$pki_instance_name, - "subsystem_type=s" => \$subsystem_type, - "secure_port:i" => \$l_secure_port, - "non_clientauth_secure_port:i" => \$l_non_clientauth_secure_port, - "unsecure_port:i" => \$l_unsecure_port, - "agent_secure_port:i" => \$l_agent_secure_port, - "ee_secure_port:i" => \$l_ee_secure_port, - "ee_secure_client_auth_port:i" => \$l_ee_secure_client_auth_port, - "admin_secure_port:i" => \$l_admin_secure_port, - "tomcat_server_port:i" => \$l_tomcat_server_port, - "proxy_secure_port:i" => \$l_proxy_secure_port, - "proxy_unsecure_port:i" => \$l_proxy_unsecure_port, - "ajp_port:i" => \$l_ajp_port, - "enable_proxy" => \$enable_proxy, - "user=s" => \$username, - "group=s" => \$groupname, - "verbose+" => \$verbose, - "dry_run" => \$dry_run, - "redirect=s" => \%redirects); - - - ## Optional "-help" option - no "mandatory" options are required - if ($show_help) { - usage(); - return 0; - } - - - ## Mandatory "-pki_instance_root=s" option - if (!$pki_instance_root) { - usage(); - emit("Must have value for -pki_instance_root!\n", "error"); - return 0; - } - - if ($pki_instance_root eq "/") { - usage(); - emit("Don't even think about making root the pki_instance_root! " - . "Try again.\n", "error"); - return 0; - } - - # Remove all trailing directory separators ('/') - $pki_instance_root =~ s/\/+$//; - - if (!is_path_valid($pki_instance_root)) { - usage(); - emit("Target directory $pki_instance_root is not a " - . "legal directory try again.\n", - "error"); - return 0; - } - - ## Mandatory "-subsystem_type=s" option - if ($subsystem_type ne $RA && - $subsystem_type ne $TPS) { - usage(); - emit("Illegal value => $subsystem_type : for -subsystem_type!\n", - "error"); - return 0; - } - - $pki_subsystem_path = $pki_subsystem_common_area - . "/" . $subsystem_type; - - if (!(-d $pki_subsystem_path)) { - usage(); - emit("$pki_subsystem_path not present. " - . "Please install the corresponding subsystem RPM first!\n", - "error"); - return 0; - } else { - emit(" subsystem_type $subsystem_type\n"); - } - - - ## Mandatory "-pki_instance_name=s" option - if (!$pki_instance_name) { - usage(); - emit("Must have value for -pki_instance_name!\n", "error"); - return 0; - } - - if (!is_name_valid($pki_instance_name)) { - usage(); - emit("Illegal Value => $pki_instance_name for -pki_instance_name!\n", - "error"); - return 0; - } - - if (pki_instance_already_exists($pki_instance_name) && !$dry_run) { - usage(); - emit("An instance named $pki_instance_name " - . "already exists; please try again.\n", "error"); - return 0; - } - - $pki_instance_path = "${pki_instance_root}/${pki_instance_name}"; - - if (directory_exists($pki_instance_path) && !$dry_run) { - usage(); - emit("Target directory $pki_instance_path " - . "already exists; clean up and " - . "try again.\n", "error"); - return 0; - } - - # Capture installation information in a log file, always overwrite this file. - # When creating an instance it's a fatal error if the logfile - # cannot be created. - my $logfile = "/var/log/${pki_instance_name}-install.log"; - if (!open_logfile($logfile, $default_file_permissions)) { - emit("can not create logfile ($logfile)", "error"); - return 0; - } - - add_install_info($logfile, 'file', 'preserve'); - - printf(STDOUT "Capturing installation information in %s\n", $logfile); - - emit("Parsing PKI creation arguments ...\n"); - - if ($verbose) { - emit(" verbose mode ENABLED (level=$verbose)\n"); - } - - if ($dry_run) { - emit(" dry run mode ENABLED, system will not be modified\n"); - print STDOUT "dry run mode ENABLED, system will not be modified\n"; - } - - emit(" pki_instance_root $pki_instance_root\n"); - emit(" pki_instance_name $pki_instance_name\n"); - - ## Mandatory "-secure_port=<secure_port>" option - if ($l_secure_port >= 0) { - $secure_port = $l_secure_port; - - emit(" secure_port $secure_port\n"); - } else { - if ($l_agent_secure_port == -1) - { - usage(); - emit("Must include value for secure_port!\n", "error"); - return 0; - } - } - - ## Mandatory "-non_clientauth_secure_port=<non_clientauth_secure_port>" - ## option/exclusion - if (($subsystem_type eq $RA || $subsystem_type eq $TPS)) { - if ($l_non_clientauth_secure_port >= 0) { - $non_clientauth_secure_port = $l_non_clientauth_secure_port; - - emit(" non_clientauth_secure_port " - . "$non_clientauth_secure_port\n"); - } else { - if ($l_non_clientauth_secure_port == -1) - { - usage(); - emit("Must include value for non_clientauth_secure_port!\n", - "error"); - return 0; - } - } - - if ($l_agent_secure_port > 0 || - $l_ee_secure_port > 0 || - $l_ee_secure_client_auth_port > 0 || - $l_admin_secure_port > 0) { - usage(); - emit("Must NOT include values for any agent|admin|ee ports!\n", - "error"); - return 0; - } - } else { - ## Mandatory EXCLUSION for CA, KRA, OCSP, and TKS subsystems - if ($l_non_clientauth_secure_port != -1) { - usage(); - emit("Must NOT include value for non_clientauth_secure_port!\n", - "error"); - return 0; - } - } - - ## Mandatory "-unsecure_port=<unsecure_port>" option - if ($l_unsecure_port >= 0) { - $unsecure_port = $l_unsecure_port; - - emit(" unsecure_port $unsecure_port\n"); - } else { - usage(); - emit("Must include value for unsecure_port!\n", "error"); - return 0; - } - - ## Mandatory "-tomcat_server_port=<tomcat_server_port>" option/exclusion - if (!($subsystem_type eq $RA || $subsystem_type eq $TPS)) { - ## Mandatory OPTION for CA, KRA, OCSP, and TKS subsystems - if ($l_tomcat_server_port < 0) { - usage(); - emit("Must include value for tomcat_server_port!\n", "error"); - return 0; - } - - $tomcat_server_port = $l_tomcat_server_port; - - emit(" tomcat_server_port $tomcat_server_port\n"); - } else { - ## Mandatory EXCLUSION for RA and TPS subsystems - if ($l_tomcat_server_port != -1) { - usage(); - emit("Must NOT include value for tomcat_server_port!\n", - "error"); - return 0; - } - } - - if ($l_agent_secure_port >= 0) { - $agent_secure_port = $l_agent_secure_port; - - emit(" agent_secure_port $agent_secure_port\n"); - - } - - ## Mandatory ee_secure_port if "-agent_secure_port" is given - - if ($l_ee_secure_port >= 0) { - $ee_secure_port = $l_ee_secure_port; - - emit(" ee_secure_port $ee_secure_port\n"); - - } else { - if ($agent_secure_port >= 0) { - emit("Must include value for ee_secure_port if agent_secure_port is given!\n"); - } - } - - ## Mandatory ee_secure_client_auth_port if "-agent_secure_port" is given, and CA subsystem - - if ($l_ee_secure_client_auth_port >= 0) { - $ee_secure_client_auth_port = $l_ee_secure_client_auth_port; - - emit(" ee_secure_client_auth_port $ee_secure_client_auth_port\n"); - - } else { - if (($agent_secure_port >= 0) && ($subsystem_type eq $CA)) { - usage(); - emit("For CAs, must include value for ee_secure_client_auth_port if agent_secure_port is given!\n"); - return 0; - } - } - - ## Mandatory admin_secure_port if "-agent_secure_port" is given - - if ($l_admin_secure_port >= 0) { - $admin_secure_port = $l_admin_secure_port; - - emit(" admin_secure_port $admin_secure_port\n"); - - } else { - if ($agent_secure_port >= 0) { - emit("Must include value for admin_secure_port if agent_secure_port is given!\n"); - } - } - - if ($enable_proxy) { - - $proxy_secure_port = ($l_proxy_secure_port >= 0) ? $l_proxy_secure_port : - $PROXY_SECURE_PORT_DEFAULT; - emit(" proxy_secure_port $proxy_secure_port\n"); - - $proxy_unsecure_port = ($l_proxy_unsecure_port >= 0) ? $l_proxy_unsecure_port : - $PROXY_UNSECURE_PORT_DEFAULT; - emit(" proxy_unsecure_port $proxy_unsecure_port\n"); - - $ajp_port = ($l_ajp_port >= 0) ? $l_ajp_port : $AJP_PORT_DEFAULT; - emit(" ajp_port $ajp_port\n"); - } - - if (!AreConnectorPortsValid($secure_port,$unsecure_port,$agent_secure_port, - $ee_secure_port,$ee_secure_client_auth_port, $admin_secure_port, - $proxy_secure_port, $proxy_unsecure_port)) - { - usage(); - emit("Invalid port numbers submitted!\n","error"); - return 0; - } - - - ## Optional "-group=<groupname>" option - if ($groupname) { - if (!$username) { - usage(); - emit("Must ALSO specify user ownership using -user!\n", - "error"); - return 0; - } - - if (!group_exists($groupname)) { - if (!create_group($groupname)) { - usage(); - emit("Unable to create group '$groupname' on this machine!\n", - "error"); - return 0; - } - } - - # Overwrite default value of $pki_group with user-specified $groupname - $pki_group = $groupname; - } - - - # At this point in time, ALWAYS check that $pki_group exists! - if (!group_exists($pki_group)) { - if (!create_group($pki_group)) { - usage(); - emit("Unable to create group '$pki_group' on this machine!\n", - "error"); - return 0; - } - } - - - ## Optional "-user=<username>" option - if ($username) { - if (!$groupname) { - usage(); - emit("Must ALSO specify group ownership using -group!\n", - "error"); - return 0; - } - - if (!user_exists($username)) { - if (!create_user($username, $groupname)) { - usage(); - emit("Unable to create user '$username' on this machine!\n", - "error"); - return 0; - } - } - - # Overwrite default value of $pki_user with user-specified $username - $pki_user = $username; - } - - - # At this point in time, ALWAYS check that $pki_user exists! - if (!user_exists($pki_user)) { - if (!create_user($pki_user, $pki_group)) { - usage(); - emit("Unable to create user '$pki_user' on this machine!\n", - "error"); - return 0; - } - } - - - # At this point in time, ALWAYS check that shell access for $pki_user is - # disallowed; for now, simply notify the user performing the installation - # and continue - if (!user_disallows_shell($pki_user)) { - emit("Please contact your system administrator " - . "to disallow shell access for '$pki_user'!\n"); - } - - - # At this point in time, ALWAYS check that $pki_user - # is a valid member of $pki_group - # - # NOTE: Uncomment the following code to enforce a strict policy of - # requiring $pki_user to be a member of $pki_group . . . - # - # if (!user_is_a_member_of_group($pki_user, $pki_group)) { - # usage(); - # emit("The user '$pki_user' is NOT a member of group '$pki_group'!\n", - # "error"); - # return 0; - # } - - - # At this point in time, ALWAYS attempt to add $pki_user as a - # valid member of $default_nfast_group (presuming one exists) - if (group_exists($default_nfast_group)) { - # Ignore failures as this should be considered a 'benign' error - if (add_user_as_a_member_of_group($pki_user, - $default_nfast_group)) { - emit("User '$pki_user' is a member of group " - . "'$default_nfast_group'.\n"); - } - } - - - ## Optional "-redirect <dir_name>=<real dir path> ..." option - while (my ($key, $value) = each(%redirects)) { - if (!is_path_valid($value)) { - usage(); - emit("Illegal redirect directory value: key=$key value=" - . "$value\n", "error"); - return 0; - } - - if ($key eq "conf") { - $redirected_conf_path = $value; - emit("setting conf_path $redirected_conf_path\n"); - } elsif ($key eq "logs") { - $redirected_logs_path = $value; - emit("setting logs_path $redirected_logs_path\n"); - } else { - usage(); - emit("Illegal redirect directory key: key=$key value=" - . "$value\n", "error"); - return 0; - } - - emit("redirect $key => $value\n"); - } - - ## selinux warning - if (($pki_instance_root ne "/var/lib") && ($^O eq "linux")) { - print STDOUT <<"EOF"; -WARNING: This utility will attempt to relabel the selinux context of the -$pki_instance_path directory and the files within it -as pki_$subsystem_type _var_lib_t - -Depending on the location of pki_instance_root and the selinux rules -currently in place on the system, this may not succeed. In that case, the -directory may have to be manually relabeled, or selinux will have to be run -in permissive mode. - -It is therefore recommended that the default setting of /var/lib be used -for pki_instance_root. -EOF - -ASK_CONTINUE_NONSTD_INSTANCE_ROOT: - - my $confirm = prompt("You have chosen the following value for pki_instance_root instead: " - . $pki_instance_root - . "\nDo you wish to proceed with this value (Y/N)?"); - - if ($confirm eq "N" || $confirm eq "n") { - return 0; - } elsif ($confirm ne "Y" && $confirm ne "y") { - goto ASK_CONTINUE_NONSTD_INSTANCE_ROOT; - } - } - - return 1; -} - - -# Return 1 if success, 0 if failure -sub initialize_subsystem_paths -{ - ## Initialize subsystem directory paths (subsystem independent) - $conf_subsystem_path = $pki_subsystem_path - . "/" . $conf_base_subsystem_dir; - $setup_subsystem_path = $pki_subsystem_path - . "/" . $setup_base_subsystem_dir; - - $pki_registry_subsystem_path = $pki_registry_path - . "/" . $subsystem_type; - $pki_registry_subsystem_file_path = $setup_subsystem_path - . "/" . $registry_template_base_name; - - $pki_registry_initscript = get_registry_initscript_name($subsystem_type); - - ## systemd subsystem variables - $pki_subsystem_systemd_wants_path = - "/etc/systemd/system/${pki_registry_initscript}.target.wants"; - $pki_subsystem_systemd_service_path = - "/lib/systemd/system/${pki_registry_initscript}\@.service"; - - ## Initialize subsystem directory paths (CA subsystems) - if ($subsystem_type eq $CA) { - $emails_subsystem_path = $pki_subsystem_path - . "/" . $emails_base_subsystem_dir; - } - - - $common_ui_subsystem_path = $pki_subsystem_common_area . "/" . - "common-ui"; - $ui_subsystem_path = $pki_subsystem_path . "-ui"; - - ## Initialize subsystem directory paths (RA, TPS subsystems) - if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { - if ($subsystem_type eq $TPS) { - $applets_subsystem_path = $pki_subsystem_path - . "/" . $applets_base_subsystem_dir; - $bin_subsystem_path = $default_system_user_libraries - . "/" . "pki" - . "/" . $subsystem_type; - $samples_subsystem_path = $pki_subsystem_path - . "/" . $samples_base_subsystem_dir; - } - - $lib_subsystem_path = $pki_subsystem_path - . "/" . $lib_base_subsystem_dir; - $scripts_subsystem_path = $pki_subsystem_path - . "/" . $scripts_base_subsystem_dir; - - # Apache Specific - if ($subsystem_type eq $TPS) { - $cgibin_subsystem_path = $pki_subsystem_path - . "/" . $cgibin_base_subsystem_dir; - } - - # Apache Specific - $docroot_subsystem_path = $pki_subsystem_path - . "/" . $docroot_base_subsystem_dir; - } else { - - ## Initialize subsystem directory paths (CA, KRA, OCSP, TKS subsystems) - - $profiles_subsystem_path = $pki_subsystem_path - . "/" . $profiles_base_subsystem_dir; - $webapps_subsystem_path = $pki_subsystem_path - . "/" . $webapps_base_subsystem_dir; - } - - return 1; -} - - -# Return 1 if success, 0 if failure -sub initialize_instance_paths -{ - ## Initialize instance directory paths (instance independent) - $alias_instance_path = $pki_instance_path - . "/" . $alias_base_instance_dir; - $conf_instance_path = $pki_instance_path - . "/" . $conf_base_instance_dir; - $logs_instance_path = $pki_instance_path - . "/" . $logs_base_instance_dir; - - - ## Initialize the pki registry instance - $pki_registry_instance_file_path = $pki_registry_subsystem_path - . "/" . $pki_instance_name; - - ## Initialize path to per instance init script - $pki_instance_initscript_path = $pki_instance_path - . "/" . $pki_instance_name; - - ## Initialize tomcat6 instance conf - $tomcat6_conf_instance_file_path = $tomcat6_instance_config_path - . "/" . $pki_instance_name; - ## Initialize tomcat6 pid file - $tomcat6_instance_pid_file_path = $default_tomcat_pids_path - . "/" . $pki_instance_name - . ".pid"; - - ## systemd instance service name - $pki_instance_systemd_service_name = - "${pki_registry_initscript}\@${pki_instance_name}.service"; - - ## Initialize instance directory paths (RA, TPS instances) - if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { - if ($subsystem_type eq $TPS) { - $bin_instance_path = $pki_instance_path - . "/" . $bin_base_instance_dir; - } - - $lib_instance_path = $pki_instance_path - . "/" . $lib_base_instance_dir; - $scripts_instance_path = $pki_instance_path - . "/" . $scripts_base_instance_dir; - - # Apache Specific - if ($subsystem_type eq $TPS) { - $cgibin_instance_path = $pki_instance_path - . "/" . $cgibin_base_instance_dir; - } - - # Apache Specific - $docroot_instance_path = $pki_instance_path - . "/" . $docroot_base_instance_dir; - } else { - ## Initialize instance directory paths (CA, KRA, OCSP, TKS instances) - $emails_instance_path = $pki_instance_path - . "/" . $emails_base_instance_dir; - $profiles_instance_path = $pki_instance_path - . "/" . $profiles_base_instance_dir; - $webapps_instance_path = $pki_instance_path - . "/" . $webapps_base_instance_dir; - $webapps_subsystem_instance_path = $webapps_instance_path . "/" - . $subsystem_type; - - # Tomcat Specific - $shared_instance_path = $pki_instance_path - . "/" . $shared_base_instance_dir; - $tomcat_instance_common_lib_path = $pki_instance_path - . "/" . $tomcat_instance_common_lib_dir; - $temp_instance_path = $pki_instance_path - . "/" . $temp_base_instance_dir; - $work_instance_path = $pki_instance_path - . "/" . $work_base_instance_dir; - } - - return 1; -} - - -# Return 1 if success, 0 if failure -sub initialize_instance_symlink_paths -{ - ## Initialize instance symlinks (instance independent) - $conf_instance_symlink_path = $pki_instance_path - . "/" . $conf_base_instance_symlink; - $logs_instance_symlink_path = $pki_instance_path - . "/" . $logs_base_instance_symlink; - - - ## Initialize instance symlinks (CA instances) - # if ($subsystem_type eq $CA) { - # } - - - ## Initialize instance symlinks (RA, TPS instances) - if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { - # Apache Specific - $run_instance_symlink_path = $pki_instance_path - . "/" . $run_base_instance_symlink; - } - - return 1; -} - - -# Return 1 if success, 0 if failure -sub initialize_subdirectory_paths -{ - ## Initialize subdirectory paths (subsystem independent) - $pki_cfg_subsystem_file_path = $conf_subsystem_path - . "/" . $pki_cfg_base_name; - $pki_piddir_path = $default_apache_pids_path - . "/" . $subsystem_type; - - ## Initialize subdirectory paths (CA subsystems) - if ($subsystem_type eq $CA) { - $profile_select_template_subsystem_file_path = $ui_subsystem_path - . "/" . $webapps_base_subsystem_dir - . "/" . $subsystem_type - . "/ee/" . $subsystem_type - . "/" . $profile_select_base_name; - $profile_select_template_instance_file_path = $webapps_subsystem_instance_path - . "/ee/". $subsystem_type - . "/" . $profile_select_base_name; - - $proxy_conf_subsystem_file_path = $conf_subsystem_path - . "/" . $proxy_conf_base_name; - } - - ## Initialize subdirectory paths (RA, TPS subsystems) - if ($subsystem_type eq $TPS) { - $cgi_sow_subsystem_file_path = $cgibin_subsystem_path - . "/" - . $cgi_sow_dir_name; - $cgi_sow_instance_cfg_pl_path = $cgibin_instance_path - . "/" - . $cgi_sow_cfg_pl_name; - } - - if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { - - if ($subsystem_type eq $TPS) { - - $cgi_home_instance_file_path = $cgibin_instance_path - . "/" - . $cgi_home_base_name; - $cgi_home_subsystem_file_path = $cgibin_subsystem_path - . "/" - . $cgi_home_base_name; - $cgi_demo_instance_file_path = $cgibin_instance_path - . "/" - . $cgi_demo_base_name; - $cgi_demo_subsystem_file_path = $cgibin_subsystem_path - . "/" - . $cgi_demo_base_name; - $cgi_so_instance_file_path = $cgibin_instance_path - . "/" - . $cgi_so_base_name; - $cgi_so_subsystem_file_path = $cgibin_subsystem_path - . "/" - . $cgi_so_base_name; - $cgi_so_instance_enroll_file_path = $cgibin_instance_path - . "/" - . $cgi_so_enroll_name; - $cgi_so_subsystem_enroll_file_path = $cgibin_subsystem_path - . "/" - . $cgi_so_enroll_name; - $cgi_sow_instance_file_path = $cgibin_instance_path - . "/" - . $cgi_sow_dir_name; - $addAgents_ldif_instance_file_path = $scripts_instance_path - . "/" - . $addAgents_ldif_base_name; - $addAgents_ldif_subsystem_file_path = $scripts_subsystem_path - . "/" - . $addAgents_ldif_base_name; - $addIndexes_ldif_instance_file_path = $scripts_instance_path - . "/" - . $addIndexes_ldif_base_name; - $addIndexes_ldif_subsystem_file_path = $scripts_subsystem_path - . "/" - . $addIndexes_ldif_base_name; - $addTokens_ldif_instance_file_path = $scripts_instance_path - . "/" - . $addTokens_ldif_base_name; - $addTokens_ldif_subsystem_file_path = $scripts_subsystem_path - . "/" - . $addTokens_ldif_base_name; - $addVLVIndexes_ldif_instance_file_path = $scripts_instance_path - . "/" - . $addVLVIndexes_ldif_base_name; - $addVLVIndexes_ldif_subsystem_file_path = $scripts_subsystem_path - . "/" - . $addVLVIndexes_ldif_base_name; - $schemaMods_ldif_instance_file_path = $scripts_instance_path - . "/" - . $schemaMods_ldif_base_name; - $schemaMods_ldif_subsystem_file_path = $scripts_subsystem_path - . "/" - . $schemaMods_ldif_base_name; - } - - $pki_lockdir_path = $default_lockdir - . "/" . $subsystem_type; - $pki_apache_initscript_file_path = $pki_subsystem_common_area - . "/" . $scripts_base_subsystem_dir - . "/" . $pki_apache_initscript_base_name; - $nss_pcache_instance_file_path = $scripts_instance_path - . "/" - . $nss_pcache_base_name; - $nss_pcache_subsystem_file_path = $scripts_subsystem_path - . "/" - . $nss_pcache_base_name; - $httpd_conf_subsystem_file_path = $conf_subsystem_path - . "/" . $httpd_conf_base_name; - $magic_subsystem_file_path = $conf_subsystem_path - . "/" . $magic_base_name; - $mime_types_subsystem_file_path = $conf_subsystem_path - . "/" . $mime_types_base_name; - $nss_conf_subsystem_file_path = $conf_subsystem_path - . "/" . $nss_conf_base_name; - $perl_conf_subsystem_file_path = $conf_subsystem_path - . "/" . $perl_conf_base_name; - $perl_instance_symlink_path = $lib_instance_path - . "/" - . $perl_base_instance_symlink; - $perl_subsystem_path = $lib_subsystem_path - . "/" - . $perl_base_subsystem_dir; - } else { - ## Initialize subdirectory paths (CA, KRA, OCSP, TKS subsystems) - - $pki_subsystem_jar_base_name = "pki-${subsystem_type}.jar"; - - if (!defined($pki_certsrv_jar_file_path = find_jar($pki_certsrv_jar_base_name))) { - emit("could not find jar: $pki_certsrv_jar_base_name", "error"); - return 0; - } - - if (!defined($pki_cms_jar_file_path = find_jar($pki_cms_jar_base_name))) { - emit("could not find jar: $pki_cms_jar_base_name", "error"); - return 0; - } - - if (!defined($pki_cmsbundle_jar_file_path = find_jar($pki_cmsbundle_jar_base_name))) { - emit("could not find jar: $pki_cmsbundle_jar_base_name", "error"); - return 0; - } - - if (!defined($pki_cmscore_jar_file_path = find_jar($pki_cmscore_jar_base_name))) { - emit("could not find jar: $pki_cmscore_jar_base_name", "error"); - return 0; - } - - if (!defined($pki_cmsutil_jar_file_path = find_jar($pki_cmsutil_jar_base_name))) { - emit("could not find jar: $pki_cmsutil_jar_base_name", "error"); - return 0; - } - - # jakarta-commons-* has been renamed to apache-commons-* on some - # systems, search which one is available, preferring apache-commons - if (defined($commons_collections_jar_file_path = find_jar($apache_commons_collections_jar_base_name))) { - $commons_collections_jar_base_name = $apache_commons_collections_jar_base_name; - } else { - if (defined($commons_collections_jar_file_path = find_jar($jakarta_commons_collections_jar_base_name))) { - $commons_collections_jar_base_name = $jakarta_commons_collections_jar_base_name; - } else { - emit("could not find jar: $apache_commons_collections_jar_base_name or $jakarta_commons_collections_jar_base_name", "error"); - return 0; - } - } - - if (defined($commons_lang_jar_file_path = find_jar($apache_commons_lang_jar_base_name))) { - $commons_lang_jar_base_name = $apache_commons_lang_jar_base_name; - } else { - if (defined($commons_lang_jar_file_path = find_jar($jakarta_commons_lang_jar_base_name))) { - $commons_lang_jar_base_name = $jakarta_commons_lang_jar_base_name; - } else { - emit("could not find jar: $apache_commons_lang_jar_base_name or $jakarta_commons_lang_jar_base_name", "error"); - return 0; - } - } - - if (defined($commons_logging_jar_file_path = find_jar($apache_commons_logging_jar_base_name))) { - $commons_logging_jar_base_name = $apache_commons_logging_jar_base_name; - } else { - if (defined($commons_logging_jar_file_path = find_jar($jakarta_commons_logging_jar_base_name))) { - $commons_logging_jar_base_name = $jakarta_commons_logging_jar_base_name; - } else { - emit("could not find jar: $apache_commons_logging_jar_base_name or $jakarta_commons_logging_jar_base_name", "error"); - return 0; - } - } - - if (!defined($jss_jar_file_path = find_jar($jss_jar_base_name))) { - emit("could not find jar: $jss_jar_base_name", "error"); - return 0; - } - - if (!defined($ldapjdk_jar_file_path = find_jar($ldapjdk_jar_base_name))) { - emit("could not find jar: $ldapjdk_jar_base_name", "error"); - return 0; - } - - if (!defined($pki_nsutil_jar_file_path = find_jar($pki_nsutil_jar_base_name))) { - emit("could not find jar: $pki_nsutil_jar_base_name", "error"); - return 0; - } - - if (!defined($commons_codec_jar_file_path = find_jar($commons_codec_jar_base_name))) { - emit("could not find jar: $commons_codec_jar_base_name", "error"); - return 0; - } - - if (!defined($pki_subsystem_jar_file_path = find_jar($pki_subsystem_jar_base_name))) { - emit("could not find jar: $pki_subsystem_jar_base_name", "error"); - return 0; - } - - if (!defined($symkey_jar_file_path = find_jar($symkey_jar_base_name))) { - emit("could not find jar: $symkey_jar_base_name", "error"); - return 0; - } - - if (!defined($tomcatjss_jar_file_path = find_jar($tomcatjss_jar_base_name))) { - emit("could not find jar: $tomcatjss_jar_base_name", "error"); - return 0; - } - - if (!defined($velocity_jar_file_path = find_jar($velocity_jar_base_name))) { - emit("could not find jar: $velocity_jar_base_name", "error"); - return 0; - } - - if (!defined($xerces_jar_file_path = find_jar($xerces_jar_base_name))) { - emit("could not find jar: $xerces_jar_base_name", "error"); - return 0; - } - - if (!defined($xml_commons_apis_jar_file_path = find_jar($xml_commons_apis_jar_base_name))) { - emit("could not find jar: $xml_commons_apis_jar_base_name", "error"); - return 0; - } - - if (!defined($xml_commons_resolver_jar_file_path = find_jar($xml_commons_resolver_jar_base_name))) { - emit("could not find jar: $xml_commons_resolver_jar_base_name", "error"); - return 0; - } - - if (!defined($javassist_jar_file_path = find_jar($javassist_jar_base_name))) { - emit("could not find jar: $javassist_jar_base_name", "error"); - return 0; - } - - if (!defined($jaxrs_api_jar_file_path = find_jar($jaxrs_api_jar_base_name))) { - emit("could not find jar: $jaxrs_api_jar_base_name", "error"); - return 0; - } - - if (!defined($resteasy_jaxb_provider_jar_file_path = find_jar($resteasy_jaxb_provider_jar_base_name))) { - emit("could not find jar: $resteasy_jaxb_provider_jar_base_name", "error"); - return 0; - } - - if (!defined($resteasy_jaxrs_jar_file_path = find_jar($resteasy_jaxrs_jar_base_name))) { - emit("could not find jar: $resteasy_jaxrs_jar_base_name", "error"); - return 0; - } - - if (!defined($scannotation_jar_file_path = find_jar($scannotation_jar_base_name))) { - emit("could not find jar: $scannotation_jar_base_name", "error"); - return 0; - } - - if (!defined($resteasy_atom_provider_jar_file_path = find_jar($resteasy_atom_provider_jar_base_name))) { - emit("could not find jar: $resteasy_atom_provider_jar_base_name", "error"); - return 0; - } - - if (!defined($resteasy_jettison_provider_jar_file_path = find_jar($resteasy_jettison_provider_jar_base_name))) { - emit("could not find jar: $resteasy_jettison_provider_jar_base_name", "error"); - return 0; - } - - if (!defined($httpclient_jar_file_path = find_jar($httpclient_jar_base_name))) { - emit("could not find jar: $httpclient_jar_base_name", "error"); - return 0; - } - - if (!defined($jettison_jar_file_path = find_jar($jettison_jar_base_name))) { - emit("could not find jar: $jettison_jar_base_name", "error"); - return 0; - } - - $webinf_instance_path = $webapps_instance_path - . "/" . $subsystem_type - . "/" . $webinf_base_instance_dir; - $webinf_subsystem_path = $webapps_subsystem_path - . "/" . $subsystem_type - . "/" . $webinf_base_instance_dir; - $webinf_lib_instance_path = $webinf_instance_path - . "/" . $lib_base_instance_dir; - $webapps_root_subsystem_path = $webapps_subsystem_path - . "/" - . $webapps_root_base_subsystem_dir; - $webapps_subsystem_instance_path = $webapps_instance_path - . "/" . $subsystem_type; - - $pki_certsrv_jar_symlink_path = $webinf_lib_instance_path - . "/" . $pki_certsrv_jar_base_name; - $pki_cms_jar_symlink_path = $webinf_lib_instance_path - . "/" . $pki_cms_jar_base_name; - $pki_cmsbundle_jar_symlink_path = $webinf_lib_instance_path - . "/" . $pki_cmsbundle_jar_base_name; - $pki_cmscore_jar_symlink_path = $webinf_lib_instance_path - . "/" . $pki_cmscore_jar_base_name; - $pki_cmsutil_jar_symlink_path = $webinf_lib_instance_path - . "/" . $pki_cmsutil_jar_base_name; - $commons_collections_jar_symlink_path = $webinf_lib_instance_path - . "/" . $commons_collections_jar_base_name; - $commons_lang_jar_symlink_path = $webinf_lib_instance_path - . "/" . $commons_lang_jar_base_name; - $commons_logging_jar_symlink_path = $tomcat_instance_common_lib_path - . "/" . $commons_logging_jar_base_name; - $jss_jar_symlink_path = $tomcat_instance_common_lib_path - . "/" . $jss_jar_base_name; - $ldapjdk_jar_symlink_path = $webinf_lib_instance_path - . "/" . $ldapjdk_jar_base_name; - $pki_nsutil_jar_symlink_path = $webinf_lib_instance_path - . "/" . $pki_nsutil_jar_base_name; - $commons_codec_jar_symlink_path = $webinf_lib_instance_path - . "/" . $commons_codec_jar_base_name; - $symkey_jar_symlink_path = $webinf_lib_instance_path - . "/" . $symkey_jar_base_name; - $pki_subsystem_jar_symlink_path = $webinf_lib_instance_path - . "/" . $pki_subsystem_jar_base_name; - $tomcatjss_jar_symlink_path = $tomcat_instance_common_lib_path - . "/" . $tomcatjss_jar_base_name; - $velocity_jar_symlink_path = $webinf_lib_instance_path - . "/" . $velocity_jar_base_name; - $xerces_jar_symlink_path = $webinf_lib_instance_path - . "/" . $xerces_jar_base_name; - $xml_commons_apis_jar_symlink_path = $webinf_lib_instance_path - . "/" . $xml_commons_apis_jar_base_name; - $xml_commons_resolver_jar_symlink_path = $webinf_lib_instance_path - . "/" . $xml_commons_resolver_jar_base_name; - - #resteasy - $javassist_jar_symlink_path = $webinf_lib_instance_path - . "/" . $javassist_jar_base_name; - $jaxrs_api_jar_symlink_path = $webinf_lib_instance_path - . "/" . $jaxrs_api_jar_base_name; - $resteasy_jaxb_provider_jar_symlink_path = $webinf_lib_instance_path - . "/" . $resteasy_jaxb_provider_jar_base_name; - $resteasy_jaxrs_jar_symlink_path = $webinf_lib_instance_path - . "/" . $resteasy_jaxrs_jar_base_name; - $scannotation_jar_symlink_path = $webinf_lib_instance_path - . "/" . $scannotation_jar_base_name; - $resteasy_atom_provider_jar_symlink_path = $webinf_lib_instance_path - . "/" . $resteasy_atom_provider_jar_base_name; - $resteasy_jettison_provider_jar_symlink_path = $webinf_lib_instance_path - . "/" . $resteasy_jettison_provider_jar_base_name; - $jettison_jar_symlink_path = $webinf_lib_instance_path - . "/" . $jettison_jar_base_name; - $httpclient_jar_symlink_path = $webinf_lib_instance_path - . "/" . $httpclient_jar_base_name; - - $webapps_root_instance_path = $webapps_instance_path - . "/" - . $webapps_root_base_instance_dir; - $index_jsp_instance_file_path = $webapps_root_instance_path - . "/" . $index_jsp_base_name; - $index_jsp_subsystem_file_path = $webapps_root_subsystem_path - . "/" . $index_jsp_base_name; - $server_xml_subsystem_file_path = $conf_subsystem_path - . "/" . $server_xml_base_name; - $servercertnick_conf_subsystem_file_path = $conf_subsystem_path - . "/" . $servercertnick_conf_base_name; - $tomcat6_conf_subsystem_file_path = $conf_subsystem_path - . "/" . $tomcat6_conf_base_name; - $velocity_prop_instance_file_path = $webinf_instance_path - . "/" . $velocity_prop_base_name; - $velocity_prop_subsystem_file_path = $webinf_subsystem_path - . "/" . $velocity_prop_base_name; - $web_xml_instance_file_path = $webinf_instance_path - . "/" . $web_xml_base_name; - $web_xml_subsystem_file_path = $webinf_subsystem_path - . "/" . $web_xml_base_name; - $catalina_properties_subsystem_file_path = $conf_subsystem_path - . "/" . $catalina_properties_base_name; - } - return 1; -} - - -# Return 1 if success, 0 if failure -sub initialize_paths -{ - return 0 if !initialize_subsystem_paths(); - return 0 if !initialize_instance_paths(); - return 0 if !initialize_instance_symlink_paths(); - return 0 if !initialize_subdirectory_paths(); - return 1; -} - - -# Return 1 if success, 0 if failure -sub initialize_pki_creation_values -{ - # obtain the fully-qualified domain name of this host - $host = get_FQDN($hostname); - - # we need the certdb password generated now ... - $db_password = generate_random($db_password_low, $db_password_high); - - # generate a random value for a pin ... - $random = generate_random_string(20); - - return 1; -} - - -# Return 1 if success, 0 if failure -sub process_pki_directories -{ - my $remove_dir=""; - - emit("Processing PKI directories for '$pki_instance_path' ...\n"); - - ## Populate instance directory paths (instance independent) - return 0 if !create_directory($alias_instance_path, - $default_dir_permissions, $pki_user, $pki_group); - - # Check for an optionally redirected "conf" directory path ... - if (!$redirected_conf_path) { - $noise_instance_file_path = $conf_instance_path - . "/" . $noise_base_name; - $password_conf_instance_file_path = $conf_instance_path - . "/" . $password_conf_base_name; - $pfile_instance_file_path = $conf_instance_path - . "/" . $pfile_base_name; - $pki_cfg_instance_file_path = $conf_instance_path - . "/" . $pki_cfg_base_name; - $proxy_conf_instance_file_path = $conf_instance_path - . "/" . $proxy_conf_base_name; - $catalina_properties_instance_file_path = $conf_instance_path - . "/" . $catalina_properties_base_name; - - if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { - $httpd_conf_instance_file_path = $conf_instance_path - . "/" . $httpd_conf_base_name; - $magic_instance_file_path = $conf_instance_path - . "/" . $magic_base_name; - $mime_types_instance_file_path = $conf_instance_path - . "/" . $mime_types_base_name; - $nss_conf_instance_file_path = $conf_instance_path - . "/" . $nss_conf_base_name; - $perl_conf_instance_file_path = $conf_instance_path - . "/" . $perl_conf_base_name; - $pwcache_conf_instance_file_path = $conf_instance_path - . "/" . $pwcache_conf_base_name; - - # create instance directory - return 0 if !create_directory($conf_instance_path, - $default_dir_permissions, $pki_user, $pki_group); - - # only copy selected files - return 0 if !copy_file($magic_subsystem_file_path, $magic_instance_file_path, - $default_file_permissions, $pki_user, $pki_group); - - return 0 if !copy_file($mime_types_subsystem_file_path, $mime_types_instance_file_path, - $default_file_permissions, $pki_user, $pki_group); - - } else { - $server_xml_instance_file_path = $conf_instance_path - . "/" . $server_xml_base_name; - $servercertnick_conf_instance_file_path = $conf_instance_path - . "/" . $servercertnick_conf_base_name; - - return 0 if !copy_directory($conf_subsystem_path, $conf_instance_path, - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - } - } else { - $noise_instance_file_path = $redirected_conf_path - . "/" . $noise_base_name; - $password_conf_instance_file_path = $redirected_conf_path - . "/" . $password_conf_base_name; - $pfile_instance_file_path = $redirected_conf_path - . "/" . $pfile_base_name; - $pki_cfg_instance_file_path = $redirected_conf_path - . "/" . $pki_cfg_base_name; - $proxy_conf_instance_file_path = $redirected_conf_path - . "/" . $proxy_conf_base_name; - $catalina_properties_instance_file_path = $redirected_conf_path - . "/" . $catalina_properties_base_name; - - # Populate optionally redirected instance directory path - # and setup a symlink in the standard area - if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { - $httpd_conf_instance_file_path = $redirected_conf_path - . "/" . $httpd_conf_base_name; - $magic_instance_file_path = $redirected_conf_path - . "/" . $magic_base_name; - $mime_types_instance_file_path = $redirected_conf_path - . "/" . $mime_types_base_name; - $nss_conf_instance_file_path = $redirected_conf_path - . "/" . $nss_conf_base_name; - $perl_conf_instance_file_path = $redirected_conf_path - . "/" . $perl_conf_base_name; - $pwcache_conf_instance_file_path = $redirected_conf_path - . "/" . $pwcache_conf_base_name; - - # create redirected instance directory - return 0 if !create_directory($redirected_conf_path, - $default_dir_permissions, $pki_user, $pki_group); - - # only copy selected files - return 0 if !copy_file($magic_subsystem_file_path, $magic_instance_file_path, - $default_file_permissions, $pki_user, $pki_group); - - return 0 if !copy_file($mime_types_subsystem_file_path, $mime_types_instance_file_path, - $default_file_permissions, $pki_user, $pki_group); - - } else { - $server_xml_instance_file_path = $redirected_conf_path - . "/" . $server_xml_base_name; - $servercertnick_conf_instance_file_path = $redirected_conf_path - . "/" . $servercertnick_conf_base_name; - - return 0 if !copy_directory($conf_subsystem_path, $redirected_conf_path, - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - } - - return 0 if !create_symlink($conf_instance_symlink_path, $redirected_conf_path, - $pki_user, $pki_group); - - } - - - # Check for an optionally redirected "logs" directory path ... - if (!$redirected_logs_path) { - # create instance directory - return 0 if !create_directory(${logs_instance_path}, - $default_dir_permissions, $pki_user, $pki_group); - - ## (CA, KRA, OCSP, TKS, TPS instances) - if ($subsystem_type ne $RA) { - ## Create a "signedAudit" directory - return 0 if !create_directory("${logs_instance_path}/${signed_audit_base_instance_dir}", - $default_dir_permissions, $pki_user, $pki_group); - } - } else { - # create redirected instance directory - # and setup a symlink in the standard area - return 0 if !create_directory($redirected_logs_path, - $default_dir_permissions, $pki_user, $pki_group); - - ## (CA, KRA, OCSP, TKS, TPS instances) - if ($subsystem_type ne $RA) { - ## Create a "signedAudit" directory - return 0 if !create_directory("${redirected_logs_path}/${signed_audit_base_instance_dir}", - $default_dir_permissions, $pki_user, $pki_group); - } - - return 0 if !create_symlink($logs_instance_symlink_path, $redirected_logs_path, - $pki_user, $pki_group); - - return 0 if !set_owner_group_on_directory_contents($redirected_logs_path, $pki_user, $pki_group); - } - - - ## Populate pki instance registry - # create pki registry for this subsystem - return 0 if !create_directory($pki_registry_subsystem_path, - $default_dir_permissions, $pki_user, $pki_group, 'preserve'); - - - ## Populate instance directory paths (CA instances) - if ($subsystem_type eq $CA) { - return 0 if !copy_directory($emails_subsystem_path, $emails_instance_path, - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - return 0 if !copy_directory($profiles_subsystem_path, $profiles_instance_path, - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - } - - - ## Populate instance directory paths (RA, TPS instances) - if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { - - if ($subsystem_type eq $TPS) { - return 0 if !create_directory($bin_instance_path, - $default_dir_permissions, $pki_user, $pki_group); - } - - return 0 if !create_directory($lib_instance_path, - $default_dir_permissions, $pki_user, $pki_group); - - return 0 if !create_directory($scripts_instance_path, - $default_dir_permissions, $pki_user, $pki_group); - - # Apache Specific - if ($subsystem_type eq $TPS) { - return 0 if !copy_directory($cgibin_subsystem_path, $cgibin_instance_path, - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - } - - # Apache Specific - return 0 if !copy_directory($docroot_subsystem_path, $docroot_instance_path, - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - # Copy /usr/share/pki/common-ui to <instance>/docroot/pki - return 0 if !copy_directory( - $common_ui_subsystem_path, - "$docroot_instance_path/pki", - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - # fix permissions - if (!is_Windows()) { - # Apache Specific - if ($subsystem_type eq $TPS) { - set_permissions("${cgibin_instance_path}/demo", $default_dir_permissions); - set_permissions("${cgibin_instance_path}/demo/*.cgi", $default_exe_permissions); - set_permissions("${cgibin_instance_path}/demo/*.html", $default_file_permissions); - set_permissions("${cgibin_instance_path}/home", $default_dir_permissions); - set_permissions("${cgibin_instance_path}/home/*.cgi", $default_exe_permissions); - set_permissions("${cgibin_instance_path}/home/*.html", $default_file_permissions); - set_permissions("${cgibin_instance_path}/so", $default_dir_permissions); - set_permissions("${cgibin_instance_path}/so/*.cgi", $default_exe_permissions); - set_permissions("${cgibin_instance_path}/so/*.html", $default_file_permissions); - set_permissions("${cgibin_instance_path}/sow", $default_dir_permissions); - set_permissions("${cgibin_instance_path}/sow/*.cgi", $default_exe_permissions); - set_permissions("${cgibin_instance_path}/sow/*.html", $default_file_permissions); - set_permissions("${cgibin_instance_path}/sow/*.pl", $default_exe_permissions); - set_permissions("${docroot_instance_path}/", $default_dir_permissions); - set_permissions("${docroot_instance_path}/*.cgi", $default_exe_permissions); - } - } - } else { - ## Populate instance directory paths (CA, KRA, OCSP, TKS instances) - return 0 if !copy_directory($webapps_subsystem_path, $webapps_instance_path, - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - # Copy /usr/share/pki/server/webapps/pki/admin - # to <instance>/webapp/<subsystem>/admin - return 0 if !copy_directory( - "$pki_subsystem_common_area/server/webapps/pki/admin", - "$webapps_subsystem_instance_path/admin", - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - return 0 if !copy_directory($ui_subsystem_path, $pki_instance_path, - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - ## Tomcat Specific - return 0 if !create_directory($shared_instance_path, - $default_dir_permissions, $pki_user, $pki_group); - - return 0 if !create_directory("$shared_instance_path/classes", - $default_dir_permissions, $pki_user, $pki_group); - - return 0 if !create_directory("$shared_instance_path/lib", - $default_dir_permissions, $pki_user, $pki_group); - - return 0 if !create_directory($tomcat_instance_common_lib_path, - $default_dir_permissions, $pki_user, $pki_group); - - return 0 if !create_directory($temp_instance_path, - $default_dir_permissions, $pki_user, $pki_group); - - return 0 if !create_directory($work_instance_path, - $default_dir_permissions, $pki_user, $pki_group); - } - - ## Set appropriate permissions - return 0 if !set_owner_group_on_directory_contents($pki_instance_path, $pki_user, $pki_group); - - return 1; -} - - -# process_file_template -# -# template_name -# Used to identify the template. -# src_path -# The file pathname of the template. -# dst_path -# The file pathname the processed template will be written to. -# substitutions -# Pointer to a hash. Each key is a substitution name, the key's -# value is the string to substitute. -# -# Given a template file, read it's contents in. Then perform text -# replacements on any string of the form "[name]". name will be used -# as a key in the substitutions hash, if the key exists in the hash then -# it's value will replace the string "[name]". -# -# Example, if the src template contained this line: -# -# Open port [PKI_UNSECURE_PORT] on your firewall. -# -# And the substitutions hash was this {'PKI_UNSECURE_PORT' => '1234'} -# -# Then the dst file contents will look like this: -# -# Open port 1234 on your firewall. -# -# Return 1 if success, 0 if failure - -sub process_file_template -{ - my ($template_name, $src_path, $dst_path, $substitutions) = @_; - - my $buf = ""; - my $num_subs = 0; - my $total_subs = 0; - my @keys; - my $key; - my $value; - emit(" Template ($template_name) \"${src_path}\" ==> \"${dst_path}\" ...\n"); - - # Check for a valid source file - if (!is_path_valid($src_path)) { - emit("process_file_template(): invalid source path ${src_path}!\n", "error"); - return 0; - } - - # Check for a valid destination file - if (!is_path_valid($dst_path)) { - emit("process_file_template(): invalid destination path ${dst_path}!\n", "error"); - return 0; - } - - # Read in contents of source file - $buf = read_file($src_path); - - # Process each line substituting each [KEY] - # with its corresponding slot hash value - @keys = sort(keys %$substitutions); - foreach $key (@keys) { - $value = $substitutions->{$key}; - # Perform global substitution on buffer and - # get count of how many substitutions were actually performed. - $num_subs = $buf =~ s/\[$key\]/$value/g; - $total_subs += $num_subs; - - # If any substitutions were performed then log what was done. - if ($num_subs > 0) { - # Hide sensitive information by emitting the word "(sensitive)" - # rather rather than the substituted value. - if ($key eq $PKI_CERT_DB_PASSWORD_SLOT) { - emit(sprintf(" %3d substitutions: %s ==> (sensitive)\n", $num_subs, $key)); - } else { - emit(sprintf(" %3d substitutions: %s ==> \"%s\"\n", $num_subs, $key, $value)); - } - } - } - - emit(" $total_subs substitutions were made in '$dst_path'\n"); - - # Sanity check, are there any strings left in the buffer which look - # like a substitution. - foreach my $match ($buf =~ /\[[A-Z_]+\]/g) { - emit("WARNING: Possible missed substitution \"$match\" in $src_path"); - } - - # Record that we've installed this file. - add_install_info($dst_path, 'file'); - - if ($verbose >= 2) { - # For debugging, emit the contents after substitution. - emit(sprintf(">> $dst_path\n%s<< $dst_path\n", $buf)); - } - - if (!$dry_run) { - # Write out these modified contents to the destination file. - write_file($dst_path, \$buf); - } - - return 1; -} - - -# Return 1 if success, 0 if failure -sub process_pki_templates -{ - my $use_port_separation = 0; - if ($agent_secure_port >= 0 && - ($subsystem_type ne $RA) && - ($subsystem_type ne $TPS)) { - $use_port_separation = 1; - } - - my %slot_hash = (); - - emit("Processing PKI templates for '$pki_instance_path' ...\n"); - - $slot_hash{$PKI_SUBSYSTEM_TYPE_SLOT} = $subsystem_type; - $slot_hash{$PKI_INSTANCE_NAME_SLOT} = $pki_instance_name; - $slot_hash{$PKI_INSTANCE_PATH_SLOT} = $pki_instance_path; - $slot_hash{$PKI_INSTANCE_ROOT_SLOT} = $pki_instance_root; - $slot_hash{$PKI_INSTANCE_INITSCRIPT} = $pki_instance_initscript_path; - $slot_hash{$PKI_REGISTRY_FILE_SLOT} = $pki_registry_instance_file_path; - $slot_hash{$PKI_USER_SLOT} = $pki_user; - $slot_hash{$PKI_GROUP_SLOT} = $pki_group; - $slot_hash{$PKI_PIDDIR} = $pki_piddir_path; - - if ($subsystem_type eq $TPS) { - $slot_hash{$REQUIRE_CFG_PL} = "require \"${cgi_sow_instance_cfg_pl_path}\";"; - } - - if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { - # Setup templates (RA, TPS) - $slot_hash{$HTTPD_CONF} = $httpd_conf_instance_file_path; - $slot_hash{$LIB_PREFIX} = $lib_prefix; - $slot_hash{$NSS_CONF} = $nss_conf_instance_file_path; - $slot_hash{$OBJ_EXT} = $obj_ext; - $slot_hash{$PKI_UNSECURE_PORT_SLOT} = $unsecure_port; - $slot_hash{$PROCESS_ID} = $$; - $slot_hash{$PKI_SECURE_PORT_SLOT} = $secure_port; - $slot_hash{$NON_CLIENTAUTH_SECURE_PORT} = $non_clientauth_secure_port; - $slot_hash{$SECURITY_LIBRARIES} = $default_security_libraries; - $slot_hash{$PKI_HOSTNAME_SLOT} = $host; - $slot_hash{$PKI_INSTANCE_PATH_SLOT}= $pki_instance_path; - $slot_hash{$SYSTEM_LIBRARIES} = $default_system_libraries; - $slot_hash{$SYSTEM_USER_LIBRARIES} = $default_system_user_libraries; - $slot_hash{$TMP_DIR} = $tmp_dir; - $slot_hash{$TPS_DIR} = $pki_subsystem_path; - $slot_hash{$PKI_RANDOM_NUMBER_SLOT} = $random; - $slot_hash{$PKI_LOCKDIR} = $pki_lockdir_path; - if (is_Fedora() || (is_RHEL() && (! is_RHEL4()))) { - $slot_hash{$FORTITUDE_APACHE} = "Apache2"; - $slot_hash{$FORTITUDE_DIR} = "/usr"; - $slot_hash{$FORTITUDE_LIB_DIR} = "/etc/httpd"; - $slot_hash{$FORTITUDE_MODULE} = "/etc/httpd/modules"; - $slot_hash{$FORTITUDE_AUTH_MODULES} = -" -LoadModule auth_basic_module /etc/httpd/modules/mod_auth_basic.so -LoadModule authn_file_module /etc/httpd/modules/mod_authn_file.so -LoadModule authz_user_module /etc/httpd/modules/mod_authz_user.so -LoadModule authz_groupfile_module /etc/httpd/modules/mod_authz_groupfile.so -LoadModule authz_host_module /etc/httpd/modules/mod_authz_host.so -"; - $slot_hash{$FORTITUDE_NSS_MODULES} = -" -LoadModule nss_module /etc/httpd/modules/libmodnss.so -"; - } - else { - $slot_hash{$FORTITUDE_APACHE} = "Apache"; - $slot_hash{$FORTITUDE_DIR} = "/opt/fortitude"; - $slot_hash{$FORTITUDE_LIB_DIR} = "/opt/fortitude"; - $slot_hash{$FORTITUDE_MODULE} = "/opt/fortitude/modules.local"; - $slot_hash{$FORTITUDE_AUTH_MODULES} = -" -LoadModule auth_module /opt/fortitude/modules/mod_auth.so -LoadModule access_module /opt/fortitude/modules/mod_access.so -"; - $slot_hash{$FORTITUDE_NSS_MODULES} = -" -LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so -"; - } - } else { - # Setup templates (CA, KRA, OCSP, TKS) - $slot_hash{$INSTALL_TIME} = localtime; - $slot_hash{$PKI_CERT_DB_PASSWORD_SLOT} = $db_password; - $slot_hash{$PKI_CFG_PATH_NAME_SLOT} = $pki_cfg_instance_file_path; - $slot_hash{$PKI_HOSTNAME_SLOT} = $host; - $slot_hash{$PKI_RANDOM_NUMBER_SLOT} = $random; - $slot_hash{$PKI_SERVER_XML_CONF} = $server_xml_instance_file_path; - $slot_hash{$PKI_UNSECURE_PORT_SLOT} = $unsecure_port; - - if ($use_systemd) { - $slot_hash{$PKI_SYSTEMD_SERVICENAME_SLOT} = $pki_instance_systemd_service_name; - } else { - $slot_hash{$PKI_SYSTEMD_SERVICENAME_SLOT} = ""; - } - - # Define "Port Separation" (default) versus "Shared Ports" (legacy) - if ($use_port_separation) { - # Establish "Port Separation" Connector Names - $slot_hash{$PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT} = $PKI_UNSECURE_PORT_NAME; - $slot_hash{$PKI_SECURE_PORT_CONNECTOR_NAME_SLOT} = $PKI_AGENT_SECURE_PORT_NAME; - $slot_hash{$PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT} = $PKI_ADMIN_SECURE_PORT_NAME; - $slot_hash{$PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT} = $PKI_EE_SECURE_PORT_NAME; - $slot_hash{$PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT} = $PKI_EE_SECURE_CLIENT_AUTH_PORT_NAME; - - # Establish "Port Separation" Connector Ports - $slot_hash{$PKI_SECURE_PORT_SLOT} = $agent_secure_port; - $slot_hash{$PKI_AGENT_SECURE_PORT_SLOT} = $agent_secure_port; - $slot_hash{$PKI_EE_SECURE_PORT_SLOT} = $ee_secure_port; - $slot_hash{$PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT} = $ee_secure_client_auth_port; - $slot_hash{$PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT} = $ee_secure_client_auth_port; - $slot_hash{$PKI_ADMIN_SECURE_PORT_SLOT} = $admin_secure_port; - - # Comment "Port Separation" appropriately - $slot_hash{$PKI_UNSECURE_PORT_COMMENT_SERVER_SLOT} = $PKI_UNSECURE_SEPARATE_PORTS_COMMENT; - $slot_hash{$PKI_SECURE_PORT_COMMENT_SERVER_SLOT} = $PKI_AGENT_SECURE_SEPARATE_PORTS_COMMENT; - $slot_hash{$PKI_ADMIN_SECURE_PORT_COMMENT_SERVER_SLOT} = $PKI_ADMIN_SECURE_SEPARATE_PORTS_COMMENT; - $slot_hash{$PKI_EE_SECURE_PORT_COMMENT_SERVER_SLOT} = $PKI_EE_SECURE_SEPARATE_PORTS_COMMENT; - $slot_hash{$PKI_EE_SECURE_CLIENT_AUTH_PORT_COMMENT_SERVER_SLOT} = $PKI_EE_SECURE_CLIENT_AUTH_SEPARATE_PORTS_COMMENT; - - # Set appropriate "clientAuth" parameter for "Port Separation" - $slot_hash{$PKI_AGENT_CLIENTAUTH_SLOT} = "true"; - - # Do NOT comment out the "Admin/EE" Ports - $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_SERVER_SLOT} = ""; - $slot_hash{$PKI_CLOSE_SEPARATE_PORTS_COMMENT_SERVER_SLOT} = ""; - - # Do NOT comment out the "Admin/Agent/EE" Filters - # used by Port Separation - $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_WEB_SLOT} = ""; - $slot_hash{$PKI_CLOSE_SEPARATE_PORTS_COMMENT_WEB_SLOT} = ""; - } else { - # Establish "Shared Ports" Connector Names - $slot_hash{$PKI_UNSECURE_PORT_CONNECTOR_NAME_SLOT} = $PKI_UNSECURE_PORT_NAME; - $slot_hash{$PKI_SECURE_PORT_CONNECTOR_NAME_SLOT} = $PKI_SECURE_PORT_NAME; - $slot_hash{$PKI_ADMIN_SECURE_PORT_CONNECTOR_NAME_SLOT} = $PKI_UNUSED_SECURE_PORT_NAME; - $slot_hash{$PKI_EE_SECURE_PORT_CONNECTOR_NAME_SLOT} = $PKI_UNUSED_SECURE_PORT_NAME; - $slot_hash{$PKI_EE_SECURE_CLIENT_AUTH_PORT_CONNECTOR_NAME_SLOT} = $PKI_UNUSED_SECURE_PORT_NAME; - - # Establish "Shared Ports" Connector Ports - $slot_hash{$PKI_SECURE_PORT_SLOT} = $secure_port; - $slot_hash{$PKI_AGENT_SECURE_PORT_SLOT} = $secure_port; - $slot_hash{$PKI_EE_SECURE_PORT_SLOT} = $secure_port; - $slot_hash{$PKI_EE_SECURE_CLIENT_AUTH_PORT_SLOT} = $secure_port; - $slot_hash{$PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT} = $secure_port; - $slot_hash{$PKI_ADMIN_SECURE_PORT_SLOT} = $secure_port; - - # Comment "Shared Ports" appropriately - $slot_hash{$PKI_UNSECURE_PORT_COMMENT_SERVER_SLOT} = $PKI_UNSECURE_SHARED_PORTS_COMMENT; - $slot_hash{$PKI_SECURE_PORT_COMMENT_SERVER_SLOT} = $PKI_SECURE_SHARED_PORTS_COMMENT; - $slot_hash{$PKI_ADMIN_SECURE_PORT_COMMENT_SERVER_SLOT} = ""; - $slot_hash{$PKI_EE_SECURE_PORT_COMMENT_SERVER_SLOT} = ""; - $slot_hash{$PKI_EE_SECURE_CLIENT_AUTH_PORT_COMMENT_SERVER_SLOT} = ""; - - # Set appropriate "clientAuth" parameter for "Shared Ports" - $slot_hash{$PKI_AGENT_CLIENTAUTH_SLOT} = "want"; - - # Comment out the "Admin/EE" Ports - $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_SERVER_SLOT} = $PKI_OPEN_COMMENT; - $slot_hash{$PKI_CLOSE_SEPARATE_PORTS_COMMENT_SERVER_SLOT} = $PKI_CLOSE_COMMENT;; - - # Comment out the "Admin/Agent/EE" Filters - $slot_hash{$PKI_OPEN_SEPARATE_PORTS_COMMENT_WEB_SLOT} = $PKI_OPEN_COMMENT; - $slot_hash{$PKI_CLOSE_SEPARATE_PORTS_COMMENT_WEB_SLOT} = $PKI_CLOSE_COMMENT; - } - - if ($enable_proxy) { - if ($use_port_separation) { - $slot_hash{$PKI_AJP_REDIRECT_PORT_SLOT} = $ee_secure_port; - } else { - $slot_hash{$PKI_AJP_REDIRECT_PORT_SLOT} = $secure_port; - } - $slot_hash{$PKI_EE_SECURE_CLIENT_AUTH_PORT_UI_SLOT} = $proxy_secure_port; - $slot_hash{$PKI_AJP_PORT_SLOT} = $ajp_port; - $slot_hash{$PKI_OPEN_AJP_PORT_COMMENT_SLOT} = ""; - $slot_hash{$PKI_CLOSE_AJP_PORT_COMMENT_SLOT} = ""; - $slot_hash{$PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT} = ""; - $slot_hash{$PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT} = ""; - } else { - $slot_hash{$PKI_OPEN_AJP_PORT_COMMENT_SLOT} = $PKI_OPEN_COMMENT; - $slot_hash{$PKI_CLOSE_AJP_PORT_COMMENT_SLOT} = $PKI_CLOSE_COMMENT; - $slot_hash{$PKI_OPEN_ENABLE_PROXY_COMMENT_SLOT} = $PKI_OPEN_COMMENT; - $slot_hash{$PKI_CLOSE_ENABLE_PROXY_COMMENT_SLOT} = $PKI_CLOSE_COMMENT; - } - - $slot_hash{$PROXY_SECURE_PORT_SLOT} = ($proxy_secure_port >=0) ? - $proxy_secure_port : ""; - $slot_hash{$PROXY_UNSECURE_PORT_SLOT} = ($proxy_unsecure_port>=0) ? - $proxy_unsecure_port : ""; - - $slot_hash{$PKI_WEBAPPS_NAME} = $webapps_base_subsystem_dir; - $slot_hash{$TOMCAT_SERVER_PORT_SLOT} = $tomcat_server_port; - $slot_hash{$TOMCAT_PIDFILE} = $tomcat6_instance_pid_file_path; - $slot_hash{$TOMCAT_CFG} = $tomcat6_conf_instance_file_path; - $slot_hash{$TOMCAT_SSL_OPTIONS} = "ssl2=true,ssl3=true,tls=true"; - $slot_hash{$TOMCAT_SSL2_CIPHERS} = "-SSL2_RC4_128_WITH_MD5,-SSL2_RC4_128_EXPORT40_WITH_MD5," - . "-SSL2_RC2_128_CBC_WITH_MD5,-SSL2_RC2_128_CBC_EXPORT40_WITH_MD5," - . "-SSL2_DES_64_CBC_WITH_MD5,-SSL2_DES_192_EDE3_CBC_WITH_MD5"; - $slot_hash{$TOMCAT_SSL3_CIPHERS} = "-SSL3_FORTEZZA_DMS_WITH_NULL_SHA,-SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA," - . "+SSL3_RSA_WITH_RC4_128_SHA,-SSL3_RSA_EXPORT_WITH_RC4_40_MD5," - . "+SSL3_RSA_WITH_3DES_EDE_CBC_SHA,-SSL3_RSA_WITH_DES_CBC_SHA," - . "-SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,-SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA," - . "-SSL_RSA_FIPS_WITH_DES_CBC_SHA,+SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA," - . "-SSL3_RSA_WITH_NULL_MD5,-TLS_RSA_EXPORT1024_WITH_RC4_56_SHA," - . "-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; - $slot_hash{$TOMCAT_TLS_CIPHERS} = "-TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,-TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA," - . "+TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDH_RSA_WITH_AES_128_CBC_SHA," - . "+TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA," - . "+TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_RSA_WITH_3DES_EDE_CBC_SHA," - . "+TLS_RSA_WITH_AES_128_CBC_SHA,+TLS_RSA_WITH_AES_256_CBC_SHA," - . "+TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,+TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," - . "-TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,-TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," - . "-TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,+TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA," - . "+TLS_DHE_DSS_WITH_AES_128_CBC_SHA,+TLS_DHE_DSS_WITH_AES_256_CBC_SHA," - . "+TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,+TLS_DHE_RSA_WITH_AES_128_CBC_SHA," - . "+TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; - $slot_hash{$TOMCAT_INSTANCE_COMMON_LIB} = "$tomcat_instance_common_lib_path/*.jar"; - if (!$redirected_logs_path) { - $slot_hash{$TOMCAT_LOG_DIR} = $logs_instance_path; - } - else { - $slot_hash{$TOMCAT_LOG_DIR} = $redirected_logs_path; - } - - } - - ## Process templates (instance independent) - # - # NOTE: The values substituted may differ across subsystems. - # - - # process "CS.cfg" template - return 0 if !process_file_template("pki_cfg", - $pki_cfg_subsystem_file_path, - $pki_cfg_instance_file_path, - \%slot_hash); - return 0 if !set_file_props($pki_cfg_instance_file_path, - $default_file_permissions, $pki_user, $pki_group); - - ## Process registry instance template - return 0 if !process_file_template("pki_registry_template", - $pki_registry_subsystem_file_path, - $pki_registry_instance_file_path, - \%slot_hash); - return 0 if !set_file_props($pki_registry_instance_file_path, - $default_file_permissions, $root_user, $root_group); - - ## Process templates (CA instances) - if ($subsystem_type eq $CA) { - # process ProfileSelect.template - return 0 if !process_file_template("profile_select_template", - $profile_select_template_subsystem_file_path, - $profile_select_template_instance_file_path, - \%slot_hash); - # process proxy.conf file - return 0 if !process_file_template("proxy_conf", - $proxy_conf_subsystem_file_path, - $proxy_conf_instance_file_path, - \%slot_hash); - } - - - ## Process templates (RA, TPS instances) - if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { - - if ($subsystem_type eq $TPS) { - - # process "cgi" template - return 0 if !process_file_template("cgi_home", - $cgi_home_subsystem_file_path, - $cgi_home_instance_file_path, - \%slot_hash); - - return 0 if !process_file_template("cgi_demo", - $cgi_demo_subsystem_file_path, - $cgi_demo_instance_file_path, - \%slot_hash); - - return 0 if !process_file_template("cgi_so", - $cgi_so_subsystem_file_path, - $cgi_so_instance_file_path, - \%slot_hash); - - return 0 if !process_file_template("cgi_so_enroll", - $cgi_so_subsystem_enroll_file_path, - $cgi_so_instance_enroll_file_path, - \%slot_hash); - - # process each "*.cgi" file in subsystem "sow" directory - opendir(SUBSYSTEM_DIR, $cgi_sow_subsystem_file_path); - while (defined(my $entity = readdir(SUBSYSTEM_DIR))) { - if ($entity =~ m/.cgi$/) { - # build complete "sow" subystem ".cgi" file name - $cgi_sow_subsystem_cgi_file_path = "${cgi_sow_subsystem_file_path}/${entity}"; - # build complete "sow" instance ".cgi" file name - $cgi_sow_instance_cgi_file_path = "${cgi_sow_instance_file_path}/${entity}"; - # process complete "sow" instance ".cgi" file name - return 0 if !process_file_template("cgi_sow", - $cgi_sow_subsystem_cgi_file_path, - $cgi_sow_instance_cgi_file_path, - \%slot_hash); - } - } - closedir(SUBSYSTEM_DIR); - - # process "addAgents.ldif" template - return 0 if !process_file_template("addAgents_ldif", - $addAgents_ldif_subsystem_file_path, - $addAgents_ldif_instance_file_path, - \%slot_hash); - - # process "addIndexes.ldif" template - return 0 if !process_file_template("addIndexes_ldif", - $addIndexes_ldif_subsystem_file_path, - $addIndexes_ldif_instance_file_path, - \%slot_hash); - - # process "addTokens.ldif" template - return 0 if !process_file_template("addTokens_ldif", - $addTokens_ldif_subsystem_file_path, - $addTokens_ldif_instance_file_path, - \%slot_hash); - - # process "addVLVIndexes.ldif" template - return 0 if !process_file_template("addVLVIndexes_ldif", - $addVLVIndexes_ldif_subsystem_file_path, - $addVLVIndexes_ldif_instance_file_path, - \%slot_hash); - - # process "schemaMods.ldif" template - return 0 if !process_file_template("schemaMods_ldif", - $schemaMods_ldif_subsystem_file_path, - $schemaMods_ldif_instance_file_path, - \%slot_hash); - } - - - # process "httpd.conf" template - return 0 if !process_file_template("httpd_conf", - $httpd_conf_subsystem_file_path, - $httpd_conf_instance_file_path, - \%slot_hash); - return 0 if !set_file_props($httpd_conf_instance_file_path, - $default_file_permissions, $pki_user, $pki_group); - - - # process "nss.conf" template - return 0 if !process_file_template("nss_conf", - $nss_conf_subsystem_file_path, - $nss_conf_instance_file_path, - \%slot_hash); - return 0 if !set_file_props($nss_conf_instance_file_path, - $default_file_permissions, $pki_user, $pki_group); - - # process "perl.conf" template - return 0 if !process_file_template("perl_conf", - $perl_conf_subsystem_file_path, - $perl_conf_instance_file_path, - \%slot_hash); - - return 0 if !set_file_props($perl_conf_instance_file_path, - $default_file_permissions, $pki_user, $pki_group); - - - # process "nss_pcache" template - return 0 if !process_file_template("nss_pcache", - $nss_pcache_subsystem_file_path, - $nss_pcache_instance_file_path, - \%slot_hash); - - return 0 if !set_permissions($nss_pcache_instance_file_path, - $default_exe_permissions); - - # process "pki_apache_initscript" template - return 0 if !process_file_template("pki_apache_initscript", - $pki_apache_initscript_file_path, - $pki_instance_initscript_path, - \%slot_hash); - - return 0 if !set_permissions($pki_instance_initscript_path, - $default_exe_permissions); - - - } else { - ## Process templates (CA, KRA, OCSP, TKS instances) - # process "index.jsp" template - return 0 if !process_file_template("index_jsp", - $index_jsp_subsystem_file_path, - $index_jsp_instance_file_path, - \%slot_hash); - - # process "server.xml" template - return 0 if !process_file_template("server_xml", - $server_xml_subsystem_file_path, - $server_xml_instance_file_path, - \%slot_hash); - - # process "serverCertNick.conf" template - return 0 if !process_file_template("servercertnick_conf", - $servercertnick_conf_subsystem_file_path, - $servercertnick_conf_instance_file_path, - \%slot_hash); - - # process "tomcat6.conf" template - return 0 if !process_file_template("tomcat6_conf", - $tomcat6_conf_subsystem_file_path, - $tomcat6_conf_instance_file_path, - \%slot_hash); - - # process "velocity.properties" template - return 0 if !process_file_template("velocity_prop", - $velocity_prop_subsystem_file_path, - $velocity_prop_instance_file_path, - \%slot_hash); - - # process "web.xml" template - return 0 if !process_file_template("web_xml", - $web_xml_subsystem_file_path, - $web_xml_instance_file_path, - \%slot_hash); - - # process "catalina.properties" template - return 0 if !process_file_template("catalina_properties", - $catalina_properties_subsystem_file_path, - $catalina_properties_instance_file_path, - \%slot_hash); - } - - return 1; -} - - -# Return 1 if success, 0 if failure -sub process_pki_files_and_symlinks -{ - emit("Processing PKI files and symbolic links for '$pki_instance_path' ...\n"); - - ## Populate instances (instance independent) - - # create a filled in temporary "noise" - # file for this instance - my $noise = generate_random_string(1024); - - return 0 if !create_file($noise_instance_file_path, - $noise, - $default_file_permissions, $pki_user, $pki_group); - - # create a filled in empty "password.conf" - # password file for this instance - if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { - return 0 if !create_file($password_conf_instance_file_path, - "${default_security_token}:${db_password}\n", - $default_file_permissions, $pki_user, $pki_group); - } else { - return 0 if !create_file($password_conf_instance_file_path, - "${default_security_token}=${db_password}\n", - $default_file_permissions, $pki_user, $pki_group); - } - - # create a filled in empty temporary "pfile" - # password file for this instance - return 0 if !create_file($pfile_instance_file_path, - "${db_password}\n", - $default_file_permissions, $pki_user, $pki_group); - - ## Populate systemd links - if ($use_systemd) { - return 0 if !create_symlink( - "${pki_subsystem_systemd_wants_path}/${pki_instance_systemd_service_name}", - "$pki_subsystem_systemd_service_path", - $root_user, $root_group); - - # reload systemd configuration - run_command("/bin/systemctl --system daemon-reload"); - } - - ## Populate instances (RA, TPS instances) - if ($subsystem_type eq $RA || $subsystem_type eq $TPS) { - # create an empty file called "pwcache.conf" for this - return 0 if !create_empty_file($pwcache_conf_instance_file_path, - $default_file_permissions, $pki_user, $pki_group); - - # create instance symlink to subsystem "perl" subdirectory - return 0 if !create_symlink($perl_instance_symlink_path, $perl_subsystem_path, - $pki_user, $pki_group); - - return 0 if !create_symlink($run_instance_symlink_path, - "${default_apache_pids_path}/${subsystem_type}", - $pki_user, $pki_group); - - } else { - ## Populate instances (CA, KRA, OCSP, TKS instances) - # create instance "webapps/$subsystem_type/WEB-INF/lib" subdirectory - - # Create symlink of pki_instance_name pointing to tomcat6 init script. - # This is our per instance init script, tomcat6 will use the basename - # to find our tomcat6 configuration file in /etc/sysconfig - return 0 if !create_symlink($pki_instance_initscript_path, $tomcat6_initscript_path, - $root_user, $root_group); - - return 0 if !create_directory($webinf_lib_instance_path, - $default_dir_permissions, $pki_user, $pki_group); - - # create instance symlink to "pki-certsrv.jar" - return 0 if !create_symlink($pki_certsrv_jar_symlink_path, $pki_certsrv_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "pki-cms.jar" - return 0 if !create_symlink($pki_cms_jar_symlink_path, $pki_cms_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "pki-cmsbundle.jar" - return 0 if !create_symlink($pki_cmsbundle_jar_symlink_path, $pki_cmsbundle_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "pki-cmscore.jar" - return 0 if !create_symlink($pki_cmscore_jar_symlink_path, $pki_cmscore_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "pki-cmsutil.jar" - return 0 if !create_symlink($pki_cmsutil_jar_symlink_path, $pki_cmsutil_jar_file_path, - $pki_user, $pki_group); - - # create symlink to either "apache-commons-collections.jar" or "jakarta-commons-collections.jar" - # needed by velocity - return 0 if !create_symlink($commons_collections_jar_symlink_path, - $commons_collections_jar_file_path, - $pki_user, $pki_group); - - # create symlink to either "apache-commons-lang.jar" or "jakarta-commons-lang.jar" - # needed by velocity - return 0 if !create_symlink($commons_lang_jar_symlink_path, - $commons_lang_jar_file_path, - $pki_user, $pki_group); - - # create symlink to "apache-commons-logging.jar or jakarta-commons-logging.jar" - # this is needed by tomcatjss - return 0 if !create_symlink($commons_logging_jar_symlink_path, - $commons_logging_jar_file_path, - $pki_user, $pki_group); - - # create symlink to "jss.jar" - return 0 if !create_symlink($jss_jar_symlink_path, $jss_jar_file_path, - $pki_user, $pki_group); - - # create symlink to "ldapjdk.jar" - return 0 if !create_symlink($ldapjdk_jar_symlink_path, $ldapjdk_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "pki-nsutil.jar" - return 0 if !create_symlink($pki_nsutil_jar_symlink_path, $pki_nsutil_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "commons_codec.jar" - return 0 if !create_symlink($commons_codec_jar_symlink_path, $commons_codec_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "${subsystem_type}.jar" - return 0 if !create_symlink($pki_subsystem_jar_symlink_path, $pki_subsystem_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "symkey.jar" - return 0 if !create_symlink($symkey_jar_symlink_path, $symkey_jar_file_path, - $pki_user, $pki_group); - - # create symlink to "tomcatjss.jar" - return 0 if !create_symlink($tomcatjss_jar_symlink_path, $tomcatjss_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "velocity.jar" - return 0 if !create_symlink($velocity_jar_symlink_path, $velocity_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "xerces.jar" - return 0 if !create_symlink($xerces_jar_symlink_path, $xerces_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "xml_commons_apis.jar" - return 0 if !create_symlink($xml_commons_apis_jar_symlink_path, $xml_commons_apis_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "xml_commons_resolver.jar" - return 0 if !create_symlink($xml_commons_resolver_jar_symlink_path, $xml_commons_resolver_jar_file_path, - $pki_user, $pki_group); - - #resteasy - # create instance symlink to "javassist.jar" - return 0 if !create_symlink($javassist_jar_symlink_path, $javassist_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "jaxrs-api.jar" - return 0 if !create_symlink($jaxrs_api_jar_symlink_path, $jaxrs_api_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "pki-resteasy_jaxb_provider.jar" - return 0 if !create_symlink($resteasy_jaxb_provider_jar_symlink_path, $resteasy_jaxb_provider_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "resteasy_jaxrs.jar" - return 0 if !create_symlink($resteasy_jaxrs_jar_symlink_path, $resteasy_jaxrs_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "scannotation.jar" - return 0 if !create_symlink($scannotation_jar_symlink_path, $scannotation_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "pki-resteasy_atom_provider.jar" - return 0 if !create_symlink($resteasy_atom_provider_jar_symlink_path, $resteasy_atom_provider_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "pki-resteasy_jettison_provider.jar" - return 0 if !create_symlink($resteasy_jettison_provider_jar_symlink_path, $resteasy_jettison_provider_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "jettison.jar" - return 0 if !create_symlink($jettison_jar_symlink_path, $jettison_jar_file_path, - $pki_user, $pki_group); - - # create instance symlink to "httpclient.jar" - return 0 if !create_symlink($httpclient_jar_symlink_path, $httpclient_jar_file_path, - $pki_user, $pki_group); - - } - - return 1; -} - - -# Return 1 if success, 0 if failure -sub process_pki_security_databases -{ - my $result = 0; - my $serial_number = 0; - my $validity_period = 12; - my $time_stamp = get_time_stamp(); - my $subject = "CN=$host,O=$time_stamp"; - my $issuer_name = "CN=$host,O=$time_stamp"; - my $nickname = "Server-Cert cert-$pki_instance_name"; - my $trustargs = "CTu,CTu,CTu"; - - emit("Processing PKI security databases for '$pki_instance_path' ...\n"); - - # now create and configure pki security databases, - # cert3.db, key3.db, secmod.db ... - if (!file_exists($default_certutil_command) && !$dry_run) { - emit("process_pki_security_databases(): $default_certutil_command does not exist!\n", "error"); - return $result; - - } - - if (!file_exists($noise_instance_file_path) && !$dry_run) { - emit("process_pki_security_databases(): Can't find temp noise file!\n", "error"); - return $result; - } - - if (!file_exists($pfile_instance_file_path) && !$dry_run) { - emit("process_pki_security_databases(): Can't find temp file with password!\n", "error"); - return $result; - } - - certutil_create_databases($alias_instance_path, - $pfile_instance_file_path); - - certutil_generate_self_signed_cert($alias_instance_path, - $default_security_token, - $serial_number, - $validity_period, - $subject, - $issuer_name, - $nickname, - $trustargs, - $noise_instance_file_path, - $pfile_instance_file_path); - - remove_file($noise_instance_file_path); - - remove_file($pfile_instance_file_path); - - set_owner_group_on_directory_contents($alias_instance_path, - $pki_user, $pki_group); - - return 1; -} - - -# Return 1 if success, 0 if failure -sub process_pki_security_modules -{ - my $result = 0; - - emit("Processing PKI security modules for '$pki_instance_path' ...\n"); - - if (!file_exists($default_modutil_command) && !$dry_run) { - emit("process_pki_security_modules(): $default_modutil_command must be installed on system!\n", "error"); - return $result; - } - - emit(" Attempting to add hardware security modules to system if applicable ...\n"); - - while (my ($key, $value) = each(%supported_sec_modules_hash)) { - if (!file_exists($value)) { - emit(" module name: $key lib: $value DOES NOT EXIST!\n"); - next; - } else { - modutil_add_token($alias_instance_path, $key, $value); - emit(" Added module name: $key lib: $value\n"); - } - } - - return 1; -} - -sub process_pki_selinux_setup -{ - my $setype = "pki_" . $subsystem_type; - my $setype_p = $setype . "_port_t"; - my $default_instance_name = "pki-" . $subsystem_type; - my $default_instance_root = "/var/lib"; - my $default_log_path = "/var/log/" . $default_instance_name; - my $default_conf_path = "/etc/" . $default_instance_name; - my $status = 0; - - my $conf_path; - my $log_path; - my $ftype; - my $java_component = 0; - my $semanage_cmds = ""; - my @restorecon_cmds; - - emit("configuring SELinux ...\n"); - - if (!$redirected_logs_path) { - $log_path = $logs_instance_path; - } - else { - $log_path =$redirected_logs_path; - } - - if (!$redirected_conf_path) { - $conf_path = $conf_instance_path; - } - else { - $conf_path =$redirected_conf_path; - } - - if ($subsystem_type eq $CA || - $subsystem_type eq $KRA || - $subsystem_type eq $OCSP || - $subsystem_type eq $TKS) { - $java_component =1; - } - - # set file contexts - if ($java_component) { - push (@restorecon_cmds, "$restorecon -F -R /usr/share/java/pki"); - } - push (@restorecon_cmds, "$restorecon -F -R /usr/share/pki"); - - # set file context for $pki_instance_root/$pki_instance_name - if (($pki_instance_name ne $default_instance_name) || ($pki_instance_root ne $default_instance_root)) { - add_selinux_file_context($setype . "_var_lib_t", - "\"${pki_instance_root}/${pki_instance_name}(/.*)?\"", - "a", \$semanage_cmds); - - if (!$java_component) { - add_selinux_file_context($setype . "_exec_t", - "\"${pki_instance_root}/${pki_instance_name}/${pki_instance_name}\"", - "a", \$semanage_cmds); - } - } - push(@restorecon_cmds, "$restorecon -F -R $pki_instance_root/$pki_instance_name"); - - - if ($java_component) { - # set file context for instance pid file - my $pidfile = $tomcat6_instance_pid_file_path; - if ($pki_instance_name ne $default_instance_name) { - add_selinux_file_context($setype . "_var_run_t", - $pidfile, "f", \$semanage_cmds); - } - if (-e $pidfile) { - push(@restorecon_cmds, "$restorecon -F $pidfile"); - } - - my $pidpath = $default_apache_pids_path; - if (-e $pidpath) { - push(@restorecon_cmds, "$restorecon -F -R $pidpath"); - } - } - - # set file context for $log_path - $log_path =~ s/\/+$//; - if (!$log_path) { - emit("Error: Cannot set selinux context $setype" . "_log_t for directory /"); - } else { - if ($log_path ne $default_log_path) { - add_selinux_file_context($setype . "_log_t", - "\"$log_path(/.*)?\"", "a", \$semanage_cmds); - } - push(@restorecon_cmds, "$restorecon -F -R $log_path"); - } - - # set file context for $conf_path - $conf_path =~ s/\/+$//; - if (!$conf_path) { - emit("Error: Cannot set selinux context $setype" . "_etc_rw_t for directory /"); - } else { - if ($conf_path ne $default_conf_path) { - add_selinux_file_context($setype . "_etc_rw_t", - "\"$conf_path(/.*)?\"", "a", \$semanage_cmds); - } - push(@restorecon_cmds, "$restorecon -F -R $conf_path"); - } - - # add ports - parse_selinux_ports(); - if ($secure_port != -1) { - add_selinux_port($setype_p, $secure_port, \$semanage_cmds); - } - if ($non_clientauth_secure_port != -1) { - add_selinux_port($setype_p, $non_clientauth_secure_port, \$semanage_cmds); - } - if ($unsecure_port != -1) { - add_selinux_port($setype_p, $unsecure_port, \$semanage_cmds); - } - if ($tomcat_server_port != -1) { - add_selinux_port($setype_p, $tomcat_server_port, \$semanage_cmds); - } - if ($agent_secure_port != -1) { - add_selinux_port($setype_p, $agent_secure_port, \$semanage_cmds); - } - if ($ee_secure_port != -1) { - add_selinux_port($setype_p, $ee_secure_port, \$semanage_cmds); - } - if ($ee_secure_client_auth_port != -1) { - add_selinux_port($setype_p, $ee_secure_client_auth_port, \$semanage_cmds); - } - if ($admin_secure_port != -1) { - add_selinux_port($setype_p, $admin_secure_port, \$semanage_cmds); - } - if ($ajp_port != -1) { - add_selinux_port($setype_p, $ajp_port, \$semanage_cmds); - } - - # now run the selinux commands in batch mode - if ($semanage_cmds ne "") { - emit("Running the semanage commands in batch mode\n", "debug"); - if (! $dry_run) { - if(! run_command("$semanage -S targeted -i - " . ' << _EOF' . "\n$semanage_cmds\n" . '_EOF' . "\n")) { - emit("Failed executing semanage batch command \n", "error"); - } - } - } else { - emit("Selinux contexts already set. No need to run semanage.\n", "debug"); - } - - #now run the restorecons - emit("Running restorecon commands\n", "debug"); - foreach my $cmd (@restorecon_cmds) { - emit("$cmd\n", "debug"); - if (! $dry_run) { - if (!run_command($cmd)) { - emit("Failed executing restorecon command; $cmd\n", "error"); - } - } - } - - return 1; -} - -# no args -# return 1 - success, or -# return 0 - failure -sub install_pki_instance -{ - emit("Installing PKI instance ...\n"); - - return 0 if !create_directory($pki_instance_path, - $default_dir_permissions, $pki_user, $pki_group); - - return 0 if !process_pki_directories(); - return 0 if !process_pki_templates(); - return 0 if !process_pki_files_and_symlinks(); - return 0 if !process_pki_security_databases(); - return 0 if !process_pki_security_modules(); - - if (($^O eq "linux") && (is_Fedora() || (is_RHEL() && (! is_RHEL4())))){ - return 0 if !process_pki_selinux_setup(); - } - - return 1; -} - - -############################################################## -# PKI Instance Removal Subroutines -############################################################## - - -# Return 1 if success, 0 if failure -sub cleanup -{ - my $result = 0; - - emit(sprintf("cleanup(%s)\n", join(", ", @_)), "debug"); - - emit("PKI instance creation Cleanup Utility cleaning up on error ...", "info"); - - $result = uninstall(\%installation_info); - - return $result; -} - -# Return 1 if success, 0 if failure -sub write_install_info -{ - if ($dry_run) { - return 1; - } else { - if (!defined($pki_instance_path)) { - return 0; - } - my $install_info_file_path = write_install_info_to_dir($pki_instance_path, - \%installation_info); - if (defined($install_info_file_path)) { - emit(sprintf("Installation manifest: %s", $install_info_file_path)); - return 1; - } else { - return 0; - } - } -} - -############################################################## -# Signal Handlers -############################################################## - -sub die_handler -{ - my ($msg) = @_; - - # If we abort write the installation manifest - # so cleanup can still be performed later. - write_install_info(); -} - -$SIG{'__DIE__'} = \&die_handler; - -############################################################## -# Main Program -############################################################## - -# no args -# no return value -sub main -{ - my $result = 0; - my $parse_result = 0; - my $command = ""; - - chdir("/tmp"); - - print(STDOUT "PKI instance creation Utility ...\n\n"); - - # On Linux/UNIX, insure that this script is being run as "root". - $result = check_for_root_UID(); - if (!$result) { - usage(); - exit 255; - } - - # Setup platform-dependent parameters - setup_platform_dependent_parameters(); - - $parse_result = parse_arguments(); - if (!$parse_result || $parse_result == -1) { - close_logfile(); - exit 255; - } - - exit 255 if !initialize_paths(); - - exit 255 if !initialize_pki_creation_values(); - - $result = install_pki_instance(); - if (!$result) { - print(STDOUT "\n"); - - my $install_description = get_install_description(); - emit(sprintf("The following was performed\n%s\n\n", $install_description)); - -ASK_AGAIN: - my $confirm = prompt("Error detected would you like to clean up ${pki_instance_path} (Y/N)? "); - - if ($confirm eq "Y" || $confirm eq "y") { - cleanup(); - } elsif ($confirm ne "N" && $confirm ne "n") { - goto ASK_AGAIN; - } - - close_logfile(); - - exit 255; - } - - print(STDOUT "\n"); - print(STDOUT "PKI instance creation completed ...\n\n"); - - # Write the installation manifest. - write_install_info(); - - my $install_description = get_install_description(); - emit(sprintf("The following was performed:\n%s\n", $install_description)); - - printf(STDOUT "Installation information recorded in %s.\n", get_logfile_path()); - - if ($use_systemd) { - $pki_registry_initscript_command = - "/bin/systemctl restart $pki_instance_systemd_service_name"; - } else { - $pki_registry_initscript_command = - "/sbin/service $pki_registry_initscript restart $pki_instance_name"; - } - - $command = "${pki_registry_initscript_command}"; - run_command($command); - - if ($dry_run) { - print STDOUT "dry run mode ENABLED, system was not modified\n"; - } else { - - # Notify user to check firewall settings . . . - print(STDOUT - "Before proceeding with the configuration, make sure \n" - . "the firewall settings of this machine permit proper \n" - . "access to this subsystem. \n\n"); - - # EXCEPTION: To enable a user to easily configure their PKI subsystem, - # this is the ONLY instance in which we print out the actual - # value of the the one-time random PIN, as well as store this - # message at the end of the initialization log. - if ($subsystem_type eq $CA || - $subsystem_type eq $KRA || - $subsystem_type eq $OCSP || - $subsystem_type eq $TKS) { - if ($admin_secure_port > 0) { - # Port Separation: CA, KRA, OCSP, TKS - print(STDOUT - "Please start the configuration by accessing:\n\n" - . "https://$host:$admin_secure_port/$subsystem_type/admin/" - . "console/config/login?pin=$random\n\n"); - emit("Configuration Wizard listening on\n" - . "https://$host:$admin_secure_port/$subsystem_type/admin/" - . "console/config/login?pin=$random\n", - "log"); - } else { - # Shared Ports: CA, KRA, OCSP, TKS - print(STDOUT - "Please start the configuration by accessing:\n\n" - . "https://$host:$secure_port/$subsystem_type/admin/" - . "console/config/login?pin=$random\n\n"); - emit("Configuration Wizard listening on\n" - . "https://$host:$secure_port/$subsystem_type/admin/" - . "console/config/login?pin=$random\n", - "log"); - } - } else { - # Port Separation: RA, TPS - print(STDOUT - "Please start the configuration by accessing:\n\n" - . "https://$host:$non_clientauth_secure_port/$subsystem_type/" - . "admin/console/config/login?pin=$random\n\n"); - emit("Configuration Wizard listening on\n" - . "https://$host:$non_clientauth_secure_port/$subsystem_type/" - . "admin/console/config/login?pin=$random\n", - "log"); - } - - print(STDOUT - "After configuration, the server can be operated by the command:\n\n" - . " $pki_registry_initscript_command\n\n"); - emit("After configuration, the server can be operated by the command:\n" - . "${pki_registry_initscript_command}\n", - "log"); - } - - close_logfile(); - - return; -} - - -############################################################## -# PKI Instance Creation -############################################################## - -main(); - -exit 0; - diff --git a/base/setup/pkiremove b/base/setup/pkiremove deleted file mode 100755 index 3b4ab63b5..000000000 --- a/base/setup/pkiremove +++ /dev/null @@ -1,687 +0,0 @@ -#!/usr/bin/perl -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007-2010 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# - -use strict; -use warnings; - -use Getopt::Long qw(GetOptions); - -############################################################## -# This script is used to remove an existing PKI instance. -# -# To execute: -# -# ./pkiremove -pki_instance_root=<pki_instance_root> # Instance root -# # directory destination -# -# -pki_instance_name=<pki_instance_id> # Unique PKI subsystem -# # instance name -# # (e. g. - pki-pki1) -# -# [-token_pwd=<token pw>] # Password of token containing -# # subsystem certificate -# -# [-force] # Don't ask any -# # questions -# -############################################################## - - -############################################################## -# Execution Check -############################################################## - -# Check to insure that this script's original -# invocation directory has not been deleted! -my $cwd = `/bin/pwd`; -chomp $cwd; -if (!$cwd) { - emit("Cannot invoke '$0' from non-existent directory!\n", "error"); - exit 255; -} - -############################################################## -# Environment Variables -############################################################## - -# untaint called subroutines -if (($^O ne 'Windows_NT') && ($^O ne 'MSWin32')) { - $> = $<; # set effective user ID to real UID - $) = $(; # set effective group ID to real GID - $ENV{'PATH'} = '/bin:/usr/bin'; - $ENV{'ENV'} = '' if !defined($ENV{'ENV'}); -} - - -############################################################## -# Command-Line Variables -############################################################## - -my $ARGS = ($#ARGV + 1); - - -############################################################## -# Shared Common Perl Data and Subroutines -############################################################## - -use lib "/usr/share/pki/scripts"; -use pkicommon; - -# make -w happy by suppressing warnings of Global variables used only once -my $suppress = ""; -$suppress = $default_file_permissions; - -############################################################## -# Local Constants -############################################################## - -my $semanage = "/usr/sbin/semanage"; - -############################################################## -# Local Data Structures -############################################################## - - -############################################################## -# Local Variables -############################################################## - -my $pki_instance_root = undef; -my $pki_instance_name = undef; -my $force = 0; -my $token_pwd = ""; - -my $conf_file = undef; -my $pki_instance_path = undef; -my $subsystem_type = undef; - -# PKI init script variables -my $pki_registry_initscript = undef; -my $pki_registry_initscript_command = undef; - -# PKI registry variables -my $pki_registry_subsystem_path = undef; - -#systemd specific variables -my $use_systemd = 0; -my $pki_instance_systemd_service_name = undef; - -############################################################## -# Platform-Dependent Data Initialization -############################################################## - -if ($^O eq "linux") { - if (is_Fedora() && (fedora_release() >= 16)) { - $use_systemd = 1; - } -} else { - emit("Unsupported platform '$^O'!\n", "error"); - exit 255; -} - -############################################################## -# Local Data Initialization -############################################################## - -############################################################## -# PKI Instance Removal Subroutines -############################################################## - -# no args -# no return value -sub usage -{ - print STDOUT <<'EOF'; -Usage: pkiremove -pki_instance_root=<pki_instance_root> # Instance root - # directory - # destination - -pki_instance_name=<pki_instance_id> # Unique PKI - # subsystem - # instance name - # (e. g. - pki-pki1) - # -[-token_pwd=<token password>] # Password for token containing subsystem cert. - -[-force] # Don't ask any questions - -[-verbose] # Display detailed information. May be specified multiple times, - # each time increasing the verbosity level. - -[-dry_run] # Do not perform any actions. - # Just report what would have been done. - -Example: pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-tps - -IMPORTANT: Must be run as root! -IMPORTANT: pkiremove should only be used to remove instances which were created - using pkicreate. Instances created using pkispawn should be removed - using pkidestroy. -EOF - return; -} - -sub update_domain -{ - my $sport; - my $ncsport; - my $sechost; - my $httpport; - my $seceeport; - my $secagentport; - my $secadminport; - my $adminsport; - my $agentsport; - my $secselect; - my $subsystemnick; - my $machinename; - my $typeval; - my $url; - - get_cs_cfg($conf_file, {"service.machineName" => \$machinename, - "service.securityDomainPort" => \$sport, - "service.non_clientauth_securePort" => \$ncsport, - "securitydomain.host" => \$sechost, - "securitydomain.httpport" => \$httpport, - "securitydomain.httpseeport" => \$seceeport, - "securitydomain.httpsagentport" => \$secagentport, - "securitydomain.httpsadminport" => \$secadminport, - "securitydomain.select" => \$secselect, - "pkicreate.admin_secure_port" => \$adminsport, - "cs.type" => \$typeval, - "pkicreate.agent_secure_port" => \$agentsport}); - - my $subsystemnick_param = lc($typeval) . ".cert.subsystem.nickname"; - get_cs_cfg($conf_file, {$subsystemnick_param => \$subsystemnick}); - - # NOTE: Don't check for the existence of $httpport, as this will - # be undefined for a Security Domain that has been migrated! - if ((!defined($sechost)) || - (!defined($seceeport)) || - (!defined($secagentport)) || - (!defined($secadminport))) { - print(STDOUT "No security domain defined.\nIf this is an unconfigured instance, then that is OK.\n" . - "Otherwise, manually delete the entry from the security domain master.\n"); - return; - } - - die "Subsystem nickname not defined" if (!defined($subsystemnick)); - if (!defined($adminsport)) { - $adminsport = ""; - } - - if (!defined($agentsport)) { - $agentsport = ""; - } - - if (!defined($ncsport)) { - $ncsport = ""; - } - - (my $token_name, my $nick) = split(/:/, $subsystemnick, 2); - if ((!defined($nick)) || ($nick eq "")) { - $token_name = "internal"; - } - - if ($secselect ne "new") { - # This is not a domain master, so we need to update the master - print(STDOUT "Contacting the security domain master to update the security domain\n"); - my $listval = $subsystem_type . "List"; - my $urlheader = "https://" . $sechost . ":" . $seceeport; - my $urlagentheader = "https://" . $sechost . ":" . $secagentport; - my $urladminheader = "https://" . $sechost . ":" . $secadminport; - my $updateURL = "/ca/agent/ca/updateDomainXML"; - - if ($token_pwd eq "") { - my $pwfile = $pki_instance_path . "/conf/password.conf"; - if (-r $pwfile) { - open(DAT, $pwfile) or die "Could not open password.conf file to read token password."; - my @pw_data=<DAT>; - foreach my $line (@pw_data) { - chomp($line); - if (($typeval eq "CA") || - ($typeval eq "KRA") || - ($typeval eq "OCSP") || - ($typeval eq "TKS")) { - (my $varname, my $valname) = split(/=/, $line); - if ($varname eq "hardware-$token_name") { $token_pwd = $valname; } - if ($varname eq "$token_name") { $token_pwd = $valname; } - } else { # TPS, RA - (my $varname, my $valname) = split(/:/, $line); - if ($varname eq $token_name) { $token_pwd = $valname; } - if ($varname eq "hardware-$token_name") { $token_pwd = $valname; } - } - } - close($pwfile); - } - } - - while ($token_pwd eq "") { - $token_pwd = prompt( "No password found for $token_name. What is the password for this token?"); - } - - my $params = "name=$pki_instance_name" . - "&type=$typeval" . - "&list=$listval" . - "&host=$machinename" . - "&sport=$sport" . - "&ncsport=$ncsport" . - "&adminsport=$adminsport" . - "&agentsport=$agentsport" . - "&operation=remove"; - - #update domainXML - my $cmd = `/usr/bin/sslget -d \"$pki_instance_path/alias\" -p \"$token_pwd\" -v -n \"$subsystemnick\" -r \"$updateURL\" -e \"$params\" $sechost:$secagentport 2>&1`; - $cmd =~ /\<Status\>(.*?)\<\/Status\>/; - $cmd = $1; - - die ("Security Domain returns non-zero status for updateDomainXML.") if ($cmd ne "0"); - } -} - -sub remove_fcontext -{ - my ($fcontext, $fname, $ftype, $cmd_ref) = @_; - emit(sprintf("remove_fcontext(%s)\n", join(", ", @_)), "debug"); - - my $tmp = `$semanage fcontext -l -C |grep $fcontext |grep $fname |wc -l`; - chomp $tmp; - if ($tmp eq "0" ) { - emit("File context $fcontext for $fname defined in policy, not deleted", "debug"); - return 0; - } - - if ($ftype eq "f") { - $$cmd_ref .= "fcontext -d -t $fcontext -f -- $fname\n"; - } else { - $$cmd_ref .= "fcontext -d -t $fcontext $fname\n"; - } -} - -sub get_selinux_fcontexts -{ - my ($cmd_ref) = @_; - my $setype = "pki_" . $subsystem_type; - my $default_instance_name = "pki-" . $subsystem_type; - my $default_instance_root = "/var/lib"; - my $default_log_path = "/var/log/" . $default_instance_name; - my $default_conf_path = "/etc/" . $default_instance_name; - - my $log_path = "$pki_instance_path/logs"; - my $conf_path = "$pki_instance_path/conf"; - my $ftype; - my $java_component = 0; - - if (($subsystem_type eq $CA) || - ($subsystem_type eq $KRA) || - ($subsystem_type eq $OCSP) || - ($subsystem_type eq $TKS)) { - $java_component=1; - } - - if (-l $log_path) { - $log_path = readlink $log_path; - }; - - if (-l $conf_path) { - $conf_path = readlink $conf_path; - }; - - # For backwards compatibility, support removal of instances - # which use the legacy start/stop implementation - if (entity_exists("$default_initscripts_path/$pki_instance_name")) { - # remove context for "$default_initscripts_path/$pki_instance_name" - if ($pki_instance_name ne $default_instance_name) { - remove_fcontext($setype . "_script_exec_t", - "/etc/rc\\.d/init\\.d/$pki_instance_name", "f", $cmd_ref); - } - } - - # remove context for $pki_instance_root/$pki_instance_name - if (($pki_instance_name ne $default_instance_name) || ($pki_instance_root ne $default_instance_root)) { - remove_fcontext($setype . "_var_lib_t", - "\"$pki_instance_root/$pki_instance_name(/.*)?\"", "a", $cmd_ref); - if (! $java_component) { - remove_fcontext($setype . "_exec_t", - "\"${pki_instance_root}/{$pki_instance_name}/${pki_instance_name}\"", "a", $cmd_ref); - } - } - - # remove context for /var/run/$pki_instance_name.pid - if (($java_component) && ($pki_instance_name ne $default_instance_name)) { - remove_fcontext($setype . "_var_run_t", - "/var/run/$pki_instance_name" . '.pid', "f", $cmd_ref); - } - - # remove context for $log_path - if ($log_path ne $default_log_path) { - remove_fcontext($setype . "_log_t", - "\"$log_path(/.*)?\"", "a", $cmd_ref); - } - - # remove context for $conf_path - if ($conf_path ne $default_conf_path) { - remove_fcontext($setype . "_etc_rw_t", - "\"$conf_path(/.*)?\"", "a", $cmd_ref); - } - -} - - -sub get_selinux_ports -{ - my ($cmd_ref) = @_; - my $status; - my $semanage = "/usr/sbin/semanage"; - my $secure_port; - my $non_clientauth_secure_port; - my $unsecure_port; - my @ports = (); - - get_cs_cfg($conf_file, {"service.securePort" => \$secure_port, - "service.non_clientauth_securePort" => \$non_clientauth_secure_port, - "service.unsecurePort" => \$unsecure_port}); - - if (($subsystem_type eq $CA) || - ($subsystem_type eq $KRA) || - ($subsystem_type eq $OCSP) || - ($subsystem_type eq $TKS)) { - use XML::LibXML; - my $parser = XML::LibXML->new(); - my $config = $parser->parse_file($pki_instance_path . "/conf/server.xml") - or die "Could not read XML from server.xml to determine ports."; - - my $root = $config->getDocumentElement; - - my $i = 0; - foreach my $port ($root->findnodes('//@port')) { - $ports[$i] = $port->getValue(); - $i++; - } - } else { # TPS, RA - my $i =0; - if (defined $secure_port) { - $ports[$i] = $secure_port; - $i++; - } - if (defined $non_clientauth_secure_port) { - $ports[$i] = $non_clientauth_secure_port; - $i++; - } - if (defined $unsecure_port) { - $ports[$i] = $unsecure_port; - $i++; - } - } - - print(STDOUT "\n"); - foreach my $port (@ports) { - my $setype = "pki_" . $subsystem_type . "_port_t"; - my $tmp = `$semanage port -l -C |grep $setype |grep $port | wc -l`; - chomp $tmp; - if ($tmp eq "0") { - emit("Port context $setype for $port defined in policy, not deleting", "debug"); - } else { - $$cmd_ref .= "port -d -t $setype -ptcp $port\n"; - } - } -} - - -# Return 1 if success, 0 if failure -sub remove_instance -{ - my ($result, $confirm, $install_info); - $confirm = "Y"; - $result = 1; - - print(STDOUT "PKI instance Deletion Utility cleaning up instance ...\n\n"); - -ASK_AGAIN: - if (!$force) { - $confirm = prompt("You have elected to remove the instance " - . "installed in $pki_instance_path.\n" - . "Are you sure (Y/N)? "); - } - - if ($confirm eq "N" || $confirm eq "n") { - return 1; - } elsif ($confirm ne "Y" && $confirm ne "y") { - goto ASK_AGAIN; - } - - $install_info = read_install_info_from_dir($pki_instance_path); - if (!defined($install_info)) { - emit("Can't remove instance, installation manifest does not exist!", "error"); - return $result; - } - - eval { update_domain(); } if !$dry_run; # FIXME so update_domain shows what it would do - warn "Error updating security domain: " . $@ if $@; - - if (($^O eq "linux") && (is_Fedora() || (is_RHEL() && (! is_RHEL4())))) { - my $semanage_cmds = ""; - - eval { get_selinux_ports(\$semanage_cmds); }; - warn "Error getting selinux ports: " . $@ if $@; - - eval { get_selinux_fcontexts(\$semanage_cmds); }; - warn "Error getting selinux file contexts: " . $@ if $@; - - print STDOUT "Removing selinux contexts\n"; - if ($semanage_cmds ne "") { - emit("Executing selinux commands in batch mode.\n", "debug"); - if (! $dry_run) { - if (! run_command("$semanage -S targeted -i - " . '<< _EOF' . "\n$semanage_cmds\n" . '_EOF' . "\n")) { - emit("Error executing selinux batch commands\n", "error"); - } - } - } else { - emit("No selinux contexts need to be removed. No need to run semanage. \n"); - } - } - - $pki_registry_initscript = get_registry_initscript_name($subsystem_type); - - # Shutdown this instance - if ($^O eq "linux") { - if ($use_systemd) { - $pki_instance_systemd_service_name = - "${pki_registry_initscript}\@${pki_instance_name}.service"; - $pki_registry_initscript_command = - "/bin/systemctl stop $pki_instance_systemd_service_name"; - } else { - if (entity_exists("$default_initscripts_path/$pki_instance_name")) { - $pki_registry_initscript_command = "/sbin/service $pki_instance_name stop"; - } else { - $pki_registry_initscript_command = - "/sbin/service $pki_registry_initscript stop $pki_instance_name"; - } - } - } else { - emit("Unsupported platform '$^O'!\n", "error"); - exit 255; - } - run_command($pki_registry_initscript_command); - - if (!$use_systemd) { - # De-register this instance with "chkconfig" - if ($^O eq "linux") { - if (entity_exists("$default_initscripts_path/$pki_instance_name")) { - # De-register this instance with '/sbin/chkconfig' - print(STDOUT "Removing '$pki_instance_name' from chkconfig.\n"); - deregister_pki_instance_with_chkconfig($pki_instance_name); - } - } - } - - print(STDOUT "\n"); - - # Remove all installed files and directories. - $result = 0 if !uninstall($install_info); - - if ($use_systemd) { - run_command("/bin/systemctl --system daemon-reload"); - } - - print(STDOUT "\n"); - - return $result; -} - - -############################################################## -# Main Program -############################################################## - -# no args -# return 1 - success, or -# return 0 - failure -sub main -{ - chdir("/tmp"); - - my $result = 0; - - print(STDOUT "PKI instance Deletion Utility ...\n\n"); - - # On Linux/UNIX, insure that this script is being run as "root". - $result = check_for_root_UID(); - if (!$result) { - usage(); - exit 255; - } - - # Check for a valid number of command-line arguments. - if ($ARGS < 2) { - emit("$0: Insufficient arguments!", "error"); - usage(); - exit 255; - } - - # Parse command-line arguments. - $result = GetOptions("pki_instance_root=s" => \$pki_instance_root, - "pki_instance_name=s" => \$pki_instance_name, - "token_pwd=s" => \$token_pwd, - "verbose+" => \$verbose, - "dry_run" => \$dry_run, - "force" => \$force); - - # Always disallow root to be the pki_instance_root. - if ($pki_instance_root eq "/") { - emit("$0: Don't even think about making root " - . "the pki_instance_root!", "error"); - usage(); - exit 255; - } - - $pki_instance_root = normalize_path($pki_instance_root); - - # Check for valid content of command-line arguments. - if (!$pki_instance_root) { - emit("$0: Must have value for -pki_instance_root!", "error"); - usage(); - exit 255; - } - - if (!$pki_instance_name) { - emit("$0: The instance ID of the PKI instance " - . "to be removed is required!", "error"); - usage(); - exit 255; - } - - $pki_instance_path = "${pki_instance_root}/${pki_instance_name}"; - - if (!directory_exists($pki_instance_path)) { - emit("$0: Target directory $pki_instance_path " - . "is not a legal directory.", "error"); - usage(); - exit 255; - } - - # Capture uninstall information in a log file, always overwrite this file. - # When removing an instance it's never a fatal error if the logfile - # cannot be created. - my $logfile = "/var/log/${pki_instance_name}-uninstall.log"; - open_logfile($logfile, $default_file_permissions); - - emit("Capturing installation information in $logfile.\n"); - - if ($verbose) { - emit(" verbose mode ENABLED (level=$verbose)\n"); - } - - if ($dry_run) { - emit(" dry run mode ENABLED, system will not be modified, log to $logfile\n"); - print STDOUT "dry run mode ENABLED, system will not be modified\n"; - } - - emit(" pki_instance_root $pki_instance_root\n"); - emit(" pki_instance_name $pki_instance_name\n"); - emit(" pki_instance_path $pki_instance_path\n"); - - $conf_file = $pki_instance_path . "/conf/CS.cfg"; - $subsystem_type = get_cs_cfg($conf_file, "cs.type"); - if (!defined($subsystem_type)) { - emit("Could not determine the subsystem type from the file \"$conf_file\"\n", "error"); - exit 1; - } - $subsystem_type = lc($subsystem_type); - - # Remove the specified instance - $result = remove_instance(); - if ($result != 1) { - exit 255; - } - - # Establish PKI subsystem-level registry - $pki_registry_subsystem_path = "$pki_registry_path/$subsystem_type"; - - # If empty, remove the PKI subsystem-level registry - if (directory_exists($pki_registry_subsystem_path)) { - if (is_directory_empty($pki_registry_subsystem_path)) { - remove_directory($pki_registry_subsystem_path); - } - } - - # If empty, remove the PKI-level registry - if (directory_exists($pki_registry_path)) { - if (is_directory_empty($pki_registry_path)) { - remove_directory($pki_registry_path); - } - } - - if ($dry_run) { - print STDOUT "dry run mode ENABLED, system was not modified\n"; - } - - return $result; -} - - -############################################################## -# PKI Instance Removal -############################################################## - -main(); - -exit 0; - diff --git a/base/setup/scripts/functions b/base/setup/scripts/functions deleted file mode 100644 index ed32c6a5c..000000000 --- a/base/setup/scripts/functions +++ /dev/null @@ -1,1522 +0,0 @@ -#!/bin/bash - -# From "http://fedoraproject.org/wiki/FCNewInit/Initscripts": -# -# Status Exit Codes -# -# 0 program is running or service is OK -# 1 program is dead and /var/run pid file exists -# 2 program is dead and /var/lock lock file exists -# 3 program is not running -# 4 program or service status is unknown -# 5-99 reserved for future LSB use -# 100-149 reserved for distribution use -# 150-199 reserved for application use -# 200-254 reserved -# -# Non-Status Exit Codes -# -# 0 action was successful -# 1 generic or unspecified error (current practice) -# 2 invalid or excess argument(s) -# 3 unimplemented feature (for example, "reload") -# 4 user had insufficient privilege -# 5 program is not installed -# 6 program is not configured -# 7 program is not running -# 8-99 reserved for future LSB use -# 100-149 reserved for distribution use -# 150-199 reserved for application use -# 200-254 reserved -# - -if [ -f /etc/pki/pki.conf ] ; then - . /etc/pki/pki.conf -fi - -# PKI subsystem-level directory and file values for locks -lockfile="/var/lock/subsys/${SERVICE_NAME}" - -default_error=0 - -case $command in - start|stop|restart|condrestart|force-restart|try-restart) - # 1 generic or unspecified error (current practice) - default_error=1 - ;; - reload) - default_error=3 - ;; - status) - # 4 program or service status is unknown - default_error=4 - ;; - *) - # 2 invalid argument(s) - default_error=2 - ;; -esac - -# Enable nullglob, if set then shell pattern globs which do not match any -# file returns the empty string rather than the unmodified glob pattern. -shopt -s nullglob - -OS=`uname -s` -ARCHITECTURE=`arch` - -# Check to insure that this script's original invocation directory -# has not been deleted! -CWD=`/bin/pwd > /dev/null 2>&1` -if [ $? -ne 0 ] ; then - echo "Cannot invoke '$PROG_NAME' from non-existent directory!" - exit ${default_error} -fi - -# Check to insure that this script's associated PKI -# subsystem currently resides on this system. -if [ ! -d ${PKI_PATH} ] ; then - echo "This machine is missing the '${PKI_TYPE}' subsystem!" - if [ "${command}" != "status" ]; then - # 5 program is not installed - exit 5 - else - exit ${default_error} - fi -fi - -# Check to insure that this script's associated PKI -# subsystem instance registry currently resides on this system. -if [ ! -d ${PKI_REGISTRY} ] ; then - echo "This machine contains no registered '${PKI_TYPE}' subsystem instances!" - if [ "${command}" != "status" ]; then - # 5 program is not installed - exit 5 - else - exit ${default_error} - fi -fi - -# This script must be run as root! -RV=0 -if [ `id -u` -ne 0 ] ; then - echo "Must be 'root' to execute '$PROG_NAME'!" - if [ "${command}" != "status" ]; then - # 4 user had insufficient privilege - exit 4 - else - # 4 program or service status is unknown - exit 4 - fi -fi - -PKI_REGISTRY_ENTRIES="" -TOTAL_PKI_REGISTRY_ENTRIES=0 -TOTAL_UNCONFIGURED_PKI_ENTRIES=0 - -# Gather ALL registered instances of this PKI subsystem type -for FILE in ${PKI_REGISTRY}/*; do - if [ -f "$FILE" ] ; then - PKI_REGISTRY_ENTRIES="${PKI_REGISTRY_ENTRIES} $FILE" - TOTAL_PKI_REGISTRY_ENTRIES=`expr ${TOTAL_PKI_REGISTRY_ENTRIES} + 1` - fi -done - -if [ -n "${pki_instance}" ]; then - for I in ${PKI_REGISTRY_ENTRIES}; do - if [ "${PKI_REGISTRY}/${pki_instance}" = "$I" ]; then - PKI_REGISTRY_ENTRIES="${PKI_REGISTRY}/${pki_instance}" - TOTAL_PKI_REGISTRY_ENTRIES=1 - break - fi - done -fi - -usage() -{ - echo -n "Usage: ${SERVICE_PROG} ${SERVICE_NAME}" - echo -n "{start" - echo -n "|stop" - echo -n "|restart" - echo -n "|condrestart" - echo -n "|force-restart" - echo -n "|try-restart" - echo -n "|reload" - echo -n "|status} " - echo -n "[instance-name]" - echo - echo -} - -usage_systemd() -{ - echo -n "Usage: /usr/bin/pkicontrol " - echo -n "{start" - echo -n "|stop" - echo -n "|restart" - echo -n "|condrestart" - echo -n "|force-restart" - echo -n "|try-restart" - echo -n "|reload" - echo -n "|status} " - echo -n "subsystem-type " - echo -n "[instance-name]" - echo - echo -} - - -list_instances() -{ - echo - for PKI_REGISTRY_ENTRY in $PKI_REGISTRY_ENTRIES; do - instance_name=`basename $PKI_REGISTRY_ENTRY` - echo " $instance_name" - done - echo -} - -# Check arguments -if [ $SYSTEMD ]; then - if [ $# -lt 2 ] ; then - # [insufficient arguments] - echo "$PROG_NAME: Insufficient arguments!" - echo - usage_systemd - echo "where valid instance names include:" - list_instances - exit 3 - elif [ ${default_error} -eq 2 ] ; then - # 2 invalid argument - echo "$PROG_NAME: Invalid arguments!" - echo - usage_systemd - echo "where valid instance names include:" - list_instances - exit 2 - elif [ $# -gt 3 ] ; then - echo "$PROG_NAME: Excess arguments!" - echo - usage_systemd - echo "where valid instance names include:" - list_instances - if [ "${command}" != "status" ]; then - # 2 excess arguments - exit 2 - else - # 4 program or service status is unknown - exit 4 - fi - fi -else - if [ $# -lt 1 ] ; then - # 3 unimplemented feature (for example, "reload") - # [insufficient arguments] - echo "$PROG_NAME: Insufficient arguments!" - echo - usage - echo "where valid instance names include:" - list_instances - exit 3 - elif [ ${default_error} -eq 2 ] ; then - # 2 invalid argument - echo "$PROG_NAME: Invalid arguments!" - echo - usage - echo "where valid instance names include:" - list_instances - exit 2 - elif [ $# -gt 2 ] ; then - echo "$PROG_NAME: Excess arguments!" - echo - usage - echo "where valid instance names include:" - list_instances - if [ "${command}" != "status" ]; then - # 2 excess arguments - exit 2 - else - # 4 program or service status is unknown - exit 4 - fi - fi -fi - -# If an "instance" was supplied, check that it is a "valid" instance -if [ -n "${pki_instance}" ]; then - valid=0 - for PKI_REGISTRY_ENTRY in $PKI_REGISTRY_ENTRIES; do - instance_name=`basename $PKI_REGISTRY_ENTRY` - if [ $pki_instance == $instance_name ]; then - valid=1 - break - fi - done - if [ $valid -eq 0 ]; then - echo -n "${pki_instance} is an invalid '${PKI_TYPE}' instance" - if [ ! $SYSTEMD ]; then - echo_failure - fi - echo - - if [ "${command}" != "status" ]; then - # 5 program is not installed - exit 5 - else - # 4 program or service status is unknown - exit 4 - fi - fi -fi - -check_pki_configuration_status() -{ - rv=0 - - rv=`grep -c ^preop ${pki_instance_configuration_file}` - - rv=`expr ${rv} + 0` - - if [ $rv -ne 0 ] ; then - echo " '${PKI_INSTANCE_NAME}' must still be CONFIGURED!" - echo " (see /var/log/${PKI_INSTANCE_NAME}-install.log)" - if [ "${command}" != "status" ]; then - # 6 program is not configured - rv=6 - else - # 4 program or service status is unknown - rv=4 - fi - TOTAL_UNCONFIGURED_PKI_ENTRIES=`expr ${TOTAL_UNCONFIGURED_PKI_ENTRIES} + 1` - elif [ -f ${RESTART_SERVER} ] ; then - echo -n " Although '${PKI_INSTANCE_NAME}' has been CONFIGURED, " - echo -n "it must still be RESTARTED!" - echo - if [ "${command}" != "status" ]; then - # 1 generic or unspecified error (current practice) - rv=1 - else - # 4 program or service status is unknown - rv=4 - fi - fi - - return $rv -} - -get_pki_status_definitions() -{ - case $PKI_SUBSYSTEM_TYPE in - ca|kra|ocsp|tks) - get_pki_status_definitions_tomcat - return $? - ;; - ra) - get_pki_status_definitions_ra - return $? - ;; - tps) - get_pki_status_definitions_tps - return $? - ;; - *) - echo "Unknown subsystem type ($PKI_SUBSYSTEM_TYPE)" - exit ${default_error} - ;; - esac -} - -get_pki_status_definitions_ra() -{ - # establish well-known strings - total_ports=0 - PKI_UNSECURE_PORT="" - CLIENTAUTH_PORT="" - NON_CLIENTAUTH_PORT="" - - # check to see that an instance-specific "httpd.conf" file exists - if [ ! -f ${PKI_HTTPD_CONF} ] ; then - echo "File '${PKI_HTTPD_CONF}' does not exist!" - exit ${default_error} - fi - - # check to see that an instance-specific "nss.conf" file exists - if [ ! -f ${PKI_NSS_CONF} ] ; then - echo "File '${PKI_NSS_CONF}' does not exist!" - exit ${default_error} - fi - - # Iterate over Listen statements - for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do - PKI_UNSECURE_PORT=$port - if [ $total_ports -eq 0 ]; then - echo " Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}" - else - echo "ERROR: extra Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}" - fi - total_ports=`expr ${total_ports} + 1` - - done - - # Iterate over Listen statements - for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_NSS_CONF}`; do - PKI_UNSECURE_PORT=$port - if [ $total_ports -eq 1 ]; then - CLIENTAUTH_PORT=$port - echo " Secure Clientauth Port = https://${PKI_HOSTNAME}:${CLIENTAUTH_PORT}" - fi - if [ $total_ports -eq 2 ]; then - NON_CLIENTAUTH_PORT=$port - echo " Secure Non-Clientauth Port = https://${PKI_HOSTNAME}:${NON_CLIENTAUTH_PORT}" - fi - total_ports=`expr ${total_ports} + 1` - - done - - return 0; -} - -get_pki_status_definitions_tps() -{ - # establish well-known strings - total_ports=0 - PKI_UNSECURE_PORT="" - CLIENTAUTH_PORT="" - NON_CLIENTAUTH_PORT="" - - # check to see that an instance-specific "httpd.conf" file exists - if [ ! -f ${PKI_HTTPD_CONF} ] ; then - echo "File '${PKI_HTTPD_CONF}' does not exist!" - exit ${default_error} - fi - - # check to see that an instance-specific "nss.conf" file exists - if [ ! -f ${PKI_NSS_CONF} ] ; then - echo "File '${PKI_NSS_CONF}' does not exist!" - exit ${default_error} - fi - - # Iterate over Listen statements - for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_HTTPD_CONF}`; do - PKI_UNSECURE_PORT=$port - if [ $total_ports -eq 0 ]; then - echo " Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}/cgi-bin/so/enroll.cgi" - echo " (ESC Security Officer Enrollment)" - echo " Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}/cgi-bin/home/index.cgi" - echo " (ESC Phone Home)" - else - echo "ERROR: extra Unsecure Port = http://${PKI_HOSTNAME}:${PKI_UNSECURE_PORT}" - fi - total_ports=`expr ${total_ports} + 1` - - done - - # Iterate over Listen statements - for port in `sed -n 's/^[ \t]*Listen[ \t][ \t]*\([^ \t][^ \t]*\)/\1/p' ${PKI_NSS_CONF}`; do - PKI_UNSECURE_PORT=$port - if [ $total_ports -eq 1 ]; then - CLIENTAUTH_PORT=$port - echo " Secure Clientauth Port = https://${PKI_HOSTNAME}:${CLIENTAUTH_PORT}/cgi-bin/sow/welcome.cgi" - echo " (ESC Security Officer Workstation)" - echo " Secure Clientauth Port = https://${PKI_HOSTNAME}:${CLIENTAUTH_PORT}/tus" - echo " (TPS Roles - Operator/Administrator/Agent)" - fi - if [ $total_ports -eq 2 ]; then - NON_CLIENTAUTH_PORT=$port - echo " Secure Non-Clientauth Port = https://${PKI_HOSTNAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/so/enroll.cgi" - echo " (ESC Security Officer Enrollment)" - echo " Secure Non-Clientauth Port = https://${PKI_HOSTNAME}:${NON_CLIENTAUTH_PORT}/cgi-bin/home/index.cgi" - echo " (ESC Phone Home)" - fi - total_ports=`expr ${total_ports} + 1` - - done - - return 0; -} - -get_pki_status_definitions_tomcat() -{ - # establish well-known strings - begin_pki_status_comment="<!-- DO NOT REMOVE - Begin PKI Status Definitions -->" - end_pki_status_comment="<!-- DO NOT REMOVE - End PKI Status Definitions -->" - total_ports=0 - unsecure_port_statement="Unsecure Port" - secure_agent_port_statement="Secure Agent Port" - secure_ee_port_statement="Secure EE Port" - secure_ee_client_auth_port_statement="EE Client Auth Port" - secure_admin_port_statement="Secure Admin Port" - pki_console_port_statement="PKI Console Port" - tomcat_port_statement="Tomcat Port" - - # initialize looping variables - pki_status_comment_found=0 - - # first check to see that an instance-specific "server.xml" file exists - if [ ! -f ${PKI_SERVER_XML_CONF} ] ; then - echo "File '${PKI_SERVER_XML_CONF}' does not exist!" - exit ${default_error} - fi - - # read this instance-specific "server.xml" file line-by-line - # to obtain the current PKI Status Definitions - exec < ${PKI_SERVER_XML_CONF} - while read line; do - # first look for the well-known end PKI Status comment - # (to turn off processing) - if [ "$line" == "$end_pki_status_comment" ] ; then - pki_status_comment_found=0 - break; - fi - - # then look for the well-known begin PKI Status comment - # (to turn on processing) - if [ "$line" == "$begin_pki_status_comment" ] ; then - pki_status_comment_found=1 - fi - - # once the well-known begin PKI Status comment has been found, - # begin processing to obtain all of the PKI Status Definitions - if [ $pki_status_comment_found -eq 1 ] ; then - # look for a PKI Status Definition and print it - head=`echo "$line" | sed -e 's/^\([^=]*\)[ \t]*= .*$/\1/' -e 's/[ \t]*$//'` - if [ "$head" == "$unsecure_port_statement" ] || - [ "$head" == "$secure_agent_port_statement" ] || - [ "$head" == "$secure_ee_port_statement" ] || - [ "$head" == "$secure_ee_client_auth_port_statement" ] || - [ "$head" == "$secure_admin_port_statement" ] || - [ "$head" == "$pki_console_port_statement" ] || - [ "$head" == "$tomcat_port_statement" ] ; then - echo " $line" - total_ports=`expr ${total_ports} + 1` - fi - fi - done - - return 0; -} - -get_pki_configuration_definitions() -{ - # Obtain the PKI Subsystem Type - line=`grep -e '^[ \t]*cs.type[ \t]*=' ${pki_instance_configuration_file}` - pki_subsystem=`echo "${line}" | sed -e 's/^[^=]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'` - if [ "${line}" != "" ] ; then - if [ "${pki_subsystem}" != "CA" ] && - [ "${pki_subsystem}" != "KRA" ] && - [ "${pki_subsystem}" != "OCSP" ] && - [ "${pki_subsystem}" != "TKS" ] && - [ "${pki_subsystem}" != "RA" ] && - [ "${pki_subsystem}" != "TPS" ] - then - return ${default_error} - fi - if [ "${pki_subsystem}" == "KRA" ] ; then - # Rename "KRA" to "DRM" - pki_subsystem="DRM" - fi - else - return ${default_error} - fi - - # If "${pki_subsystem}" is a CA, DRM, OCSP, or TKS, - # check to see if "${pki_subsystem}" is a "Clone" - pki_clone="" - if [ "${pki_subsystem}" == "CA" ] || - [ "${pki_subsystem}" == "DRM" ] || - [ "${pki_subsystem}" == "OCSP" ] || - [ "${pki_subsystem}" == "TKS" ] - then - line=`grep -e '^[ \t]*subsystem.select[ \t]*=' ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_clone=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'` - if [ "${pki_clone}" != "Clone" ] ; then - # Reset "${pki_clone}" to be empty - pki_clone="" - fi - else - return ${default_error} - fi - fi - - # If "${pki_subsystem}" is a CA, and is NOT a "Clone", check to - # see "${pki_subsystem}" is a "Root" or a "Subordinate" CA - pki_hierarchy="" - if [ "${pki_subsystem}" == "CA" ] && - [ "${pki_clone}" != "Clone" ] - then - line=`grep -e '^[ \t]*hierarchy.select[ \t]*=' ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_hierarchy=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'` - else - return ${default_error} - fi - fi - - # If ${pki_subsystem} is a CA, check to - # see if it is also a Security Domain - pki_security_domain="" - if [ "${pki_subsystem}" == "CA" ] ; then - line=`grep -e '^[ \t]*securitydomain.select[ \t]*=' ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_security_domain=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'` - if [ "${pki_security_domain}" == "new" ] ; then - # Set a fixed value for "${pki_security_domain}" - pki_security_domain="(Security Domain)" - else - # Reset "${pki_security_domain}" to be empty - pki_security_domain="" - fi - else - return ${default_error} - fi - fi - - # Always obtain this PKI instance's "registered" - # security domain information - pki_security_domain_name="" - pki_security_domain_hostname="" - pki_security_domain_https_admin_port="" - - line=`grep -e '^[ \t]*securitydomain.name[ \t]*=' ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_security_domain_name=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'` - else - return ${default_error} - fi - - line=`grep -e '^[ \t]*securitydomain.host[ \t]*=' ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_security_domain_hostname=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'` - else - return ${default_error} - fi - - line=`grep -e '^[ \t]*securitydomain.httpsadminport[ \t]*=' ${pki_instance_configuration_file}` - if [ "${line}" != "" ] ; then - pki_security_domain_https_admin_port=`echo "${line}" | sed -e 's/^[^=]*[ \t]*=[ \t]*\(.*\)/\1/' -e 's/[ \t]*$//'` - else - return ${default_error} - fi - - # Compose the "PKI Instance Name" Status Line - pki_instance_name="PKI Instance Name: ${PKI_INSTANCE_NAME}" - - # Compose the "PKI Subsystem Type" Status Line - header="PKI Subsystem Type: " - if [ "${pki_clone}" != "" ] ; then - if [ "${pki_security_domain}" != "" ]; then - # Possible Values: - # - # "CA Clone (Security Domain)" - # - data="${pki_subsystem} ${pki_clone} ${pki_security_domain}" - else - # Possible Values: - # - # "CA Clone" - # "DRM Clone" - # "OCSP Clone" - # "TKS Clone" - # - data="${pki_subsystem} ${pki_clone}" - fi - elif [ "${pki_hierarchy}" != "" ] ; then - if [ "${pki_security_domain}" != "" ]; then - # Possible Values: - # - # "Root CA (Security Domain)" - # "Subordinate CA (Security Domain)" - # - data="${pki_hierarchy} ${pki_subsystem} ${pki_security_domain}" - else - # Possible Values: - # - # "Root CA" - # "Subordinate CA" - # - data="${pki_hierarchy} ${pki_subsystem}" - fi - else - # Possible Values: - # - # "DRM" - # "OCSP" - # "RA" - # "TKS" - # "TPS" - # - data="${pki_subsystem}" - fi - pki_subsystem_type="${header} ${data}" - - # Compose the "Registered PKI Security Domain Information" Status Line - header="Name: " - registered_pki_security_domain_name="${header} ${pki_security_domain_name}" - - header="URL: " - if [ "${pki_security_domain_hostname}" != "" ] && - [ "${pki_security_domain_https_admin_port}" != "" ] - then - data="https://${pki_security_domain_hostname}:${pki_security_domain_https_admin_port}" - else - return ${default_error} - fi - registered_pki_security_domain_url="${header} ${data}" - - # Print the "PKI Subsystem Type" Status Line - echo - echo " ${pki_instance_name}" - - # Print the "PKI Subsystem Type" Status Line - echo - echo " ${pki_subsystem_type}" - - # Print the "Registered PKI Security Domain Information" Status Line - echo - echo " Registered PKI Security Domain Information:" - echo " ==========================================================================" - echo " ${registered_pki_security_domain_name}" - echo " ${registered_pki_security_domain_url}" - echo " ==========================================================================" - - return 0 -} - -display_configuration_information() -{ - result=0 - check_pki_configuration_status - rv=$? - if [ $rv -eq 0 ] ; then - get_pki_status_definitions - rv=$? - if [ $rv -ne 0 ] ; then - result=$rv - echo - echo "${PKI_INSTANCE_NAME} Status Definitions not found" - else - get_pki_configuration_definitions - rv=$? - if [ $rv -ne 0 ] ; then - result=$rv - echo - echo "${PKI_INSTANCE_NAME} Configuration Definitions not found" - fi - fi - fi - return $result -} - -display_instance_status_systemd() -{ - echo -n "Status for ${PKI_INSTANCE_NAME}: " - systemctl status "$PKI_SYSTEMD_TARGET@$PKI_INSTANCE_NAME.service" > /dev/null 2>&1 - rv=$? - - if [ $rv -eq 0 ] ; then - echo "$PKI_INSTANCE_NAME is running .." - display_configuration_information - else - echo "$PKI_INSTANCE_NAME is stopped" - fi - - return $rv -} - -display_instance_status() -{ - # Verify there is an initscript for this instance - if [ ! -f $PKI_INSTANCE_INITSCRIPT ]; then - # 4 program or service status is unknown - return 4 - fi - - # Invoke the initscript for this instance - $PKI_INSTANCE_INITSCRIPT status - rv=$? - - if [ $rv -eq 0 ] ; then - display_configuration_information - fi - - return $rv -} - -make_symlink() -{ - symlink="${1}" - target="${2}" - user="${3}" - group="${4}" - - rv=0 - - echo "INFO: Attempting to create '${symlink}' -> '${target}' . . ." - # Check to make certain that the expected target exists. - # - # NOTE: The symbolic link does NOT exist at this point. - # - if [ -e ${target} ]; then - # Check that the expected target is fully resolvable! - if [ ! `readlink -qe ${target}` ]; then - # Issue an ERROR that the target to which the - # symbolic link is expected to point is NOT fully resolvable! - echo "ERROR: Failed making '${symlink}' -> '${target}'"\ - "since target '${target}' is NOT fully resolvable!" - rv=1 - else - # Attempt to create a symbolic link and 'chown' it. - ln -s ${target} ${symlink} - rv=$? - if [ $rv -eq 0 ]; then - # NOTE: Ignore 'chown' errors. - chown -h ${user}:${group} ${symlink} - echo "SUCCESS: Created '${symlink}' -> '${target}'" - else - echo "ERROR: Failed to create '${symlink}' -> '${target}'!" - rv=1 - fi - fi - else - # Issue an ERROR that the target to which the - # symbolic link is expected to point does NOT exist. - echo "ERROR: Failed making '${symlink}' -> '${target}'"\ - "since target '${target}' does NOT exist!" - rv=1 - fi - - return $rv -} - -check_symlinks() -{ - # declare -p symlinks - path="${1}" - user="${2}" - group="${3}" - - rv=0 - - # process key/value pairs (symlink/target) in the associative array - for key in "${!symlinks[@]}" - do - symlink="${path}/${key}" - target=${symlinks[${key}]} - if [ -e ${symlink} ]; then - if [ -h ${symlink} ]; then - current_target=`readlink ${symlink}` - # Verify that the current target to which the - # symlink points is the expected target - if [ ${current_target} == ${target} ]; then - # Check to make certain that the expected target exists. - if [ -e ${target} ]; then - # Check that the expected target is fully resolvable! - if [ ! `readlink -qe ${target}` ]; then - # Issue an ERROR that the target to which the - # symbolic link is expected to point is NOT - # fully resolvable! - echo "WARNING: Symbolic link '${symlink}'"\ - "exists, but is a dangling symlink!"\ - echo "ERROR: Unable to create"\ - "'${symlink}' -> '${target}'"\ - "since target '${target}' is NOT fully"\ - "resolvable!" - rv=1 - else - # ALWAYS run 'chown' on an existing '${symlink}' - # that points to a fully resolvable '${target}' - # - # NOTE: Ignore 'chown' errors. - # - chown -h ${user}:${group} ${symlink} - # echo "SUCCESS: '${symlink}' -> '${target}'" - fi - else - # Issue an ERROR that the target to which the - # symbolic link is expected to point does NOT exist. - echo "WARNING: Symbolic link '${symlink}'"\ - "exists, but is a dangling symlink!"\ - echo "ERROR: Unable to create"\ - "'${symlink}' -> '${target}'"\ - "since target '${target}' does NOT exist!" - rv=1 - fi - else - # Attempt to remove this symbolic link and - # issue a WARNING that a new symbolic link is - # being created to point to the expected target - # rather than the current target to which it - # points. - echo "WARNING: Attempting to change symbolic link"\ - "'${symlink}' to point to target '${target}'"\ - "INSTEAD of current target '${current_target}'!" - rm ${symlink} - rv=$? - if [ $rv -ne 0 ]; then - echo "ERROR: Failed to remove"\ - "'${symlink}' -> '${current_target}'!" - rv=1 - else - echo "INFO: Removed"\ - "'${symlink}' -> '${current_target}'!" - # Attempt to create the symbolic link and chown it. - make_symlink ${symlink} ${target} ${user} ${group} - rv=$? - fi - fi - elif [ -f ${symlink} ]; then - # Issue a WARNING that the administrator may have replaced - # the symbolic link with a file for debugging purposes. - echo "WARNING: '${symlink}' exists but is NOT a symbolic link!" - else - # Issue an ERROR that the symbolic link has been replaced - # by something unusable (such as a directory). - echo "ERROR: '${symlink}' exists but is NOT a symbolic link!" - rv=1 - fi - else - # Issue a WARNING that this symbolic link does not exist. - echo "WARNING: Symbolic link '${symlink}' does NOT exist!" - # Attempt to create the symbolic link and chown it. - make_symlink ${symlink} ${target} ${user} ${group} - rv=$? - fi - done - - return $rv -} - -# Detect and correct any missing or incorrect symlinks. -# -# Use the following command to locate PKI 'instance' symlinks: -# -# find ${PKI_INSTANCE_PATH} -type l | sort | xargs file -# -verify_symlinks() -{ - declare -A apache_symlinks - declare -A perl_symlinks - declare -A base_symlinks - declare -A root_symlinks - declare -A common_jar_symlinks - declare -A webapps_jar_symlinks - declare -A systemd_symlinks - declare -A tus_symlinks - - # Dogtag 9 Conditional Variables - if [ ${ARCHITECTURE} == "x86_64" ]; then - jni_dir="/usr/lib64/java" - else - jni_dir="/usr/lib/java" - fi - if [ ${PKI_SUBSYSTEM_TYPE} == "ra" ]; then - pki_systemd_link="pki-rad@${PKI_INSTANCE_NAME}.service" - pki_systemd_service="pki-rad@.service" - fi - - # Dogtag 9 Symbolic Link Target Variables - systemd_dir="/lib/systemd/system" - - # Dogtag 9 Symbolic Link Variables - pki_common_jar_dir="${PKI_INSTANCE_PATH}/common/lib" - # pki_registry_dir="/etc/sysconfig/pki/${PKI_SUBSYSTEM_TYPE}/${PKI_INSTANCE_NAME}" - pki_systemd_dir="/etc/systemd/system/pki-rad.target.wants" - pki_webapps_jar_dir="${PKI_INSTANCE_PATH}/webapps/${PKI_SUBSYSTEM_TYPE}/WEB-INF/lib" - - # '${PKI_INSTANCE_PATH}' symlinks - apache_symlinks=( - [conf]=/etc/${PKI_INSTANCE_NAME} - [logs]=/var/log/${PKI_INSTANCE_NAME} - [run]=/var/run/pki/${PKI_SUBSYSTEM_TYPE}) - - base_symlinks=( - [conf]=/etc/${PKI_INSTANCE_NAME} - [logs]=/var/log/${PKI_INSTANCE_NAME}) - - # '${PKI_INSTANCE_PATH}' symlinks (root:root ownership) - root_symlinks[${PKI_INSTANCE_NAME}]=/usr/sbin/tomcat6-sysd - - # '${PKI_INSTANCE_PATH}/lib' symlinks - perl_symlinks[perl]=/usr/share/pki/${PKI_SUBSYSTEM_TYPE}/lib/perl - - # '${PKI_INSTANCE_PATH}/docroot' symlinks - tus_symlinks[tus]="${PKI_INSTANCE_PATH}/docroot/tokendb" - - # '${pki_common_jar_dir}' symlinks - common_jar_symlinks=( - [apache-commons-logging.jar]=/usr/share/java/apache-commons-logging.jar - [jss4.jar]=${jni_dir}/jss4.jar - [tomcatjss.jar]=/usr/share/java/tomcatjss.jar - # Dogtag 9 -> Dogtag 10 - [apache-commons-codec.jar]=/usr/share/java/commons-codec.jar - [pki-tomcat.jar]=/usr/share/java/pki/pki-tomcat.jar) - - # '${pki_webapps_jar_dir}' symlinks - webapps_jar_symlinks=( - [apache-commons-collections.jar]=/usr/share/java/apache-commons-collections.jar - [apache-commons-lang.jar]=/usr/share/java/apache-commons-lang.jar - [ldapjdk.jar]=/usr/share/java/ldapjdk.jar - # [osutil.jar]=${jni_dir}/osutil.jar - [pki-${PKI_SUBSYSTEM_TYPE}.jar]=/usr/share/java/pki/pki-${PKI_SUBSYSTEM_TYPE}.jar - [pki-certsrv.jar]=/usr/share/java/pki/pki-certsrv.jar - [pki-cms.jar]=/usr/share/java/pki/pki-cms.jar - [pki-cmsbundle.jar]=/usr/share/java/pki/pki-cmsbundle.jar - [pki-cmscore.jar]=/usr/share/java/pki/pki-cmscore.jar - [pki-cmsutil.jar]=/usr/share/java/pki/pki-cmsutil.jar - [pki-nsutil.jar]=/usr/share/java/pki/pki-nsutil.jar - [velocity.jar]=/usr/share/java/velocity.jar - [xerces-j2.jar]=/usr/share/java/xerces-j2.jar - [xml-commons-apis.jar]=/usr/share/java/xml-commons-apis.jar - [xml-commons-resolver.jar]=/usr/share/java/xml-commons-resolver.jar - # dogtag 9 -> dogtag 10 - [resteasy-jaxrs.jar]=${RESTEASY_LIB}/resteasy-jaxrs.jar) - - if [ "${PKI_SUBSYSTEM_TYPE}" == "tks" ]; then - webapps_jar_symlinks[symkey.jar]=${jni_dir}/symkey.jar - fi - - # '${pki_systemd_dir}' symlinks - systemd_symlinks[${pki_systemd_link}]=${systemd_dir}/${pki_systemd_service} - - # Detect and correct PKI subsystem 'instance' symbolic links - # - # (1) convert the specified associative array into a string - # (2) create a new global 'symlinks' associative array from this - # specified string which will be used by the "check_symlinks()" - # subroutine - # (3) call "check_symlinks()" with the appropriate arguments to - # detect and correct this specified associative array; - # "check_symlinks()" returns 0 on success and 1 on failure - # - if [ "${PKI_SUBSYSTEM_TYPE}" == "ra" ] || - [ "${PKI_SUBSYSTEM_TYPE}" == "tps" ] - then - # Detect and correct 'apache_symlinks' - apache_symlinks_string=$(declare -p apache_symlinks) - eval "declare -A symlinks=${apache_symlinks_string#*=}" - check_symlinks ${PKI_INSTANCE_PATH} ${PKI_USER} ${PKI_GROUP} - rv=$? - if [ $rv -ne 0 ]; then - return $rv - fi - - # Detect and correct 'perl_symlinks' - perl_symlinks_string=$(declare -p perl_symlinks) - eval "declare -A symlinks=${perl_symlinks_string#*=}" - check_symlinks ${PKI_INSTANCE_PATH}/lib ${PKI_USER} ${PKI_GROUP} - rv=$? - if [ $rv -ne 0 ]; then - return $rv - fi - - if [ "${PKI_SUBSYSTEM_TYPE}" == "tps" ]; then - # Detect and correct 'tus_symlinks' - tus_symlinks_string=$(declare -p tus_symlinks) - eval "declare -A symlinks=${tus_symlinks_string#*=}" - check_symlinks ${PKI_INSTANCE_PATH}/docroot ${PKI_USER} ${PKI_GROUP} - rv=$? - if [ $rv -ne 0 ]; then - return $rv - fi - fi - - elif [ "${PKI_SUBSYSTEM_TYPE}" == "ca" ] || - [ "${PKI_SUBSYSTEM_TYPE}" == "kra" ] || - [ "${PKI_SUBSYSTEM_TYPE}" == "ocsp" ] || - [ "${PKI_SUBSYSTEM_TYPE}" == "tks" ] - then - # Detect and correct 'base_symlinks' - base_symlinks_string=$(declare -p base_symlinks) - eval "declare -A symlinks=${base_symlinks_string#*=}" - check_symlinks ${PKI_INSTANCE_PATH} ${PKI_USER} ${PKI_GROUP} - rv=$? - if [ $rv -ne 0 ]; then - return $rv - fi - - # Detect and correct 'root_symlinks' - root_symlinks_string=$(declare -p root_symlinks) - eval "declare -A symlinks=${root_symlinks_string#*=}" - check_symlinks ${PKI_INSTANCE_PATH} "root" "root" - rv=$? - if [ $rv -ne 0 ]; then - return $rv - fi - - # Detect and correct 'common_jar_symlinks' - common_jar_symlinks_string=$(declare -p common_jar_symlinks) - eval "declare -A symlinks=${common_jar_symlinks_string#*=}" - check_symlinks ${pki_common_jar_dir} ${PKI_USER} ${PKI_GROUP} - rv=$? - if [ $rv -ne 0 ]; then - return $rv - fi - - # Detect and correct 'webapps_jar_symlinks' - webapps_jar_symlinks_string=$(declare -p webapps_jar_symlinks) - eval "declare -A symlinks=${webapps_jar_symlinks_string#*=}" - check_symlinks ${pki_webapps_jar_dir} ${PKI_USER} ${PKI_GROUP} - rv=$? - if [ $rv -ne 0 ]; then - return $rv - fi - - # Detect and correct 'systemd_symlinks' - systemd_symlinks_string=$(declare -p systemd_symlinks) - eval "declare -A symlinks=${systemd_symlinks_string#*=}" - check_symlinks ${pki_systemd_dir} ${PKI_USER} ${PKI_GROUP} - rv=$? - if [ $rv -ne 0 ]; then - return $rv - fi - fi - - return 0 -} - -# NOTE: This code will NOT be executed if the file called -# '${PKI_INSTANCE_PATH}/conf/DOGTAG_10_UPDATE_MARKER' exists! -update_cs_cfg_for_dogtag_10() -{ - # declare a simple array (to maintain specified parameter order) - # and specify Dogtag 10 'CS.cfg' specific parameters (CA specific) - declare -a dogtag_10_cs_cfg_parameters=( - processor.caDoRevoke.authorityId=ca - processor.caDoRevoke.authzMgr=BasicAclAuthz - processor.caDoRevoke.authzResourceName=certServer.ee.certificates - processor.caDoRevoke.getClientCert=false - processor.caDoRevoke-agent.authMgr=certUserDBAuthMgr - processor.caDoRevoke-agent.authorityId=ca - processor.caDoRevoke-agent.authzMgr=BasicAclAuthz - processor.caDoRevoke-agent.authzResourceName=certServer.ca.certificates - processor.caDoRevoke-agent.getClientCert=true - processor.caDoUnrevoke.authMgr=certUserDBAuthMgr - processor.caDoUnrevoke.authorityId=ca - processor.caDoUnrevoke.authzMgr=BasicAclAuthz - processor.caDoUnrevoke.authzResourceName=certServer.ca.certificate - processor.caDoUnrevoke.getClientCert=true - processor.caProfileProcess.authMgr=certUserDBAuthMgr - processor.caProfileProcess.authorityId=ca - processor.caProfileProcess.authzMgr=BasicAclAuthz - processor.caProfileProcess.authzResourceName=certServer.ca.request.profile - processor.caProfileProcess.getClientCert=true - processor.caProfileSubmit.authorityId=ca - processor.caProfileSubmit.authzMgr=BasicAclAuthz - processor.caProfileSubmit.authzResourceName=certServer.ee.profile - processor.caProfileSubmit.getClientCert=false) - - # back up CS.cfg - cp ${pki_instance_configuration_file} ${pki_instance_configuration_file}.dogtag9 - - # Append ANY missing Dogtag 10 CFG parameter to the end of the 'CS.cfg' - for key in "${!dogtag_10_cs_cfg_parameters[@]}" - do - line="${dogtag_10_cs_cfg_parameters[${key}]}" - grep -q ${line} ${pki_instance_configuration_file} - rv=$? - if [ ${rv} -ne 0 ] ; then - echo "INFO: Appending '${line}' to"\ - "'${pki_instance_configuration_file}'" - echo ${line} >> ${pki_instance_configuration_file} - fi - done - - # Create a MARKER to indicate that this update has been completed - touch ${PKI_INSTANCE_PATH}/conf/DOGTAG_10_UPDATE_MARKER -} - -start_instance() -{ - rv=0 - - if [ -f ${RESTART_SERVER} ] ; then - rm -f ${RESTART_SERVER} - fi - - # Verify symbolic links (detecting and correcting them if possible) - verify_symlinks - rv=$? - if [ $rv -ne 0 ] ; then - return $rv - fi - - # Invoke the initscript for this instance - case $PKI_SUBSYSTEM_TYPE in - ca|kra|ocsp|tks) - - # If required, update 'CS.cfg' from Dogtag 9 -> Dogtag 10 - if [ ${PKI_SUBSYSTEM_TYPE} == "ca" ] && - [ ! -e ${PKI_INSTANCE_PATH}/conf/DOGTAG_10_UPDATE_MARKER ] - then - update_cs_cfg_for_dogtag_10 - fi - - # We must export the service name so that the systemd version - # of the tomcat6 init script knows which instance specific - # configuration file to source. - export SERVICE_NAME=$PKI_INSTANCE_NAME - - if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then - /usr/bin/runcon -t pki_tomcat_script_t \ - $PKI_INSTANCE_INITSCRIPT start - rv=$? - else - $PKI_INSTANCE_INITSCRIPT start - rv=$? - fi - ;; - ra|tps) - $PKI_INSTANCE_INITSCRIPT start - rv=$? - ;; - esac - - if [ $rv -ne 0 ] ; then - return $rv - fi - - # On Tomcat subsystems, make certain that the service has started - case $PKI_SUBSYSTEM_TYPE in - ca|kra|ocsp|tks) - count=0 - tries=30 - port=`grep '^pkicreate.unsecure_port=' ${pki_instance_configuration_file} | cut -b25- -` - while [ $count -lt $tries ] - do - netstat -antl | grep ${port} > /dev/null - netrv=$? - if [ $netrv -eq 0 ] ; then - break; - fi - sleep 1 - let count=$count+1; - done - if [ $netrv -ne 0 ] ; then - return 1 - fi - ;; - esac - - if [ $rv -eq 0 ] ; then - # From the PKI point of view a returned error code of 6 implies - # that the program is not "configured". An error code of 1 implies - # that the program was "configured" but must still be restarted. - # - # If the return code is 6 return this value unchanged to the - # calling routine so that the total number of configuration errors - # may be counted. Other return codes are ignored. - # - check_pki_configuration_status - rv=$? - if [ $rv -eq 6 ]; then - # 6 program is not configured - return 6 - else - # 0 success - - # Tomcat instances automatically place pid files under - # '/var/run' and lock files under '/var/lock/subsys'. - # - # However, since PKI subsystem instances can have any name, - # in order to identify the PKI subsystem type of a particular - # PKI instance, we create a separate "pki subsystem identity" - # symlink to the PKI instance pid file and place it under - # '/var/run/pki/<pki subsystem>', and a separate - # "pki subsystem identity" symlink to the PKI instance - # lock file and place it under '/var/lock/pki/<pki subsystem>'. - # - case $PKI_SUBSYSTEM_TYPE in - ca|kra|ocsp|tks) - if [ -h ${PKI_PIDFILE} ]; then - rm -f ${PKI_PIDFILE} - fi - if [ -f ${TOMCAT_PIDFILE} ]; then - ln -s ${TOMCAT_PIDFILE} ${PKI_PIDFILE} - chown -h ${TOMCAT_USER}:${TOMCAT_GROUP} ${PKI_PIDFILE} - fi - if [ -h ${PKI_LOCKFILE} ]; then - rm -f ${PKI_LOCKFILE} - fi - if [ -f ${TOMCAT_LOCKFILE} ]; then - ln -s ${TOMCAT_LOCKFILE} ${PKI_LOCKFILE} - fi - ;; - esac - - return 0 - fi - fi - return $rv -} - -stop_instance() -{ - rv=0 - - export SERVICE_NAME=$PKI_INSTANCE_NAME - # Invoke the initscript for this instance - $PKI_INSTANCE_INITSCRIPT stop - rv=$? - - # On Tomcat subsystems, always remove the "pki subsystem identity" symlinks - # that were previously associated with the Tomcat 'pid' and 'lock' files. - case $PKI_SUBSYSTEM_TYPE in - ca|kra|ocsp|tks) - if [ -h ${PKI_PIDFILE} ]; then - rm -f ${PKI_PIDFILE} - fi - if [ -h ${PKI_LOCKFILE} ]; then - rm -f ${PKI_LOCKFILE} - fi - ;; - esac - - return $rv -} - -start() -{ - error_rv=0 - rv=0 - config_errors=0 - errors=0 - - if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -eq 0 ]; then - echo - echo "ERROR: No '${PKI_TYPE}' instances installed!" - # 5 program is not installed - return 5 - fi - - if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ]; then - echo "BEGIN STARTING '${PKI_TYPE}' INSTANCES:" - fi - - # Start every PKI instance of this type that isn't already running - for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do - # Source values associated with this particular PKI instance - [ -f ${PKI_REGISTRY_ENTRY} ] && - . ${PKI_REGISTRY_ENTRY} - - [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo - - start_instance - rv=$? - if [ $rv = 6 ] ; then - # Since at least ONE configuration error exists, then there - # is at least ONE unconfigured instance from the PKI point - # of view. - # - # However, it must still be considered that the - # instance is "running" from the point of view of other - # OS programs such as 'chkconfig'. - # - # Therefore, ignore non-zero return codes resulting - # from configuration errors. - # - - config_errors=`expr $config_errors + 1` - rv=0 - elif [ $rv != 0 ] ; then - errors=`expr $errors + 1` - error_rv=$rv - fi - done - - if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt ${errors} ] ; then - touch ${lockfile} - chmod 00600 ${lockfile} - fi - - # ONLY print a "WARNING" message if multiple - # instances are being examined - if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then - # NOTE: "bad" return code(s) OVERRIDE configuration errors! - if [ ${errors} -eq 1 ]; then - # Since only ONE error exists, return that "bad" error code. - rv=${error_rv} - elif [ ${errors} -gt 1 ]; then - # Since MORE than ONE error exists, return an OVERALL status - # of "1 generic or unspecified error (current practice)" - rv=1 - fi - - if [ ${errors} -ge 1 ]; then - echo - echo -n "WARNING: " - echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} " - echo -n "'${PKI_TYPE}' instances failed to start!" - echo - fi - - if [ ${TOTAL_UNCONFIGURED_PKI_ENTRIES} -ge 1 ]; then - echo - echo -n "WARNING: " - echo -n "${TOTAL_UNCONFIGURED_PKI_ENTRIES} " - echo -n "of ${TOTAL_PKI_REGISTRY_ENTRIES} " - echo -n "'${PKI_TYPE}' instances MUST be configured!" - echo - fi - - echo - echo "FINISHED STARTING '${PKI_TYPE}' INSTANCE(S)." - fi - - return $rv -} - -stop() -{ - error_rv=0 - rv=0 - errors=0 - - if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -eq 0 ]; then - echo - echo "ERROR: No '${PKI_TYPE}' instances installed!" - # 5 program is not installed - return 5 - fi - - if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then - echo "BEGIN SHUTTING DOWN '${PKI_TYPE}' INSTANCE(S):" - fi - - # Shutdown every PKI instance of this type that is running - for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do - # Source values associated with this particular PKI instance - [ -f ${PKI_REGISTRY_ENTRY} ] && - . ${PKI_REGISTRY_ENTRY} - - [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo - - stop_instance - rv=$? - if [ $rv != 0 ] ; then - errors=`expr $errors + 1` - error_rv=$rv - fi - done - - if [ ${errors} -eq 0 ] ; then - rm -f ${lockfile} - fi - - # ONLY print a "WARNING" message if multiple - # instances are being examined - if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then - if [ ${errors} -eq 1 ]; then - # Since only ONE error exists, return that "bad" error code. - rv=${error_rv} - elif [ ${errors} -gt 1 ]; then - # Since MORE than ONE error exists, return an OVERALL status - # of "1 generic or unspecified error (current practice)" - rv=1 - fi - - if [ ${errors} -ge 1 ]; then - echo - echo -n "WARNING: " - echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} " - echo -n "'${PKI_TYPE}' instances were " - echo -n "unsuccessfully stopped!" - echo - fi - - echo - echo "FINISHED SHUTTING DOWN '${PKI_TYPE}' INSTANCE(S)." - fi - - return $rv -} - -restart() -{ - stop - sleep 2 - start - - return $? -} - -registry_status() -{ - error_rv=0 - rv=0 - errors=0 - - if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -eq 0 ]; then - echo - echo "ERROR: No '${PKI_TYPE}' instances installed!" - # 4 program or service status is unknown - return 4 - fi - - if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then - echo "REPORT STATUS OF '${PKI_TYPE}' INSTANCE(S):" - fi - - # Obtain status of every PKI instance of this type - for PKI_REGISTRY_ENTRY in ${PKI_REGISTRY_ENTRIES}; do - # Source values associated with this particular PKI instance - [ -f ${PKI_REGISTRY_ENTRY} ] && - . ${PKI_REGISTRY_ENTRY} - - [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] && echo - - case $PKI_SUBSYSTEM_TYPE in - ca|kra|ocsp|tks) - if [ $SYSTEMD ]; then - display_instance_status_systemd - else - display_instance_status - fi - rv=$? - ;; - tps|ra) - display_instance_status - rv=$? - ;; - esac - if [ $rv -ne 0 ] ; then - errors=`expr $errors + 1` - error_rv=$rv - fi - done - - # ONLY print a "WARNING" message if multiple - # instances are being examined - if [ ${TOTAL_PKI_REGISTRY_ENTRIES} -gt 1 ] ; then - if [ ${errors} -eq 1 ]; then - # Since only ONE error exists, return that "bad" error code. - rv=${error_rv} - elif [ ${errors} -gt 1 ]; then - # Since MORE than ONE error exists, return an OVERALL status - # of "4 - program or service status is unknown" - rv=4 - fi - - if [ ${errors} -ge 1 ]; then - echo - echo -n "WARNING: " - echo -n "${errors} of ${TOTAL_PKI_REGISTRY_ENTRIES} " - echo -n "'${PKI_TYPE}' instances reported status failures!" - echo - fi - - if [ ${TOTAL_UNCONFIGURED_PKI_ENTRIES} -ge 1 ]; then - echo - echo -n "WARNING: " - echo -n "${TOTAL_UNCONFIGURED_PKI_ENTRIES} " - echo -n "of ${TOTAL_PKI_REGISTRY_ENTRIES} " - echo -n "'${PKI_TYPE}' instances MUST be configured!" - echo - fi - - echo - echo "FINISHED REPORTING STATUS OF '${PKI_TYPE}' INSTANCE(S)." - fi - - return $rv -} - diff --git a/base/setup/scripts/pki_apache_initscript b/base/setup/scripts/pki_apache_initscript deleted file mode 100755 index 9fde99567..000000000 --- a/base/setup/scripts/pki_apache_initscript +++ /dev/null @@ -1,232 +0,0 @@ -#!/bin/bash - -command="$1" - -# Source function library. -. /etc/init.d/functions - -PKI_REGISTRY_FILE=[PKI_REGISTRY_FILE] - -# Enable nullglob, if set then shell pattern globs which do not match any -# file returns the empty string rather than the unmodified glob pattern. -shopt -s nullglob - -OS=`uname -s` -ARCHITECTURE=`arch` - -# Source values associated with this particular PKI instance -if [ -f $PKI_REGISTRY_FILE ]; then - . ${PKI_REGISTRY_FILE} -else - echo "No PKI registry file ($PKI_REGISTRY_FILE)" - case $command in - status) - exit 4 - ;; - *) - exit 1 - ;; - esac -fi - -prog=$PKI_INSTANCE_NAME -lockfile=$PKI_LOCK_FILE -pidfile=$PKI_PID_FILE - - -STARTUP_WAIT=30 -SHUTDOWN_WAIT=30 - -start() -{ - rv=0 - - echo -n $"Starting ${prog}: " - - if [ -f ${lockfile} ] ; then - if [ -f ${pidfile} ]; then - read kpid < ${pidfile} - if checkpid $kpid 2>&1; then - echo - echo "${PKI_INSTANCE_NAME} (pid ${kpid}) is already running ..." - echo - return 0 - else - echo - echo -n "lock file found but no process " - echo -n "running for pid $kpid, continuing" - echo - echo - rm -f ${lockfile} - fi - fi - fi - - # restore context for ncipher hsm - [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast - - if [ ${ARCHITECTURE} = "x86_64" ] ; then - # NOTE: "daemon" is incompatible with "httpd" on 64-bit architectures - LANG=${PKI_HTTPD_LANG} ${httpd} ${PKI_OPTIONS} - rv=$? - else - LANG=${PKI_HTTPD_LANG} daemon ${httpd} ${PKI_OPTIONS} - rv=$? - # overwrite output from "daemon" - echo -n $"Starting ${prog}: " - fi - - if [ ${rv} = 0 ] ; then - touch ${lockfile} - chown ${PKI_USER}:${PKI_GROUP} ${lockfile} - chmod 00600 ${lockfile} - - count=0; - - let swait=$STARTUP_WAIT - until [ -s ${pidfile} ] || - [ $count -gt $swait ] - do - echo -n "." - sleep 1 - let count=$count+1; - done - - echo_success - echo - - # Set permissions of log files - for file in ${pki_logs_directory}/*; do - if [ `basename $file` != "signedAudit" ]; then - chown ${PKI_USER}:${PKI_GROUP} ${file} - chmod 00640 ${file} - fi - done - - if [ -d ${pki_logs_directory}/signedAudit ]; then - for file in ${pki_logs_directory}/signedAudit/*; do - chown ${PKI_USER} ${file} - chmod 00640 ${file} - done - fi - - else - echo_failure - echo - fi - - - return ${rv} -} - -stop() -{ - rv=0 - - echo -n "Stopping ${prog}: " - - if [ -f ${lockfile} ] ; then - ${httpd} ${PKI_OPTIONS} -k stop - rv=$? - - if [ ${rv} = 0 ]; then - count=0; - - if [ -f ${pidfile} ]; then - read kpid < ${pidfile} - let kwait=$SHUTDOWN_WAIT - - until [ `ps -p $kpid | grep -c $kpid` = '0' ] || - [ $count -gt $kwait ] - do - echo -n "." - sleep 1 - let count=$count+1; - done - - if [ $count -gt $kwait ]; then - kill -9 $kpid - fi - fi - - rm -f ${lockfile} - rm -f ${pidfile} - - echo_success - echo - else - echo_failure - echo - rv=${default_error} - fi - else - echo - echo "process already stopped" - rv=0 - fi - - return ${rv} -} - -reload() -{ - rv=0 - - echo -n $"Reloading ${prog}: " - - if ! LANG=${PKI_HTTPD_LANG} ${httpd} ${PKI_OPTIONS} -t >&/dev/null; then - rv=$? - echo $"not reloading due to configuration syntax error" - failure $"not reloading ${httpd} due to configuration syntax error" - else - killproc -p ${pidfile} ${httpd} -HUP - rv=$? - fi - echo - - return ${rv} -} - -instance_status() -{ - status -p ${pidfile} ${prog} - rv=$? - return $rv -} - -# See how we were called. -case $command in - status) - instance_status - exit $? - ;; - start) - start - exit $? - ;; - restart) - restart - exit $? - ;; - stop) - stop - exit $? - ;; - condrestart|force-restart|try-restart) - [ ! -f ${lockfile} ] || restart - exit $? - ;; - reload) - echo "The 'reload' action is an unimplemented feature." - exit 3 - ;; - condrestart|force-restart|try-restart) - [ ! -f ${lockfile} ] || restart - exit $? - ;; - *) - echo "unknown action ($command)" - exit 2 - ;; -esac - diff --git a/base/setup/scripts/pkicontrol b/base/setup/scripts/pkicontrol deleted file mode 100755 index f9a279b07..000000000 --- a/base/setup/scripts/pkicontrol +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash -# -# --- BEGIN COPYRIGHT BLOCK --- -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License along -# with this program; if not, write to the Free Software Foundation, Inc., -# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -# -# Copyright (C) 2007-2010 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- -# - -PROG_NAME=`basename $0` -SERVICE_NAME="pkicontrol" -SERVICE_PROG="/bin/systemctl" - -command="$1" -pki_subsystem_type="$2" -pki_instance="$3" - -PKI_PATH="/usr/share/pki/${pki_subsystem_type}" -PKI_REGISTRY="/etc/sysconfig/pki/${pki_subsystem_type}" -PKI_TYPE="pki-${pki_subsystem_type}" -PKI_SYSTEMD_TARGET="pki-${pki_subsystem_type}d" -SYSTEMD=1 - -# Source the PKI function library -. /usr/share/pki/scripts/functions - -# See how we were called. -case $command in - status) - registry_status - exit $? - ;; - start) - start - exit $? - ;; - restart) - restart - exit $? - ;; - stop) - stop - exit $? - ;; - condrestart|force-restart|try-restart) - [ ! -f ${lockfile} ] || restart - exit $? - ;; - reload) - echo "The 'reload' action is an unimplemented feature." - exit ${default_error} - ;; - *) - echo "unknown action ($command)" - usage - echo "where valid instance names include:" - list_instances - exit ${default_error} - ;; -esac - diff --git a/base/silent/CMakeLists.txt b/base/silent/CMakeLists.txt deleted file mode 100644 index f2524e926..000000000 --- a/base/silent/CMakeLists.txt +++ /dev/null @@ -1,16 +0,0 @@ -project(silent NONE) - -add_subdirectory(src) -add_subdirectory(scripts) - -install( - FILES - templates/pki_silent.template - DESTINATION - ${DATA_INSTALL_DIR}/silent/ - PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) - diff --git a/base/silent/LICENSE b/base/silent/LICENSE deleted file mode 100644 index e281f4362..000000000 --- a/base/silent/LICENSE +++ /dev/null @@ -1,291 +0,0 @@ -This Program is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published -by the Free Software Foundation; version 2 of the License. - -This Program is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -for more details. - -You should have received a copy of the GNU General Public License -along with this Program; if not, write to the Free Software -Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. - - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The licenses for most software are designed to take away your -freedom to share and change it. By contrast, the GNU General Public -License is intended to guarantee your freedom to share and change free -software--to make sure the software is free for all its users. This -General Public License applies to most of the Free Software -Foundation's software and to any other program whose authors commit to -using it. (Some other Free Software Foundation software is covered by -the GNU Lesser General Public License instead.) You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -this service if you wish), that you receive source code or can get it -if you want it, that you can change the software or use pieces of it -in new free programs; and that you know you can do these things. - - To protect your rights, we need to make restrictions that forbid -anyone to deny you these rights or to ask you to surrender the rights. -These restrictions translate to certain responsibilities for you if you -distribute copies of the software, or if you modify it. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must give the recipients all the rights that -you have. You must make sure that they, too, receive or can get the -source code. And you must show them these terms so they know their -rights. - - We protect your rights with two steps: (1) copyright the software, and -(2) offer you this license which gives you legal permission to copy, -distribute and/or modify the software. - - Also, for each author's protection and ours, we want to make certain -that everyone understands that there is no warranty for this free -software. If the software is modified by someone else and passed on, we -want its recipients to know that what they have is not the original, so -that any problems introduced by others will not reflect on the original -authors' reputations. - - Finally, any free program is threatened constantly by software -patents. We wish to avoid the danger that redistributors of a free -program will individually obtain patent licenses, in effect making the -program proprietary. To prevent this, we have made it clear that any -patent must be licensed for everyone's free use or not licensed at all. - - The precise terms and conditions for copying, distribution and -modification follow. - - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. This License applies to any program or other work which contains -a notice placed by the copyright holder saying it may be distributed -under the terms of this General Public License. The "Program", below, -refers to any such program or work, and a "work based on the Program" -means either the Program or any derivative work under copyright law: -that is to say, a work containing the Program or a portion of it, -either verbatim or with modifications and/or translated into another -language. (Hereinafter, translation is included without limitation in -the term "modification".) Each licensee is addressed as "you". - -Activities other than copying, distribution and modification are not -covered by this License; they are outside its scope. The act of -running the Program is not restricted, and the output from the Program -is covered only if its contents constitute a work based on the -Program (independent of having been made by running the Program). -Whether that is true depends on what the Program does. - - 1. You may copy and distribute verbatim copies of the Program's -source code as you receive it, in any medium, provided that you -conspicuously and appropriately publish on each copy an appropriate -copyright notice and disclaimer of warranty; keep intact all the -notices that refer to this License and to the absence of any warranty; -and give any other recipients of the Program a copy of this License -along with the Program. - -You may charge a fee for the physical act of transferring a copy, and -you may at your option offer warranty protection in exchange for a fee. - - 2. You may modify your copy or copies of the Program or any portion -of it, thus forming a work based on the Program, and copy and -distribute such modifications or work under the terms of Section 1 -above, provided that you also meet all of these conditions: - - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - -These requirements apply to the modified work as a whole. If -identifiable sections of that work are not derived from the Program, -and can be reasonably considered independent and separate works in -themselves, then this License, and its terms, do not apply to those -sections when you distribute them as separate works. But when you -distribute the same sections as part of a whole which is a work based -on the Program, the distribution of the whole must be on the terms of -this License, whose permissions for other licensees extend to the -entire whole, and thus to each and every part regardless of who wrote it. - -Thus, it is not the intent of this section to claim rights or contest -your rights to work written entirely by you; rather, the intent is to -exercise the right to control the distribution of derivative or -collective works based on the Program. - -In addition, mere aggregation of another work not based on the Program -with the Program (or with a work based on the Program) on a volume of -a storage or distribution medium does not bring the other work under -the scope of this License. - - 3. You may copy and distribute the Program (or a work based on it, -under Section 2) in object code or executable form under the terms of -Sections 1 and 2 above provided that you also do one of the following: - - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - -The source code for a work means the preferred form of the work for -making modifications to it. For an executable work, complete source -code means all the source code for all modules it contains, plus any -associated interface definition files, plus the scripts used to -control compilation and installation of the executable. However, as a -special exception, the source code distributed need not include -anything that is normally distributed (in either source or binary -form) with the major components (compiler, kernel, and so on) of the -operating system on which the executable runs, unless that component -itself accompanies the executable. - -If distribution of executable or object code is made by offering -access to copy from a designated place, then offering equivalent -access to copy the source code from the same place counts as -distribution of the source code, even though third parties are not -compelled to copy the source along with the object code. - - 4. You may not copy, modify, sublicense, or distribute the Program -except as expressly provided under this License. Any attempt -otherwise to copy, modify, sublicense or distribute the Program is -void, and will automatically terminate your rights under this License. -However, parties who have received copies, or rights, from you under -this License will not have their licenses terminated so long as such -parties remain in full compliance. - - 5. You are not required to accept this License, since you have not -signed it. However, nothing else grants you permission to modify or -distribute the Program or its derivative works. These actions are -prohibited by law if you do not accept this License. Therefore, by -modifying or distributing the Program (or any work based on the -Program), you indicate your acceptance of this License to do so, and -all its terms and conditions for copying, distributing or modifying -the Program or works based on it. - - 6. Each time you redistribute the Program (or any work based on the -Program), the recipient automatically receives a license from the -original licensor to copy, distribute or modify the Program subject to -these terms and conditions. You may not impose any further -restrictions on the recipients' exercise of the rights granted herein. -You are not responsible for enforcing compliance by third parties to -this License. - - 7. If, as a consequence of a court judgment or allegation of patent -infringement or for any other reason (not limited to patent issues), -conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot -distribute so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you -may not distribute the Program at all. For example, if a patent -license would not permit royalty-free redistribution of the Program by -all those who receive copies directly or indirectly through you, then -the only way you could satisfy both it and this License would be to -refrain entirely from distribution of the Program. - -If any portion of this section is held invalid or unenforceable under -any particular circumstance, the balance of the section is intended to -apply and the section as a whole is intended to apply in other -circumstances. - -It is not the purpose of this section to induce you to infringe any -patents or other property right claims or to contest validity of any -such claims; this section has the sole purpose of protecting the -integrity of the free software distribution system, which is -implemented by public license practices. Many people have made -generous contributions to the wide range of software distributed -through that system in reliance on consistent application of that -system; it is up to the author/donor to decide if he or she is willing -to distribute software through any other system and a licensee cannot -impose that choice. - -This section is intended to make thoroughly clear what is believed to -be a consequence of the rest of this License. - - 8. If the distribution and/or use of the Program is restricted in -certain countries either by patents or by copyrighted interfaces, the -original copyright holder who places the Program under this License -may add an explicit geographical distribution limitation excluding -those countries, so that distribution is permitted only in or among -countries not thus excluded. In such case, this License incorporates -the limitation as if written in the body of this License. - - 9. The Free Software Foundation may publish revised and/or new versions -of the General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - -Each version is given a distinguishing version number. If the Program -specifies a version number of this License which applies to it and "any -later version", you have the option of following the terms and conditions -either of that version or of any later version published by the Free -Software Foundation. If the Program does not specify a version number of -this License, you may choose any version ever published by the Free Software -Foundation. - - 10. If you wish to incorporate parts of the Program into other free -programs whose distribution conditions are different, write to the author -to ask for permission. For software which is copyrighted by the Free -Software Foundation, write to the Free Software Foundation; we sometimes -make exceptions for this. Our decision will be guided by the two goals -of preserving the free status of all derivatives of our free software and -of promoting the sharing and reuse of software generally. - - NO WARRANTY - - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY -FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN -OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES -PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED -OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS -TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE -PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, -REPAIR OR CORRECTION. - - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR -REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, -INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING -OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED -TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY -YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER -PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE -POSSIBILITY OF SUCH DAMAGES. diff --git a/base/silent/scripts/CMakeLists.txt b/base/silent/scripts/CMakeLists.txt deleted file mode 100644 index df4dfc469..000000000 --- a/base/silent/scripts/CMakeLists.txt +++ /dev/null @@ -1,10 +0,0 @@ -install( - FILES - pkisilent - DESTINATION - ${BIN_INSTALL_DIR} - PERMISSIONS - OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ -) diff --git a/base/silent/scripts/pkisilent b/base/silent/scripts/pkisilent deleted file mode 100755 index d0189031a..000000000 --- a/base/silent/scripts/pkisilent +++ /dev/null @@ -1,117 +0,0 @@ -#!/usr/bin/perl -# --- BEGIN COPYRIGHT BLOCK --- -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, -# Boston, MA 02110-1301 USA -# -# Copyright (C) 2007 Red Hat, Inc. -# All rights reserved. -# --- END COPYRIGHT BLOCK --- - -############################################################################### -## (1) Specify variables used by this script. ## -############################################################################### - -my $PRODUCT="pki"; -my $libpath=""; - - -############################################################################### -## (2) Define helper functions. ## -############################################################################### - -sub invalid_architecture() -{ - print "\n"; - print "ERROR: pkisilent does not execute on this architecture\n"; - print "ERROR: check to make sure pki-tools package is installed!\n"; - print "\n"; -} - - -############################################################################### -## (3) Set the LD_LIBRARY_PATH environment variable ## -## (as well as the ${libpath} java property) to determine the ## -## search order this command uses to find shared libraries. ## -############################################################################### - -my $ARCHITECTURE=`arch`; -chop( $ARCHITECTURE ); - -if( $ARCHITECTURE eq "i686" ) { - $libpath="/usr/lib"; - - $ENV{LD_LIBRARY_PATH} = "/usr/lib/jss:" - . "/usr/lib:/lib"; -} elsif($ARCHITECTURE eq "x86_64") { - $libpath="/usr/lib64"; - - $ENV{LD_LIBRARY_PATH} = "/usr/lib64/jss:" - . "/usr/lib64:/lib64:" - . "/usr/lib/jss:" - . "/usr/lib:/lib"; -} else { - invalid_architecture(); - exit(255); -} - - -############################################################################### -## (4) Set the CP environment variable to determine the search ## -## order this command wrapper uses to find jar files. ## -############################################################################### - -print "libpath=$libpath\n"; - -$ENV{CLASSPATH} = "/usr/share/java/${PRODUCT}/pki-silent.jar:" - . "/usr/share/java/${PRODUCT}/pki-certsrv.jar:" - . "/usr/share/java/${PRODUCT}/pki-cmscore.jar:" - . "/usr/share/java/${PRODUCT}/pki-nsutil.jar:" - . "/usr/share/java/${PRODUCT}/pki-cmsutil.jar:" - . "/usr/share/java/${PRODUCT}/pki-tools.jar:" - . "/usr/share/java/ldapjdk.jar:" - . "/usr/share/java/commons-codec.jar:" - . "/usr/share/java/xerces-j2.jar:" - . "/usr/share/java/xml-commons-apis.jar:" - . "/usr/share/java/xml-commons-resolver.jar:"; -if( $ARCHITECTURE eq "x86_64" ) { - $ENV{CLASSPATH} = $ENV{CLASSPATH} - . "/usr/lib64/java/jss4.jar:" - . "/usr/lib/java/jss4.jar:"; -} else { - $ENV{CLASSPATH} = $ENV{CLASSPATH} - . "/usr/lib/java/jss4.jar:"; -} - - -############################################################################### -## (5) Execute the java command specified by this java command wrapper ## -## based upon the preset LD_LIBRARY_PATH and CP environment variables. ## -############################################################################### - -my @args = (); -foreach (@ARGV) { - push(@args, quotemeta($_)); -} -my $output = `java -cp $ENV{CLASSPATH} com.netscape.pkisilent.PKISilent @args`; -my $status = $?; - -print "#######################################################################\n"; -print "$output\n"; -print "#######################################################################\n"; - -if ($status != 0) { - exit(255); -} else { - exit(0); -} diff --git a/base/silent/src/CMakeLists.txt b/base/silent/src/CMakeLists.txt deleted file mode 100644 index 56809caac..000000000 --- a/base/silent/src/CMakeLists.txt +++ /dev/null @@ -1,72 +0,0 @@ -project(pki-silent_java NONE) - -find_file(JSS_JAR - NAMES - jss4.jar - PATHS - ${JAVA_LIB_INSTALL_DIR} - /usr/share/java -) - -find_file(LDAPJDK_JAR - NAMES - ldapjdk.jar - PATHS - ${JAVA_LIB_INSTALL_DIR} - /usr/share/java -) - -find_file(XERCES_JAR - NAMES - xerces-j2.jar - PATHS - ${JAVA_LIB_INSTALL_DIR} - /usr/share/java -) - -# build pki-silent -javac(pki-silent-classes - SOURCES - com/netscape/pkisilent/*.java - CLASSPATH - ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR} - ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR} - ${LDAPJDK_JAR} ${XERCES_JAR} - ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR} - OUTPUT_DIR - ${CMAKE_BINARY_DIR}/classes - DEPENDS - symkey-jar pki-cmsutil-jar pki-nsutil-jar pki-certsrv-jar pki-cms-jar -) - -configure_file( - ${CMAKE_CURRENT_SOURCE_DIR}/pki-silent.mf - ${CMAKE_CURRENT_BINARY_DIR}/pki-silent.mf -) - -jar(pki-silent-jar - CREATE - ${CMAKE_BINARY_DIR}/dist/pki-silent.jar - OPTIONS - m - PARAMS - ${CMAKE_CURRENT_BINARY_DIR}/pki-silent.mf - INPUT_DIR - ${CMAKE_BINARY_DIR}/classes - FILES - com/netscape/pkisilent/*.class - EXCLUDE - com/netscape/pkisilent/argparser/ArgParserTest*.class - com/netscape/pkisilent/common/checkRequest.class - DEPENDS - pki-silent-classes -) - -install( - FILES - ${CMAKE_BINARY_DIR}/dist/pki-silent.jar - DESTINATION - ${JAVA_JAR_INSTALL_DIR}/pki -) - -set(PKI_SILENT_JAR ${CMAKE_BINARY_DIR}/dist/pki-silent.jar CACHE INTERNAL "pki-silent jar file") diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureCA.java b/base/silent/src/com/netscape/pkisilent/ConfigureCA.java deleted file mode 100644 index 7f6834771..000000000 --- a/base/silent/src/com/netscape/pkisilent/ConfigureCA.java +++ /dev/null @@ -1,1723 +0,0 @@ -package com.netscape.pkisilent; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedInputStream; -import java.io.BufferedReader; -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStreamReader; -import java.io.PrintStream; -import java.net.URLEncoder; -import java.util.ArrayList; - -import org.mozilla.jss.asn1.SEQUENCE; -import org.mozilla.jss.pkcs12.AuthenticatedSafes; -import org.mozilla.jss.pkcs12.PFX; - -import com.netscape.cmsutil.util.Utils; -import com.netscape.pkisilent.argparser.ArgParser; -import com.netscape.pkisilent.argparser.StringHolder; -import com.netscape.pkisilent.common.ComCrypto; -import com.netscape.pkisilent.common.ParseXML; -import com.netscape.pkisilent.http.HTTPClient; -import com.netscape.pkisilent.http.HTTPResponse; - -public class ConfigureCA { - - // global constants - public static final String DEFAULT_KEY_TYPE = "RSA"; - public static final String DEFAULT_KEY_SIZE = "2048"; - public static final String DEFAULT_KEY_CURVENAME = "nistp256"; - public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA"; - public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC"; - public static final String SUCCESS = "success"; - public static final String FAILURE = "failure"; - - // define global variables - - public static HTTPClient hc = null; - - public static String login_uri = "/ca/admin/console/config/login"; - public static String wizard_uri = "/ca/admin/console/config/wizard"; - public static String admin_uri = "/ca/admin/ca/getBySerial"; - public static String pkcs12_uri = "/ca/admin/console/config/savepkcs12"; - public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; - public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; - - public static String cs_hostname = null; - public static String cs_port = null; - public static String client_certdb_dir = null; - public static String client_certdb_pwd = null; - - public static String sd_hostname = null; - public static String sd_ssl_port = null; - public static String sd_agent_port = null; - public static String sd_admin_port = null; - public static String sd_admin_name = null; - public static String sd_admin_password = null; - - // Login Panel - public static String pin = null; - - public static String domain_name = null; - - public static String admin_user = null; - public static String admin_email = null; - public static String admin_password = null; - public static String admin_serial_number = null; - public static String agent_name = null; - - public static String ldap_host = null; - public static String ldap_port = null; - public static String bind_dn = null; - public static String bind_password = null; - public static String base_dn = null; - public static String db_name = null; - public static String secure_conn = null; - public static String remove_data = null; - - public static String key_type = null; - public static String key_size = null; - public static String key_curvename = null; - public static String key_algorithm = null; - public static String signing_algorithm = null; - - public static String signing_key_type = null; - public static String signing_key_size = null; - public static String signing_key_curvename = null; - public static String signing_signingalgorithm = null; - - public static String ocsp_signing_key_type = null; - public static String ocsp_signing_key_size = null; - public static String ocsp_signing_key_curvename = null; - public static String ocsp_signing_signingalgorithm = null; - - public static String subsystem_key_type = null; - public static String subsystem_key_size = null; - public static String subsystem_key_curvename = null; - - public static String audit_signing_key_type = null; - public static String audit_signing_key_size = null; - public static String audit_signing_key_curvename = null; - - public static String sslserver_key_type = null; - public static String sslserver_key_size = null; - public static String sslserver_key_curvename = null; - - public static String token_name = null; - public static String token_pwd = null; - - public static String agent_key_size = null; - public static String agent_key_type = null; - public static String agent_cert_subject = null; - - public static String save_p12 = null; - public static String backup_pwd = null; - public static String backup_fname = null; - - public static String ca_cert_name = null; - public static String ca_cert_req = null; - public static String ca_cert_pp = null; - public static String ca_cert_cert = null; - - public static String ocsp_cert_name = null; - public static String ocsp_cert_req = null; - public static String ocsp_cert_pp = null; - public static String ocsp_cert_cert = null; - - public static String server_cert_name = null; - public static String server_cert_req = null; - public static String server_cert_pp = null; - public static String server_cert_cert = null; - - public static String ca_subsystem_cert_name = null; - public static String ca_subsystem_cert_req = null; - public static String ca_subsystem_cert_pp = null; - public static String ca_subsystem_cert_cert = null; - - public static String ca_audit_signing_cert_name = null; - public static String ca_audit_signing_cert_req = null; - public static String ca_audit_signing_cert_pp = null; - public static String ca_audit_signing_cert_cert = null; - - // names - public static String ca_sign_cert_subject_name = null; - public static String ca_subsystem_cert_subject_name = null; - public static String ca_ocsp_cert_subject_name = null; - public static String ca_server_cert_subject_name = null; - public static String ca_audit_signing_cert_subject_name = null; - - public static String subsystem_name = null; - - public static String external_ca = null; - public static String ext_ca_cert_file = null; - public static String ext_ca_cert_chain_file = null; - public static String ext_csr_file = null; - public static String signing_cc = null; - - public static boolean clone = false; - public static String clone_uri = null; - public static String clone_p12_passwd = null; - public static String clone_p12_file = null; - public static String clone_master_port = null; - public static String clone_replica_port = null; - public static String clone_replication_security = null; - - //for correct selection of CA to be cloned - public static String urls; - - public ConfigureCA() {// do nothing :) - } - - public String getStatus(HTTPResponse hr, String name) { - ByteArrayInputStream bais = null; - String status = null; - try { - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - ParseXML px = new ParseXML(); - px.parse(bais); - px.prettyprintxml(); - status = px.getvalue(name); - } catch (Exception e) { - System.out.println("Exception in getStatus(): " + e.toString()); - } - return status; - } - - public boolean checkStatus(HTTPResponse hr, String name, - String expected, String location) { - return checkStatus(hr, name, new String[] { expected }, location); - } - - public boolean checkStatus(HTTPResponse hr, String name, - String[] expected, String location) { - String status = getStatus(hr, name); - if (status == null) { - System.out.println("Error in " + location + ": " + name + - " value is null"); - return false; - } - for (int i = 0; i < expected.length; i++) { - if (status.equals(expected[i])) { - return true; - } - } - System.out.println("Error in " + location + ": " + name + - " returns " + status); - return false; - } - - public boolean LoginPanel() { - try { - boolean st = false; - HTTPResponse hr = null; - - String query_string = "pin=" + pin + "&xml=true"; - hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string); - System.out.println("xml returned: " + hr.getHTML()); - - // parse xml here - nothing to parse - - // get cookie - String temp = hr.getCookieValue("JSESSIONID"); - if (temp != null) { - int index = temp.indexOf(";"); - - HTTPClient.j_session_id = temp.substring(0, index); - st = true; - } - - hr = null; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - "p=0&op=next&xml=true"); - if (!checkStatus(hr, "status", "display", "LoginPanel()")) { - return false; - } - - return st; - } catch (Exception e) { - System.out.println("Exception in LoginPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean TokenChoicePanel() { - try { - HTTPResponse hr = null; - String query_string = null; - - // Software Token - if (token_name.equalsIgnoreCase("internal")) { - query_string = "p=1" + "&op=next" + "&xml=true" + "&choice=" - + URLEncoder.encode("Internal Key Storage Token", "UTF-8") + ""; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "TokenChoicePanel()")) { - return false; - } - } // HSM - else { - // login to hsm first - query_string = "p=2" + "&op=next" + "&xml=true" + "&uTokName=" - + URLEncoder.encode(token_name, "UTF-8") + "&__uPasswd=" - + URLEncoder.encode(token_pwd, "UTF-8") + ""; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "TokenChoicePanel()")) { - return false; - } - - // choice with token name now - query_string = "p=1" + "&op=next" + "&xml=true" + "&choice=" - + URLEncoder.encode(token_name, "UTF-8") + ""; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "TokenChoicePanel()")) { - return false; - } - } - return true; - } catch (Exception e) { - System.out.println("Exception in TokenChoicePanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean DomainPanel() { - try { - HTTPResponse hr = null; - String domain_url = "https://" + cs_hostname + ":" + cs_port; - String query_string = null; - - if (!clone) { - query_string = "sdomainURL=" + URLEncoder.encode(domain_url, "UTF-8") - + "&sdomainName=" + URLEncoder.encode(domain_name, "UTF-8") - + "&choice=newdomain" + "&p=3" + "&op=next" + "&xml=true"; - } else { - domain_url = "https://" + sd_hostname + ":" + sd_admin_port; - query_string = "sdomainURL=" + URLEncoder.encode(domain_url, "UTF-8") - + "&sdomainName=" - + "&choice=existingdomain" + "&p=3" + "&op=next" + "&xml=true"; - } - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "DomainPanel()")) { - return false; - } - - return true; - } catch (Exception e) { - System.out.println("Exception in DomainPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean DisplayCertChainPanel() { - try { - String query_string = "p=4" + "&op=next" + "&xml=true"; - hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - return true; - } catch (Exception e) { - System.out.println("Exception in DisplayCertChainPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean SecurityDomainLoginPanel() { - try { - HTTPResponse hr = null; - - String subca_url = "https://" + cs_hostname + ":" + cs_port + - "/ca/admin/console/config/wizard" + "?p=5&subsystem=CA"; - - String query_string = "url=" + URLEncoder.encode(subca_url, "UTF-8"); - - hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string); - - String query_string_1 = "uid=" + sd_admin_name + "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") + - "&url=" + URLEncoder.encode(subca_url, "UTF-8"); - - hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri, - query_string_1); - - // get session id from security domain - - String subca_session_id = hr.getContentValue("header.session_id"); - String subca_url_1 = hr.getContentValue("header.url"); - - System.out.println("SUBCA_SESSION_ID=" + subca_session_id); - System.out.println("SUBCA_URL=" + subca_url_1); - - // use session id to connect back to subCA - - String query_string_2 = "p=5" + "&subsystem=CA" + - "&session_id=" + subca_session_id + "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_2); - urls = hr.getHTML(); - int indx = urls.indexOf(clone_uri); - if (indx < 0) { - throw new Exception("Invalid clone_uri"); - } - urls = urls.substring(urls.lastIndexOf("<option", indx), indx); - urls = urls.split("\"")[1]; - - System.out.println("urls =" + urls); - return true; - } catch (Exception e) { - System.out.println("Exception in SecurityDomainLoginPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean CreateCAPanel() { - try { - HTTPResponse hr = null; - String query_string = null; - - if (!clone) { - query_string = "p=5" + "&op=next" + "&xml=true" - + "&choice=newsubsystem" + "&subsystemName=" - + URLEncoder.encode(subsystem_name, "UTF-8"); - } else { - query_string = "p=5" + "&op=next" + "&xml=true" - + "&choice=clonesubsystem" + "&subsystemName=" - + URLEncoder.encode(subsystem_name, "UTF-8") - + "&urls=" + urls + ""; - } - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "CreateCAPanel()")) { - return false; - } - - if (clone) { - - hr = null; - query_string = "p=6" + "&op=next" + "&xml=true"; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "CreateCAPanel(2)")) { - return false; - } - } - - return true; - } catch (Exception e) { - System.out.println("Exception in CreateCAPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean RestoreKeyCertPanel() { - try { - HTTPResponse hr = null; - - String query_string = "p=7" + "&op=next" + "&xml=true" - + "&__password=" + URLEncoder.encode(clone_p12_passwd, "UTF-8") - + "&path=" + URLEncoder.encode(clone_p12_file, "UTF-8") + ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "RestoreKeyCertPanel()")) { - return false; - } - return true; - } catch (Exception e) { - System.out.println("Exception in RestoreKeyCertPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean HierarchyPanel() { - try { - HTTPResponse hr = null; - - String query_string = "p=8" + "&op=next" + "&xml=true"; - if (external_ca.equalsIgnoreCase("true")) - query_string += "&choice=join"; - else - query_string += "&choice=root"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "HierarchyPanel()")) { - return false; - } - - return true; - } catch (Exception e) { - System.out.println("Exception in HierarchyPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - - } - - public boolean LdapConnectionPanel() { - try { - HTTPResponse hr = null; - - String query_string = "p=9" + "&op=next" + "&xml=true" + "&host=" - + URLEncoder.encode(ldap_host,"UTF-8") + "&port=" - + URLEncoder.encode(ldap_port,"UTF-8") + "&binddn=" - + URLEncoder.encode(bind_dn, "UTF-8") + "&__bindpwd=" - + URLEncoder.encode(bind_password, "UTF-8") + "&basedn=" - + URLEncoder.encode(base_dn, "UTF-8") + "&database=" - + URLEncoder.encode(db_name, "UTF-8") + "&display=" - + URLEncoder.encode("$displayStr", "UTF-8") - + (secure_conn.equals("true") ? "&secureConn=on" : "") - + "&masterReplicationPort=" + URLEncoder.encode(clone_master_port, "UTF-8") - + "&cloneReplicationPort=" + URLEncoder.encode(clone_replica_port, "UTF-8") - + "&replicationSecurity=" + URLEncoder.encode(clone_replication_security, "UTF-8") - + (remove_data.equals("true") ? "&removeData=true" : ""); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "LdapConnectionPanel()")) { - return false; - } - - return true; - } catch (Exception e) { - System.out.println("Exception in LdapConnectionPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean KeyPanel() { - try { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList<String> al = null; - String query_string = null; - if (clone) { - query_string = "p=10" + "&op=next" + "&xml=true" - + "&sslserver_custom_size=" + sslserver_key_size - + "&sslserver_custom_curvename=" + sslserver_key_curvename - + "&sslserver_choice=custom" - + "&sslserver_keytype=" + sslserver_key_type - + "&choice=custom" + "&keytype=" + key_type - + "&custom_size=" + key_size; - } else { - query_string = "p=10" + "&op=next" + "&xml=true" - + "&subsystem_custom_size=" + subsystem_key_size - + "&subsystem_custom_curvename=" + subsystem_key_curvename - + "&subsystem_keytype=" + subsystem_key_type - + "&subsystem_choice=custom" - + "&sslserver_custom_size=" + sslserver_key_size - + "&sslserver_custom_curvename=" + sslserver_key_curvename - + "&sslserver_keytype=" + sslserver_key_type - + "&sslserver_choice=custom" - + "&signing_custom_size=" + signing_key_size - + "&signing_custom_curvename=" + signing_key_curvename - + "&signing_keytype=" + signing_key_type - + "&signing_choice=custom" - + "&signing_keyalgorithm=" + key_algorithm - + "&signing_signingalgorithm=" + signing_signingalgorithm - + "&ocsp_signing_custom_size=" + ocsp_signing_key_size - + "&ocsp_signing_custom_curvename=" + ocsp_signing_key_curvename - + "&ocsp_signing_keytype=" + ocsp_signing_key_type - + "&ocsp_signing_choice=custom" - + "&ocsp_signing_signingalgorithm=" + ocsp_signing_signingalgorithm - + "&audit_signing_custom_size=" + audit_signing_key_size - + "&audit_signing_custom_curvename=" + audit_signing_key_curvename - + "&audit_signing_keytype=" + audit_signing_key_type - + "&audit_signing_choice=custom" - + "&custom_size=" + key_size - + "&custom_curvename=" + key_curvename - + "&keytype=" + key_type - + "&choice=custom" - + "&signingalgorithm=" + signing_algorithm - + "&keyalgorithm=" + key_algorithm; - } - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "KeyPanel()")) { - return false; - } - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - - al = px.constructValueList("CertReqPair", "DN"); - // get ca cert subject name - if (al != null) { - for (int i = 0; i < al.size(); i++) { - String temp = al.get(i); - - if (temp.indexOf("Certificate Authority") > 0) { - ca_cert_name = temp; - } else if (temp.indexOf("OCSP Signing Certificate") > 0) { - ocsp_cert_name = temp; - } else if (temp.indexOf("Subsystem Certificate") > 0) { - ca_subsystem_cert_name = temp; - } else if (temp.indexOf("Audit Signing Certificate") > 0) { - ca_audit_signing_cert_name = temp; - } else { - server_cert_name = temp; - } - } - } - - System.out.println("default: ca_cert_name=" + ca_cert_name); - System.out.println("default: ocsp_cert_name=" + ocsp_cert_name); - System.out.println( - "default: ca_subsystem_cert_name=" + ca_subsystem_cert_name); - System.out.println( - "default: ca_audit_signing_cert_name=" + ca_audit_signing_cert_name); - System.out.println("default: server_cert_name=" + server_cert_name); - return true; - } catch (Exception e) { - System.out.println("Exception in KeyPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean CertSubjectPanel() { - try { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList<String> req_list = null; - ArrayList<String> cert_list = null; - ArrayList<String> dn_list = null; - String query_string = null; - - // use subject names provided as input - - if (!clone) { - query_string = "p=11" + "&op=next" + "&xml=true" + "&subsystem=" - + URLEncoder.encode(ca_subsystem_cert_subject_name, "UTF-8") - + "&ocsp_signing=" - + URLEncoder.encode(ca_ocsp_cert_subject_name, "UTF-8") + "&signing=" - + URLEncoder.encode(ca_sign_cert_subject_name, "UTF-8") + "&sslserver=" - + URLEncoder.encode(ca_server_cert_subject_name, "UTF-8") + "&audit_signing=" - + URLEncoder.encode(ca_audit_signing_cert_subject_name, "UTF-8") + "&urls=0" - + ""; - } else { - query_string = "p=11" + "&op=next" + "&xml=true" + "&sslserver=" - + URLEncoder.encode(ca_server_cert_subject_name, "UTF-8") + "&urls=0" - + ""; - } - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "CertSubjectPanel()")) { - return false; - } - - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - - req_list = px.constructValueList("CertReqPair", "Request"); - cert_list = px.constructValueList("CertReqPair", "Certificate"); - dn_list = px.constructValueList("CertReqPair", "Nickname"); - - System.out.println("req_list_size=" + req_list.size()); - System.out.println("cert_list_size=" + cert_list.size()); - System.out.println("dn_list_size=" + dn_list.size()); - - if (external_ca.equalsIgnoreCase("true")) { - if ((req_list != null) && (dn_list != null)) { - for (int i = 0; i < dn_list.size(); i++) { - String temp = dn_list.get(i); - if (temp.indexOf("caSigningCert") >= 0) { - ca_cert_req = req_list.get(i); - } - } - } - - if (ext_ca_cert_file == null) { - try { - FileOutputStream fos = new FileOutputStream(ext_csr_file); - PrintStream p = new PrintStream(fos); - p.println(ca_cert_req); - p.close(); - return true; - } catch (Exception e) { - System.out.println("CertSubjectPanel: Unable to write CSR for external CA to " + ext_csr_file); - System.out.println(e.toString()); - return false; - } - } else { - FileInputStream fis = null; - BufferedReader in = null; - try { - ca_cert_cert = ""; - fis = new FileInputStream(ext_ca_cert_file); - in = new BufferedReader(new InputStreamReader(fis)); - String line; - while ((line = in.readLine()) != null) { - ca_cert_cert += line; - } - in.close(); - - signing_cc = ""; - fis = new FileInputStream(ext_ca_cert_chain_file); - in = new BufferedReader(new InputStreamReader(fis)); - while ((line = in.readLine()) != null) { - signing_cc += line; - } - return true; - } catch (Exception e) { - System.out.println( - "CertSubjectPanel: Unable to read in external approved CA cert or certificate chain."); - System.out.println(e.toString()); - return false; - } finally { - if (fis != null) { - try { - fis.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (in != null) { - try { - in.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - } - } - - if (req_list != null && cert_list != null && dn_list != null) { - for (int i = 0; i < dn_list.size(); i++) { - String temp = dn_list.get(i); - - if (temp.indexOf("caSigningCert") >= 0) { - ca_cert_req = req_list.get(i); - ca_cert_cert = cert_list.get(i); - } else if (temp.indexOf("ocspSigningCert") >= 0) { - ocsp_cert_req = req_list.get(i); - ocsp_cert_cert = cert_list.get(i); - } else if (temp.indexOf("subsystemCert") >= 0) { - ca_subsystem_cert_req = req_list.get(i); - ca_subsystem_cert_cert = cert_list.get(i); - } else if (temp.indexOf("auditSigningCert") >= 0) { - ca_audit_signing_cert_req = req_list.get(i); - ca_audit_signing_cert_cert = cert_list.get(i); - } else { - server_cert_req = req_list.get(i); - server_cert_cert = cert_list.get(i); - } - } - } - - // print out subject names - System.out.println("ca_cert_name=" + ca_sign_cert_subject_name); - System.out.println("ocsp_cert_name=" + ca_ocsp_cert_subject_name); - System.out.println( - "ca_subsystem_cert_name=" + ca_subsystem_cert_subject_name); - System.out.println("server_cert_name=" + ca_server_cert_subject_name); - System.out.println("audit_signing_cert_name=" + ca_audit_signing_cert_subject_name); - - // print out requests - System.out.println("ca_cert_req=" + ca_cert_req); - System.out.println("ocsp_cert_req=" + ocsp_cert_req); - System.out.println("ca_subsystem_cert_req=" + ca_subsystem_cert_req); - System.out.println("server_cert_req=" + server_cert_req); - System.out.println("ca_audit_siging_cert_req=" + ca_audit_signing_cert_req); - - // print out certs - System.out.println("ca_cert_cert=" + ca_cert_cert); - System.out.println("ocsp_cert_cert=" + ocsp_cert_cert); - System.out.println("ca_subsystem_cert_cert=" + ca_subsystem_cert_cert); - System.out.println("server_cert_cert=" + server_cert_cert); - System.out.println("ca_audit_signing_cert_cert=" + ca_audit_signing_cert_cert); - - return true; - } catch (Exception e) { - System.out.println("Exception in CertSubjectPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - - } - - public boolean CertificatePanel() { - try { - HTTPResponse hr = null; - - String query_string = "p=12" + "&op=next" + "&xml=true" + "&subsystem=" - + URLEncoder.encode(ca_subsystem_cert_cert, "UTF-8") + "&subsystem_cc=" - + "&ocsp_signing=" + URLEncoder.encode(ocsp_cert_cert, "UTF-8") - + "&ocsp_signing_cc=" + "&signing=" - + URLEncoder.encode(ca_cert_cert, "UTF-8") + "&signing_cc=" - + "&audit_signing=" + URLEncoder.encode(ca_audit_signing_cert_cert, "UTF-8") - + "&audit_signing_cc=" - + "&sslserver=" + URLEncoder.encode(server_cert_cert, "UTF-8") - + "&sslserver_cc=" + ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "CertificatePanel()")) { - return false; - } - - return true; - } catch (Exception e) { - System.out.println("Exception in CertificatePanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - - } - - public boolean CertificatePanelExternal() { - try { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList<String> req_list = null; - ArrayList<String> cert_list = null; - ArrayList<String> dn_list = null; - String genString = "...certificate be generated internally..."; - - String query_string = "p=12" + "&op=apply" + "&xml=true" + "&subsystem=" - + URLEncoder.encode(genString, "UTF-8") + "&subsystem_cc=" - + "&ocsp_signing=" + URLEncoder.encode(genString, "UTF-8") - + "&ocsp_signing_cc=" + "&signing=" - + URLEncoder.encode(ca_cert_cert, "UTF-8") + "&signing_cc=" - + URLEncoder.encode(signing_cc, "UTF-8") - + "&audit_signing=" + URLEncoder.encode(genString, "UTF-8") - + "&audit_signing_cc=" - + "&sslserver=" + URLEncoder.encode(genString, "UTF-8") - + "&sslserver_cc=" + ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "CertificatePanelExternal()")) { - return false; - } - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - - req_list = px.constructValueList("CertReqPair", "Request"); - cert_list = px.constructValueList("CertReqPair", "Certificate"); - dn_list = px.constructValueList("CertReqPair", "Nickname"); - - System.out.println("req_list_size=" + req_list.size()); - System.out.println("cert_list_size=" + cert_list.size()); - System.out.println("dn_list_size=" + dn_list.size()); - - if (req_list != null && cert_list != null && dn_list != null) { - for (int i = 0; i < dn_list.size(); i++) { - String temp = dn_list.get(i); - - if (temp.indexOf("caSigningCert") >= 0) { - ca_cert_req = req_list.get(i); - ca_cert_cert = cert_list.get(i); - } else if (temp.indexOf("ocspSigningCert") >= 0) { - ocsp_cert_req = req_list.get(i); - ocsp_cert_cert = cert_list.get(i); - } else if (temp.indexOf("subsystemCert") >= 0) { - ca_subsystem_cert_req = req_list.get(i); - ca_subsystem_cert_cert = cert_list.get(i); - } else if (temp.indexOf("auditSigningCert") >= 0) { - ca_audit_signing_cert_req = req_list.get(i); - ca_audit_signing_cert_cert = cert_list.get(i); - } else { - server_cert_req = req_list.get(i); - server_cert_cert = cert_list.get(i); - } - } - } - - // print out subject name - System.out.println("ca_cert_name=" + ca_sign_cert_subject_name); - System.out.println("ocsp_cert_name=" + ca_ocsp_cert_subject_name); - System.out.println( - "ca_subsystem_cert_name=" + ca_subsystem_cert_subject_name); - System.out.println("server_cert_name=" + ca_server_cert_subject_name); - System.out.println( - "ca_audit_signing_cert_name=" + ca_audit_signing_cert_subject_name); - - // print out requests - System.out.println("ca_cert_req=" + ca_cert_req); - System.out.println("ocsp_cert_req=" + ocsp_cert_req); - System.out.println("ca_subsystem_cert_req=" + ca_subsystem_cert_req); - System.out.println("server_cert_req=" + server_cert_req); - System.out.println("ca_audit_signing_cert_req=" + ca_audit_signing_cert_req); - - // print out certs - System.out.println("ca_cert_cert=" + ca_cert_cert); - System.out.println("ocsp_cert_cert=" + ocsp_cert_cert); - System.out.println("ca_subsystem_cert_cert=" + ca_subsystem_cert_cert); - System.out.println("server_cert_cert=" + server_cert_cert); - System.out.println("ca_audit_signing_cert_cert=" + ca_audit_signing_cert_cert); - - return true; - } catch (Exception e) { - System.out.println("Exception in CertificatePanelExternal(): " + e.toString()); - e.printStackTrace(); - return false; - } - - } - - public boolean BackupPanel() { - try { - HTTPResponse hr = null; - - if (save_p12.equalsIgnoreCase("true")) { - String query_string = "p=13" + "&op=next" + "&xml=true" - + "&choice=backupkey" + "&__pwd=" + URLEncoder.encode(backup_pwd, "UTF-8") - + "&__pwdagain=" + URLEncoder.encode(backup_pwd, "UTF-8"); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "BackupPanel()")) { - return false; - } - - query_string = ""; - - hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string); - - // dump hr.getResponseData() to file - FileOutputStream fos = null; - try { - fos = new FileOutputStream(backup_fname); - fos.write(hr.getResponseData()); - } finally { - if (fos != null) { - fos.close(); - } - } - // set file to permissions 600 - String rtParams[] = { "chmod", "600", backup_fname }; - Process proc = Runtime.getRuntime().exec(rtParams); - BufferedReader br = null; - try { - br = new BufferedReader(new InputStreamReader(proc.getErrorStream())); - String line = null; - while ((line = br.readLine()) != null) - System.out.println("Error: " + line); - } finally { - if (br != null) { - br.close(); - } - } - proc.waitFor(); - - // verify p12 file - // Decode the P12 file - FileInputStream fis = null; - PFX pfx = null; - try { - fis = new FileInputStream(backup_fname); - PFX.Template pfxt = new PFX.Template(); - pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048)); - } finally { - if (fis != null) - fis.close(); - } - System.out.println("Decoded PFX"); - - // now peruse it for interesting info - System.out.println("Version: " + pfx.getVersion()); - AuthenticatedSafes authSafes = pfx.getAuthSafes(); - SEQUENCE asSeq = authSafes.getSequence(); - - System.out.println( - "AuthSafes has " + asSeq.size() + " SafeContents"); - } - - return true; - } catch (Exception e) { - System.out.println("Exception in BackupPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean BackupContinuePanel() { - try { - HTTPResponse hr = null; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - "p=14&op=next&xml=true"); - if (!checkStatus(hr, "updateStatus", SUCCESS, "BackupContinuePanel()")) { - return false; - } - - return true; - } catch (Exception e) { - System.out.println("Exception in BackupContinuePanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean ImportCACertPanel() { - try { - HTTPResponse hr = null; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - "p=15&op=next&xml=true"); - if (!checkStatus(hr, "updateStatus", SUCCESS, "ImportCACertPanel()")) { - return false; - } - - return true; - } catch (Exception e) { - System.out.println("Exception in ImportCACertPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean AdminCertReqPanel() { - try { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String admin_cert_request = null; - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd, - agent_cert_subject, agent_key_size, agent_key_type); - - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.setTransportCert(null); - cCrypt.setDualKey(false); - cCrypt.loginDB(); - - String crmf_request = cCrypt.generateCRMFrequest(); - - if (crmf_request == null) { - System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); - return false; - } - - admin_cert_request = crmf_request; - - String query_string = "p=16" + "&op=next" + "&xml=true" - + "&cert_request_type=" + "crmf" + "&uid=" + admin_user - + "&name=" + admin_user + "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") - + "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") + "&profileId=" - + "caAdminCert" + "&email=" + URLEncoder.encode(admin_email, "UTF-8") - + "&cert_request=" + URLEncoder.encode(admin_cert_request, "UTF-8") - + "&subject=" + URLEncoder.encode(agent_cert_subject, "UTF-8") - + "&clone=new" - + "&import=true" + "&securitydomain=" - + URLEncoder.encode(domain_name, "UTF-8") + ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "AdminCertReqPanel()")) { - return false; - } - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - - admin_serial_number = px.getvalue("serialNumber"); - - return true; - } catch (Exception e) { - System.out.println("Exception in AdminCertReqPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - - } - - public boolean AdminCertImportPanel() { - try { - boolean st = false; - HTTPResponse hr = null; - String cert_to_import = null; - - String query_string = "&serialNumber=" + admin_serial_number - + "&importCert=true" + ""; - - hr = hc.sslConnect(cs_hostname, cs_port, admin_uri, query_string); - - try { - // get response data - // Convert a byte array to base64 string - // cert_to_import = new sun.misc.BASE64Encoder().encode( - // hr.getResponseData()); - cert_to_import = Utils.base64encode(hr.getResponseData()); - - // Convert base64 string to a byte array - // buf = new sun.misc.BASE64Decoder().decodeBuffer(s); - - System.out.println("Cert to Import =" + cert_to_import); - } catch (Exception e) { - System.out.println("ERROR: failed to retrieve cert"); - } - - System.out.println("Cert to Import =" + cert_to_import); - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd, - null, null, null); - - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - String start = "-----BEGIN CERTIFICATE-----\r\n"; - String end = "\r\n-----END CERTIFICATE-----"; - - st = cCrypt.importCert(start + cert_to_import + end, agent_name); - if (!st) { - System.out.println( - "ERROR: AdminCertImportPanel() during cert import"); - return false; - } - - System.out.println("SUCCESS: imported admin user cert"); - return true; - } catch (Exception e) { - System.out.println("Exception in AdminCertImportPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean UpdateDomainPanel() { - try { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=17" + "&op=next" + "&xml=true" + "&caHost=" - + URLEncoder.encode("/", "UTF-8") + "&caPort=" + URLEncoder.encode("/", "UTF-8") - + ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - if (!checkStatus(hr, "updateStatus", SUCCESS, "UpdateDomainPanel()")) { - return false; - } - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - - String caHost = px.getvalue("host"); - String caPort = px.getvalue("port"); - String systemType = px.getvalue("systemType"); - - System.out.println("caHost=" + caHost); - System.out.println("caPort=" + caPort); - System.out.println("systemType=" + systemType); - - return true; - } catch (Exception e) { - System.out.println("Exception in UpdateDomainPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - - } - - public boolean ConfigureCAInstance() { - // 0. login to cert db - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd, - null, null, null); - - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - // instantiate http client - // enable ecc if need be - - if (key_type.equalsIgnoreCase("ecc")) { - hc = new HTTPClient(true); - } else { - hc = new HTTPClient(false); - } - - // 1. Login panel - boolean log_st = LoginPanel(); - - if (!log_st) { - System.out.println("ERROR: ConfigureCA: LoginPanel() failure"); - return false; - } - - // 2. Token Choice Panel - boolean disp_token = TokenChoicePanel(); - - if (!disp_token) { - System.out.println("ERROR: ConfigureCA: TokenChoicePanel() failure"); - return false; - } - - // 3. domain panel - boolean dom_st = DomainPanel(); - - if (!dom_st) { - System.out.println("ERROR: ConfigureCA: DomainPanel() failure"); - return false; - } - - // 4. display cert chain panel and security domain login - if (clone) { - boolean disp_st = DisplayCertChainPanel(); - if (!disp_st) { - System.out.println("ERROR: ConfigureCA: DisplayCertChainPanel() failure"); - return false; - } - - boolean sd_st = SecurityDomainLoginPanel(); - if (!sd_st) { - System.out.println("ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure"); - return false; - } - - } - - // 5. display create CA panel - boolean disp_cert = CreateCAPanel(); - - if (!disp_cert) { - System.out.println("ERROR: ConfigureCA: CreateCAPanel() failure"); - return false; - } - - // 6. display restore key cert panel - if (clone) { - boolean restore_st = RestoreKeyCertPanel(); - if (!restore_st) { - System.out.println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure"); - return false; - } - } - - // 7. hierarchy panel - if (!clone) { - boolean disp_h = HierarchyPanel(); - - if (!disp_h) { - System.out.println("ERROR: ConfigureCA: HierarchyPanel() failure"); - return false; - } - } - - // 8. ldap connection panel - boolean disp_ldap = LdapConnectionPanel(); - - if (!disp_ldap) { - System.out.println( - "ERROR: ConfigureCA: LdapConnectionPanel() failure"); - return false; - } - - // 9. Key Panel - boolean disp_key = KeyPanel(); - - if (!disp_key) { - System.out.println("ERROR: ConfigureCA: KeyPanel() failure"); - return false; - } - - // 10. Cert Subject Panel - boolean disp_csubj = CertSubjectPanel(); - - if (!disp_csubj) { - System.out.println("ERROR: ConfigureCA: CertSubjectPanel() failure"); - return false; - } - - // 11. Certificate Panel - boolean disp_cp; - - if (external_ca.equalsIgnoreCase("true")) { - if (ext_ca_cert_file != null) { - // second pass - cacert file defined - disp_cp = CertificatePanelExternal(); - - if (!disp_cp) { - System.out.println("ERROR: ConfigureCA: CertificatePanelExternal() failure"); - return false; - } - } else { - // first pass - cacert file not defined - System.out.println("A Certificate Request has been generated and stored in " + ext_csr_file); - System.out.println( - "Please submit this CSR to your external CA and obtain the CA Cert and CA Cert Chain"); - return true; - } - } - - disp_cp = CertificatePanel(); - - if (!disp_cp) { - System.out.println("ERROR: ConfigureCA: CertificatePanel() failure"); - return false; - } - - // 13. Backup Panel - boolean disp_back = BackupPanel(); - - if (!disp_back) { - System.out.println("ERROR: ConfigureCA: BackupPanel() failure"); - return false; - } - - // 14. Backup Continue Panel - boolean disp_back_cont = BackupContinuePanel(); - - if (!disp_back_cont) { - System.out.println("ERROR: ConfigureCA: BackupContinuePanel() failure"); - return false; - } - - // 15. Import CA Cert panel - boolean disp_import_cacert = ImportCACertPanel(); - - if (!disp_import_cacert) { - System.out.println("ERROR: ConfigureCA: ImportCACertPanel() failure"); - return false; - } - - if (clone) { - // no other panels required for clone - return true; - } - - // 16. Admin Cert Req Panel - boolean disp_adm = AdminCertReqPanel(); - - if (!disp_adm) { - System.out.println("ERROR: ConfigureCA: AdminCertReqPanel() failure"); - return false; - } - - // 14. Admin Cert import Panel - boolean disp_im = AdminCertImportPanel(); - - if (!disp_im) { - System.out.println( - "ERROR: ConfigureCA: AdminCertImportPanel() failure"); - return false; - } - - // 15. Update Domain Panel - boolean disp_ud = UpdateDomainPanel(); - - if (!disp_ud) { - System.out.println("ERROR: ConfigureCA: UpdateDomainPanel() failure"); - return false; - } - - return true; - } - - private static String set_default(String val, String def) { - if ((val == null) || (val.equals(""))) { - return def; - } else { - return val; - } - } - - public static void main(String args[]) { - ConfigureCA ca = new ConfigureCA(); - - // set variables - StringHolder x_cs_hostname = new StringHolder(); - StringHolder x_cs_port = new StringHolder(); - StringHolder x_client_certdb_dir = new StringHolder(); - StringHolder x_client_certdb_pwd = new StringHolder(); - StringHolder x_preop_pin = new StringHolder(); - - StringHolder x_domain_name = new StringHolder(); - - StringHolder x_admin_user = new StringHolder(); - StringHolder x_admin_email = new StringHolder(); - StringHolder x_admin_password = new StringHolder(); - - // ldap - StringHolder x_ldap_host = new StringHolder(); - StringHolder x_ldap_port = new StringHolder(); - StringHolder x_bind_dn = new StringHolder(); - StringHolder x_bind_password = new StringHolder(); - StringHolder x_base_dn = new StringHolder(); - StringHolder x_db_name = new StringHolder(); - StringHolder x_secure_conn = new StringHolder(); - StringHolder x_remove_data = new StringHolder(); - - // key properties (defaults) - StringHolder x_key_size = new StringHolder(); - StringHolder x_key_type = new StringHolder(); - StringHolder x_key_curvename = new StringHolder(); - StringHolder x_key_algorithm = new StringHolder(); - StringHolder x_signing_algorithm = new StringHolder(); - - // key properties (custom - signing) - StringHolder x_signing_key_size = new StringHolder(); - StringHolder x_signing_key_type = new StringHolder(); - StringHolder x_signing_key_curvename = new StringHolder(); - StringHolder x_signing_signingalgorithm = new StringHolder(); - - // key properties (custom - ocsp_signing) - StringHolder x_ocsp_signing_key_size = new StringHolder(); - StringHolder x_ocsp_signing_key_type = new StringHolder(); - StringHolder x_ocsp_signing_key_curvename = new StringHolder(); - StringHolder x_ocsp_signing_signingalgorithm = new StringHolder(); - - // key properties (custom - audit_signing) - StringHolder x_audit_signing_key_size = new StringHolder(); - StringHolder x_audit_signing_key_type = new StringHolder(); - StringHolder x_audit_signing_key_curvename = new StringHolder(); - - // key properties (custom - subsystem) - StringHolder x_subsystem_key_size = new StringHolder(); - StringHolder x_subsystem_key_type = new StringHolder(); - StringHolder x_subsystem_key_curvename = new StringHolder(); - - // key properties (custom - sslserver) - StringHolder x_sslserver_key_size = new StringHolder(); - StringHolder x_sslserver_key_type = new StringHolder(); - StringHolder x_sslserver_key_curvename = new StringHolder(); - - StringHolder x_token_name = new StringHolder(); - StringHolder x_token_pwd = new StringHolder(); - - StringHolder x_agent_name = new StringHolder(); - StringHolder x_save_p12 = new StringHolder(); - StringHolder x_backup_pwd = new StringHolder(); - StringHolder x_backup_fname = new StringHolder(); - - // separate key size for agent cert - StringHolder x_agent_key_size = new StringHolder(); - StringHolder x_agent_key_type = new StringHolder(); - StringHolder x_agent_cert_subject = new StringHolder(); - - // ca cert subject name params - StringHolder x_ca_sign_cert_subject_name = new StringHolder(); - StringHolder x_ca_subsystem_cert_subject_name = new StringHolder(); - StringHolder x_ca_ocsp_cert_subject_name = new StringHolder(); - StringHolder x_ca_server_cert_subject_name = new StringHolder(); - StringHolder x_ca_audit_signing_cert_subject_name = new StringHolder(); - - // subsystemName - StringHolder x_subsystem_name = new StringHolder(); - - // external CA cert - StringHolder x_external_ca = new StringHolder(); - StringHolder x_ext_ca_cert_file = new StringHolder(); - StringHolder x_ext_ca_cert_chain_file = new StringHolder(); - StringHolder x_ext_csr_file = new StringHolder(); - - //clone parameters - StringHolder x_clone = new StringHolder(); - StringHolder x_clone_uri = new StringHolder(); - StringHolder x_clone_p12_file = new StringHolder(); - StringHolder x_clone_p12_passwd = new StringHolder(); - StringHolder x_clone_master_port = new StringHolder(); - StringHolder x_clone_replica_port = new StringHolder(); - StringHolder x_clone_replication_security = new StringHolder(); - - //security domain - StringHolder x_sd_hostname = new StringHolder(); - StringHolder x_sd_ssl_port = new StringHolder(); - StringHolder x_sd_agent_port = new StringHolder(); - StringHolder x_sd_admin_port = new StringHolder(); - StringHolder x_sd_admin_name = new StringHolder(); - StringHolder x_sd_admin_password = new StringHolder(); - - // parse the args - ArgParser parser = new ArgParser("ConfigureCA"); - - parser.addOption("-cs_hostname %s #CS Hostname", x_cs_hostname); - parser.addOption("-cs_port %s #CS SSL Admin port", x_cs_port); - parser.addOption("-client_certdb_dir %s #Client CertDB dir", - x_client_certdb_dir); - parser.addOption("-client_certdb_pwd %s #client certdb password", - x_client_certdb_pwd); - parser.addOption("-preop_pin %s #pre op pin", x_preop_pin); - parser.addOption("-domain_name %s #domain name", x_domain_name); - parser.addOption("-admin_user %s #Admin User Name", x_admin_user); - parser.addOption("-admin_email %s #Admin email", x_admin_email); - parser.addOption("-admin_password %s #Admin password", x_admin_password); - parser.addOption("-agent_name %s #Agent Cert Nickname", x_agent_name); - parser.addOption("-agent_key_size %s #Agent Cert Key size", - x_agent_key_size); - parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]", - x_agent_key_type); - parser.addOption("-agent_cert_subject %s #Agent Certificate Subject", - x_agent_cert_subject); - - parser.addOption("-ldap_host %s #ldap host", x_ldap_host); - parser.addOption("-ldap_port %s #ldap port", x_ldap_port); - parser.addOption("-bind_dn %s #ldap bind dn", x_bind_dn); - parser.addOption("-bind_password %s #ldap bind password", - x_bind_password); - parser.addOption("-base_dn %s #base dn", x_base_dn); - parser.addOption("-db_name %s #db name", x_db_name); - parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); - parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", - x_remove_data); - - // key and algorithm options (default) - parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); - parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); - parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); - parser.addOption( - "-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", - x_key_algorithm); - parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)", - x_signing_algorithm); - - // key and algorithm options for signing certificate (overrides default) - parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type); - parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size); - parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_signing_key_curvename); - parser.addOption( - "-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)", - x_signing_signingalgorithm); - - // key and algorithm options for ocsp_signing certificate (overrides default) - parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_ocsp_signing_key_type); - parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)", - x_ocsp_signing_key_size); - parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_ocsp_signing_key_curvename); - parser.addOption( - "-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)", - x_ocsp_signing_signingalgorithm); - - // key and algorithm options for audit_signing certificate (overrides default) - parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_audit_signing_key_type); - parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", - x_audit_signing_key_size); - parser.addOption( - "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_audit_signing_key_curvename); - - // key and algorithm options for subsystem certificate (overrides default) - parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_subsystem_key_type); - parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", - x_subsystem_key_size); - parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_subsystem_key_curvename); - - // key and algorithm options for sslserver certificate (overrides default) - parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_sslserver_key_type); - parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", - x_sslserver_key_size); - parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_sslserver_key_curvename); - - parser.addOption("-token_name %s #HSM/Software Token name", x_token_name); - parser.addOption("-token_pwd %s #HSM/Software Token password (optional - only required for HSM)", - x_token_pwd); - - parser.addOption("-save_p12 %s #Enable/Disable p12 Export[true,false]", - x_save_p12); - parser.addOption("-backup_pwd %s #Backup Password for p12 (optional, only required if -save_p12 = true)", - x_backup_pwd); - parser.addOption("-backup_fname %s #Backup File for p12, (optional, default is /root/tmp-ca.p12)", - x_backup_fname); - - parser.addOption("-ca_sign_cert_subject_name %s #CA cert subject name", - x_ca_sign_cert_subject_name); - parser.addOption( - "-ca_subsystem_cert_subject_name %s #CA subsystem cert subject name", - x_ca_subsystem_cert_subject_name); - parser.addOption( - "-ca_ocsp_cert_subject_name %s #CA ocsp cert subject name", - x_ca_ocsp_cert_subject_name); - parser.addOption( - "-ca_server_cert_subject_name %s #CA server cert subject name", - x_ca_server_cert_subject_name); - parser.addOption( - "-ca_audit_signing_cert_subject_name %s #CA audit signing cert subject name", - x_ca_audit_signing_cert_subject_name); - - parser.addOption("-subsystem_name %s #CA subsystem name", - x_subsystem_name); - - parser.addOption("-external %s #Subordinate to external CA [true,false] (optional, default false)", - x_external_ca); - parser.addOption("-ext_ca_cert_file %s #File with CA cert from external CA (optional)", - x_ext_ca_cert_file); - parser.addOption("-ext_ca_cert_chain_file %s #File with CA cert from external CA (optional)", - x_ext_ca_cert_chain_file); - parser.addOption("-ext_csr_file %s #File to save the CSR for submission to an external CA (optional)", - x_ext_csr_file); - - parser.addOption("-clone %s #Clone of another CA [true, false] (optional, default false)", x_clone); - parser.addOption( - "-clone_uri %s #URL of Master CA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", - x_clone_uri); - parser.addOption( - "-clone_p12_file %s #File containing pk12 keys of Master CA (optional, required if -clone=true)", - x_clone_p12_file); - parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", - x_clone_p12_passwd); - - // replication agreement options - parser.addOption("-clone_master_port %s #Master Port to be used in replication agreement (optional)", - x_clone_master_port); - parser.addOption("-clone_replica_port %s #Replica Port to be used in replication agreement (optional)", - x_clone_replica_port); - parser.addOption("-clone_replication_security %s #Type of security in replication agreement (optional)", - x_clone_replication_security); - - parser.addOption("-sd_hostname %s #Security Domain Hostname (optional, required if -clone=true)", x_sd_hostname); - parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port (optional, required if -clone=true)", - x_sd_ssl_port); - parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port (optional, required if -clone=true)", - x_sd_agent_port); - parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port (optional, required if -clone=true)", - x_sd_admin_port); - parser.addOption("-sd_admin_name %s #Security Domain admin name (optional, required if -clone=true)", - x_sd_admin_name); - parser.addOption("-sd_admin_password %s #Security Domain admin password (optional, required if -clone=true)", - x_sd_admin_password); - - // and then match the arguments - String[] unmatched = null; - - unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED); - - if (unmatched != null) { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - parser.checkRequiredArgs(); - - // set variables - cs_hostname = x_cs_hostname.value; - cs_port = x_cs_port.value; - client_certdb_dir = x_client_certdb_dir.value; - client_certdb_pwd = x_client_certdb_pwd.value; - pin = x_preop_pin.value; - domain_name = x_domain_name.value; - admin_user = x_admin_user.value; - admin_email = x_admin_email.value; - admin_password = x_admin_password.value; - agent_name = x_agent_name.value; - - ldap_host = x_ldap_host.value; - ldap_port = x_ldap_port.value; - bind_dn = x_bind_dn.value; - bind_password = x_bind_password.value; - base_dn = x_base_dn.value; - db_name = x_db_name.value; - secure_conn = set_default(x_secure_conn.value, "false"); - remove_data = set_default(x_remove_data.value, "false"); - - key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); - signing_key_type = set_default(x_signing_key_type.value, key_type); - ocsp_signing_key_type = set_default(x_ocsp_signing_key_type.value, key_type); - audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); - subsystem_key_type = set_default(x_subsystem_key_type.value, key_type); - sslserver_key_type = set_default(x_sslserver_key_type.value, key_type); - - key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE); - signing_key_size = set_default(x_signing_key_size.value, key_size); - ocsp_signing_key_size = set_default(x_ocsp_signing_key_size.value, key_size); - audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size); - subsystem_key_size = set_default(x_subsystem_key_size.value, key_size); - sslserver_key_size = set_default(x_sslserver_key_size.value, key_size); - - key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME); - signing_key_curvename = set_default(x_signing_key_curvename.value, key_curvename); - ocsp_signing_key_curvename = set_default(x_ocsp_signing_key_curvename.value, key_curvename); - audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename); - subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename); - sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename); - - if (signing_key_type.equalsIgnoreCase("RSA")) { - key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA); - } else { - key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC); - } - - signing_algorithm = set_default(x_signing_algorithm.value, key_algorithm); - signing_signingalgorithm = set_default(x_signing_signingalgorithm.value, signing_algorithm); - ocsp_signing_signingalgorithm = set_default(x_ocsp_signing_signingalgorithm.value, signing_algorithm); - - token_name = x_token_name.value; - token_pwd = x_token_pwd.value; - save_p12 = x_save_p12.value; - backup_pwd = x_backup_pwd.value; - backup_fname = set_default(x_backup_fname.value, "/root/tmp-ca.p12"); - - agent_key_size = x_agent_key_size.value; - agent_key_type = x_agent_key_type.value; - agent_cert_subject = x_agent_cert_subject.value; - - ca_sign_cert_subject_name = x_ca_sign_cert_subject_name.value; - ca_subsystem_cert_subject_name = x_ca_subsystem_cert_subject_name.value; - ca_ocsp_cert_subject_name = x_ca_ocsp_cert_subject_name.value; - ca_server_cert_subject_name = x_ca_server_cert_subject_name.value; - ca_audit_signing_cert_subject_name = x_ca_audit_signing_cert_subject_name.value; - - subsystem_name = x_subsystem_name.value; - - external_ca = set_default(x_external_ca.value, "false"); - ext_ca_cert_file = x_ext_ca_cert_file.value; - ext_ca_cert_chain_file = x_ext_ca_cert_chain_file.value; - ext_csr_file = set_default(x_ext_csr_file.value, "/tmp/ext_ca.csr"); - - if ((x_clone.value != null) && (x_clone.value.equalsIgnoreCase("true"))) { - clone = true; - } else { - clone = false; - } - clone_uri = x_clone_uri.value; - clone_p12_file = x_clone_p12_file.value; - clone_p12_passwd = x_clone_p12_passwd.value; - clone_master_port = set_default(x_clone_master_port.value, ""); - clone_replica_port = set_default(x_clone_replica_port.value, ""); - clone_replication_security = set_default(x_clone_replication_security.value, "None"); - - sd_hostname = x_sd_hostname.value; - sd_ssl_port = x_sd_ssl_port.value; - sd_agent_port = x_sd_agent_port.value; - sd_admin_port = x_sd_admin_port.value; - sd_admin_name = x_sd_admin_name.value; - sd_admin_password = x_sd_admin_password.value; - - boolean st = ca.ConfigureCAInstance(); - - if (!st) { - System.out.println("ERROR: unable to create CA"); - System.exit(-1); - } - - System.out.println("Certificate System - CA Instance Configured."); - System.exit(0); - - } - -}; diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java b/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java deleted file mode 100644 index d4bbe599c..000000000 --- a/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java +++ /dev/null @@ -1,1399 +0,0 @@ -package com.netscape.pkisilent; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedInputStream; -import java.io.BufferedReader; -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStreamReader; -import java.net.URLEncoder; -import java.util.ArrayList; - -import org.mozilla.jss.asn1.SEQUENCE; -import org.mozilla.jss.pkcs12.AuthenticatedSafes; -import org.mozilla.jss.pkcs12.PFX; - -import com.netscape.cmsutil.util.Utils; -import com.netscape.pkisilent.argparser.ArgParser; -import com.netscape.pkisilent.argparser.StringHolder; -import com.netscape.pkisilent.common.ComCrypto; -import com.netscape.pkisilent.common.ParseXML; -import com.netscape.pkisilent.http.HTTPClient; -import com.netscape.pkisilent.http.HTTPResponse; - -public class ConfigureDRM { - - // global constants - public static final String DEFAULT_KEY_TYPE = "RSA"; - public static final String DEFAULT_KEY_SIZE = "2048"; - public static final String DEFAULT_KEY_CURVENAME = "nistp256"; - public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA"; - public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC"; - - // define global variables - - public static HTTPClient hc = null; - - public static String login_uri = "/kra/admin/console/config/login"; - public static String wizard_uri = "/kra/admin/console/config/wizard"; - public static String admin_uri = "/ca/admin/ca/getBySerial"; - - public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; - public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; - public static String pkcs12_uri = "/kra/admin/console/config/savepkcs12"; - - public static String cs_hostname = null; - public static String cs_port = null; - - public static String sd_hostname = null; - public static String sd_ssl_port = null; - public static String sd_agent_port = null; - public static String sd_admin_port = null; - public static String sd_admin_name = null; - public static String sd_admin_password = null; - - public static String ca_hostname = null; - public static String ca_port = null; - public static String ca_ssl_port = null; - - public static String client_certdb_dir = null; - public static String client_certdb_pwd = null; - - // Login Panel - public static String pin = null; - - public static String domain_name = null; - - public static String admin_user = null; - public static String admin_email = null; - public static String admin_password = null; - public static String admin_serial_number = null; - public static String agent_name = null; - - public static String ldap_host = null; - public static String ldap_port = null; - public static String bind_dn = null; - public static String bind_password = null; - public static String base_dn = null; - public static String db_name = null; - public static String secure_conn = null; - public static String remove_data = null; - - public static String key_type = null; - public static String key_size = null; - public static String key_curvename = null; - public static String signing_algorithm = null; - - public static String transport_key_type = null; - public static String transport_key_size = null; - public static String transport_key_curvename = null; - public static String transport_signingalgorithm = null; - - public static String storage_key_type = null; - public static String storage_key_size = null; - public static String storage_key_curvename = null; - - public static String subsystem_key_type = null; - public static String subsystem_key_size = null; - public static String subsystem_key_curvename = null; - - public static String audit_signing_key_type = null; - public static String audit_signing_key_size = null; - public static String audit_signing_key_curvename = null; - - public static String sslserver_key_type = null; - public static String sslserver_key_size = null; - public static String sslserver_key_curvename = null; - - public static String token_name = null; - public static String token_pwd = null; - - public static String agent_key_size = null; - public static String agent_key_type = null; - public static String agent_cert_subject = null; - - public static String drm_transport_cert_name = null; - public static String drm_transport_cert_req = null; - public static String drm_transport_cert_pp = null; - public static String drm_transport_cert_cert = null; - - public static String drm_storage_cert_name = null; - public static String drm_storage_cert_req = null; - public static String drm_storage_cert_pp = null; - public static String drm_storage_cert_cert = null; - - public static String server_cert_name = null; - public static String server_cert_req = null; - public static String server_cert_pp = null; - public static String server_cert_cert = null; - - public static String drm_subsystem_cert_name = null; - public static String drm_subsystem_cert_req = null; - public static String drm_subsystem_cert_pp = null; - public static String drm_subsystem_cert_cert = null; - - public static String drm_audit_signing_cert_name = null; - public static String drm_audit_signing_cert_req = null; - public static String drm_audit_signing_cert_pp = null; - public static String drm_audit_signing_cert_cert = null; - - public static String backup_pwd = null; - public static String backup_fname = null; - - // cert subject names - public static String drm_transport_cert_subject_name = null; - public static String drm_subsystem_cert_subject_name = null; - public static String drm_storage_cert_subject_name = null; - public static String drm_server_cert_subject_name = null; - public static String drm_audit_signing_cert_subject_name = null; - - public static String subsystem_name = null; - - // cloning - public static boolean clone = false; - public static String clone_uri = null; - public static String clone_p12_passwd = null; - public static String clone_p12_file = null; - public static String clone_master_port = null; - public static String clone_replica_port = null; - public static String clone_replication_security = null; - - //for correct selection of CA to be cloned - public static String urls; - - public ConfigureDRM() { - // do nothing :) - } - - public void sleep_time() { - try { - System.out.println("Sleeping for 5 secs.."); - Thread.sleep(5000); - } catch (Exception e) { - System.out.println("ERROR: sleep problem"); - } - - } - - public boolean LoginPanel() throws Exception { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "pin=" + pin + "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string); - System.out.println("xml returned: " + hr.getHTML()); - - // parse xml here - nothing to parse - - // get cookie - String temp = hr.getCookieValue("JSESSIONID"); - - if (temp != null) { - int index = temp.indexOf(";"); - HTTPClient.j_session_id = temp.substring(0, index); - st = true; - } - - hr = null; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, "p=0&op=next&xml=true"); - - // parse xml here - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return st; - } - - public boolean TokenChoicePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = null; - - // Software Token - if (token_name.equalsIgnoreCase("internal")) { - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode("Internal Key Storage Token", "UTF-8"); - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } else { - // login to hsm first - query_string = "p=2" + "&op=next" + "&xml=true" + - "&uTokName=" + - URLEncoder.encode(token_name, "UTF-8") + - "&__uPasswd=" + - URLEncoder.encode(token_pwd, "UTF-8"); - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - // choice with token name now - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode(token_name, "UTF-8"); - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } - - return true; - } - - public boolean DomainPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String domain_url = "https://" + sd_hostname + ":" + sd_admin_port; - - String query_string = "sdomainURL=" + - URLEncoder.encode(domain_url, "UTF-8") + - "&choice=existingdomain" + - "&p=3" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - - } - - public boolean DisplayChainPanel() throws Exception { - String query_string = "p=4" + "&op=next" + "&xml=true"; - hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - return true; - - } - - public boolean SecurityDomainLoginPanel() { - try { - HTTPResponse hr = null; - - String kra_url = "https://" + cs_hostname + ":" + cs_port + - "/kra/admin/console/config/wizard" + - "?p=5&subsystem=KRA"; - - String query_string = "url=" + URLEncoder.encode(kra_url, "UTF-8"); - - hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string); - - String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") + - "&url=" + URLEncoder.encode(kra_url, "UTF-8"); - - hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri, - query_string_1); - - // get session id from security domain - - String kra_session_id = hr.getContentValue("header.session_id"); - String kra_url_1 = hr.getContentValue("header.url"); - - System.out.println("KRA_SESSION_ID=" + kra_session_id); - System.out.println("KRA_URL=" + kra_url_1); - - // use session id to connect back to KRA - - String query_string_2 = "p=5" + - "&subsystem=KRA" + - "&session_id=" + kra_session_id + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - query_string_2); - - if (clone) { - // parse urls - urls = hr.getHTML(); - int indx = urls.indexOf(clone_uri); - if (indx < 0) { - throw new Exception("Invalid clone_uri"); - } - urls = urls.substring(urls.lastIndexOf("<option", indx), indx); - urls = urls.split("\"")[1]; - - System.out.println("urls =" + urls); - } - - return true; - } catch (Exception e) { - System.out.println("Exception in SecurityDomainLoginPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean SubsystemPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String query_string = null; - if (!clone) { - query_string = "p=5" + "&op=next" + "&xml=true" - + "&choice=newsubsystem" + "&subsystemName=" - + URLEncoder.encode(subsystem_name, "UTF-8"); - } else { - query_string = "p=5" + "&op=next" + "&xml=true" - + "&choice=clonesubsystem" + "&subsystemName=" - + URLEncoder.encode(subsystem_name, "UTF-8") - + "&urls=" + urls; - } - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean RestoreKeyCertPanel() { - try { - ByteArrayInputStream bais = null; - HTTPResponse hr = null; - ParseXML px = new ParseXML(); - - String query_string = "p=6" + "&op=next" + "&xml=true" - + "&__password=" + URLEncoder.encode(clone_p12_passwd, "UTF-8") - + "&path=" + URLEncoder.encode(clone_p12_file, "UTF-8") + ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - return true; - } catch (Exception e) { - System.out.println("Exception in RestoreKeyCertPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean LdapConnectionPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=7" + "&op=next" + "&xml=true" + - "&host=" + URLEncoder.encode(ldap_host, "UTF-8") + - "&port=" + URLEncoder.encode(ldap_port, "UTF-8") + - "&binddn=" + URLEncoder.encode(bind_dn, "UTF-8") + - "&__bindpwd=" + URLEncoder.encode(bind_password, "UTF-8") + - "&basedn=" + URLEncoder.encode(base_dn, "UTF-8") + - "&database=" + URLEncoder.encode(db_name, "UTF-8") + - "&display=" + URLEncoder.encode("$displayStr", "UTF-8") + - (secure_conn.equals("true") ? "&secureConn=on" : "") + - "&masterReplicationPort=" + URLEncoder.encode(clone_master_port, "UTF-8") + - "&cloneReplicationPort=" + URLEncoder.encode(clone_replica_port, "UTF-8") + - "&replicationSecurity=" + URLEncoder.encode(clone_replication_security, "UTF-8") + - (remove_data.equals("true") ? "&removeData=true" : ""); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean KeyPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList<String> al = null; - - String query_string = null; - - if (!clone) { - query_string = "p=8" + "&op=next" + "&xml=true" + - "&transport_custom_size=" + transport_key_size + - "&storage_custom_size=" + storage_key_size + - "&subsystem_custom_size=" + subsystem_key_size + - "&sslserver_custom_size=" + sslserver_key_size + - "&audit_signing_custom_size=" + key_size + - "&custom_size=" + key_size + - "&transport_custom_curvename=" + transport_key_curvename + - "&storage_custom_curvename=" + storage_key_curvename + - "&subsystem_custom_curvename=" + subsystem_key_curvename + - "&sslserver_custom_curvename=" + sslserver_key_curvename + - "&audit_signing_custom_curvename=" + audit_signing_key_curvename + - "&custom_curvename=" + key_curvename + - "&transport_keytype=" + transport_key_type + - "&storage_keytype=" + storage_key_type + - "&subsystem_keytype=" + subsystem_key_type + - "&sslserver_keytype=" + sslserver_key_type + - "&audit_signing_keytype=" + audit_signing_key_type + - "&keytype=" + key_type + - "&transport_choice=custom" + - "&storage_choice=custom" + - "&subsystem_choice=custom" + - "&sslserver_choice=custom" + - "&choice=custom" + - "&audit_signing_choice=custom" + - "&signingalgorithm=" + signing_algorithm + - "&transport_signingalgorithm=" + transport_signingalgorithm; - - } else { - query_string = "p=8" + "&op=next" + "&xml=true" + - "&sslserver_custom_size=" + sslserver_key_size + - "&sslserver_keytype=" + sslserver_key_type + - "&sslserver_choice=custom" + - "&custom_size=" + key_size + - "&keytype=" + key_type + - "&choice=custom"; - } - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - al = px.constructValueList("CertReqPair", "DN"); - // get ca cert subject name - if (al != null) { - for (int i = 0; i < al.size(); i++) { - String temp = al.get(i); - if (temp.indexOf("DRM Transport") > 0) { - drm_transport_cert_name = temp; - } else if (temp.indexOf("DRM Storage") > 0) { - drm_storage_cert_name = temp; - } else if (temp.indexOf("DRM Subsystem") > 0) { - drm_subsystem_cert_name = temp; - } else if (temp.indexOf("DRM Audit Signing Certificate") > 0) { - drm_audit_signing_cert_name = temp; - } else { - server_cert_name = temp; - } - } - } - - System.out.println("default: drm_transport_cert_name=" + - drm_transport_cert_name); - System.out.println("default: drm_storage_cert_name=" + - drm_storage_cert_name); - System.out.println("default: drm_subsystem_cert_name=" + - drm_subsystem_cert_name); - System.out.println("default: drm_audit_signing_cert_name=" + - drm_audit_signing_cert_name); - - System.out.println("default: server_cert_name=" + - server_cert_name); - return true; - } - - public boolean CertSubjectPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList<String> req_list = null; - ArrayList<String> cert_list = null; - ArrayList<String> dn_list = null; - String query_string = null; - - String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port; - - if (!clone) { - query_string = "p=9" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(drm_subsystem_cert_subject_name, "UTF-8") + - "&transport=" + - URLEncoder.encode(drm_transport_cert_subject_name, "UTF-8") + - "&storage=" + - URLEncoder.encode(drm_storage_cert_subject_name, "UTF-8") + - "&sslserver=" + - URLEncoder.encode(drm_server_cert_subject_name, "UTF-8") + - "&audit_signing=" + - URLEncoder.encode(drm_audit_signing_cert_subject_name, "UTF-8") + - "&urls=" + - URLEncoder.encode(domain_url, "UTF-8"); - } else { - query_string = "p=9" + "&op=next" + "&xml=true" + - "&sslserver=" + - URLEncoder.encode(drm_server_cert_subject_name, "UTF-8") + - "&urls=" + - URLEncoder.encode(domain_url, "UTF-8"); - } - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - req_list = px.constructValueList("CertReqPair", "Request"); - cert_list = px.constructValueList("CertReqPair", "Certificate"); - dn_list = px.constructValueList("CertReqPair", "Nickname"); - - if (req_list != null && cert_list != null && dn_list != null) { - for (int i = 0; i < dn_list.size(); i++) { - String temp = dn_list.get(i); - - if (temp.indexOf("transportCert") >= 0) { - drm_transport_cert_req = req_list.get(i); - drm_transport_cert_cert = cert_list.get(i); - } else if (temp.indexOf("storageCert") >= 0) { - drm_storage_cert_req = req_list.get(i); - drm_storage_cert_cert = cert_list.get(i); - } else if (temp.indexOf("subsystemCert") >= 0) { - drm_subsystem_cert_req = req_list.get(i); - drm_subsystem_cert_cert = cert_list.get(i); - } else if (temp.indexOf("auditSigningCert") >= 0) { - drm_audit_signing_cert_req = req_list.get(i); - drm_audit_signing_cert_cert = cert_list.get(i); - } else { - server_cert_req = req_list.get(i); - server_cert_cert = cert_list.get(i); - } - } - } - - return true; - } - - public boolean CertificatePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=10" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(drm_subsystem_cert_cert, "UTF-8") + - "&subsystem_cc=" + - "&transport=" + - URLEncoder.encode(drm_transport_cert_cert, "UTF-8") + - "&transport_cc=" + - "&storage=" + - URLEncoder.encode(drm_storage_cert_cert, "UTF-8") + - "&storage_cc=" + - "&sslserver=" + - URLEncoder.encode(server_cert_cert, "UTF-8") + - "&sslserver_cc=" + - "&audit_signing=" + - URLEncoder.encode(drm_audit_signing_cert_cert, "UTF-8") + - "&audit_signing_cc="; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean BackupPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=11" + "&op=next" + "&xml=true" + - "&choice=backupkey" + - "&__pwd=" + URLEncoder.encode(backup_pwd, "UTF-8") + - "&__pwdagain=" + URLEncoder.encode(backup_pwd, "UTF-8"); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean SavePKCS12Panel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = ""; - - hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string); - - // dump hr.getResponseData() to file - - try { - FileOutputStream fos = null; - try { - fos = new FileOutputStream(backup_fname); - fos.write(hr.getResponseData()); - } finally { - if (fos != null) { - fos.close(); - } - } - // set file to permissions 600 - String rtParams[] = { "chmod", "600", backup_fname }; - Process proc = Runtime.getRuntime().exec(rtParams); - BufferedReader br = null; - try { - br = new BufferedReader(new InputStreamReader(proc.getErrorStream())); - String line = null; - while ((line = br.readLine()) != null) - System.out.println("Error: " + line); - } finally { - if (br != null) { - br.close(); - } - } - proc.waitFor(); - - // verify p12 file - - // Decode the P12 file - FileInputStream fis = null; - PFX pfx = null; - try { - fis = new FileInputStream(backup_fname); - PFX.Template pfxt = new PFX.Template(); - pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048)); - } finally { - if (fis != null) - fis.close(); - } - System.out.println("Decoded PFX"); - - // now peruse it for interesting info - System.out.println("Version: " + pfx.getVersion()); - AuthenticatedSafes authSafes = pfx.getAuthSafes(); - SEQUENCE asSeq = authSafes.getSequence(); - System.out.println("AuthSafes has " + - asSeq.size() + " SafeContents"); - - if (clone) { - query_string = "p=12" + "&op=next" + "&xml=true"; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } - } catch (Exception e) { - System.out.println("ERROR: Exception=" + e.getMessage()); - return false; - } finally { - if (bais != null) { - try { - bais.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - - return true; - } - - public boolean AdminCertReqPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String admin_cert_request = null; - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - agent_cert_subject, - agent_key_size, - agent_key_type); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.setTransportCert(null); - cCrypt.setDualKey(false); - cCrypt.loginDB(); - - String crmf_request = cCrypt.generateCRMFrequest(); - - if (crmf_request == null) { - System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); - return false; - } - - admin_cert_request = crmf_request; - - String query_string = "p=13" + "&op=next" + "&xml=true" + - "&cert_request_type=" + "crmf" + - "&uid=" + admin_user + - "&name=" + admin_user + - "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") + - "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") + - "&profileId=" + "caAdminCert" + - "&email=" + - URLEncoder.encode(admin_email, "UTF-8") + - "&cert_request=" + - URLEncoder.encode(admin_cert_request, "UTF-8") + - "&subject=" + - URLEncoder.encode(agent_cert_subject, "UTF-8") + - "&clone=new" + - "&import=true" + - "&securitydomain=" + - URLEncoder.encode(domain_name, "UTF-8"); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - admin_serial_number = px.getvalue("serialNumber"); - - return true; - } - - public boolean AdminCertImportPanel() throws Exception { - boolean st = false; - HTTPResponse hr = null; - - String query_string = "serialNumber=" + admin_serial_number + - "&importCert=" + "true"; - - hr = hc.sslConnect(sd_hostname, sd_admin_port, admin_uri, query_string); - - // get response data - // String cert_to_import = - // new sun.misc.BASE64Encoder().encode(hr.getResponseData()); - String cert_to_import = - Utils.base64encode(hr.getResponseData()); - System.out.println("Imported Cert=" + cert_to_import); - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - String start = "-----BEGIN CERTIFICATE-----\r\n"; - String end = "\r\n-----END CERTIFICATE-----"; - - st = cCrypt.importCert(start + cert_to_import + end, agent_name); - if (!st) { - System.out.println("ERROR: AdminCertImportPanel() during cert import"); - return false; - } - - System.out.println("SUCCESS: imported admin user cert"); - return true; - } - - public boolean UpdateDomainPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=14" + "&op=next" + "&xml=true" + - "&caHost=" + URLEncoder.encode(sd_hostname, "UTF-8") + - "&caPort=" + URLEncoder.encode(sd_agent_port, "UTF-8"); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean ConfigureDRMInstance() throws Exception { - // 0. login to cert db - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - // instantiate http client - hc = new HTTPClient(); - - // 1. Login panel - boolean log_st = LoginPanel(); - if (!log_st) { - System.out.println("ERROR: ConfigureDRM: LoginPanel() failure"); - return false; - } - - sleep_time(); - // 2. Token Choice Panel - boolean disp_token = TokenChoicePanel(); - if (!disp_token) { - System.out.println("ERROR: ConfigureDRM: TokenChoicePanel() failure"); - return false; - } - - sleep_time(); - // 3. domain panel - boolean dom_st = DomainPanel(); - if (!dom_st) { - System.out.println("ERROR: ConfigureDRM: DomainPanel() failure"); - return false; - } - - sleep_time(); - // 4. display cert chain panel - boolean disp_st = DisplayChainPanel(); - if (!disp_st) { - System.out.println("ERROR: ConfigureDRM: DisplayChainPanel() failure"); - return false; - } - - sleep_time(); - // security domain login panel - boolean disp_sd = SecurityDomainLoginPanel(); - if (!disp_sd) { - System.out.println("ERROR: ConfigureDRM: SecurityDomainLoginPanel() failure"); - return false; - } - - sleep_time(); - // subsystem panel - boolean disp_ss = SubsystemPanel(); - if (!disp_ss) { - System.out.println("ERROR: ConfigureDRM: SubsystemPanel() failure"); - return false; - } - - sleep_time(); - // 6. display restore key cert panel - if (clone) { - boolean restore_st = RestoreKeyCertPanel(); - if (!restore_st) { - System.out.println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure"); - return false; - } - } - - sleep_time(); - // 7. ldap connection panel - boolean disp_ldap = LdapConnectionPanel(); - if (!disp_ldap) { - System.out.println("ERROR: ConfigureDRM: LdapConnectionPanel() failure"); - return false; - } - - sleep_time(); - sleep_time(); - // 9. Key Panel - boolean disp_key = KeyPanel(); - if (!disp_key) { - System.out.println("ERROR: ConfigureDRM: KeyPanel() failure"); - return false; - } - - sleep_time(); - // 10. Cert Subject Panel - boolean disp_csubj = CertSubjectPanel(); - if (!disp_csubj) { - System.out.println("ERROR: ConfigureDRM: CertSubjectPanel() failure"); - return false; - } - - sleep_time(); - // 11. Certificate Panel - boolean disp_cp = CertificatePanel(); - if (!disp_cp) { - System.out.println("ERROR: ConfigureDRM: CertificatePanel() failure"); - return false; - } - - sleep_time(); - // backup panel - boolean disp_back = BackupPanel(); - if (!disp_back) { - System.out.println("ERROR: ConfigureDRM: BackupPanel() failure"); - return false; - } - - sleep_time(); - // save panel - boolean disp_save = SavePKCS12Panel(); - if (!disp_save) { - System.out.println("ERROR: ConfigureDRM: SavePKCS12Panel() failure"); - return false; - } - - if (clone) { - // no other panels required for clone - return true; - } - - sleep_time(); - // 13. Admin Cert Req Panel - boolean disp_adm = AdminCertReqPanel(); - if (!disp_adm) { - System.out.println("ERROR: ConfigureDRM: AdminCertReqPanel() failure"); - return false; - } - - sleep_time(); - // 14. Admin Cert import Panel - boolean disp_im = AdminCertImportPanel(); - if (!disp_im) { - System.out.println("ERROR: ConfigureDRM: AdminCertImportPanel() failure"); - return false; - } - - sleep_time(); - // 15. Update Domain Panel - boolean disp_ud = UpdateDomainPanel(); - if (!disp_ud) { - System.out.println("ERROR: ConfigureDRM: UpdateDomainPanel() failure"); - return false; - } - - sleep_time(); - return true; - } - - private static String set_default(String val, String def) { - if ((val == null) || (val.equals(""))) { - return def; - } else { - return val; - } - } - - public static void main(String args[]) throws Exception { - ConfigureDRM ca = new ConfigureDRM(); - - // set variables - StringHolder x_cs_hostname = new StringHolder(); - StringHolder x_cs_port = new StringHolder(); - - StringHolder x_sd_hostname = new StringHolder(); - StringHolder x_sd_ssl_port = new StringHolder(); - StringHolder x_sd_agent_port = new StringHolder(); - StringHolder x_sd_admin_port = new StringHolder(); - StringHolder x_sd_admin_name = new StringHolder(); - StringHolder x_sd_admin_password = new StringHolder(); - - StringHolder x_ca_hostname = new StringHolder(); - StringHolder x_ca_port = new StringHolder(); - StringHolder x_ca_ssl_port = new StringHolder(); - - StringHolder x_client_certdb_dir = new StringHolder(); - StringHolder x_client_certdb_pwd = new StringHolder(); - StringHolder x_preop_pin = new StringHolder(); - - StringHolder x_domain_name = new StringHolder(); - - StringHolder x_admin_user = new StringHolder(); - StringHolder x_admin_email = new StringHolder(); - StringHolder x_admin_password = new StringHolder(); - - // ldap - StringHolder x_ldap_host = new StringHolder(); - StringHolder x_ldap_port = new StringHolder(); - StringHolder x_bind_dn = new StringHolder(); - StringHolder x_bind_password = new StringHolder(); - StringHolder x_base_dn = new StringHolder(); - StringHolder x_db_name = new StringHolder(); - StringHolder x_secure_conn = new StringHolder(); - StringHolder x_remove_data = new StringHolder(); - - // key properties (defaults) - StringHolder x_key_size = new StringHolder(); - StringHolder x_key_type = new StringHolder(); - StringHolder x_key_curvename = new StringHolder(); - StringHolder x_signing_algorithm = new StringHolder(); - - // key properties (custom - transport) - StringHolder x_transport_key_size = new StringHolder(); - StringHolder x_transport_key_type = new StringHolder(); - StringHolder x_transport_key_curvename = new StringHolder(); - StringHolder x_transport_signingalgorithm = new StringHolder(); - - // key properties (custom - storage) - StringHolder x_storage_key_size = new StringHolder(); - StringHolder x_storage_key_type = new StringHolder(); - StringHolder x_storage_key_curvename = new StringHolder(); - - // key properties (custom - audit_signing) - StringHolder x_audit_signing_key_size = new StringHolder(); - StringHolder x_audit_signing_key_type = new StringHolder(); - StringHolder x_audit_signing_key_curvename = new StringHolder(); - - // key properties (custom - subsystem) - StringHolder x_subsystem_key_size = new StringHolder(); - StringHolder x_subsystem_key_type = new StringHolder(); - StringHolder x_subsystem_key_curvename = new StringHolder(); - - // key properties (custom - sslserver) - StringHolder x_sslserver_key_size = new StringHolder(); - StringHolder x_sslserver_key_type = new StringHolder(); - StringHolder x_sslserver_key_curvename = new StringHolder(); - - StringHolder x_token_name = new StringHolder(); - StringHolder x_token_pwd = new StringHolder(); - - StringHolder x_agent_key_size = new StringHolder(); - StringHolder x_agent_key_type = new StringHolder(); - StringHolder x_agent_cert_subject = new StringHolder(); - - StringHolder x_agent_name = new StringHolder(); - StringHolder x_backup_pwd = new StringHolder(); - StringHolder x_backup_fname = new StringHolder(); - - // drm cert subject name params - StringHolder x_drm_subsystem_cert_subject_name = new StringHolder(); - StringHolder x_drm_server_cert_subject_name = new StringHolder(); - StringHolder x_drm_transport_cert_subject_name = new StringHolder(); - StringHolder x_drm_storage_cert_subject_name = new StringHolder(); - StringHolder x_drm_audit_signing_cert_subject_name = new StringHolder(); - - // subsystemName - StringHolder x_subsystem_name = new StringHolder(); - - //clone parameters - StringHolder x_clone = new StringHolder(); - StringHolder x_clone_uri = new StringHolder(); - StringHolder x_clone_p12_file = new StringHolder(); - StringHolder x_clone_p12_passwd = new StringHolder(); - StringHolder x_clone_master_port = new StringHolder(); - StringHolder x_clone_replica_port = new StringHolder(); - StringHolder x_clone_replication_security = new StringHolder(); - - // parse the args - ArgParser parser = new ArgParser("ConfigureDRM"); - - parser.addOption("-cs_hostname %s #CS Hostname", - x_cs_hostname); - parser.addOption("-cs_port %s #CS SSL Admin port", - x_cs_port); - - parser.addOption("-sd_hostname %s #Security Domain Hostname", - x_sd_hostname); - parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port", - x_sd_ssl_port); - parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port", - x_sd_agent_port); - parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port", - x_sd_admin_port); - parser.addOption("-sd_admin_name %s #Security Domain username", - x_sd_admin_name); - parser.addOption("-sd_admin_password %s #Security Domain password", - x_sd_admin_password); - - parser.addOption("-ca_hostname %s #CA Hostname", - x_ca_hostname); - parser.addOption("-ca_port %s #CA non-SSL EE port", - x_ca_port); - parser.addOption("-ca_ssl_port %s #CA SSL EE port", - x_ca_ssl_port); - - parser.addOption("-client_certdb_dir %s #Client CertDB dir", - x_client_certdb_dir); - parser.addOption("-client_certdb_pwd %s #client certdb password", - x_client_certdb_pwd); - parser.addOption("-preop_pin %s #pre op pin", - x_preop_pin); - parser.addOption("-domain_name %s #domain name", - x_domain_name); - parser.addOption("-admin_user %s #Admin User Name", - x_admin_user); - parser.addOption("-admin_email %s #Admin email", - x_admin_email); - parser.addOption("-admin_password %s #Admin password", - x_admin_password); - parser.addOption("-agent_name %s #Agent Cert Nickname", - x_agent_name); - - parser.addOption("-ldap_host %s #ldap host", - x_ldap_host); - parser.addOption("-ldap_port %s #ldap port", - x_ldap_port); - parser.addOption("-bind_dn %s #ldap bind dn", - x_bind_dn); - parser.addOption("-bind_password %s #ldap bind password", - x_bind_password); - parser.addOption("-base_dn %s #base dn", - x_base_dn); - parser.addOption("-db_name %s #db name", - x_db_name); - parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); - parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", - x_remove_data); - - // key and algorithm options (default) - parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); - parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); - parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); - parser.addOption( - "-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", - x_signing_algorithm); - - // key and algorithm options for transport certificate (overrides default) - parser.addOption("-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_transport_key_type); - parser.addOption("-transport_key_size %s #Key Size (optional, for RSA default is key_size)", - x_transport_key_size); - parser.addOption("-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_transport_key_curvename); - parser.addOption( - "-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)", - x_transport_signingalgorithm); - - // key and algorithm options for storage certificate (overrides default) - parser.addOption("-storage_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_storage_key_type); - parser.addOption("-storage_key_size %s #Key Size (optional, for RSA default is key_size)", x_storage_key_size); - parser.addOption("-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_storage_key_curvename); - - // key and algorithm options for audit_signing certificate (overrides default) - parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_audit_signing_key_type); - parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", - x_audit_signing_key_size); - parser.addOption( - "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_audit_signing_key_curvename); - - // key and algorithm options for subsystem certificate (overrides default) - parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_subsystem_key_type); - parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", - x_subsystem_key_size); - parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_subsystem_key_curvename); - - // key and algorithm options for sslserver certificate (overrides default) - parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_sslserver_key_type); - parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", - x_sslserver_key_size); - parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_sslserver_key_curvename); - - parser.addOption("-token_name %s #HSM/Software Token name", - x_token_name); - parser.addOption("-token_pwd %s #HSM/Software Token password (optional, required for HSM)", - x_token_pwd); - - parser.addOption("-agent_key_size %s #Agent Cert Key Size", - x_agent_key_size); - parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]", - x_agent_key_type); - parser.addOption("-agent_cert_subject %s #Agent Cert Subject ", - x_agent_cert_subject); - - parser.addOption("-backup_pwd %s #PKCS12 password", - x_backup_pwd); - - parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-kra.p12)", - x_backup_fname); - - parser.addOption( - "-drm_transport_cert_subject_name %s #DRM transport cert subject name", - x_drm_transport_cert_subject_name); - parser.addOption( - "-drm_subsystem_cert_subject_name %s #DRM subsystem cert subject name", - x_drm_subsystem_cert_subject_name); - parser.addOption( - "-drm_storage_cert_subject_name %s #DRM storage cert subject name", - x_drm_storage_cert_subject_name); - parser.addOption( - "-drm_server_cert_subject_name %s #DRM server cert subject name", - x_drm_server_cert_subject_name); - - parser.addOption( - "-subsystem_name %s #CA subsystem name", - x_subsystem_name); - - parser.addOption( - "-drm_audit_signing_cert_subject_name %s #DRM audit signing cert subject name", - x_drm_audit_signing_cert_subject_name); - - parser.addOption("-clone %s #Clone of another KRA [true, false] (optional, default false)", x_clone); - parser.addOption( - "-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", - x_clone_uri); - parser.addOption( - "-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)", - x_clone_p12_file); - parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", - x_clone_p12_passwd); - - // replication agreement options - parser.addOption("-clone_master_port %s #Master Port to be used in replication agreement (optional)", - x_clone_master_port); - parser.addOption("-clone_replica_port %s #Replica Port to be used in replication agreement (optional)", - x_clone_replica_port); - parser.addOption("-clone_replication_security %s #Type of security in replication agreement (optional)", - x_clone_replication_security); - - - // and then match the arguments - String[] unmatched = null; - unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED); - - if (unmatched != null) { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - parser.checkRequiredArgs(); - - // set variables - cs_hostname = x_cs_hostname.value; - cs_port = x_cs_port.value; - - sd_hostname = x_sd_hostname.value; - sd_ssl_port = x_sd_ssl_port.value; - sd_agent_port = x_sd_agent_port.value; - sd_admin_port = x_sd_admin_port.value; - sd_admin_name = x_sd_admin_name.value; - sd_admin_password = x_sd_admin_password.value; - - ca_hostname = x_ca_hostname.value; - ca_port = x_ca_port.value; - ca_ssl_port = x_ca_ssl_port.value; - - client_certdb_dir = x_client_certdb_dir.value; - client_certdb_pwd = x_client_certdb_pwd.value; - pin = x_preop_pin.value; - domain_name = x_domain_name.value; - - admin_user = x_admin_user.value; - admin_email = x_admin_email.value; - admin_password = x_admin_password.value; - agent_name = x_agent_name.value; - - ldap_host = x_ldap_host.value; - ldap_port = x_ldap_port.value; - bind_dn = x_bind_dn.value; - bind_password = x_bind_password.value; - base_dn = x_base_dn.value; - db_name = x_db_name.value; - secure_conn = set_default(x_secure_conn.value, "false"); - remove_data = set_default(x_remove_data.value, "false"); - - key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); - transport_key_type = set_default(x_transport_key_type.value, key_type); - storage_key_type = set_default(x_storage_key_type.value, key_type); - audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); - subsystem_key_type = set_default(x_subsystem_key_type.value, key_type); - sslserver_key_type = set_default(x_sslserver_key_type.value, key_type); - - key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE); - transport_key_size = set_default(x_transport_key_size.value, key_size); - storage_key_size = set_default(x_storage_key_size.value, key_size); - audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size); - subsystem_key_size = set_default(x_subsystem_key_size.value, key_size); - sslserver_key_size = set_default(x_sslserver_key_size.value, key_size); - - key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME); - transport_key_curvename = set_default(x_transport_key_curvename.value, key_curvename); - storage_key_curvename = set_default(x_storage_key_curvename.value, key_curvename); - audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename); - subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename); - sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename); - - if (transport_key_type.equalsIgnoreCase("RSA")) { - signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA); - } else { - signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC); - } - - transport_signingalgorithm = set_default(x_transport_signingalgorithm.value, signing_algorithm); - - token_name = x_token_name.value; - token_pwd = x_token_pwd.value; - - agent_key_size = x_agent_key_size.value; - agent_key_type = x_agent_key_type.value; - agent_cert_subject = x_agent_cert_subject.value; - - backup_pwd = x_backup_pwd.value; - backup_fname = set_default(x_backup_fname.value, "/root/tmp-kra.p12"); - - drm_transport_cert_subject_name = - x_drm_transport_cert_subject_name.value; - drm_subsystem_cert_subject_name = - x_drm_subsystem_cert_subject_name.value; - drm_storage_cert_subject_name = x_drm_storage_cert_subject_name.value; - drm_server_cert_subject_name = x_drm_server_cert_subject_name.value; - drm_audit_signing_cert_subject_name = x_drm_audit_signing_cert_subject_name.value; - - subsystem_name = x_subsystem_name.value; - - if ((x_clone.value != null) && (x_clone.value.equalsIgnoreCase("true"))) { - clone = true; - } else { - clone = false; - } - clone_uri = x_clone_uri.value; - clone_p12_file = x_clone_p12_file.value; - clone_p12_passwd = x_clone_p12_passwd.value; - clone_master_port = set_default(x_clone_master_port.value, ""); - clone_replica_port = set_default(x_clone_replica_port.value, ""); - clone_replication_security = set_default(x_clone_replication_security.value, "None"); - - boolean st = ca.ConfigureDRMInstance(); - - if (!st) { - System.out.println("ERROR: unable to create DRM"); - System.exit(-1); - } - - System.out.println("Certificate System - DRM Instance Configured"); - System.exit(0); - } - -}; diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java b/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java deleted file mode 100644 index 51ba65016..000000000 --- a/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java +++ /dev/null @@ -1,1196 +0,0 @@ -package com.netscape.pkisilent; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedInputStream; -import java.io.BufferedReader; -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.InputStreamReader; -import java.net.URLEncoder; -import java.util.ArrayList; - -import org.mozilla.jss.asn1.SEQUENCE; -import org.mozilla.jss.pkcs12.AuthenticatedSafes; -import org.mozilla.jss.pkcs12.PFX; - -import com.netscape.cmsutil.util.Utils; -import com.netscape.pkisilent.argparser.ArgParser; -import com.netscape.pkisilent.argparser.StringHolder; -import com.netscape.pkisilent.common.ComCrypto; -import com.netscape.pkisilent.common.ParseXML; -import com.netscape.pkisilent.http.HTTPClient; -import com.netscape.pkisilent.http.HTTPResponse; - -public class ConfigureOCSP { - public static final String DEFAULT_KEY_TYPE = "RSA"; - public static final String DEFAULT_KEY_SIZE = "2048"; - public static final String DEFAULT_KEY_CURVENAME = "nistp256"; - public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA"; - public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC"; - - // define global variables - - public static HTTPClient hc = null; - - public static String login_uri = "/ocsp/admin/console/config/login"; - public static String wizard_uri = "/ocsp/admin/console/config/wizard"; - public static String admin_uri = "/ca/admin/ca/getBySerial"; - - public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; - public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; - public static String pkcs12_uri = "/ocsp/admin/console/config/savepkcs12"; - - public static String cs_hostname = null; - public static String cs_port = null; - - public static String sd_hostname = null; - public static String sd_ssl_port = null; - public static String sd_agent_port = null; - public static String sd_admin_port = null; - public static String sd_admin_name = null; - public static String sd_admin_password = null; - - public static String ca_hostname = null; - public static String ca_port = null; - public static String ca_ssl_port = null; - - public static String client_certdb_dir = null; - public static String client_certdb_pwd = null; - - // Login Panel - public static String pin = null; - - public static String domain_name = null; - - public static String admin_user = null; - public static String admin_email = null; - public static String admin_password = null; - public static String admin_serial_number = null; - public static String agent_name = null; - - public static String ldap_host = null; - public static String ldap_port = null; - public static String bind_dn = null; - public static String bind_password = null; - public static String base_dn = null; - public static String db_name = null; - public static String secure_conn = null; - public static String remove_data = null; - - public static String key_type = null; - public static String key_size = null; - public static String key_curvename = null; - public static String signing_algorithm = null; - - public static String signing_key_type = null; - public static String signing_key_size = null; - public static String signing_key_curvename = null; - public static String signing_signingalgorithm = null; - - public static String subsystem_key_type = null; - public static String subsystem_key_size = null; - public static String subsystem_key_curvename = null; - - public static String audit_signing_key_type = null; - public static String audit_signing_key_size = null; - public static String audit_signing_key_curvename = null; - - public static String sslserver_key_type = null; - public static String sslserver_key_size = null; - public static String sslserver_key_curvename = null; - - public static String token_name = null; - public static String token_pwd = null; - - public static String agent_key_size = null; - public static String agent_key_type = null; - public static String agent_cert_subject = null; - - public static String ocsp_signing_cert_name = null; - public static String ocsp_signing_cert_req = null; - public static String ocsp_signing_cert_pp = null; - public static String ocsp_signing_cert_cert = null; - - public static String server_cert_name = null; - public static String server_cert_req = null; - public static String server_cert_pp = null; - public static String server_cert_cert = null; - - public static String ocsp_subsystem_cert_name = null; - public static String ocsp_subsystem_cert_req = null; - public static String ocsp_subsystem_cert_pp = null; - public static String ocsp_subsystem_cert_cert = null; - - public static String ocsp_audit_signing_cert_name = null; - public static String ocsp_audit_signing_cert_req = null; - public static String ocsp_audit_signing_cert_pp = null; - public static String ocsp_audit_signing_cert_cert = null; - - public static String backup_pwd = null; - public static String backup_fname = null; - - // cert subject names - public static String ocsp_sign_cert_subject_name = null; - public static String ocsp_subsystem_cert_subject_name = null; - public static String ocsp_server_cert_subject_name = null; - public static String ocsp_audit_signing_cert_subject_name = null; - - public static String subsystem_name = null; - - public ConfigureOCSP() { - // do nothing :) - } - - public void sleep_time() { - try { - System.out.println("Sleeping for 5 secs.."); - Thread.sleep(5000); - } catch (Exception e) { - System.out.println("ERROR: sleep problem"); - } - - } - - public boolean LoginPanel() throws Exception { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "pin=" + pin + "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string); - System.out.println("xml returned: " + hr.getHTML()); - - // parse xml here - nothing to parse - - // get cookie - String temp = hr.getCookieValue("JSESSIONID"); - - if (temp != null) { - int index = temp.indexOf(";"); - HTTPClient.j_session_id = temp.substring(0, index); - st = true; - } - - hr = null; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - "p=0&op=next&xml=true"); - - // parse xml here - - bais = new ByteArrayInputStream( - hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return st; - } - - public boolean TokenChoicePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = null; - - // Software Token - if (token_name.equalsIgnoreCase("internal")) { - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + URLEncoder.encode("Internal Key Storage Token", "UTF-8"); - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } - // HSM - else { - // login to hsm first - query_string = "p=2" + "&op=next" + "&xml=true" + - "&uTokName=" + - URLEncoder.encode(token_name, "UTF-8") + - "&__uPasswd=" + - URLEncoder.encode(token_pwd, "UTF-8"); - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - // choice with token name now - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode(token_name, "UTF-8"); - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - } - return true; - } - - public boolean DomainPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String domain_url = "https://" + sd_hostname + ":" + sd_admin_port; - - String query_string = "sdomainURL=" + - URLEncoder.encode(domain_url, "UTF-8") + - "&choice=existingdomain" + - "&p=3" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - - } - - public boolean DisplayChainPanel() throws Exception { - String query_string = null; - - query_string = "p=4" + "&op=next" + "&xml=true"; - hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - // px.parse(bais); - // px.prettyprintxml(); - - return true; - - } - - public boolean SecurityDomainLoginPanel() throws Exception { - HTTPResponse hr = null; - - String ocsp_url = "https://" + cs_hostname + ":" + cs_port + - "/ocsp/admin/console/config/wizard" + - "?p=5&subsystem=OCSP"; - - String query_string = "url=" + URLEncoder.encode(ocsp_url, "UTF-8"); - - hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string); - - String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") + - "&url=" + URLEncoder.encode(ocsp_url, "UTF-8"); - - hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri, - query_string_1); - - // get session id from security domain - - String ocsp_session_id = hr.getContentValue("header.session_id"); - String ocsp_url_1 = hr.getContentValue("header.url"); - - System.out.println("OCSP_SESSION_ID=" + ocsp_session_id); - System.out.println("OCSP_URL=" + ocsp_url_1); - - // use session id to connect back to OCSP - - String query_string_2 = "p=5" + - "&subsystem=OCSP" + - "&session_id=" + ocsp_session_id + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - query_string_2); - - return true; - - } - - public boolean SubsystemPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=5" + "&op=next" + "&xml=true" + - "&subsystemName=" + - URLEncoder.encode(subsystem_name, "UTF-8") + - "&choice=newsubsystem"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean LdapConnectionPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=7" + "&op=next" + "&xml=true" + - "&host=" + URLEncoder.encode(ldap_host, "UTF-8") + - "&port=" + URLEncoder.encode(ldap_port, "UTF-8") + - "&binddn=" + URLEncoder.encode(bind_dn, "UTF-8") + - "&__bindpwd=" + URLEncoder.encode(bind_password, "UTF-8") + - "&basedn=" + URLEncoder.encode(base_dn, "UTF-8") + - "&database=" + URLEncoder.encode(db_name, "UTF-8") + - "&display=" + URLEncoder.encode("$displayStr", "UTF-8") + - (secure_conn.equals("true") ? "&secureConn=on" : "") + - (remove_data.equals("true") ? "&removeData=true" : ""); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean KeyPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList<String> al = null; - - String query_string = "p=8" + "&op=next" + "&xml=true" + - "&signing_custom_size=" + signing_key_size + - "&subsystem_custom_size=" + subsystem_key_size + - "&sslserver_custom_size=" + sslserver_key_size + - "&audit_signing_custom_size=" + audit_signing_key_size + - "&custom_size=" + key_size + - "&signing_custom_curvename=" + signing_key_curvename + - "&subsystem_custom_curvename=" + subsystem_key_curvename + - "&sslserver_custom_curvename=" + sslserver_key_curvename + - "&audit_signing_custom_curvename=" + audit_signing_key_curvename + - "&custom_curvename=" + key_curvename + - "&signing_keytype=" + signing_key_type + - "&subsystem_keytype=" + subsystem_key_type + - "&sslserver_keytype=" + sslserver_key_type + - "&audit_signing_keytype=" + audit_signing_key_type + - "&keytype=" + key_type + - "&signing_choice=custom" + - "&subsystem_choice=custom" + - "&sslserver_choice=custom" + - "&audit_signing_choice=custom" + - "&signingalgorithm=" + signing_algorithm + - "&signing_signingalgorithm=" + signing_signingalgorithm + - "&choice=custom"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - al = px.constructValueList("CertReqPair", "DN"); - // get ca cert subject name - if (al != null) { - for (int i = 0; i < al.size(); i++) { - String temp = al.get(i); - if (temp.indexOf("OCSP Signing") > 0) { - ocsp_signing_cert_name = temp; - } else if (temp.indexOf("OCSP Subsystem") > 0) { - ocsp_subsystem_cert_name = temp; - } else if (temp.indexOf("Audit Signing Certificate") > 0) { - ocsp_audit_signing_cert_name = temp; - } else { - server_cert_name = temp; - } - } - } - - System.out.println("default: ocsp_signing_cert_name=" + ocsp_signing_cert_name); - System.out.println("default: ocsp_subsystem_cert_name=" + ocsp_subsystem_cert_name); - System.out.println("default: server_cert_name=" + server_cert_name); - System.out.println("default: oscp_audit_signing_cert_name=" + ocsp_audit_signing_cert_name); - - return true; - } - - public boolean CertSubjectPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList<String> req_list = null; - ArrayList<String> cert_list = null; - ArrayList<String> dn_list = null; - - String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port; - - String query_string = "p=9" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(ocsp_subsystem_cert_subject_name, "UTF-8") + - "&signing=" + - URLEncoder.encode(ocsp_sign_cert_subject_name, "UTF-8") + - "&sslserver=" + - URLEncoder.encode(ocsp_server_cert_subject_name, "UTF-8") + - "&audit_signing=" + - URLEncoder.encode(ocsp_audit_signing_cert_subject_name, "UTF-8") + - "&urls=" + - URLEncoder.encode(domain_url, "UTF-8") + - ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - req_list = px.constructValueList("CertReqPair", "Request"); - cert_list = px.constructValueList("CertReqPair", "Certificate"); - dn_list = px.constructValueList("CertReqPair", "Nickname"); - - if (req_list != null && cert_list != null && dn_list != null) { - for (int i = 0; i < dn_list.size(); i++) { - String temp = dn_list.get(i); - - if (temp.indexOf("ocspSigningCert") >= 0) { - ocsp_signing_cert_req = req_list.get(i); - ocsp_signing_cert_cert = cert_list.get(i); - } else if (temp.indexOf("subsystemCert") >= 0) { - ocsp_subsystem_cert_req = req_list.get(i); - ocsp_subsystem_cert_cert = cert_list.get(i); - } else if (temp.indexOf("auditSigningCert") >= 0) { - ocsp_audit_signing_cert_req = req_list.get(i); - ocsp_audit_signing_cert_cert = cert_list.get(i); - } else { - server_cert_req = req_list.get(i); - server_cert_cert = cert_list.get(i); - } - } - } - - return true; - } - - public boolean CertificatePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=10" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(ocsp_subsystem_cert_cert, "UTF-8") + - "&subsystem_cc=" + - "&signing=" + - URLEncoder.encode(ocsp_signing_cert_cert, "UTF-8") + - "&signing_cc=" + - "&sslserver=" + - URLEncoder.encode(server_cert_cert, "UTF-8") + - "&sslserver_cc=" + - "&audit_signing=" + - URLEncoder.encode(ocsp_audit_signing_cert_cert, "UTF-8") + - "&audit_signing_cc="; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - - System.out.println("html returned=" + hr.getHTML()); - - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean BackupPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=11" + "&op=next" + "&xml=true" + - "&choice=backupkey" + - "&__pwd=" + URLEncoder.encode(backup_pwd, "UTF-8") + - "&__pwdagain=" + URLEncoder.encode(backup_pwd, "UTF-8"); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean SavePKCS12Panel() throws Exception { - HTTPResponse hr = null; - - String query_string = ""; - - hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string); - - // dump hr.getResponseData() to file - try { - FileOutputStream fos = null; - try { - fos = new FileOutputStream(backup_fname); - fos.write(hr.getResponseData()); - } finally { - if (fos != null) - fos.close(); - } - - // set file to permissions 600 - String rtParams[] = { "chmod", "600", backup_fname }; - Process proc = Runtime.getRuntime().exec(rtParams); - BufferedReader br = null; - try { - br = new BufferedReader(new InputStreamReader(proc.getErrorStream())); - String line = null; - while ((line = br.readLine()) != null) - System.out.println("Error: " + line); - } finally { - if (br != null) - br.close(); - } - proc.waitFor(); - - // verify p12 file - - // Decode the P12 file - FileInputStream fis = null; - PFX pfx = null; - try { - fis = new FileInputStream(backup_fname); - PFX.Template pfxt = new PFX.Template(); - pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048)); - } finally { - if (fis != null) - fis.close(); - } - System.out.println("Decoded PFX"); - - // now peruse it for interesting info - System.out.println("Version: " + pfx.getVersion()); - AuthenticatedSafes authSafes = pfx.getAuthSafes(); - SEQUENCE asSeq = authSafes.getSequence(); - System.out.println("AuthSafes has " + - asSeq.size() + " SafeContents"); - - fis.close(); - } catch (Exception e) { - System.out.println("ERROR: Exception=" + e.getMessage()); - return false; - } - - return true; - } - - public boolean AdminCertReqPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String admin_cert_request = null; - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - agent_cert_subject, - agent_key_size, - agent_key_type); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.setTransportCert(null); - cCrypt.setDualKey(false); - cCrypt.loginDB(); - - String crmf_request = cCrypt.generateCRMFrequest(); - - if (crmf_request == null) { - System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); - return false; - } - - admin_cert_request = crmf_request; - - String query_string = "p=13" + "&op=next" + "&xml=true" + - "&cert_request_type=" + "crmf" + - "&uid=" + admin_user + - "&name=" + admin_user + - "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") + - "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") + - "&profileId=" + "caAdminCert" + - "&email=" + - URLEncoder.encode(admin_email, "UTF-8") + - "&cert_request=" + - URLEncoder.encode(admin_cert_request, "UTF-8") + - "&subject=" + - URLEncoder.encode(agent_cert_subject, "UTF-8") + - "&clone=new" + - "&import=true" + - "&securitydomain=" + - URLEncoder.encode(domain_name, "UTF-8"); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - admin_serial_number = px.getvalue("serialNumber"); - - return true; - } - - public boolean AdminCertImportPanel() throws Exception { - boolean st = false; - HTTPResponse hr = null; - - String query_string = "serialNumber=" + admin_serial_number + - "&importCert=" + "true" + - ""; - - hr = hc.sslConnect(sd_hostname, sd_admin_port, admin_uri, query_string); - - // get response data - // String cert_to_import = - // new sun.misc.BASE64Encoder().encode(hr.getResponseData()); - String cert_to_import = - Utils.base64encode(hr.getResponseData()); - System.out.println("Imported Cert=" + cert_to_import); - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - String start = "-----BEGIN CERTIFICATE-----\r\n"; - String end = "\r\n-----END CERTIFICATE-----"; - - st = cCrypt.importCert(start + cert_to_import + end, agent_name); - if (!st) { - System.out.println("ERROR: AdminCertImportPanel() during cert import"); - return false; - } - - System.out.println("SUCCESS: imported admin user cert"); - return true; - } - - public boolean UpdateDomainPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=14" + "&op=next" + "&xml=true" + - "&caHost=" + URLEncoder.encode(sd_hostname, "UTF-8") + - "&caPort=" + URLEncoder.encode(sd_agent_port, "UTF-8"); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean ConfigureOCSPInstance() throws Exception { - // 0. login to cert db - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - // instantiate http client - hc = new HTTPClient(); - - // 1. Login panel - boolean log_st = LoginPanel(); - if (!log_st) { - System.out.println("ERROR: ConfigureOCSP: LoginPanel() failure"); - return false; - } - - sleep_time(); - // 2. Token Choice Panel - boolean disp_token = TokenChoicePanel(); - if (!disp_token) { - System.out.println("ERROR: ConfigureOCSP: TokenChoicePanel() failure"); - return false; - } - - sleep_time(); - // 3. domain panel - boolean dom_st = DomainPanel(); - if (!dom_st) { - System.out.println("ERROR: ConfigureOCSP: DomainPanel() failure"); - return false; - } - - sleep_time(); - // 4. display cert chain panel - boolean disp_st = DisplayChainPanel(); - if (!disp_st) { - System.out.println("ERROR: ConfigureOCSP: DisplayChainPanel() failure"); - return false; - } - - sleep_time(); - // security domain login panel - boolean disp_sd = SecurityDomainLoginPanel(); - if (!disp_sd) { - System.out.println("ERROR: ConfigureOCSP: SecurityDomainLoginPanel() failure"); - return false; - } - - sleep_time(); - // subsystem panel - boolean disp_ss = SubsystemPanel(); - if (!disp_ss) { - System.out.println("ERROR: ConfigureOCSP: SubsystemPanel() failure"); - return false; - } - - sleep_time(); - // 7. ldap connection panel - boolean disp_ldap = LdapConnectionPanel(); - if (!disp_ldap) { - System.out.println("ERROR: ConfigureOCSP: LdapConnectionPanel() failure"); - return false; - } - - sleep_time(); - sleep_time(); - // 9. Key Panel - boolean disp_key = KeyPanel(); - if (!disp_key) { - System.out.println("ERROR: ConfigureOCSP: KeyPanel() failure"); - return false; - } - - sleep_time(); - // 10. Cert Subject Panel - boolean disp_csubj = CertSubjectPanel(); - if (!disp_csubj) { - System.out.println("ERROR: ConfigureOCSP: CertSubjectPanel() failure"); - return false; - } - - sleep_time(); - // 11. Certificate Panel - boolean disp_cp = CertificatePanel(); - if (!disp_cp) { - System.out.println("ERROR: ConfigureOCSP: CertificatePanel() failure"); - return false; - } - - sleep_time(); - // backup panel - boolean disp_back = BackupPanel(); - if (!disp_back) { - System.out.println("ERROR: ConfigureOCSP: BackupPanel() failure"); - return false; - } - - sleep_time(); - // save panel - boolean disp_save = SavePKCS12Panel(); - if (!disp_save) { - System.out.println("ERROR: ConfigureOCSP: SavePKCS12Panel() failure"); - return false; - } - - sleep_time(); - // 13. Admin Cert Req Panel - boolean disp_adm = AdminCertReqPanel(); - if (!disp_adm) { - System.out.println("ERROR: ConfigureOCSP: AdminCertReqPanel() failure"); - return false; - } - - sleep_time(); - // 14. Admin Cert import Panel - boolean disp_im = AdminCertImportPanel(); - if (!disp_im) { - System.out.println("ERROR: ConfigureOCSP: AdminCertImportPanel() failure"); - return false; - } - - sleep_time(); - // 15. Update Domain Panel - boolean disp_ud = UpdateDomainPanel(); - if (!disp_ud) { - System.out.println("ERROR: ConfigureOCSP: UpdateDomainPanel() failure"); - return false; - } - - sleep_time(); - return true; - } - - private static String set_default(String val, String def) { - if ((val == null) || (val.equals(""))) { - return def; - } else { - return val; - } - } - - public static void main(String args[]) throws Exception { - ConfigureOCSP ca = new ConfigureOCSP(); - - // set variables - StringHolder x_cs_hostname = new StringHolder(); - StringHolder x_cs_port = new StringHolder(); - - StringHolder x_sd_hostname = new StringHolder(); - StringHolder x_sd_ssl_port = new StringHolder(); - StringHolder x_sd_agent_port = new StringHolder(); - StringHolder x_sd_admin_port = new StringHolder(); - StringHolder x_sd_admin_name = new StringHolder(); - StringHolder x_sd_admin_password = new StringHolder(); - - StringHolder x_ca_hostname = new StringHolder(); - StringHolder x_ca_port = new StringHolder(); - StringHolder x_ca_ssl_port = new StringHolder(); - - StringHolder x_client_certdb_dir = new StringHolder(); - StringHolder x_client_certdb_pwd = new StringHolder(); - StringHolder x_preop_pin = new StringHolder(); - - StringHolder x_domain_name = new StringHolder(); - - StringHolder x_admin_user = new StringHolder(); - StringHolder x_admin_email = new StringHolder(); - StringHolder x_admin_password = new StringHolder(); - - // ldap - StringHolder x_ldap_host = new StringHolder(); - StringHolder x_ldap_port = new StringHolder(); - StringHolder x_bind_dn = new StringHolder(); - StringHolder x_bind_password = new StringHolder(); - StringHolder x_base_dn = new StringHolder(); - StringHolder x_db_name = new StringHolder(); - StringHolder x_secure_conn = new StringHolder(); - StringHolder x_remove_data = new StringHolder(); - - // key properties (defaults) - StringHolder x_key_size = new StringHolder(); - StringHolder x_key_type = new StringHolder(); - StringHolder x_key_curvename = new StringHolder(); - StringHolder x_signing_algorithm = new StringHolder(); - - // key properties (custom - signing) - StringHolder x_signing_key_size = new StringHolder(); - StringHolder x_signing_key_type = new StringHolder(); - StringHolder x_signing_key_curvename = new StringHolder(); - StringHolder x_signing_signingalgorithm = new StringHolder(); - - // key properties (custom - audit_signing) - StringHolder x_audit_signing_key_size = new StringHolder(); - StringHolder x_audit_signing_key_type = new StringHolder(); - StringHolder x_audit_signing_key_curvename = new StringHolder(); - - // key properties (custom - subsystem) - StringHolder x_subsystem_key_size = new StringHolder(); - StringHolder x_subsystem_key_type = new StringHolder(); - StringHolder x_subsystem_key_curvename = new StringHolder(); - - // key properties (custom - sslserver) - StringHolder x_sslserver_key_size = new StringHolder(); - StringHolder x_sslserver_key_type = new StringHolder(); - StringHolder x_sslserver_key_curvename = new StringHolder(); - - StringHolder x_token_name = new StringHolder(); - StringHolder x_token_pwd = new StringHolder(); - - StringHolder x_agent_key_size = new StringHolder(); - StringHolder x_agent_key_type = new StringHolder(); - StringHolder x_agent_cert_subject = new StringHolder(); - - StringHolder x_agent_name = new StringHolder(); - StringHolder x_backup_pwd = new StringHolder(); - StringHolder x_backup_fname = new StringHolder(); - - // ca cert subject name params - StringHolder x_ocsp_sign_cert_subject_name = new StringHolder(); - StringHolder x_ocsp_subsystem_cert_subject_name = new StringHolder(); - StringHolder x_ocsp_server_cert_subject_name = new StringHolder(); - StringHolder x_ocsp_audit_signing_cert_subject_name = new StringHolder(); - - // subsystemName - StringHolder x_subsystem_name = new StringHolder(); - - // parse the args - ArgParser parser = new ArgParser("ConfigureOCSP"); - - parser.addOption("-cs_hostname %s #CS Hostname", - x_cs_hostname); - parser.addOption("-cs_port %s #CS SSL Admin port", - x_cs_port); - - parser.addOption("-sd_hostname %s #Security Domain Hostname", - x_sd_hostname); - parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port", - x_sd_ssl_port); - parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port", - x_sd_agent_port); - parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port", - x_sd_admin_port); - parser.addOption("-sd_admin_name %s #Security Domain Admin Name", - x_sd_admin_name); - parser.addOption("-sd_admin_password %s #Security Domain Admin password", - x_sd_admin_password); - - parser.addOption("-ca_hostname %s #CA Hostname", - x_ca_hostname); - parser.addOption("-ca_port %s #CA non-SSL EE port", - x_ca_port); - parser.addOption("-ca_ssl_port %s #CA SSL EE port", - x_ca_ssl_port); - - parser.addOption("-client_certdb_dir %s #Client CertDB dir", - x_client_certdb_dir); - parser.addOption("-client_certdb_pwd %s #client certdb password", - x_client_certdb_pwd); - parser.addOption("-preop_pin %s #pre op pin", - x_preop_pin); - parser.addOption("-domain_name %s #domain name", - x_domain_name); - parser.addOption("-admin_user %s #Admin User Name", - x_admin_user); - parser.addOption("-admin_email %s #Admin email", - x_admin_email); - parser.addOption("-admin_password %s #Admin password", - x_admin_password); - parser.addOption("-agent_name %s #Agent Cert Nickname", - x_agent_name); - - parser.addOption("-ldap_host %s #ldap host", - x_ldap_host); - parser.addOption("-ldap_port %s #ldap port", - x_ldap_port); - parser.addOption("-bind_dn %s #ldap bind dn", - x_bind_dn); - parser.addOption("-bind_password %s #ldap bind password", - x_bind_password); - parser.addOption("-base_dn %s #base dn", - x_base_dn); - parser.addOption("-db_name %s #db name", - x_db_name); - parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); - parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", - x_remove_data); - - // key and algorithm options (default) - parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); - parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); - parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); - parser.addOption( - "-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", - x_signing_algorithm); - - // key and algorithm options for signing certificate (overrides default) - parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type); - parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size); - parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_signing_key_curvename); - parser.addOption( - "-signing_signingalgorithm %s #Algorithm used be ocsp signing cert to sign objects (optional, default is signing_algorithm)", - x_signing_signingalgorithm); - - // key and algorithm options for audit_signing certificate (overrides default) - parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_audit_signing_key_type); - parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", - x_audit_signing_key_size); - parser.addOption( - "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_audit_signing_key_curvename); - - // key and algorithm options for subsystem certificate (overrides default) - parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_subsystem_key_type); - parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", - x_subsystem_key_size); - parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_subsystem_key_curvename); - - // key and algorithm options for sslserver certificate (overrides default) - parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_sslserver_key_type); - parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", - x_sslserver_key_size); - parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_sslserver_key_curvename); - - parser.addOption("-token_name %s #HSM/Software Token name", - x_token_name); - parser.addOption("-token_pwd %s #HSM/Software Token password (optional, required for HSM)", - x_token_pwd); - - parser.addOption("-agent_key_size %s #Agent Cert Key Size", - x_agent_key_size); - parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]", - x_agent_key_type); - parser.addOption("-agent_cert_subject %s #Agent Cert Subject", - x_agent_cert_subject); - - parser.addOption("-backup_pwd %s #PKCS12 password", - x_backup_pwd); - - parser.addOption( - "-ocsp_sign_cert_subject_name %s #OCSP cert subject name", - x_ocsp_sign_cert_subject_name); - parser.addOption( - "-ocsp_subsystem_cert_subject_name %s #OCSP subsystem cert subject name", - x_ocsp_subsystem_cert_subject_name); - parser.addOption( - "-ocsp_server_cert_subject_name %s #OCSP server cert subject name", - x_ocsp_server_cert_subject_name); - - parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-ocsp.p12", - x_backup_fname); - - parser.addOption( - "-subsystem_name %s #OCSP subsystem name", - x_subsystem_name); - - parser.addOption( - "-ocsp_audit_signing_cert_subject_name %s #OCSP audit signing cert subject name", - x_ocsp_audit_signing_cert_subject_name); - - // and then match the arguments - String[] unmatched = null; - unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED); - - if (unmatched != null) { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - parser.checkRequiredArgs(); - - // set variables - cs_hostname = x_cs_hostname.value; - cs_port = x_cs_port.value; - - sd_hostname = x_sd_hostname.value; - sd_ssl_port = x_sd_ssl_port.value; - sd_agent_port = x_sd_agent_port.value; - sd_admin_port = x_sd_admin_port.value; - sd_admin_name = x_sd_admin_name.value; - sd_admin_password = x_sd_admin_password.value; - - ca_hostname = x_ca_hostname.value; - ca_port = x_ca_port.value; - ca_ssl_port = x_ca_ssl_port.value; - - client_certdb_dir = x_client_certdb_dir.value; - client_certdb_pwd = x_client_certdb_pwd.value; - pin = x_preop_pin.value; - domain_name = x_domain_name.value; - - admin_user = x_admin_user.value; - admin_email = x_admin_email.value; - admin_password = x_admin_password.value; - agent_name = x_agent_name.value; - - ldap_host = x_ldap_host.value; - ldap_port = x_ldap_port.value; - bind_dn = x_bind_dn.value; - bind_password = x_bind_password.value; - base_dn = x_base_dn.value; - db_name = x_db_name.value; - secure_conn = set_default(x_secure_conn.value, "false"); - remove_data = set_default(x_remove_data.value, "false"); - - key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); - signing_key_type = set_default(x_signing_key_type.value, key_type); - audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); - subsystem_key_type = set_default(x_subsystem_key_type.value, key_type); - sslserver_key_type = set_default(x_sslserver_key_type.value, key_type); - - key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE); - signing_key_size = set_default(x_signing_key_size.value, key_size); - audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size); - subsystem_key_size = set_default(x_subsystem_key_size.value, key_size); - sslserver_key_size = set_default(x_sslserver_key_size.value, key_size); - - key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME); - signing_key_curvename = set_default(x_signing_key_curvename.value, key_curvename); - audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename); - subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename); - sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename); - - if (signing_key_type.equalsIgnoreCase("RSA")) { - signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA); - } else { - signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC); - } - signing_signingalgorithm = set_default(x_signing_signingalgorithm.value, signing_algorithm); - - token_name = x_token_name.value; - token_pwd = x_token_pwd.value; - - agent_key_size = x_agent_key_size.value; - agent_key_type = x_agent_key_type.value; - agent_cert_subject = x_agent_cert_subject.value; - - backup_pwd = x_backup_pwd.value; - backup_fname = set_default(x_backup_fname.value, "/root/tmp-ocsp.p12"); - - ocsp_sign_cert_subject_name = x_ocsp_sign_cert_subject_name.value; - ocsp_subsystem_cert_subject_name = - x_ocsp_subsystem_cert_subject_name.value; - ocsp_server_cert_subject_name = x_ocsp_server_cert_subject_name.value; - ocsp_audit_signing_cert_subject_name = x_ocsp_audit_signing_cert_subject_name.value; - - subsystem_name = x_subsystem_name.value; - - boolean st = ca.ConfigureOCSPInstance(); - - if (!st) { - System.out.println("ERROR: unable to create OCSP"); - System.exit(-1); - } - - System.out.println("Certificate System - OCSP Instance Configured"); - System.exit(0); - - } - -}; diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureRA.java b/base/silent/src/com/netscape/pkisilent/ConfigureRA.java deleted file mode 100644 index ed93a16f7..000000000 --- a/base/silent/src/com/netscape/pkisilent/ConfigureRA.java +++ /dev/null @@ -1,880 +0,0 @@ -package com.netscape.pkisilent; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.ByteArrayInputStream; -import java.net.URLEncoder; - -import com.netscape.cmsutil.util.Utils; -import com.netscape.pkisilent.argparser.ArgParser; -import com.netscape.pkisilent.argparser.StringHolder; -import com.netscape.pkisilent.common.ComCrypto; -import com.netscape.pkisilent.common.ParseXML; -import com.netscape.pkisilent.http.HTTPClient; -import com.netscape.pkisilent.http.HTTPResponse; - -public class ConfigureRA { - - // define global variables - - public static HTTPClient hc = null; - - public static String login_uri = "/ra/admin/console/config/login"; - public static String wizard_uri = "/ra/admin/console/config/wizard"; - public static String admin_uri = "/ca/admin/ca/getBySerial"; - - public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; - public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; - public static String sd_update_domain_uri = "/ca/agent/ca/updateDomainXML"; - public static String pkcs12_uri = "/ra/admin/console/config/savepkcs12"; - - public static String cs_hostname = null; - public static String cs_port = null; - public static String cs_clientauth_port = null; - - public static String sd_hostname = null; - public static String sd_ssl_port = null; - public static String sd_agent_port = null; - public static String sd_admin_port = null; - public static String sd_admin_name = null; - public static String sd_admin_password = null; - - public static String ca_hostname = null; - public static String ca_port = null; - public static String ca_ssl_port = null; - public static String ca_admin_port = null; - - public static String client_certdb_dir = null; - public static String client_certdb_pwd = null; - - // Login Panel - public static String pin = null; - - public static String domain_name = null; - - public static String admin_user = null; - public static String admin_email = null; - public static String admin_password = null; - public static String admin_serial_number = null; - public static String agent_name = null; - - public static String key_size = null; - public static String key_type = null; - public static String token_name = null; - public static String token_pwd = null; - - public static String agent_key_size = null; - public static String agent_key_type = null; - public static String agent_cert_subject = null; - - public static String server_cert_name = null; - public static String server_cert_req = null; - public static String server_cert_pp = null; - public static String server_cert_cert = null; - - public static String ra_subsystem_cert_name = null; - public static String ra_subsystem_cert_req = null; - public static String ra_subsystem_cert_pp = null; - public static String ra_subsystem_cert_cert = null; - - // names - public static String ra_server_cert_subject_name = null; - public static String ra_server_cert_nickname = null; - public static String ra_subsystem_cert_subject_name = null; - public static String ra_subsystem_cert_nickname = null; - public static String subsystem_name = null; - - // Security Domain Login Panel - public static String ra_session_id = null; - - // Admin Certificate Request Panel - public static String requestor_name = null; - - public ConfigureRA() { - // do nothing :) - } - - public void sleep_time() { - try { - System.out.println("Sleeping for 5 secs.."); - Thread.sleep(5000); - } catch (Exception e) { - System.out.println("ERROR: sleep problem"); - } - - } - - public boolean LoginPanel() throws Exception { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "pin=" + pin + "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string); - System.out.println("xml returned: " + hr.getHTML()); - - // parse xml here - nothing to parse - - // no cookie for ra - // get cookie - String temp = hr.getCookieValue("pin"); - - if (temp != null) { - int index = temp.indexOf(";"); - HTTPClient.j_session_id = temp.substring(0, index); - st = true; - } - - hr = null; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - "p=0&op=next&xml=true"); - - // parse xml here - - bais = new ByteArrayInputStream( - hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - st = true; - return st; - } - - public boolean DomainPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String domain_url = "https://" + sd_hostname + ":" + sd_admin_port; - - String query_string = "p=1" + - "&choice=existingdomain" + - "&sdomainURL=" + - URLEncoder.encode(domain_url, "UTF-8") + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - - } - - public boolean DisplayChainPanel() throws Exception { - String query_string = "p=2" + "&op=next" + "&xml=true"; - hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - return true; - - } - - public boolean SecurityDomainLoginPanel() throws Exception { - HTTPResponse hr = null; - - String ra_url = "https://" + cs_hostname + ":" + cs_port + - "/ra/admin/console/config/wizard" + - "?p=3&subsystem=RA"; - - String query_string = "url=" + URLEncoder.encode(ra_url, "UTF-8") + ""; - - hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string); - - String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") + - "&url=" + URLEncoder.encode(ra_url, "UTF-8") + - ""; - - hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri, - query_string_1); - - // get session id from security domain - sleep_time(); - - ra_session_id = hr.getContentValue("header.session_id"); - String ra_url_1 = hr.getContentValue("header.url"); - - System.out.println("RA_SESSION_ID=" + ra_session_id); - System.out.println("RA_URL=" + ra_url_1); - - // use session id to connect back to RA - - String query_string_2 = "p=3" + - "&subsystem=RA" + - "&session_id=" + ra_session_id + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - query_string_2); - - // parse xml - no parsing - - return true; - - } - - public boolean SubsystemPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - sleep_time(); - String query_string = "p=3" + - "&choice=newsubsystem" + - "&subsystemName=" + - URLEncoder.encode(subsystem_name, "UTF-8") + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - sleep_time(); - - // CA choice panel - query_string = "p=4" + - "&urls=0" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean DBPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - // SQL LITE PANEL - - String query_string = "p=5" + "&op=next" + "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean TokenChoicePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - //////////////////////////////////////////////////////// - String query_string = null; - - // Software Token - if (token_name.equalsIgnoreCase("internal")) { - query_string = "p=6" + - "&choice=" + - URLEncoder.encode("NSS Certificate DB", "UTF-8") + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } - // HSM - else { - // login to hsm first - query_string = "p=7" + - "&uTokName=" + - URLEncoder.encode(token_name, "UTF-8") + - "&__uPasswd=" + - URLEncoder.encode(token_pwd, "UTF-8") + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - // choice with token name now - query_string = "p=6" + - "&choice=" + - URLEncoder.encode(token_name, "UTF-8") + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - } - - return true; - } - - public boolean KeyPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=8" + - "&keytype=" + key_type + - "&choice=default" + - "&custom_size=" + key_size + - "&sslserver_keytype=" + key_type + - "&sslserver_choice=custom" + - "&sslserver_custom_size=" + key_size + - "&subsystem_keytype=" + key_type + - "&subsystem_choice=custom" + - "&subsystem_custom_size=" + key_size + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean CertSubjectPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=9" + - "&sslserver=" + - URLEncoder.encode(ra_server_cert_subject_name, "UTF-8") + - "&sslserver_nick=" + - URLEncoder.encode(ra_server_cert_nickname, "UTF-8") + - "&subsystem=" + - URLEncoder.encode(ra_subsystem_cert_subject_name, "UTF-8") + - "&subsystem_nick=" + - URLEncoder.encode(ra_subsystem_cert_nickname, "UTF-8") + - "&urls=0" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean CertificatePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=10" + - "&sslserver=" + - "&sslserver_cc=" + - "&subsystem=" + - "&subsystem_cc=" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean AdminCertReqPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String admin_cert_request = null; - - requestor_name = "RA-" + cs_hostname + "-" + cs_clientauth_port; - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - agent_cert_subject, - agent_key_size, - agent_key_type); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.setTransportCert(null); - cCrypt.setDualKey(false); - cCrypt.loginDB(); - - String crmf_request = cCrypt.generateCRMFrequest(); - - if (crmf_request == null) { - System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); - return false; - } - - admin_cert_request = crmf_request; - - String query_string = "p=11" + - "&uid=" + admin_user + - "&name=" + - URLEncoder.encode("RA Administrator", "UTF-8") + - "&email=" + - URLEncoder.encode(admin_email, "UTF-8") + - "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") + - "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") + - "&cert_request=" + - URLEncoder.encode(admin_cert_request, "UTF-8") + - "&display=0" + - "&profileId=" + "caAdminCert" + - "&cert_request_type=" + "crmf" + - "&import=true" + - "&uid=" + admin_user + - "&clone=0" + - "&securitydomain=" + - URLEncoder.encode(domain_name, "UTF-8") + - "&subject=" + - URLEncoder.encode(agent_cert_subject, "UTF-8") + - "&requestor_name=" + - URLEncoder.encode(requestor_name, "UTF-8") + - "&sessionID=" + ra_session_id + - "&auth_hostname=" + ca_hostname + - "&auth_port=" + ca_ssl_port + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - admin_serial_number = px.getvalue("serialNumber"); - - return true; - } - - public boolean AdminCertImportPanel() throws Exception { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String cert_to_import = null; - - String query_string = "serialNumber=" + admin_serial_number + - "&importCert=" + "true" + - ""; - - // NOTE: CA, DRM, OCSP, and TKS use the Security Domain Admin Port; - // whereas RA and TPS use the CA Admin Port associated with - // the 'CA choice panel' as invoked from the SubsystemPanel() - // which MAY or MAY NOT be the same CA as the CA specified - // by the Security Domain. - hr = hc.sslConnect(ca_hostname, ca_admin_port, admin_uri, query_string); - - try { - // cert_to_import = - // new sun.misc.BASE64Encoder().encode(hr.getResponseData()); - cert_to_import = - Utils.base64encode(hr.getResponseData()); - - } catch (Exception e) { - System.out.println("ERROR: failed to retrieve cert"); - } - - System.out.println("Imported Cert=" + cert_to_import); - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - String start = "-----BEGIN CERTIFICATE-----\r\n"; - String end = "\r\n-----END CERTIFICATE-----"; - - st = cCrypt.importCert(start + cert_to_import + end, agent_name); - if (!st) { - System.out.println("ERROR: AdminCertImportPanel() during cert import"); - return false; - } - - System.out.println("SUCCESS: imported admin user cert"); - - String query_string_1 = "p=12" + - "&serialNumber=" + admin_serial_number + - "&caHost=" + - URLEncoder.encode(ca_hostname, "UTF-8") + - "&caPort=" + ca_admin_port + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_1); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean ConfigureRAInstance() throws Exception { - // 0. login to cert db - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - // instantiate http client - hc = new HTTPClient(); - - sleep_time(); - // 1. Login panel - boolean log_st = LoginPanel(); - if (!log_st) { - System.out.println("ERROR: JSESSIONID not found."); - System.out.println("ERROR: ConfigureRA: LoginPanel() failure"); - return false; - } - - sleep_time(); - // 2. domain panel - boolean dom_st = DomainPanel(); - if (!dom_st) { - System.out.println("ERROR: ConfigureRA: DomainPanel() failure"); - return false; - } - - sleep_time(); - // 3. display cert chain panel - boolean disp_st = DisplayChainPanel(); - if (!disp_st) { - System.out.println("ERROR: ConfigureRA: DisplayChainPanel() failure"); - return false; - } - - sleep_time(); - // security domain login panel - boolean disp_sd = SecurityDomainLoginPanel(); - if (!disp_sd) { - System.out.println("ERROR: ConfigureRA: SecurityDomainLoginPanel() failure"); - return false; - } - - sleep_time(); - // 4. subsystem panel - boolean disp_ss = SubsystemPanel(); - if (!disp_ss) { - System.out.println("ERROR: ConfigureRA: SubsystemPanel() failure"); - return false; - } - - sleep_time(); - // 5. ldap connection panel - boolean disp_ldap = DBPanel(); - if (!disp_ldap) { - System.out.println("ERROR: ConfigureRA: DBPanel() failure"); - return false; - } - - sleep_time(); - // 6. Token Choice Panel - boolean disp_token = TokenChoicePanel(); - if (!disp_token) { - System.out.println("ERROR: ConfigureRA: TokenChoicePanel() failure"); - return false; - } - - sleep_time(); - // 8. Key Panel - boolean disp_key = KeyPanel(); - if (!disp_key) { - System.out.println("ERROR: ConfigureRA: KeyPanel() failure"); - return false; - } - - sleep_time(); - // 9. Cert Subject Panel - boolean disp_csubj = CertSubjectPanel(); - if (!disp_csubj) { - System.out.println("ERROR: ConfigureRA: CertSubjectPanel() failure"); - return false; - } - - sleep_time(); - // 10. Certificate Panel - boolean disp_cp = CertificatePanel(); - if (!disp_cp) { - System.out.println("ERROR: ConfigureRA: CertificatePanel() failure"); - return false; - } - - sleep_time(); - // 11. Admin Cert Req Panel - boolean disp_adm = AdminCertReqPanel(); - if (!disp_adm) { - System.out.println("ERROR: ConfigureRA: AdminCertReqPanel() failure"); - return false; - } - - sleep_time(); - // 12. Admin Cert import Panel - boolean disp_im = AdminCertImportPanel(); - if (!disp_im) { - System.out.println("ERROR: ConfigureRA: AdminCertImportPanel() failure"); - return false; - } - - return true; - } - - public static void main(String args[]) throws Exception { - ConfigureRA ca = new ConfigureRA(); - - // set variables - StringHolder x_cs_hostname = new StringHolder(); - StringHolder x_cs_port = new StringHolder(); - StringHolder x_cs_clientauth_port = new StringHolder(); - - StringHolder x_sd_hostname = new StringHolder(); - StringHolder x_sd_ssl_port = new StringHolder(); - StringHolder x_sd_agent_port = new StringHolder(); - StringHolder x_sd_admin_port = new StringHolder(); - StringHolder x_sd_admin_name = new StringHolder(); - StringHolder x_sd_admin_password = new StringHolder(); - - StringHolder x_ca_hostname = new StringHolder(); - StringHolder x_ca_port = new StringHolder(); - StringHolder x_ca_ssl_port = new StringHolder(); - StringHolder x_ca_admin_port = new StringHolder(); - - StringHolder x_client_certdb_dir = new StringHolder(); - StringHolder x_client_certdb_pwd = new StringHolder(); - StringHolder x_preop_pin = new StringHolder(); - - StringHolder x_domain_name = new StringHolder(); - - StringHolder x_admin_user = new StringHolder(); - StringHolder x_admin_email = new StringHolder(); - StringHolder x_admin_password = new StringHolder(); - - // key size - StringHolder x_token_name = new StringHolder(); - StringHolder x_token_pwd = new StringHolder(); - StringHolder x_key_size = new StringHolder(); - StringHolder x_key_type = new StringHolder(); - - StringHolder x_agent_key_size = new StringHolder(); - StringHolder x_agent_key_type = new StringHolder(); - StringHolder x_agent_cert_subject = new StringHolder(); - - StringHolder x_agent_name = new StringHolder(); - - // ra cert subject name params - StringHolder x_ra_server_cert_subject_name = new StringHolder(); - StringHolder x_ra_server_cert_nickname = new StringHolder(); - StringHolder x_ra_subsystem_cert_subject_name = new StringHolder(); - StringHolder x_ra_subsystem_cert_nickname = new StringHolder(); - - // subsystemName - StringHolder x_subsystem_name = new StringHolder(); - - // parse the args - ArgParser parser = new ArgParser("ConfigureRA"); - - parser.addOption("-cs_hostname %s #CS Hostname", - x_cs_hostname); - parser.addOption("-cs_port %s #CS SSL port", - x_cs_port); - parser.addOption("-cs_clientauth_port %s #CS SSL port", - x_cs_clientauth_port); - - parser.addOption("-sd_hostname %s #Security Domain Hostname", - x_sd_hostname); - parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port", - x_sd_ssl_port); - parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port", - x_sd_agent_port); - parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port", - x_sd_admin_port); - parser.addOption("-sd_admin_name %s #Security Domain username", - x_sd_admin_name); - parser.addOption("-sd_admin_password %s #Security Domain password", - x_sd_admin_password); - - parser.addOption("-ca_hostname %s #CA Hostname", - x_ca_hostname); - parser.addOption("-ca_port %s #CA non-SSL port", - x_ca_port); - parser.addOption("-ca_ssl_port %s #CA SSL port", - x_ca_ssl_port); - parser.addOption("-ca_admin_port %s #CA SSL Admin port", - x_ca_admin_port); - - parser.addOption("-client_certdb_dir %s #Client CertDB dir", - x_client_certdb_dir); - parser.addOption("-client_certdb_pwd %s #client certdb password", - x_client_certdb_pwd); - parser.addOption("-preop_pin %s #pre op pin", - x_preop_pin); - parser.addOption("-domain_name %s #domain name", - x_domain_name); - parser.addOption("-admin_user %s #Admin User Name", - x_admin_user); - parser.addOption("-admin_email %s #Admin email", - x_admin_email); - parser.addOption("-admin_password %s #Admin password", - x_admin_password); - parser.addOption("-agent_name %s #Agent Cert Nickname", - x_agent_name); - - parser.addOption("-token_name %s #HSM/Software Token name", - x_token_name); - parser.addOption("-token_pwd %s #HSM/Software Token password", - x_token_pwd); - parser.addOption("-key_size %s #Key Size", - x_key_size); - parser.addOption("-key_type %s #Key type [rsa,ecc]", - x_key_type); - - parser.addOption("-agent_key_size %s #Agent Cert Key Size", - x_agent_key_size); - parser.addOption("-agent_key_type %s #Agent cert Key type [rsa]", - x_agent_key_type); - parser.addOption("-agent_cert_subject %s #Agent cert Subject", - x_agent_cert_subject); - - parser.addOption( - "-ra_server_cert_subject_name %s #RA server cert subject name", - x_ra_server_cert_subject_name); - parser.addOption( - "-ra_server_cert_nickname %s #RA server cert nickname", - x_ra_server_cert_nickname); - parser.addOption( - "-ra_subsystem_cert_subject_name %s #RA subsystem cert subject name", - x_ra_subsystem_cert_subject_name); - parser.addOption( - "-ra_subsystem_cert_nickname %s #RA subsystem cert nickname", - x_ra_subsystem_cert_nickname); - - parser.addOption( - "-subsystem_name %s #RA subsystem name", - x_subsystem_name); - - // and then match the arguments - String[] unmatched = null; - unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED); - - if (unmatched != null) { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - // set variables - cs_hostname = x_cs_hostname.value; - cs_port = x_cs_port.value; - cs_clientauth_port = x_cs_clientauth_port.value; - - sd_hostname = x_sd_hostname.value; - sd_ssl_port = x_sd_ssl_port.value; - sd_agent_port = x_sd_agent_port.value; - sd_admin_port = x_sd_admin_port.value; - sd_admin_name = x_sd_admin_name.value; - sd_admin_password = x_sd_admin_password.value; - - ca_hostname = x_ca_hostname.value; - ca_port = x_ca_port.value; - ca_ssl_port = x_ca_ssl_port.value; - ca_admin_port = x_ca_admin_port.value; - - client_certdb_dir = x_client_certdb_dir.value; - client_certdb_pwd = x_client_certdb_pwd.value; - pin = x_preop_pin.value; - domain_name = x_domain_name.value; - - admin_user = x_admin_user.value; - admin_email = x_admin_email.value; - admin_password = x_admin_password.value; - agent_name = x_agent_name.value; - - key_size = x_key_size.value; - key_type = x_key_type.value; - token_name = x_token_name.value; - token_pwd = x_token_pwd.value; - - agent_key_size = x_agent_key_size.value; - agent_key_type = x_agent_key_type.value; - agent_cert_subject = x_agent_cert_subject.value; - - ra_server_cert_subject_name = - x_ra_server_cert_subject_name.value; - ra_server_cert_nickname = - x_ra_server_cert_nickname.value; - ra_subsystem_cert_subject_name = - x_ra_subsystem_cert_subject_name.value; - ra_subsystem_cert_nickname = - x_ra_subsystem_cert_nickname.value; - - subsystem_name = x_subsystem_name.value; - - boolean st = ca.ConfigureRAInstance(); - - if (!st) { - System.out.println("ERROR: unable to create RA"); - System.exit(-1); - } - - System.out.println("Certificate System - RA Instance Configured"); - System.exit(0); - - } - -}; diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java b/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java deleted file mode 100644 index 6147d256a..000000000 --- a/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java +++ /dev/null @@ -1,1248 +0,0 @@ -package com.netscape.pkisilent; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.ByteArrayInputStream; -import java.net.URLEncoder; -import java.util.ArrayList; - -import com.netscape.cmsutil.util.Utils; -import com.netscape.pkisilent.argparser.ArgParser; -import com.netscape.pkisilent.argparser.StringHolder; -import com.netscape.pkisilent.common.ComCrypto; -import com.netscape.pkisilent.common.ParseXML; -import com.netscape.pkisilent.http.HTTPClient; -import com.netscape.pkisilent.http.HTTPResponse; - -public class ConfigureSubCA { - - // global constants - public static final String DEFAULT_KEY_TYPE = "RSA"; - public static final String DEFAULT_KEY_SIZE = "2048"; - public static final String DEFAULT_KEY_CURVENAME = "nistp256"; - public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA"; - public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC"; - - // define global variables - - public static HTTPClient hc = null; - - public static String login_uri = "/ca/admin/console/config/login"; - public static String wizard_uri = "/ca/admin/console/config/wizard"; - public static String admin_uri = "/ca/admin/ca/getBySerial"; - - public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; - public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; - public static String pkcs12_uri = "/ca/admin/console/config/savepkcs12"; - - public static String cs_hostname = null; - public static String cs_port = null; - - public static String sd_hostname = null; - public static String sd_ssl_port = null; - public static String sd_agent_port = null; - public static String sd_admin_port = null; - public static String sd_admin_name = null; - public static String sd_admin_password = null; - - public static String ca_hostname = null; - public static String ca_port = null; - public static String ca_ssl_port = null; - - public static String client_certdb_dir = null; - public static String client_certdb_pwd = null; - - // Login Panel - public static String pin = null; - - public static String domain_name = null; - - public static String admin_user = null; - public static String admin_email = null; - public static String admin_password = null; - public static String admin_serial_number = null; - public static String agent_name = null; - - public static String ldap_host = null; - public static String ldap_port = null; - public static String bind_dn = null; - public static String bind_password = null; - public static String base_dn = null; - public static String db_name = null; - public static String secure_conn = null; - public static String remove_data = null; - - public static String key_type = null; - public static String key_size = null; - public static String key_curvename = null; - public static String key_algorithm = null; - public static String signing_algorithm = null; - - public static String signing_key_type = null; - public static String signing_key_size = null; - public static String signing_key_curvename = null; - public static String signing_signingalgorithm = null; - - public static String ocsp_signing_key_type = null; - public static String ocsp_signing_key_size = null; - public static String ocsp_signing_key_curvename = null; - public static String ocsp_signing_signingalgorithm = null; - - public static String subsystem_key_type = null; - public static String subsystem_key_size = null; - public static String subsystem_key_curvename = null; - - public static String audit_signing_key_type = null; - public static String audit_signing_key_size = null; - public static String audit_signing_key_curvename = null; - - public static String sslserver_key_type = null; - public static String sslserver_key_size = null; - public static String sslserver_key_curvename = null; - - public static String token_name = null; - public static String token_pwd = null; - - public static String agent_key_size = null; - public static String agent_key_type = null; - public static String agent_cert_subject = null; - - public static String ca_cert_name = null; - public static String ca_cert_req = null; - public static String ca_cert_pp = null; - public static String ca_cert_cert = null; - - public static String ocsp_cert_name = null; - public static String ocsp_cert_req = null; - public static String ocsp_cert_pp = null; - public static String ocsp_cert_cert = null; - - public static String server_cert_name = null; - public static String server_cert_req = null; - public static String server_cert_pp = null; - public static String server_cert_cert = null; - - public static String ca_subsystem_cert_name = null; - public static String ca_subsystem_cert_req = null; - public static String ca_subsystem_cert_pp = null; - public static String ca_subsystem_cert_cert = null; - - public static String ca_audit_signing_cert_name = null; - public static String ca_audit_signing_cert_req = null; - public static String ca_audit_signing_cert_pp = null; - public static String ca_audit_signing_cert_cert = null; - - public static String backup_pwd = null; - - public static String subsystem_name = null; - - // names - public static String subca_sign_cert_subject_name = null; - public static String subca_subsystem_cert_subject_name = null; - public static String subca_ocsp_cert_subject_name = null; - public static String subca_server_cert_subject_name = null; - public static String subca_audit_signing_cert_subject_name = null; - - public ConfigureSubCA() { - // do nothing :) - } - - public void sleep_time() { - try { - System.out.println("Sleeping for 5 secs.."); - Thread.sleep(5000); - } catch (Exception e) { - System.out.println("ERROR: sleep problem"); - } - - } - - public boolean LoginPanel() throws Exception { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "pin=" + pin + "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string); - System.out.println("xml returned: " + hr.getHTML()); - - // parse xml here - nothing to parse - - // get cookie - String temp = hr.getCookieValue("JSESSIONID"); - - if (temp != null) { - int index = temp.indexOf(";"); - HTTPClient.j_session_id = temp.substring(0, index); - st = true; - } - - hr = null; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - "p=0&op=next&xml=true"); - - // parse xml here - - bais = new ByteArrayInputStream( - hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return st; - } - - public boolean TokenChoicePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - /////////////////////////////////////////////////////// - String query_string = null; - - // Software Token - if (token_name.equalsIgnoreCase("internal")) { - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode("Internal Key Storage Token", "UTF-8") + - ""; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } - // HSM - else { - // login to hsm first - query_string = "p=2" + "&op=next" + "&xml=true" + - "&uTokName=" + - URLEncoder.encode(token_name, "UTF-8") + - "&__uPasswd=" + - URLEncoder.encode(token_pwd, "UTF-8") + - ""; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - // choice with token name now - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode(token_name, "UTF-8") + - ""; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - } - - return true; - } - - public boolean DomainPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String domain_url = "https://" + sd_hostname + ":" + sd_admin_port; - - String query_string = "sdomainURL=" + - URLEncoder.encode(domain_url, "UTF-8") + - "&sdomainName=" + - URLEncoder.encode(domain_name, "UTF-8") + - "&choice=existingdomain" + - "&p=3" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - String query_string_1 = "p=4" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_1); - - return true; - - } - - public boolean SecurityDomainLoginPanel() throws Exception { - String subca_url = "https://" + cs_hostname + ":" + cs_port + - "/ca/admin/console/config/wizard" + - "?p=5&subsystem=CA"; - - String query_string = "url=" + URLEncoder.encode(subca_url, "UTF-8"); - - HTTPResponse hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string); - - String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") + - "&url=" + URLEncoder.encode(subca_url, "UTF-8"); - - hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri, - query_string_1); - - // get session id from security domain - - String subca_session_id = hr.getContentValue("header.session_id"); - String subca_url_1 = hr.getContentValue("header.url"); - - System.out.println("SUBCA_SESSION_ID=" + subca_session_id); - System.out.println("SUBCA_URL=" + subca_url_1); - - // use session id to connect back to subCA - - String query_string_2 = "p=5" + - "&subsystem=CA" + - "&session_id=" + subca_session_id + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - query_string_2); - - return true; - - } - - public boolean DisplayChainPanel() throws Exception { - String query_string = "p=5" + "&op=next" + "&xml=true" + - "&choice=newsubsystem" + - "&subsystemName=" + - URLEncoder.encode(subsystem_name, "UTF-8") + - "&subsystemName=" + - URLEncoder.encode(subsystem_name, "UTF-8") + - "&urls=0"; - hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - // px.parse(bais); - // px.prettyprintxml(); - - return true; - } - - public boolean HierarchyPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=8" + "&op=next" + "&xml=true" + - "&choice=join"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - - } - - public boolean LdapConnectionPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=9" + "&op=next" + "&xml=true" + - "&host=" + URLEncoder.encode(ldap_host, "UTF-8") + - "&port=" + URLEncoder.encode(ldap_port, "UTF-8") + - "&basedn=" + URLEncoder.encode(base_dn, "UTF-8") + - "&database=" + URLEncoder.encode(db_name, "UTF-8") + - "&binddn=" + URLEncoder.encode(bind_dn, "UTF-8") + - "&__bindpwd=" + URLEncoder.encode(bind_password, "UTF-8") + - "&display=" + URLEncoder.encode("$displayStr", "UTF-8") + - (secure_conn.equals("true") ? "&secureConn=on" : "") + - (remove_data.equals("true") ? "&removeData=true" : ""); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean KeyPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList<String> al = null; - - String query_string = "p=10" + "&op=next" + "&xml=true" - + "&subsystem_custom_size=" + subsystem_key_size - + "&subsystem_custom_curvename=" + subsystem_key_curvename - + "&subsystem_keytype=" + subsystem_key_type - + "&subsystem_choice=custom" - + "&sslserver_custom_size=" + sslserver_key_size - + "&sslserver_custom_curvename=" + sslserver_key_curvename - + "&sslserver_keytype=" + sslserver_key_type - + "&sslserver_choice=custom" - + "&signing_custom_size=" + signing_key_size - + "&signing_custom_curvename=" + signing_key_curvename - + "&signing_keytype=" + signing_key_type - + "&signing_choice=custom" - + "&signing_keyalgorithm=" + key_algorithm - + "&signing_signingalgorithm=" + signing_signingalgorithm - + "&ocsp_signing_custom_size=" + ocsp_signing_key_size - + "&ocsp_signing_custom_curvename=" + ocsp_signing_key_curvename - + "&ocsp_signing_keytype=" + ocsp_signing_key_type - + "&ocsp_signing_choice=custom" - + "&ocsp_signing_signingalgorithm=" + ocsp_signing_signingalgorithm - + "&audit_signing_custom_size=" + audit_signing_key_size - + "&audit_signing_custom_curvename=" + audit_signing_key_curvename - + "&audit_signing_keytype=" + audit_signing_key_type - + "&audit_signing_choice=custom" - + "&custom_size=" + key_size - + "&custom_curvename=" + key_curvename - + "&keytype=" + key_type - + "&choice=custom" - + "&signingalgorithm=" + signing_algorithm - + "&keyalgorithm=" + key_algorithm; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - al = px.constructValueList("CertReqPair", "DN"); - // get ca cert subject name - if (al != null) { - for (int i = 0; i < al.size(); i++) { - String temp = al.get(i); - if (temp.indexOf("Certificate Authority") > 0) { - ca_cert_name = temp; - } else if (temp.indexOf("OCSP Signing Certificate") > 0) { - ocsp_cert_name = temp; - } else if (temp.indexOf("Subsystem Certificate") > 0) { - ca_subsystem_cert_name = temp; - } else if (temp.indexOf("Audit Signing Certificate") > 0) { - ca_audit_signing_cert_name = temp; - } else { - server_cert_name = temp; - } - } - } - - System.out.println("default: ca_cert_name=" + ca_cert_name); - System.out.println("default: ocsp_cert_name=" + ocsp_cert_name); - System.out.println("default: ca_subsystem_cert_name=" + - ca_subsystem_cert_name); - System.out.println("default: server_cert_name=" + server_cert_name); - System.out.println("default: ca_audit_signing_cert_name=" + - ca_audit_signing_cert_name); - return true; - } - - public boolean CertSubjectPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList<String> req_list = null; - ArrayList<String> cert_list = null; - ArrayList<String> dn_list = null; - - String query_string = "p=11" + "&op=next" + "&xml=true" + - "&signing=" + - URLEncoder.encode(subca_sign_cert_subject_name, "UTF-8") + - "&ocsp_signing=" + - URLEncoder.encode(subca_ocsp_cert_subject_name, "UTF-8") + - "&sslserver=" + - URLEncoder.encode(subca_server_cert_subject_name, "UTF-8") + - "&subsystem=" + - URLEncoder.encode(subca_subsystem_cert_subject_name, "UTF-8") + - "&audit_signing=" + - URLEncoder.encode(subca_audit_signing_cert_subject_name, "UTF-8") + - "&urls=0" + - ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - req_list = px.constructValueList("CertReqPair", "Request"); - cert_list = px.constructValueList("CertReqPair", "Certificate"); - dn_list = px.constructValueList("CertReqPair", "Nickname"); - - System.out.println("req_list_size=" + req_list.size()); - System.out.println("cert_list_size=" + cert_list.size()); - System.out.println("dn_list_size=" + dn_list.size()); - - if (req_list != null && cert_list != null && dn_list != null) { - for (int i = 0; i < dn_list.size(); i++) { - String temp = dn_list.get(i); - - if (temp.indexOf("caSigningCert") >= 0) { - ca_cert_req = req_list.get(i); - ca_cert_cert = cert_list.get(i); - } else if (temp.indexOf("ocspSigningCert") >= 0) { - ocsp_cert_req = req_list.get(i); - ocsp_cert_cert = cert_list.get(i); - } else if (temp.indexOf("subsystemCert") >= 0) { - ca_subsystem_cert_req = req_list.get(i); - ca_subsystem_cert_cert = cert_list.get(i); - } else if (temp.indexOf("auditSigningCert") >= 0) { - ca_audit_signing_cert_req = req_list.get(i); - ca_audit_signing_cert_cert = cert_list.get(i); - } else { - server_cert_req = req_list.get(i); - server_cert_cert = cert_list.get(i); - } - } - } - - System.out.println("ca_cert_name=" + subca_sign_cert_subject_name); - System.out.println("ocsp_cert_name=" + subca_ocsp_cert_subject_name); - System.out.println("ca_subsystem_cert_name=" + - subca_subsystem_cert_subject_name); - System.out.println("server_cert_name=" + - subca_server_cert_subject_name); - System.out.println("audit_signing_cert_name=" + - subca_audit_signing_cert_subject_name); - - System.out.println("ca_cert_req=" + ca_cert_req); - System.out.println("ocsp_cert_req=" + ocsp_cert_req); - System.out.println("ca_subsystem_cert_req=" + ca_subsystem_cert_req); - System.out.println("server_cert_req=" + server_cert_req); - System.out.println("ca_audit_siging_cert_req=" + - ca_audit_signing_cert_req); - - System.out.println("ca_cert_cert=" + ca_cert_cert); - System.out.println("ocsp_cert_cert=" + ocsp_cert_cert); - System.out.println("ca_subsystem_cert_cert=" + ca_subsystem_cert_cert); - System.out.println("server_cert_cert=" + server_cert_cert); - System.out.println("ca_audit_signing_cert_cert=" + - ca_audit_signing_cert_cert); - - return true; - } - - public boolean CertificatePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=12" + "&op=next" + "&xml=true" + - "&signing=" + - URLEncoder.encode(ca_cert_cert, "UTF-8") + - "&signing_cc=" + - "&ocsp_signing=" + - URLEncoder.encode(ocsp_cert_cert, "UTF-8") + - "&ocsp_signing_cc=" + - "&sslserver=" + - URLEncoder.encode(server_cert_cert, "UTF-8") + - "&sslserver_cc=" + - "&subsystem=" + - URLEncoder.encode(ca_subsystem_cert_cert, "UTF-8") + - "&subsystem_cc=" + - "&audit_signing=" + - URLEncoder.encode(ca_audit_signing_cert_cert, "UTF-8") + - "&audit_signing_cc=" + - ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean BackupPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=13" + "&op=next" + "&xml=true" + - "&choice=backupkey" + - "&__pwd=" + URLEncoder.encode(backup_pwd, "UTF-8") + - "&__pwdagain=" + URLEncoder.encode(backup_pwd, "UTF-8"); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean ImportCACertPanel() { - try { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - "p=15&op=next&xml=true"); - - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } catch (Exception e) { - System.out.println("Exception in ImportCACertPanel(): " + e.toString()); - e.printStackTrace(); - return false; - } - } - - public boolean AdminCertReqPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String admin_cert_request = null; - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - agent_cert_subject, - agent_key_size, - agent_key_type); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.setTransportCert(null); - cCrypt.setDualKey(false); - cCrypt.loginDB(); - - String crmf_request = cCrypt.generateCRMFrequest(); - - if (crmf_request == null) { - System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); - return false; - } - - admin_cert_request = crmf_request; - - String query_string = "p=16" + "&op=next" + "&xml=true" + - "&uid=" + admin_user + - "&name=" + URLEncoder.encode(agent_name, "UTF-8") + - "&email=" + - URLEncoder.encode(admin_email, "UTF-8") + - "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") + - "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") + - "&cert_request=" + - URLEncoder.encode(admin_cert_request, "UTF-8") + - "&display=" + URLEncoder.encode("$displayStr", "UTF-8") + - "&profileId=" + "caAdminCert" + - "&cert_request_type=" + "crmf" + - "&import=true" + - "&uid=" + admin_user + - "&securitydomain=" + - URLEncoder.encode(domain_name, "UTF-8") + - "&subject=" + - URLEncoder.encode(agent_cert_subject, "UTF-8") + - ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - admin_serial_number = px.getvalue("serialNumber"); - - return true; - } - - public boolean AdminCertImportPanel() throws Exception { - boolean st = false; - - String query_string = "serialNumber=" + admin_serial_number + - "&importCert=" + "true" + - ""; - - HTTPResponse hr = hc.sslConnect(cs_hostname, cs_port, admin_uri, query_string); - - // get response data - // String cert_to_import = - // new sun.misc.BASE64Encoder().encode(hr.getResponseData()); - String cert_to_import = - Utils.base64encode(hr.getResponseData()); - System.out.println("Imported Cert=" + cert_to_import); - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - String start = "-----BEGIN CERTIFICATE-----\r\n"; - String end = "\r\n-----END CERTIFICATE-----"; - - st = cCrypt.importCert(start + cert_to_import + end, agent_name); - if (!st) { - System.out.println("ERROR: AdminCertImportPanel() during cert import"); - return false; - } - - System.out.println("SUCCESS: imported admin user cert: " + agent_name); - - return true; - } - - public boolean UpdateDomainPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=17" + - "&serialNumber=" + admin_serial_number + - "&caHost=" + URLEncoder.encode(sd_hostname, "UTF-8") + - "&caPort=" + URLEncoder.encode(sd_admin_port, "UTF-8") + - "&importCert=" + "true" + - "&op=next" + "&xml=true" + - ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - String caHost = px.getvalue("host"); - String caPort = px.getvalue("port"); - String systemType = px.getvalue("systemType"); - - System.out.println("caHost=" + caHost); - System.out.println("caPort=" + caPort); - System.out.println("systemType=" + systemType); - - return true; - } - - public boolean ConfigureSubCAInstance() throws Exception { - // 0. login to cert db - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - // instantiate http client - hc = new HTTPClient(); - - sleep_time(); - // 0. Login panel - boolean log_st = LoginPanel(); - if (!log_st) { - System.out.println("ERROR: ConfigureSubCA: LoginPanel() failure"); - return false; - } - - sleep_time(); - // 1. Token Choice Panel - boolean disp_token = TokenChoicePanel(); - if (!disp_token) { - System.out.println("ERROR: ConfigureSubCA: TokenChoicePanel() failure"); - return false; - } - - sleep_time(); - // 2. domain panel - boolean dom_st = DomainPanel(); - if (!dom_st) { - System.out.println("ERROR: ConfigureSubCA: DomainPanel() failure"); - return false; - } - - sleep_time(); - // 3. domain panel - boolean sd_st = SecurityDomainLoginPanel(); - if (!sd_st) { - System.out.println("ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure"); - return false; - } - - sleep_time(); - // 4. display cert chain panel - boolean disp_st = DisplayChainPanel(); - if (!disp_st) { - System.out.println("ERROR: ConfigureSubCA: DisplayChainPanel() failure"); - return false; - } - - sleep_time(); - // 6. hierarchy panel - boolean disp_h = HierarchyPanel(); - if (!disp_h) { - System.out.println("ERROR: ConfigureSubCA: HierarchyPanel() failure"); - return false; - } - - sleep_time(); - // 7. ldap connection panel - boolean disp_ldap = LdapConnectionPanel(); - if (!disp_ldap) { - System.out.println("ERROR: ConfigureSubCA: LdapConnectionPanel() failure"); - return false; - } - - sleep_time(); - sleep_time(); - // 10. Key Panel - boolean disp_key = KeyPanel(); - if (!disp_key) { - System.out.println("ERROR: ConfigureSubCA: KeyPanel() failure"); - return false; - } - - sleep_time(); - // 11. Cert Subject Panel - boolean disp_csubj = CertSubjectPanel(); - if (!disp_csubj) { - System.out.println("ERROR: ConfigureSubCA: CertSubjectPanel() failure"); - return false; - } - - sleep_time(); - // 12. Certificate Panel - boolean disp_cp = CertificatePanel(); - if (!disp_cp) { - System.out.println("ERROR: ConfigureSubCA: CertificatePanel() failure"); - return false; - } - - sleep_time(); - // 13. Backup Panel - boolean disp_back = BackupPanel(); - if (!disp_back) { - System.out.println("ERROR: ConfigureSubCA: BackupPanel() failure"); - return false; - } - - sleep_time(); - // 15. Import CA Certificate Panel - boolean disp_cert = ImportCACertPanel(); - if (!disp_cert) { - System.out.println("ERROR: ConfigureSubCA: ImportCACertPanel() failure"); - return false; - } - - sleep_time(); - // 16. Admin Cert Req Panel - boolean disp_adm = AdminCertReqPanel(); - if (!disp_adm) { - System.out.println("ERROR: ConfigureSubCA: AdminCertReqPanel() failure"); - return false; - } - - sleep_time(); - boolean disp_im = AdminCertImportPanel(); - if (!disp_im) { - System.out.println("ERROR: ConfigureSubCA: AdminCertImportPanel() failure"); - return false; - } - - sleep_time(); - // 17. Update Domain Panel - boolean disp_ud = UpdateDomainPanel(); - if (!disp_ud) { - System.out.println("ERROR: ConfigureSubCA: UpdateDomainPanel() failure"); - return false; - } - - return true; - } - - private static String set_default(String val, String def) { - if ((val == null) || (val.equals(""))) { - return def; - } else { - return val; - } - } - - public static void main(String args[]) throws Exception { - ConfigureSubCA ca = new ConfigureSubCA(); - - // set variables - StringHolder x_cs_hostname = new StringHolder(); - StringHolder x_cs_port = new StringHolder(); - - StringHolder x_sd_hostname = new StringHolder(); - StringHolder x_sd_ssl_port = new StringHolder(); - StringHolder x_sd_agent_port = new StringHolder(); - StringHolder x_sd_admin_port = new StringHolder(); - StringHolder x_sd_admin_name = new StringHolder(); - StringHolder x_sd_admin_password = new StringHolder(); - - StringHolder x_ca_hostname = new StringHolder(); - StringHolder x_ca_port = new StringHolder(); - StringHolder x_ca_ssl_port = new StringHolder(); - - StringHolder x_client_certdb_dir = new StringHolder(); - StringHolder x_client_certdb_pwd = new StringHolder(); - StringHolder x_preop_pin = new StringHolder(); - - StringHolder x_domain_name = new StringHolder(); - - StringHolder x_admin_user = new StringHolder(); - StringHolder x_admin_email = new StringHolder(); - StringHolder x_admin_password = new StringHolder(); - - // ldap - StringHolder x_ldap_host = new StringHolder(); - StringHolder x_ldap_port = new StringHolder(); - StringHolder x_bind_dn = new StringHolder(); - StringHolder x_bind_password = new StringHolder(); - StringHolder x_base_dn = new StringHolder(); - StringHolder x_db_name = new StringHolder(); - StringHolder x_secure_conn = new StringHolder(); - StringHolder x_remove_data = new StringHolder(); - - // key properties (defaults) - StringHolder x_key_size = new StringHolder(); - StringHolder x_key_type = new StringHolder(); - StringHolder x_key_curvename = new StringHolder(); - StringHolder x_key_algorithm = new StringHolder(); - StringHolder x_signing_algorithm = new StringHolder(); - - // key properties (custom - signing) - StringHolder x_signing_key_size = new StringHolder(); - StringHolder x_signing_key_type = new StringHolder(); - StringHolder x_signing_key_curvename = new StringHolder(); - StringHolder x_signing_signingalgorithm = new StringHolder(); - - // key properties (custom - ocsp_signing) - StringHolder x_ocsp_signing_key_size = new StringHolder(); - StringHolder x_ocsp_signing_key_type = new StringHolder(); - StringHolder x_ocsp_signing_key_curvename = new StringHolder(); - StringHolder x_ocsp_signing_signingalgorithm = new StringHolder(); - - // key properties (custom - audit_signing) - StringHolder x_audit_signing_key_size = new StringHolder(); - StringHolder x_audit_signing_key_type = new StringHolder(); - StringHolder x_audit_signing_key_curvename = new StringHolder(); - - // key properties (custom - subsystem) - StringHolder x_subsystem_key_size = new StringHolder(); - StringHolder x_subsystem_key_type = new StringHolder(); - StringHolder x_subsystem_key_curvename = new StringHolder(); - - // key properties (custom - sslserver) - StringHolder x_sslserver_key_size = new StringHolder(); - StringHolder x_sslserver_key_type = new StringHolder(); - StringHolder x_sslserver_key_curvename = new StringHolder(); - - StringHolder x_token_name = new StringHolder(); - StringHolder x_token_pwd = new StringHolder(); - - StringHolder x_agent_key_size = new StringHolder(); - StringHolder x_agent_key_type = new StringHolder(); - StringHolder x_agent_cert_subject = new StringHolder(); - - StringHolder x_agent_name = new StringHolder(); - StringHolder x_backup_pwd = new StringHolder(); - - // subsystem name - StringHolder x_subsystem_name = new StringHolder(); - - // subject names - StringHolder x_subca_sign_cert_subject_name = new StringHolder(); - StringHolder x_subca_subsystem_cert_subject_name = new StringHolder(); - StringHolder x_subca_ocsp_cert_subject_name = new StringHolder(); - StringHolder x_subca_server_cert_subject_name = new StringHolder(); - StringHolder x_subca_audit_signing_cert_subject_name = new StringHolder(); - - // parse the args - ArgParser parser = new ArgParser("ConfigureSubCA"); - - parser.addOption("-cs_hostname %s #CS Hostname", - x_cs_hostname); - parser.addOption("-cs_port %s #CS SSL port", - x_cs_port); - - parser.addOption("-sd_hostname %s #Security Domain Hostname", - x_sd_hostname); - parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port", - x_sd_ssl_port); - parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port", - x_sd_agent_port); - parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port", - x_sd_admin_port); - parser.addOption("-sd_admin_name %s #Security Domain admin name", - x_sd_admin_name); - parser.addOption("-sd_admin_password %s #Security Domain admin password", - x_sd_admin_password); - - parser.addOption("-ca_hostname %s #CA Hostname", - x_ca_hostname); - parser.addOption("-ca_port %s #CA non-SSL port", - x_ca_port); - parser.addOption("-ca_ssl_port %s #CA SSL port", - x_ca_ssl_port); - - parser.addOption("-client_certdb_dir %s #Client CertDB dir", - x_client_certdb_dir); - parser.addOption("-client_certdb_pwd %s #client certdb password", - x_client_certdb_pwd); - parser.addOption("-preop_pin %s #pre op pin", - x_preop_pin); - parser.addOption("-domain_name %s #domain name", - x_domain_name); - parser.addOption("-admin_user %s #Admin User Name", - x_admin_user); - parser.addOption("-admin_email %s #Admin email", - x_admin_email); - parser.addOption("-admin_password %s #Admin password", - x_admin_password); - parser.addOption("-agent_name %s #Agent Cert Nickname", - x_agent_name); - - parser.addOption("-ldap_host %s #ldap host", - x_ldap_host); - parser.addOption("-ldap_port %s #ldap port", - x_ldap_port); - parser.addOption("-bind_dn %s #ldap bind dn", - x_bind_dn); - parser.addOption("-bind_password %s #ldap bind password", - x_bind_password); - parser.addOption("-base_dn %s #base dn", - x_base_dn); - parser.addOption("-db_name %s #db name", - x_db_name); - parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); - parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", - x_remove_data); - - // key and algorithm options (default) - parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); - parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); - parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); - parser.addOption( - "-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", - x_key_algorithm); - parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)", - x_signing_algorithm); - - // key and algorithm options for signing certificate (overrides default) - parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type); - parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size); - parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_signing_key_curvename); - parser.addOption( - "-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)", - x_signing_signingalgorithm); - - // key and algorithm options for ocsp_signing certificate (overrides default) - parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_ocsp_signing_key_type); - parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)", - x_ocsp_signing_key_size); - parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_ocsp_signing_key_curvename); - parser.addOption( - "-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)", - x_ocsp_signing_signingalgorithm); - - // key and algorithm options for audit_signing certificate (overrides default) - parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_audit_signing_key_type); - parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", - x_audit_signing_key_size); - parser.addOption( - "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_audit_signing_key_curvename); - - // key and algorithm options for subsystem certificate (overrides default) - parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_subsystem_key_type); - parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", - x_subsystem_key_size); - parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_subsystem_key_curvename); - - // key and algorithm options for sslserver certificate (overrides default) - parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_sslserver_key_type); - parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", - x_sslserver_key_size); - parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_sslserver_key_curvename); - - parser.addOption("-token_name %s #HSM/Software Token name", - x_token_name); - parser.addOption("-token_pwd %s #HSM/Software Token password (optional - required for HSM)", - x_token_pwd); - - parser.addOption("-agent_key_size %s #Agent Cert Key Size", - x_agent_key_size); - parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]", - x_agent_key_type); - parser.addOption("-agent_cert_subject %s #Agent Cert Subject", - x_agent_cert_subject); - - parser.addOption("-backup_pwd %s #PKCS12 backup password", - x_backup_pwd); - - parser.addOption("-subsystem_name %s #Subsystem name", - x_subsystem_name); - - parser.addOption( - "-subca_sign_cert_subject_name %s #subCA cert subject name", - x_subca_sign_cert_subject_name); - parser.addOption( - "-subca_subsystem_cert_subject_name %s #subCA subsystem cert subject name", - x_subca_subsystem_cert_subject_name); - parser.addOption( - "-subca_ocsp_cert_subject_name %s #subCA ocsp cert subject name", - x_subca_ocsp_cert_subject_name); - parser.addOption( - "-subca_server_cert_subject_name %s #subCA server cert subject name", - x_subca_server_cert_subject_name); - parser.addOption( - "-subca_audit_signing_cert_subject_name %s #CA audit signing cert subject name", - x_subca_audit_signing_cert_subject_name); - - // and then match the arguments - String[] unmatched = null; - unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED); - - if (unmatched != null) { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - parser.checkRequiredArgs(); - - // set variables - cs_hostname = x_cs_hostname.value; - cs_port = x_cs_port.value; - - sd_hostname = x_sd_hostname.value; - sd_ssl_port = x_sd_ssl_port.value; - sd_agent_port = x_sd_agent_port.value; - sd_admin_port = x_sd_admin_port.value; - sd_admin_name = x_sd_admin_name.value; - sd_admin_password = x_sd_admin_password.value; - - ca_hostname = x_ca_hostname.value; - ca_port = x_ca_port.value; - ca_ssl_port = x_ca_ssl_port.value; - - client_certdb_dir = x_client_certdb_dir.value; - client_certdb_pwd = x_client_certdb_pwd.value; - pin = x_preop_pin.value; - domain_name = x_domain_name.value; - admin_user = x_admin_user.value; - admin_email = x_admin_email.value; - admin_password = x_admin_password.value; - agent_name = x_agent_name.value; - - ldap_host = x_ldap_host.value; - ldap_port = x_ldap_port.value; - bind_dn = x_bind_dn.value; - bind_password = x_bind_password.value; - base_dn = x_base_dn.value; - db_name = x_db_name.value; - secure_conn = set_default(x_secure_conn.value, "false"); - remove_data = set_default(x_remove_data.value, "false"); - - key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); - signing_key_type = set_default(x_signing_key_type.value, key_type); - ocsp_signing_key_type = set_default(x_ocsp_signing_key_type.value, key_type); - audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); - subsystem_key_type = set_default(x_subsystem_key_type.value, key_type); - sslserver_key_type = set_default(x_sslserver_key_type.value, key_type); - - key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE); - signing_key_size = set_default(x_signing_key_size.value, key_size); - ocsp_signing_key_size = set_default(x_ocsp_signing_key_size.value, key_size); - audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size); - subsystem_key_size = set_default(x_subsystem_key_size.value, key_size); - sslserver_key_size = set_default(x_sslserver_key_size.value, key_size); - - key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME); - signing_key_curvename = set_default(x_signing_key_curvename.value, key_curvename); - ocsp_signing_key_curvename = set_default(x_ocsp_signing_key_curvename.value, key_curvename); - audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename); - subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename); - sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename); - - if (signing_key_type.equalsIgnoreCase("RSA")) { - key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA); - } else { - key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC); - } - - signing_algorithm = set_default(x_signing_algorithm.value, key_algorithm); - signing_signingalgorithm = set_default(x_signing_signingalgorithm.value, signing_algorithm); - ocsp_signing_signingalgorithm = set_default(x_ocsp_signing_signingalgorithm.value, signing_algorithm); - - token_name = x_token_name.value; - token_pwd = x_token_pwd.value; - - agent_key_size = x_agent_key_size.value; - agent_key_type = x_agent_key_type.value; - agent_cert_subject = x_agent_cert_subject.value; - - backup_pwd = x_backup_pwd.value; - subsystem_name = x_subsystem_name.value; - - subca_sign_cert_subject_name = x_subca_sign_cert_subject_name.value; - subca_subsystem_cert_subject_name = - x_subca_subsystem_cert_subject_name.value; - subca_ocsp_cert_subject_name = x_subca_ocsp_cert_subject_name.value; - subca_server_cert_subject_name = x_subca_server_cert_subject_name.value; - subca_audit_signing_cert_subject_name = x_subca_audit_signing_cert_subject_name.value; - - boolean st = ca.ConfigureSubCAInstance(); - - if (!st) { - System.out.println("ERROR: unable to create Subordinate CA"); - System.exit(-1); - } - - System.out.println("Certificate System - Subordinate CA Instance Configured."); - System.exit(0); - - } - -}; diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java b/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java deleted file mode 100644 index dc8ce665d..000000000 --- a/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java +++ /dev/null @@ -1,1135 +0,0 @@ -package com.netscape.pkisilent; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedInputStream; -import java.io.BufferedReader; -import java.io.ByteArrayInputStream; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.InputStreamReader; -import java.net.URLEncoder; -import java.util.ArrayList; - -import org.mozilla.jss.asn1.SEQUENCE; -import org.mozilla.jss.pkcs12.AuthenticatedSafes; -import org.mozilla.jss.pkcs12.PFX; - -import com.netscape.cmsutil.util.Utils; -import com.netscape.pkisilent.argparser.ArgParser; -import com.netscape.pkisilent.argparser.StringHolder; -import com.netscape.pkisilent.common.ComCrypto; -import com.netscape.pkisilent.common.ParseXML; -import com.netscape.pkisilent.http.HTTPClient; -import com.netscape.pkisilent.http.HTTPResponse; - -public class ConfigureTKS { - - public static final String DEFAULT_KEY_TYPE = "RSA"; - public static final String DEFAULT_KEY_SIZE = "2048"; - public static final String DEFAULT_KEY_CURVENAME = "nistp256"; - - // define global variables - - public static HTTPClient hc = null; - - public static String login_uri = "/tks/admin/console/config/login"; - public static String wizard_uri = "/tks/admin/console/config/wizard"; - public static String admin_uri = "/ca/admin/ca/getBySerial"; - - public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; - public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; - public static String pkcs12_uri = "/tks/admin/console/config/savepkcs12"; - - public static String cs_hostname = null; - public static String cs_port = null; - - public static String sd_hostname = null; - public static String sd_ssl_port = null; - public static String sd_agent_port = null; - public static String sd_admin_port = null; - public static String sd_admin_name = null; - public static String sd_admin_password = null; - - public static String ca_hostname = null; - public static String ca_port = null; - public static String ca_ssl_port = null; - - public static String client_certdb_dir = null; - public static String client_certdb_pwd = null; - - // Login Panel - public static String pin = null; - - public static String domain_name = null; - - public static String admin_user = null; - public static String admin_email = null; - public static String admin_password = null; - public static String admin_serial_number = null; - public static String agent_name = null; - - public static String ldap_host = null; - public static String ldap_port = null; - public static String bind_dn = null; - public static String bind_password = null; - public static String base_dn = null; - public static String db_name = null; - public static String secure_conn = null; - public static String remove_data = null; - - public static String key_type = null; - public static String key_size = null; - public static String key_curvename = null; - - public static String subsystem_key_type = null; - public static String subsystem_key_size = null; - public static String subsystem_key_curvename = null; - - public static String audit_signing_key_type = null; - public static String audit_signing_key_size = null; - public static String audit_signing_key_curvename = null; - - public static String sslserver_key_type = null; - public static String sslserver_key_size = null; - public static String sslserver_key_curvename = null; - - public static String token_name = null; - public static String token_pwd = null; - - public static String agent_key_size = null; - public static String agent_key_type = null; - public static String agent_cert_subject = null; - - public static String server_cert_name = null; - public static String server_cert_req = null; - public static String server_cert_pp = null; - public static String server_cert_cert = null; - - public static String tks_subsystem_cert_name = null; - public static String tks_subsystem_cert_req = null; - public static String tks_subsystem_cert_pp = null; - public static String tks_subsystem_cert_cert = null; - - public static String tks_audit_signing_cert_name = null; - public static String tks_audit_signing_cert_req = null; - public static String tks_audit_signing_cert_pp = null; - public static String tks_audit_signing_cert_cert = null; - - public static String backup_pwd = null; - public static String backup_fname = null; - - // names - public static String tks_subsystem_cert_subject_name = null; - public static String tks_server_cert_subject_name = null; - public static String subsystem_name = null; - public static String tks_audit_signing_cert_subject_name = null; - - public ConfigureTKS() { - // do nothing :) - } - - public void sleep_time() { - try { - System.out.println("Sleeping for 5 secs.."); - Thread.sleep(5000); - } catch (Exception e) { - System.out.println("ERROR: sleep problem"); - } - } - - public boolean LoginPanel() throws Exception { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "pin=" + pin + "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string); - System.out.println("xml returned: " + hr.getHTML()); - - // parse xml here - nothing to parse - - // get cookie - String temp = hr.getCookieValue("JSESSIONID"); - - if (temp != null) { - int index = temp.indexOf(";"); - HTTPClient.j_session_id = temp.substring(0, index); - st = true; - } - - hr = null; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - "p=0&op=next&xml=true"); - - // parse xml here - - bais = new ByteArrayInputStream( - hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return st; - } - - public boolean TokenChoicePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = null; - - // Software Token - if (token_name.equalsIgnoreCase("internal")) { - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode("Internal Key Storage Token", "UTF-8") + - ""; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } - // HSM - else { - // login to hsm first - query_string = "p=2" + "&op=next" + "&xml=true" + - "&uTokName=" + - URLEncoder.encode(token_name, "UTF-8") + - "&__uPasswd=" + - URLEncoder.encode(token_pwd, "UTF-8") + - ""; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - // choice with token name now - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode(token_name, "UTF-8") + - ""; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } - - return true; - } - - public boolean DomainPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String domain_url = "https://" + sd_hostname + ":" + sd_admin_port; - - String query_string = "sdomainURL=" + - URLEncoder.encode(domain_url, "UTF-8") + - "&choice=existingdomain" + - "&p=3" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - - } - - public boolean DisplayChainPanel() throws Exception { - String query_string = "p=4" + "&op=next" + "&xml=true"; - hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - // px.parse(bais); - // px.prettyprintxml(); - - return true; - - } - - public boolean SecurityDomainLoginPanel() throws Exception { - String tks_url = "https://" + cs_hostname + ":" + cs_port + - "/tks/admin/console/config/wizard" + - "?p=5&subsystem=TKS"; - - String query_string = "url=" + URLEncoder.encode(tks_url, "UTF-8"); - - HTTPResponse hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string); - - String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") + - "&url=" + URLEncoder.encode(tks_url, "UTF-8"); - - hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri, - query_string_1); - - // get session id from security domain - - String tks_session_id = hr.getContentValue("header.session_id"); - String tks_url_1 = hr.getContentValue("header.url"); - - System.out.println("TKS_SESSION_ID=" + tks_session_id); - System.out.println("TKS_URL=" + tks_url_1); - - // use session id to connect back to TKS - - String query_string_2 = "p=5" + - "&subsystem=TKS" + - "&session_id=" + tks_session_id + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - query_string_2); - - // parse xml - // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - // px.parse(bais); - // px.prettyprintxml(); - - return true; - - } - - public boolean SubsystemPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=5" + "&op=next" + "&xml=true" + - "&subsystemName=" + - URLEncoder.encode(subsystem_name, "UTF-8") + - "&choice=newsubsystem"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean LdapConnectionPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=7" + "&op=next" + "&xml=true" + - "&host=" + URLEncoder.encode(ldap_host, "UTF-8") + - "&port=" + URLEncoder.encode(ldap_port, "UTF-8") + - "&binddn=" + URLEncoder.encode(bind_dn, "UTF-8") + - "&__bindpwd=" + URLEncoder.encode(bind_password, "UTF-8") + - "&basedn=" + URLEncoder.encode(base_dn, "UTF-8") + - "&database=" + URLEncoder.encode(db_name, "UTF-8") + - "&display=" + URLEncoder.encode("$displayStr", "UTF-8") + - (secure_conn.equals("true") ? "&secureConn=on" : "") + - (remove_data.equals("true") ? "&removeData=true" : ""); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean KeyPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList<String> al = null; - - String query_string = "p=8" + "&op=next" + "&xml=true" + - "&subsystem_custom_size=" + subsystem_key_size + - "&sslserver_custom_size=" + sslserver_key_size + - "&audit_signing_custom_size=" + audit_signing_key_size + - "&custom_size=" + key_size + - "&subsystem_custom_curvename=" + subsystem_key_curvename + - "&sslserver_custom_curvename=" + sslserver_key_curvename + - "&audit_signing_custom_curvename=" + audit_signing_key_curvename + - "&custom_curvename=" + key_curvename + - "&subsystem_keytype=" + subsystem_key_type + - "&sslserver_keytype=" + sslserver_key_type + - "&audit_signing_keytype=" + audit_signing_key_type + - "&keytype=" + key_type + - "&subsystem_choice=custom" + - "&sslserver_choice=custom" + - "&audit_signing_choice=custom" + - "&choice=custom"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - al = px.constructValueList("CertReqPair", "DN"); - // get ca cert subject name - if (al != null) { - for (int i = 0; i < al.size(); i++) { - String temp = al.get(i); - if (temp.indexOf("TKS Subsystem") > 0) { - tks_subsystem_cert_name = temp; - } else if (temp.indexOf("Audit Signing Certificate") > 0) { - tks_audit_signing_cert_name = temp; - } else { - server_cert_name = temp; - } - } - } - - System.out.println("default: tks_subsystem_cert_name=" + - tks_subsystem_cert_name); - System.out.println("default: server_cert_name=" + - server_cert_name); - System.out.println("default: tks_audit_signing_cert_name=" + tks_audit_signing_cert_name); - return true; - } - - public boolean CertSubjectPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList<String> req_list = null; - ArrayList<String> cert_list = null; - ArrayList<String> dn_list = null; - - String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port; - - String query_string = "p=9" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(tks_subsystem_cert_subject_name, "UTF-8") + - "&sslserver=" + - URLEncoder.encode(tks_server_cert_subject_name, "UTF-8") + - "&audit_signing=" + - URLEncoder.encode(tks_audit_signing_cert_subject_name, "UTF-8") + - "&urls=" + - URLEncoder.encode(domain_url, "UTF-8") + - ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - req_list = px.constructValueList("CertReqPair", "Request"); - cert_list = px.constructValueList("CertReqPair", "Certificate"); - dn_list = px.constructValueList("CertReqPair", "Nickname"); - - if (req_list != null && cert_list != null && dn_list != null) { - for (int i = 0; i < dn_list.size(); i++) { - String temp = dn_list.get(i); - - if (temp.indexOf("subsystemCert") >= 0) { - tks_subsystem_cert_req = req_list.get(i); - tks_subsystem_cert_cert = cert_list.get(i); - } else if (temp.indexOf("auditSigningCert") >= 0) { - tks_audit_signing_cert_req = req_list.get(i); - tks_audit_signing_cert_cert = cert_list.get(i); - } else { - server_cert_req = req_list.get(i); - server_cert_cert = cert_list.get(i); - } - } - } - - return true; - } - - public boolean CertificatePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=10" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(tks_subsystem_cert_cert, "UTF-8") + - "&subsystem_cc=" + - "&sslserver=" + - URLEncoder.encode(server_cert_cert, "UTF-8") + - "&sslserver_cc=" + - "&audit_signing=" + - URLEncoder.encode(tks_audit_signing_cert_cert, "UTF-8") + - "&audit_signing_cc=" + - ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean BackupPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=11" + "&op=next" + "&xml=true" + - "&choice=backupkey" + - "&__pwd=" + URLEncoder.encode(backup_pwd, "UTF-8") + - "&__pwdagain=" + URLEncoder.encode(backup_pwd, "UTF-8"); - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean SavePKCS12Panel() throws Exception { - String query_string = ""; - - HTTPResponse hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string); - - // dump hr.getResponseData() to file - try { - FileOutputStream fos = null; - try { - fos = new FileOutputStream(backup_fname); - fos.write(hr.getResponseData()); - } finally { - if (fos != null) - fos.close(); - } - - // set file to permissions 600 - String rtParams[] = { "chmod", "600", backup_fname }; - Process proc = Runtime.getRuntime().exec(rtParams); - BufferedReader br = null; - try { - br = new BufferedReader(new InputStreamReader(proc.getErrorStream())); - String line = null; - while ((line = br.readLine()) != null) - System.out.println("Error: " + line); - } finally { - if (br != null) - br.close(); - } - proc.waitFor(); - - // verify p12 file - - // Decode the P12 file - FileInputStream fis = null; - PFX pfx = null; - try { - fis = new FileInputStream(backup_fname); - PFX.Template pfxt = new PFX.Template(); - pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048)); - } finally { - if (fis != null) - fis.close(); - } - System.out.println("Decoded PFX"); - - // now peruse it for interesting info - System.out.println("Version: " + pfx.getVersion()); - AuthenticatedSafes authSafes = pfx.getAuthSafes(); - SEQUENCE asSeq = authSafes.getSequence(); - System.out.println("AuthSafes has " + - asSeq.size() + " SafeContents"); - - } catch (Exception e) { - System.out.println("ERROR: Exception=" + e.getMessage()); - return false; - } - - return true; - } - - public boolean AdminCertReqPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String admin_cert_request = null; - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - agent_cert_subject, - agent_key_size, - agent_key_type); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.setTransportCert(null); - cCrypt.setDualKey(false); - cCrypt.loginDB(); - - String crmf_request = cCrypt.generateCRMFrequest(); - - if (crmf_request == null) { - System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); - return false; - } - - admin_cert_request = crmf_request; - - String query_string = "p=13" + "&op=next" + "&xml=true" + - "&cert_request_type=" + "crmf" + - "&uid=" + admin_user + - "&name=" + admin_user + - "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") + - "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") + - "&profileId=" + "caAdminCert" + - "&email=" + - URLEncoder.encode(admin_email, "UTF-8") + - "&cert_request=" + - URLEncoder.encode(admin_cert_request, "UTF-8") + - "&subject=" + - URLEncoder.encode(agent_cert_subject, "UTF-8") + - "&clone=new" + - "&import=true" + - "&securitydomain=" + - URLEncoder.encode(domain_name, "UTF-8") + - ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - admin_serial_number = px.getvalue("serialNumber"); - - return true; - } - - public boolean AdminCertImportPanel() throws Exception { - boolean st = false; - - String query_string = "serialNumber=" + admin_serial_number + - "&importCert=" + "true" + - ""; - - HTTPResponse hr = hc.sslConnect(sd_hostname, sd_admin_port, admin_uri, query_string); - - // get response data - // String cert_to_import = - // new sun.misc.BASE64Encoder().encode(hr.getResponseData()); - String cert_to_import = - Utils.base64encode(hr.getResponseData()); - System.out.println("Imported Cert=" + cert_to_import); - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - String start = "-----BEGIN CERTIFICATE-----\r\n"; - String end = "\r\n-----END CERTIFICATE-----"; - - st = cCrypt.importCert(start + cert_to_import + end, agent_name); - if (!st) { - System.out.println("ERROR: AdminCertImportPanel() during cert import"); - return false; - } - - System.out.println("SUCCESS: imported admin user cert"); - return true; - } - - public boolean UpdateDomainPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=14" + "&op=next" + "&xml=true" + - "&caHost=" + URLEncoder.encode(sd_hostname, "UTF-8") + - "&caPort=" + URLEncoder.encode(sd_agent_port, "UTF-8") + - ""; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean ConfigureTKSInstance() throws Exception { - // 0. login to cert db - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - // instantiate http client - hc = new HTTPClient(); - - sleep_time(); - // 1. Login panel - boolean log_st = LoginPanel(); - if (!log_st) { - System.out.println("ERROR: ConfigureTKS: LoginPanel() failure"); - return false; - } - - sleep_time(); - // 2. Token Choice Panel - boolean disp_token = TokenChoicePanel(); - if (!disp_token) { - System.out.println("ERROR: ConfigureTKS: TokenChoicePanel() failure"); - return false; - } - - sleep_time(); - // 3. domain panel - boolean dom_st = DomainPanel(); - if (!dom_st) { - System.out.println("ERROR: ConfigureTKS: DomainPanel() failure"); - return false; - } - - sleep_time(); - // 4. display cert chain panel - boolean disp_st = DisplayChainPanel(); - if (!disp_st) { - System.out.println("ERROR: ConfigureTKS: DisplayChainPanel() failure"); - return false; - } - - sleep_time(); - // security domain login panel - boolean disp_sd = SecurityDomainLoginPanel(); - if (!disp_sd) { - System.out.println("ERROR: ConfigureTKS: SecurityDomainLoginPanel() failure"); - return false; - } - - sleep_time(); - // subsystem panel - boolean disp_ss = SubsystemPanel(); - if (!disp_ss) { - System.out.println("ERROR: ConfigureTKS: SubsystemPanel() failure"); - return false; - } - - sleep_time(); - // 7. ldap connection panel - boolean disp_ldap = LdapConnectionPanel(); - if (!disp_ldap) { - System.out.println("ERROR: ConfigureTKS: LdapConnectionPanel() failure"); - return false; - } - - sleep_time(); - sleep_time(); - // 9. Key Panel - boolean disp_key = KeyPanel(); - if (!disp_key) { - System.out.println("ERROR: ConfigureTKS: KeyPanel() failure"); - return false; - } - - sleep_time(); - // 10. Cert Subject Panel - boolean disp_csubj = CertSubjectPanel(); - if (!disp_csubj) { - System.out.println("ERROR: ConfigureTKS: CertSubjectPanel() failure"); - return false; - } - - sleep_time(); - // 11. Certificate Panel - boolean disp_cp = CertificatePanel(); - if (!disp_cp) { - System.out.println("ERROR: ConfigureTKS: CertificatePanel() failure"); - return false; - } - - sleep_time(); - // backup panel - boolean disp_back = BackupPanel(); - if (!disp_back) { - System.out.println("ERROR: ConfigureTKS: BackupPanel() failure"); - return false; - } - - sleep_time(); - // save panel - boolean disp_save = SavePKCS12Panel(); - if (!disp_save) { - System.out.println("ERROR: ConfigureTKS: SavePKCS12Panel() failure"); - return false; - } - - sleep_time(); - // 13. Admin Cert Req Panel - boolean disp_adm = AdminCertReqPanel(); - if (!disp_adm) { - System.out.println("ERROR: ConfigureTKS: AdminCertReqPanel() failure"); - return false; - } - - sleep_time(); - // 14. Admin Cert import Panel - boolean disp_im = AdminCertImportPanel(); - if (!disp_im) { - System.out.println("ERROR: ConfigureTKS: AdminCertImportPanel() failure"); - return false; - } - - sleep_time(); - // 15. Update Domain Panel - boolean disp_ud = UpdateDomainPanel(); - if (!disp_ud) { - System.out.println("ERROR: ConfigureTKS: UpdateDomainPanel() failure"); - return false; - } - - sleep_time(); - return true; - } - - private static String set_default(String val, String def) { - if ((val == null) || (val.equals(""))) { - return def; - } else { - return val; - } - } - - public static void main(String args[]) throws Exception { - ConfigureTKS ca = new ConfigureTKS(); - - // set variables - StringHolder x_cs_hostname = new StringHolder(); - StringHolder x_cs_port = new StringHolder(); - - StringHolder x_sd_hostname = new StringHolder(); - StringHolder x_sd_ssl_port = new StringHolder(); - StringHolder x_sd_agent_port = new StringHolder(); - StringHolder x_sd_admin_port = new StringHolder(); - StringHolder x_sd_admin_name = new StringHolder(); - StringHolder x_sd_admin_password = new StringHolder(); - - StringHolder x_ca_hostname = new StringHolder(); - StringHolder x_ca_port = new StringHolder(); - StringHolder x_ca_ssl_port = new StringHolder(); - - StringHolder x_client_certdb_dir = new StringHolder(); - StringHolder x_client_certdb_pwd = new StringHolder(); - StringHolder x_preop_pin = new StringHolder(); - - StringHolder x_domain_name = new StringHolder(); - - StringHolder x_admin_user = new StringHolder(); - StringHolder x_admin_email = new StringHolder(); - StringHolder x_admin_password = new StringHolder(); - - // ldap - StringHolder x_ldap_host = new StringHolder(); - StringHolder x_ldap_port = new StringHolder(); - StringHolder x_bind_dn = new StringHolder(); - StringHolder x_bind_password = new StringHolder(); - StringHolder x_base_dn = new StringHolder(); - StringHolder x_db_name = new StringHolder(); - StringHolder x_secure_conn = new StringHolder(); - StringHolder x_remove_data = new StringHolder(); - - // key properties (defaults) - StringHolder x_key_size = new StringHolder(); - StringHolder x_key_type = new StringHolder(); - StringHolder x_key_curvename = new StringHolder(); - - // key properties (custom - audit_signing) - StringHolder x_audit_signing_key_size = new StringHolder(); - StringHolder x_audit_signing_key_type = new StringHolder(); - StringHolder x_audit_signing_key_curvename = new StringHolder(); - - // key properties (custom - subsystem) - StringHolder x_subsystem_key_size = new StringHolder(); - StringHolder x_subsystem_key_type = new StringHolder(); - StringHolder x_subsystem_key_curvename = new StringHolder(); - - // key properties (custom - sslserver) - StringHolder x_sslserver_key_size = new StringHolder(); - StringHolder x_sslserver_key_type = new StringHolder(); - StringHolder x_sslserver_key_curvename = new StringHolder(); - - StringHolder x_token_name = new StringHolder(); - StringHolder x_token_pwd = new StringHolder(); - - StringHolder x_agent_key_size = new StringHolder(); - StringHolder x_agent_key_type = new StringHolder(); - StringHolder x_agent_cert_subject = new StringHolder(); - - StringHolder x_agent_name = new StringHolder(); - StringHolder x_backup_pwd = new StringHolder(); - StringHolder x_backup_fname = new StringHolder(); - - // tks cert subject name params - StringHolder x_tks_subsystem_cert_subject_name = new StringHolder(); - StringHolder x_tks_server_cert_subject_name = new StringHolder(); - StringHolder x_tks_audit_signing_cert_subject_name = new StringHolder(); - - // subsystemName - StringHolder x_subsystem_name = new StringHolder(); - - // parse the args - ArgParser parser = new ArgParser("ConfigureTKS"); - - parser.addOption("-cs_hostname %s #CS Hostname", - x_cs_hostname); - parser.addOption("-cs_port %s #CS SSL Admin port", - x_cs_port); - - parser.addOption("-sd_hostname %s #Security Domain Hostname", - x_sd_hostname); - parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port", - x_sd_ssl_port); - parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port", - x_sd_agent_port); - parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port", - x_sd_admin_port); - parser.addOption("-sd_admin_name %s #Security Domain Admin Name", - x_sd_admin_name); - parser.addOption("-sd_admin_password %s #Security Domain Admin password", - x_sd_admin_password); - - parser.addOption("-ca_hostname %s #CA Hostname", - x_ca_hostname); - parser.addOption("-ca_port %s #CA non-SSL EE port", - x_ca_port); - parser.addOption("-ca_ssl_port %s #CA SSL EE port", - x_ca_ssl_port); - - parser.addOption("-client_certdb_dir %s #Client CertDB dir", - x_client_certdb_dir); - parser.addOption("-client_certdb_pwd %s #client certdb password", - x_client_certdb_pwd); - parser.addOption("-preop_pin %s #pre op pin", - x_preop_pin); - parser.addOption("-domain_name %s #domain name", - x_domain_name); - parser.addOption("-admin_user %s #Admin User Name", - x_admin_user); - parser.addOption("-admin_email %s #Admin email", - x_admin_email); - parser.addOption("-admin_password %s #Admin password", - x_admin_password); - parser.addOption("-agent_name %s #Agent Cert Nickname", - x_agent_name); - - parser.addOption("-ldap_host %s #ldap host", - x_ldap_host); - parser.addOption("-ldap_port %s #ldap port", - x_ldap_port); - parser.addOption("-bind_dn %s #ldap bind dn", - x_bind_dn); - parser.addOption("-bind_password %s #ldap bind password", - x_bind_password); - parser.addOption("-base_dn %s #base dn", - x_base_dn); - parser.addOption("-db_name %s #db name", - x_db_name); - parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); - parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", - x_remove_data); - - // key and algorithm options (default) - parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); - parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); - parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); - - // key and algorithm options for audit_signing certificate (overrides default) - parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_audit_signing_key_type); - parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", - x_audit_signing_key_size); - parser.addOption( - "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_audit_signing_key_curvename); - - // key and algorithm options for subsystem certificate (overrides default) - parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_subsystem_key_type); - parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", - x_subsystem_key_size); - parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_subsystem_key_curvename); - - // key and algorithm options for sslserver certificate (overrides default) - parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", - x_sslserver_key_type); - parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", - x_sslserver_key_size); - parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", - x_sslserver_key_curvename); - - parser.addOption("-token_name %s #HSM/Software Token name", - x_token_name); - parser.addOption("-token_pwd %s #HSM/Software Token password (optional, required for HSM)", - x_token_pwd); - - parser.addOption("-agent_key_size %s #Agent Cert Key Size", - x_agent_key_size); - parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]", - x_agent_key_type); - parser.addOption("-agent_cert_subject %s #Agent Cert Subject", - x_agent_cert_subject); - - parser.addOption("-backup_pwd %s #PKCS12 password", - x_backup_pwd); - - parser.addOption( - "-tks_subsystem_cert_subject_name %s #TKS subsystem cert subject name", - x_tks_subsystem_cert_subject_name); - parser.addOption( - "-tks_server_cert_subject_name %s #TKS server cert subject name", - x_tks_server_cert_subject_name); - - parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-tks.p12", - x_backup_fname); - - parser.addOption( - "-subsystem_name %s #CA subsystem name", - x_subsystem_name); - - parser.addOption( - "-tks_audit_signing_cert_subject_name %s #TKS audit signing cert subject name", - x_tks_audit_signing_cert_subject_name); - - // and then match the arguments - String[] unmatched = null; - unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED); - - if (unmatched != null) { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - parser.checkRequiredArgs(); - - // set variables - cs_hostname = x_cs_hostname.value; - cs_port = x_cs_port.value; - - sd_hostname = x_sd_hostname.value; - sd_ssl_port = x_sd_ssl_port.value; - sd_agent_port = x_sd_agent_port.value; - sd_admin_port = x_sd_admin_port.value; - sd_admin_name = x_sd_admin_name.value; - sd_admin_password = x_sd_admin_password.value; - - ca_hostname = x_ca_hostname.value; - ca_port = x_ca_port.value; - ca_ssl_port = x_ca_ssl_port.value; - - client_certdb_dir = x_client_certdb_dir.value; - client_certdb_pwd = x_client_certdb_pwd.value; - pin = x_preop_pin.value; - domain_name = x_domain_name.value; - - admin_user = x_admin_user.value; - admin_email = x_admin_email.value; - admin_password = x_admin_password.value; - agent_name = x_agent_name.value; - - ldap_host = x_ldap_host.value; - ldap_port = x_ldap_port.value; - bind_dn = x_bind_dn.value; - bind_password = x_bind_password.value; - base_dn = x_base_dn.value; - db_name = x_db_name.value; - secure_conn = set_default(x_secure_conn.value, "false"); - remove_data = set_default(x_remove_data.value, "false"); - - key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); - audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); - subsystem_key_type = set_default(x_subsystem_key_type.value, key_type); - sslserver_key_type = set_default(x_sslserver_key_type.value, key_type); - - key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE); - audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size); - subsystem_key_size = set_default(x_subsystem_key_size.value, key_size); - sslserver_key_size = set_default(x_sslserver_key_size.value, key_size); - - key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME); - audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename); - subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename); - sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename); - - token_name = x_token_name.value; - token_pwd = x_token_pwd.value; - - agent_key_size = x_agent_key_size.value; - agent_key_type = x_agent_key_type.value; - agent_cert_subject = x_agent_cert_subject.value; - - backup_pwd = x_backup_pwd.value; - backup_fname = set_default(x_backup_fname.value, "/root/tmp-tks.p12"); - - tks_subsystem_cert_subject_name = - x_tks_subsystem_cert_subject_name.value; - tks_server_cert_subject_name = - x_tks_server_cert_subject_name.value; - - subsystem_name = x_subsystem_name.value; - tks_audit_signing_cert_subject_name = x_tks_audit_signing_cert_subject_name.value; - - boolean st = ca.ConfigureTKSInstance(); - - if (!st) { - System.out.println("ERROR: unable to create TKS"); - System.exit(-1); - } - - System.out.println("Certificate System - TKS Instance Configured."); - System.exit(0); - - } - -}; diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureTPS.java b/base/silent/src/com/netscape/pkisilent/ConfigureTPS.java deleted file mode 100644 index f23b605fa..000000000 --- a/base/silent/src/com/netscape/pkisilent/ConfigureTPS.java +++ /dev/null @@ -1,1087 +0,0 @@ -package com.netscape.pkisilent; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.ByteArrayInputStream; -import java.net.URLEncoder; - -import com.netscape.cmsutil.util.Utils; -import com.netscape.pkisilent.argparser.ArgParser; -import com.netscape.pkisilent.argparser.StringHolder; -import com.netscape.pkisilent.common.ComCrypto; -import com.netscape.pkisilent.common.ParseXML; -import com.netscape.pkisilent.http.HTTPClient; -import com.netscape.pkisilent.http.HTTPResponse; - -public class ConfigureTPS { - // define global variables - - public static HTTPClient hc = null; - - public static String login_uri = "/tps/admin/console/config/login"; - public static String wizard_uri = "/tps/admin/console/config/wizard"; - public static String admin_uri = "/ca/admin/ca/getBySerial"; - - public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; - public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; - public static String sd_update_domain_uri = "/ca/agent/ca/updateDomainXML"; - public static String pkcs12_uri = "/tps/admin/console/config/savepkcs12"; - - public static String cs_hostname = null; - public static String cs_port = null; - public static String cs_clientauth_port = null; - - public static String sd_hostname = null; - public static String sd_ssl_port = null; - public static String sd_agent_port = null; - public static String sd_admin_port = null; - public static String sd_admin_name = null; - public static String sd_admin_password = null; - - public static String ca_hostname = null; - public static String ca_port = null; - public static String ca_ssl_port = null; - public static String ca_admin_port = null; - - public static String drm_hostname = null; - public static String drm_ssl_port = null; - - public static String tks_hostname = null; - public static String tks_ssl_port = null; - - public static String client_certdb_dir = null; - public static String client_certdb_pwd = null; - - // Login Panel - public static String pin = null; - - public static String domain_name = null; - - public static String admin_user = null; - public static String admin_email = null; - public static String admin_password = null; - public static String admin_serial_number = null; - public static String agent_name = null; - - public static String ldap_auth_host = null; - public static String ldap_auth_port = null; - public static String ldap_auth_base_dn = null; - - public static String ldap_host = null; - public static String ldap_port = null; - public static String bind_dn = null; - public static String bind_password = null; - public static String base_dn = null; - public static String db_name = null; - - public static String key_size = null; - public static String key_type = null; - public static String token_name = null; - public static String token_pwd = null; - - public static String agent_key_size = null; - public static String agent_key_type = null; - public static String agent_cert_subject = null; - - public static String tps_transport_cert_name = null; - public static String tps_transport_cert_req = null; - public static String tps_transport_cert_pp = null; - public static String tps_transport_cert_cert = null; - - public static String tps_storage_cert_name = null; - public static String tps_storage_cert_req = null; - public static String tps_storage_cert_pp = null; - public static String tps_storage_cert_cert = null; - - public static String server_cert_name = null; - public static String server_cert_req = null; - public static String server_cert_pp = null; - public static String server_cert_cert = null; - - public static String tps_subsystem_cert_name = null; - public static String tps_subsystem_cert_req = null; - public static String tps_subsystem_cert_pp = null; - public static String tps_subsystem_cert_cert = null; - - public static String tps_audit_signing_cert_name = null; - public static String tps_audit_signing_cert_req = null; - public static String tps_audit_signing_cert_pp = null; - public static String tps_audit_signing_cert_cert = null; - - public static String ss_keygen = null; - - // names - public static String tps_server_cert_subject_name = null; - public static String tps_server_cert_nickname = null; - public static String tps_subsystem_cert_subject_name = null; - public static String tps_subsystem_cert_nickname = null; - public static String tps_audit_signing_cert_subject_name = null; - public static String tps_audit_signing_cert_nickname = null; - public static String subsystem_name = null; - - // Security Domain Login Panel - public static String tps_session_id = null; - - // Admin Certificate Request Panel - public static String requestor_name = null; - - public ConfigureTPS() { - // do nothing :) - } - - public void sleep_time() { - try { - System.out.println("Sleeping for 5 secs.."); - Thread.sleep(5000); - } catch (Exception e) { - System.out.println("ERROR: sleep problem"); - } - - } - - public boolean LoginPanel() throws Exception { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "pin=" + pin + "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string); - System.out.println("xml returned: " + hr.getHTML()); - - // parse xml here - nothing to parse - - // no cookie for tps - // get cookie - String temp = hr.getCookieValue("pin"); - - if (temp != null) { - int index = temp.indexOf(";"); - HTTPClient.j_session_id = temp.substring(0, index); - st = true; - } - - hr = null; - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - "p=0&op=next&xml=true"); - - // parse xml here - - bais = new ByteArrayInputStream( - hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - st = true; - return st; - } - - public boolean DomainPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String domain_url = "https://" + sd_hostname + ":" + sd_admin_port; - - String query_string = "p=3" + - "&choice=existingdomain" + - "&sdomainURL=" + - URLEncoder.encode(domain_url, "UTF-8") + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - - } - - public boolean DisplayChainPanel() throws Exception { - String query_string = "p=4" + "&op=next" + "&xml=true"; - hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - return true; - - } - - public boolean SecurityDomainLoginPanel() throws Exception { - String tps_url = "https://" + cs_hostname + ":" + cs_port + - "/tps/admin/console/config/wizard" + - "?p=3&subsystem=TPS"; - - String query_string = "url=" + URLEncoder.encode(tps_url, "UTF-8") + ""; - - HTTPResponse hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string); - - String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") + - "&url=" + URLEncoder.encode(tps_url, "UTF-8") + - ""; - - hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri, - query_string_1); - - // get session id from security domain - sleep_time(); - - tps_session_id = hr.getContentValue("header.session_id"); - String tps_url_1 = hr.getContentValue("header.url"); - - System.out.println("TPS_SESSION_ID=" + tps_session_id); - System.out.println("TPS_URL=" + tps_url_1); - - // use session id to connect back to TPS - - String query_string_2 = "p=5" + - "&subsystem=TPS" + - "&session_id=" + tps_session_id + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, - query_string_2); - - // parse xml - no parsing - - return true; - - } - - public boolean SubsystemPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - sleep_time(); - String query_string = "p=5" + - "&choice=newsubsystem" + - "&subsystemName=" + - URLEncoder.encode(subsystem_name, "UTF-8") + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - sleep_time(); - - // CA choice panel - query_string = "p=6" + - "&urls=0" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - sleep_time(); - query_string = "p=7" + - "&urls=0" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - // DRM / server side keygen panel - - sleep_time(); - if (ss_keygen.equalsIgnoreCase("true")) { - ss_keygen = "keygen"; - } - - query_string = "p=8" + - "&choice=" + ss_keygen + - "&urls=0" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean LdapAuthConnectionPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=9" + - "&host=" + - URLEncoder.encode(ldap_auth_host, "UTF-8") + - "&port=" + - URLEncoder.encode(ldap_auth_port, "UTF-8") + - "&basedn=" + - URLEncoder.encode(ldap_auth_base_dn, "UTF-8") + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean LdapConnectionPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=10" + - "&host=" + - URLEncoder.encode(ldap_host, "UTF-8") + - "&port=" + - URLEncoder.encode(ldap_port, "UTF-8") + - "&binddn=" + - URLEncoder.encode(bind_dn, "UTF-8") + - "&__bindpwd=" + - URLEncoder.encode(bind_password, "UTF-8") + - "&basedn=" + - URLEncoder.encode(base_dn, "UTF-8") + - "&database=" + - URLEncoder.encode(db_name, "UTF-8") + - "&display=" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean TokenChoicePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - //////////////////////////////////////////////////////// - String query_string = null; - - // Software Token - if (token_name.equalsIgnoreCase("internal")) { - query_string = "p=1" + - "&choice=" + - URLEncoder.encode("NSS Certificate DB", "UTF-8") + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } - // HSM - else { - // login to hsm first - query_string = "p=2" + - "&uTokName=" + - URLEncoder.encode(token_name, "UTF-8") + - "&__uPasswd=" + - URLEncoder.encode(token_pwd, "UTF-8") + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - // choice with token name now - query_string = "p=1" + - "&choice=" + - URLEncoder.encode(token_name, "UTF-8") + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - } - - return true; - } - - public boolean KeyPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=11" + - "&keytype=" + key_type + - "&choice=default" + - "&custom_size=" + key_size + - "&sslserver_keytype=" + key_type + - "&sslserver_choice=custom" + - "&sslserver_custom_size=" + key_size + - "&subsystem_keytype=" + key_type + - "&subsystem_choice=custom" + - "&subsystem_custom_size=" + key_size + - "&audit_signing_keytype=" + key_type + - "&audit_signing_choice=default" + - "&audit_signing_custom_size=" + key_size + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean CertSubjectPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=12" + - "&sslserver=" + - URLEncoder.encode(tps_server_cert_subject_name, "UTF-8") + - "&sslserver_nick=" + - URLEncoder.encode(tps_server_cert_nickname, "UTF-8") + - "&subsystem=" + - URLEncoder.encode(tps_subsystem_cert_subject_name, "UTF-8") + - "&subsystem_nick=" + - URLEncoder.encode(tps_subsystem_cert_nickname, "UTF-8") + - "&audit_signing=" + - URLEncoder.encode(tps_audit_signing_cert_subject_name, "UTF-8") + - "&audit_signing_nick=" + - URLEncoder.encode(tps_audit_signing_cert_nickname, "UTF-8") + - "&urls=0" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - // parse the certs if needed - - return true; - } - - public boolean CertificatePanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=13" + - "&sslserver=" + - "&sslserver_cc=" + - "&subsystem=" + - "&subsystem_cc=" + - "&audit_signing=" + - "&audit_signing_cc=" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean AdminCertReqPanel() throws Exception { - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String admin_cert_request = null; - - requestor_name = "TPS-" + cs_hostname + "-" + cs_clientauth_port; - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - agent_cert_subject, - agent_key_size, - agent_key_type); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.setTransportCert(null); - cCrypt.setDualKey(false); - cCrypt.loginDB(); - - String crmf_request = cCrypt.generateCRMFrequest(); - - if (crmf_request == null) { - System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); - return false; - } - - admin_cert_request = crmf_request; - - String query_string = "p=14" + - "&uid=" + admin_user + - "&name=" + - URLEncoder.encode("TPS Administrator", "UTF-8") + - "&email=" + - URLEncoder.encode(admin_email, "UTF-8") + - "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") + - "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") + - "&cert_request=" + - URLEncoder.encode(admin_cert_request, "UTF-8") + - "&display=0" + - "&profileId=" + "caAdminCert" + - "&cert_request_type=" + "crmf" + - "&import=true" + - "&uid=" + admin_user + - "&clone=0" + - "&securitydomain=" + - URLEncoder.encode(domain_name, "UTF-8") + - "&subject=" + - URLEncoder.encode(agent_cert_subject, "UTF-8") + - "&requestor_name=" + - URLEncoder.encode(requestor_name, "UTF-8") + - "&sessionID=" + tps_session_id + - "&auth_hostname=" + ca_hostname + - "&auth_port=" + ca_ssl_port + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - admin_serial_number = px.getvalue("serialNumber"); - - return true; - } - - public boolean AdminCertImportPanel() throws Exception { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String cert_to_import = null; - - String query_string = "serialNumber=" + admin_serial_number + - "&importCert=" + "true" + - ""; - - // NOTE: CA, DRM, OCSP, and TKS use the Security Domain Admin Port; - // whereas RA and TPS use the CA Admin Port associated with - // the 'CA choice panel' as invoked from the SubsystemPanel() - // which MAY or MAY NOT be the same CA as the CA specified - // by the Security Domain. - hr = hc.sslConnect(ca_hostname, ca_admin_port, admin_uri, query_string); - - try { - // cert_to_import = - // new sun.misc.BASE64Encoder().encode(hr.getResponseData()); - cert_to_import = - Utils.base64encode(hr.getResponseData()); - - } catch (Exception e) { - System.out.println("ERROR: failed to retrieve cert"); - } - - System.out.println("Imported Cert=" + cert_to_import); - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - String start = "-----BEGIN CERTIFICATE-----\r\n"; - String end = "\r\n-----END CERTIFICATE-----"; - - st = cCrypt.importCert(start + cert_to_import + end, agent_name); - if (!st) { - System.out.println("ERROR: AdminCertImportPanel() during cert import"); - return false; - } - - System.out.println("SUCCESS: imported admin user cert"); - - String query_string_1 = "p=15" + - "&serialNumber=" + admin_serial_number + - "&caHost=" + - URLEncoder.encode(ca_hostname, "UTF-8") + - "&caPort=" + ca_admin_port + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_1); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean ConfigureTPSInstance() throws Exception { - // 0. login to cert db - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - // instantiate http client - hc = new HTTPClient(); - - sleep_time(); - // 1. Login panel - boolean log_st = LoginPanel(); - if (!log_st) { - System.out.println("ERROR: JSESSIONID not found."); - System.out.println("ERROR: ConfigureTPS: LoginPanel() failure"); - return false; - } - - sleep_time(); - // 2. Token Choice Panel - boolean disp_token = TokenChoicePanel(); - if (!disp_token) { - System.out.println("ERROR: ConfigureTPS: TokenChoicePanel() failure"); - return false; - } - - sleep_time(); - // 3. domain panel - boolean dom_st = DomainPanel(); - if (!dom_st) { - System.out.println("ERROR: ConfigureTPS: DomainPanel() failure"); - return false; - } - - sleep_time(); - // 4. display cert chain panel - boolean disp_st = DisplayChainPanel(); - if (!disp_st) { - System.out.println("ERROR: ConfigureTPS: DisplayChainPanel() failure"); - return false; - } - - sleep_time(); - // 5. security domain login panel - boolean disp_sd = SecurityDomainLoginPanel(); - if (!disp_sd) { - System.out.println("ERROR: ConfigureTPS: SecurityDomainLoginPanel() failure"); - return false; - } - - sleep_time(); - // 6. subsystem panel - boolean disp_ss = SubsystemPanel(); - if (!disp_ss) { - System.out.println("ERROR: ConfigureTPS: SubsystemPanel() failure"); - return false; - } - - sleep_time(); - // 7. ldap auth connection panel - boolean disp_ldap_auth = LdapAuthConnectionPanel(); - if (!disp_ldap_auth) { - System.out.println("ERROR: ConfigureTPS: LdapAuthConnectionPanel() failure"); - return false; - } - - sleep_time(); - // 8. ldap connection panel - boolean disp_ldap = LdapConnectionPanel(); - if (!disp_ldap) { - System.out.println("ERROR: ConfigureTPS: LdapConnectionPanel() failure"); - return false; - } - - sleep_time(); - // 11. Key Panel - boolean disp_key = KeyPanel(); - if (!disp_key) { - System.out.println("ERROR: ConfigureTPS: KeyPanel() failure"); - return false; - } - - sleep_time(); - // 12. Cert Subject Panel - boolean disp_csubj = CertSubjectPanel(); - if (!disp_csubj) { - System.out.println("ERROR: ConfigureTPS: CertSubjectPanel() failure"); - return false; - } - - sleep_time(); - // 13. Certificate Panel - boolean disp_cp = CertificatePanel(); - if (!disp_cp) { - System.out.println("ERROR: ConfigureTPS: CertificatePanel() failure"); - return false; - } - - sleep_time(); - // 14. Admin Cert Req Panel - boolean disp_adm = AdminCertReqPanel(); - if (!disp_adm) { - System.out.println("ERROR: ConfigureTPS: AdminCertReqPanel() failure"); - return false; - } - - sleep_time(); - // 15. Admin Cert import Panel - boolean disp_im = AdminCertImportPanel(); - if (!disp_im) { - System.out.println("ERROR: ConfigureTPS: AdminCertImportPanel() failure"); - return false; - } - - return true; - } - - public static void main(String args[]) throws Exception { - ConfigureTPS ca = new ConfigureTPS(); - - // set variables - StringHolder x_cs_hostname = new StringHolder(); - StringHolder x_cs_port = new StringHolder(); - StringHolder x_cs_clientauth_port = new StringHolder(); - - StringHolder x_sd_hostname = new StringHolder(); - StringHolder x_sd_ssl_port = new StringHolder(); - StringHolder x_sd_agent_port = new StringHolder(); - StringHolder x_sd_admin_port = new StringHolder(); - StringHolder x_sd_admin_name = new StringHolder(); - StringHolder x_sd_admin_password = new StringHolder(); - - StringHolder x_ca_hostname = new StringHolder(); - StringHolder x_ca_port = new StringHolder(); - StringHolder x_ca_ssl_port = new StringHolder(); - StringHolder x_ca_admin_port = new StringHolder(); - - StringHolder x_drm_hostname = new StringHolder(); - StringHolder x_drm_ssl_port = new StringHolder(); - - StringHolder x_tks_hostname = new StringHolder(); - StringHolder x_tks_ssl_port = new StringHolder(); - - StringHolder x_client_certdb_dir = new StringHolder(); - StringHolder x_client_certdb_pwd = new StringHolder(); - StringHolder x_preop_pin = new StringHolder(); - - StringHolder x_domain_name = new StringHolder(); - - StringHolder x_admin_user = new StringHolder(); - StringHolder x_admin_email = new StringHolder(); - StringHolder x_admin_password = new StringHolder(); - - // ldap - - StringHolder x_ldap_host = new StringHolder(); - StringHolder x_ldap_port = new StringHolder(); - StringHolder x_bind_dn = new StringHolder(); - StringHolder x_bind_password = new StringHolder(); - StringHolder x_base_dn = new StringHolder(); - StringHolder x_db_name = new StringHolder(); - - StringHolder x_ldap_auth_host = new StringHolder(); - StringHolder x_ldap_auth_port = new StringHolder(); - StringHolder x_ldap_auth_base_dn = new StringHolder(); - - // key size - StringHolder x_token_name = new StringHolder(); - StringHolder x_token_pwd = new StringHolder(); - StringHolder x_key_size = new StringHolder(); - StringHolder x_key_type = new StringHolder(); - - StringHolder x_agent_key_size = new StringHolder(); - StringHolder x_agent_key_type = new StringHolder(); - StringHolder x_agent_cert_subject = new StringHolder(); - - StringHolder x_agent_name = new StringHolder(); - - StringHolder x_ss_keygen = new StringHolder(); - - // tps cert subject name params - StringHolder x_tps_server_cert_subject_name = new StringHolder(); - StringHolder x_tps_server_cert_nickname = new StringHolder(); - StringHolder x_tps_subsystem_cert_subject_name = new StringHolder(); - StringHolder x_tps_subsystem_cert_nickname = new StringHolder(); - StringHolder x_tps_audit_signing_cert_subject_name = new StringHolder(); - StringHolder x_tps_audit_signing_cert_nickname = new StringHolder(); - - // subsystemName - StringHolder x_subsystem_name = new StringHolder(); - - // parse the args - ArgParser parser = new ArgParser("ConfigureTPS"); - - parser.addOption("-cs_hostname %s #CS Hostname", - x_cs_hostname); - parser.addOption("-cs_port %s #CS SSL port", - x_cs_port); - parser.addOption("-cs_clientauth_port %s #CS SSL port", - x_cs_clientauth_port); - - parser.addOption("-sd_hostname %s #Security Domain Hostname", - x_sd_hostname); - parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port", - x_sd_ssl_port); - parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port", - x_sd_agent_port); - parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port", - x_sd_admin_port); - parser.addOption("-sd_admin_name %s #Security Domain username", - x_sd_admin_name); - parser.addOption("-sd_admin_password %s #Security Domain password", - x_sd_admin_password); - - parser.addOption("-ca_hostname %s #CA Hostname", - x_ca_hostname); - parser.addOption("-ca_port %s #CA non-SSL port", - x_ca_port); - parser.addOption("-ca_ssl_port %s #CA SSL port", - x_ca_ssl_port); - parser.addOption("-ca_admin_port %s #CA SSL Admin port", - x_ca_admin_port); - - parser.addOption("-drm_hostname %s #DRM Hostname", - x_drm_hostname); - parser.addOption("-drm_ssl_port %s #DRM SSL port", - x_drm_ssl_port); - parser.addOption("-ss_keygen %s #Enable Server Side Keygen [true,false]", - x_ss_keygen); - - parser.addOption("-tks_hostname %s #TKS Hostname", - x_tks_hostname); - parser.addOption("-tks_ssl_port %s #TKS SSL port", - x_tks_ssl_port); - - parser.addOption("-client_certdb_dir %s #Client CertDB dir", - x_client_certdb_dir); - parser.addOption("-client_certdb_pwd %s #client certdb password", - x_client_certdb_pwd); - parser.addOption("-preop_pin %s #pre op pin", - x_preop_pin); - parser.addOption("-domain_name %s #domain name", - x_domain_name); - parser.addOption("-admin_user %s #Admin User Name", - x_admin_user); - parser.addOption("-admin_email %s #Admin email", - x_admin_email); - parser.addOption("-admin_password %s #Admin password", - x_admin_password); - parser.addOption("-agent_name %s #Agent Cert Nickname", - x_agent_name); - - parser.addOption("-ldap_host %s #ldap host", - x_ldap_host); - parser.addOption("-ldap_port %s #ldap port", - x_ldap_port); - parser.addOption("-bind_dn %s #ldap bind dn", - x_bind_dn); - parser.addOption("-bind_password %s #ldap bind password", - x_bind_password); - parser.addOption("-base_dn %s #base dn", - x_base_dn); - parser.addOption("-db_name %s #db name", - x_db_name); - - parser.addOption("-token_name %s #HSM/Software Token name", - x_token_name); - parser.addOption("-token_pwd %s #HSM/Software Token password (optional, required for HSM)", - x_token_pwd); - parser.addOption("-key_size %s #Key Size", - x_key_size); - parser.addOption("-key_type %s #Key type [rsa,ecc]", - x_key_type); - - parser.addOption("-agent_key_size %s #Agent Cert Key Size", - x_agent_key_size); - parser.addOption("-agent_key_type %s #Agent cert Key type [rsa]", - x_agent_key_type); - parser.addOption("-agent_cert_subject %s #Agent cert Subject", - x_agent_cert_subject); - - parser.addOption("-ldap_auth_host %s #ldap auth host", - x_ldap_auth_host); - parser.addOption("-ldap_auth_port %s #ldap auth port", - x_ldap_auth_port); - parser.addOption("-ldap_auth_base_dn %s #ldap auth base dn", - x_ldap_auth_base_dn); - - parser.addOption( - "-tps_server_cert_subject_name %s #TPS server cert subject name", - x_tps_server_cert_subject_name); - parser.addOption( - "-tps_server_cert_nickname %s #TPS server cert nickname", - x_tps_server_cert_nickname); - parser.addOption( - "-tps_subsystem_cert_subject_name %s #TPS subsystem cert subject name", - x_tps_subsystem_cert_subject_name); - parser.addOption( - "-tps_subsystem_cert_nickname %s #TPS subsystem cert nickname", - x_tps_subsystem_cert_nickname); - parser.addOption( - "-tps_audit_signing_cert_subject_name %s #TPS audit signing cert subject name", - x_tps_audit_signing_cert_subject_name); - parser.addOption( - "-tps_audit_signing_cert_nickname %s #TPS audit signing cert nickname", - x_tps_audit_signing_cert_nickname); - - parser.addOption( - "-subsystem_name %s #CA subsystem name", - x_subsystem_name); - - // and then match the arguments - String[] unmatched = null; - unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED); - - if (unmatched != null) { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - parser.checkRequiredArgs(); - - // set variables - cs_hostname = x_cs_hostname.value; - cs_port = x_cs_port.value; - cs_clientauth_port = x_cs_clientauth_port.value; - - sd_hostname = x_sd_hostname.value; - sd_ssl_port = x_sd_ssl_port.value; - sd_agent_port = x_sd_agent_port.value; - sd_admin_port = x_sd_admin_port.value; - sd_admin_name = x_sd_admin_name.value; - sd_admin_password = x_sd_admin_password.value; - - ca_hostname = x_ca_hostname.value; - ca_port = x_ca_port.value; - ca_ssl_port = x_ca_ssl_port.value; - ca_admin_port = x_ca_admin_port.value; - - tks_hostname = x_tks_hostname.value; - tks_ssl_port = x_tks_ssl_port.value; - - drm_hostname = x_drm_hostname.value; - drm_ssl_port = x_drm_ssl_port.value; - - client_certdb_dir = x_client_certdb_dir.value; - client_certdb_pwd = x_client_certdb_pwd.value; - pin = x_preop_pin.value; - domain_name = x_domain_name.value; - - admin_user = x_admin_user.value; - admin_email = x_admin_email.value; - admin_password = x_admin_password.value; - agent_name = x_agent_name.value; - - ldap_host = x_ldap_host.value; - ldap_port = x_ldap_port.value; - bind_dn = x_bind_dn.value; - bind_password = x_bind_password.value; - base_dn = x_base_dn.value; - db_name = x_db_name.value; - - ldap_auth_host = x_ldap_auth_host.value; - ldap_auth_port = x_ldap_auth_port.value; - ldap_auth_base_dn = x_ldap_auth_base_dn.value; - - key_size = x_key_size.value; - key_type = x_key_type.value; - token_name = x_token_name.value; - token_pwd = x_token_pwd.value; - - agent_key_size = x_agent_key_size.value; - agent_key_type = x_agent_key_type.value; - agent_cert_subject = x_agent_cert_subject.value; - - ss_keygen = x_ss_keygen.value; - - tps_server_cert_subject_name = - x_tps_server_cert_subject_name.value; - tps_server_cert_nickname = - x_tps_server_cert_nickname.value; - tps_subsystem_cert_subject_name = - x_tps_subsystem_cert_subject_name.value; - tps_subsystem_cert_nickname = - x_tps_subsystem_cert_nickname.value; - tps_audit_signing_cert_subject_name = - x_tps_audit_signing_cert_subject_name.value; - tps_audit_signing_cert_nickname = - x_tps_audit_signing_cert_nickname.value; - - subsystem_name = x_subsystem_name.value; - - boolean st = ca.ConfigureTPSInstance(); - - if (!st) { - System.out.println("ERROR: unable to create TPS"); - System.exit(-1); - } - - System.out.println("Certificate System - TPS Instance Configured"); - System.exit(0); - - } - -}; diff --git a/base/silent/src/com/netscape/pkisilent/PKISilent.java b/base/silent/src/com/netscape/pkisilent/PKISilent.java deleted file mode 100644 index f90832481..000000000 --- a/base/silent/src/com/netscape/pkisilent/PKISilent.java +++ /dev/null @@ -1,59 +0,0 @@ -package com.netscape.pkisilent; - -import java.lang.reflect.Method; -import java.util.Arrays; -import java.util.HashMap; - -public class PKISilent { - private static void usage() { - System.out.print("usage: java " + PKISilent.class.getCanonicalName()); - boolean first = true; - for (Class<?> c : classes) { - if (first) { - System.out.println(" [ "); - } else { - System.out.println(" | "); - } - first = false; - System.out.print(" " + c.getSimpleName()); - } - System.out.println(" ] "); - } - - static Class<?>[] classes = { ConfigureCA.class, ConfigureDRM.class, - ConfigureOCSP.class, ConfigureRA.class, ConfigureSubCA.class, - ConfigureTKS.class, ConfigureTPS.class, }; - - public static final void main(String[] args) { - HashMap<String, Method> classMap = new HashMap<String, Method>(); - for (Class<?> c : classes) { - try { - classMap.put(c.getSimpleName(), - c.getMethod("main", String[].class)); - } catch (Exception e) { - // The set of classes listed above is guaranteed to have a - // method 'main' - e.printStackTrace(); - } - } - if (args.length == 0) { - usage(); - System.exit(-1); - } - Method mainMethod = classMap.get(args[0]); - if (mainMethod == null) { - usage(); - System.exit(-1); - } - String[] innerArgs = {}; - if (args.length > 1) { - innerArgs = Arrays.copyOfRange(args, 1, args.length); - } - - try { - mainMethod.invoke(null, (Object) innerArgs); - } catch (Exception e) { - // exception is guaranteed to have the static main method - } - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/ArgParseException.java b/base/silent/src/com/netscape/pkisilent/argparser/ArgParseException.java deleted file mode 100644 index 710f57db1..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/ArgParseException.java +++ /dev/null @@ -1,54 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -import java.io.IOException; - -/** - * Exception class used by <code>ArgParser</code> when - * command line arguments contain an error. - * - * @author John E. Lloyd, Fall 2004 - * @see ArgParser - */ -public class ArgParseException extends IOException { - /** - * - */ - private static final long serialVersionUID = -604960834535589460L; - - /** - * Creates a new ArgParseException with the given message. - * - * @param msg Exception message - */ - public ArgParseException(String msg) { - super(msg); - } - - /** - * Creates a new ArgParseException from the given - * argument and message. - * - * @param arg Offending argument - * @param msg Error message - */ - public ArgParseException(String arg, String msg) { - super(arg + ": " + msg); - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java b/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java deleted file mode 100755 index f4ea79c2b..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java +++ /dev/null @@ -1,2087 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Copyright John E. Lloyd, 2004. All rights reserved. Permission to use, - * copy, modify and redistribute is granted, provided that this copyright - * notice is retained and the author is given credit whenever appropriate. - * - * This software is distributed "as is", without any warranty, including - * any implied warranty of merchantability or fitness for a particular - * use. The author assumes no responsibility for, and shall not be liable - * for, any special, indirect, or consequential damages, or any damages - * whatsoever, arising out of or in connection with the use of this - * software. - */ - -import java.io.File; -import java.io.FileReader; -import java.io.IOException; -import java.io.LineNumberReader; -import java.io.PrintStream; -import java.io.Reader; -import java.lang.reflect.Array; -import java.util.Vector; - -/** - * ArgParser is used to parse the command line arguments for a java - * application program. It provides a compact way to specify options and match - * them against command line arguments, with support for - * <a href=#rangespec>range checking</a>, - * <a href=#multipleOptionNames>multiple option names</a> (aliases), - * <a href=#singleWordOptions>single word options</a>, - * <a href=#multipleOptionValues>multiple values associated with an option</a>, - * <a href=#multipleOptionInvocation>multiple option invocation</a>, - * <a href=#helpInfo>generating help information</a>, - * <a href=#customArgParsing>custom argument parsing</a>, and - * <a href=#argsFromAFile>reading arguments from a file</a>. The - * last feature is particularly useful and makes it - * easy to create ad-hoc configuration files for an application. - * - * <h3><a name="example">Basic Example</a></h3> - * - * <p> - * Here is a simple example in which an application has three command line options: <code>-theta</code> (followed by a - * floating point value), <code>-file</code> (followed by a string value), and <code>-debug</code>, which causes a - * boolean value to be set. - * - * <pre> - * - * static public void main(String[] args) { - * // create holder objects for storing results ... - * - * DoubleHolder theta = new DoubleHolder(); - * StringHolder fileName = new StringHolder(); - * BooleanHolder debug = new BooleanHolder(); - * - * // create the parser and specify the allowed options ... - * - * ArgParser parser = new ArgParser("java argparser.SimpleExample"); - * parser.addOption("-theta %f #theta value (in degrees)", theta); - * parser.addOption("-file %s #name of the operating file", fileName); - * parser.addOption("-debug %v #enables display of debugging info", debug); - * - * // match the arguments ... - * - * parser.matchAllArgs(args); - * - * // and print out the values - * - * System.out.println("theta=" + theta.value); - * System.out.println("fileName=" + fileName.value); - * System.out.println("debug=" + debug.value); - * } - * </pre> - * <p> - * A command line specifying all three options might look like this: - * - * <pre> - * java argparser.SimpleExample -theta 7.8 -debug -file /ai/lloyd/bar - * </pre> - * - * <p> - * The application creates an instance of ArgParser and then adds descriptions of the allowed options using - * {@link #addOption addOption}. The method {@link #matchAllArgs(String[]) matchAllArgs} is then used to match these - * options against the command line arguments. Values associated with each option are returned in the <code>value</code> - * field of special ``holder'' classes (e.g., {@link argparser.DoubleHolder DoubleHolder}, - * {@link argparser.StringHolder StringHolder}, etc.). - * - * <p> - * The first argument to {@link #addOption addOption} is a string that specifies (1) the option's name, (2) a conversion - * code for its associated value (e.g., <code>%f</code> for floating point, <code>%s</code> for a string, - * <code>%v</code> for a boolean flag), and (3) an optional description (following the <code>#</code> character) which - * is used for generating help messages. The second argument is the holder object through which the value is returned. - * This may be either a type-specific object (such as {@link argparser.DoubleHolder DoubleHolder} or - * {@link argparser.StringHolder - * StringHolder}), an array of the appropriate type, or <a href=#multipleOptionInvocation> an instance of - * <code>java.util.Vector</code></a>. - * - * <p> - * By default, arguments that don't match the specified options, are <a href=#rangespec>out of range</a>, or are - * otherwise formatted incorrectly, will cause <code>matchAllArgs</code> to print a message and exit the program. - * Alternatively, an application can use {@link #matchAllArgs(String[],int,int) matchAllArgs(args,idx,exitFlags)} to - * obtain an array of unmatched arguments which can then be <a href=#customArgParsing>processed separately</a> - * - * <h3><a name="rangespec">Range Specification</a></h3> - * - * The values associated with options can also be given range specifications. A range specification appears in curly - * braces immediately following the conversion code. In the code fragment below, we show how to specify an option - * <code>-name</code> that expects to be provided with one of three string values (<code>john</code>, <code>mary</code>, - * or <code>jane</code>), an option <code>-index</code> that expects to be supplied with a integer value in the range 1 - * to 256, an option <code>-size</code> that expects to be supplied with integer values of either 1, 2, 4, 8, or 16, and - * an option <code>-foo</code> that expects to be supplied with floating point values in the ranges -99 < foo <= -50, or - * 50 <= foo < 99. - * - * <pre> - * StringHolder name = new StringHolder(); - * IntHolder index = new IntHolder(); - * IntHolder size = new IntHolder(); - * DoubleHolder foo = new DoubleHolder(); - * - * parser.addOption("-name %s {john,mary,jane}", name); - * parser.addOption("-index %d {[1,256]}", index); - * parser.addOption("-size %d {1,2,4,8,16}", size); - * parser.addOption("-foo %f {(-99,-50],[50,99)}", foo); - * </pre> - * - * If an argument value does not lie within a specified range, an error is generated. - * - * <h3><a name="multipleOptionNames">Multiple Option Names</a></h3> - * - * An option may be given several names, or aliases, in the form of a comma seperated list: - * - * <pre> - * parser.addOption("-v,--verbose %v #print lots of info"); - * parser.addOption("-of,-outfile,-outputFile %s #output file"); - * </pre> - * - * <h3><a name="singleWordOptions">Single Word Options</a></h3> - * - * Normally, options are assumed to be "multi-word", meaning that any associated value must follow the option as a - * separate argument string. For example, - * - * <pre> - * parser.addOption("-file %s #file name"); - * </pre> - * - * will cause the parser to look for two strings in the argument list of the form - * - * <pre> - * -file someFileName - * </pre> - * - * However, if there is no white space separting the option's name from it's conversion code, then values associated - * with that option will be assumed to be part of the same argument string as the option itself. For example, - * - * <pre> - * parser.addOption("-file=%s #file name"); - * </pre> - * - * will cause the parser to look for a single string in the argument list of the form - * - * <pre> - * -file=someFileName - * </pre> - * - * Such an option is called a "single word" option. - * - * <p> - * In cases where an option has multiple names, then this single word behavior is invoked if there is no white space - * between the last indicated name and the conversion code. However, previous names in the list will still be given - * multi-word behavior if there is white space between the name and the following comma. For example, - * - * <pre> - * parser.addOption("-nb=,-number ,-n%d #number of blocks"); - * </pre> - * - * will cause the parser to look for one, two, and one word constructions of the forms - * - * <pre> - * -nb=N - * -number N - * -nN - * </pre> - * - * <h3><a name="multipleOptionValues">Multiple Option Values</a></h3> - * - * If may be useful for an option to be followed by several values. For instance, we might have an option - * <code>-velocity</code> which should be followed by three numbers denoting the x, y, and z components of a velocity - * vector. We can require multiple values for an option by placing a <i>multiplier</i> specification, of the form - * <code>X</code>N, where N is an integer, after the conversion code (or range specification, if present). For example, - * - * <pre> - * double[] pos = new double[3]; - * - * addOption("-position %fX3 #position of the object", pos); - * </pre> - * - * will cause the parser to look for - * - * <pre> - * -position xx yy zz - * </pre> - * - * in the argument list, where <code>xx</code>, <code>yy</code>, and <code>zz</code> are numbers. The values are stored - * in the array <code>pos</code>. - * - * Options requiring multiple values must use arrays to return their values, and cannot be used in single word format. - * - * <h3><a name="multipleOptionInvocation">Multiple Option Invocation</a></h3> - * - * Normally, if an option appears twice in the command list, the value associated with the second instance simply - * overwrites the value associated with the first instance. - * - * However, the application can instead arrange for the storage of <i>all</i> values associated with multiple option - * invocation, by supplying a instance of <code>java.util.Vector</code> to serve as the value holder. Then every time - * the option appears in the argument list, the parser will create a value holder of appropriate type, set it to the - * current value, and store the holder in the vector. For example, the construction - * - * <pre> - * Vector vec = new Vector(10); - * - * parser.addOption("-foo %f", vec); - * parser.matchAllArgs(args); - * </pre> - * - * when supplied with an argument list that contains - * - * <pre> - * -foo 1.2 -foo 1000 -foo -78 - * </pre> - * - * will create three instances of {@link argparser.DoubleHolder DoubleHolder}, initialized to <code>1.2</code>, - * <code>1000</code>, and <code>-78</code>, and store them in <code>vec</code>. - * - * <h3><a name="helpInfo">Generating help information</a></h3> - * - * ArgParser automatically generates help information for the options, and this information may be printed in response - * to a <i>help</i> option, or may be queried by the application using {@link #getHelpMessage getHelpMessage}. The - * information for each option consists of the option's name(s), it's required value(s), and an application-supplied - * description. Value information is generated automaticlly from the conversion code, range, and multiplier - * specifications (although this can be overriden, as <a href=#valueInfo>described below</a>). The application-supplied - * description is whatever appears in the specification string after the optional <code>#</code> character. The string - * returned by {@link #getHelpMessage getHelpMessage} for the <a href=#example>first example above</a> would be - * - * <pre> - * Usage: java argparser.SimpleExample - * Options include: - * - * -help,-? displays help information - * -theta <float> theta value (in degrees) - * -file <string> name of the operating file - * -debug enables display of debugging info - * </pre> - * - * The options <code>-help</code> and <code>-?</code> are including in the parser by default as help options, and they - * automatically cause the help message to be printed. To exclude these options, one should use the constructor - * {@link #ArgParser(String,boolean) - * ArgParser(synopsis,false)}. Help options can also be specified by the application using {@link #addOption addOption} - * and the conversion code <code>%h</code>. Help options can be disabled using {@link #setHelpOptionsEnabled - * setHelpOptionsEnabled(false)}. - * - * <p> - * <a name=valueInfo> A description of the required values for an option can be specified explicitly by placing a second - * <code>#</code> character in the specification string. Everything between the first and second <code>#</code> - * characters then becomes the value description, and everything after the second <code>#</code> character becomes the - * option description. For example, if the <code>-theta</code> option above was specified with - * - * <pre> - * parser.addOption("-theta %f #NUMBER#theta value (in degrees)", theta); - * </pre> - * - * instead of - * - * <pre> - * parser.addOption("-theta %f #theta value (in degrees)", theta); - * </pre> - * - * then the corresponding entry in the help message would look like - * - * <pre> - * -theta NUMBER theta value (in degrees) - * </pre> - * - * <h3><a name="customArgParsing">Custom Argument Parsing</a></h3> - * - * An application may find it necessary to handle arguments that don't fit into the framework of this class. There are a - * couple of ways to do this. - * - * <p> - * First, the method {@link #matchAllArgs(String[],int,int) - * matchAllArgs(args,idx,exitFlags)} returns an array of all unmatched arguments, which can then be handled specially: - * - * <pre> - * String[] unmatched = - * parser.matchAllArgs (args, 0, parser.EXIT_ON_ERROR); - * for (int i = 0; i < unmatched.length; i++) - * { ... handle unmatched arguments ... - * } - * </pre> - * - * For instance, this would be useful for an applicatoon that accepts an arbitrary number of input file names. The - * options can be parsed using <code>matchAllArgs</code>, and the remaining unmatched arguments give the file names. - * - * <p> - * If we need more control over the parsing, we can parse arguments one at a time using {@link #matchArg matchArg}: - * - * <pre> - * int idx = 0; - * while (idx < args.length) - * { try - * { idx = parser.matchArg (args, idx); - * if (parser.getUnmatchedArgument() != null) - * { - * ... handle this unmatched argument ourselves ... - * } - * } - * catch (ArgParserException e) - * { // malformed or erroneous argument - * parser.printErrorAndExit (e.getMessage()); - * } - * } - * </pre> - * - * {@link #matchArg matchArg(args,idx)} matches one option at location <code>idx</code> in the argument list, and then - * returns the location value that should be used for the next match. If an argument does not match any option, - * {@link #getUnmatchedArgument getUnmatchedArgument} will return a copy of the unmatched argument. - * - * <h3><a name="argsFromAFile">Reading Arguments From a File</a></h3> - * - * The method {@link #prependArgs prependArgs} can be used to automatically read in a set of arguments from a file and - * prepend them onto an existing argument list. Argument words correspond to white-space-delimited strings, and the file - * may contain the comment character <code>#</code> (which comments out everything to the end of the current line). A - * typical usage looks like this: - * - * <pre> - * ... create parser and add options ... - * - * args = parser.prependArgs (new File(".configFile"), args); - * - * parser.matchAllArgs (args); - * </pre> - * - * This makes it easy to generate simple configuration files for an application. - * - * @author John E. Lloyd, Fall 2004 - */ -public class ArgParser { - Vector<Record> matchList; - // int tabSpacing = 8; - String synopsisString; - boolean helpOptionsEnabled = true; - Record defaultHelpOption = null; - Record firstHelpOption = null; - PrintStream printStream = System.out; - int helpIndent = 24; - String errMsg = null; - String unmatchedArg = null; - - static String validConversionCodes = "iodxcbfsvh"; - - /** - * Indicates that the program should exit with an appropriate message - * in the event of an erroneous or malformed argument. - */ - public static int EXIT_ON_ERROR = 1; - - /** - * Indicates that the program should exit with an appropriate message - * in the event of an unmatched argument. - */ - public static int EXIT_ON_UNMATCHED = 2; - - /** - * Returns a string containing the valid conversion codes. These - * are the characters which may follow the <code>%</code> character in - * the specification string of {@link #addOption addOption}. - * - * @return Valid conversion codes - * @see #addOption - */ - public static String getValidConversionCodes() { - return validConversionCodes; - } - - static class NameDesc { - String name; - // oneWord implies that any value associated with - // option is concatenated onto the argument string itself - boolean oneWord; - NameDesc next = null; - } - - static class RangePnt { - double dval = 0; - long lval = 0; - String sval = null; - boolean bval = true; - boolean closed = true; - - RangePnt(String s, boolean closed) { - sval = s; - this.closed = closed; - } - - RangePnt(double d, boolean closed) { - dval = d; - this.closed = closed; - } - - RangePnt(long l, boolean closed) { - lval = l; - this.closed = closed; - } - - RangePnt(boolean b, boolean closed) { - bval = b; - this.closed = closed; - } - - RangePnt(StringScanner scanner, int type) - throws IllegalArgumentException { - String typeName = null; - try { - switch (type) { - case Record.CHAR: { - typeName = "character"; - lval = scanner.scanChar(); - break; - } - case Record.INT: - case Record.LONG: { - typeName = "integer"; - lval = scanner.scanInt(); - break; - } - case Record.FLOAT: - case Record.DOUBLE: { - typeName = "float"; - dval = scanner.scanDouble(); - break; - } - case Record.STRING: { - typeName = "string"; - sval = scanner.scanString(); - break; - } - case Record.BOOLEAN: { - typeName = "boolean"; - bval = scanner.scanBoolean(); - break; - } - } - } catch (StringScanException e) { - throw new IllegalArgumentException( - "Malformed " + typeName + " '" + - scanner.substring(scanner.getIndex(), - e.getFailIndex() + 1) + - "' in range spec"); - } - // this.closed = closed; - } - - void setClosed(boolean closed) { - this.closed = closed; - } - - boolean getClosed() { - return closed; - } - - int compareTo(double d) { - if (dval < d) { - return -1; - } else if (d == dval) { - return 0; - } else { - return 1; - } - } - - int compareTo(long l) { - if (lval < l) { - return -1; - } else if (l == lval) { - return 0; - } else { - return 1; - } - } - - int compareTo(String s) { - return sval.compareTo(s); - } - - int compareTo(boolean b) { - if (b == bval) { - return 0; - } else { - return 1; - } - } - - public String toString() { - return "{ dval=" + dval + ", lval=" + lval + - ", sval=" + sval + ", bval=" + bval + - ", closed=" + closed + "}"; - } - } - - class RangeAtom { - RangePnt low = null; - RangePnt high = null; - RangeAtom next = null; - - RangeAtom(RangePnt p0, RangePnt p1, int type) - throws IllegalArgumentException { - int cmp = 0; - switch (type) { - case Record.CHAR: - case Record.INT: - case Record.LONG: { - cmp = p0.compareTo(p1.lval); - break; - } - case Record.FLOAT: - case Record.DOUBLE: { - cmp = p0.compareTo(p1.dval); - break; - } - case Record.STRING: { - cmp = p0.compareTo(p1.sval); - break; - } - } - if (cmp > 0) { // then switch high and low - low = p1; - high = p0; - } else { - low = p0; - high = p1; - } - } - - RangeAtom(RangePnt p0) - throws IllegalArgumentException { - low = p0; - } - - boolean match(double d) { - int lc = low.compareTo(d); - if (high != null) { - int hc = high.compareTo(d); - return (lc * hc < 0 || - (low.closed && lc == 0) || (high.closed && hc == 0)); - } else { - return lc == 0; - } - } - - boolean match(long l) { - int lc = low.compareTo(l); - if (high != null) { - int hc = high.compareTo(l); - return (lc * hc < 0 || - (low.closed && lc == 0) || (high.closed && hc == 0)); - } else { - return lc == 0; - } - } - - boolean match(String s) { - int lc = low.compareTo(s); - if (high != null) { - int hc = high.compareTo(s); - return (lc * hc < 0 || - (low.closed && lc == 0) || (high.closed && hc == 0)); - } else { - return lc == 0; - } - } - - boolean match(boolean b) { - return low.compareTo(b) == 0; - } - - public String toString() { - return "low=" + (low == null ? "null" : low.toString()) + - ", high=" + (high == null ? "null" : high.toString()); - } - } - - class Record { - NameDesc nameList; - static final int NOTYPE = 0; - static final int BOOLEAN = 1; - static final int CHAR = 2; - static final int INT = 3; - static final int LONG = 4; - static final int FLOAT = 5; - static final int DOUBLE = 6; - static final int STRING = 7; - int type; - int numValues; - boolean vectorResult = false; - boolean required = true; - - String helpMsg = null; - String valueDesc = null; - String rangeDesc = null; - Object resHolder = null; - RangeAtom rangeList = null; - RangeAtom rangeTail = null; - char convertCode; - boolean vval = true; // default value for now - - NameDesc firstNameDesc() { - return nameList; - } - - RangeAtom firstRangeAtom() { - return rangeList; - } - - int numRangeAtoms() { - int cnt = 0; - for (RangeAtom ra = rangeList; ra != null; ra = ra.next) { - cnt++; - } - return cnt; - } - - void addRangeAtom(RangeAtom ra) { - if (rangeList == null) { - rangeList = ra; - } else { - rangeTail.next = ra; - } - rangeTail = ra; - } - - boolean withinRange(double d) { - if (rangeList == null) { - return true; - } - for (RangeAtom ra = rangeList; ra != null; ra = ra.next) { - if (ra.match(d)) { - return true; - } - } - return false; - } - - boolean withinRange(long l) { - if (rangeList == null) { - return true; - } - for (RangeAtom ra = rangeList; ra != null; ra = ra.next) { - if (ra.match(l)) { - return true; - } - } - return false; - } - - boolean withinRange(String s) { - if (rangeList == null) { - return true; - } - for (RangeAtom ra = rangeList; ra != null; ra = ra.next) { - if (ra.match(s)) { - return true; - } - } - return false; - } - - boolean withinRange(boolean b) { - if (rangeList == null) { - return true; - } - for (RangeAtom ra = rangeList; ra != null; ra = ra.next) { - if (ra.match(b)) { - return true; - } - } - return false; - } - - String valTypeName() { - switch (convertCode) { - case 'i': { - return ("integer"); - } - case 'o': { - return ("octal integer"); - } - case 'd': { - return ("decimal integer"); - } - case 'x': { - return ("hex integer"); - } - case 'c': { - return ("char"); - } - case 'b': { - return ("boolean"); - } - case 'f': { - return ("float"); - } - case 's': { - return ("string"); - } - } - return ("unknown"); - } - - void scanValue(Object result, String name, String s, int resultIdx) - throws ArgParseException { - double dval = 0; - String sval = null; - long lval = 0; - boolean bval = false; - - if (s.length() == 0) { - throw new ArgParseException(name, "requires a contiguous value"); - } - StringScanner scanner = new StringScanner(s); - try { - switch (convertCode) { - case 'i': { - lval = scanner.scanInt(); - break; - } - case 'o': { - lval = scanner.scanInt(8, false); - break; - } - case 'd': { - lval = scanner.scanInt(10, false); - break; - } - case 'x': { - lval = scanner.scanInt(16, false); - break; - } - case 'c': { - lval = scanner.scanChar(); - break; - } - case 'b': { - bval = scanner.scanBoolean(); - break; - } - case 'f': { - dval = scanner.scanDouble(); - break; - } - case 's': { - sval = scanner.getString(); - break; - } - } - } catch (StringScanException e) { - throw new ArgParseException( - name, "malformed " + valTypeName() + " '" + s + "'"); - } - scanner.skipWhiteSpace(); - if (!scanner.atEnd()) { - throw new ArgParseException( - name, "malformed " + valTypeName() + " '" + s + "'"); - } - boolean outOfRange = false; - switch (type) { - case CHAR: - case INT: - case LONG: { - outOfRange = !withinRange(lval); - break; - } - case FLOAT: - case DOUBLE: { - outOfRange = !withinRange(dval); - break; - } - case STRING: { - outOfRange = !withinRange(sval); - break; - } - case BOOLEAN: { - outOfRange = !withinRange(bval); - break; - } - } - if (outOfRange) { - throw new ArgParseException( - name, "value '" + s + "' not in range " + rangeDesc); - } - if (result.getClass().isArray()) { - switch (type) { - case BOOLEAN: { - ((boolean[]) result)[resultIdx] = bval; - break; - } - case CHAR: { - ((char[]) result)[resultIdx] = (char) lval; - break; - } - case INT: { - ((int[]) result)[resultIdx] = (int) lval; - break; - } - case LONG: { - ((long[]) result)[resultIdx] = lval; - break; - } - case FLOAT: { - ((float[]) result)[resultIdx] = (float) dval; - break; - } - case DOUBLE: { - ((double[]) result)[resultIdx] = dval; - break; - } - case STRING: { - ((String[]) result)[resultIdx] = sval; - break; - } - } - } else { - switch (type) { - case BOOLEAN: { - ((BooleanHolder) result).value = bval; - break; - } - case CHAR: { - ((CharHolder) result).value = (char) lval; - break; - } - case INT: { - ((IntHolder) result).value = (int) lval; - break; - } - case LONG: { - ((LongHolder) result).value = lval; - break; - } - case FLOAT: { - ((FloatHolder) result).value = (float) dval; - break; - } - case DOUBLE: { - ((DoubleHolder) result).value = dval; - break; - } - case STRING: { - ((StringHolder) result).value = sval; - break; - } - } - } - } - } - - private String firstHelpOptionName() { - if (firstHelpOption != null) { - return firstHelpOption.nameList.name; - } else { - return null; - } - } - - /** - * Creates an <code>ArgParser</code> with a synopsis - * string, and the default help options <code>-help</code> and <code>-?</code>. - * - * @param synopsisString string that briefly describes program usage, - * for use by {@link #getHelpMessage getHelpMessage}. - * @see ArgParser#getSynopsisString - * @see ArgParser#getHelpMessage - */ - public ArgParser(String synopsisString) { - this(synopsisString, true); - } - - /** - * Creates an <code>ArgParser</code> with a synopsis - * string. The help options <code>-help</code> and <code>-?</code> are added if <code>defaultHelp</code> is true. - * - * @param synopsisString string that briefly describes program usage, - * for use by {@link #getHelpMessage getHelpMessage}. - * @param defaultHelp if true, adds the default help options - * @see ArgParser#getSynopsisString - * @see ArgParser#getHelpMessage - */ - public ArgParser(String synopsisString, boolean defaultHelp) { - matchList = new Vector<Record>(128); - this.synopsisString = synopsisString; - if (defaultHelp) { - addOption("-help,-? %h #displays help information", null); - defaultHelpOption = firstHelpOption = matchList.get(0); - } - } - - /** - * Returns the synopsis string used by the parser. - * The synopsis string is a short description of how to invoke - * the program, and usually looks something like - * <p> - * <prec> "java somepackage.SomeClass [options] files ..." </prec> - * - * <p> - * It is used in help and error messages. - * - * @return synopsis string - * @see ArgParser#setSynopsisString - * @see ArgParser#getHelpMessage - */ - public String getSynopsisString() { - return synopsisString; - } - - /** - * Sets the synopsis string used by the parser. - * - * @param s new synopsis string - * @see ArgParser#getSynopsisString - * @see ArgParser#getHelpMessage - */ - public void setSynopsisString(String s) { - synopsisString = s; - } - - /** - * Indicates whether or not help options are enabled. - * - * @return true if help options are enabled - * @see ArgParser#setHelpOptionsEnabled - * @see ArgParser#addOption - */ - public boolean getHelpOptionsEnabled() { - return helpOptionsEnabled; - } - - /** - * Enables or disables help options. Help options are those - * associated with a conversion code of <code>%h</code>. If - * help options are enabled, and a help option is matched, - * then the string produced by {@link #getHelpMessage getHelpMessage} is printed to the default print stream and the - * program - * exits with code 0. Otherwise, arguments which match help - * options are ignored. - * - * @param enable enables help options if <code>true</code>. - * @see ArgParser#getHelpOptionsEnabled - * @see ArgParser#addOption - * @see ArgParser#setDefaultPrintStream - */ - public void setHelpOptionsEnabled(boolean enable) { - helpOptionsEnabled = enable; - } - - /** - * Returns the default print stream used for outputting help - * and error information. - * - * @return default print stream - * @see ArgParser#setDefaultPrintStream - */ - public PrintStream getDefaultPrintStream() { - return printStream; - } - - /** - * Sets the default print stream used for outputting help - * and error information. - * - * @param stream new default print stream - * @see ArgParser#getDefaultPrintStream - */ - public void setDefaultPrintStream(PrintStream stream) { - printStream = stream; - } - - /** - * Gets the indentation used by {@link #getHelpMessage - * getHelpMessage}. - * - * @return number of indentation columns - * @see ArgParser#setHelpIndentation - * @see ArgParser#getHelpMessage - */ - public int getHelpIndentation() { - return helpIndent; - } - - /** - * Sets the indentation used by {@link #getHelpMessage - * getHelpMessage}. This is the number of columns that an option's help - * information is indented. If the option's name and value information - * can fit within this number of columns, then all information about - * the option is placed on one line. Otherwise, the indented help - * information is placed on a separate line. - * - * @param indent number of indentation columns - * @see ArgParser#getHelpIndentation - * @see ArgParser#getHelpMessage - */ - public void setHelpIndentation(int indent) { - helpIndent = indent; - } - - // public void setTabSpacing (int n) - // { tabSpacing = n; - // } - - // public int getTabSpacing () - // { return tabSpacing; - // } - - private void scanRangeSpec(Record rec, String s) - throws IllegalArgumentException { - StringScanner scanner = new StringScanner(s); - char c, c0, c1; - - scanner.setStringDelimiters(")],}"); - c = scanner.getc(); // swallow the first '{' - scanner.skipWhiteSpace(); - while ((c = scanner.peekc()) != '}') { - RangePnt p0, p1; - - if (c == '[' || c == '(') { - if (rec.convertCode == 'v' || rec.convertCode == 'b') { - throw new IllegalArgumentException("Sub ranges not supported for %b or %v"); - } - c0 = scanner.getc(); // record & swallow character - scanner.skipWhiteSpace(); - p0 = new RangePnt(scanner, rec.type); - scanner.skipWhiteSpace(); - if (scanner.getc() != ',') { - throw new IllegalArgumentException("Missing ',' in subrange specification"); - } - p1 = new RangePnt(scanner, rec.type); - scanner.skipWhiteSpace(); - if ((c1 = scanner.getc()) != ']' && c1 != ')') { - throw new IllegalArgumentException("Unterminated subrange"); - } - if (c0 == '(') { - p0.setClosed(false); - } - if (c1 == ')') { - p1.setClosed(false); - } - rec.addRangeAtom(new RangeAtom(p0, p1, rec.type)); - } else { - scanner.skipWhiteSpace(); - p0 = new RangePnt(scanner, rec.type); - rec.addRangeAtom(new RangeAtom(p0)); - } - scanner.skipWhiteSpace(); - if ((c = scanner.peekc()) == ',') { - scanner.getc(); - scanner.skipWhiteSpace(); - } else if (c != '}') { - throw new IllegalArgumentException("Range spec: ',' or '}' expected"); - } - } - if (rec.numRangeAtoms() == 1) { - rec.rangeDesc = s.substring(1, s.length() - 1); - } else { - rec.rangeDesc = s; - } - } - - private int defaultResultType(char convertCode) { - switch (convertCode) { - case 'i': - case 'o': - case 'd': - case 'x': { - return Record.LONG; - } - case 'c': { - return Record.CHAR; - } - case 'v': - case 'b': { - return Record.BOOLEAN; - } - case 'f': { - return Record.DOUBLE; - } - case 's': { - return Record.STRING; - } - } - return Record.NOTYPE; - } - - /** - * Adds a new option description to the parser. The method takes two - * arguments: a specification string, and a result holder in which to - * store the associated value. - * - * <p> - * The specification string has the general form - * - * <p> - * <var>optionNames</var> <code>%</code><var>conversionCode</var> [<code>{</code><var>rangeSpec</var><code>}</code>] - * [<code>X</code><var>multiplier</var>] [<code>#</code><var>valueDescription</var>] [<code>#</code> - * <var>optionDescription</var>] </code> - * - * <p> - * where - * <ul> - * <p> - * <li><var>optionNames</var> is a comma-separated list of names for the option (such as <code>-f, --file</code>). - * - * <p> - * <li><var>conversionCode</var> is a single letter, following a <code>%</code> character, specifying information - * about what value the option requires: - * - * <table> - * <tr> - * <td><code>%f</code></td> - * <td>a floating point number</td> - * <tr> - * <td><code>%i</code></td> - * <td>an integer, in either decimal, hex (if preceeded by <code>0x</code>), or octal (if preceeded by - * <code>0</code>)</td> - * <tr valign=top> - * <td><code>%d</code></td> - * <td>a decimal integer</td> - * <tr valign=top> - * <td><code>%o</code></td> - * <td>an octal integer</td> - * <tr valign=top> - * <td><code>%h</code></td> - * <td>a hex integer (without the preceeding <code>0x</code>)</td> - * <tr valign=top> - * <td><code>%c</code></td> - * <td>a single character, including escape sequences (such as <code>\n</code> or <code>\007</code>), and optionally - * enclosed in single quotes - * <tr valign=top> - * <td><code>%b</code></td> - * <td>a boolean value (<code>true</code> or <code>false</code>)</td> - * <tr valign=top> - * <td><code>%s</code></td> - * <td>a string. This will be the argument string itself (or its remainder, in the case of a single word option)</td> - * <tr valign=top> - * <td><code>%v</code></td> - * <td>no explicit value is expected, but a boolean value of <code>true</code> (by default) will be stored into the - * associated result holder if this option is matched. If one wishes to have a value of <code>false</code> stored - * instead, then the <code>%v</code> should be followed by a "range spec" containing <code>false</code>, as in - * <code>%v{false}</code>. - * </table> - * - * <p> - * <li><var>rangeSpec</var> is an optional range specification, placed inside curly braces, consisting of a - * comma-separated list of range items each specifying permissible values for the option. A range item may be an - * individual value, or it may itself be a subrange, consisting of two individual values, separated by a comma, and - * enclosed in square or round brackets. Square and round brackets denote closed and open endpoints of a subrange, - * indicating that the associated endpoint value is included or excluded from the subrange. The values specified in - * the range spec need to be consistent with the type of value expected by the option. - * - * <p> - * <b>Examples:</b> - * - * <p> - * A range spec of <code>{2,4,8,16}</code> for an integer value will allow the integers 2, 4, 8, or 16. - * - * <p> - * A range spec of <code>{[-1.0,1.0]}</code> for a floating point value will allow any floating point number in the - * range -1.0 to 1.0. - * - * <p> - * A range spec of <code>{(-88,100],1000}</code> for an integer value will allow values > -88 and <= 100, as well as - * 1000. - * - * <p> - * A range spec of <code>{"foo", "bar", ["aaa","zzz")} </code> for a string value will allow strings equal to - * <code>"foo"</code> or <code>"bar"</code>, plus any string lexically greater than or equal to <code>"aaa"</code> - * but less then <code>"zzz"</code>. - * - * <p> - * <li><var>multiplier</var> is an optional integer, following a <code>X</code> character, indicating the number of - * values which the option expects. If the multiplier is not specified, it is assumed to be 1. If the multiplier - * value is greater than 1, then the result holder should be either an array (of appropriate type) with a length - * greater than or equal to the multiplier value, or a <code>java.util.Vector</code> <a href=#vectorHolder>as - * discussed below</a>. - * - * <p> - * <li><var>valueDescription</var> is an optional description of the option's value requirements, and consists of - * all characters between two <code>#</code> characters. The final <code>#</code> character initiates the <i>option - * description</i>, which may be empty. The value description is used in <a href=#helpInfo>generating help - * messages</a>. - * - * <p> - * <li><var>optionDescription</var> is an optional description of the option itself, consisting of all characters - * between a <code>#</code> character and the end of the specification string. The option description is used in <a - * href=#helpInfo>generating help messages</a>. - * </ul> - * - * <p> - * The result holder must be an object capable of holding a value compatible with the conversion code, or it must be - * a <code>java.util.Vector</code>. When the option is matched, its associated value is placed in the result holder. - * If the same option is matched repeatedly, the result holder value will be overwritten, unless the result holder - * is a <code>java.util.Vector</code>, in which case new holder objects for each match will be allocated and added - * to the vector. Thus if multiple instances of an option are desired by the program, the result holder should be a - * <code>java.util.Vector</code>. - * - * <p> - * If the result holder is not a <code>Vector</code>, then it must correspond as follows to the conversion code: - * - * <table> - * <tr valign=top> - * <td><code>%i</code>, <code>%d</code>, <code>%x</code>, <code>%o</code></td> - * <td>{@link argparser.IntHolder IntHolder}, {@link argparser.LongHolder LongHolder}, <code>int[]</code>, or - * <code>long[]</code></td> - * </tr> - * - * <tr valign=top> - * <td><code>%f</code></td> - * <td>{@link argparser.FloatHolder FloatHolder}, {@link argparser.DoubleHolder DoubleHolder}, <code>float[]</code>, - * or <code>double[]</code></td> - * </tr> - * - * <tr valign=top> - * <td><code>%b</code>, <code>%v</code></td> - * <td>{@link argparser.BooleanHolder BooleanHolder} or <code>boolean[]</code></td> - * </tr> - * - * <tr valign=top> - * <td><code>%s</code></td> - * <td>{@link argparser.StringHolder StringHolder} or <code>String[]</code></td> - * </tr> - * - * <tr valign=top> - * <td><code>%c</code></td> - * <td>{@link argparser.CharHolder CharHolder} or <code>char[]</code></td> - * </tr> - * </table> - * - * <p> - * In addition, if the multiplier is greater than 1, then only the array type indicated above may be used, and the - * array must be at least as long as the multiplier. - * - * <p> - * <a name=vectorHolder>If the result holder is a <code>Vector</code>, then the system will create an appropriate - * result holder object and add it to the vector. Multiple occurances of the option will cause multiple results to - * be added to the vector. - * - * <p> - * The object allocated by the system to store the result will correspond to the conversion code as follows: - * - * <table> - * <tr valign=top> - * <td><code>%i</code>, <code>%d</code>, <code>%x</code>, <code>%o</code></td> - * <td>{@link argparser.LongHolder LongHolder}, or <code>long[]</code> if the multiplier value exceeds 1</td> - * </tr> - * - * <tr valign=top> - * <td><code>%f</code></td> - * <td>{@link argparser.DoubleHolder DoubleHolder}, or <code>double[]</code> if the multiplier value exceeds 1</td> - * </tr> - * - * <tr valign=top> - * <td><code>%b</code>, <code>%v</code></td> - * <td>{@link argparser.BooleanHolder BooleanHolder}, or <code>boolean[]</code> if the multiplier value exceeds 1</td> - * </tr> - * - * <tr valign=top> - * <td><code>%s</code></td> - * <td>{@link argparser.StringHolder StringHolder}, or <code>String[]</code> if the multiplier value exceeds 1</td> - * </tr> - * - * <tr valign=top> - * <td><code>%c</code></td> - * <td>{@link argparser.CharHolder CharHolder}, or <code>char[]</code> if the multiplier value exceeds 1</td> - * </tr> - * </table> - * - * @param spec the specification string - * @param resHolder object in which to store the associated - * value - * @throws IllegalArgumentException if there is an error in - * the specification or if the result holder is of an invalid - * type. - */ - public void addOption(String spec, Object resHolder) - throws IllegalArgumentException { - // null terminated string is easier to parse - StringScanner scanner = new StringScanner(spec); - Record rec = null; - NameDesc nameTail = null; - NameDesc ndesc; - int i0, i1; - char c; - - do { - ndesc = new NameDesc(); - boolean nameEndsInWhiteSpace = false; - - scanner.skipWhiteSpace(); - i0 = scanner.getIndex(); - while (!Character.isWhitespace(c = scanner.getc()) && - c != ',' && c != '%' && c != '\000') - ; - i1 = scanner.getIndex(); - if (c != '\000') { - i1--; - } - if (i0 == i1) { // then c is one of ',' '%' or '\000' - throw new IllegalArgumentException("Null option name given"); - } - if (Character.isWhitespace(c)) { - nameEndsInWhiteSpace = true; - scanner.skipWhiteSpace(); - c = scanner.getc(); - } - if (c == '\000') { - throw new IllegalArgumentException("No conversion character given"); - } - if (c != ',' && c != '%') { - throw new IllegalArgumentException("Names not separated by ','"); - } - ndesc.name = scanner.substring(i0, i1); - if (rec == null) { - rec = new Record(); - rec.nameList = ndesc; - } else { - nameTail.next = ndesc; - } - nameTail = ndesc; - ndesc.oneWord = !nameEndsInWhiteSpace; - } while (c != '%'); - - if (!nameTail.oneWord) { - for (ndesc = rec.nameList; ndesc != null; ndesc = ndesc.next) { - ndesc.oneWord = false; - } - } - c = scanner.getc(); - if (c == '\000') { - throw new IllegalArgumentException("No conversion character given"); - } - if (validConversionCodes.indexOf(c) == -1) { - throw new IllegalArgumentException("Conversion code '" + c + "' not one of '" + - validConversionCodes + "'"); - } - rec.convertCode = c; - - if (resHolder instanceof Vector) { - rec.vectorResult = true; - rec.type = defaultResultType(rec.convertCode); - } else { - switch (rec.convertCode) { - case 'i': - case 'o': - case 'd': - case 'x': { - if (resHolder instanceof LongHolder || - resHolder instanceof long[]) { - rec.type = Record.LONG; - } else if (resHolder instanceof IntHolder || - resHolder instanceof int[]) { - rec.type = Record.INT; - } else { - throw new IllegalArgumentException( - "Invalid result holder for %" + c); - } - break; - } - case 'c': { - if (!(resHolder instanceof CharHolder) && - !(resHolder instanceof char[])) { - throw new IllegalArgumentException( - "Invalid result holder for %c"); - } - rec.type = Record.CHAR; - break; - } - case 'v': - case 'b': { - if (!(resHolder instanceof BooleanHolder) && - !(resHolder instanceof boolean[])) { - throw new IllegalArgumentException( - "Invalid result holder for %" + c); - } - rec.type = Record.BOOLEAN; - break; - } - case 'f': { - if (resHolder instanceof DoubleHolder || - resHolder instanceof double[]) { - rec.type = Record.DOUBLE; - } else if (resHolder instanceof FloatHolder || - resHolder instanceof float[]) { - rec.type = Record.FLOAT; - } else { - throw new IllegalArgumentException( - "Invalid result holder for %f"); - } - break; - } - case 's': { - if (!(resHolder instanceof StringHolder) && - !(resHolder instanceof String[])) { - throw new IllegalArgumentException( - "Invalid result holder for %s"); - } - rec.type = Record.STRING; - break; - } - case 'h': { // resHolder is ignored for this type - break; - } - } - } - if (rec.convertCode == 'h') { - rec.resHolder = null; - } else { - rec.resHolder = resHolder; - } - - scanner.skipWhiteSpace(); - // get the range specification, if any - if (scanner.peekc() == '{') { - if (rec.convertCode == 'h') { - throw new IllegalArgumentException("Ranges not supported for %h"); - } - // int bcnt = 0; - i0 = scanner.getIndex(); // beginning of range spec - do { - c = scanner.getc(); - if (c == '\000') { - throw new IllegalArgumentException("Unterminated range specification"); - } - // else if (c=='[' || c=='(') - // { bcnt++; - // } - // else if (c==']' || c==')') - // { bcnt--; - // } - // if ((rec.convertCode=='v'||rec.convertCode=='b') && bcnt>1) - // { throw new IllegalArgumentException - // ("Sub ranges not supported for %b or %v"); - // } - } while (c != '}'); - // if (c != ']') - // { throw new IllegalArgumentException - // ("Range specification must end with ']'"); - // } - i1 = scanner.getIndex(); // end of range spec - scanRangeSpec(rec, scanner.substring(i0, i1)); - if (rec.convertCode == 'v' && rec.rangeList != null) { - rec.vval = rec.rangeList.low.bval; - } - } - // check for value multiplicity information, if any - if (scanner.peekc() == 'X') { - if (rec.convertCode == 'h') { - throw new IllegalArgumentException("Multipliers not supported for %h"); - } - scanner.getc(); - try { - rec.numValues = (int) scanner.scanInt(); - } catch (StringScanException e) { - throw new IllegalArgumentException("Malformed value multiplier"); - } - if (rec.numValues <= 0) { - throw new IllegalArgumentException("Value multiplier number must be > 0"); - } - } else { - rec.numValues = 1; - } - if (rec.numValues > 1) { - for (ndesc = rec.nameList; ndesc != null; ndesc = ndesc.next) { - if (ndesc.oneWord) { - throw new IllegalArgumentException( - "Multiplier value incompatible with one word option " + ndesc.name); - } - } - } - if (resHolder != null && resHolder.getClass().isArray()) { - if (Array.getLength(resHolder) < rec.numValues) { - throw new IllegalArgumentException( - "Result holder array must have a length >= " + rec.numValues); - } - } else { - if (rec.numValues > 1 && !(resHolder instanceof Vector)) { - throw new IllegalArgumentException( - "Multiplier requires result holder to be an array of length >= " - + rec.numValues); - } - } - - // skip white space following conversion information - scanner.skipWhiteSpace(); - - // get the help message, if any - - if (!scanner.atEnd()) { - if (scanner.getc() != '#') { - throw new IllegalArgumentException("Illegal character(s), expecting '#'"); - } - String helpInfo = scanner.substring(scanner.getIndex()); - // look for second '#'. If there is one, then info - // between the first and second '#' is the value descriptor. - int k = helpInfo.indexOf("#"); - if (k != -1) { - rec.valueDesc = helpInfo.substring(0, k); - rec.helpMsg = helpInfo.substring(k + 1); - } else { - rec.helpMsg = helpInfo; - } - } else { - rec.helpMsg = ""; - } - - // parse helpMsg for required/optional information if present - // default to required - if (rec.helpMsg.indexOf("(optional") != -1) { - rec.required = false; - } - - // add option information to match list - if (rec.convertCode == 'h' && firstHelpOption == defaultHelpOption) { - matchList.remove(defaultHelpOption); - firstHelpOption = rec; - } - matchList.add(rec); - } - - Record lastMatchRecord() { - return matchList.lastElement(); - } - - private Record getRecord(String arg, ObjectHolder ndescHolder) { - NameDesc ndesc; - for (int i = 0; i < matchList.size(); i++) { - Record rec = matchList.get(i); - for (ndesc = rec.nameList; ndesc != null; ndesc = ndesc.next) { - if (rec.convertCode != 'v' && ndesc.oneWord) { - if (arg.startsWith(ndesc.name)) { - if (ndescHolder != null) { - ndescHolder.value = ndesc; - } - return rec; - } - } else { - if (arg.equals(ndesc.name)) { - if (ndescHolder != null) { - ndescHolder.value = ndesc; - } - return rec; - } - } - } - } - return null; - } - - public void checkRequiredArgs() { - for (int i = 1; i < matchList.size(); i++) { - Record rec = matchList.get(i); - StringHolder myString = (StringHolder) rec.resHolder; - if (((myString.value == null) || (myString.value.equals(""))) && (rec.required)) { - printErrorAndExit("Required parameter " + rec.nameList.name + " is not specified."); - } - } - } - - Object getResultHolder(String arg) { - Record rec = getRecord(arg, null); - return (rec != null) ? rec.resHolder : null; - } - - String getOptionName(String arg) { - ObjectHolder ndescHolder = new ObjectHolder(); - Record rec = getRecord(arg, ndescHolder); - return (rec != null) ? ((NameDesc) ndescHolder.value).name : null; - } - - String getOptionRangeDesc(String arg) { - Record rec = getRecord(arg, null); - return (rec != null) ? rec.rangeDesc : null; - } - - String getOptionTypeName(String arg) { - Record rec = getRecord(arg, null); - return (rec != null) ? rec.valTypeName() : null; - } - - private Object createResultHolder(Record rec) throws ArgParseException { - if (rec.numValues == 1) { - switch (rec.type) { - case Record.LONG: { - return new LongHolder(); - } - case Record.CHAR: { - return new CharHolder(); - } - case Record.BOOLEAN: { - return new BooleanHolder(); - } - case Record.DOUBLE: { - return new DoubleHolder(); - } - case Record.STRING: { - return new StringHolder(); - } - } - } else { - switch (rec.type) { - case Record.LONG: { - return new long[rec.numValues]; - } - case Record.CHAR: { - return new char[rec.numValues]; - } - case Record.BOOLEAN: { - return new boolean[rec.numValues]; - } - case Record.DOUBLE: { - return new double[rec.numValues]; - } - case Record.STRING: { - return new String[rec.numValues]; - } - } - } - - throw new ArgParseException("Bad parameters in the Record for Result Holder. Type :" + rec.type - + " ,Number of Values : " + rec.numValues); // can't happen - } - - static void stringToArgs(Vector<String> vec, String s, - boolean allowQuotedStrings) - throws StringScanException { - StringScanner scanner = new StringScanner(s); - scanner.skipWhiteSpace(); - while (!scanner.atEnd()) { - if (allowQuotedStrings) { - vec.add(scanner.scanString()); - } else { - vec.add(scanner.scanNonWhiteSpaceString()); - } - scanner.skipWhiteSpace(); - } - } - - /** - * Reads in a set of strings from a reader and prepends them to an - * argument list. Strings are delimited by either whitespace or - * double quotes <code>"</code>. The character <code>#</code> acts as - * a comment character, causing input to the end of the current line to - * be ignored. - * - * @param reader Reader from which to read the strings - * @param args Initial set of argument values. Can be - * specified as <code>null</code>. - * @throws IOException if an error occured while reading. - */ - public static String[] prependArgs(Reader reader, String[] args) - throws IOException { - if (args == null) { - args = new String[0]; - } - LineNumberReader lineReader = new LineNumberReader(reader); - Vector<String> vec = new Vector<String>(100, 100); - String line; - int i, k; - - while ((line = lineReader.readLine()) != null) { - int commentIdx = line.indexOf("#"); - if (commentIdx != -1) { - line = line.substring(0, commentIdx); - } - try { - stringToArgs(vec, line, /*allowQuotedStings=*/true); - } catch (StringScanException e) { - throw new IOException( - "malformed string, line " + lineReader.getLineNumber()); - } - } - String[] result = new String[vec.size() + args.length]; - for (i = 0; i < vec.size(); i++) { - result[i] = vec.get(i); - } - for (k = 0; k < args.length; k++) { - result[i++] = args[k]; - } - return result; - } - - /** - * Reads in a set of strings from a file and prepends them to an - * argument list. Strings are delimited by either whitespace or double - * quotes <code>"</code>. The character <code>#</code> acts as a - * comment character, causing input to the end of the current line to - * be ignored. - * - * @param file File to be read - * @param args Initial set of argument values. Can be - * specified as <code>null</code>. - * @throws IOException if an error occured while reading the file. - */ - public static String[] prependArgs(File file, String[] args) - throws IOException { - if (args == null) { - args = new String[0]; - } - if (!file.canRead()) { - return args; - } - try { - return prependArgs(new FileReader(file), args); - } catch (IOException e) { - throw new IOException( - "File " + file.getName() + ": " + e.getMessage()); - } - } - - /** - * Sets the parser's error message. - * - * @param s Error message - */ - protected void setError(String msg) { - errMsg = msg; - } - - /** - * Prints an error message, along with a pointer to help options, - * if available, and causes the program to exit with code 1. - */ - public void printErrorAndExit(String msg) { - if (helpOptionsEnabled && firstHelpOptionName() != null) { - msg += "\nUse " + firstHelpOptionName() + " for help information"; - } - if (printStream != null) { - printStream.println(msg); - } - System.exit(1); - } - - /** - * Matches arguments within an argument list. - * - * <p> - * In the event of an erroneous or unmatched argument, the method prints a message and exits the program with code - * 1. - * - * <p> - * If help options are enabled and one of the arguments matches a help option, then the result of - * {@link #getHelpMessage - * getHelpMessage} is printed to the default print stream and the program exits with code 0. If help options are not - * enabled, they are ignored. - * - * @param args argument list - * @see ArgParser#getDefaultPrintStream - */ - public void matchAllArgs(String[] args) { - matchAllArgs(args, 0, EXIT_ON_UNMATCHED | EXIT_ON_ERROR); - } - - /** - * Matches arguments within an argument list and returns - * those which were not matched. The matching starts at a location - * in <code>args</code> specified by <code>idx</code>, and - * unmatched arguments are returned in a String array. - * - * <p> - * In the event of an erroneous argument, the method either prints a message and exits the program (if - * {@link #EXIT_ON_ERROR} is set in <code>exitFlags</code>) or terminates the matching and creates a error message - * that can be retrieved by {@link #getErrorMessage}. - * - * <p> - * In the event of an umatched argument, the method will print a message and exit if {@link #EXIT_ON_UNMATCHED} is - * set in <code>errorFlags</code>. Otherwise, the unmatched argument will be appended to the returned array of - * unmatched values, and the matching will continue at the next location. - * - * <p> - * If help options are enabled and one of the arguments matches a help option, then the result of - * {@link #getHelpMessage - * getHelpMessage} is printed to the the default print stream and the program exits with code 0. If help options are - * not enabled, then they will not be matched. - * - * @param args argument list - * @param idx starting location in list - * @param exitFlags conditions causing the program to exit. Should be - * an or-ed combintion of {@link #EXIT_ON_ERROR} or {@link #EXIT_ON_UNMATCHED}. - * @return array of arguments that were not matched, or <code>null</code> if all arguments were successfully matched - * @see ArgParser#getErrorMessage - * @see ArgParser#getDefaultPrintStream - */ - public String[] matchAllArgs(String[] args, int idx, int exitFlags) { - Vector<String> unmatched = new Vector<String>(10); - - while (idx < args.length) { - try { - idx = matchArg(args, idx); - if (unmatchedArg != null) { - if ((exitFlags & EXIT_ON_UNMATCHED) != 0) { - printErrorAndExit("Unrecognized argument: " + unmatchedArg); - } else { - unmatched.add(unmatchedArg); - } - } - } catch (ArgParseException e) { - if ((exitFlags & EXIT_ON_ERROR) != 0) { - printErrorAndExit(e.getMessage()); - } - break; - } - } - if (unmatched.size() == 0) { - return null; - } else { - return unmatched.toArray(new String[0]); - } - } - - /** - * Matches one option starting at a specified location in an argument - * list. The method returns the location in the list where the next - * match should begin. - * - * <p> - * In the event of an erroneous argument, the method throws an {@link argparser.ArgParseException ArgParseException} - * with an appropriate error message. This error message can also be retrieved using {@link #getErrorMessage - * getErrorMessage}. - * - * <p> - * In the event of an umatched argument, the method will return idx + 1, and {@link #getUnmatchedArgument - * getUnmatchedArgument} will return a copy of the unmatched argument. If an argument is matched, - * {@link #getUnmatchedArgument getUnmatchedArgument} will return <code>null</code>. - * - * <p> - * If help options are enabled and the argument matches a help option, then the result of {@link #getHelpMessage - * getHelpMessage} is printed to the the default print stream and the program exits with code 0. If help options are - * not enabled, then they are ignored. - * - * @param args argument list - * @param idx location in list where match should start - * @return location in list where next match should start - * @throws ArgParseException if there was an error performing - * the match (such as improper or insufficient values). - * @see ArgParser#setDefaultPrintStream - * @see ArgParser#getHelpOptionsEnabled - * @see ArgParser#getErrorMessage - * @see ArgParser#getUnmatchedArgument - */ - @SuppressWarnings("unchecked") - public int matchArg(String[] args, int idx) - throws ArgParseException { - unmatchedArg = null; - setError(null); - try { - ObjectHolder ndescHolder = new ObjectHolder(); - Record rec = getRecord(args[idx], ndescHolder); - if (rec == null || (rec.convertCode == 'h' && !helpOptionsEnabled)) { // didn't match - unmatchedArg = args[idx]; - return idx + 1; - } - NameDesc ndesc = (NameDesc) ndescHolder.value; - Object result; - if (rec.resHolder instanceof Vector) { - result = createResultHolder(rec); - } else { - result = rec.resHolder; - } - if (rec.convertCode == 'h') { - if (helpOptionsEnabled) { - printStream.println(getHelpMessage()); - System.exit(0); - } else { - return idx + 1; - } - } else if (rec.convertCode != 'v') { - if (ndesc.oneWord) { - rec.scanValue( - result, ndesc.name, - args[idx].substring(ndesc.name.length()), 0); - } else { - if (idx + rec.numValues >= args.length) { - throw new ArgParseException( - ndesc.name, "requires " + rec.numValues + " value" + - (rec.numValues > 1 ? "s" : "")); - } - for (int k = 0; k < rec.numValues; k++) { - rec.scanValue(result, ndesc.name, args[++idx], k); - } - } - } else { - if (rec.resHolder instanceof BooleanHolder) { - ((BooleanHolder) result).value = rec.vval; - } else { - for (int k = 0; k < rec.numValues; k++) { - ((boolean[]) result)[k] = rec.vval; - } - } - } - if (rec.resHolder instanceof Vector) { - ((Vector<Object>) rec.resHolder).add(result); - } - } catch (ArgParseException e) { - setError(e.getMessage()); - throw e; - } - return idx + 1; - } - - private String spaceString(int n) { - StringBuffer sbuf = new StringBuffer(n); - for (int i = 0; i < n; i++) { - sbuf.append(' '); - } - return sbuf.toString(); - } - - // public String getShortHelpMessage () - // { - // String s; - // Record rec; - // NameDesc ndesc; - // int initialIndent = 8; - // int col = initialIndent; - - // if (maxcols <= 0) - // { maxcols = 80; - // } - // if (matchList.size() > 0) - // { ps.print (spaceString(initialIndent)); - // } - // for (int i=0; i<matchList.size(); i++) - // { rec = (Record)matchList.get(i); - // s = "["; - // for (ndesc=rec.nameList; ndesc!=null; ndesc=ndesc.next) - // { s = s + ndesc.name; - // if (ndesc.oneWord == false) - // { s = s + " "; - // } - // if (ndesc.next != null) - // { s = s + ","; - // } - // } - // if (rec.convertCode != 'v' && rec.convertCode != 'h') - // { if (rec.valueDesc != null) - // { s += rec.valueDesc; - // } - // else - // { s = s + "<" + rec.valTypeName() + ">"; - // if (rec.numValues > 1) - // { s += "X" + rec.numValues; - // } - // } - // } - // s = s + "]"; - // /* - // (col+=s.length()) > (maxcols-1) => we will spill over edge. - // we use (maxcols-1) because if we go right to the edge - // (maxcols), we get wrap new line inserted "for us". - // i != 0 means we print the first entry, no matter - // how long it is. Subsequent entries are printed - // full length anyway. */ - - // if ((col+=s.length()) > (maxcols-1) && i != 0) - // { col = initialIndent+s.length(); - // ps.print ("\n" + spaceString(initialIndent)); - // } - // ps.print (s); - // } - // if (matchList.size() > 0) - // { ps.print ('\n'); - // ps.flush(); - // } - // } - - /** - * Returns a string describing the allowed options - * in detail. - * - * @return help information string. - */ - public String getHelpMessage() { - Record rec; - NameDesc ndesc; - boolean hasOneWordAlias = false; - String s; - - s = "Usage: " + synopsisString + "\n"; - s += "Options include:\n\n"; - for (int i = 0; i < matchList.size(); i++) { - StringBuffer optionInfo = new StringBuffer(); - rec = matchList.get(i); - if (rec.convertCode == 'h' && !helpOptionsEnabled) { - continue; - } - for (ndesc = rec.nameList; ndesc != null; ndesc = ndesc.next) { - if (ndesc.oneWord) { - hasOneWordAlias = true; - break; - } - } - for (ndesc = rec.nameList; ndesc != null; ndesc = ndesc.next) { - optionInfo.append(ndesc.name); - if (hasOneWordAlias && !ndesc.oneWord) { - optionInfo.append(" "); - } - if (ndesc.next != null) { - optionInfo.append(","); - } - } - if (!hasOneWordAlias) { - optionInfo.append(" "); - } - if (rec.convertCode != 'v' && rec.convertCode != 'h') { - if (rec.valueDesc != null) { - optionInfo.append(rec.valueDesc); - } else { - if (rec.rangeDesc != null) { - optionInfo.append("<" + rec.valTypeName() + " " - + rec.rangeDesc + ">"); - } else { - optionInfo.append("<" + rec.valTypeName() + ">"); - } - } - } - if (rec.numValues > 1) { - optionInfo.append("X" + rec.numValues); - } - s += optionInfo.toString(); - if (rec.helpMsg.length() > 0) { - int pad = helpIndent - optionInfo.length(); - if (pad < 2) { //s += '\n'; - pad = helpIndent; - } - // s += spaceString(pad) + rec.helpMsg; - s += spaceString(4) + rec.helpMsg; - } - s += '\n'; - } - return s; - } - - /** - * Returns the parser's error message. This is automatically - * set whenever an error is encountered in <code>matchArg</code> or <code>matchAllArgs</code>, and is automatically - * set to <code>null</code> at the beginning of these methods. - * - * @return error message - */ - public String getErrorMessage() { - return errMsg; - } - - /** - * Returns the value of an unmatched argument discovered {@link #matchArg matchArg} or - * {@link #matchAllArgs(String[],int,int) - * matchAllArgs}. If there was no unmatched argument, <code>null</code> is returned. - * - * @return unmatched argument - */ - public String getUnmatchedArgument() { - return unmatchedArg; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/ArgParserTest.java b/base/silent/src/com/netscape/pkisilent/argparser/ArgParserTest.java deleted file mode 100644 index 9f7a32185..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/ArgParserTest.java +++ /dev/null @@ -1,1514 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Copyright John E. Lloyd, 2004. All rights reserved. Permission to use, - * copy, modify and redistribute is granted, provided that this copyright - * notice is retained and the author is given credit whenever appropriate. - * - * This software is distributed "as is", without any warranty, including - * any implied warranty of merchantability or fitness for a particular - * use. The author assumes no responsibility for, and shall not be liable - * for, any special, indirect, or consequential damages, or any damages - * whatsoever, arising out of or in connection with the use of this - * software. - */ - -import java.io.ByteArrayOutputStream; -import java.io.PrintStream; -import java.lang.reflect.Array; -import java.util.Vector; - -/** - * Testing class for the class ArgParser. Executing the <code>main</code> method of this class will perform a suite of - * tests to help verify correct - * operation of the parser class. - * - * @author John E. Lloyd, Fall 2004 - * @see ArgParser - */ -public class ArgParserTest { - ArgParser parser; - - static final boolean CLOSED = true; - static final boolean OPEN = false; - - static final boolean ONE_WORD = true; - static final boolean MULTI_WORD = false; - - private static void verify(boolean ok, String msg) { - if (!ok) { - Throwable e = new Throwable(); - System.out.println("Verification failed:" + msg); - e.printStackTrace(); - System.exit(1); - } - } - - private static String[] argsFromString(String s) { - Vector<String> vec = new Vector<String>(100); - try { - ArgParser.stringToArgs(vec, s, /*allowQuotedStings=*/false); - } catch (StringScanException e) { - e.printStackTrace(); - System.exit(1); - } - String[] result = new String[vec.size()]; - for (int i = 0; i < vec.size(); i++) { - result[i] = vec.get(i); - } - return result; - } - - static class RngCheck { - ArgParser.RangePnt low = null; - ArgParser.RangePnt high = null; - int type; - - RngCheck(String s) { - low = new ArgParser.RangePnt(s, CLOSED); - type = 's'; - } - - RngCheck(double d) { - low = new ArgParser.RangePnt(d, CLOSED); - type = 'd'; - } - - RngCheck(long l) { - low = new ArgParser.RangePnt(l, CLOSED); - type = 'l'; - } - - RngCheck(boolean b) { - low = new ArgParser.RangePnt(b, CLOSED); - type = 'b'; - } - - RngCheck(String s1, boolean c1, String s2, boolean c2) { - low = new ArgParser.RangePnt(s1, c1); - high = new ArgParser.RangePnt(s2, c2); - type = 's'; - } - - RngCheck(double d1, boolean c1, double d2, boolean c2) { - low = new ArgParser.RangePnt(d1, c1); - high = new ArgParser.RangePnt(d2, c2); - type = 'd'; - } - - RngCheck(long l1, boolean c1, long l2, boolean c2) { - low = new ArgParser.RangePnt(l1, c1); - high = new ArgParser.RangePnt(l2, c2); - type = 'l'; - } - - void check(ArgParser.RangeAtom ra) { - verify((ra.low == null) == (low == null), - "(ra.low==null)=" + (ra.low == null) + - "(low==null)=" + (low == null)); - verify((ra.high == null) == (high == null), - "(ra.high==null)=" + (ra.high == null) + - "(high==null)=" + (high == null)); - - if (ra.low != null) { - switch (type) { - case 'l': { - verify(ra.low.lval == low.lval, - "ra.low=" + ra.low + " low=" + low); - break; - } - case 'd': { - verify(ra.low.dval == low.dval, - "ra.low=" + ra.low + " low=" + low); - break; - } - case 's': { - verify(ra.low.sval.equals(low.sval), - "ra.low=" + ra.low + " low=" + low); - break; - } - case 'b': { - verify(ra.low.bval == low.bval, - "ra.low=" + ra.low + " low=" + low); - break; - } - } - verify(ra.low.closed == low.closed, - "ra.low=" + ra.low + " low=" + low); - } - if (ra.high != null) { - switch (type) { - case 'l': { - verify(ra.high.lval == high.lval, - "ra.high=" + ra.high + " high=" + high); - break; - } - case 'd': { - verify(ra.high.dval == high.dval, - "ra.high=" + ra.high + " high=" + high); - break; - } - case 's': { - verify(ra.high.sval.equals(high.sval), - "ra.high=" + ra.high + " high=" + high); - break; - } - case 'b': { - verify(ra.high.bval == high.bval, - "ra.high=" + ra.high + " high=" + high); - break; - } - } - verify(ra.high.closed == high.closed, - "ra.high=" + ra.high + " high=" + high); - } - } - } - - ArgParserTest() { - parser = new ArgParser("fubar"); - } - - static void checkException(Exception e, String errmsg) { - if (errmsg != null) { - if (!e.getMessage().equals(errmsg)) { - System.out.println( - "Expecting exception '" + errmsg + "' but got '" + - e.getMessage() + "'"); - e.printStackTrace(); - (new Throwable()).printStackTrace(); - System.exit(1); - } - } else { - System.out.println( - "Unexpected exception '" + e.getMessage() + "'"); - e.printStackTrace(); - (new Throwable()).printStackTrace(); - System.exit(1); - } - } - - void checkPrintHelp(String msg) { - ByteArrayOutputStream buf = new ByteArrayOutputStream(0x10000); - PrintStream ps = new PrintStream(buf); - ps.println(parser.getHelpMessage()); - System.out.print(buf.toString()); - } - - // void checkGetSynopsis (String msg) - // { - // ByteArrayOutputStream buf = new ByteArrayOutputStream(0x10000); - // PrintStream ps = new PrintStream(buf); - // parser.printSynopsis (ps, 80); - // System.out.print (buf.toString()); - // } - - void checkAdd(String s, Object resHolder, String errmsg) { - checkAdd(s, resHolder, 0, 0, null, null, null, errmsg); - } - - void add(String s, Object resHolder) { - try { - parser.addOption(s, resHolder); - } catch (Exception e) { - e.printStackTrace(); - System.exit(1); - } - } - - void checkStringArray(String msg, String[] strs, String[] check) { - boolean dontMatch = false; - if (strs.length != check.length) { - dontMatch = true; - } else { - for (int i = 0; i < strs.length; i++) { - if (!strs[i].equals(check[i])) { - dontMatch = true; - break; - } - } - } - if (dontMatch) { - System.out.println(msg); - System.out.print("Expected: "); - for (int i = 0; i < check.length; i++) { - System.out.print("'" + check[i] + "'"); - if (i < check.length - 1) { - System.out.print(" "); - } - } - System.out.println(""); - System.out.print("Got: "); - for (int i = 0; i < strs.length; i++) { - System.out.print("'" + strs[i] + "'"); - if (i < strs.length - 1) { - System.out.print(" "); - } - } - System.out.println(""); - System.exit(1); - } - } - - void checkAdd(String s, Object resHolder, int code, int numValues, - Object names, RngCheck[] rngCheck, - String helpMsg, String errmsg) { - boolean exceptionThrown = false; - String[] namelist = null; - try { - parser.addOption(s, resHolder); - } catch (Exception e) { - exceptionThrown = true; - checkException(e, errmsg); - } - if (names instanceof String) { - namelist = new String[] { (String) names }; - } else { - namelist = (String[]) names; - } - if (!exceptionThrown) { - verify(errmsg == null, - "Expecting exception " + errmsg); - ArgParser.Record rec = parser.lastMatchRecord(); - verify(rec.convertCode == code, - "code=" + rec.convertCode + ", expecting " + code); - ArgParser.NameDesc nd; - int i = 0; - for (nd = rec.firstNameDesc(); nd != null; nd = nd.next) { - i++; - } - verify(i == namelist.length, - "numNames=" + i + ", expecting " + namelist.length); - i = 0; - for (nd = rec.firstNameDesc(); nd != null; nd = nd.next) { - String ss; - if (!nd.oneWord) { - ss = new String(nd.name) + ' '; - } else { - ss = nd.name; - } - verify(ss.equals(namelist[i]), - "have name '" + ss + "', expecting '" + namelist[i] + "'"); - i++; - } - ArgParser.RangeAtom ra; - i = 0; - for (ra = rec.firstRangeAtom(); ra != null; ra = ra.next) { - i++; - } - int expectedRangeNum = 0; - if (rngCheck != null) { - expectedRangeNum = rngCheck.length; - } - verify(i == expectedRangeNum, - "numRangeAtoms=" + i + ", expecting " + expectedRangeNum); - i = 0; - for (ra = rec.firstRangeAtom(); ra != null; ra = ra.next) { - rngCheck[i++].check(ra); - } - verify(rec.helpMsg.equals(helpMsg), - "helpMsg=" + rec.helpMsg + ", expecting " + helpMsg); - verify(rec.numValues == numValues, - "numValues=" + rec.numValues + ", expecting " + numValues); - } - } - - double getDoubleValue(Object obj, int k) { - if (obj instanceof DoubleHolder) { - return ((DoubleHolder) obj).value; - } else if (obj instanceof FloatHolder) { - return ((FloatHolder) obj).value; - } else if (obj instanceof double[]) { - return ((double[]) obj)[k]; - } else if (obj instanceof float[]) { - return ((float[]) obj)[k]; - } else { - verify(false, "object doesn't contain double values"); - return 0; - } - } - - long getLongValue(Object obj, int k) { - if (obj instanceof LongHolder) { - return ((LongHolder) obj).value; - } else if (obj instanceof IntHolder) { - return ((IntHolder) obj).value; - } else if (obj instanceof long[]) { - return ((long[]) obj)[k]; - } else if (obj instanceof int[]) { - return ((int[]) obj)[k]; - } else { - verify(false, "object doesn't contain long values"); - return 0; - } - } - - String getStringValue(Object obj, int k) { - if (obj instanceof StringHolder) { - return ((StringHolder) obj).value; - } else if (obj instanceof String[]) { - return ((String[]) obj)[k]; - } else { - verify(false, "object doesn't contain String values"); - return null; - } - } - - boolean getBooleanValue(Object obj, int k) { - if (obj instanceof BooleanHolder) { - return ((BooleanHolder) obj).value; - } else if (obj instanceof boolean[]) { - return ((boolean[]) obj)[k]; - } else { - verify(false, "object doesn't contain boolean values"); - return false; - } - } - - char getCharValue(Object obj, int k) { - if (obj instanceof CharHolder) { - return ((CharHolder) obj).value; - } else if (obj instanceof char[]) { - return ((char[]) obj)[k]; - } else { - verify(false, "object doesn't contain char values"); - return 0; - } - } - - static class MErr { - int code; - String valStr; - - MErr(int code, String valStr) { - this.code = code; - this.valStr = valStr; - } - } - - static class MTest { - String args; - Object result; - int resultIdx; - - MTest(String args, Object result) { - this(args, result, -1); - } - - MTest(String args, Object result, int resultIdx) { - this.args = args; - this.result = result; - this.resultIdx = resultIdx; - } - }; - - void checkMatch(String args[], int idx, String errMsg) { - getMatchResult(args, idx, -1, errMsg, -1); - } - - void checkMatch(String args[], int idx, int cnt, - long check, int resultIdx) { - Object rholder = getMatchResult(args, idx, cnt, null, resultIdx); - long result = getLongValue(rholder, 0); - verify(result == check, "result " + result + " vs. " + check); - } - - void checkMatch(String args[], int idx, int cnt, - double check, int resultIdx) { - Object rholder = getMatchResult(args, idx, cnt, null, resultIdx); - double result = getDoubleValue(rholder, 0); - verify(result == check, "result " + result + " vs. " + check); - } - - void checkMatch(String args[], int idx, int cnt, - String check, int resultIdx) { - Object rholder = getMatchResult(args, idx, cnt, null, resultIdx); - String result = getStringValue(rholder, 0); - verify(result.equals(check), "result " + result + " vs. " + check); - } - - void checkMatch(String args[], int idx, int cnt, - boolean check, int resultIdx) { - Object rholder = getMatchResult(args, idx, cnt, null, resultIdx); - boolean result = getBooleanValue(rholder, 0); - verify(result == check, "result " + result + " vs. " + check); - } - - void checkMatch(String args[], int idx, int cnt, - char check, int resultIdx) { - Object rholder = getMatchResult(args, idx, cnt, null, resultIdx); - char result = getCharValue(rholder, 0); - verify(result == check, "result " + result + " vs. " + check); - } - - void checkMatch(String args[], int idx, int cnt, - Object checkArray, int resultIdx) { - Object rholder = getMatchResult(args, idx, cnt, null, resultIdx); - if (!checkArray.getClass().isArray()) { - verify(false, "check is not an array"); - } - for (int i = 0; i < Array.getLength(checkArray); i++) { - if (checkArray instanceof long[]) { - long result = getLongValue(rholder, i); - long check = ((long[]) checkArray)[i]; - verify(result == check, - "result [" + i + "] " + result + " vs. " + check); - } else if (checkArray instanceof double[]) { - double result = getDoubleValue(rholder, i); - double check = ((double[]) checkArray)[i]; - verify(result == check, - "result [" + i + "] " + result + " vs. " + check); - } else if (checkArray instanceof String[]) { - String result = getStringValue(rholder, i); - String check = ((String[]) checkArray)[i]; - verify(result.equals(check), - "result [" + i + "] " + result + " vs. " + check); - } else if (checkArray instanceof boolean[]) { - boolean result = getBooleanValue(rholder, i); - boolean check = ((boolean[]) checkArray)[i]; - verify(result == check, - "result [" + i + "] " + result + " vs. " + check); - } else if (checkArray instanceof char[]) { - char result = getCharValue(rholder, i); - char check = ((char[]) checkArray)[i]; - verify(result == check, - "result [" + i + "] " + result + " vs. " + check); - } else { - verify(false, "unknown type for checkArray"); - } - } - } - - void checkMatch(MTest test, boolean oneWord) { - String[] argv; - if (oneWord) { - argv = new String[1]; - argv[0] = test.args; - } else { - argv = argsFromString(test.args); - } - if (test.result instanceof Long) { - checkMatch(argv, 0, argv.length, - ((Long) test.result).longValue(), - test.resultIdx); - } else if (test.result instanceof Double) { - checkMatch(argv, 0, argv.length, - ((Double) test.result).doubleValue(), - test.resultIdx); - } else if (test.result instanceof String) { - checkMatch(argv, 0, argv.length, - (String) test.result, - test.resultIdx); - } else if (test.result instanceof Boolean) { - checkMatch(argv, 0, argv.length, - ((Boolean) test.result).booleanValue(), - test.resultIdx); - } else if (test.result instanceof Character) { - checkMatch(argv, 0, argv.length, - ((Character) test.result).charValue(), - test.resultIdx); - } else if (test.result.getClass().isArray()) { - checkMatch(argv, 0, argv.length, test.result, - test.resultIdx); - } else if (test.result instanceof MErr) { - MErr err = (MErr) test.result; - String argname = parser.getOptionName(argv[0]); - String msg = ""; - - switch (err.code) { - case 'c': { - msg = "requires a contiguous value"; - break; - } - case 'm': { - msg = "malformed " + parser.getOptionTypeName(argv[0]) + - " '" + err.valStr + "'"; - break; - } - case 'r': { - msg = "value '" + err.valStr + "' not in range " + - parser.getOptionRangeDesc(argv[0]); - break; - } - case 'v': { - msg = "requires " + err.valStr + " values"; - break; - } - } - checkMatch(argv, 0, argname + ": " + msg); - } else { - verify(false, "Unknown result type"); - } - } - - void checkMatches(MTest[] tests, boolean oneWord) { - for (int i = 0; i < tests.length; i++) { - checkMatch(tests[i], oneWord); - } - } - - Object getMatchResult(String args[], int idx, int cnt, - String errMsg, int resultIdx) { - boolean exceptionThrown = false; - int k = 0; - try { - k = parser.matchArg(args, idx); - } catch (Exception e) { - exceptionThrown = true; - checkException(e, errMsg); - } - if (!exceptionThrown) { - verify(k == idx + cnt, - "Expecting result index " + (idx + cnt) + ", got " + k); - Object result = parser.getResultHolder(args[0]); - if (resultIdx >= 0) { - verify(result instanceof Vector, - "Expecting result to be stored in a vector"); - Vector<?> vec = (Vector<?>) result; - verify(vec.size() == resultIdx + 1, - "Expecting result vector size " + (resultIdx + 1)); - return vec.get(resultIdx); - } else { - return result; - } - } else { - return null; - } - } - - /** - * Runs a set of tests to verify correct operation of the - * ArgParser class. If all the tests run correctly, the - * program prints the message <code>Passed</code> and terminates. - * Otherwise, diagnostic information is printed at the first - * point of failure. - */ - public static void main(String[] args) { - ArgParserTest test = new ArgParserTest(); - - BooleanHolder bh = new BooleanHolder(); - boolean[] b3 = new boolean[3]; - CharHolder ch = new CharHolder(); - char[] c3 = new char[3]; - IntHolder ih = new IntHolder(); - int[] i3 = new int[3]; - LongHolder lh = new LongHolder(); - long[] l3 = new long[3]; - FloatHolder fh = new FloatHolder(); - float[] f3 = new float[3]; - DoubleHolder dh = new DoubleHolder(); - double[] d3 = new double[3]; - StringHolder sh = new StringHolder(); - String[] s3 = new String[3]; - - test.checkAdd("-foo %i{[0,10)}X3 #sets the value of foo", - // 0123456789012345 - i3, 'i', 3, new String[] { "-foo " }, - new RngCheck[] { - new RngCheck(0, CLOSED, 10, OPEN) }, - "sets the value of foo", null); - - test.checkAdd("-arg1,,", null, "Null option name given"); - test.checkAdd("-arg1,,goo %f ", null, "Null option name given"); - test.checkAdd(" ", null, "Null option name given"); - test.checkAdd("", null, "Null option name given"); - test.checkAdd(" %v", null, "Null option name given"); - test.checkAdd("-foo ", null, "No conversion character given"); - test.checkAdd("-foo %", null, "No conversion character given"); - test.checkAdd("foo, aaa bbb ", null, "Names not separated by ','"); - test.checkAdd(" foo aaa %d", null, "Names not separated by ','"); - test.checkAdd("-arg1,-b,", null, "Null option name given"); - test.checkAdd("-arg1,-b", null, "No conversion character given"); - test.checkAdd("-arg1 ", null, "No conversion character given"); - test.checkAdd("-arg1, %v", null, "Null option name given"); - test.checkAdd("-arg1,%v", null, "Null option name given"); - test.checkAdd("-foo %V", null, - "Conversion code 'V' not one of 'iodxcbfsvh'"); - test.checkAdd("-h %hX5", null, "Multipliers not supported for %h"); - test.checkAdd("-h %h{}", null, "Ranges not supported for %h"); - test.checkAdd("-help, -h %h #here is how we help you", - null, 'h', 1, new String[] { "-help ", "-h " }, - null, "here is how we help you", null); - - test.checkAdd( - "-arg1 ,-arg2=%d{0,3,(7,16]}X1 #x3 test", - l3, 'd', 1, new String[] { "-arg1 ", "-arg2=" }, - new RngCheck[] - { new RngCheck(0), - new RngCheck(3), - new RngCheck(7, OPEN, 16, CLOSED), - }, - "x3 test", null); - - test.checkAdd( - "bbb,ccc%x{[1,2]} #X3 x3 test", - l3, 'x', 1, new String[] { "bbb", "ccc" }, - new RngCheck[] - { new RngCheck(1, CLOSED, 2, CLOSED), - }, - "X3 x3 test", null); - - test.checkAdd( - " bbb ,ccc, ddd ,e , f=%bX1 #x3 test", - b3, 'b', 1, new String[] { "bbb ", "ccc", "ddd ", "e ", "f=" }, - null, - "x3 test", null); - - test.checkAdd( - " bbb ,ccc, ddd ,e , f= %bX3 #x3 test", - b3, 'b', 3, new String[] { "bbb ", "ccc ", "ddd ", "e ", "f= " }, - null, - "x3 test", null); - - test.checkAdd( - "-b,--bar %s{[\"john\",\"jerry\"),fred,\"harry\"} #sets bar", - sh, 's', 1, new String[] { "-b ", "--bar " }, - new RngCheck[] { - new RngCheck("jerry", OPEN, "john", CLOSED), - new RngCheck("fred"), - new RngCheck("harry") }, - "sets bar", null); - - test.checkAdd( - "-c ,coven%f{0.0,9.0,(6,5],[-9.1,10.2]} ", - dh, 'f', 1, new String[] { "-c ", "coven" }, - new RngCheck[] { - new RngCheck(0.0), - new RngCheck(9.0), - new RngCheck(5.0, CLOSED, 6.0, OPEN), - new RngCheck(-9.1, CLOSED, 10.2, CLOSED) }, - "", null); - - test.checkAdd( - "-b %b #a boolean value ", - bh, 'b', 1, new String[] { "-b " }, - new RngCheck[] {}, - "a boolean value ", null); - - test.checkAdd("-a %i", ih, 'i', 1, "-a ", null, "", null); - test.checkAdd("-a %o", lh, 'o', 1, "-a ", null, "", null); - test.checkAdd("-a %d", i3, 'd', 1, "-a ", null, "", null); - test.checkAdd("-a %x", l3, 'x', 1, "-a ", null, "", null); - test.checkAdd("-a %c", ch, 'c', 1, "-a ", null, "", null); - test.checkAdd("-a %c", c3, 'c', 1, "-a ", null, "", null); - test.checkAdd("-a %v", bh, 'v', 1, "-a ", null, "", null); - test.checkAdd("-a %b", b3, 'b', 1, "-a ", null, "", null); - test.checkAdd("-a %f", fh, 'f', 1, "-a ", null, "", null); - test.checkAdd("-a %f", f3, 'f', 1, "-a ", null, "", null); - test.checkAdd("-a %f", dh, 'f', 1, "-a ", null, "", null); - test.checkAdd("-a %f", d3, 'f', 1, "-a ", null, "", null); - - test.checkAdd("-a %i", fh, 'i', 1, "-a ", null, "", - "Invalid result holder for %i"); - test.checkAdd("-a %c", i3, 'c', 1, "-a ", null, "", - "Invalid result holder for %c"); - test.checkAdd("-a %v", d3, 'v', 1, "-a ", null, "", - "Invalid result holder for %v"); - test.checkAdd("-a %f", sh, 'f', 1, "-a ", null, "", - "Invalid result holder for %f"); - test.checkAdd("-a %s", l3, 's', 1, "-a ", null, "", - "Invalid result holder for %s"); - - test.checkAdd("-foo %i{} ", ih, 'i', 1, "-foo ", null, "", null); - test.checkAdd("-foo%i{}", ih, 'i', 1, "-foo", null, "", null); - test.checkAdd("-foo%i{ }", ih, 'i', 1, "-foo", null, "", null); - test.checkAdd("-foo%i{ }}", ih, - "Illegal character(s), expecting '#'"); - test.checkAdd("-foo%i{ ", ih, "Unterminated range specification"); - test.checkAdd("-foo%i{", ih, "Unterminated range specification"); - test.checkAdd("-foo%i{0,9", ih, "Unterminated range specification"); - test.checkAdd("-foo%i{1,2,3)", ih, - "Unterminated range specification"); - - test.checkAdd("-b %f{0.9}", fh, 'f', 1, "-b ", - new RngCheck[] { new RngCheck(0.9) }, - "", null); - test.checkAdd("-b %f{ 0.9 ,7, -0.5,-4 ,6 }", fh, 'f', 1, "-b ", - new RngCheck[] { new RngCheck(0.9), - new RngCheck(7.0), - new RngCheck(-0.5), - new RngCheck(-4.0), - new RngCheck(6.0) }, - "", null); - test.checkAdd("-b %f{ [0.9,7), (-0.5,-4),[9,6] , (10,13.4] }", - fh, 'f', 1, "-b ", - new RngCheck[] { new RngCheck(0.9, CLOSED, 7.0, OPEN), - new RngCheck(-4.0, OPEN, -.5, OPEN), - new RngCheck(6.0, CLOSED, 9.0, CLOSED), - new RngCheck(10.0, OPEN, 13.4, CLOSED), - }, - "", null); - test.checkAdd("-b %f{(8 9]}", fh, - "Missing ',' in subrange specification"); - test.checkAdd("-b %f{(8,9,]}", fh, - "Unterminated subrange"); - test.checkAdd("-b %f{(8,9 ,]}", fh, - "Unterminated subrange"); - test.checkAdd("-b %f{(8,9 8]}", fh, - "Unterminated subrange"); - test.checkAdd("-b %f{8 9}", fh, - "Range spec: ',' or '}' expected"); - test.checkAdd("-b %f{8 *}", fh, - "Range spec: ',' or '}' expected"); - - test.checkAdd("-b %f{8y}", fh, - "Range spec: ',' or '}' expected"); - test.checkAdd("-b %f{.}", fh, - "Malformed float '.}' in range spec"); - test.checkAdd("-b %f{1.0e}", fh, - "Malformed float '1.0e}' in range spec"); - test.checkAdd("-b %f{[*]}", fh, - "Malformed float '*' in range spec"); - test.checkAdd("-b %f{1.2e5t}", fh, - "Range spec: ',' or '}' expected"); - - test.checkAdd("-b %i{8}", ih, 'i', 1, "-b ", - new RngCheck[] { new RngCheck(8) }, - "", null); - test.checkAdd("-b %i{8, 9,10 }", ih, 'i', 1, "-b ", - new RngCheck[] { new RngCheck(8), - new RngCheck(9), - new RngCheck(10) }, - "", null); - test.checkAdd("-b %i{8, [-9,10),[-17,15],(2,-33),(8,9] }", - ih, 'i', 1, "-b ", - new RngCheck[] { new RngCheck(8), - new RngCheck(-9, CLOSED, 10, OPEN), - new RngCheck(-17, CLOSED, 15, CLOSED), - new RngCheck(-33, OPEN, 2, OPEN), - new RngCheck(8, OPEN, 9, CLOSED), - }, - "", null); - test.checkAdd("-b %i{8.7}", ih, - "Range spec: ',' or '}' expected"); - test.checkAdd("-b %i{6,[*]}", ih, - "Malformed integer '*' in range spec"); - test.checkAdd("-b %i{g76}", ih, - "Malformed integer 'g' in range spec"); - - test.checkAdd("-b %s{foobar}", sh, 's', 1, "-b ", - new RngCheck[] { new RngCheck("foobar") }, - "", null); - test.checkAdd("-b %s{foobar, 0x233,\" \"}", sh, 's', 1, "-b ", - new RngCheck[] { new RngCheck("foobar"), - new RngCheck("0x233"), - new RngCheck(" ") }, - "", null); - test.checkAdd("-b %s{foobar,(bb,aa], [\"01\",02]}", - sh, 's', 1, "-b ", - new RngCheck[] - { new RngCheck("foobar"), - new RngCheck("aa", CLOSED, "bb", OPEN), - new RngCheck("01", CLOSED, "02", CLOSED), - }, - "", null); - - test.checkAdd("-b %c{'a'}", ch, 'c', 1, "-b ", - new RngCheck[] { new RngCheck('a') }, - "", null); - test.checkAdd("-b %c{'\\n', '\\002', 'B'}", ch, 'c', 1, "-b ", - new RngCheck[] { new RngCheck('\n'), - new RngCheck('\002'), - new RngCheck('B') }, - "", null); - test.checkAdd("-b %c{'q',('g','a'], ['\t','\\003']}", - ch, 'c', 1, "-b ", - new RngCheck[] - { new RngCheck('q'), - new RngCheck('a', CLOSED, 'g', OPEN), - new RngCheck('\003', CLOSED, '\t', CLOSED), - }, - "", null); - - test.checkAdd("-b %b{true}X2", b3, 'b', 2, "-b ", - new RngCheck[] { new RngCheck(true) }, - "", null); - test.checkAdd("-b %b{ true , false, true }", bh, 'b', 1, "-b ", - new RngCheck[] { new RngCheck(true), - new RngCheck(false), - new RngCheck(true) }, - "", null); - test.checkAdd("-b %v{true,[true,false)}", bh, - "Sub ranges not supported for %b or %v"); - test.checkAdd("-b %v{true,[]}", bh, - "Sub ranges not supported for %b or %v"); - test.checkAdd("-b %b{tru}", bh, - "Malformed boolean 'tru}' in range spec"); - - test.checkAdd("-b %iX2", i3, 'i', 2, "-b ", null, "", null); - test.checkAdd("-b %vX3", b3, 'v', 3, "-b ", null, "", null); - test.checkAdd("-b %v{ }X3", b3, 'v', 3, "-b ", null, "", null); - - test.checkAdd("-b=%iX2", i3, 'i', 2, "-b", null, "", - "Multiplier value incompatible with one word option -b="); - test.checkAdd("-b %iX0", i3, 'i', 0, "-b ", null, "", - "Value multiplier number must be > 0"); - test.checkAdd("-b %iX-6", i3, 'i', 0, "-b ", null, "", - "Value multiplier number must be > 0"); - test.checkAdd("-b %iXy", i3, 'i', 0, "-b ", null, "", - "Malformed value multiplier"); - test.checkAdd("-b %iX4", i3, 'i', 4, "-b ", null, "", - "Result holder array must have a length >= 4"); - test.checkAdd("-b %iX4", ih, 'i', 4, "-b ", null, "", - "Multiplier requires result holder to be an array of length >= 4"); - - test.checkAdd("-b %i #X4", ih, 'i', 1, "-b ", null, "X4", null); - test.checkAdd("-b %i #[}X4", ih, 'i', 1, "-b ", null, "[}X4", null); - - // test.checkPrintHelp(""); - // test.checkPrintUsage(""); - - test = new ArgParserTest(); - - test.checkAdd( - "-intarg %i{1,2,(9,18],[22,27],[33,38),(45,48)} #test int arg", - ih, 'i', 1, "-intarg ", - new RngCheck[] - { new RngCheck(1), - new RngCheck(2), - new RngCheck(9, OPEN, 18, CLOSED), - new RngCheck(22, CLOSED, 27, CLOSED), - new RngCheck(33, CLOSED, 38, OPEN), - new RngCheck(45, OPEN, 48, OPEN), - }, - "test int arg", null); - - MTest[] tests; - - tests = new MTest[] - { - new MTest("-intarg 1", new Long(1)), - new MTest("-intarg 3", new MErr('r', "3")), - new MTest("-intarg 9", new MErr('r', "9")), - new MTest("-intarg 11", new Long(11)), - new MTest("-intarg 18", new Long(18)), - new MTest("-intarg 22", new Long(22)), - new MTest("-intarg 25", new Long(25)), - new MTest("-intarg 27", new Long(27)), - new MTest("-intarg 33", new Long(33)), - new MTest("-intarg 35", new Long(35)), - new MTest("-intarg 38", new MErr('r', "38")), - new MTest("-intarg 45", new MErr('r', "45")), - new MTest("-intarg 46", new Long(46)), - new MTest("-intarg 48", new MErr('r', "48")), - new MTest("-intarg 100", new MErr('r', "100")), - new MTest("-intarg 0xbeef", new MErr('r', "0xbeef")), - new MTest("-intarg 0x2f", new Long(0x2f)), - new MTest("-intarg 041", new Long(041)), - }; - test.checkMatches(tests, MULTI_WORD); - - test.checkAdd( - "-farg %f{1,2,(9,18],[22,27],[33,38),(45,48)} #test float arg", - dh, 'f', 1, "-farg ", - new RngCheck[] - { - new RngCheck(1.0), - new RngCheck(2.0), - new RngCheck(9.0, OPEN, 18.0, CLOSED), - new RngCheck(22.0, CLOSED, 27.0, CLOSED), - new RngCheck(33.0, CLOSED, 38.0, OPEN), - new RngCheck(45.0, OPEN, 48.0, OPEN), - }, - "test float arg", null); - - tests = new MTest[] - { - new MTest("-farg 1", new Double(1)), - new MTest("-farg 3", new MErr('r', "3")), - new MTest("-farg 9", new MErr('r', "9")), - new MTest("-farg 9.0001", new Double(9.0001)), - new MTest("-farg 11", new Double(11)), - new MTest("-farg 18", new Double(18)), - new MTest("-farg 22", new Double(22)), - new MTest("-farg 25", new Double(25)), - new MTest("-farg 27", new Double(27)), - new MTest("-farg 33", new Double(33)), - new MTest("-farg 35", new Double(35)), - new MTest("-farg 37.9999", new Double(37.9999)), - new MTest("-farg 38", new MErr('r', "38")), - new MTest("-farg 45", new MErr('r', "45")), - new MTest("-farg 45.0001", new Double(45.0001)), - new MTest("-farg 46", new Double(46)), - new MTest("-farg 47.9999", new Double(47.9999)), - new MTest("-farg 48", new MErr('r', "48")), - new MTest("-farg 100", new MErr('r', "100")), - new MTest("-farg 0", new MErr('r', "0")), - }; - test.checkMatches(tests, MULTI_WORD); - - test.checkAdd( - "-sarg %s{1,2,(AA,AZ],[BB,BX],[C3,C8),(d5,d8)} #test string arg", - s3, 's', 1, "-sarg ", - new RngCheck[] - { new RngCheck("1"), - new RngCheck("2"), - new RngCheck("AA", OPEN, "AZ", CLOSED), - new RngCheck("BB", CLOSED, "BX", CLOSED), - new RngCheck("C3", CLOSED, "C8", OPEN), - new RngCheck("d5", OPEN, "d8", OPEN), - }, - "test string arg", null); - - tests = new MTest[] - { - new MTest("-sarg 1", "1"), - new MTest("-sarg 3", new MErr('r', "3")), - new MTest("-sarg AA", new MErr('r', "AA")), - new MTest("-sarg AM", "AM"), - new MTest("-sarg AZ", "AZ"), - new MTest("-sarg BB", "BB"), - new MTest("-sarg BL", "BL"), - new MTest("-sarg BX", "BX"), - new MTest("-sarg C3", "C3"), - new MTest("-sarg C6", "C6"), - new MTest("-sarg C8", new MErr('r', "C8")), - new MTest("-sarg d5", new MErr('r', "d5")), - new MTest("-sarg d6", "d6"), - new MTest("-sarg d8", new MErr('r', "d8")), - new MTest("-sarg zzz", new MErr('r', "zzz")), - new MTest("-sarg 0", new MErr('r', "0")), - }; - test.checkMatches(tests, MULTI_WORD); - - test = new ArgParserTest(); - - test.checkAdd( - "-carg %c{1,2,(a,z],['A','Z'],['\\001',\\007),(4,8)}", - c3, 'c', 1, "-carg ", - new RngCheck[] - { new RngCheck('1'), - new RngCheck('2'), - new RngCheck('a', OPEN, 'z', CLOSED), - new RngCheck('A', CLOSED, 'Z', CLOSED), - new RngCheck('\001', CLOSED, '\007', OPEN), - new RngCheck('4', OPEN, '8', OPEN), - }, - "", null); - - tests = new MTest[] - { - new MTest("-carg 1", new Character('1')), - new MTest("-carg 3", new MErr('r', "3")), - new MTest("-carg a", new MErr('r', "a")), - new MTest("-carg m", new Character('m')), - new MTest("-carg z", new Character('z')), - new MTest("-carg A", new Character('A')), - new MTest("-carg 'L'", new Character('L')), - new MTest("-carg 'Z'", new Character('Z')), - new MTest("-carg \\001", new Character('\001')), - new MTest("-carg \\005", new Character('\005')), - new MTest("-carg '\\007'", new MErr('r', "'\\007'")), - new MTest("-carg '4'", new MErr('r', "'4'")), - new MTest("-carg 6", new Character('6')), - new MTest("-carg 8", new MErr('r', "8")), - new MTest("-carg '\\012'", new MErr('r', "'\\012'")), - new MTest("-carg 0", new MErr('r', "0")), - }; - test.checkMatches(tests, MULTI_WORD); - - test.checkAdd( - "-foo=%i{[-50,100]}", ih, 'i', 1, "-foo=", - new RngCheck[] - { new RngCheck(-50, CLOSED, 100, CLOSED), - }, - "", null); - - tests = new MTest[] - { - new MTest("-foo=-51", new MErr('r', "-51")), - new MTest("-foo=-0x32", new Long(-0x32)), - new MTest("-foo=-0x33", new MErr('r', "-0x33")), - new MTest("-foo=-0777", new MErr('r', "-0777")), - new MTest("-foo=-07", new Long(-07)), - new MTest("-foo=0", new Long(0)), - new MTest("-foo=100", new Long(100)), - new MTest("-foo=0x5e", new Long(0x5e)), - new MTest("-foo=066", new Long(066)), - new MTest("-foo=06677", new MErr('r', "06677")), - new MTest("-foo=0xbeef", new MErr('r', "0xbeef")), - new MTest("-foo=foo", new MErr('m', "foo")), - new MTest("-foo=-51d", new MErr('m', "-51d")), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-foo2=%i", ih, 'i', 1, "-foo2=", null, "", null); - tests = new MTest[] - { - new MTest("-foo2=-51", new Long(-51)), - new MTest("-foo2=-0x33", new Long(-0x33)), - new MTest("-foo2=-0777", new Long(-0777)), - new MTest("-foo2=06677", new Long(06677)), - new MTest("-foo2=0xbeef", new Long(0xbeef)), - new MTest("-foo2=foo", new MErr('m', "foo")), - new MTest("-foo2=-51d", new MErr('m', "-51d")), - new MTest("-foo2=-51", new Long(-51)), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-foo3 %iX3", i3, 'i', 3, "-foo3 ", null, "", null); - tests = new MTest[] - { - new MTest("-foo3 -51 678 0x45", - new long[] { -51, 678, 0x45 }), - new MTest("-foo3 55 16f 55", new MErr('m', "16f")), - new MTest("-foo3 55 16", new MErr('v', "3")), - }; - test.checkMatches(tests, MULTI_WORD); - - Vector<String> vec = new Vector<String>(100); - - test.checkAdd("-foov3 %iX3", vec, 'i', 3, "-foov3 ", null, "", null); - tests = new MTest[] - { new MTest("-foov3 -1 2 4", new long[] { -1, 2, 4 }, 0), - new MTest("-foov3 10 3 9", new long[] { 10, 3, 9 }, 1), - new MTest("-foov3 123 1 0", new long[] { 123, 1, 0 }, 2), - }; - vec.clear(); - test.checkMatches(tests, MULTI_WORD); - test.checkAdd("-foov %i", vec, 'i', 1, "-foov ", null, "", null); - tests = new MTest[] - { new MTest("-foov 11", new Long(11), 0), - new MTest("-foov 12", new Long(12), 1), - new MTest("-foov 13", new Long(13), 2), - }; - vec.clear(); - test.checkMatches(tests, MULTI_WORD); - - test.checkAdd( - "-foo4 %i{[-50,100]}X2", i3, 'i', 2, "-foo4 ", - new RngCheck[] - { new RngCheck(-50, CLOSED, 100, CLOSED), - }, - "", null); - tests = new MTest[] - { - new MTest("-foo4 -49 78", - new long[] { -49, 78 }), - new MTest("-foo4 -48 102", new MErr('r', "102")), - }; - test.checkMatches(tests, MULTI_WORD); - - test.checkAdd( - "-oct=%o{[-062,0144]}", ih, 'o', 1, "-oct=", - new RngCheck[] - { new RngCheck(-50, CLOSED, 100, CLOSED), - }, - "", null); - - tests = new MTest[] - { - new MTest("-oct=-063", new MErr('r', "-063")), - new MTest("-oct=-0x32", new MErr('m', "-0x32")), - new MTest("-oct=-0777", new MErr('r', "-0777")), - new MTest("-oct=-07", new Long(-07)), - new MTest("-oct=0", new Long(0)), - new MTest("-oct=100", new Long(64)), - new MTest("-oct=0xae", new MErr('m', "0xae")), - new MTest("-oct=66", new Long(066)), - new MTest("-oct=06677", new MErr('r', "06677")), - new MTest("-oct=0xbeef", new MErr('m', "0xbeef")), - new MTest("-oct=foo", new MErr('m', "foo")), - new MTest("-oct=-51d", new MErr('m', "-51d")), - new MTest("-oct=78", new MErr('m', "78")), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-oct2=%o", ih, 'o', 1, "-oct2=", null, "", null); - tests = new MTest[] - { - new MTest("-oct2=-063", new Long(-063)), - new MTest("-oct2=-0777", new Long(-0777)), - new MTest("-oct2=06677", new Long(06677)), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd( - "-dec=%d{[-0x32,0x64]}", ih, 'd', 1, "-dec=", - new RngCheck[] - { new RngCheck(-50, CLOSED, 100, CLOSED), - }, - "", null); - - tests = new MTest[] - { - new MTest("-dec=-063", new MErr('r', "-063")), - new MTest("-dec=-0x32", new MErr('m', "-0x32")), - new MTest("-dec=-0777", new MErr('r', "-0777")), - new MTest("-dec=-07", new Long(-07)), - new MTest("-dec=0", new Long(0)), - new MTest("-dec=100", new Long(100)), - new MTest("-dec=0xae", new MErr('m', "0xae")), - new MTest("-dec=66", new Long(66)), - new MTest("-dec=06677", new MErr('r', "06677")), - new MTest("-dec=0xbeef", new MErr('m', "0xbeef")), - new MTest("-dec=foo", new MErr('m', "foo")), - new MTest("-dec=-51d", new MErr('m', "-51d")), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-dec2=%d", ih, 'd', 1, "-dec2=", null, "", null); - tests = new MTest[] - { - new MTest("-dec2=-063", new Long(-63)), - new MTest("-dec2=-0777", new Long(-777)), - new MTest("-dec2=06677", new Long(6677)), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd( - "-hex=%x{[-0x32,0x64]}", ih, 'x', 1, "-hex=", - new RngCheck[] - { new RngCheck(-50, CLOSED, 100, CLOSED), - }, - "", null); - - tests = new MTest[] - { - new MTest("-hex=-06", new Long(-0x6)), - new MTest("-hex=-0x3g2", new MErr('m', "-0x3g2")), - new MTest("-hex=-0777", new MErr('r', "-0777")), - new MTest("-hex=-017", new Long(-0x17)), - new MTest("-hex=0", new Long(0)), - new MTest("-hex=64", new Long(0x64)), - new MTest("-hex=5e", new Long(0x5e)), - new MTest("-hex=66", new MErr('r', "66")), - new MTest("-hex=06677", new MErr('r', "06677")), - new MTest("-hex=0xbeef", new MErr('m', "0xbeef")), - new MTest("-hex=foo", new MErr('m', "foo")), - new MTest("-hex=-51d", new MErr('r', "-51d")), - new MTest("-hex=-51g", new MErr('m', "-51g")), - new MTest("-hex=", new MErr('c', "")), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-hex2=%x", ih, 'x', 1, "-hex2=", null, "", null); - tests = new MTest[] - { - new MTest("-hex2=-0777", new Long(-0x777)), - new MTest("-hex2=66", new Long(0x66)), - new MTest("-hex2=06677", new Long(0x6677)), - new MTest("-hex2=-51d", new Long(-0x51d)), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd( - "-char=%c{['b','m']}", ch, 'c', 1, "-char=", - new RngCheck[] - { new RngCheck('b', CLOSED, 'm', CLOSED), - }, - "", null); - - tests = new MTest[] - { - new MTest("-char=a", new MErr('r', "a")), - new MTest("-char=b", new Character('b')), - new MTest("-char='b'", new Character('b')), - new MTest("-char='\142'", new Character('b')), - new MTest("-char='\141'", new MErr('r', "'\141'")), - new MTest("-char=\142", new Character('b')), - new MTest("-char=\141", new MErr('r', "\141")), - new MTest("-char=m", new Character('m')), - new MTest("-char=z", new MErr('r', "z")), - new MTest("-char=bb", new MErr('m', "bb")), - new MTest("-char='b", new MErr('m', "'b")), - new MTest("-char='", new MErr('m', "'")), - new MTest("-char=a'", new MErr('m', "a'")), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-char2=%c", ch, 'c', 1, "-char2=", null, "", null); - tests = new MTest[] - { - new MTest("-char2=a", new Character('a')), - new MTest("-char2='\141'", new Character('\141')), - new MTest("-char2=\141", new Character('\141')), - new MTest("-char2=z", new Character('z')), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-charv3 %cX3", vec, 'c', 3, "-charv3 ", null, "", null); - tests = new MTest[] - { new MTest("-charv3 a b c", new char[] { 'a', 'b', 'c' }, 0), - new MTest("-charv3 'g' f '\\n'", new char[] { 'g', 'f', '\n' }, 1), - new MTest("-charv3 1 \001 3", new char[] { '1', '\001', '3' }, 2), - }; - vec.clear(); - test.checkMatches(tests, MULTI_WORD); - test.checkAdd("-charv=%c", vec, 'c', 1, "-charv=", null, "", null); - tests = new MTest[] - { new MTest("-charv=d", new Character('d'), 0), - new MTest("-charv='g'", new Character('g'), 1), - new MTest("-charv=\111", new Character('\111'), 2), - }; - vec.clear(); - test.checkMatches(tests, ONE_WORD); - - test.checkAdd( - "-bool=%b{true}", bh, 'b', 1, "-bool=", - new RngCheck[] - { new RngCheck(true), - }, - "", null); - - tests = new MTest[] - { - new MTest("-bool=true", new Boolean(true)), - new MTest("-bool=false", new MErr('r', "false")), - new MTest("-bool=fals", new MErr('m', "fals")), - new MTest("-bool=falsem", new MErr('m', "falsem")), - new MTest("-bool=truex", new MErr('m', "truex")), - new MTest("-bool=foo", new MErr('m', "foo")), - new MTest("-bool=1", new MErr('m', "1")), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd( - "-boo2=%b{true,false}", bh, 'b', 1, "-boo2=", - new RngCheck[] - { new RngCheck(true), - new RngCheck(false), - }, - "", null); - - tests = new MTest[] - { - new MTest("-boo2=true", new Boolean(true)), - new MTest("-boo2=false", new Boolean(false)), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-boo3=%b", bh, 'b', 1, "-boo3=", null, "", null); - tests = new MTest[] - { - new MTest("-boo3=true", new Boolean(true)), - new MTest("-boo3=false", new Boolean(false)), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-boo3 %bX3", b3, 'b', 3, "-boo3 ", null, "", null); - tests = new MTest[] - { - new MTest("-boo3 true false true", - new boolean[] { true, false, true }), - new MTest("-boo3 true fals true", new MErr('m', "fals")), - }; - test.checkMatches(tests, MULTI_WORD); - - test.checkAdd("-boov3 %bX3", vec, 'b', 3, "-boov3 ", null, "", null); - tests = new MTest[] - { new MTest("-boov3 true true false", - new boolean[] { true, true, false }, 0), - new MTest("-boov3 false false true", - new boolean[] { false, false, true }, 1), - }; - vec.clear(); - test.checkMatches(tests, MULTI_WORD); - test.checkAdd("-boov %b", vec, 'b', 1, "-boov ", null, "", null); - tests = new MTest[] - { new MTest("-boov true", new Boolean(true), 0), - new MTest("-boov false", new Boolean(false), 1), - new MTest("-boov true", new Boolean(true), 2), - }; - vec.clear(); - test.checkMatches(tests, MULTI_WORD); - - test.checkAdd("-v3 %vX2", b3, 'v', 2, "-v3 ", null, "", null); - tests = new MTest[] - { new MTest("-v3", new boolean[] { true, true }), - }; - test.checkMatches(tests, MULTI_WORD); - - test.checkAdd( - "-vf %v{false,true}X2", b3, 'v', 2, "-vf ", - new RngCheck[] - { new RngCheck(false), - new RngCheck(true), - }, - "", null); - tests = new MTest[] - { new MTest("-vf", new boolean[] { false, false }), - }; - test.checkMatches(tests, MULTI_WORD); - - test.checkAdd( - "-str=%s{(john,zzzz]}", sh, 's', 1, "-str=", - new RngCheck[] - { new RngCheck("john", OPEN, "zzzz", CLOSED), - }, - "", null); - - tests = new MTest[] - { - new MTest("-str=john", new MErr('r', "john")), - new MTest("-str=joho ", "joho "), - new MTest("-str=joho ", "joho "), - new MTest("-str=zzzz", "zzzz"), - new MTest("-str= joho", new MErr('r', " joho")), - new MTest("-str=jnhn ", new MErr('r', "jnhn ")), - new MTest("-str=zzzzz", new MErr('r', "zzzzz")), - new MTest("-str=\"joho\"", new MErr('r', "\"joho\"")), - new MTest("-str=\"joho", new MErr('r', "\"joho")), - new MTest("-str=joho j", "joho j"), // new MErr('m', "joho j")), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-str2=%s", sh, 's', 1, "-str2=", null, "", null); - tests = new MTest[] - { - new MTest("-str2= jnhn", " jnhn"), - new MTest("-str2=zzzzz", "zzzzz"), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-str3 %sX3", s3, 's', 3, "-str3 ", null, "", null); - tests = new MTest[] - { - new MTest("-str3 foo bar johnny", - new String[] { "foo", "bar", "johnny" }), - new MTest("-str3 zzzzz \"bad foo", - new String[] { "zzzzz", "\"bad", "foo" - }), // new MErr('m', "\"bad")), - }; - test.checkMatches(tests, MULTI_WORD); - - test.checkAdd("-strv3 %sX3", vec, 's', 3, "-strv3 ", null, "", null); - tests = new MTest[] - { new MTest("-strv3 foo bar \"hihi\"", - new String[] { "foo", "bar", "\"hihi\"" }, 0), - new MTest("-strv3 a 123 gg", - new String[] { "a", "123", "gg" }, 1), - }; - vec.clear(); - test.checkMatches(tests, MULTI_WORD); - test.checkAdd("-strv=%s", vec, 's', 1, "-strv=", null, "", null); - tests = new MTest[] - { new MTest("-strv=d", "d", 0), - new MTest("-strv='g'", "'g'", 1), - new MTest("-strv=\\111", "\\111", 2), - }; - vec.clear(); - test.checkMatches(tests, ONE_WORD); - - test.checkAdd( - "-float=%f{(-0.001,1000.0]}", dh, 'f', 1, "-float=", - new RngCheck[] - { new RngCheck(-0.001, OPEN, 1000.0, CLOSED), - }, - "", null); - - tests = new MTest[] - { - new MTest("-float=-0.000999", new Double(-0.000999)), - new MTest("-float=1e-3", new Double(0.001)), - new MTest("-float=12.33e1", new Double(123.3)), - new MTest("-float=1e3", new Double(1e3)), - new MTest("-float=1000.000", new Double(1000.0)), - new MTest("-float=-0.001", new MErr('r', "-0.001")), - new MTest("-float=-1e-3", new MErr('r', "-1e-3")), - new MTest("-float=1000.001", new MErr('r', "1000.001")), - new MTest("-float=.", new MErr('m', ".")), - new MTest("-float= 124.5 ", new Double(124.5)), - new MTest("-float=124.5x", new MErr('m', "124.5x")), - new MTest("-float= foo ", new MErr('m', " foo ")), - new MTest("-float=1e1", new Double(10)), - new MTest("-float=1e ", new MErr('m', "1e ")), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-float2=%f", dh, 'f', 1, "-float2=", null, "", null); - tests = new MTest[] - { - new MTest("-float2=-0.001", new Double(-0.001)), - new MTest("-float2=-1e-3", new Double(-1e-3)), - new MTest("-float2=1000.001", new Double(1000.001)), - }; - test.checkMatches(tests, ONE_WORD); - - test.checkAdd("-f3 %fX3", d3, 'f', 3, "-f3 ", null, "", null); - tests = new MTest[] - { - new MTest("-f3 -0.001 1.23e5 -9.88e-4", - new double[] { -0.001, 1.23e5, -9.88e-4 }), - new MTest("-f3 7.88 foo 9.0", new MErr('m', "foo")), - new MTest("-f3 7.88 . 9.0", new MErr('m', ".")), - new MTest("-f3 7.88 3.0 9.0x", new MErr('m', "9.0x")), - }; - test.checkMatches(tests, MULTI_WORD); - - test.checkAdd("-fv3 %fX3", vec, 'f', 3, "-fv3 ", null, "", null); - tests = new MTest[] - { new MTest("-fv3 1.0 3.444 6.7", - new double[] { 1.0, 3.444, 6.7 }, 0), - new MTest("-fv3 13e-5 145.678 0.0001e45", - new double[] { 13e-5, 145.678, 0.0001e45 }, 1), - new MTest("-fv3 11.11 3.1245 -1e-4", - new double[] { 11.11, 3.1245, -1e-4 }, 2), - new MTest("-fv3 1.0 2 3", - new double[] { 1.0, 2.0, 3.0 }, 3), - }; - vec.clear(); - test.checkMatches(tests, MULTI_WORD); - test.checkAdd("-fv %f", vec, 'f', 1, "-fv ", null, "", null); - tests = new MTest[] - { new MTest("-fv -15.1234", new Double(-15.1234), 0), - new MTest("-fv -1.234e-7", new Double(-1.234e-7), 1), - new MTest("-fv 0.001111", new Double(0.001111), 2), - }; - vec.clear(); - test.checkMatches(tests, MULTI_WORD); - - IntHolder intHolder = new IntHolder(); - StringHolder strHolder = new StringHolder(); - - ArgParser parser = new ArgParser("test"); - parser.addOption("-foo %d #an int", intHolder); - parser.addOption("-bar %s #a string", strHolder); - args = new String[] - { "zzz", "-cat", "-foo", "123", "yyy", "-bar", "xxxx", "xxx" - }; - - String[] unmatchedCheck = new String[] - { "zzz", "-cat", "yyy", "xxx" - }; - - String[] unmatched = parser.matchAllArgs(args, 0, 0); - test.checkStringArray( - "Unmatched args:", unmatched, unmatchedCheck); - - vec.clear(); - for (int i = 0; i < args.length;) { - try { - i = parser.matchArg(args, i); - if (parser.getUnmatchedArgument() != null) { - vec.add(parser.getUnmatchedArgument()); - } - } catch (Exception e) { - } - } - unmatched = vec.toArray(new String[0]); - test.checkStringArray( - "My unmatched args:", unmatched, unmatchedCheck); - - System.out.println("\nPassed\n"); - - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/BooleanHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/BooleanHolder.java deleted file mode 100644 index 8c98e8ab8..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/BooleanHolder.java +++ /dev/null @@ -1,54 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Wrapper class which ``holds'' a boolean value, - * enabling methods to return boolean values through - * arguments. - */ -public class BooleanHolder implements java.io.Serializable { - /** - * - */ - private static final long serialVersionUID = -2863748864787121510L; - /** - * Value of the boolean, set and examined - * by the application as needed. - */ - public boolean value; - - /** - * Constructs a new <code>BooleanHolder</code> with an initial - * value of <code>false</code>. - */ - public BooleanHolder() { - value = false; - } - - /** - * Constructs a new <code>BooleanHolder</code> with a - * specific initial value. - * - * @param b Initial boolean value. - */ - public BooleanHolder(boolean b) { - value = b; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/CharHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/CharHolder.java deleted file mode 100644 index ed0ecb215..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/CharHolder.java +++ /dev/null @@ -1,54 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Wrapper class which ``holds'' a character value, - * enabling methods to return character values through - * arguments. - */ -public class CharHolder implements java.io.Serializable { - /** - * - */ - private static final long serialVersionUID = 7340010668929015745L; - /** - * Value of the character, set and examined - * by the application as needed. - */ - public char value; - - /** - * Constructs a new <code>CharHolder</code> with an initial - * value of 0. - */ - public CharHolder() { - value = 0; - } - - /** - * Constructs a new <code>CharHolder</code> with a - * specific initial value. - * - * @param c Initial character value. - */ - public CharHolder(char c) { - value = c; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/DoubleHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/DoubleHolder.java deleted file mode 100644 index a1e4388b4..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/DoubleHolder.java +++ /dev/null @@ -1,54 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Wrapper class which ``holds'' a double value, - * enabling methods to return double values through - * arguments. - */ -public class DoubleHolder implements java.io.Serializable { - /** - * - */ - private static final long serialVersionUID = 5461991811517552431L; - /** - * Value of the double, set and examined - * by the application as needed. - */ - public double value; - - /** - * Constructs a new <code>DoubleHolder</code> with an initial - * value of 0. - */ - public DoubleHolder() { - value = 0; - } - - /** - * Constructs a new <code>DoubleHolder</code> with a - * specific initial value. - * - * @param d Initial double value. - */ - public DoubleHolder(double d) { - value = d; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/FloatHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/FloatHolder.java deleted file mode 100644 index 9fd938d29..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/FloatHolder.java +++ /dev/null @@ -1,54 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Wrapper class which ``holds'' a float value, - * enabling methods to return float values through - * arguments. - */ -public class FloatHolder implements java.io.Serializable { - /** - * - */ - private static final long serialVersionUID = -7962968109874934361L; - /** - * Value of the float, set and examined - * by the application as needed. - */ - public float value; - - /** - * Constructs a new <code>FloatHolder</code> with an initial - * value of 0. - */ - public FloatHolder() { - value = 0; - } - - /** - * Constructs a new <code>FloatHolder</code> with a - * specific initial value. - * - * @param f Initial float value. - */ - public FloatHolder(float f) { - value = f; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/IntHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/IntHolder.java deleted file mode 100644 index c8672dba6..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/IntHolder.java +++ /dev/null @@ -1,54 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Wrapper class which ``holds'' an integer value, - * enabling methods to return integer values through - * arguments. - */ -public class IntHolder implements java.io.Serializable { - /** - * - */ - private static final long serialVersionUID = -5303361328570056819L; - /** - * Value of the integer, set and examined - * by the application as needed. - */ - public int value; - - /** - * Constructs a new <code>IntHolder</code> with an initial - * value of 0. - */ - public IntHolder() { - value = 0; - } - - /** - * Constructs a new <code>IntHolder</code> with a - * specific initial value. - * - * @param i Initial integer value. - */ - public IntHolder(int i) { - value = i; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/LongHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/LongHolder.java deleted file mode 100644 index 7647b2c1d..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/LongHolder.java +++ /dev/null @@ -1,54 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Wrapper class which ``holds'' a long value, - * enabling methods to return long values through - * arguments. - */ -public class LongHolder implements java.io.Serializable { - /** - * - */ - private static final long serialVersionUID = 1559599139421340971L; - /** - * Value of the long, set and examined - * by the application as needed. - */ - public long value; - - /** - * Constructs a new <code>LongHolder</code> with an initial - * value of 0. - */ - public LongHolder() { - value = 0; - } - - /** - * Constructs a new <code>LongHolder</code> with a - * specific initial value. - * - * @param l Initial long value. - */ - public LongHolder(long l) { - value = l; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/ObjectHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/ObjectHolder.java deleted file mode 100644 index cce555984..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/ObjectHolder.java +++ /dev/null @@ -1,54 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Wrapper class which ``holds'' an Object reference, - * enabling methods to return Object references through - * arguments. - */ -public class ObjectHolder implements java.io.Serializable { - /** - * - */ - private static final long serialVersionUID = 1825881254530066307L; - /** - * Value of the Object reference, set and examined - * by the application as needed. - */ - public Object value; - - /** - * Constructs a new <code>ObjectHolder</code> with an initial - * value of <code>null</code>. - */ - public ObjectHolder() { - value = null; - } - - /** - * Constructs a new <code>ObjectHolder</code> with a - * specific initial value. - * - * @param o Initial Object reference. - */ - public ObjectHolder(Object o) { - value = o; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/SimpleExample.java b/base/silent/src/com/netscape/pkisilent/argparser/SimpleExample.java deleted file mode 100644 index 6970d318d..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/SimpleExample.java +++ /dev/null @@ -1,53 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Gives a very simple example of the use of {@link argparser.ArgParser ArgParser}. - */ -public class SimpleExample { - /** - * Run this to invoke command line parsing. - */ - public static void main(String[] args) { - // create holder objects for storing results ... - - DoubleHolder theta = new DoubleHolder(); - StringHolder fileName = new StringHolder(); - BooleanHolder debug = new BooleanHolder(); - - // create the parser and specify the allowed options ... - - ArgParser parser = new ArgParser("java argparser.SimpleExample"); - parser.addOption("-theta %f #theta value (in degrees)", theta); - parser.addOption("-file %s #name of the operating file", fileName); - parser.addOption("-debug %v #enables display of debugging info", - debug); - - // and then match the arguments - - parser.matchAllArgs(args); - - // now print out the values - - System.out.println("theta=" + theta.value); - System.out.println("fileName=" + fileName.value); - System.out.println("debug=" + debug.value); - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/StringHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/StringHolder.java deleted file mode 100644 index 00d7b6e77..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/StringHolder.java +++ /dev/null @@ -1,54 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Wrapper class which ``holds'' a String reference, - * enabling methods to return String references through - * arguments. - */ -public class StringHolder implements java.io.Serializable { - /** - * - */ - private static final long serialVersionUID = -3184348746223759310L; - /** - * Value of the String reference, set and examined - * by the application as needed. - */ - public String value; - - /** - * Constructs a new <code>StringHolder</code> with an - * initial value of <code>null</code>. - */ - public StringHolder() { - value = null; - } - - /** - * Constructs a new <code>StringHolder</code> with a - * specific initial value. - * - * @param s Initial String reference. - */ - public StringHolder(String s) { - value = s; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/StringScanException.java b/base/silent/src/com/netscape/pkisilent/argparser/StringScanException.java deleted file mode 100644 index f44899625..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/StringScanException.java +++ /dev/null @@ -1,56 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.IOException; - -/** - * Exception class used by <code>StringScanner</code> when - * command line arguments do not parse correctly. - * - * @author John E. Lloyd, Winter 2001 - * @see StringScanner - */ -class StringScanException extends IOException { - /** - * - */ - private static final long serialVersionUID = 4923445904507805754L; - int failIdx; - - /** - * Creates a new StringScanException with the given message. - * - * @param msg Error message - * @see StringScanner - */ - - public StringScanException(String msg) { - super(msg); - } - - public StringScanException(int idx, String msg) { - super(msg); - failIdx = idx; - } - - public int getFailIndex() { - return failIdx; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/argparser/StringScanner.java b/base/silent/src/com/netscape/pkisilent/argparser/StringScanner.java deleted file mode 100644 index d562a3b19..000000000 --- a/base/silent/src/com/netscape/pkisilent/argparser/StringScanner.java +++ /dev/null @@ -1,567 +0,0 @@ -package com.netscape.pkisilent.argparser; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * Copyright John E. Lloyd, 2004. All rights reserved. Permission to use, - * copy, modify and redistribute is granted, provided that this copyright - * notice is retained and the author is given credit whenever appropriate. - * - * This software is distributed "as is", without any warranty, including - * any implied warranty of merchantability or fitness for a particular - * use. The author assumes no responsibility for, and shall not be liable - * for, any special, indirect, or consequential damages, or any damages - * whatsoever, arising out of or in connection with the use of this - * software. - */ - -class StringScanner { - private char[] buf; - private int idx; - private int len; - private String stringDelimiters = ""; - - public StringScanner(String s) { - buf = new char[s.length() + 1]; - s.getChars(0, s.length(), buf, 0); - len = s.length(); - buf[len] = 0; - idx = 0; - } - - public int getIndex() { - return idx; - } - - public void setIndex(int i) { - if (i < 0) { - idx = 0; - } else if (i > len) { - idx = len; - } else { - idx = i; - } - } - - public void setStringDelimiters(String s) { - stringDelimiters = s; - } - - public String getStringDelimiters() { - return stringDelimiters; - } - - public char scanChar() - throws StringScanException { - int idxSave = idx; - skipWhiteSpace(); - try { - if (buf[idx] == '\'') { - return scanQuotedChar(); - } else { - return scanUnquotedChar(); - } - } catch (StringScanException e) { - idx = idxSave; - throw e; - } - } - - public char scanQuotedChar() - throws StringScanException { - StringScanException exception = null; - char retval = 0; - int idxSave = idx; - - skipWhiteSpace(); - if (idx == len) { - exception = new StringScanException(idx, "end of input"); - } else if (buf[idx++] == '\'') { - try { - retval = scanUnquotedChar(); - } catch (StringScanException e) { - exception = e; - } - if (exception == null) { - if (idx == len) { - exception = new StringScanException - (idx, "end of input"); - } else if (buf[idx++] != '\'') { - exception = new StringScanException - (idx - 1, "unclosed quoted character"); - } - } - } else { - exception = new StringScanException - (idx - 1, "uninitialized quoted character"); - } - if (exception != null) { - idx = idxSave; - throw exception; - } - return retval; - } - - public char scanUnquotedChar() - throws StringScanException { - StringScanException exception = null; - char c, retval = 0; - int idxSave = idx; - - if (idx == len) { - exception = new StringScanException(idx, "end of input"); - } else if ((c = buf[idx++]) == '\\') { - if (idx == len) { - exception = new StringScanException(idx, "end of input"); - } else { - c = buf[idx++]; - if (c == '"') { - retval = '"'; - } else if (c == '\'') { - retval = '\''; - } else if (c == '\\') { - retval = '\\'; - } else if (c == 'n') { - retval = '\n'; - } else if (c == 't') { - retval = '\t'; - } else if (c == 'b') { - retval = '\b'; - } else if (c == 'r') { - retval = '\r'; - } else if (c == 'f') { - retval = '\f'; - } else if ('0' <= c && c < '8') { - int v = c - '0'; - for (int j = 0; j < 2; j++) { - if (idx == len) { - break; - } - c = buf[idx]; - if ('0' <= c && c < '8' && (v * 8 + (c - '0')) <= 255) { - v = v * 8 + (c - '0'); - idx++; - } else { - break; - } - } - retval = (char) v; - } else { - exception = new StringScanException - (idx - 1, "illegal escape character '" + c + "'"); - } - } - } else { - retval = c; - } - if (exception != null) { - idx = idxSave; - throw exception; - } - return retval; - } - - public String scanQuotedString() - throws StringScanException { - StringScanException exception = null; - StringBuffer sbuf = new StringBuffer(len); - char c; - int idxSave = idx; - - skipWhiteSpace(); - if (idx == len) { - exception = new StringScanException(idx, "end of input"); - } else if ((c = buf[idx++]) == '"') { - while (idx < len && (c = buf[idx]) != '"' && c != '\n') { - if (c == '\\') { - try { - c = scanUnquotedChar(); - } catch (StringScanException e) { - exception = e; - break; - } - } else { - idx++; - } - sbuf.append(c); - } - if (exception == null && idx >= len) { - exception = new StringScanException(len, "end of input"); - } else if (exception == null && c == '\n') { - exception = new StringScanException - (idx, "unclosed quoted string"); - } else { - idx++; - } - } else { - exception = new StringScanException(idx - 1, - "quoted string must start with \""); - } - if (exception != null) { - idx = idxSave; - throw exception; - } - return sbuf.toString(); - } - - public String scanNonWhiteSpaceString() - throws StringScanException { - StringBuffer sbuf = new StringBuffer(len); - int idxSave = idx; - char c; - - skipWhiteSpace(); - if (idx == len) { - StringScanException e = new StringScanException( - idx, "end of input"); - idx = idxSave; - throw e; - } else { - c = buf[idx++]; - while (idx < len && !Character.isWhitespace(c) - && stringDelimiters.indexOf(c) == -1) { - sbuf.append(c); - c = buf[idx++]; - } - if (Character.isWhitespace(c) || - stringDelimiters.indexOf(c) != -1) { - idx--; - } else { - sbuf.append(c); - } - } - return sbuf.toString(); - } - - public String scanString() - throws StringScanException { - int idxSave = idx; - skipWhiteSpace(); - try { - if (buf[idx] == '"') { - return scanQuotedString(); - } else { - return scanNonWhiteSpaceString(); - } - } catch (StringScanException e) { - idx = idxSave; - throw e; - } - } - - public String getString() - throws StringScanException { - StringBuffer sbuf = new StringBuffer(len); - while (idx < len) { - sbuf.append(buf[idx++]); - } - return sbuf.toString(); - } - - public long scanInt() - throws StringScanException { - int idxSave = idx; - char c; - int sign = 1; - - skipWhiteSpace(); - if ((c = buf[idx]) == '-' || c == '+') { - sign = (c == '-' ? -1 : 1); - idx++; - } - try { - if (idx == len) { - throw new StringScanException(len, "end of input"); - } else if ((c = buf[idx]) == '0') { - if ((c = buf[idx + 1]) == 'x' || c == 'X') { - idx += 2; - return sign * scanInt(16, false); - } else { - return sign * scanInt(8, false); - } - } else { - return sign * scanInt(10, false); - } - } catch (StringScanException e) { - idx = idxSave; - throw e; - } - } - - public long scanInt(int radix) - throws StringScanException { - return scanInt(radix, /*skipWhite=*/true); - } - - private String baseDesc(int radix) { - switch (radix) { - case 10: { - return "decimal"; - } - case 8: { - return "octal"; - } - case 16: { - return "hex"; - } - default: { - return "base " + radix; - } - } - } - - public long scanInt(int radix, boolean skipWhite) - throws StringScanException { - StringScanException exception = null; - int charval, idxSave = idx; - char c; - long val = 0; - boolean negate = false; - - if (skipWhite) { - skipWhiteSpace(); - } - if ((c = buf[idx]) == '-' || c == '+') { - negate = (c == '-'); - idx++; - } - if (idx >= len) { - exception = new StringScanException(len, "end of input"); - } else if ((charval = Character.digit(buf[idx++], radix)) == -1) { - exception = new StringScanException - (idx - 1, "malformed " + baseDesc(radix) + " integer"); - } else { - val = charval; - while ((charval = Character.digit(buf[idx], radix)) != -1) { - val = val * radix + charval; - idx++; - } - if (Character.isLetter(c = buf[idx]) || - Character.isDigit(c) || c == '_') { - exception = new StringScanException - (idx, "malformed " + baseDesc(radix) + " integer"); - } - } - if (exception != null) { - idx = idxSave; - throw exception; - } - return negate ? -val : val; - } - - public double scanDouble() - throws StringScanException { - StringScanException exception = null; - int idxSave = idx; - char c; - // parse [-][0-9]*[.][0-9]*[eE][-][0-9]* - boolean hasDigits = false; - double value = 0; - - skipWhiteSpace(); - if (idx == len) { - exception = new StringScanException("end of input"); - } else { - if ((c = buf[idx]) == '-' || c == '+') { - // signed - idx++; - } - if (matchDigits()) { - hasDigits = true; - } - if (buf[idx] == '.') { - idx++; - } - if (!hasDigits && (buf[idx] < '0' || buf[idx] > '9')) { - if (idx == len) { - exception = new StringScanException(idx, "end of input"); - } else { - exception = new StringScanException( - idx, "malformed floating number: no digits"); - } - } else { - matchDigits(); - - if ((c = buf[idx]) == 'e' || c == 'E') { - idx++; - if ((c = buf[idx]) == '-' || c == '+') { - // signed - idx++; - } - if (buf[idx] < '0' || buf[idx] > '9') { - if (idx == len) { - exception = new StringScanException( - idx, "end of input"); - } else { - exception = new StringScanException(idx, - "malformed floating number: no digits in exponent"); - } - } else { - matchDigits(); - } - } - } - } - if (exception == null) { - // if (Character.isLetterOrDigit(c=buf[idx]) || c == '_') - // { exception = new StringScanException (idx, - //"malformed floating number"); - // } - // else - { - try { - value = Double.parseDouble(new String(buf, idxSave, - idx - idxSave)); - } catch (NumberFormatException e) { - exception = new StringScanException( - idx, "malformed floating number"); - } - } - } - if (exception != null) { - idx = idxSave; - throw exception; - } - return value; - } - - public boolean scanBoolean() - throws StringScanException { - StringScanException exception = null; - int idxSave = idx; - String testStr = "false"; - boolean testval = false; - char c; - - skipWhiteSpace(); - if (buf[idx] == 't') { - testStr = "true"; - testval = true; - } else { - testval = false; - } - int i = 0; - for (i = 0; i < testStr.length(); i++) { - if (testStr.charAt(i) != buf[idx]) { - if (idx == len) { - exception = new StringScanException(idx, "end of input"); - } - break; - } - idx++; - } - if (exception == null) { - if (i < testStr.length() || - Character.isLetterOrDigit(c = buf[idx]) || c == '_') { - exception = new StringScanException(idx, "illegal boolean"); - } - } - if (exception != null) { - idx = idxSave; - throw exception; - } - return testval; - } - - public boolean matchString(String s) { - int k = idx; - for (int i = 0; i < s.length(); i++) { - if (k >= len || s.charAt(i) != buf[k++]) { - return false; - } - } - idx = k; - return true; - } - - public boolean matchDigits() { - int k = idx; - char c; - - while ((c = buf[k]) >= '0' && c <= '9') { - k++; - } - if (k > idx) { - idx = k; - return true; - } else { - return false; - } - } - - public void skipWhiteSpace() { - while (Character.isWhitespace(buf[idx])) { - idx++; - } - } - - public boolean atEnd() { - return idx == len; - } - - public boolean atBeginning() { - return idx == 0; - } - - public void ungetc() { - if (idx > 0) { - idx--; - } - } - - public char getc() { - char c = buf[idx]; - if (idx < len) { - idx++; - } - return c; - } - - public char peekc() { - return buf[idx]; - } - - public String substring(int i0, int i1) { - if (i0 < 0) { - i0 = 0; - } else if (i0 >= len) { - i0 = len - 1; - } - if (i1 < 0) { - i1 = 0; - } else if (i1 > len) { - i1 = len; - } - if (i1 <= i0) { - return ""; - } - return new String(buf, i0, i1 - i0); - } - - public String substring(int i0) { - if (i0 < 0) { - i0 = 0; - } - if (i0 >= len) { - return ""; - } else { - return new String(buf, i0, len - i0); - } - } -} diff --git a/base/silent/src/com/netscape/pkisilent/common/BaseState.java b/base/silent/src/com/netscape/pkisilent/common/BaseState.java deleted file mode 100644 index c668e0f80..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/BaseState.java +++ /dev/null @@ -1,118 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/** - * CMS Test framework . - * This class reads and sets the values for a CMS subsytems Config file (CS.cfg) - * Using this class you can set the server to a base state. - */ - -public class BaseState { - - private String CMSConfigFile; - private CMSConfig cmscfg = null; - private String ldapbase, ldaphost, ldapport, ldapdn, ldapdnpw; - private boolean ldapsecConn = false; - - // Constructor - - public BaseState() { - } - - /** - * Constructor . Takes the parameter CMSConfigfilename ( with fullpath) - * - * @param CMSConfigfile. - */ - - public BaseState(String cmscfilename) { - CMSConfigFile = cmscfilename; - - } - - /** - * Set the publishing directory information . Takes the paramters ldaphost,ldapport,ldapDN, ldapDN password, BaseDN - * , Secure coonection (true/false) - */ - public void setLDAPInfo(String h, String p, String dn, String pw, String base, boolean sc) { - ldaphost = h; - ldapport = p; - ldapdn = dn; - ldapdnpw = pw; - ldapbase = base; - ldapsecConn = sc; - - } - - /** - * Enable SSL Client authentication for Directory enrollment and publishing - */ - - public void EnableSSLClientAuth() { - ldapsecConn = true; - cmscfg = new CMSConfig(CMSConfigFile); - // Enable DirBaseEnrollment - cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport); - // Enable Publishing - cmscfg.EnablePublishing(ldapsecConn, ldapdn, ldapdnpw, ldaphost, - ldapport); - cmscfg.saveCMSConfig(); - - } - - /** - * Set to CA 's base state . Enables Directory based enrollment , publishing and Portal enrollment - */ - - public void CABaseState() { - cmscfg = new CMSConfig(CMSConfigFile); - cmscfg.EnableAdminEnrollment(); - // Enable DirBaseEnrollment - cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport); - // Enable Publishing - cmscfg.DisablePublishing(ldapsecConn, ldapdn, ldapdnpw, ldaphost, - ldapport, ldapbase); - // Enable Portalbased enrollment - cmscfg.EnablePortalAuth(ldapsecConn, ldapdn, ldapdnpw, ldaphost, - ldapport, ldapbase); - cmscfg.saveCMSConfig(); - - } - - /** - * Set to RA 's base state . Enables Directory based enrollment and Portal enrollment - */ - - public void RABaseState() { - cmscfg = new CMSConfig(CMSConfigFile); - cmscfg.EnableAdminEnrollment(); - // Enable DirBaseEnrollment - cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport); - // Enable Portalbased enrollment - cmscfg.EnablePortalAuth(ldapsecConn, ldapdn, ldapdnpw, ldaphost, - ldapport, ldapbase); - cmscfg.saveCMSConfig(); - - } - - public static void main(String args[]) { - }// end of function main - -} diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java b/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java deleted file mode 100644 index 7aeaaa829..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java +++ /dev/null @@ -1,569 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.FileInputStream; -import java.io.FileOutputStream; - -/** - * CMS Test framework . - * This class reads,modifies and saves CS.cfg file - */ - -public class CMSConfig extends ServerInfo { - - /** - * Constructor . Reads the CS.cfg file .Takes the parameter for Configfile ( Provide fullpath) - */ - - public CMSConfig(String confFile) { - CMSConfigFile = confFile; - System.out.println(CMSConfigFile); - readCMSConfig(); - } - - private void readCMSConfig() { - - try { - FileInputStream fiscfg = new FileInputStream(CMSConfigFile); - - CMSprops = new CMSProperties(); - CMSprops.load(fiscfg); - System.out.println("Reading CMS Config file successful"); - fiscfg.close(); - System.out.println("Number in size " + CMSprops.size()); - } catch (Exception e) { - System.out.println("exception " + e.getMessage()); - } - - } - - /** - * Saves the config file - **/ - - public void saveCMSConfig() { - try { - // Properties s = new Properties(CMSprops); - FileOutputStream fos = new FileOutputStream(CMSConfigFile); - - System.out.println("Number in size " + CMSprops.size()); - // CMSprops.list(System.out); - CMSprops.store(fos, null); - System.out.println("Writing to CMS Config file successful"); - fos.close(); - } catch (Exception e) { - System.out.println("exception " + e.getMessage()); - } - - } - - // AdminEnrollment - - public void EnableAdminEnrollment() { - CMSprops.setProperty("cmsgateway.enableAdminEnroll", "true"); - - } - - // Authentication - - // Enable DirectoryBased Authentication - /** - * Takes parameters : secureConnection( true/false), basedn, ldaphostname, lapdaportnumber ( in case of secured - * connection give ldap secured port) - */ - - public void EnableDirEnrollment(boolean secureConn, String ldapbase, String lhost, String lport) { - CMSprops.setProperty("auths.instance.UserDirEnrollment.dnpattern", - "UID=$attr.uid,E=$attr.mail.1,CN=$attr.cn,OU=$dn.ou.2,O=$dn.o,C=US"); - CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.basedn", - ldapbase); - CMSprops.setProperty( - "auths.instance.UserDirEnrollment.ldap.ldapconn.host", lhost); - CMSprops.setProperty( - "auths.instance.UserDirEnrollment.ldap.ldapconn.version", "3"); - CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.maxConns", - "8"); - CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.minConns", - "2"); - // CMSprops.setProperty("auths.instance.UserDirEnrollment.ldapByteAttributes=",""); - CMSprops.setProperty( - "auths.instance.UserDirEnrollment.ldapStringAttributes", "mail"); - CMSprops.setProperty("auths.instance.UserDirEnrollment.pluginName", - "UidPwdDirAuth"); - if (secureConn) { - CMSprops.setProperty( - "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn", - "true"); - CMSprops.setProperty( - "auths.instance.UserDirEnrollment.ldap.ldapconn.port", lport); - - } else { - CMSprops.setProperty( - "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn", - "false"); - CMSprops.setProperty( - "auths.instance.UserDirEnrollment.ldap.ldapconn.port", lport); - - } - } - - public void DisableDirEnrollment() { - CMSprops.remove("auths.instance.UserDirEnrollment.dnpattern"); - CMSprops.remove("auths.instance.UserDirEnrollment.ldap.basedn"); - CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.host"); - CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.port"); - CMSprops.remove( - "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn"); - CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.version"); - CMSprops.remove("auths.instance.UserDirEnrollment.ldap.maxConns"); - CMSprops.remove("auths.instance.UserDirEnrollment.ldap.minConns"); - CMSprops.remove("auths.instance.UserDirEnrollment.ldapByteAttributes="); - CMSprops.remove("auths.instance.UserDirEnrollment.ldapStringAttributes"); - CMSprops.remove("auths.instance.UserDirEnrollment.pluginName"); - - } - - public void EnableCMCAuth() { - - CMSprops.setProperty("auths.instance.testcmc.pluginName", - "CMCAuthentication"); - } - - /** - * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber ( - * in case of secured connection give ldap secured port), basedn (e.g ou=people,o=mcom.com) - */ - - void EnablePortalAuth(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport, - String lbsuffix) { - String certnickname = null; - - CMSprops.setProperty("auths.instance.PortalEnrollment.pluginName", - "PortalEnroll"); - CMSprops.setProperty("auths.instance.PortalEnrollment.dnpattern", - "uid=$attr.uid,cn=$attr.cn,O=$dn.co,C=$dn.c"); - CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.basedn", - lbsuffix); - CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.maxConns", - "3"); - CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.minConns", - "2"); - CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.objectclass", - "inetOrgPerson"); - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapauth.bindDN", - ldaprootDN); - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapauth.bindPassword", - ldaprootDNPW); - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapauth.bindPWPrompt", - "Rule PortalEnrollment"); - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapconn.host", lhost); - if (secureConn) { - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapconn.secureConn", - "true"); - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapauth.clientCertNickname", - certnickname); - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapauth.authtype", - "SslClientAuth"); - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapconn.port", lport); - - } else { - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapconn.secureConn", - "false"); - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapconn.port", lport); - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapauth.authtype", - "BasicAuth"); - } - - CMSprops.setProperty( - "auths.instance.PortalEnrollment.ldap.ldapconn.version", "3"); - - } - - // Publishing - /** - * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber ( - * in case of secured connection give ldap secured port) - */ - - public void EnablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport) { - - CMSprops.setProperty("ca.publish.enable", "true"); - CMSprops.setProperty("ca.publish.ldappublish.enable", "true"); - if (secureConn) { - CMSprops.setProperty( - "ca.publish.ldappublish.ldap.ldapconn.secureConn", "true"); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", - lport); - - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", - "SslClientAuth"); - } else { - CMSprops.setProperty( - "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false"); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", - lport); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", - "BasicAuth"); - } - - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindDN", - ldaprootDN); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPassword", - ldaprootDNPW); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt", - "CA LDAP Publishing"); - - // set the hostname with fully qulified name if you are using SSL - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.host", lhost); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.version", "3"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapCaSimpleMap.class", - "com.netscape.cms.publish.mappers.LdapCaSimpleMap"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapDNCompsMap.class", - "com.netscape.cms.publish.mappers.Lda pCertCompsMap"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapDNExactMap.class", - "com.netscape.cms.publish.mappers.LdapCertExactMap"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapEnhancedMap.class", - "com.netscape.cms.publish.mappers.LdapEnhancedMap"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapSimpleMap.class", - "com.netscape.cms.publish.mappers.LdapSimpleMap"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapSubjAttrMap.class", - "com.netscape.cms.publish.mappers.LdapCertSubjMap"); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapCaCertMap.createCAEntry", "true"); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapCaCertMap.dnPattern", - "UID=CManager,OU=people,O=mcom.com"); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapCaCertMap.pluginName", - "LdapCaSimpleMap"); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapCrlMap.createCAEntry", "true"); - CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.dnPattern", - "UID=CManager,OU=people,O=mcom.com"); - CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.pluginName", - "LdapCaSimpleMap"); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapUserCertMap.dnPattern", - "UID=$subj.UID,OU=people,O=mcom.com"); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapUserCertMap.pluginName", - "LdapSimpleMap"); - CMSprops.setProperty( - "ca.publish.publisher.impl.FileBasedPublisher.class", - "com.netscape.cms.publish.publishers.FileBasedPublisher"); - CMSprops.setProperty( - "ca.publish.publisher.impl.LdapCaCertPublisher.class", - "com.netscape.cms.publish.publishers.LdapCaCertPublisher"); - CMSprops.setProperty("ca.publish.publisher.impl.LdapCrlPublisher.class", - "com.netscape.cms.publish.publishers.LdapCrlPublisher"); - CMSprops.setProperty( - "ca.publish.publisher.impl.LdapUserCertPublisher.class", - "com.netscape.cms.publish.publishers.LdapUserCertPublisher"); - CMSprops.setProperty("ca.publish.publisher.impl.OCSPPublisher.class", - "com.netscape.cms.publish.publishers.OCSPPublisher"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr", - "caCertificate;binary"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass", - "certificationAuthority"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapCaCertPublisher.pluginName", - "LdapCaCertPublisher"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapCrlPublisher.crlAttr", - "certificateRevocationList;binary"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapCrlPublisher.pluginName", - "LdapCrlPublisher"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapUserCertPublisher.certAttr", - "userCertificate;binary"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapUserCertPublisher.pluginName", - "LdapUserCertPublisher"); - } - - public void DisablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, - String lport, String base) { - - CMSprops.setProperty("ca.publish.enable", "false"); - CMSprops.setProperty("ca.publish.ldappublish.enable", "false"); - if (secureConn) { - CMSprops.setProperty( - "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false"); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", - lport); - - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", - "SslClientAuth"); - } else { - CMSprops.setProperty( - "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false"); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", - lport); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", - "BasicAuth"); - } - - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindDN", - ldaprootDN); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPassword", - ldaprootDNPW); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt", - "CA LDAP Publishing"); - - // set the hostname with fully qulified name if you are using SSL - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.host", lhost); - CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.version", "3"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapCaSimpleMap.class", - "com.netscape.cms.publish.mappers.LdapCaSimpleMap"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapDNCompsMap.class", - "com.netscape.cms.publish.mappers.Lda pCertCompsMap"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapDNExactMap.class", - "com.netscape.cms.publish.mappers.LdapCertExactMap"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapEnhancedMap.class", - "com.netscape.cms.publish.mappers.LdapEnhancedMap"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapSimpleMap.class", - "com.netscape.cms.publish.mappers.LdapSimpleMap"); - CMSprops.setProperty("ca.publish.mapper.impl.LdapSubjAttrMap.class", - "com.netscape.cms.publish.mappers.LdapCertSubjMap"); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapCaCertMap.createCAEntry", - "false"); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapCaCertMap.dnPattern", - "UID=CManager,OU=people," + base); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapCaCertMap.pluginName", - "LdapCaSimpleMap"); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapCrlMap.createCAEntry", "false"); - CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.dnPattern", - "UID=CManager,OU=people," + base); - CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.pluginName", - "LdapCaSimpleMap"); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapUserCertMap.dnPattern", - "UID=$subj.UID,OU=people," + base); - CMSprops.setProperty( - "ca.publish.mapper.instance.LdapUserCertMap.pluginName", - "LdapSimpleMap"); - CMSprops.setProperty( - "ca.publish.publisher.impl.FileBasedPublisher.class", - "com.netscape.cms.publish.publishers.FileBasedPublisher"); - CMSprops.setProperty( - "ca.publish.publisher.impl.LdapCaCertPublisher.class", - "com.netscape.cms.publish.publishers.LdapCaCertPublisher"); - CMSprops.setProperty("ca.publish.publisher.impl.LdapCrlPublisher.class", - "com.netscape.cms.publish.publishers.LdapCrlPublisher"); - CMSprops.setProperty( - "ca.publish.publisher.impl.LdapUserCertPublisher.class", - "com.netscape.cms.publish.publishers.LdapUserCertPublisher"); - CMSprops.setProperty("ca.publish.publisher.impl.OCSPPublisher.class", - "com.netscape.cms.publish.publishers.OCSPPublisher"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr", - "caCertificate;binary"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass", - "certificationAuthority"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapCaCertPublisher.pluginName", - "LdapCaCertPublisher"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapCrlPublisher.crlAttr", - "certificateRevocationList;binary"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapCrlPublisher.pluginName", - "LdapCrlPublisher"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapUserCertPublisher.certAttr", - "userCertificate;binary"); - CMSprops.setProperty( - "ca.publish.publisher.instance.LdapUserCertPublisher.pluginName", - "LdapUserCertPublisher"); - } - - public void CreateOCSPPublisher(String OCSPHost, String OCSPPort, String OCSPEEPort) { - // Set host nmae with fully qualified hostname - String location = "http://" + OCSPHost + ":" + OCSPEEPort + "/ocsp"; - - CMSprops.setProperty("ca.crl.MasterCRL.alwaysUpdate", "true"); - CMSprops.setProperty( - "ca.publish.publisher.instance.CAOCSPPublisher.host", OCSPHost); - CMSprops.setProperty( - "ca.publish.publisher.instance.CAOCSPPublisher.path", - "/ocsp/addCRL"); - CMSprops.setProperty( - "ca.publish.publisher.instance.CAOCSPPublisher.pluginName", - "OCSPPublisher"); - CMSprops.setProperty( - "ca.publish.publisher.instance.CAOCSPPublisher.port", OCSPPort); - CMSprops.setProperty( - "ca.publish.rule.instance.OCSPPublishingRule.enable", "true"); - CMSprops.setProperty( - "ca.publish.rule.instance.OCSPPublishingRule.mapper", ""); - CMSprops.setProperty( - "ca.publish.rule.instance.OCSPPublishingRule.pluginName", "Rule"); - CMSprops.setProperty( - "ca.publish.rule.instance.OCSPPublishingRule.predicate", ""); - CMSprops.setProperty( - "ca.publish.rule.instance.OCSPPublishingRule.publisher", - "CAOCSPPublisher"); - CMSprops.setProperty("ca.publish.rule.instance.OCSPPublishingRule.type", - "crl"); - CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.ad0_location", - location); - CMSprops.setProperty( - "ca.Policy.rule.AuthInfoAccessExt.ad0_location_type", "URL"); - CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.ad0_method", - "ocsp"); - CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.critical", - "false"); - CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.enable", "true"); - CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.implName", - "AuthInfoAccessExt"); - CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.numADs", "1"); - CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.predicate", - "HTTP_PARAMS.certType == client"); - - } - - public void EnableOCSPLDAPStore(String certInstanceID) { - String certNickName = "ocspSigningCert cert-" + certInstanceID; - - CMSprops.setProperty("ocsp.storeId", "ldapStore"); - CMSprops.setProperty("ocsp.store.defStore.byName", "true"); - CMSprops.setProperty("ocsp.store.defStore.class", - "com.netscape.cms.ocsp.DefStore"); - CMSprops.setProperty("ocsp.store.defStore.includeNextUpdate", "true"); - CMSprops.setProperty("ocsp.store.defStore.notFoundAsGood", "true"); - CMSprops.setProperty("ocsp.store.ldapStore.baseDN0", ldapBaseSuffix); - CMSprops.setProperty("ocsp.store.ldapStore.byName", "true"); - CMSprops.setProperty("ocsp.store.ldapStore.caCertAttr", - "cACertificate;binary"); - CMSprops.setProperty("ocsp.store.ldapStore.class", - "com.netscape.cms.ocsp.LDAPStore"); - CMSprops.setProperty("ocsp.store.ldapStore.crlAttr", - "certificateRevocationList;binary"); - CMSprops.setProperty("ocsp.store.ldapStore.host0", ldapHost); - CMSprops.setProperty("ocsp.store.ldapStore.includeNextUpdate", "true"); - CMSprops.setProperty("ocsp.store.ldapStore.notFoundAsGood", "true"); - CMSprops.setProperty("ocsp.store.ldapStore.numConns", "1"); - CMSprops.setProperty("ocsp.store.ldapStore.port0", ldapPort); - CMSprops.setProperty("ocsp.store.ldapStore.refreshInSec0", "864"); - CMSprops.setProperty("ocsp.signing.certnickname", certNickName); - CMSprops.setProperty("ocsp.signing.defaultSigningAlgorithm", - "MD5withRSA"); - CMSprops.setProperty("ocsp.signing.tokenname", "internal"); - - } - - public void SetupKRAConnectorInCA(String certInstanceID, String KRAHost, String KRAPort) { - String certNickName = "Server-Cert " + certInstanceID; - - CMSprops.setProperty("ca.connector.KRA.enable", "true"); - CMSprops.setProperty("ca.connector.KRA.host", KRAHost); - CMSprops.setProperty("ca.connector.KRA.local", "false"); - CMSprops.setProperty("ca.connector.KRA.nickName", certNickName); - CMSprops.setProperty("ca.connector.KRA.port", KRAPort); - CMSprops.setProperty("ca.connector.KRA.timeout", "30"); - CMSprops.setProperty("ca.connector.KRA.uri", "/kra/connector"); - - } - - public void DisableCardCryptoValidationinTKS() { - CMSprops.setProperty("cardcryptogram.validate.enable", "false"); - } - - // Policies - public void DefaultValidityRule(String SubsystemType, String lagtime, String leadtime, String maxValidity) { - if (SubsystemType.equals("ca")) { - CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.enable", - "true"); - CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.implName", - "ValidityConstraints"); - CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.lagTime", - lagtime); - CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.leadTime", - leadtime); - CMSprops.setProperty( - "ca.Policy.rule.DefaultValidityRule.maxValidity", - maxValidity); - CMSprops.setProperty( - "ca.Policy.rule.DefaultValidityRule.minValidity", "1"); - CMSprops.setProperty( - "ca.Policy.rule.DefaultValidityRule.notBeforeSkew", "5"); - CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.predicate", - null); - } else { - - CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.enable", - "true"); - CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.implName", - "ValidityConstraints"); - CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.lagTime", - lagtime); - CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.leadTime", - leadtime); - CMSprops.setProperty( - "ra.Policy.rule.DefaultValidityRule.maxValidity", - maxValidity); - CMSprops.setProperty( - "ra.Policy.rule.DefaultValidityRule.minValidity", "1"); - CMSprops.setProperty( - "ra.Policy.rule.DefaultValidityRule.notBeforeSkew", "5"); - CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.predicate", - null); - } - - } - - // Main Function - public static void main(String args[]) { - System.out.println(args.length); - - if (args.length < 1) { - System.out.println("Usage : ConfigFilePath"); - System.exit(-1); - } - - CMSConfig s = new CMSConfig(args[0]); - - // boolean secureC = false; - // s.EnableDirEnrollment(secureC); - s.saveCMSConfig(); - - }// end of function main - -} // end of class - diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java b/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java deleted file mode 100644 index 80613525d..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java +++ /dev/null @@ -1,608 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.ByteArrayInputStream; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; - -import netscape.ldap.LDAPAttribute; -import netscape.ldap.LDAPAttributeSet; -import netscape.ldap.LDAPConnection; -import netscape.ldap.LDAPEntry; -import netscape.ldap.LDAPException; -import netscape.ldap.LDAPModification; -import netscape.ldap.LDAPModificationSet; -import netscape.ldap.LDAPSearchResults; -import netscape.ldap.LDAPv2; - -/** - * CMS Test framework . - * Using this class you can add a user and user certificate to LDAP server. - * You can also check if a certificate / CRL is published in LDAP server - * USe this class to turn of SSL and turn on SSL in a LDAP server. - */ - -public class CMSLDAP { - - private String HOST, DN, PASSWORD; - private int PORT; - - private LDAPConnection conn = new LDAPConnection(); - - public CMSLDAP() { - } - - /** - * Constructor. Takes parametes ldaphost, ldapport - */ - public CMSLDAP(String h, String p) { - HOST = h; - PORT = Integer.parseInt(p); - } - - /** - * Cosntructor. Takes parameters ldaphost,ldapport,ldapbinddn, ldapbindnpassword. - */ - public CMSLDAP(String h, String p, String dn, String pwd) { - HOST = h; - PORT = Integer.parseInt(p); - DN = dn; - PASSWORD = pwd; - } - - /** - * Connect to ldap server - */ - - public boolean connect() { - try { - conn.connect(HOST, PORT, DN, PASSWORD); - return true; - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - return false; - } - } - - /** - * Disconnect form ldap server - */ - - public void disconnect() { - - if ((conn != null) && conn.isConnected()) { - try { - conn.disconnect(); - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - } - - } - - } - - /** - * Search for certificaterevocationList attribute. Takes basedn and filter as parameters - */ - - public boolean searchCRL(String basedn, String filter) throws LDAPException { - int searchScope = LDAPv2.SCOPE_SUB; - String getAttrs[] = { "certificateRevocationList;binary" }; - LDAPSearchResults results = conn.search(basedn, searchScope, filter, - getAttrs, false); - - if (results == null) { - System.out.println("Could not search"); - return false; - } - while (results.hasMoreElements()) { - LDAPEntry entry = (LDAPEntry) results.nextElement(); - - System.out.println(entry.getDN()); - LDAPAttribute anAttr = entry.getAttribute( - "certificateRevocationList;binary"); - - if (anAttr == null) { - System.out.println("Attribute not found "); - return false; - } else { - System.out.println(anAttr.getName()); - System.out.println(anAttr.getByteValueArray()); - return true; - } - } - return true; - } - - /** - * Search for attriburte usercertificate. Takes parameters basedn and filter - */ - - public boolean searchUserCert(String basedn, String filter) throws LDAPException { - int searchScope = LDAPv2.SCOPE_SUB; - String getAttrs[] = { "usercertificate;binary" }; - LDAPSearchResults results = conn.search(basedn, searchScope, filter, - getAttrs, false); - - if (results == null) { - System.out.println("Could not search"); - return false; - } - while (results.hasMoreElements()) { - LDAPEntry entry = (LDAPEntry) results.nextElement(); - - System.out.println(entry.getDN()); - LDAPAttribute anAttr = entry.getAttribute("usercertificate;binary"); - - if (anAttr == null) { - System.out.println("Attribute not found "); - return false; - } else { - System.out.println(anAttr.getName()); - System.out.println(anAttr.getByteValueArray()); - return true; - } - } - return true; - } - - /** - * Adds a user to direcrtory server . Takes parameters basedn, cn,sn,uid and passwd - */ - - public boolean userAdd(String basedn, String cn, String sn, String uid, String pwd) { - try { - LDAPAttributeSet attrSet = new LDAPAttributeSet(); - - attrSet.add( - new LDAPAttribute("objectclass", - new String[] { - "top", "person", "organizationalPerson", - "inetorgperson" })); - attrSet.add(new LDAPAttribute("cn", cn)); - attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com")); - attrSet.add(new LDAPAttribute("userpassword", pwd)); - attrSet.add(new LDAPAttribute("sn", sn)); - attrSet.add(new LDAPAttribute("givenName", cn + sn)); - String name = "uid=" + uid + "," + basedn; - - System.out.println("Basedn " + name); - LDAPEntry entry = new LDAPEntry(name, attrSet); - - conn.add(entry); - System.out.println("ADDED: " + name); - return true; - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - return false; - } - - } - - private X509Certificate getXCertificate(byte[] cpack) throws Exception { - - try { - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - ByteArrayInputStream s = new ByteArrayInputStream(cpack); - - System.out.println("Building certificate :" + cpack); - java.security.cert.X509Certificate the_cert = ( - java.security.cert.X509Certificate) cf.generateCertificate(s); - - return the_cert; - } catch (Exception e) { - System.out.println("ERROR: getXCertificate " + e.toString()); - throw e; - } - - } - - private String buildDNString(String s) { - StringBuffer val = new StringBuffer(); - - for (int i = 0; i < s.length(); i++) { - if ((s.charAt(i) == ',') && (s.charAt(i + 1) == ' ')) { - val.append(','); - i++; - continue; - } else { - val.append(s.charAt(i)); - } - } - return val.toString(); - } - - /** - * Returns the SerialNumber;issuerDN;SubjectDN string. - * Takes certificate as parameter - */ - - public String getCertificateString(X509Certificate cert) { - if (cert == null) { - return null; - } - String idn = ((cert.getIssuerDN()).toString()).trim(); - - idn = buildDNString(idn); - String sdn = ((cert.getSubjectDN()).toString()).trim(); - - sdn = buildDNString(sdn); - - System.out.println("GetCertificateString : " + idn + ";" + sdn); - - // note that it did not represent a certificate fully - // return cert.getVersion() + ";" + cert.getSerialNumber().toString() + - // ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); - return "2;" + cert.getSerialNumber().toString() + ";" + idn + ";" + sdn; - - } - - /** - * Adds a user of objectclass cmsuser . Takes cn,sn,uid,password,certificate as parameters. - */ - public boolean CMSuserAdd(String cn, String sn, String uid, String pwd, byte[] certpack) { - try { - X509Certificate cert = getXCertificate(certpack); - - LDAPAttributeSet attrSet = new LDAPAttributeSet(); - - attrSet.add( - new LDAPAttribute("objectclass", - new String[] { - "top", "person", "organizationalPerson", - "inetorgperson", "cmsuser" })); - attrSet.add(new LDAPAttribute("cn", cn)); - attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com")); - attrSet.add(new LDAPAttribute("userpassword", pwd)); - attrSet.add(new LDAPAttribute("sn", sn)); - attrSet.add(new LDAPAttribute("givenName", cn + sn)); - attrSet.add(new LDAPAttribute("usertype", "sub")); - attrSet.add(new LDAPAttribute("userstate", "1")); - - attrSet.add( - new LDAPAttribute("description", getCertificateString(cert))); - LDAPAttribute attrCertBin = new LDAPAttribute("usercertificate"); - - attrCertBin.addValue(cert.getEncoded()); - attrSet.add(attrCertBin); - - String name = "uid=" + uid + "," - + "ou=People,o=netscapecertificateServer"; - LDAPEntry entry = new LDAPEntry(name, attrSet); - - conn.add(entry); - System.out.println("ADDED: " + name); - return true; - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - return false; - } - - } - - /** - * Adds a user of objectclass cmsuser . Takes cn,sn,uid,password,certificate as parameters. - */ - - public boolean CMSuserAdd(String cn, String sn, String uid, String pwd, X509Certificate cert) { - - try { - LDAPAttributeSet attrSet = new LDAPAttributeSet(); - - attrSet.add( - new LDAPAttribute("objectclass", - new String[] { - "top", "person", "organizationalPerson", - "inetorgperson", "cmsuser" })); - attrSet.add(new LDAPAttribute("cn", cn)); - attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com")); - attrSet.add(new LDAPAttribute("userpassword", pwd)); - attrSet.add(new LDAPAttribute("sn", sn)); - attrSet.add(new LDAPAttribute("givenName", cn + sn)); - attrSet.add(new LDAPAttribute("usertype", "sub")); - attrSet.add(new LDAPAttribute("userstate", "1")); - - attrSet.add( - new LDAPAttribute("description", getCertificateString(cert))); - - LDAPAttribute attrCertBin = new LDAPAttribute("usercertificate"); - - attrCertBin.addValue(cert.getEncoded()); - attrSet.add(attrCertBin); - - String name = "uid=" + uid + "," - + "ou=People,o=netscapecertificateServer"; - LDAPEntry entry = new LDAPEntry(name, attrSet); - - conn.add(entry); - System.out.println("ADDED: " + name); - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - return false; - } - - return true; - } - - /** - * adds a cms user to Trusted Manager Group. Takes uid as parameter. - */ - - public boolean addCMSUserToTMGroup(String uid) { - try { - LDAPAttributeSet attrSet = new LDAPAttributeSet(); - LDAPAttribute um = new LDAPAttribute("uniquemember", - "uid=" + uid + ",ou=People,o=NetscapeCertificateServer"); - - attrSet.add(um); - LDAPModification gr = new LDAPModification(LDAPModification.ADD, um); - - String dn = "cn=Trusted Managers,ou=groups,o=netscapeCertificateServer"; - - conn.modify(dn, gr); - return true; - - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - return false; - } - - } - - /** - * adds a cms user to Agent Group. Takes subsytem (ca/ra/ocsp/kra) and uid as parameters . - */ - - public boolean addCMSUserToAgentGroup(String subsystem, String uid) { - try { - String dn = null; - - if (subsystem.equals("ocsp")) { - dn = "cn=Online Certificate Status Manager Agents,ou=groups,o=netscapeCertificateServer"; - } - if (subsystem.equals("kra")) { - dn = "cn=Data Recovery Manager Agents,ou=groups,o=netscapeCertificateServer"; - } - if (subsystem.equals("ra")) { - dn = "cn=Registration Manager Agents,ou=groups,o=netscapeCertificateServer"; - } - if (subsystem.equals("ca")) { - dn = "cn=Certificate Manager Agents,ou=groups,o=netscapeCertificateServer"; - } - if (subsystem.equals("tks")) { - dn = "cn=Token Key Service Manager Agents,ou=groups,o=netscapeCertificateServer"; - } - - LDAPAttributeSet attrSet = new LDAPAttributeSet(); - LDAPAttribute um = new LDAPAttribute("uniquemember", - "uid=" + uid + ",ou=People,o=NetscapeCertificateServer"); - - System.out.println( - "uid=" + uid + ",ou=People,o=NetscapeCertificateServer"); - - attrSet.add(um); - LDAPModification gr = new LDAPModification(LDAPModification.ADD, um); - - conn.modify(dn, gr); - - return true; - - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - return false; - } - - } - - /** - * Will trun of SSL in LDAP server - **/ - - public boolean TurnOffSSL() { - try { - - LDAPModificationSet mods = new LDAPModificationSet(); - LDAPAttribute ssl3 = new LDAPAttribute("nsssl3", "off"); - LDAPAttribute ssl3ciphers = new LDAPAttribute("nsssl3ciphers", ""); - LDAPAttribute kfile = new LDAPAttribute("nskeyfile", "alias/"); - LDAPAttribute cfile = new LDAPAttribute("nscertfile", "alias/"); - LDAPAttribute cauth = new LDAPAttribute("nssslclientauth", "allowed"); - - // conn.delete("cn=RSA,cn=encryption,cn=config"); - - mods.add(LDAPModification.REPLACE, ssl3); - mods.add(LDAPModification.DELETE, ssl3ciphers); - mods.add(LDAPModification.DELETE, kfile); - mods.add(LDAPModification.DELETE, cfile); - mods.add(LDAPModification.DELETE, cauth); - System.out.println("going to mod"); - // conn.modify("cn=encryption,cn=config",mods); - System.out.println("mod en=encryption"); - int i = 4; - - while (i >= 0) { - mods.removeElementAt(i); - i--; - } - - LDAPAttribute sec = new LDAPAttribute("nsslapd-security", "off"); - - mods.add(LDAPModification.REPLACE, sec); - conn.modify("cn=config", mods); - System.out.println("mod cn=config"); - - return true; - - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - return false; - } - - } - - /** - * Will Turn ON SSL in LDAP server . Takes certPrefix, certificatenickanme and sslport as parameters. - **/ - - public boolean TurnOnSSL(String certPrefix, String certName, String sslport) { - String CIPHERS = - "-rsa_null_md5,+rsa_fips_3des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_rc4_128_md5,+rsa_des_sha,+rsa_rc2_40_md5,+rsa_rc4_40_md5"; - - try { - int searchScope = LDAPv2.SCOPE_SUB; - String getAttrs[] = { "nssslactivation" }; - - LDAPModificationSet mods = new LDAPModificationSet(); - LDAPAttribute sec = new LDAPAttribute("nsslapd-security", "on"); - LDAPAttribute sp = new LDAPAttribute("nsslapd-securePort", sslport); - - mods.add(LDAPModification.REPLACE, sec); - mods.add(LDAPModification.REPLACE, sp); - conn.modify("cn=config", mods); - mods.removeElementAt(1); - mods.removeElementAt(0); - - LDAPAttribute ssl3 = new LDAPAttribute("nsssl3", "on"); - LDAPAttribute ssl3ciphers = new LDAPAttribute("nsssl3ciphers", - CIPHERS); - LDAPAttribute kfile = new LDAPAttribute("nskeyfile", - "alias/" + certPrefix + "-key3.db"); - LDAPAttribute cfile = new LDAPAttribute("nscertfile", - "alias/" + certPrefix + "-cert7.db"); - LDAPAttribute cauth = new LDAPAttribute("nssslclientauth", "allowed"); - - mods.add(LDAPModification.REPLACE, ssl3); - mods.add(LDAPModification.REPLACE, ssl3ciphers); - mods.add(LDAPModification.REPLACE, kfile); - mods.add(LDAPModification.REPLACE, cfile); - mods.add(LDAPModification.REPLACE, cauth); - - conn.modify("cn=encryption,cn=config", mods); - int i = 4; - - while (i >= 0) { - mods.removeElementAt(i); - i--; - } - - // conn.delete("cn=RSA,cn=encryption,cn=config"); - try { - conn.search( - "cn=RSA,cn=encryption,cn=config", searchScope, null, - getAttrs, false); // check for errors - - LDAPAttribute cn = new LDAPAttribute("cn", "RSA"); - LDAPAttribute ssltoken = new LDAPAttribute("nsssltoken", - "internal (software)"); - LDAPAttribute activation = new LDAPAttribute("nssslactivation", - "on"); - LDAPAttribute cname = new LDAPAttribute("nssslpersonalityssl", - certName); - - mods.add(LDAPModification.REPLACE, cn); - mods.add(LDAPModification.REPLACE, ssltoken); - mods.add(LDAPModification.REPLACE, activation); - mods.add(LDAPModification.REPLACE, cname); - - conn.modify("cn=RSA,cn=encryption,cn=config", mods); - - } catch (Exception e1) { - LDAPAttributeSet attrSet = new LDAPAttributeSet(); - - attrSet.add( - new LDAPAttribute("objectclass", - new String[] { "top", "nsEncryptionModule" })); - attrSet.add(new LDAPAttribute("cn", "RSA")); - attrSet.add( - new LDAPAttribute("nsssltoken", "internal (software)")); - attrSet.add(new LDAPAttribute("nssslactivation", "on")); - attrSet.add(new LDAPAttribute("nssslpersonalityssl", certName)); - LDAPEntry entry = new LDAPEntry("cn=RSA,cn=encryption,cn=config", - attrSet); - - conn.add(entry); - } - - return true; - - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - return false; - } - - } - - public static void main(String args[]) { - String HOST = args[0]; - // int PORT = Integer.parseInt(args[1]); - String PORT = args[1]; - String DN = args[2]; - String PASSWORD = args[3]; - String BASEDN = args[4]; - - /*String s = - "MIICFzCCAYCgAwIBAgIBBjANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVz\ndDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MTEyMTUx\nMzZaFw0wNDA0MTAwOTQ2NTVaMFwxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNTU0wxHTAbBgNVBAsT\nFHNzbHRlc3QxMDUwMDk3ODkzNzQ1MSAwHgYDVQQDExdqdXBpdGVyMi5uc2NwLmFvbHR3Lm5ldDBc\nMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCsCTIIQ+bJMfPHi6kwa7HF+/xSTVHcpZ5zsodXsNWjPlD\noRu/5KAO8NotfwGnYmALWdYnqXCF0q0gkaJQalQTAgMBAAGjRjBEMA4GA1UdDwEB/wQEAwIFoDAR\nBglghkgBhvhCAQEEBAMCBkAwHwYDVR0jBBgwFoAUzxZkSySZT/Y3SxGMEiNyHnLUOPAwDQYJKoZI\nhvcNAQEEBQADgYEALtpqMOtZt6j5KlghDFgdg/dvf36nWiZwC1ap6+ka22shLkA/RjmOix97btzT\nQ+8LcmdkAW5iap4YbtrCu0wdN6IbIEXoQI1QGZBoKO2o02utssXANmTnRCyH/GX2KefQlp1NSRj9\nZNZ+GRT2Qk/8G5Ds9vVjm1I5+/AkzI9jS14="; - - s = "-----BEGIN CERTIFICATE-----" + "\n" + s + "\n" - + "-----END CERTIFICATE-----\n";*/ - - try { - - System.out.println(HOST + PORT + DN + PASSWORD + BASEDN); - CMSLDAP caIdb = new CMSLDAP(HOST, PORT, DN, PASSWORD); - - /* FileInputStream fis = new FileInputStream("t1"); - DataInputStream dis = new DataInputStream(fis); - - byte[] bytes = new byte[dis.available()]; - dis.readFully(bytes); - - // bytes=s.getBytes(); - */ - - if (!caIdb.connect()) { - System.out.println("Could not connect to CA internal DB port"); - } - - if (!caIdb.searchCRL("o=mcom.com", "uid=CManager")) { - System.out.println("CRL is not published"); - } - - // if(!caIdb.searchUserCert("o=mcom.com","uid=test")) - // System.out.println("USer cert is not published"); - - // if (!caIdb.CMSuserAdd("ra-trust" ,"ra-trust","ra-trust","netscape",bytes)) - // {System.out.println("Trusted MAnager user Could not be add ");} - - // if(!caIdb.addCMSUserToTMGroup("ra-trust")) - // {System.out.println("CMS user Could not be added to Trusted manager group "); } - - // if(!caIdb.addCMSUserToAgentGroup("ra","ra-agent")) - // {System.out.println("CMS user Could not be added to Trusted manager group "); } - /* if(!caIdb.userAdd(BASEDN,"raeetest1","raeetest1","raeetest1","netscape")) - {System.out.println("CMS user Could not be added to Trusted manager group "); } - */ - - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - } - - } -} diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java b/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java deleted file mode 100644 index 5cf513417..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java +++ /dev/null @@ -1,703 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -/* - * @(#)Properties.java 1.60 00/02/02 - * - * Copyright 1995-2000 Sun Microsystems, Inc. All Rights Reserved. - * - * This software is the proprietary information of Sun Microsystems, Inc. - * Use is subject to license terms. - * - */ - -import java.io.BufferedReader; -import java.io.BufferedWriter; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.io.PrintStream; -import java.io.PrintWriter; -import java.util.Date; -import java.util.Enumeration; -import java.util.Hashtable; - -/** - * The <code>Properties</code> class represents a persistent set of - * properties. The <code>Properties</code> can be saved to a stream - * or loaded from a stream. Each key and its corresponding value in - * the property list is a string. - * <p> - * A property list can contain another property list as its "defaults"; this second property list is searched if the - * property key is not found in the original property list. - * <p> - * Because <code>Properties</code> inherits from <code>Hashtable</code>, the <code>put</code> and <code>putAll</code> - * methods can be applied to a <code>Properties</code> object. Their use is strongly discouraged as they allow the - * caller to insert entries whose keys or values are not <code>Strings</code>. The <code>setProperty</code> method - * should be used instead. If the <code>store</code> or <code>save</code> method is called on a "compromised" - * <code>Properties</code> object that contains a non- <code>String</code> key or value, the call will fail. - * <p> - * <a name="encoding"></a> When saving properties to a stream or loading them from a stream, the ISO 8859-1 character - * encoding is used. For characters that cannot be directly represented in this encoding, <a - * href="http://java.sun.com/docs/books/jls/html/3.doc.html#100850">Unicode escapes</a> are used; however, only a single - * 'u' character is allowed in an escape sequence. The native2ascii tool can be used to convert property files to and - * from other character encodings. - * - * @see <a href="../../../tooldocs/solaris/native2ascii.html">native2ascii tool for Solaris</a> - * @see <a href="../../../tooldocs/win32/native2ascii.html">native2ascii tool for Windows</a> - * - * @author Arthur van Hoff - * @author Michael McCloskey - * @version 1.60, 02/02/00 - * @since JDK1.0 - */ - -class CMSProperties extends Hashtable<String, String> { - - /** - * use serialVersionUID from JDK 1.1.X for interoperability - */ - private static final long serialVersionUID = 4112578634029874840L; - - /** - * A property list that contains default values for any keys not - * found in this property list. - * - * @serial - */ - protected CMSProperties defaults; - - /** - * Creates an empty property list with no default values. - */ - public CMSProperties() { - this(null); - } - - /** - * Creates an empty property list with the specified defaults. - * - * @param defaults the defaults. - */ - public CMSProperties(CMSProperties defaults) { - this.defaults = defaults; - } - - /** - * Calls the hashtable method <code>put</code>. Provided for - * parallelism with the <tt>getProperty</tt> method. Enforces use of - * strings for property keys and values. - * - * @param key the key to be placed into this property list. - * @param value the value corresponding to <tt>key</tt>. - * @see #getProperty - * @since 1.2 - */ - public synchronized Object setProperty(String key, String value) { - return put(key, value); - } - - private static final String keyValueSeparators = "=: \t\r\n\f"; - - private static final String strictKeyValueSeparators = "=:"; - - private static final String specialSaveChars = " \t\r\n\f"; - - private static final String whiteSpaceChars = " \t\r\n\f"; - - /** - * Reads a property list (key and element pairs) from the input stream. - * The stream is assumed to be using the ISO 8859-1 character encoding. - * <p> - * Every property occupies one line of the input stream. Each line is terminated by a line terminator ( - * <code>\n</code> or <code>\r</code> or <code>\r\n</code>). Lines from the input stream are processed until end of - * file is reached on the input stream. - * <p> - * A line that contains only whitespace or whose first non-whitespace character is an ASCII <code>#</code> or - * <code>!</code> is ignored (thus, <code>#</code> or <code>!</code> indicate comment lines). - * <p> - * Every line other than a blank line or a comment line describes one property to be added to the table (except that - * if a line ends with \, then the following line, if it exists, is treated as a continuation line, as described - * below). The key consists of all the characters in the line starting with the first non-whitespace character and - * up to, but not including, the first ASCII <code>=</code>, <code>:</code>, or whitespace character. All of the key - * termination characters may be included in the key by preceding them with a \. Any whitespace after the key is - * skipped; if the first non-whitespace character after the key is <code>=</code> or <code>:</code>, then it is - * ignored and any whitespace characters after it are also skipped. All remaining characters on the line become part - * of the associated element string. Within the element string, the ASCII escape sequences <code>\t</code>, - * <code>\n</code>, <code>\r</code>, <code>\\</code>, <code>\"</code>, <code>\'</code>, <code>\  </code>  (a - * backslash and a space), and <code>\u</code><i>xxxx</i> are recognized and converted to single characters. - * Moreover, if the last character on the line is <code>\</code>, then the next line is treated as a continuation of - * the current line; the <code>\</code> and line terminator are simply discarded, and any leading whitespace - * characters on the continuation line are also discarded and are not part of the element string. - * <p> - * As an example, each of the following four lines specifies the key <code>"Truth"</code> and the associated element - * value <code>"Beauty"</code>: - * <p> - * - * <pre> - * Truth = Beauty - * Truth:Beauty - * Truth :Beauty - * </pre> - * - * As another example, the following three lines specify a single property: - * <p> - * - * <pre> - * fruits apple, banana, pear, \ - * cantaloupe, watermelon, \ - * kiwi, mango - * </pre> - * - * The key is <code>"fruits"</code> and the associated element is: - * <p> - * - * <pre> - * "apple, banana, pear, cantaloupe, watermelon,kiwi, mango" - * </pre> - * - * Note that a space appears before each <code>\</code> so that a space will appear after each comma in the final - * result; the <code>\</code>, line terminator, and leading whitespace on the continuation line are merely discarded - * and are <i>not</i> replaced by one or more other characters. - * <p> - * As a third example, the line: - * <p> - * - * <pre> - * cheeses - * </pre> - * - * specifies that the key is <code>"cheeses"</code> and the associated element is the empty string. - * <p> - * - * @param inStream the input stream. - * @exception IOException if an error occurred when reading from the - * input stream. - */ - public synchronized void load(InputStream inStream) throws IOException { - - BufferedReader in = new BufferedReader( - new InputStreamReader(inStream, "8859_1")); - - while (true) { - // Get next line - String line = in.readLine(); - - if (line == null) { - return; - } - - if (line.length() > 0) { - // Continue lines that end in slashes if they are not comments - char firstChar = line.charAt(0); - - if ((firstChar != '#') && (firstChar != '!')) { - while (continueLine(line)) { - String nextLine = in.readLine(); - - if (nextLine == null) { - nextLine = ""; - } - String loppedLine = line.substring(0, line.length() - 1); - // Advance beyond whitespace on new line - int startIndex = 0; - - for (startIndex = 0; startIndex < nextLine.length(); startIndex++) { - if (whiteSpaceChars.indexOf( - nextLine.charAt(startIndex)) == -1) { - break; - } - } - nextLine = nextLine.substring(startIndex, - nextLine.length()); - line = loppedLine + nextLine; - } - - // Find start of key - int len = line.length(); - int keyStart; - - for (keyStart = 0; keyStart < len; keyStart++) { - if (whiteSpaceChars.indexOf(line.charAt(keyStart)) == -1) { - break; - } - } - - // Blank lines are ignored - if (keyStart == len) { - continue; - } - - // Find separation between key and value - int separatorIndex; - - for (separatorIndex = keyStart; separatorIndex < len; separatorIndex++) { - char currentChar = line.charAt(separatorIndex); - - if (currentChar == '\\') { - separatorIndex++; - } else if (keyValueSeparators.indexOf(currentChar) != -1) { - break; - } - } - - // Skip over whitespace after key if any - int valueIndex; - - for (valueIndex = separatorIndex; valueIndex < len; valueIndex++) { - if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) == -1) { - break; - } - } - - // Skip over one non whitespace key value separators if any - if (valueIndex < len) { - if (strictKeyValueSeparators.indexOf( - line.charAt(valueIndex)) != -1) { - valueIndex++; - } - } - - // Skip over white space after other separators if any - while (valueIndex < len) { - if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) == -1) { - break; - } - valueIndex++; - } - String key = line.substring(keyStart, separatorIndex); - String value = (separatorIndex < len) - ? line.substring(valueIndex, len) - : ""; - - // Convert then store key and value - key = loadConvert(key); - value = loadConvert(value); - put(key, value); - } - } - } - } - - /* - * Returns true if the given line is a line that must - * be appended to the next line - */ - private boolean continueLine(String line) { - int slashCount = 0; - int index = line.length() - 1; - - while ((index >= 0) && (line.charAt(index--) == '\\')) { - slashCount++; - } - return (slashCount % 2 == 1); - } - - /* - * Converts encoded \uxxxx to unicode chars - * and changes special saved chars to their original forms - */ - private String loadConvert(String theString) { - char aChar; - int len = theString.length(); - StringBuffer outBuffer = new StringBuffer(len); - - for (int x = 0; x < len;) { - aChar = theString.charAt(x++); - if (aChar == '\\') { - aChar = theString.charAt(x++); - if (aChar == 'u') { - // Read the xxxx - int value = 0; - - for (int i = 0; i < 4; i++) { - aChar = theString.charAt(x++); - switch (aChar) { - case '0': - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': - value = (value << 4) + aChar - '0'; - break; - - case 'a': - case 'b': - case 'c': - case 'd': - case 'e': - case 'f': - value = (value << 4) + 10 + aChar - 'a'; - break; - - case 'A': - case 'B': - case 'C': - case 'D': - case 'E': - case 'F': - value = (value << 4) + 10 + aChar - 'A'; - break; - - default: - throw new IllegalArgumentException( - "Malformed \\uxxxx encoding."); - } - } - outBuffer.append((char) value); - } else { - if (aChar == 't') { - aChar = '\t'; - } else if (aChar == 'r') { - aChar = '\r'; - } else if (aChar == 'n') { - aChar = '\n'; - } else if (aChar == 'f') { - aChar = '\f'; - } - outBuffer.append(aChar); - } - } else { - outBuffer.append(aChar); - } - } - return outBuffer.toString(); - } - - /* - * Converts unicodes to encoded \uxxxx - * and writes out any of the characters in specialSaveChars - * with a preceding slash - */ - private String saveConvert(String theString, boolean escapeSpace) { - int len = theString.length(); - StringBuffer outBuffer = new StringBuffer(len * 2); - - for (int x = 0; x < len; x++) { - char aChar = theString.charAt(x); - - switch (aChar) { - case ' ': - if (x == 0 || escapeSpace) { - outBuffer.append('\\'); - } - - outBuffer.append(' '); - break; - - case '\\': - outBuffer.append('\\'); - outBuffer.append('\\'); - break; - - case '\t': - outBuffer.append('\\'); - outBuffer.append('t'); - break; - - case '\n': - outBuffer.append('\\'); - outBuffer.append('n'); - break; - - case '\r': - outBuffer.append('\\'); - outBuffer.append('r'); - break; - - case '\f': - outBuffer.append('\\'); - outBuffer.append('f'); - break; - - default: - if ((aChar < 0x0020) || (aChar > 0x007e)) { - outBuffer.append('\\'); - outBuffer.append('u'); - outBuffer.append(toHex((aChar >> 12) & 0xF)); - outBuffer.append(toHex((aChar >> 8) & 0xF)); - outBuffer.append(toHex((aChar >> 4) & 0xF)); - outBuffer.append(toHex(aChar & 0xF)); - } else { - if (specialSaveChars.indexOf(aChar) != -1) { - outBuffer.append('\\'); - } - outBuffer.append(aChar); - } - } - } - return outBuffer.toString(); - } - - /** - * Calls the <code>store(OutputStream out, String header)</code> method - * and suppresses IOExceptions that were thrown. - * - * @deprecated This method does not throw an IOException if an I/O error - * occurs while saving the property list. As of the Java 2 platform v1.2, the preferred - * way to save a properties list is via the <code>store(OutputStream out, - * String header)</code> method. - * - * @param out an output stream. - * @param header a description of the property list. - * @exception ClassCastException if this <code>Properties</code> object - * contains any keys or values that are not <code>Strings</code>. - */ - public synchronized void save(OutputStream out, String header) { - try { - store(out, header); - } catch (IOException e) { - } - } - - /** - * Writes this property list (key and element pairs) in this <code>Properties</code> table to the output stream in a - * format suitable - * for loading into a <code>Properties</code> table using the <code>load</code> method. - * The stream is written using the ISO 8859-1 character encoding. - * <p> - * Properties from the defaults table of this <code>Properties</code> table (if any) are <i>not</i> written out by - * this method. - * <p> - * If the header argument is not null, then an ASCII <code>#</code> character, the header string, and a line - * separator are first written to the output stream. Thus, the <code>header</code> can serve as an identifying - * comment. - * <p> - * Next, a comment line is always written, consisting of an ASCII <code>#</code> character, the current date and - * time (as if produced by the <code>toString</code> method of <code>Date</code> for the current time), and a line - * separator as generated by the Writer. - * <p> - * Then every entry in this <code>Properties</code> table is written out, one per line. For each entry the key - * string is written, then an ASCII <code>=</code>, then the associated element string. Each character of the - * element string is examined to see whether it should be rendered as an escape sequence. The ASCII characters - * <code>\</code>, tab, newline, and carriage return are written as <code>\\</code>, <code>\t</code>, - * <code>\n</code>, and <code>\r</code>, respectively. Characters less than <code>\u0020</code> and characters - * greater than <code>\u007E</code> are written as <code>\u</code><i>xxxx</i> for the appropriate - * hexadecimal value <i>xxxx</i>. Leading space characters, but not embedded or trailing space characters, are - * written with a preceding <code>\</code>. The key and value characters <code>#</code>, <code>!</code>, - * <code>=</code>, and <code>:</code> are written with a preceding slash to ensure that they are properly loaded. - * <p> - * After the entries have been written, the output stream is flushed. The output stream remains open after this - * method returns. - * - * @param out an output stream. - * @param header a description of the property list. - * @exception IOException if writing this property list to the specified - * output stream throws an <tt>IOException</tt>. - * @exception ClassCastException if this <code>Properties</code> object - * contains any keys or values that are not <code>Strings</code>. - */ - public synchronized void store(OutputStream out, String header) - throws IOException { - BufferedWriter awriter; - - awriter = new BufferedWriter(new OutputStreamWriter(out, "8859_1")); - if (header != null) { - writeln(awriter, "#" + header); - } - writeln(awriter, "#" + new Date().toString()); - for (Enumeration<String> e = keys(); e.hasMoreElements();) { - String key = e.nextElement(); - String val = get(key); - - key = saveConvert(key, true); - - /* No need to escape embedded and trailing spaces for value, hence - * pass false to flag. - */ - val = saveConvert(val, false); - writeln(awriter, key + "=" + val); - } - awriter.flush(); - } - - private static void writeln(BufferedWriter bw, String s) throws IOException { - bw.write(s); - bw.newLine(); - } - - /** - * Searches for the property with the specified key in this property list. - * If the key is not found in this property list, the default property list, - * and its defaults, recursively, are then checked. The method returns <code>null</code> if the property is not - * found. - * - * @param key the property key. - * @return the value in this property list with the specified key value. - * @see #setProperty - * @see #defaults - */ - public String getProperty(String key) { - String oval = super.get(key); - - return ((oval == null) && (defaults != null)) - ? defaults.getProperty(key) - : oval; - } - - /** - * Searches for the property with the specified key in this property list. - * If the key is not found in this property list, the default property list, - * and its defaults, recursively, are then checked. The method returns the - * default value argument if the property is not found. - * - * @param key the hashtable key. - * @param defaultValue a default value. - * - * @return the value in this property list with the specified key value. - * @see #setProperty - * @see #defaults - */ - public String getProperty(String key, String defaultValue) { - String val = getProperty(key); - - return (val == null) ? defaultValue : val; - } - - /** - * Returns an enumeration of all the keys in this property list, including - * the keys in the default property list. - * - * @return an enumeration of all the keys in this property list, including - * the keys in the default property list. - * @see java.util.Enumeration - * @see java.util.Properties#defaults - */ - public Enumeration<String> propertyNames() { - Hashtable<String, String> h = new Hashtable<String, String>(); - - enumerate(h); - return h.keys(); - } - - /** - * Prints this property list out to the specified output stream. - * This method is useful for debugging. - * - * @param out an output stream. - */ - public void list(PrintStream out) { - out.println("-- listing properties --"); - Hashtable<String, String> h = new Hashtable<String, String>(); - - enumerate(h); - for (Enumeration<String> e = h.keys(); e.hasMoreElements();) { - String key = e.nextElement(); - String val = h.get(key); - - if (val.length() > 40) { - val = val.substring(0, 37) + "..."; - } - out.println(key + "=" + val); - } - } - - /** - * Prints this property list out to the specified output stream. - * This method is useful for debugging. - * - * @param out an output stream. - * @since JDK1.1 - */ - - /* - * Rather than use an anonymous inner class to share common code, this - * method is duplicated in order to ensure that a non-1.1 compiler can - * compile this file. - */ - public void list(PrintWriter out) { - out.println("-- listing properties --"); - Hashtable<String, String> h = new Hashtable<String, String>(); - - enumerate(h); - for (Enumeration<String> e = h.keys(); e.hasMoreElements();) { - String key = e.nextElement(); - String val = h.get(key); - - if (val.length() > 40) { - val = val.substring(0, 37) + "..."; - } - out.println(key + "=" + val); - } - } - - /** - * Enumerates all key/value pairs in the specified hastable. - * - * @param h the hashtable - */ - private synchronized void enumerate(Hashtable<String, String> h) { - if (defaults != null) { - defaults.enumerate(h); - } - for (Enumeration<String> e = keys(); e.hasMoreElements();) { - String key = e.nextElement(); - - h.put(key, get(key)); - } - } - - /** - * Convert a nibble to a hex character - * - * @param nibble the nibble to convert. - */ - private static char toHex(int nibble) { - return hexDigit[(nibble & 0xF)]; - } - - /** A table of hex digits */ - private static final char[] hexDigit = { - '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', - 'E', 'F' - }; - - @Override - public int hashCode() { - final int prime = 31; - int result = super.hashCode(); - result = prime * result + ((defaults == null) ? 0 : defaults.hashCode()); - return result; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) - return true; - if (!super.equals(obj)) - return false; - if (getClass() != obj.getClass()) - return false; - CMSProperties other = (CMSProperties) obj; - if (defaults == null) { - if (other.defaults != null) - return false; - } else if (!defaults.equals(other.defaults)) - return false; - return true; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSTask.java b/base/silent/src/com/netscape/pkisilent/common/CMSTask.java deleted file mode 100644 index 953dcd25d..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/CMSTask.java +++ /dev/null @@ -1,189 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; - -import com.netscape.pkisilent.argparser.ArgParser; -import com.netscape.pkisilent.argparser.StringHolder; - -/** - * CS Test framework . - * This class starts and stops CS server from command line - */ - -public class CMSTask { - - private static String operation; - private static String serverRoot; - private Process p = null; - - /** - * Constructor . Takes CMS server root as parameter - * for example (/export/qa/cert-jupiter2) - **/ - - public CMSTask() {// do nothing - } - - public CMSTask(String sroot) { - serverRoot = sroot; - } - - public boolean CMSStart() { - - try { - System.out.println("Starting Certificate System:"); - Runtime r = Runtime.getRuntime(); - - p = r.exec(serverRoot + "/start-cert"); - - InputStreamReader isr = new InputStreamReader(p.getInputStream()); - BufferedReader br = new BufferedReader(isr); - String s = null; - - try { - while ((s = br.readLine()) != null) { - if (s.indexOf("started") > 0) { - return true; - } - // do something - } - } catch (IOException ioe) { - ioe.printStackTrace(); - } - - return false; - - } catch (Throwable e) { - e.printStackTrace(); - } - - return false; - } - - public boolean CMSStop() { - try { - Runtime r = Runtime.getRuntime(); - - System.out.println("Stopping Certificate System:"); - p = r.exec(serverRoot + "/stop-cert"); - BufferedReader br = new BufferedReader( - new InputStreamReader(p.getInputStream())); - String line; - - while ((line = br.readLine()) != null) { - System.out.println(" " + line); - if (line.indexOf("server shut down") > -1) { - return true; - } else { - return false; - } - } - } catch (Throwable e) { - e.printStackTrace(); - } - return false; - } - - public boolean CMSRestart() { - try { - System.out.println("Restarting Certificate System:"); - Runtime r = Runtime.getRuntime(); - - p = r.exec(serverRoot + "/restart-cert"); - BufferedReader br = new BufferedReader( - new InputStreamReader(p.getInputStream())); - String line; - - while ((line = br.readLine()) != null) { - System.out.println(" " + line); - if (line.indexOf("started") > -1) { - return true; - } else { - return false; - } - } - - } catch (Throwable e) { - e.printStackTrace(); - } - return false; - } - - public boolean task() { - if (operation.equalsIgnoreCase("stop")) { - CMSStop(); - return true; - } - - if (operation.equalsIgnoreCase("start")) { - CMSStart(); - return true; - } - - if (operation.equalsIgnoreCase("restart")) { - CMSRestart(); - return true; - } - - return false; - } - - public static void main(String args[]) { - CMSTask prof = new CMSTask(); - // parse args - StringHolder x_instance_root = new StringHolder(); - StringHolder x_operation = new StringHolder(); - - // parse the args - ArgParser parser = new ArgParser("CMSTask"); - - parser.addOption("-instance_root %s #CA Server Root", x_instance_root); - parser.addOption("-operation %s #CA operation [stop,start,restart]", - x_operation); - - // and then match the arguments - String[] unmatched = null; - - unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED); - - if (unmatched != null) { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - // set variables - serverRoot = x_instance_root.value; - operation = x_operation.value; - - boolean st = prof.task(); - - if (!st) { - System.out.println("ERROR"); - } - - System.out.println("SUCCESS"); - - } // end of function main - -} // end of class - diff --git a/base/silent/src/com/netscape/pkisilent/common/CertificateRecord.java b/base/silent/src/com/netscape/pkisilent/common/CertificateRecord.java deleted file mode 100644 index 9599eb6dd..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/CertificateRecord.java +++ /dev/null @@ -1,44 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -public class CertificateRecord { - - public String revokedOn = null; - public String revokedBy = null; - public String revocation_info = null; - public String signatureAlgorithm = null; - public String serialNumber = null; - public String subjectPublicKeyLength = null; - public String type = null; - public String subject = null; - public String issuedOn = null; - public String validNotBefore = null; - public String validNotAfter = null; - public String issuedBy = null; - public String subjectPublicKeyAlgorithm = null; - public String certChainBase64 = null; - public String certFingerprint = null; - public String pkcs7ChainBase64 = null; - public String certPrettyPrint = null; - - public CertificateRecord() {// Do nothing - } - -}; diff --git a/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java b/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java deleted file mode 100644 index 7abe775a3..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java +++ /dev/null @@ -1,768 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.ByteArrayInputStream; -import java.security.KeyPair; - -import netscape.security.x509.X500Name; - -import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.asn1.ASN1Util; -import org.mozilla.jss.asn1.BIT_STRING; -import org.mozilla.jss.asn1.INTEGER; -import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; -import org.mozilla.jss.asn1.OCTET_STRING; -import org.mozilla.jss.asn1.SEQUENCE; -import org.mozilla.jss.crypto.AlreadyInitializedException; -import org.mozilla.jss.crypto.CryptoStore; -import org.mozilla.jss.crypto.CryptoToken; -import org.mozilla.jss.crypto.IVParameterSpec; -import org.mozilla.jss.crypto.InternalCertificate; -import org.mozilla.jss.crypto.KeyGenAlgorithm; -import org.mozilla.jss.crypto.KeyGenerator; -import org.mozilla.jss.crypto.KeyPairAlgorithm; -import org.mozilla.jss.crypto.KeyPairGenerator; -import org.mozilla.jss.crypto.KeyWrapAlgorithm; -import org.mozilla.jss.crypto.KeyWrapper; -import org.mozilla.jss.crypto.PrivateKey; -import org.mozilla.jss.crypto.SymmetricKey; -import org.mozilla.jss.crypto.X509Certificate; -import org.mozilla.jss.pkix.crmf.CertReqMsg; -import org.mozilla.jss.pkix.crmf.CertRequest; -import org.mozilla.jss.pkix.crmf.CertTemplate; -import org.mozilla.jss.pkix.crmf.EncryptedKey; -import org.mozilla.jss.pkix.crmf.EncryptedValue; -import org.mozilla.jss.pkix.crmf.PKIArchiveOptions; -import org.mozilla.jss.pkix.crmf.POPOPrivKey; -import org.mozilla.jss.pkix.crmf.ProofOfPossession; -import org.mozilla.jss.pkix.primitive.AVA; -import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; -import org.mozilla.jss.pkix.primitive.Name; -import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo; -import org.mozilla.jss.util.Password; - -import com.netscape.cmsutil.util.Utils; - -/** - * CMS Test framework . - * Use this class to initalize,add a certificate ,generate a certificate request from certificate database. - */ - -public class ComCrypto { - - private String cdir, certnickname, keysize, keytype, tokenpwd; - @SuppressWarnings("unused") - private String certpackage; - private String pkcs10request; - private boolean debug = true; - private boolean DBlogin = false; - private boolean generaterequest = false; - - private String transportcert = null; - private boolean dualkey = false; - public String CRMF_REQUEST = null; - int START = 1; - int END = START + 1; - Password password = null; - - public static CryptoManager manager; - public static CryptoToken token; - private CryptoStore store; - - private String bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----"; - private String blob, Blob1 = null; - private String Blob2 = null; - private String estr = "-----END NEW CERTIFICATE REQUEST-----"; - - private String certprefix = null; - - public ComCrypto() { - }; - - /** - * Constructor . Takes the parameter certificatedbdirectory , passwordfor cert database, - * certificatenickname,keysize, keytype(RSA/DSA) - * - * @param certdbdirectory. - * @param certdbpassword - * @param certnickname - * @param keysize (1024/2048/4096) - * @param keytype (RSA/DSA) - */ - - public ComCrypto(String cd, String tpwd, String cn, String ks, String kt) { - cdir = cd; - tokenpwd = tpwd; - certnickname = cn; - keysize = ks; - keytype = kt; - } - - // Set and Get functions - - public void setCertDir(String cd) { - cdir = cd; - } - - public void setCertnickname(String cd) { - certnickname = cd; - } - - public void setKeySize(String cd) { - keysize = cd; - } - - public void setKeyType(String cd) { - keytype = cd; - } - - public void setTokenPWD(String cd) { - tokenpwd = cd; - } - - public void setCertPackage(String cd) { - certpackage = cd; - } - - public synchronized void setGenerateRequest(boolean c) { - generaterequest = c; - } - - public void setDebug(boolean t) { - debug = t; - } - - public void setCertPrefix(String prefix) { - certprefix = prefix; - } - - /* - * setTransportCert() should only be called when the calling profile - * needs to do key archivals with the DRM and make sure the function - * generateCRMFtransport() is called for the CRMF request generation - * part. - */ - public void setTransportCert(String tcert) { - transportcert = tcert; - } - - public void setDualKey(boolean dkey) { - dualkey = dkey; - } - - public synchronized String getPkcs10Request() { - return pkcs10request; - } - - /** - * Parses the Certificate and returns SubjectDN . Takes certificate as parameter - */ - - public String getCertificateString(X509Certificate cert) { - if (cert == null) { - return null; - } - - // note that it did not represent a certificate fully - return cert.getVersion() + ";" + cert.getSerialNumber().toString() + ";" - + cert.getIssuerDN() + ";" + cert.getSubjectDN(); - } - - /** - * Finds and returns Certificate . Takes certificatenickname as parameter. - */ - - public X509Certificate findCert(String certname) { - try { - - X509Certificate cert2 = manager.findCertByNickname(certname); - - return cert2; - - } catch (Exception e) { - System.out.println("exception importing cert " + e.getMessage()); - return null; - } - - } - - /** - * Imports a certificate to Certificate Database. Takes certificate and nickname as parameters. - */ - - public boolean importCert(X509Certificate xcert, String nickname) { - try { - - System.out.println( - "importCert x509 : importing with nickname: " + nickname); - - InternalCertificate cert2 = manager.importCertToPerm(xcert, nickname); - - cert2.setSSLTrust(2); - return true; - - } catch (Exception e) { - System.out.println("exception importing cert " + e.getMessage()); - return false; - } - - } - - /** - * Imports a certificate to Certificate Database. Takes certificate and nickname as parameters. - */ - - public boolean importCert(String cpack, String cn) { - - System.out.println("importCert string: importing with nickname: " + cn); - try { - - String tmp = normalize(cpack); - - if (DBlogin) { - System.out.println("Already logged into to DB"); - } - - if (manager == null) { - System.out.println("ComCrypto: importCert :Manager object is null"); - throw new Exception("ComCrypto: importCert :Manager Object is null"); - } - - manager.importCertPackage(tmp.getBytes(), cn); - - return true; - - } catch (Exception e) { - System.out.println( - "ERROR:exception importing cert " + e.getMessage()); - e.printStackTrace(); - return false; - } - - } - - /* imports CA certificate - */ - - public boolean importCACert(String cpack) { - - try { - String tmp = normalize(cpack); - - if (DBlogin) { - System.out.println("Already logged into to DB"); - } - - if (manager == null) { - System.out.println("ComCrypto: importCACert :Manager object is null"); - throw new Exception("ComCrypto: importCACert :Manager object is null"); - } - - manager.importCACertPackage(tmp.getBytes()); - - return true; - - } catch (Exception e) { - System.out.println( - "ERROR:exception importing cert " + e.getMessage()); - return false; - } - - } - - /** - * Normalizes a given certificate string . Removes the extra \\ in the certificate returned by CMS server. - */ - - public String normalize(String s) { - - StringBuffer val = new StringBuffer(); - - for (int i = 0; i < s.length(); i++) { - if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { - val.append('\n'); - i++; - continue; - } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { - i++; - continue; - } else if (s.charAt(i) == '"') { - continue; - } - val.append(s.charAt(i)); - } - return val.toString(); - } - - /** - * Normalizes a given certificate string . Removes the extra \\ in the certificate returned by CMS server. - */ - - public String normalizeForLDAP(String s) { - StringBuffer val = new StringBuffer(); - - for (int i = 0; i < s.length(); i++) { - if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { - val.append("\n" + " "); - i++; - continue; - } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { - i++; - continue; - } else if (s.charAt(i) == '"') { - continue; - } - val.append(s.charAt(i)); - } - return val.toString(); - } - - /** - * Convert to pkcs7 format - */ - - public String pkcs7Convertcert(String s) { - StringBuffer val = new StringBuffer(); - - int len = s.length(); - - for (int i = 0; i < len; i = i + 64) { - - if (i + 64 < len) { - val.append(s.substring(i, i + 64) + "\n"); - } else { - val.append(s.substring(i, len)); - } - - } - return val.toString(); - } - - /** - * Delete all keys frim key3.db - **/ - - public void deleteKeys() { - try { - int i = 0; - - store = token.getCryptoStore(); - PrivateKey[] keys = store.getPrivateKeys(); - - if (debug) { - System.out.println("Now we shall delete all the keys!"); - } - - keys = store.getPrivateKeys(); - for (i = 0; i < keys.length; i++) { - PrivateKey key = keys[i]; - - store.deletePrivateKey(key); - } - - } catch (Exception e) { - e.printStackTrace(); - } - } - - /** - * Creates a new certificate database - **/ - - public boolean CreateCertDB() { - return loginDB(); - - } - - /** - * Login to cert database - **/ - - public boolean loginDB() { - Password pass1 = null; - - try { - if (debug) { - System.out.println("CRYPTO INIT WITH CERTDB:" + cdir); - } - - // this piece of code is to create db's with certain prefix - if (certprefix != null) { - CryptoManager.InitializationValues vals; - - vals = new CryptoManager.InitializationValues(cdir, certprefix, - certprefix, "secmod.db"); - CryptoManager.initialize(vals); - } else { - CryptoManager.initialize(cdir); - } - - manager = CryptoManager.getInstance(); - token = manager.getInternalKeyStorageToken(); - pass1 = new Password(tokenpwd.toCharArray()); - if (token.isLoggedIn() && debug) { - System.out.println("Already Logged in "); - } - - if (debug) { - System.out.println("tokenpwd:" + tokenpwd); - } - - token.login(pass1); - pass1.clear(); - - } catch (AlreadyInitializedException e) { - if (debug) { - System.out.println("Crypto manager already initialized"); - } - } catch (Exception e) { - try { - if (!token.isLoggedIn()) { - token.initPassword(pass1, pass1); - } - return true; - } catch (Exception er) { - System.err.println("some exception:" + e); - return false; - } - } - DBlogin = true; - return true; - } - - /** - * Generate Certificate Request - **/ - - public synchronized boolean generateRequest() { - - System.out.println("generating pkcs10 Request"); - loginDB(); - - try { - debug = true; - System.out.println("Generating request : keysize :" + keysize); - System.out.println("Generating request : subject :" + certnickname); - System.out.println("Generating request : keytype :" + keytype); - - Integer n = new Integer(keysize); - - if (generaterequest) { - blob = token.generateCertRequest(certnickname, n.intValue(), - keytype, (byte[]) null, (byte[]) null, (byte[]) null); - - System.out.println("Cert Request Generated."); - - bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----"; - Blob1 = blob.substring(bstr.length() + 1); - Blob2 = Blob1.substring(0, Blob1.indexOf(estr)); - - System.out.println(Blob2); - pkcs10request = Blob2; - } - - return true; - - } catch (Exception e) { - System.out.println("Exception: Unable to generate request: " + e); - } - - return false; - } - - public String generateCRMFrequest() { - KeyPair pair = null; - - System.out.println("Debug : initialize crypto Manager"); - try { - - // Step 1. initialize crypto Manager - try { - CryptoManager.initialize(cdir); - } catch (Exception e) { - // it is ok if it is already initialized - System.out.println("INITIALIZATION ERROR: " + e.toString()); - System.out.println("cdir = " + cdir); - } - - // Step 2 log into database - try { - - System.out.println("Debug : before getInstance"); - - manager = CryptoManager.getInstance(); - String token_pwd = tokenpwd; - - System.out.println("Debug : before get token"); - - token = manager.getInternalKeyStorageToken(); - password = new Password(token_pwd.toCharArray()); - - System.out.println("Debug : before login password"); - - token.login(password); - - System.out.println("Debug : after login password"); - } catch (Exception e) { - System.out.println("INITIALIZATION ERROR: " + e.toString()); - - if (!token.isLoggedIn()) { - token.initPassword(password, password); - } - } - - // Generating CRMF request - - KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA); - - Integer x = new Integer(keysize); - int key_len = x.intValue(); - - kg.initialize(key_len); - - // 1st key pair - pair = kg.genKeyPair(); - - // create CRMF - CertTemplate certTemplate = new CertTemplate(); - - certTemplate.setVersion(new INTEGER(2)); - - if (certnickname != null) { - X500Name name = new X500Name(certnickname); - ByteArrayInputStream cs = new ByteArrayInputStream(name.getEncoded()); - Name n = (Name) Name.getTemplate().decode(cs); - certTemplate.setSubject(n); - } - - certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); - - SEQUENCE seq = new SEQUENCE(); - CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, - seq); - byte popdata[] = { 0x0, 0x3, 0x0 }; - - ProofOfPossession pop = ProofOfPossession.createKeyEncipherment( - POPOPrivKey.createThisMessage(new BIT_STRING(popdata, 3))); - - CertReqMsg crmfMsg = new CertReqMsg(certReq, pop, null); - - SEQUENCE s1 = new SEQUENCE(); - - // 1st : Encryption key - - s1.addElement(crmfMsg); - - // 2nd : Signing Key - - if (dualkey) { - System.out.println("dualkey = true"); - SEQUENCE seq1 = new SEQUENCE(); - CertRequest certReqSigning = new CertRequest(new INTEGER(1), - certTemplate, seq1); - CertReqMsg signingMsg = new CertReqMsg(certReqSigning, pop, null); - - s1.addElement(signingMsg); - } - - byte encoded[] = ASN1Util.encode(s1); - - // BASE64Encoder encoder = new BASE64Encoder(); - // String Req1 = encoder.encodeBuffer(encoded); - String Req1 = Utils.base64encode(encoded); - - // Set CRMF_REQUEST variable - CRMF_REQUEST = Req1; - - System.out.println("CRMF_REQUEST = " + CRMF_REQUEST); - - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - e.printStackTrace(); - return null; - } - - return CRMF_REQUEST; - } - - /* - * This function is used to Generated CRMF requests wrapped with the - * transport cert so that we can do key archival with the drm. - * This function expects transportcert variable to be set in this class. - * Use setTransportCert() to do the same. - */ - - public String generateCRMFtransport() { - - KeyPair pair = null; - - try { - // Step 1. initialize crypto Manager - try { - CryptoManager.initialize(cdir); - } catch (Exception e) { - // it is ok if it is already initialized - System.out.println("INITIALIZATION ERROR: " + e.toString()); - System.out.println("cdir = " + cdir); - } - - // Step 2 log into database - try { - - System.out.println("Debug : before getInstance"); - - manager = CryptoManager.getInstance(); - String token_pwd = tokenpwd; - - System.out.println("Debug : before get token"); - - token = manager.getInternalKeyStorageToken(); - password = new Password(token_pwd.toCharArray()); - - System.out.println("Debug : before login password"); - - token.login(password); - - System.out.println("Debug : after login password"); - } catch (Exception e) { - System.out.println("INITIALIZATION ERROR: " + e.toString()); - - if (!token.isLoggedIn()) { - token.initPassword(password, password); - } - } - - // Key Pair Generation - KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA); - Integer x = new Integer(keysize); - int key_len = x.intValue(); - - kg.initialize(key_len); - - pair = kg.genKeyPair(); - - // wrap private key - // BASE64Decoder decoder = new BASE64Decoder(); - // byte transport[] = decoder.decodeBuffer(transportcert); - byte transport[] = Utils.base64decode(transportcert); - - X509Certificate tcert = manager.importCACertPackage(transport); - - byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; - - KeyGenerator kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3); - SymmetricKey sk = kg1.generate(); - - // wrap private key using session - KeyWrapper wrapper1 = token.getKeyWrapper( - KeyWrapAlgorithm.DES3_CBC_PAD); - - wrapper1.initWrap(sk, new IVParameterSpec(iv)); - - byte key_data[] = wrapper1.wrap(( - org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()); - - // wrap session using transport - KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); - - rsaWrap.initWrap(tcert.getPublicKey(), null); - - byte session_data[] = rsaWrap.wrap(sk); - - // create CRMF - CertTemplate certTemplate = new CertTemplate(); - - certTemplate.setVersion(new INTEGER(2)); - - if (certnickname != null) { - X500Name name = new X500Name(certnickname); - ByteArrayInputStream cs = new ByteArrayInputStream(name.getEncoded()); - Name n = (Name) Name.getTemplate().decode(cs); - certTemplate.setSubject(n); - } - - certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); - - // set extension - AlgorithmIdentifier algS = new AlgorithmIdentifier( - new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), - new OCTET_STRING(iv)); - - EncryptedValue encValue = new EncryptedValue(null, algS, - new BIT_STRING(session_data, 0), null, null, - new BIT_STRING(key_data, 0)); - - EncryptedKey key = new EncryptedKey(encValue); - PKIArchiveOptions opt = new PKIArchiveOptions(key); - - SEQUENCE seq = new SEQUENCE(); - - seq.addElement( - new AVA(new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.5.1.4"), opt)); - - CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, - seq); - - // Adding proof of possesion data - byte popdata[] = { 0x0, 0x3, 0x0 }; - ProofOfPossession pop = ProofOfPossession.createKeyEncipherment( - POPOPrivKey.createThisMessage(new BIT_STRING(popdata, 3))); - - CertReqMsg crmfMsg = new CertReqMsg(certReq, pop, null); - - SEQUENCE s1 = new SEQUENCE(); - - // 1st : Encryption key - s1.addElement(crmfMsg); - - // 2nd : Signing Key - - if (dualkey) { - System.out.println("dualkey = true"); - SEQUENCE seq1 = new SEQUENCE(); - CertRequest certReqSigning = new CertRequest(new INTEGER(1), - certTemplate, seq1); - CertReqMsg signingMsg = new CertReqMsg(certReqSigning, pop, null); - - s1.addElement(signingMsg); - } - - byte encoded[] = ASN1Util.encode(s1); - - // BASE64Encoder encoder = new BASE64Encoder(); - - // CRMF_REQUEST = encoder.encodeBuffer(encoded); - CRMF_REQUEST = Utils.base64encode(encoded); - - System.out.println("Generated crmf request: ...... "); - System.out.println(""); - - System.out.println(CRMF_REQUEST); - System.out.println(""); - System.out.println("End crmf Request:"); - } catch (Exception e) { - System.out.println("Exception: " + e.getMessage()); - } - - return CRMF_REQUEST; - } - -} // end of class - diff --git a/base/silent/src/com/netscape/pkisilent/common/Con2Agent.java b/base/silent/src/com/netscape/pkisilent/common/Con2Agent.java deleted file mode 100644 index 3038a1679..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/Con2Agent.java +++ /dev/null @@ -1,376 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedOutputStream; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.io.OutputStream; -import java.io.PrintStream; -import java.util.Vector; - -import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.crypto.AlreadyInitializedException; -import org.mozilla.jss.crypto.CryptoToken; -import org.mozilla.jss.crypto.X509Certificate; -import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; -import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback; -import org.mozilla.jss.ssl.SSLSocket; -import org.mozilla.jss.util.Password; - -/** - * CMS Test framework . - * Submits a requests to agent port with sslclient authentication. - */ - -public class Con2Agent implements SSLClientCertificateSelectionCallback, - SSLCertificateApprovalCallback { - - private int port; - @SuppressWarnings("unused") - private String certname; - private String host, certdir, certnickname, tokenpwd, query; - private String ACTIONURL; - - private StringBuffer stdout = new StringBuffer(); - - public Con2Agent() { - } - - /** - * Constructor. Takes hostname , portnumber , certificate nickname, token password ,client certdb directory - * - * @param hostname - * @param portnumber - * @param agent cert nickname - * @param token password - * @param certdb directory - */ - - public Con2Agent(String hs, int p, String cname, String tpwd, String cdir) { - host = hs; - port = p; - certnickname = cname; - tokenpwd = tpwd; - certdir = cdir; - } - - public boolean approve(X509Certificate x509, SSLCertificateApprovalCallback.ValidityStatus status) { - return true; - } - - public String select(@SuppressWarnings("rawtypes") Vector nicknames) { - - System.out.println("nicknames size = " + nicknames.size()); - int i = nicknames.size(); - - if (i > 0) { - return (String) nicknames.elementAt(0); - } else { - return null; - } - - } - - // Get and Set methods - - /* - * Get the page returned by the server - */ - - public StringBuffer getPage() { - return stdout; - } - - /* - * Set the query string to be submitted to the server - */ - - public void setQueryString(String qu) { - query = qu; - } - - /* - *Set token password - */ - - public void setTokenPassword(String pwd) { - tokenpwd = pwd; - } - - /* - * Set Client cert database - */ - - public void setCertDBDir(String cdir) { - certdir = cdir; - } - - /* - * Set host name - */ - - public void setHost(String hs) { - host = hs; - } - - /* - * set Agent port number - */ - - public void setPort(int p) { - port = p; - } - - /* - * Set Agent cert nickname - */ - - public void setCertNickName(String cname) { - certnickname = cname; - } - - /* - * Set action URL - */ - - public void setActionURL(String url) { - ACTIONURL = url; - } - - // Submit requests - - public boolean Send() { - SSLSocket socket = null; - OutputStream rawos = null; - BufferedOutputStream os = null; - PrintStream ps = null; - BufferedReader stdin1 = null; - try { - - if (!loginCertDB()) { - return false; - } - - socket = new SSLSocket(host, port, null, 0, this, null); - - System.out.println("Con2Agent.java: host = " + host); - System.out.println("Con2Agent.java: port = " + port); - System.out.println("Con2Agent.java: certnickname = " + certnickname); - - socket.setClientCertNickname(certnickname); - System.out.println("Connected to the socket"); - - rawos = socket.getOutputStream(); - os = new BufferedOutputStream(rawos); - ps = new PrintStream(os); - - System.out.println(ACTIONURL); - System.out.println("Query :" + query); - ps.println("POST " + ACTIONURL + " HTTP/1.0"); - ps.println("Connection: Keep-Alive"); - ps.println("Content-type: application/x-www-form-urlencoded"); - ps.println("Content-length: " + query.length()); - ps.println(""); - ps.println(query); - ps.println("\r"); - ps.flush(); - os.flush(); - stdin1 = new BufferedReader( - new InputStreamReader(socket.getInputStream())); - String line; - - while ((line = stdin1.readLine()) != null) { - stdout.append(line + "\n"); - System.out.println(line); - } - ps.println("Connection: close"); - } catch (Exception e) { - System.out.println("some exception: in Send routine" + e); - return false; - } finally { - // Send Connection: close to let the server close the connection. - // Else the socket on the server side continues to remain in TIME_WAIT state - if (ps != null) - ps.close(); - if (stdin1 != null) { - try { - stdin1.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (socket != null) { - try { - socket.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (os != null) { - try { - os.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (rawos != null) { - try { - rawos.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (socket != null) { - if (socket.isClosed()) { - System.out.println("Con2Agent.java : Socket is Closed"); - } else { - System.out.println("Con2Agent.java : Socket not Closed"); - } - } - } - return true; - } - - private boolean loginCertDB() { - CryptoManager manager; - Password pass1 = null; - - try { - System.out.println("Step 1: Initializing CryptoManager"); - CryptoManager.initialize(certdir); - - System.out.println("Step 2: Login to Cert Database"); - manager = CryptoManager.getInstance(); - CryptoToken token = manager.getInternalKeyStorageToken(); - - if (token.isLoggedIn()) { - System.out.println("Con2Agent: Logged in incorrect"); - } - - System.out.println("tokenpwd:" + tokenpwd); - char[] passchar1 = new char[tokenpwd.length()]; - - tokenpwd.getChars(0, tokenpwd.length(), passchar1, 0); - - pass1 = new Password(passchar1.clone()); - token.login(pass1); - - X509Certificate cert2 = manager.findCertByNickname(certnickname); - - certname = cert2.getNickname(); - return true; - - } catch (AlreadyInitializedException e) { - System.out.println("Crypto manager already initialized"); - return true; - } catch (NumberFormatException e) { - System.err.println("Invalid key size: " + e); - return false; - } catch (java.security.InvalidParameterException e) { - System.err.println("Invalid key size: " + e); - return false; - - } catch (Exception e) { - System.err.println("some exception:" + e); - e.printStackTrace(); - return false; - } - - } - - public boolean Send_withGET() { - SSLSocket socket = null; - OutputStream rawos = null; - BufferedOutputStream os = null; - PrintStream ps = null; - BufferedReader stdin2 = null; - - try { - - if (!loginCertDB()) { - return false; - } - - socket = new SSLSocket(host, port, null, 0, this, null); - - socket.setClientCertNickname(certnickname); - System.out.println("Connected to the socket"); - - rawos = socket.getOutputStream(); - os = new BufferedOutputStream(rawos); - ps = new PrintStream(os); - - System.out.println("Query in con2agent :" + query); - System.out.println("ACTIONURL in con2agent : " + ACTIONURL); - - ps.println("GET " + ACTIONURL + query + " HTTP/1.0"); - ps.println(""); - ps.println("\r"); - ps.flush(); - os.flush(); - stdin2 = new BufferedReader( - new InputStreamReader(socket.getInputStream())); - String line; - - while ((line = stdin2.readLine()) != null) { - stdout.append(line + "\n"); - } - } catch (Exception e) { - System.err.println("some exception: in Send routine" + e); - return false; - } finally { - - if (ps != null) - ps.close(); - if (stdin2 != null) { - try { - stdin2.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (socket != null) { - try { - socket.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (os != null) { - try { - os.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (rawos != null) { - try { - rawos.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - - } - return true; - } - -} // end of class diff --git a/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java b/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java deleted file mode 100644 index 6ab1fb190..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java +++ /dev/null @@ -1,489 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedOutputStream; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.io.OutputStream; -import java.io.PrintStream; -import java.io.UnsupportedEncodingException; -import java.net.URLEncoder; -import java.util.Date; -import java.util.GregorianCalendar; - -import org.mozilla.jss.ssl.SSLSocket; - -/** - * CMS Test framework - Legacyenrollment forms for Directory based enrollmnet and Portal based enrollment . - * Certificate issuance through Legacy Directory based enrollment and Portal based enrollment form. - * <P> - */ - -public class DirEnroll extends TestClient { - - private String Authenticator = "UserDir"; - private int port; - @SuppressWarnings("unused") - private long elapsedTime; - - private String importcert = "false"; - - // Constructors - - /** - * Constructor . Takes the parameter for Properties file name - * <p> - * - * @param propfilename name of the parameter file - */ - - public DirEnroll(String pfile) { - propfileName = pfile; - } - - /** - * Constructor. Takes hostname , EESSLportnumber as parameter - * <p> - * - * @param hostname - * @param portnumber - */ - - public DirEnroll(String h, String p) { - host = h; - ports = p; - } - - /** - * Constructor. Takes - * hostname,EESSLportnumber,uid,password,certdbdirectorypath,certdbpassword,certificatenickname,keysize,teytype - * <p> - * - * @param hostname - * @param portnumber - * @param subjectdn - * @param admuserid - * @param adminpassword - */ - - public DirEnroll(String hs, String p, String uid, String pw, String certdir, String certtokenpwd, String nickname, - String ksz, String kt) { - - host = hs; - ports = p; - UID = uid; - PWD = pw; - cdir = certdir; - tokenpwd = certtokenpwd; - certnickname = nickname; - keysize = "1024"; - keytype = "RSA"; - } - - // Set and Get functions - - /** - * Use this method to set User Info - */ - public void setUIDInfo(String uid, String pw) { - UID = uid; - PWD = pw; - } - - /** - * Returns a string "UserDir" / "Portal" - */ - - public String getAuthenticator() { - return Authenticator; - } - - /** - * Valid values for s - UserDir for Directory based Authntication - * Portal for Portal based Authentication - */ - public void setAuthenticator(String s) { - Authenticator = s; - } - - public boolean enroll_load() throws UnsupportedEncodingException { - buildquery(); - return (Send()); - } - - private boolean pkcs10() { - System.out.println(" In pkcs10 Keysize , key type " + keysize + keytype); - cCrypt.setCertDir(cdir); - cCrypt.setCertnickname("cn=test"); - cCrypt.setKeySize(keysize); - cCrypt.setKeyType(keytype); - cCrypt.setTokenPWD(tokenpwd); - - cCrypt.setDebug(debug); - cCrypt.setGenerateRequest(true); - if (!cCrypt.generateRequest()) { - System.out.println("Request could not be generated "); - return false; - } - pkcs10request = cCrypt.getPkcs10Request(); - - try { - buildquery(); - System.out.println(query); - setStatusString("Congratulations, your certificate has been issued."); - return (Send()); - } catch (Exception e) { - System.err.println("some exception:" + e); - } - - return false; - - } - - /** - * Enroll for certificate . Before calling this mentod SetAuthenticator and setUIDInfo - */ - public boolean enroll() { - return (pkcs10()); - } - - private boolean readProperties() { - - // Read the properties file and assign values to variables . - try { - getProperties(propfileName); - } catch (Exception e) { - System.out.println( - "exception reading Properties File " + e.getMessage()); - return false; - } - - System.out.println("Reading"); - host = props.getProperty("enroll.host"); - ports = props.getProperty("enroll.port"); - UID = props.getProperty("enroll.UID"); - PWD = props.getProperty("enroll.pwd"); - cdir = props.getProperty("enroll.certdir"); - tokenpwd = props.getProperty("enroll.certtokenpwd"); - certnickname = props.getProperty("enroll.nickname"); - keysize = props.getProperty("enroll.keysize"); - keytype = props.getProperty("enroll.keytype"); - Authenticator = props.getProperty("enroll.authenticator"); - GN = props.getProperty("enroll.GN"); - SN = props.getProperty("enroll.SN"); - CN = props.getProperty("enroll.CN"); - OU = props.getProperty("enroll.OU"); - O = props.getProperty("enroll.O"); - MAIL = props.getProperty("enroll.mail"); - L = props.getProperty("enroll.l"); - - importcert = props.getProperty("enroll.importCert"); - if (importcert == null) { - importcert = "false"; - } - String de = props.getProperty("enroll.debug"); - - if (de == null) { - debug = false; - } else if (de.equals("true")) { - debug = true; - } else { - debug = false; - } - - System.out.println("Reading done"); - // Enroll using a pkscks10 request - return true; - } - - // Private functions - - private boolean importCert(String certpack) { - - if (importcert.equals("false")) { - return true; - } - - try { - if (certpack == null) { - return false; - } - - if (debug) { - System.out.println( - "importing cert" + certpack + "certnick" + certnickname); - } - - cCrypt.importCert(certpack, certnickname); - - return true; - - } catch (Exception e) { - System.out.println("exception importing cert " + e.getMessage()); - return false; - } - - } - - private void setElapsedTime(long dif) { - elapsedTime = dif; - } - - private long calculateElapsedTime(GregorianCalendar b, GregorianCalendar e) { - - Date d1 = b.getTime(); - Date d2 = e.getTime(); - long l1 = d1.getTime(); - long l2 = d2.getTime(); - long difference = l2 - l1; - - return difference; - - } - - private boolean Send() { - boolean st = false; - SSLSocket socket = null; - OutputStream rawos = null; - BufferedOutputStream os = null; - PrintStream ps = null; - BufferedReader stdin = null; - try { - if (debug) { - System.out.println("Step 3 : Socket initialize"); - } - - Integer x = new Integer(ports); - - port = x.intValue(); - ErrorDetail = null; - GregorianCalendar begin = new GregorianCalendar(); - - // SSLSocket socket = new SSLSocket(host,port); - socket = new SSLSocket(host, port, null, 0, this, null); - - socket.setUseClientMode(true); - - rawos = socket.getOutputStream(); - os = new BufferedOutputStream(rawos); - ps = new PrintStream(os); - - ps.println("POST /enrollment HTTP/1.0"); - ps.println("Connection: Keep-Alive"); - ps.println("Content-type: application/x-www-form-urlencoded"); - ps.println("Content-length: " + query.length()); - ps.println(""); - ps.println(query); - ps.println("\r"); - ps.flush(); - os.flush(); - stdin = new BufferedReader( - new InputStreamReader(socket.getInputStream())); - - if (debug) { - System.out.println("Step 4: Received the page"); - } - st = false; - String line; - - while ((line = stdin.readLine()) != null) { - if (debug) { - System.out.println(line); - } - if (line.indexOf(STATUS) != -1) { - st = true; - } - if (getError(line)) { - st = true; - } - - if (line.indexOf("record.base64Cert=") > -1) { - String baseCert = line; - - System.out.println("BaseCert : " + baseCert); - if (importcert.equals("true")) { - String strbase = "record.base64Cert="; - - int n = strbase.length() + 1; - - baseCert = baseCert.substring(n); - String tmp = baseCert.substring(0, baseCert.length() - 2); - - importCert(tmp); - } - } - - } - - GregorianCalendar end = new GregorianCalendar(); - long diff = calculateElapsedTime(begin, end); - - setElapsedTime(diff); - - } catch (Exception e) { - System.err.println("some exception: in Send routine" + e); - return false; - } finally { - if (ps != null) - ps.close(); - if (stdin != null) { - try { - stdin.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (socket != null) { - try { - socket.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (os != null) { - try { - os.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (rawos != null) { - try { - rawos.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - return st; - } - - private void buildquery() throws UnsupportedEncodingException { - - StringBuffer queryStrBuf = new StringBuffer(); - - queryStrBuf.append("certType=client"); - queryStrBuf.append("&importCert=off"); - queryStrBuf.append("&non_repudiation=true"); - queryStrBuf.append("&submit=Submit"); - queryStrBuf.append("&key_encipherment=true"); - queryStrBuf.append("&digital_signature=true"); - queryStrBuf.append("&ssl_client=true"); - - System.out.println("Authenticator : " + Authenticator); - - if (Authenticator.equals("UserDir")) { - queryStrBuf.append("&authenticator=UserDirEnrollment"); - queryStrBuf.append("&requestFormat=keygen"); - queryStrBuf.append("&uid="); - queryStrBuf.append(URLEncoder.encode(UID, "UTF-8")); - queryStrBuf.append("&pwd="); - queryStrBuf.append(URLEncoder.encode(PWD, "UTF-8")); - queryStrBuf.append("&email=true"); - queryStrBuf.append("&cryptprovider=1"); - - } - - if (Authenticator.equals("Portal")) { - queryStrBuf.append("&authenticator=PortalEnrollment"); - queryStrBuf.append("&requestFormat=keygen"); - queryStrBuf.append("&uid="); - queryStrBuf.append(URLEncoder.encode(UID, "UTF-8")); - queryStrBuf.append("&userPassword="); - queryStrBuf.append(URLEncoder.encode(PWD, "UTF-8")); - GN = "test"; - SN = "test"; - CN = "test"; - MAIL = "test@netscape.com"; - OU = "aol"; - O = "aol"; - L = "MV"; - queryStrBuf.append("&givenname="); - queryStrBuf.append(URLEncoder.encode(GN, "UTF-8")); - - queryStrBuf.append("&sn="); - queryStrBuf.append(URLEncoder.encode(SN, "UTF-8")); - queryStrBuf.append("&cn="); - queryStrBuf.append(URLEncoder.encode(CN, "UTF-8")); - - queryStrBuf.append("&mail="); - queryStrBuf.append(URLEncoder.encode(MAIL, "UTF-8")); - queryStrBuf.append("&ou="); - queryStrBuf.append(URLEncoder.encode(OU, "UTF-8")); - queryStrBuf.append("&o="); - queryStrBuf.append(URLEncoder.encode(O, "UTF-8")); - queryStrBuf.append("&l="); - queryStrBuf.append(URLEncoder.encode(L, "UTF-8")); - - queryStrBuf.append("&email=true"); - - } - - if (Authenticator.equals("NIS")) { - queryStrBuf.append("&authenticator=NISAuth"); - queryStrBuf.append("&requestFormat=keygen"); - queryStrBuf.append("&uid="); - queryStrBuf.append(URLEncoder.encode(UID, "UTF-8")); - queryStrBuf.append("&pwd="); - queryStrBuf.append(URLEncoder.encode(PWD, "UTF-8")); - queryStrBuf.append("&email=true"); - - } - - queryStrBuf.append("&pkcs10Request="); - queryStrBuf.append(URLEncoder.encode(pkcs10request, "UTF-8")); - query = queryStrBuf.toString(); - - System.out.println(query); - - } - - public static void main(String args[]) { - // Exit Status - (0) for error/Fail - // - requestId Pass - boolean st; - - System.out.println(args.length); - if (args.length < 1) { - System.out.println("Usage : propertiesfile"); - System.exit(0); - } - - DirEnroll t = new DirEnroll(args[0]); - - t.readProperties(); - st = t.enroll(); - if (st) { - System.out.println( - t.getAuthenticator() + " based enrollment successfull. "); - System.exit(1); - } else { - - System.out.println( - t.getAuthenticator() - + " based enrollment was not successful." - + "Error: " + t.getErrorDetail()); - System.exit(0); - } - }// end of function main - -} // end of class - diff --git a/base/silent/src/com/netscape/pkisilent/common/ParseXML.java b/base/silent/src/com/netscape/pkisilent/common/ParseXML.java deleted file mode 100644 index cee867740..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/ParseXML.java +++ /dev/null @@ -1,176 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedReader; -import java.io.FileInputStream; -import java.io.InputStreamReader; -import java.util.ArrayList; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; -import org.w3c.dom.bootstrap.DOMImplementationRegistry; -import org.w3c.dom.ls.DOMImplementationLS; -import org.w3c.dom.ls.LSOutput; -import org.w3c.dom.ls.LSSerializer; - -public class ParseXML { - Document dom = null; - - public ParseXML() {// nothing - } - - public void parse(java.io.InputStream is) { - try { - // get the factory - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - - // Using factory get an instance of document builder - DocumentBuilder db = dbf.newDocumentBuilder(); - - // parse using builder to get DOM representation of the XML file - dom = db.parse(is); - } catch (Exception se) { - System.out.println("ERROR: unable to parse xml"); - se.printStackTrace(); - - try { - BufferedReader br = new BufferedReader(new InputStreamReader(is)); - StringBuilder sb = new StringBuilder(); - String line = null; - - while ((line = br.readLine()) != null) { - sb.append(line + "\n"); - } - - br.close(); - System.out.println("ERROR XML = " + sb.toString()); - } catch (Exception se1) { - System.out.println("ERROR: unable to print xml"); - se1.printStackTrace(); - } - } - } - - public String getvalue(String tag) { - String temp = null; - - try { - - // get the root elememt - Element docEle = dom.getDocumentElement(); - - // get a nodelist of <employee> elements - NodeList nl = docEle.getElementsByTagName(tag); - - if (nl != null && nl.getLength() > 0) { - Element el = (Element) nl.item(0); - - if (el != null) { - temp = el.getFirstChild().getNodeValue(); - } - } - } catch (Exception e) { - System.out.println("ERROR: Tag=" + tag + "has no values"); - return null; - } - - return temp; - } - - public void prettyprintxml() { - try { - // Serialize the document - DOMImplementationRegistry registry = DOMImplementationRegistry.newInstance(); - DOMImplementationLS impl = (DOMImplementationLS)registry.getDOMImplementation("LS"); - - LSSerializer writer = impl.createLSSerializer(); - writer.getDomConfig().setParameter("format-pretty-print", Boolean.TRUE); - - LSOutput output = impl.createLSOutput(); - output.setByteStream(System.out); - - writer.write(dom, output); - - } catch (Exception e) { - e.printStackTrace(); - } - } - - private String getTextValue(Element ele, String tagName) { - String textVal = null; - NodeList nl = ele.getElementsByTagName(tagName); - - if (nl != null && nl.getLength() > 0) { - Element el = (Element) nl.item(0); - - textVal = el.getFirstChild().getNodeValue(); - } - - return textVal; - } - - // returns an arraylist of values for the corresponding tag - - public ArrayList<String> constructValueList(String first, String second) { - ArrayList<String> al = new ArrayList<String>(); - - try { - // get the root elememt - Element docEle = dom.getDocumentElement(); - - // get a nodelist of <employee> elements - NodeList nl = docEle.getElementsByTagName(first); - - if (nl != null && nl.getLength() > 0) { - for (int i = 0; i < nl.getLength(); i++) { - Element el = (Element) nl.item(i); - String value = getTextValue(el, second); - - System.out.println("tag=" + second + " value=" + value); - if (value != null) { - al.add(value); - } - } - } - } catch (Exception e) { - System.out.println("ERROR: Tag=" + first + " has no values"); - } - - return al; - } - - public static void main(String args[]) { - try { - - ParseXML px = new ParseXML(); - FileInputStream fiscfg = new FileInputStream("/tmp/test.xml"); - - px.parse(fiscfg); - px.prettyprintxml(); - - } catch (Exception e) { - } - } - -}; // end class diff --git a/base/silent/src/com/netscape/pkisilent/common/PostQuery.java b/base/silent/src/com/netscape/pkisilent/common/PostQuery.java deleted file mode 100644 index b7399336f..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/PostQuery.java +++ /dev/null @@ -1,141 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedReader; -import java.io.DataOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.net.HttpURLConnection; -import java.net.MalformedURLException; -import java.net.URL; - -import com.netscape.cmsutil.util.Utils; - -/** - * CMS Test framework . - * This class submits request to admin server after authenticating with UID and Password. You can get back the response - * by calling the method. getPage(). - */ - -public class PostQuery { - - private boolean st; - private String NmcStatus = "NMC_STATUS: 0"; - private String postQuery = null; - private String adminID, adminPWD, URLString; - - private StringBuffer stdout = new StringBuffer(); - - /** - * Constructor . Takes the parameters urlstring("http://hostname:<portnumber> , Id for authenticating to the server, - * password for authentication to the server and query which needs to be submitted to the server - */ - - public PostQuery(String urlstr, String authid, String authpwd, String querystring) { - - URLString = urlstr; - adminID = authid; - adminPWD = authpwd; - postQuery = querystring; - - } - - public void setNMCStatus(String m) { - NmcStatus = m; - } - - public void setPostQueryString(String querystring) { - postQuery = querystring; - } - - public void setAuth(String ID, String Pwd) { - adminID = ID; - adminPWD = Pwd; - } - - public StringBuffer getPage() { - return stdout; - } - - public boolean Send() { - // / This functions connects to the URL and POST HTTP Request . - // It compares with NMC_STATUS and return the status. - System.out.println(URLString); - st = false; - - try { - - URL myUrl = new URL(URLString); - String userPassword = adminID + ":" + adminPWD; - - System.out.println("adminid=" + adminID); - System.out.println("adminpwd=" + adminPWD); - // String encoding = new sun.misc.BASE64Encoder().encode( - // userPassword.getBytes()); - String encoding = Utils.base64encode( - userPassword.getBytes()); - HttpURLConnection URLCon = (HttpURLConnection) myUrl.openConnection(); - - URLCon.setRequestProperty("Authorization", "Basic " + encoding); - URLCon.setDoOutput(true); - URLCon.setDoInput(true); - URLCon.setUseCaches(false); - URLCon.setRequestProperty("Content-type", - "application/x-www-form-urlencoded"); - // URLCon.setRequestMethod("POST"); - System.out.println("After post"); - - DataOutputStream os = new DataOutputStream(URLCon.getOutputStream()); - - System.out.println("Query: " + postQuery); - - os.writeBytes(postQuery); - os.flush(); - os.close(); - - InputStream Content = URLCon.getInputStream(); - - System.out.println("Configuring Cert Instance : Return Response"); - BufferedReader in = new BufferedReader( - new InputStreamReader(Content)); - String line; - - while ((line = in.readLine()) != null) { - System.out.println(line); - stdout.append(line + "\n"); - st = line.startsWith(NmcStatus); - if (st) { - break; - } - } - URLCon.disconnect(); - } // try - catch (MalformedURLException e) { - System.out.println(URLString + " is not a valid URL."); - - } catch (IOException e) { - System.out.println("exception : " + e.getMessage()); - } - System.out.println(st); - return st; - } - -} diff --git a/base/silent/src/com/netscape/pkisilent/common/Request.java b/base/silent/src/com/netscape/pkisilent/common/Request.java deleted file mode 100644 index 4557f2f65..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/Request.java +++ /dev/null @@ -1,1162 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.UnsupportedEncodingException; -import java.net.URLEncoder; -import java.util.Calendar; -import java.util.Date; -import java.util.GregorianCalendar; -import java.util.Vector; - -/** - * CMS Test framework . - * Submits List,Approve,Reject,cancel requests to agent port - */ - -public class Request extends TestClient { - - private String validityperiod; - private String approveseqnum, type, reqType, reqState, agenttype; - private int i; - - // Program variables - private String ACTION_PROCESS_CERT_REQUEST = null; - private String ACTION_LISTREQUEST = "/queryReq"; - private int reqtype = 1; - private int seqNumFrom = 1; - private int maxCount = 50; - private int validperiod = 180; - private String cadualcert_name = null; - - private String approveseqnumFrom, approveseqnumTo; - // Request variables - private Vector<String> seqNum = new Vector<String>(); - private String AUTH_ID = null; - - // Cert Detail variables - - private String csrRequestorName; - private String csrRequestorPhone; - private String csrRequestorEmail; - private String subject; - private String subjectdn; - private String reqStatus; - @SuppressWarnings("unused") - private String certType; - @SuppressWarnings("unused") - private String requestType; - private String requestID; - @SuppressWarnings("unused") - private String sslclient; - private String clientcert; - private String servercert; - private String emailcert; - private String objectsigningcert; - @SuppressWarnings("unused") - private String sslcacert; - @SuppressWarnings("unused") - private String objectsigningcacert; - @SuppressWarnings("unused") - private String emailcacert; - private String sigAlgo; - @SuppressWarnings("unused") - private String totalRecord; - @SuppressWarnings("unused") - private String validitylength; - private String trustedManager; - - private int totalNumApproved = 0; - - // Constructors - - /** - * Constructor . Takes the parameter for Properties file name - * - * @param propfileName name of the parameter file. - */ - - public Request(String pfile) { - propfileName = pfile; - } - - /** - * Constructor . Takes the parameter host , port and "angent type - ca/ra" - * - * @param hostname. - * @param port - * @param agenttype Whether ca or ra agent - */ - - public Request(String h, String p, String at) { - host = h; - ports = p; - agenttype = at; - } - - /** - * Constructor . Takes the following parmaters - * - * @param hostName . - * @param port - * @param adminuid - * @param adminpwd - * @param agentcertnickname - * @param certdb - * @param tokenpwd - * @param approveSequncenumber - * @param ApproveSequenceNumberFrom - * @param ApproveSequnceNumberTo - * @param type - * @param reqtype enrollment/revoked - * @param requestState complete/pending - * @param agentType ra/ca - * @param trustedManager true/false - */ - - public Request(String h, String p, String aid, String apwd, String cname, String cd, String ctpwd, String snum, - String sfrom, String sto, String ty, String rty, String rstate, String aty, String tm) { - host = h; - ports = p; - adminid = aid; - adminpwd = apwd; - certnickname = cname; - cdir = cd; - tokenpwd = ctpwd; - approveseqnum = snum; - approveseqnumFrom = sfrom; - if (approveseqnumFrom == null) { - approveseqnumFrom = "1"; - } - - approveseqnumTo = sto; - if (approveseqnumTo == null) { - approveseqnumTo = "100"; - } - - type = ty; - reqType = rty; - reqState = rstate; - agenttype = aty; - if (agenttype == null) { - agenttype = "ca"; - } - - trustedManager = tm; - if (trustedManager.equals("true")) { - trustedManager = "true"; - } else { - trustedManager = "false"; - } - debug = false; - - } - - /** - * Set Agent Cert nick name - */ - public void setAgentCertName(String s) { - certnickname = s; - } - - /** - * List all pending enrollment request. Takes parameters fromRequestNumber,toRequestNumber - * - * @param fromrequest number - * @param endrequestnumber. - * @throws UnsupportedEncodingException - */ - - public Vector<String> ListPendingRequests(String fromRequestNumber, String toRequestNumber) throws UnsupportedEncodingException { - reqState = "showWaiting"; - reqType = "enrollment"; - approveseqnumFrom = fromRequestNumber; - approveseqnumTo = toRequestNumber; - listRequest(approveseqnumFrom, approveseqnumTo); - return seqNum; - } - - /** - * List all pending request. Takes parameters fromRequestNumber,toRequestNumber - * - * @param fromrequest number - * @param endrequestnumber. - * @throws UnsupportedEncodingException - */ - - public Vector<String> ListAllRequests(String fromRequestNumber, String toRequestNumber) throws UnsupportedEncodingException { - reqState = "showAll"; - reqType = "enrollment"; - approveseqnumFrom = fromRequestNumber; - approveseqnumTo = toRequestNumber; - listRequest(approveseqnumFrom, approveseqnumTo); - return seqNum; - } - - /** - * Approve pending enrollment request. Takes parameters RequestNumber - * - * @param request number - * @throws UnsupportedEncodingException - */ - - public int ApproveRequests(String requestNumber) throws UnsupportedEncodingException { - reqState = "showWaiting"; - reqType = "enrollment"; - approveseqnum = requestNumber; - approveseqnumFrom = requestNumber; - approveseqnumTo = requestNumber; - if (approveRequest()) { - System.out.println("Approve Request :" + totalNumApproved); - return totalNumApproved; - } else { - return -1; - } - - } - - /** - * Approve profile based pending enrollment request. Takes parameters RequestNumber - * - * @param request number - * @throws UnsupportedEncodingException - */ - - public int ApproveProfileRequests(String RequestNumber) throws UnsupportedEncodingException { - - approveseqnum = RequestNumber; - approveseqnumFrom = RequestNumber; - approveseqnumTo = RequestNumber; - - reqtype = 4; - buildquery(); - if (!Send()) { - System.out.println("Error: Approving request " + approveseqnum); - return 0; - } - return 1; - - } - - public boolean Approve_cadualcert_Profile_Request(String RequestNumber, String name) throws UnsupportedEncodingException { - - approveseqnum = RequestNumber; - approveseqnumFrom = RequestNumber; - approveseqnumTo = RequestNumber; - - cadualcert_name = name; - - // reqtype = 7 means cadualcert profile request - // this is just a convention that we follow within this file to distinguish - // bet'n the different requests - - reqtype = 7; - - buildquery(); - - if (!Send()) { - System.out.println("Error: Approving request " + approveseqnum); - return false; - } - - return true; - - } - - /** - * Reject profile based pending enrollment request. Takes parameters RequestNumber - * - * @param request number - * @throws UnsupportedEncodingException - */ - - public int RejectProfileRequests(String RequestNumber) throws UnsupportedEncodingException { - - approveseqnum = RequestNumber; - approveseqnumFrom = RequestNumber; - approveseqnumTo = RequestNumber; - - reqtype = 5; - buildquery(); - if (!Send()) { - System.out.println("Error: Rejecting request " + approveseqnum); - return 0; - } - return 1; - - } - - /** - * Cancel profile based pending enrollment request. Takes parameters RequestNumber - * - * @param request number - * @throws UnsupportedEncodingException - */ - - public int CancelProfileRequests(String RequestNumber) throws UnsupportedEncodingException { - - approveseqnum = RequestNumber; - approveseqnumFrom = RequestNumber; - approveseqnumTo = RequestNumber; - - reqtype = 6; - buildquery(); - if (!Send()) { - System.out.println("Error: canceling request " + approveseqnum); - return 0; - } - return 1; - - } - - // private methods - private boolean RetrieveProfileCancel(StringBuffer s) { - String res = s.toString(); - int ret = 0; - - ret = res.indexOf("requestStatus="); - String status = res.substring(ret + "requestStatus=".length() + 1, - res.indexOf(";", ret) - 1); - - if (!status.equals("canceled")) { - ErrorDetail = res.substring(ret + "errorReason=".length() + 1, - res.indexOf(";", ret) - 1); - return false; - } - - return true; - } - - private boolean RetrieveProfileReject(StringBuffer s) { - String res = s.toString(); - int ret = 0; - - ret = res.indexOf("requestStatus="); - String status = res.substring(ret + "requestStatus=".length() + 1, - res.indexOf(";", ret) - 1); - - if (!status.equals("rejected")) { - ErrorDetail = res.substring(ret + "errorReason=".length() + 1, - res.indexOf(";", ret) - 1); - return false; - } - - return true; - } - - private boolean RetrieveProfileApproval(StringBuffer s) { - String res = s.toString(); - int ret = 0; - - ret = res.indexOf("requestStatus="); - String status = res.substring(ret + "requestStatus=".length() + 1, - res.indexOf(";", ret) - 1); - - if (!status.equals("complete")) { - ErrorDetail = res.substring(ret + "errorReason=".length() + 1, - res.indexOf(";", ret) - 1); - return false; - } - - return true; - - } - - private boolean RetrieveReq(StringBuffer s) { - String AUTHID = "header.authorityid = "; - String seqnum = "record.seqNum"; - - String res = s.toString(); - int ret = 0; - - if ((ret = res.indexOf(AUTHID)) > -1) { - AUTH_ID = res.substring(ret + AUTHID.length() + 1, - res.indexOf(";", ret) - 1); - while (ret > 0) { - if ((ret = res.indexOf(seqnum, ret)) > -1) { - int bi = ret + seqnum.length() + 2; - int be = res.indexOf(";", ret) - 1; - - seqNum.addElement(res.substring(bi, be)); - ret++; - } - - } - - } - - ret = res.indexOf("header.totalRecordCount ="); - totalRecord = res.substring(ret + "header.totalRecordCount = ".length(), - res.indexOf(";", ret)); - - return true; - - } - - private boolean RetrieveCertDetails(StringBuffer s) { - - // System.out.println("Debug : Retrieving cert details "); - String res = s.toString(); - - if (debug) { - System.out.println(res); - } - int ret = 0; - - boolean st = false; - - for (int t = 0; t < 25; t++) { - String cmp = "header.SERVER_ATTRS[" + t + "].name="; - - ret = res.indexOf(cmp); - if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( - "requestId")) { - ret = res.indexOf("header.SERVER_ATTRS[" + t + "].value="); - requestID = res.substring( - ret + "header.SERVER_ATTRS[t].value=".length() + 1, - res.indexOf(";", ret) - 1); - } - if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( - "requestStatus")) { - ret = res.indexOf("header.SERVER_ATTRS[" + t + "].value="); - reqStatus = res.substring( - ret + "header.SERVER_ATTRS[t].value=".length() + 1, - res.indexOf(";", ret) - 1); - } - - if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( - "requestType")) { - ret = res.indexOf("header.SERVER_ATTRS[" + t + "].value="); - requestType = res.substring( - ret + "header.SERVER_ATTRS[t].value=".length() + 1, - res.indexOf(";", ret) - 1); - } - - } // end of for loop - - // System.out.println("Debug : Retrieving cert details Serverattributes "); - - if (requestID.equals(approveseqnum)) { - st = true; - } - - if (!st) { - System.out.println("Error in retrieving the record " + approveseqnum); - return false; - } - - // System.out.println("Debug : Retrieving cert details HTTP parmas "); - - for (int t = 0; t < 25; t++) { - String cmp = "header.HTTP_PARAMS[" + t + "].name="; - - ret = res.indexOf(cmp); - if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( - "csrRequestorEmail")) { - ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value="); - csrRequestorEmail = res.substring( - ret + "header.HTTP_PARAMS[t].value=".length() + 1, - res.indexOf(";", ret) - 1); - } - if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( - "csrRequestorPhone")) { - ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value="); - csrRequestorPhone = res.substring( - ret + "header.HTTP_PARAMS[t].value=".length() + 1, - res.indexOf(";", ret) - 1); - } - if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( - "csrRequestorName")) { - ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value="); - csrRequestorName = res.substring( - ret + "header.HTTP_PARAMS[t].value=".length() + 1, - res.indexOf(";", ret) - 1); - } - - if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( - "subject")) { - ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value="); - subjectdn = res.substring( - ret + "header.HTTP_PARAMS[t].value=".length() + 1, - res.indexOf(";", ret) - 1); - } - - } // end of for loop - - // System.out.println("Debug : Retrieving cert details"); - - ret = res.indexOf("header.subject ="); - if (ret > 0) { - subject = res.substring(ret + "header.subject = ".length() + 1, - res.indexOf(";", ret) - 1); - } - // System.out.println("Debug : Retrieving cert details "); - - sslclient = - clientcert = - servercert = - emailcert = objectsigningcert = sslcacert = objectsigningcacert = emailcacert = "false"; - ret = res.indexOf("header.sslclient ="); - if (ret > 0) { - sslclient = res.substring(ret + "header.sslclient = ".length() + 1, - res.indexOf(";", ret) - 1); - } - // System.out.println("Debug : Retrieving cert details "); - - ret = res.indexOf("header.ext_ssl_client ="); - if (ret > 0) { - clientcert = res.substring( - ret + "header.ext_ssl_client = ".length() + 1, - res.indexOf(";", ret) - 1); - } - // System.out.println("Debug : Retrieving cert details "); - - ret = res.indexOf("header.ext_email ="); - if (ret > 0) { - emailcert = res.substring(ret + "header.ext_email = ".length() + 1, - res.indexOf(";", ret) - 1); - } - // System.out.println("Debug : Retrieving cert details "); - - ret = res.indexOf("header.ext_ssl_server ="); - if (ret > 0) { - servercert = res.substring( - ret + "header.ext_ssl_server = ".length() + 1, - res.indexOf(";", ret) - 1); - } - - // System.out.println("Debug : Retrieving cert details "); - - ret = res.indexOf("header.ext_object_signing ="); - if (ret > 0) { - objectsigningcert = res.substring( - ret + "header.ext_object_signing = ".length() + 1, - res.indexOf(";", ret) - 1); - } - - // System.out.println("Debug : Retrieving cert details "); - - ret = res.indexOf("header.ext_ssl_ca ="); - if (ret > 0) { - sslcacert = res.substring(ret + "header.ext_ssl_ca = ".length() + 1, - res.indexOf(";", ret) - 1); - } - - // System.out.println("Debug : Retrieving cert details "); - - if (ret > 0) { - ret = res.indexOf("header.ext_object_signing_ca="); - } - objectsigningcacert = res.substring( - ret + "header.ext_object_signing_ca = ".length() + 1, - res.indexOf(";", ret) - 1); - - // System.out.println("Debug : Retrieving cert details "); - - ret = res.indexOf("header.ext_email_ca ="); - if (ret > 0) { - emailcacert = res.substring( - ret + "header.ext_email_ca = ".length() + 1, - res.indexOf(";", ret) - 1); - } - - // System.out.println("Debug : Retrieving cert details "); - - ret = res.indexOf("header.certType ="); - if (ret > 0) { - certType = res.substring(ret + "header.certType = ".length() + 1, - res.indexOf(";", ret) - 1); - } - // System.out.println("Debug : Retrieving cert details "); - - ret = res.indexOf("header.signatureAlgorithmName ="); - if (ret > 0) { - sigAlgo = res.substring( - ret + "header.signatureAlgorithmName = ".length() + 1, - res.indexOf(";", ret) - 1); - } - - ret = res.indexOf("header.validityLength ="); - if (ret > 0) { - validitylength = res.substring( - ret + "header.validityLength = ".length() + 1, - res.indexOf(";", ret) - 1); - } - - return true; - - } - - private boolean approveRequestStatus(StringBuffer s) { - - String res = s.toString(); - - if (debug) { - System.out.println(res); - } - - // Find th Server_ATTRS paramteter value of reqStatus - - int i = 1; - int ret; - - for (int t = 0; t < 25; t++) { - String cmp = "header.SERVER_ATTRS[" + t + "].name="; - - ret = res.indexOf(cmp); - if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( - "requestStatus")) { - i = t; - break; - } - - } - - String req = "header.SERVER_ATTRS[" + i + "].value="; - - ret = res.indexOf(req); - reqStatus = res.substring(ret + req.length() + 1, - res.indexOf(";", ret) - 1); - - if (reqStatus != null) { - reqStatus.toLowerCase(); - if (reqStatus.equals("complete")) { - return true; - } else { - return false; - } - } - - return false; - - } - - private boolean Send() { - debug = true; - boolean st = false; - - try { - // Covert the string port to int port - - Integer x = new Integer(ports); - - port = x.intValue(); - - Con2Agent con = new Con2Agent(host, port, certnickname, tokenpwd, - cdir); - - con.setQueryString(query); - con.setActionURL(ACTION_STRING); - con.Send(); - StringBuffer s = con.getPage(); - - if (debug) { - System.out.println(s.toString()); - } - switch (reqtype) { - case 1: - st = RetrieveReq(s); - break; - - case 2: - st = RetrieveCertDetails(s); - break; - - case 3: - st = approveRequestStatus(s); - break; - - case 4: - st = RetrieveProfileApproval(s); - break; - - case 5: - st = RetrieveProfileReject(s); - break; - - case 6: - st = RetrieveProfileCancel(s); - break; - - case 7: - st = RetrieveProfileApproval(s); - break; - - default: - System.out.println("reqtype not recognized"); - } - } catch (Exception e) { - System.err.println("exception: in Send routine" + e); - return false; - } - - return st; - } - - private void buildquery() throws UnsupportedEncodingException { - - if (reqtype == 1) { // req type = list - ACTION_STRING = "/" + agenttype + ACTION_LISTREQUEST; - query = "seqNumFrom=" + seqNumFrom; - query += "&maxCount=" + maxCount; - query += "&reqType=" + reqType; - query += "&reqState=" + reqState; - - } - - if (reqtype == 2) { // get cert details - ACTION_PROCESS_CERT_REQUEST = "/" + AUTH_ID + "/processCertReq"; - ACTION_STRING = ACTION_PROCESS_CERT_REQUEST; - query = "seqNum=" + approveseqnum; - - } - - if (reqtype == 3) { // aaprove cert - - if (validityperiod != null) { - Integer x = new Integer(validityperiod); - - validperiod = x.intValue(); - } else { - validperiod = 180; - } - - ACTION_PROCESS_CERT_REQUEST = "/" + AUTH_ID + "/processCertReq"; - ACTION_STRING = ACTION_PROCESS_CERT_REQUEST; - query = "seqNum=" + approveseqnum; - query += "&toDo=accept"; - if (subjectdn != null) { - query += "&subject=" + URLEncoder.encode(subjectdn, "UTF-8"); - } else if (subject != null) { - query += "&subject=" + URLEncoder.encode(subject, "UTF-8"); - } - - if (csrRequestorName != null) { - query += "&csrRequestorName=" + csrRequestorName; - } - if (csrRequestorPhone != null) { - query += "&csrRequestorPhone=" + csrRequestorPhone; - } - - if (csrRequestorEmail != null) { - query += "&csrRequestorEmail=" + csrRequestorEmail; - } - if (sigAlgo != null) { - query += "&signatureAlgorithm=" + sigAlgo; - } - query += "&grantUID=u" + approveseqnum; - - GregorianCalendar begin = new GregorianCalendar(); - GregorianCalendar end = new GregorianCalendar(); - - end.add(GregorianCalendar.DATE, validperiod); - Date begindate = begin.getTime(); - Date enddate = end.getTime(); - - query += "¬ValidBefore=" + begindate.getTime() / 1000; - query += "¬ValidAfter=" + enddate.getTime() / 1000; - - if (clientcert.equals("true")) { - query += "&certTypeSSLClient=" + clientcert; - } - - if (servercert.equals("true")) { - query += "&certTypeSSLServer=" + servercert; - } - - if (emailcert.equals("true")) { - query += "&certTypeEmail=" + emailcert; - } - - if (objectsigningcert.equals("true")) { - query += "&certTypeObjSigning=" + objectsigningcert; - } - - query += "&grantTrustedManagerPrivilege=" + trustedManager; - - } - - if ((reqtype == 4) || (reqtype == 5) || (reqtype == 6)) { // profile based cert request - - if (validityperiod != null) { - Integer x = new Integer(validityperiod); - - validperiod = x.intValue(); - } else { - validperiod = 180; - } - - ACTION_PROCESS_CERT_REQUEST = "/" + agenttype + "/profileProcess"; - ACTION_STRING = ACTION_PROCESS_CERT_REQUEST; - query = "requestId=" + approveseqnum; - query += "&name=" - + URLEncoder.encode( - "UID=test,E=test,CN=test,OU=netscape,O=aol", "UTF-8"); - query += "&keyUsageCritical=true"; - query += "&keyUsageDigitalSignature=true"; - query += "&keyUsageNonRepudiation=true"; - query += "&keyUsageKeyEncipherment=true"; - query += "&keyUsageDataEncipherment=false"; - query += "&keyUsageKeyAgreement=false"; - query += "&keyUsageKeyCertSign=false"; - query += "&keyUsageCrlSign=false"; - query += "&keyUsageEncipherOnly=false"; - query += "&keyUsageDecipherOnly=false"; - - query += "&nsCertCritical=false"; - query += "&nsCertSSLClient=true"; - - query += "&nsCertSSLServer=false"; - query += "&nsCertEmail=true"; - query += "&nsCertObjectSigning=false"; - query += "&nsCertSSLCA=false"; - query += "&nsCertEmailCA=false"; - query += "&nsCertObjectSigningCA=false"; - - query += "&subAltNameExtCritical=false"; - query += "&subjAltNames=RFC822Name:" - + URLEncoder.encode(" thomasknscp@aol.com", "UTF-8"); - query += "&signingAlg=MD5withRSA"; - - query += "&submit=submit"; - - GregorianCalendar begin = new GregorianCalendar(); - GregorianCalendar end = new GregorianCalendar(); - - end.add(GregorianCalendar.DATE, validperiod); - // Date begindate = begin.getTime(); - // Date enddate = end.getTime(); - String nb = begin.get(Calendar.YEAR) + "-" - + begin.get(Calendar.MONTH) + "-" + begin.get(Calendar.DATE) - + " " + begin.get(Calendar.HOUR) + ":" - + begin.get(Calendar.MINUTE) + ":" - + begin.get(Calendar.SECOND); - - String nat = end.get(Calendar.YEAR) + "-" + end.get(Calendar.MONTH) - + "-" + end.get(Calendar.DATE) + " " - + end.get(Calendar.HOUR) + ":" + end.get(Calendar.MINUTE) - + ":" + end.get(Calendar.SECOND); - - query += "¬Before=" + nb; - query += "¬After=" + nat; - - query += "&authInfoAccessCritical=false"; - query += "&authInfoAccessGeneralNames="; - query += "&exKeyUsageOIDs=" + "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"; - - } - - if (reqtype == 4) { - query += "&op=approve"; - } - - if (reqtype == 5) { - query += "&op=reject"; - } - - if (reqtype == 6) { - query += "&op=cancel"; - } - - if (reqtype == 7) { - // cadualcert profile approval - ACTION_STRING = "/" + "ca" + "/profileProcess"; - - GregorianCalendar begin = new GregorianCalendar(); - GregorianCalendar end = new GregorianCalendar(); - - end.add(GregorianCalendar.DATE, validperiod); - - String nb = begin.get(Calendar.YEAR) + "-" - + begin.get(Calendar.MONTH) + "-" + begin.get(Calendar.DATE) - + " " + begin.get(Calendar.HOUR) + ":" - + begin.get(Calendar.MINUTE) + ":" - + begin.get(Calendar.SECOND); - - String nat = end.get(Calendar.YEAR) + "-" + end.get(Calendar.MONTH) - + "-" + end.get(Calendar.DATE) + " " - + end.get(Calendar.HOUR) + ":" + end.get(Calendar.MINUTE) - + ":" + end.get(Calendar.SECOND); - - query = "requestId=" + approveseqnum + "&name=" - + URLEncoder.encode(cadualcert_name, "UTF-8") + "¬Before=" + nb - + "¬After=" + nat + "&authInfoAccessCritical=false" - + "&authInfoAccessGeneralNames=" + "&keyUsageCritical=true" - + "&keyUsageDigitalSignature=false" - + "&keyUsageNonRepudiation=false" - + "&keyUsageKeyEncipherment=true" - + "&keyUsageDataEncipherment=false" - + "&keyUsageKeyAgreement=false" - + "&keyUsageKeyCertSign=false" + "&keyUsageCrlSign=false" - + "&keyUsageEncipherOnly=false" - + "&keyUsageDecipherOnly=false" + /* -- For Older CMS 6.x servers use these - "&nsCertCritical=false" + - "&nsCertSSLClient=true" + - "&nsCertSSLServer=false" + - "&nsCertEmail=true" + - "&nsCertObjectSigning=false" + - "&nsCertSSLCA=false" + - "&nsCertEmailCA=false" + - "&nsCertObjectSigningCA=false" + - "&subjAltNameExtCritical=false" + - "&subjAltNames=RFC822Name: null" + - "&signingAlg=MD5withRSA" + - */// For newer CS 7.x servers use these - "&exKeyUsageCritical=false" - + "&exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" - + "&subjAltNameExtCritical=false" - + "&subjAltNames=RFC822Name: null" - + "&signingAlg=SHA1withRSA" + "&requestNotes=" - + "&op=approve" + "&submit=submit"; - - } - - } - - private void readProperties() { - - // Read the properties file and assign values to variables . - try { - getProperties(propfileName); - } catch (Exception e) { - System.out.println( - "exception reading Properties File " + e.getMessage()); - } - - // Read the properties file - host = props.getProperty("enroll.host"); - ports = props.getProperty("enroll.port"); - adminid = props.getProperty("enroll.adminid"); - adminpwd = props.getProperty("enroll.adminpwd"); - certnickname = props.getProperty("enroll.nickname"); - cdir = props.getProperty("enroll.certdir"); - tokenpwd = props.getProperty("enroll.certtokenpwd"); - approveseqnum = props.getProperty("enroll.seqnum"); - if (approveseqnum == null) { - System.out.println("Seq num is null"); - } - - approveseqnumFrom = props.getProperty("enroll.seqnumFrom"); - if (approveseqnumFrom == null) { - approveseqnumFrom = "1"; - } - - approveseqnumTo = props.getProperty("enroll.seqnumTo"); - if (approveseqnumTo == null) { - approveseqnumTo = "100"; - } - validityperiod = props.getProperty("enroll.validperiod"); - type = props.getProperty("enroll.type"); - reqType = props.getProperty("enroll.reqtype"); - reqState = props.getProperty("enroll.reqstate"); - agenttype = props.getProperty("enroll.agenttype"); - if (agenttype == null) { - agenttype = "ca"; - } - - trustedManager = props.getProperty("enroll.trust"); - if (trustedManager.equals("true")) { - trustedManager = "true"; - } else { - trustedManager = "false"; - } - - String de = props.getProperty("enroll.debug"); - - if (de == null) { - debug = false; - } else if (de.equals("true")) { - debug = true; - } else { - debug = false; - } - - } - - private boolean listRequest(String from, String To) throws UnsupportedEncodingException { - - Integer x = new Integer(from); - - seqNumFrom = x.intValue(); - - Integer y = new Integer(To); - - if ((y.intValue() - seqNumFrom) > 50) { - maxCount = 50; - } else { - maxCount = y.intValue() - x.intValue(); - } - if (maxCount == 0) { - maxCount = 1; - } - - reqtype = 1; - buildquery(); - return (Send()); - } - - private boolean approveRequest() throws UnsupportedEncodingException { - - boolean st = true; - - listRequest(approveseqnumFrom, approveseqnumTo); - - if (seqNum.isEmpty()) { - System.out.println("No Requests for approval"); - return false; - } - - if (approveseqnum.length() > 0) { - if (seqNum.contains(approveseqnum)) { - seqNum.removeAllElements(); - seqNum.addElement(approveseqnum); - } else { - System.out.println( - " Seq num " + approveseqnum + " already approved "); - return false; - } - } else { - System.out.println( - " Seq num not specified . Approving all pending request From : " - + approveseqnumFrom + " To : " + approveseqnumTo); - } - - boolean flag = true; - - Integer y = new Integer(approveseqnumTo); - int torequest = y.intValue(); - - while (flag) { - - i = 0; - while (i < seqNum.size()) { - - approveseqnum = (seqNum.elementAt(i)).toString(); - // Get request details - reqtype = 2; - buildquery(); - if (!Send()) { - System.out.println("Error : Getting Request details "); - i++; - continue; - } - - if (debug) { - System.out.println( - csrRequestorName + " " + csrRequestorPhone + " " - + csrRequestorEmail + " " + requestID + " " - + subject); - } - // Now for pending status - approve the request - reqtype = 3; - buildquery(); - if (!Send()) { - System.out.println( - "Error: Approving request " + approveseqnum); - i++; - continue; - } - System.out.println("Request " + approveseqnum + " is approved "); - totalNumApproved++; - i++; - } - Integer x = new Integer(approveseqnum); - - if (x.intValue() >= torequest) { - flag = false; - } else { - listRequest(approveseqnum, approveseqnumTo); - } - - } - return st; - } - - /** - * Use this method when you need to use properties file. - * @throws UnsupportedEncodingException - */ - - public int processRequest() throws UnsupportedEncodingException { - if (propfileName != null) { - readProperties(); - } - - if (approveseqnum.length() > 0) { - approveseqnumFrom = approveseqnum; - approveseqnumTo = approveseqnum; - } - - type = type.toLowerCase(); - if (type.equals("approve")) { - if (approveRequest()) { - System.out.println("Approve Request :" + totalNumApproved); - return totalNumApproved; - } else { - return -1; - } - - } - - if (type.equals("list")) { - - if (listRequest(approveseqnumFrom, approveseqnumTo)) { - System.out.println("List Request : " + seqNum.size()); - if (seqNum.size() > 0) { - return seqNum.size(); - } else { - return 0; - } - } else { - return -1; - } - - } - - return -1; - } - - public static void main(String args[]) { - // Exit Status - (0) for error - // - any number > 0 Pass - int st = 0; - - if (args.length < 1) { - System.out.println("Usage : propertiesfile"); - System.exit(0); - } - - Request t = new Request(args[0]); - - try { - st = t.processRequest(); - } catch (UnsupportedEncodingException e) { - System.out.println(e); - e.printStackTrace(); - } - if (st == -1) { - System.exit(0); - } else { - System.exit(st); - } - - }// end of function main - -} // end of class - diff --git a/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java b/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java deleted file mode 100644 index ff99a47f4..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java +++ /dev/null @@ -1,359 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedReader; -import java.io.FileInputStream; -import java.io.FileReader; -import java.io.IOException; -import java.net.InetAddress; -import java.util.StringTokenizer; - -/** - * CMS Test framework . - * This class fetches all the necssary ServerInformation to run the test . For example AdminServer information linke - * port , hsotname, Config LDAP server port, CMS servers Agentport,AdminPort, EESSL port, EE port etc.. - */ - -public class ServerInfo { - - public String serverRoot, instanceRoot, instanceID; - public String ldapPort, ldapHost, ldapSSLPort, ldapBaseSuffix, adminPort, admDN, admDNPW, singleSignOnPWD, domain; - public String caSigningCertNickName, raSigningCertNickName, ocspSigningCertNickName, kraTransportCertNickName; - public String ServerCertNickName, CertAuthority; - public String CMSAgentPort, CMSEESSLPort, CMSEEPort, CMSAdminPort, IDBPort; - - public static CMSProperties props = null; - public static CMSProperties CMSprops = null; - - // Private variables - public String CMSConfigFile, AdminConfigFile; - - public ServerInfo() { - } - - /** - * Constructor. Takes Server root as parameter for example ( /export/qa). Reads and collects information about - * adminserver and Config LDAP server. - */ - public ServerInfo(String sroot) { - serverRoot = sroot; - AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf"; - readAdminConfig(); - SystemInfo(); - } - - /** - * Constructor. Takes Serverroot ( /export/qa) and instanceRoot (/export/qa/cert-jupiter2) as parameters . Reads and - * collects information about Admin Server , Config LDAP server and CMS server . - */ - - public ServerInfo(String sroot, String instRoot) { - serverRoot = sroot; - instanceRoot = instRoot; - CMSConfigFile = instanceRoot + "/config/CS.cfg"; - AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf"; - instanceID = instanceRoot.substring(instanceRoot.indexOf("cert-") + 5); - readAdminConfig(); - SystemInfo(); - parseServerXML(); - readCMSConfig(); - } - - public String GetAdminPort() { - return adminPort; - } - - public String GetConfigLDAPPort() { - return ldapPort; - } - - public String GetHostName() { - if (domain.indexOf(".") > 0) { - return domain.substring(0, domain.indexOf(".")); - } else { - return domain; - } - } - - public String GetInstanceID() { - return instanceID; - } - - public String GetCMSConfigFileName() { - return CMSConfigFile; - } - - public String GetDomainName() { - return ldapHost.substring(ldapHost.indexOf(".") + 1); - } - - public String GetAgentPort() { - return CMSAgentPort; - } - - public String GetEESSLPort() { - return CMSEESSLPort; - } - - public String GetEEPort() { - return CMSEEPort; - } - - public String GetCMSAdminPort() { - return CMSAdminPort; - } - - public String GetInternalDBPort() { - return IDBPort; - } - - public String GetCertAuthority() { - return CertAuthority; - } - - public String GetCASigningCert() { - return caSigningCertNickName; - } - - public String GetRASigningCert() { - return raSigningCertNickName; - } - - public String GetServerCertNickName() { - return ServerCertNickName; - } - - public void setInstanceRoot(String instRoot) { - instanceRoot = instRoot; - CMSConfigFile = instanceRoot + "/config/CS.cfg"; - AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf"; - instanceID = instanceRoot.substring(instanceRoot.indexOf("cert-") + 5); - SystemInfo(); - parseServerXML(); - readCMSConfig(); - } - - // Private functions - private void SystemInfo() { - try { - domain = InetAddress.getLocalHost().getHostName(); - System.out.println("Debu:SystemInfo " + domain); - } catch (Exception e) { - System.out.println("Exception InetAddress : " + e.getMessage()); - } - - } - - private void parseServerXML() { - int AGENT = 1; - int ADMIN = 2; - int EE_SSL = 3; - int EE_NON_SSL = 4; - int IP = 5; - int PORT = 6; - BufferedReader in = null; - - try { - String xmlFilePath = instanceRoot + "/config/server.xml"; - - in = new BufferedReader(new FileReader(xmlFilePath)); - String s = in.readLine(); - - while (s != null) { - // <LS id="agent" ip="0.0.0.0" port="8101" security="on" - // acceptorthreads="1" blocking="no"> - if (s.startsWith("<LS id=")) { - StringTokenizer st = new StringTokenizer(s, "\""); - int index1 = 5, index2 = 3; - - while (st.hasMoreTokens()) { - String token = st.nextToken(); - - if (token.equalsIgnoreCase("agent")) { - index1 = AGENT; - } else if (token.equalsIgnoreCase("admin")) { - index1 = ADMIN; - } else if (token.equalsIgnoreCase("eeSSL")) { - index1 = EE_SSL; - } else if (token.equalsIgnoreCase("ee_nonSSL")) { - index1 = EE_NON_SSL; - } else if (token.equals(" ip=")) { - index2 = IP; - } else if (token.equals(" port=")) { - index2 = PORT; - } - - if (index1 != 5 && index2 == IP && !token.equals(" ip=")) { - // token contains the ip value - } else if (index2 == PORT && !token.equals(" port=")) { - - switch (index1) { - case 1: - CMSAgentPort = token; - break; - - case 2: - CMSAdminPort = token; - break; - - case 3: - CMSEESSLPort = token; - break; - - case 4: - CMSEEPort = token; - break; - - default: - break; - - } - - break; - } - } // while token - } // if LS - s = in.readLine(); - } // while file no end - in.close(); - } catch (Exception e) { - if (in != null) { - try { - in.close(); - } catch (Exception ex) { - } - } - } - } - - private String stripSpace(String s) { - StringBuffer val = new StringBuffer(); - - for (int i = 0; i < s.length(); i++) { - if ((s.charAt(i) == ' ')) { - i++; - continue; - } else { - val.append(s.charAt(i)); - } - } - return val.toString(); - } - - private void readAdminConfig() { - String ldapHostStr = "ldapHost:"; - String ldapPortStr = "ldapPort:"; - String adminPortStr = "port:"; - FileInputStream fis = null; - try { - fis = new FileInputStream(AdminConfigFile); - int size = fis.available(); - byte b[] = new byte[size]; - - if (fis.read(b) != b.length) { - System.out.println("Could not read "); - - } else { - String tmpstr = new String(b, 0, b.length); - int ret; - - if ((ret = tmpstr.indexOf(ldapHostStr)) > -1) { - ldapHost = tmpstr.substring(ret + ldapHostStr.length() + 1, - tmpstr.indexOf("ldapPort", ret) - 1); - ldapHost = stripSpace(ldapHost); - // System.out.println(ldapPort); - } - - if ((ret = tmpstr.indexOf(ldapPortStr)) > -1) { - ldapPort = tmpstr.substring(ret + ldapPortStr.length() + 1, - tmpstr.indexOf("sie", ret) - 1); - ldapPort = stripSpace(ldapPort); - // System.out.println(ldapPort); - } - if ((ret = tmpstr.indexOf(adminPortStr)) > -1) { - adminPort = tmpstr.substring(ret + adminPortStr.length() + 1, - tmpstr.indexOf("ldapStart", ret) - 1); - adminPort = stripSpace(adminPort); - // System.out.println(adminPort); - } - - } - } catch (Exception e) { - System.out.println("exception " + e.getMessage()); - } finally { - if (fis != null) { - try { - fis.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - } - - private void readCMSConfig() { - - try { - FileInputStream fis = new FileInputStream(CMSConfigFile); - - CMSprops = new CMSProperties(); - CMSprops.load(fis); - System.out.println("Reading CMS Config file successful"); - CertAuthority = CMSprops.getProperty("subsystem.0.id"); - if (CertAuthority.equals("ca")) { - caSigningCertNickName = CMSprops.getProperty( - "ca.signing.cacertnickname"); - ServerCertNickName = "Server-Cert cert-" + instanceID; - } - if (CertAuthority.equals("ra")) { - raSigningCertNickName = CMSprops.getProperty( - "ra.signing.cacertnickname"); - ServerCertNickName = "Server-Cert cert-" + instanceID; - } - IDBPort = CMSprops.getProperty("internaldb.ldapconn.port"); - - fis.close(); - } catch (Exception e) { - System.out.println("exception " + e.getMessage()); - } - - } - - public static void main(String args[]) { - ServerInfo s = new ServerInfo("Test", "Test"); - - System.out.println(" Admin Port : " + s.GetAdminPort()); - System.out.println(" LDAP Port : " + s.GetConfigLDAPPort()); - System.out.println("Hostname " + s.GetHostName()); - System.out.println("InstanceID" + s.GetInstanceID()); - System.out.println(" doamin name : " + s.GetDomainName()); - System.out.println("AgentPort " + s.GetAgentPort()); - System.out.println("EESSLPort " + s.GetEESSLPort()); - System.out.println("EEPort " + s.GetEEPort()); - System.out.println("CMSAdminPort :" + s.GetCMSAdminPort()); - System.out.println("CAAuthority : " + s.GetCertAuthority()); - System.out.println("CASigningCert:" + s.GetCASigningCert()); - System.out.println("RASigningCert:" + s.GetRASigningCert()); - System.out.println("ServerCert" + s.GetServerCertNickName()); - - }// end of function main - -} // end of class - diff --git a/base/silent/src/com/netscape/pkisilent/common/TestClient.java b/base/silent/src/com/netscape/pkisilent/common/TestClient.java deleted file mode 100644 index 6fb5bd120..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/TestClient.java +++ /dev/null @@ -1,938 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedReader; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStreamReader; -import java.net.ServerSocket; -import java.util.Properties; - -import org.mozilla.jss.crypto.X509Certificate; -import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; - -/** - * CMS Test framework . - * Before createing an instance of this class make sure you havae set an environment variable TEST_CONFIG_FILE. - */ - -public class TestClient implements SSLCertificateApprovalCallback { - - public int port; - - // properties file parameters - public static String host, ports, adminid, adminpwd, propfileName, cdir; - public static String certnickname, keysize, keytype, tokenpwd; - public static String serverRoot, instanceRoot, ldaprootDN, ldaprootDNPW, caInstanceRoot, dataDirectory; - - // Program variables - public String STATUS; - public Properties props = null; - public String ACTION_STRING; - public String query; - public boolean debug = false; - // Certificate nicknames to be used by Test Clients - private String testConfigFile; - - public String caAgentCertName = "ca-agent"; - public String raAgentCertName = "ra-agent"; - public String ocspAgentCertName = "ocsp-agent"; - public String kraAgentCertName = "kra-agent"; - public String tksAgentCertName = "tks-agent"; - public String singleSignOnPWD = "secret12"; - public String adminCertName = "cn=admin"; - private String ldapBaseSuffix = "dc=netscape,dc=com"; - private String admDN = "admin"; - private String admDNPW = "admin"; - private String TmpDir; - @SuppressWarnings("unused") - private String TestLogFile; - private String startupTests, cleanupTests; - - private X509Certificate SSLServerCert = null; - - // Cert Sub vart - public String UID, OU, O, DN, E, CN, C, GN, SN, L, MAIL; - // Enroll - protected String PWD; - // CRypto - public ComCrypto cCrypt = new ComCrypto(); - public String pkcs10request = null; - - // Error - - public String ErrorDetail; - - private String serverKeyType, serverKeySize, serverKeyAlgo; - - private String unauth[] = { - "Unauthorized Access", "Server Error", - "Not Found", "Generic Unauthorized" }; - - public boolean approve(X509Certificate x509, SSLCertificateApprovalCallback.ValidityStatus status) { - SSLServerCert = x509; - return true; - } - - // Constructor - - public TestClient() { - keysize = "1024"; - keytype = "RSA"; - } - - /** - * Constructor . Takes the parameter for keysize and keytype . - * Before creating a new instance of this class make sure you have set TEST_CONFIG_FILE variable in your - * environnemt. - * Reads the TEST_CONFIG_FILE . Initializes the certificate database. See engage.cfg file for example. - * - * @param keysize - * @param keytype - */ - - public TestClient(String ks, String kt) { - - testConfigFile = ReadEnv("TEST_CONFIG_FILE"); - - System.out.println(testConfigFile); - readConfigFile(); - keysize = ks; - keytype = kt; - cCrypt.setCertDir(cdir); - cCrypt.setCertnickname(adminCertName); - cCrypt.setKeySize(keysize); - cCrypt.setKeyType(keytype); - cCrypt.setTokenPWD(tokenpwd); - cCrypt.setDebug(true); - cCrypt.CreateCertDB(); - - } - - /** - * Gets the SSLServer Certificate of the server - */ - - public X509Certificate getSSLServerCert() { - return SSLServerCert; - } - - /** - * finds the cert with nickname cname in the clients cert database - */ - - public X509Certificate findCertByNickname(String cname) { - - return cCrypt.findCert(cname); - - } - - /** - * Imports certificate to cert database.Takes parameters Certpackage and certnickname - */ - boolean importCert(String cp, String nickname) { - - return cCrypt.importCert(cp, nickname); - - } - - /** - * This function returns true if you choose to executeStartupTests - */ - - public boolean executeStartupTests() { - - if (startupTests == null) { - return false; - } else if (startupTests.equals("y")) { - return true; - } else { - return false; - } - - } - - /** - * This function returns true if you choose to executeCleanupTests - */ - - public boolean executeCleanupTests() { - - if (cleanupTests == null) { - return false; - } else if (cleanupTests.equals("y")) { - return true; - } else { - return false; - } - - } - - public String GetServerRoot() { - return serverRoot; - } - - public String GetInstanceRoot() { - return instanceRoot; - } - - public String getErrorDetail() { - return ErrorDetail; - } - - public String GetAdminDN() { - return admDN; - } - - public String GetAdminDNPWD() { - return admDNPW; - } - - public String GetLDAPDN() { - return ldaprootDN; - } - - public String GetLDAPDNPW() { - return ldaprootDNPW; - } - - public String GetLDAPBASE() { - return ldapBaseSuffix; - } - - public String GetAdminCertName() { - return adminCertName; - } - - public String GetRAAgentCertName() { - return raAgentCertName; - } - - public String GetKRAAgentCertName() { - return kraAgentCertName; - } - - public String GetOCSPAgentCertName() { - return ocspAgentCertName; - } - - public String GetTKSAgentCertName() { - return tksAgentCertName; - } - - public String GetDataDirectory() { - return dataDirectory; - } - - public String GetClientCertDB() { - return cdir; - } - - public String GetClientCertDBPW() { - return tokenpwd; - } - - public String GetSingleSignOnPW() { - return singleSignOnPWD; - } - - public String GetCARoot() { - return caInstanceRoot; - } - - public String GetTmpDir() { - return TmpDir; - } - - public String GetServerKeySize() { - return serverKeySize; - } - - public String GetServerKeyType() { - return serverKeyType; - } - - public String GetServerKeyAlgorithm() { - return serverKeyAlgo; - } - - public void setStatusString(String ststr) { - STATUS = ststr; - } - - public void setDebug(boolean t) { - debug = t; - } - - public void setpkcs10Request(String t) { - pkcs10request = t; - } - - public void setHostName(String s) { - host = s; - } - - public void setCARoot(String s) { - caInstanceRoot = s; - } - - public void setTestLogFile(String s) { - TestLogFile = s; - } - - /** - * parses a http page and returns true if any error is returned by server - **/ - - public boolean getError(String line) { - - int ret; - - ret = line.indexOf("fixed.errorDetails"); - - if (line.indexOf("fixed.errorDetails") == 0) { - ErrorDetail = line.substring( - ret + ("fixed.errorDetails = ").length()); - return true; - } - - if (line.indexOf("fixed.errorDetails") >= 0) { - ErrorDetail = line.substring( - ret + ("fixed.errorDetails = ").length()); - return true; - } - - ret = line.indexOf("fixed.unexpectedError"); - - if (line.indexOf("fixed.unexpectedError") == 0) { - System.out.println("Processing unexpectedError"); - ErrorDetail = line.substring( - ret + ("fixed.unexpectedError = ").length()); - return true; - } - - if (line.indexOf(unauth[0]) > 0) { - ErrorDetail = unauth[0]; - return true; - } - if (line.indexOf(unauth[1]) > -1) { - ErrorDetail = unauth[1]; - return true; - } - if (line.indexOf(unauth[2]) > -1) { - ErrorDetail = unauth[2]; - return true; - } - if (line.indexOf(unauth[3]) > -1) { - ErrorDetail = unauth[3]; - return true; - } - - if (line.indexOf("errorReason") >= 0) { - ErrorDetail = line.substring(ret + ("errorReason=").length()); - return true; - } - - return false; - } - - /** - * Reads a properties file . Takes filename as input parameter. - */ - - public void getProperties(String fileName) throws Exception { - FileInputStream fis = null; - try { - fis = new FileInputStream(fileName); - props = new Properties(); - props.load(fis); - } finally { - if (fis != null) - fis.close(); - } - } - - public String ReadEnv(String str) { - try { - Process p = null; - Runtime r = Runtime.getRuntime(); - String OS = System.getProperty("os.name").toLowerCase(); - - if (OS.indexOf("windows") > 1) { - p = r.exec("cmd.exe /c set"); - } else { - p = r.exec("env"); - } - - BufferedReader br = new BufferedReader( - new InputStreamReader(p.getInputStream())); - String line; - - while ((line = br.readLine()) != null) { - int idx = line.indexOf('='); - String key = line.substring(0, idx); - String value = line.substring(idx + 1); - - // System.out.println(key + "=" + value); - if (key.startsWith(str)) { - return value; - } - } - return null; - } catch (Throwable e) { - e.printStackTrace(); - } - return null; - } - - private void readConfigFile() { - try { - getProperties(testConfigFile); - } catch (Exception e) { - System.out.println( - "exception reading TestConfigFile " + e.getMessage()); - } - - serverRoot = props.getProperty("SROOT"); - instanceRoot = props.getProperty("IROOT"); - dataDirectory = props.getProperty("DATA_DIR"); - ldapBaseSuffix = props.getProperty("LDAPBASESUFFIX"); - - if (ldapBaseSuffix.indexOf("\"") > -1) { - ldapBaseSuffix = ldapBaseSuffix.substring(1, - ldapBaseSuffix.length() - 1); - } - - ldaprootDN = props.getProperty("LDAPROOTDN"); - // Strip of th e quotes "cn=directory manager" string - if (ldaprootDN.indexOf("\"") > -1) { - ldaprootDN = ldaprootDN.substring(1, ldaprootDN.length() - 1); - } - System.out.println("ldaprootDN : " + ldaprootDN); - - ldaprootDNPW = props.getProperty("LDAPROOTDNPW"); - cdir = props.getProperty("CERTDB"); - tokenpwd = props.getProperty("CERTDBPW"); - caInstanceRoot = props.getProperty("CAIROOT"); - admDN = props.getProperty("ADMINDN"); - admDNPW = props.getProperty("ADMINDNPW"); - singleSignOnPWD = props.getProperty("SINGLESIGNONPW"); - serverKeySize = props.getProperty("KEYSIZE"); - serverKeyType = props.getProperty("KEYTYPE"); - serverKeyAlgo = props.getProperty("KEYALGORITHM"); - - TmpDir = props.getProperty("TMP_DIR"); - TestLogFile = props.getProperty("TEST_LOG_FILE"); - - String de = props.getProperty("DEBUG"); - - if (de == null) { - debug = false; - } else if (de.equals("true")) { - debug = true; - } else { - debug = false; - } - - } - - /** - * returns FreePort in this machine . Takes a parmater portnumber. For example getFreePort("4026"). - */ - public String getFreePort(String s) { - Integer x = new Integer(s); - int p = x.intValue(); - - // if p = 0, then the serversocket constructor get a free port by itself - p = 0; - try { - ServerSocket ss1 = new ServerSocket(p); - - p = ss1.getLocalPort(); - System.out.println("Obtained Free Port = " + p); - ss1.close(); - } catch (Exception e) { - System.out.println("Unable to get Free Port"); - e.printStackTrace(); - p = 0; - } - return (String.valueOf(p)); - // This following method doesn't Always get a free port. - // while (st) { - // if(isSocketUnused(host,p) ) - // st=false; - // p++; - // } - // return (String.valueOf(p)); - - } - - /** - * Reads a file and returns the cert request as string - **/ - - public String readRequest(String filename) { - FileInputStream f1 = null; - try { - f1 = new FileInputStream(filename); - int size = f1.available(); - byte b[] = new byte[size]; - - if (f1.read(b) != b.length) { - return null; - } - - String s = new String(b); - - return s; - } catch (Exception e) { - System.out.println("exception " + e.getMessage()); - return null; - } finally { - if (f1 != null) { - try { - f1.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - } - - public static void main(String args[]) { - TestClient t = new TestClient("1024", "RSA"); - - /* - ******************************************************************* - * Sample programs to initialze calsses - ******************************************************************* - */ - - /* - ******************************************************************** - * To Test AutoInstaller - ******************************************************************* - */ - - /* - AutoInstaller a = new AutoInstaller(t.GetServerRoot()); - - ServerInfo s = new ServerInfo(t.GetServerRoot()); - System.out.println (" Admin Port : " + s.GetAdminPort()); - System.out.println (" LDAP Port : "+ s.GetConfigLDAPPort()); - System.out.println( "Hostname " + s.GetHostName()); - System.out.println(" doamin name : " + s.GetDomainName()); - - t.setHostName(s.GetHostName()); - // Set adminServer Info - a.setAdminInfo(s.GetHostName(),s.GetAdminPort(),s.GetDomainName(),"admin","admin"); - a.setAdminInfo(s.GetHostName(),s.GetAdminPort(),"mcom.com","admin","admin"); - - // setCAInfo - a.setCAInfo(s.GetHostName(),"1027","8100","admin","secret12"); - //setInternalDB info - String dp = t.getFreePort("38900"); - a.setInternalDBInfo(s.GetHostName(),"38907","ca-db","cn=directory manager","secret12" ); - - // set tokenInfo - - a.setTokenInfo("Internal","secret12"); - - // set Subsystem info - String agp = t.getFreePort("8100"); - String adp = t.getFreePort("8200"); - String eesp = t.getFreePort("1027"); - String eep = t.getFreePort("1100"); - - System.out.println(agp); - - a.setSubSystemInfo("testra",t.GetServerRoot(),"RSA","1024","MD5","365","cn=certificate manager,ou=test,o=test",adp,agp,eesp,eep); - - a.setClientDBInfo(t.GetClientCertDB(),"secret12",t.GetAdminCertName()); - - a.ConfigureCA("admin","admin","secret12","secret12"); - - // a.ConfigureRA("admin","admin","secret12","secret12"); - - */ - - /* - ****************************************************** - * Example to Get Server Details - ****************************************************** - */ - - ServerInfo s = new ServerInfo(t.GetServerRoot(), t.GetInstanceRoot()); - - t.setHostName(s.GetHostName()); - - System.out.println("AgentPort " + s.GetAgentPort()); - System.out.println("EESSLPort " + s.GetEESSLPort()); - System.out.println("EEPort " + s.GetEEPort()); - System.out.println("CMSAdminPort :" + s.GetCMSAdminPort()); - System.out.println("IDBPort : " + s.GetInternalDBPort()); - System.out.println("CAAuthority : " + s.GetCertAuthority()); - System.out.println("CASigningCert:" + s.GetCASigningCert()); - System.out.println("RASigningCert:" + s.GetRASigningCert()); - System.out.println("ServerCert" + s.GetServerCertNickName()); - System.out.println("------------------------------------------"); - System.out.println(" Internal Database Test:"); - System.out.println(" LDAP Port : " + s.GetConfigLDAPPort()); - System.out.println("Hostname " + s.GetHostName()); - - DirEnroll de = new DirEnroll(s.GetHostName(), s.GetEESSLPort()); - - de.setAuthenticator("Portal"); - de.setUIDInfo("caeetest110", "secret12"); - de.enroll(); - - /* **************************************************************** - * CMC Enroll - *************************************************************** - */ - - /* CMSUtils cmsutils = new CMSUtils(t.GetServerRoot()); - String requestfile="/u/lgopal/work/tetCMS/ns/tetframework/testcases/CMS/6.0/acceptance/data/basic/cmcreq/cmctest1.req"; - cmsutils.runCMCEnroll(t.GetClientCertDB(),"cn=admin",t.GetClientCertDBPW(),requestfile); - Profiles pr = new Profiles(s.GetHostName(),s.GetEESSLPort()); - pr.setProfileType("caCMCUserCert"); - pr.setCertAuthority("ca"); - - String request = t.readRequest(requestfile+".out"); - String bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----"; - String estr="-----END NEW CERTIFICATE REQUEST-----"; - String Blob1 = request.substring(bstr.length() + 1); - String Blob2 = Blob1.substring(0,Blob1.indexOf(estr)); - request=Blob2; - - - pr.setRequest(request); - - pr.setUserInfo("UID=test1,Ou=netscape,o=aol","test","test","test","netscape","aol"); - pr.clientCertEnroll(); - */ - - /* **************************************************************** - * OCSP Client stuff - ************************************************************ - */ - - /* - String ip= "10.169.25.26"; - OCSPClient ocspclient= new OCSPClient(s.GetHostName(),ip,s.GetEEPort(),t.GetClientCertDB(),t.GetClientCertDBPW(),"cn=admin" ,"/tmp/ocsp.out","4"); - ocspclient.setCert(t.findCertByNickname("ocsp-agent")); - - ocspclient.SendOCSPRequest(); - */ - - /* - ***************************************************** - * Test CRMFcleint and KRA REcovery and Archival - ***************************************************** - */ - - /* - ********************************************************* - * OCSP Agent stuff - ********************************************************* - */ - - /* Retrieval rtr = new Retrieval(s.GetHostName(),s.GetEESSLPort()); - rtr.getCACert(); - System.out.println("CA Cert chain" + rtr.getCert()); - - OcspAgent ocspAgent= new OcspAgent(s.GetHostName(),"8111"); - ocspAgent.setAgentCertName(t.GetOCSPAgentCertName()); - - String cert = "-----BEGIN CERTIFICATE-----"+"\n"+rtr.getCert()+"\n"+"-----END CERTIFICATE-----\n"; - - ocspAgent.setCACert(cert); - ocspAgent.addCA(); - */ - - /* - *************************************************************** - Submit Profile based request - ********************************************************* - */ - - /* - Profiles pr = new Profiles(s.GetHostName(),s.GetEESSLPort()); - pr.setProfileType("caUserCert"); - // pr.setProfileType("caDirUserCert"); - - pr.setCertAuthority("ca"); - pr.setUserInfo("UID=test1,Ou=netscape,o=aol","test","test","test","netscape","aol"); - //pr.setDirUserInfo("test","netscape"); - pr.clientCertEnroll(); - System.out.println("Request ID is " + pr.getRequestID()); - - - Request re = new Request (s.GetHostName(),s.GetAgentPort(),"ca"); - re.setAgentCertName(t.GetAdminCertName()); - re.ApproveProfileRequests(pr.getRequestID()); - */ - - /* - String TransportCert="MIICJTCCAY6gAwIBAgIBBTANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVzdDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MjMyMTM3NTFaFw0wNDA0MjIwOTMzMzFaMDkxETAPBgNVBAoTCHRlc3QxMDI0MRcwFQYDVQQLEw5hY2NlcHRhbmNldGVzdDELMAkGA1UEAxMCcmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANVW81T7GatHIB25kF0jdY4h4hOF1NAlAHE2YdN/UEyXuU22CfwrIltA3x/6sKFHhbbFysn6nGJlgKipPJqJDwyYTIv07hgoXqgcUu8fSYQg4BDHYhpHJxsUt3BSfADTjxAUHize7C2F8TVhBIcWW043FSkwvAiUjJb7uqQRKn7lAgMBAAGjMzAxMA4GA1UdDwEB/wQEAwIFIDAfBgNVHSMEGDAWgBTqvc3UPGDSWq+21DZGSUABNGIUbDANBgkqhkiG9w0BAQQFAAOBgQCNLJivNDHTTmCb2vDefUwLMxXNjuHwrbjVqymHPFqUjredTq2Yp+Ed1zxj+mxRovzegd65Tbnx+MV84j8K3Qc1kWOC+kbohAY9svSPsN3o5Q5BB19+5nUPC5Gk/mxkWJWWJLOnpKJGiAHMZIr58TH7hF8KQWXWMN9ikSFkPj0a/g=="; - - - CRMFClient CrmfClient = new CRMFClient(s.GetHostName(),s.GetEEPort()); - CrmfClient.setDBInfo(t.GetClientCertDB(),t.GetClientCertDBPW()); - CrmfClient.setTransportCert(TransportCert); - CrmfClient.setUserInfo("user","netscape"); - CrmfClient.setLDAPInfo(t.GetLDAPDN(),t.GetLDAPDNPW()); - CrmfClient.setDualKey(true); - - if(!CrmfClient.Enroll()) - {System.out.println("CRMFClient : could not submit request");} - - - checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),String.valueOf(CrmfClient.getRequestId()),"false"); - cr.checkRequestStatus(); - System.out.println("Serial num " + cr.getSerialNumber()); - System.out.println("cert pack " + cr.getCert()); - - KraAgent kraAgent = new KraAgent(s.GetHostName(),"8111"); - kraAgent.setAgentCertName("cn=admin"); - System.out.println("KRAAgent List archival"); - - Vector aReq= kraAgent.ListArchivalRequests(); - int i=0; - while(i < aReq.size() ) - { - System.out.print(aReq.elementAt(i) + " "); - i++; - } - - kraAgent.setCertificate(cr.getCert()); - kraAgent.setLocalAgent(false); - kraAgent.recoverKeys(); - */ - - /* - ************************************************************* - * Example to Connect oto Config Directory port - ************************************************************* - */ - - /* - CMSLDAP cmsldap = new CMSLDAP(s.GetHostName(),s.GetConfigLDAPPort(),t.GetLDAPDN(),t.GetLDAPDNPW()); - if(cmsldap.connect()) - System.out.println("LDAP Connection successful"); - else - System.out.println("Error Connecting to LDAPSERVER"); - - // Add user to config directoory - if (cmsldap.userAdd("ou=people,"+t.GetLDAPBASE(),"t2","t2","t2","netscape")) - System.out.println("Added user to Config directory"); - - */ - - /* - ************************************************************* - * Example to Submit a CRMFCleint request to CA - ************************************************************* - */ - - /* - String TransportCert = - "MIICJTCCAY6gAwIBAgIBBTANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVzdDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MTgyMjMwMDhaFw0wNDA0MTcxMDI2MDhaMDkxETAPBgNVBAoTCHRlc3QxMDI0MRcwFQYDVQQLEw5hY2NlcHRhbmNldGVzdDELMAkGA1UEAxMCcmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN6sQ3mSU8mL6i6gTZIXDLzOZPhYOkQLpnJjit5hcPZ0JMn0CQVXo4QjKN1xvuZv8qVlZoQw9czmzp/knTa0sCDgFKd0r+u0TnLeZkJMSimgFnma9CnChlaDHnBd8Beu4vyaHmo7rJ0xA4etn7HjhmKbaQZOcv/aP0SW9JXRga7ZAgMBAAGjMzAxMA4GA1UdDwEB/wQEAwIFIDAfBgNVHSMEGDAWgBSC3fsQHb7fddr2vL0UdkM2dAmUWzANBgkqhkiG9w0BAQQFAAOBgQBkAGbgd9HIqwoLKAr+V6bj9oWesDmDH80gPPxj10qyWSQYIs8PofOs/75yGS9nxhydtgSMFoBgCPdroUI31kZQQlFzxtudGoKD+5MWSXho79XzPwpjheOBYgpX6ch+L4tMLFDpqeraB1yZESO5EEeKm20DGVBOKVWxHhddO1BenA=="; - - CRMFClient CrmfClient = new CRMFClient(s.GetHostName(),s.GetEEPort()); - CrmfClient.setDBInfo(t.GetClientCertDB(),t.GetClientCertDBPW()); - CrmfClient.setTransportCert(TransportCert); - CrmfClient.setUserInfo("user","netscape"); - CrmfClient.setLDAPInfo(t.GetLDAPDN(),t.GetLDAPDNPW()); - CrmfClient.setDualKey(true); - - if(!CrmfClient.Enroll()) - {System.out.println("CRMFClient : could not submit request");} - */ - - /* KRA Agent list archived request */ - - /* ServerInfo KRAsvrInfo = new ServerInfo(t.GetServerRoot()); - String KRAinstanceRoot=t.GetServerRoot() + "/cert-" + "KRARSA1024" ; - KRAsvrInfo.setInstanceRoot(KRAinstanceRoot);*/ - - /* System.out.println("KRAAgent "); - KraAgent kraAgent = new KraAgent(s.GetHostName(),s.GetAgentPort()); - kraAgent.setAgentCertName(t.GetKRAAgentCertName()); - System.out.println("KRAAgent List archival"); - - Vector aReq= kraAgent.ListArchivalRequests(); - int i=0; - while(i < aReq.size() ) - { - System.out.print(aReq.elementAt(i) + " "); - i++; - } - - */ - - // cmsldap.disconnect(); - - /* - ************************************************************* - * Example to submit manual user enrollment request - ************************************************************* - /* - - - /* - UserEnroll ue = new UserEnroll(s.GetHostName(),"1029"); - ue.setUserInfo("E=testman,CN=testman,OU=netscape,O=aol,UID=testman1,C=US","testman", "testman", "testman1", "netscape","t"); - - boolean flag = ue.clientCertEnroll(); - if(flag) - System.out.println("Success submitted request"); - */ - - /* - ************************************************************* - * Example to submit Directory based enroolemt request - ************************************************************* - /* - - /* - // Add user to config directoory - if (cmsldap.userAdd("dc=netscape,dc=com","t2","t2","t2","netscape")) - System.out.println("Success "); - - if(cmsldap.TurnOnSSL("slapd-jupiter2","Server-Cert cert-jupiter2","7000")) - System.out.println("Turned on ssl"); - else - return; - - cmsldap.TurnOffSSL(); - - cmsldap.disconnect(); - - DirEnroll de = new DirEnroll(s.GetHostName(),s.GetEESSLPort()); - de.setUIDInfo("t2","netscape"); - de.enroll(); - - */ - - /* - ************************************************************* - * Example to submit Admin Enrollment request - ************************************************************* - /* - - /* - - AdminEnroll ade = new AdminEnroll("jupiter2","8200","cn=CMS Administrator,UID=admin,C=US","admin", "secret12"); - flag = ade.Enroll(); - if (flag) - System.out.println("adminEnrolled Successfully"); - */ - - /* - ************************************************************* - * Example gent List Pending request - ************************************************************* - /* - - /* - - // Agent List and Approve Request - Request re = new Request (s.GetHostName(),s.GetAgentPort(),s.GetCertAuthority()); - re.setAgentCertName(t.GetAdminCertName()); - re.ListPendingRequests("2","70"); - re.ApproveRequests(String.valueOf(ue.getRequestId())); - */ - - /* - ************************************************************* - * Example for CheckRequest Status and add the certificate to internal db - ************************************************************* - /* - - /* - // check request status and Revoke cert - checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),String.valueOf(ue.getRequestId()),"false"); - checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),"1","false"); - - cr.checkRequestStatus(); - System.out.println("Serial num " + cr.getSerialNumber()); - System.out.println("cert pack " + cr.getCert()); - - String st= "-----BEGIN CERTIFICATE-----"+"\n"+cr.getCert()+"\n"+"-----END CERTIFICATE-----\n"; - System.out.println("cert pack " + st); - - cmsldap.getXCertificate(st.getBytes()); - - */ - - /* - ************************************************************* - * Example agent ro revoke request - ************************************************************* - /* - - /* - Revoke rr = new Revoke (s.GetHostName(),s.GetAgentPort(),s.GetCertAuthority(),String.valueOf(cr.getSerialNumber())); - rr.revokeCerts(); - */ - - /* - ************************************************************* - * Example Agent update CRL - ************************************************************* - /* - - /* - // Update CRLand DISPLAY it - - System.out.println("Displayin CRL"); - CRL crl = new CRL (s.GetHostName(),s.GetAgentPort(),"/tmp/crlfile"); - crl.setAgentCertName(t.GetAdminCertName()); - crl.updateCRL(); - crl.displayCRL(); - crl.getRevokedCerts(); - */ - - // Update CRL in Directory - /* UpdateDir dcrl = new UpdateDir(s.GetHostName(),s.GetEESSLPort()); - dcrl.updateDir();*/ - - /* - ************************************************************* - * Example for stopping and starting servers - ************************************************************* - */ - - /* - DSTask idb = new DSTask(t.GetServerRoot()+"/slapd-jupiter2-db"); - if (idb.ldapStop()) System.out.println("IDB stopped"); - if(idb.ldapStart()) System.out.println("IDB Started"); - - System.out.println("------------------------------------------"); - System.out.println(" CMS Test:"); - CMSTask task = new CMSTask(t.GetInstanceRoot()); - task.CMSStop(); - task.CMSStart(); - */ - - }// end of function main - -} diff --git a/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java b/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java deleted file mode 100644 index 2f6a03924..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java +++ /dev/null @@ -1,562 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedOutputStream; -import java.io.BufferedReader; -import java.io.IOException; -import java.io.InputStreamReader; -import java.io.OutputStream; -import java.io.PrintStream; -import java.io.UnsupportedEncodingException; -import java.net.URLEncoder; -import java.util.Date; -import java.util.GregorianCalendar; - -import org.mozilla.jss.ssl.SSLSocket; - -/** - * CMS Test framework . - * Submits Legacy Manual User Enrollment request from EESSL port. Parses the response from server and return RequestID. - * <P> - */ - -public class UserEnroll extends TestClient { - - private String requestorName, requestorEmail, requestorPhone, requestorComments, requestId, certType, ssl_client; - private int port; - @SuppressWarnings("unused") - private long elapsedTime; - - // Constructor - public UserEnroll() { - } - - /** - * Constructor . Takes the parameter hostname and EESSLport - * <p> - */ - - public UserEnroll(String h, String p) { - host = h; - ports = p; - } - - /** - * Constructor . Takes the parameter for Properties file name - * <p> - * - * @param propfilename name of the parameter file - */ - - public UserEnroll(String pfile) { - propfileName = pfile; - } - - /** - * Constructor . Takes the parameter for hostname, EESSLportnumber, subjectdn, E, CN,UID,OU,O, - * CertdbDirecrory(fullpath) , certdbPassword, keysize, keytype, requestorName,requestorEmail and Certtype. - * valid values for Certtype - "ca","ra","ocsp" - * <p> - * - * @param propfilename name of the parameter file - */ - - public UserEnroll(String h, String p, String dn, String e, String cn, String uid, String ou, String o, String cd, - String tpwd, String sslcl, String ksize, String keyty, String reqname, String reqemail, String ctype) { - - host = h; - ports = p; - DN = dn; - E = e; - CN = cn; - UID = uid; - OU = ou; - O = o; - C = "US"; - cdir = cd; - tokenpwd = tpwd; - ssl_client = sslcl; - keysize = ksize; - keytype = keyty; - requestorName = reqname; - requestorPhone = "650"; - requestorEmail = "lg"; - requestorComments = "load Test"; - certnickname = "cn=test"; - keytype = "RSA"; - keysize = "1024"; - certType = ctype; - if (certType.equals("caSigningCert")) { - certType = "ca"; - } - if (certType.equals("raSigningCert")) { - certType = "ra"; - } - if (certType.equals("ocspSigningCert")) { - certType = "ocsp"; - } - } - - /** - * Set Certificate Request information. Takes parameters - subjectdn,E,CN,UID,OU,O - */ - - public void setUserInfo(String dn, String e, String cn, String uid, String ou, String o) { - DN = dn; - E = e; - CN = cn; - UID = uid; - OU = ou; - O = o; - requestorName = "test"; - requestorPhone = "650"; - requestorEmail = "lg"; - requestorComments = "Test"; - certnickname = "cn=test"; - - } - - public void setUserInfo(String dn, String e, String cn, String uid, String ou, String o, String nickname) { - DN = dn; - E = e; - CN = cn; - UID = uid; - OU = ou; - O = o; - requestorName = "test"; - requestorPhone = "650"; - requestorEmail = "lg"; - requestorComments = "Test"; - certnickname = nickname; - - } - - /** - * Set Certificat Type for which you want to submit a request . Valid values - "ca"/"ra"/"ocsp" - */ - public void setCertType(String ct) { - certType = ct; - } - - public boolean enroll_load() throws UnsupportedEncodingException { - buildquery(); - setStatusString(""); - return (Send()); - } - - private boolean pkcs10() { - - System.out.println(" In pkcs10 Keysize , key type " + keysize + keytype); - // ComCrypto cCrypt = new ComCrypto(cdir,tokenpwd,certnickname,keysize,keytype); - cCrypt.setCertDir(cdir); - cCrypt.setCertnickname(adminCertName); - cCrypt.setKeySize(keysize); - cCrypt.setKeyType(keytype); - cCrypt.setTokenPWD(tokenpwd); - cCrypt.setDebug(true); - if (pkcs10request != null) { - cCrypt.setGenerateRequest(false); - cCrypt.loginDB(); - } else { - cCrypt.setGenerateRequest(true); - if (!cCrypt.generateRequest()) { - System.out.println("Request could not be generated "); - return false; - } - pkcs10request = cCrypt.getPkcs10Request(); - } - - try { - System.out.println("Debug: building query "); - buildquery(); - if (debug) { - System.out.println(query); - } - setStatusString(""); - return (Send()); - } catch (Exception e) { - System.err.println("some exception:" + e); - } - - return (false); - - } - - // Private methods - - private void setElapsedTime(long dif) { - elapsedTime = dif; - } - - private long calculateElapsedTime(GregorianCalendar b, GregorianCalendar e) { - - Date d1 = b.getTime(); - Date d2 = e.getTime(); - long l1 = d1.getTime(); - long l2 = d2.getTime(); - long difference = l2 - l1; - - return difference; - - } - - private boolean Send() { - boolean st = false; - SSLSocket socket = null; - OutputStream rawos = null; - BufferedOutputStream os = null; - PrintStream ps = null; - BufferedReader stdin = null; - try { - - if (debug) { - System.out.println("Step 3 : Socket initialize"); - } - - Integer x = new Integer(ports); - - port = x.intValue(); - - GregorianCalendar begin = new GregorianCalendar(); - - // SSLSocket socket = new SSLSocket(host,port); - socket = new SSLSocket(host, port, null, 0, this, null); - - socket.setUseClientMode(true); - rawos = socket.getOutputStream(); - os = new BufferedOutputStream(rawos); - ps = new PrintStream(os); - - ps.println("POST /enrollment HTTP/1.0"); - ps.println("Connection: Keep-Alive"); - ps.println("Content-type: application/x-www-form-urlencoded"); - ps.println("Content-length: " + query.length()); - ps.println(""); - ps.println(query); - ps.println("\r"); - ps.flush(); - os.flush(); - stdin = new BufferedReader( - new InputStreamReader(socket.getInputStream())); - - if (debug) { - System.out.println("Step 4: Received the page"); - } - st = false; - String line; - - while ((line = stdin.readLine()) != null) { - if (debug) { - System.out.println(line); - } - if (line.indexOf(STATUS) != -1) { - st = true; - } - if (line.indexOf("fixed.requestId = ") != -1) { - requestId = line.substring("fixed.requestId = ".length() + 1, - line.indexOf(";") - 1); - } - - if (getError(line)) { - st = false; - } - - } - GregorianCalendar end = new GregorianCalendar(); - long diff = calculateElapsedTime(begin, end); - - setElapsedTime(diff); - - } catch (Exception e) { - System.err.println("some exception: in Send routine" + e); - return false; - } finally { - if (ps != null) { - ps.close(); - } - if (stdin != null) { - try { - stdin.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (socket != null) { - try { - socket.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (os != null) { - try { - os.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (rawos != null) { - try { - rawos.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - - return st; - - } - - private void buildquery() throws UnsupportedEncodingException { - StringBuffer queryStrBuf = new StringBuffer(); - - if (certType.equals("client")) { - queryStrBuf.append("certType="); - queryStrBuf.append(certType); - queryStrBuf.append("&Send=submit"); - - queryStrBuf.append("&key_encipherment=true"); - - queryStrBuf.append("&digital_signature=true"); - - queryStrBuf.append("&requestFormat=keygen"); - - queryStrBuf.append("&cryptprovider=1"); - if (ssl_client.equals("true")) { - queryStrBuf.append("&ssl_client=true"); - } else { - queryStrBuf.append("&ssl_server=true"); - } - - queryStrBuf.append("&non_repudiation=true"); - - if (requestorName.length() > 0) { - queryStrBuf.append("&csrRequestorName="); - } - queryStrBuf.append(URLEncoder.encode(requestorName, "UTF-8")); - if (requestorEmail.length() > 0) { - queryStrBuf.append("&csrRequestorEmail="); - queryStrBuf.append(URLEncoder.encode(requestorEmail, "UTF-8")); - queryStrBuf.append("&email=true"); - - } else { - queryStrBuf.append("&email=false"); - } - - if (requestorPhone.length() > 0) { - queryStrBuf.append("&csrRequestorPhone="); - queryStrBuf.append(URLEncoder.encode(requestorPhone, "UTF-8")); - } - if (requestorComments.length() > 0) { - queryStrBuf.append("&csrRequestorComments="); - queryStrBuf.append(URLEncoder.encode(requestorComments, "UTF-8")); - } - System.out.println("buidlquery client E "); - if (E.length() > 0) { - queryStrBuf.append("&E="); - queryStrBuf.append(E); - } - if (CN.length() > 0) { - queryStrBuf.append("&CN="); - queryStrBuf.append(CN); - } - - if (UID.length() > 0) { - queryStrBuf.append("&UID="); - queryStrBuf.append(UID); - } - if (OU.length() > 0) { - queryStrBuf.append("&OU="); - queryStrBuf.append(OU); - } - // if(O.length() > 0) { queryStrBuf.append("&O=");queryStrBuf.append(O);} - // if(C.length() >0) { queryStrBuf.append("&C=");queryStrBuf.append(C);} - System.out.println("buidlquery client dn "); - queryStrBuf.append("&subject="); - queryStrBuf.append(URLEncoder.encode(DN, "UTF-8")); - } - - if (certType.equals("ra")) { - queryStrBuf.append("certType=" + certType); - queryStrBuf.append("&digital_signature=true"); - queryStrBuf.append("&non_repudiation=true"); - queryStrBuf.append("&ssl_client=true"); - } - - if (certType.equals("server")) { - queryStrBuf.append("certType=" + certType); - queryStrBuf.append("&digital_signature=true"); - queryStrBuf.append("&non_repudiation=true"); - queryStrBuf.append("&ssl_server=true"); - queryStrBuf.append("&key_encipherment=true"); - queryStrBuf.append("&data_encipherment=true"); - - } - - if (certType.equals("ocsp")) { - queryStrBuf.append("certType=ocspResponder"); - queryStrBuf.append("&digital_signature=true"); - queryStrBuf.append("&non_repudiation=true"); - queryStrBuf.append("&ssl_client=true"); - } - - if (certType.equals("ca")) { - queryStrBuf.append("certType=" + certType); - queryStrBuf.append("&digital_signature=true"); - queryStrBuf.append("&non_repudiation=true"); - queryStrBuf.append("&ssl_client=true"); - queryStrBuf.append("&object_signing_ca=true"); - queryStrBuf.append("&crl_sign=true"); - queryStrBuf.append("&ssl_ca=true"); - queryStrBuf.append("&key_certsign=true"); - queryStrBuf.append("&email_ca=true"); - - } - - queryStrBuf.append("&pkcs10Request="); - queryStrBuf.append(URLEncoder.encode(pkcs10request, "UTF-8")); - System.out.println("before converting bug to string "); - query = queryStrBuf.toString(); - - System.out.println(query); - queryStrBuf = null; - } - - public int getRequestId() { - Integer m = new Integer(requestId); - - return m.intValue(); - - } - - /** - * Submit enrollment request - */ - - public boolean clientCertEnroll() { - certType = "client"; - ssl_client = "true"; - debug = true; - return (pkcs10()); - } - - public boolean Enroll() { - debug = true; - return (pkcs10()); - } - - /** - * Read the properties file - **/ - - public boolean readProperties() { - - // Read the properties file and assign values to variables . - try { - getProperties(propfileName); - } catch (Exception e) { - System.out.println( - "exception reading Properties File " + e.getMessage()); - return false; - } - - host = props.getProperty("enroll.host"); - ports = props.getProperty("enroll.port"); - DN = props.getProperty("enroll.DN"); - requestorName = props.getProperty("enroll.name"); - requestorEmail = props.getProperty("enroll.email"); - requestorPhone = props.getProperty("enroll.phone"); - requestorComments = props.getProperty("enroll.comments"); - E = props.getProperty("enroll.E"); - CN = props.getProperty("enroll.CN"); - UID = props.getProperty("enroll.UID"); - OU = props.getProperty("enroll.OU"); - O = props.getProperty("enroll.O"); - C = props.getProperty("enroll.C"); - cdir = props.getProperty("enroll.certdir"); - tokenpwd = props.getProperty("enroll.certtokenpwd"); - certnickname = props.getProperty("enroll.nickname"); - keysize = props.getProperty("enroll.keysize"); - keytype = props.getProperty("enroll.keytype"); - certType = props.getProperty("enroll.certtype"); - if (certType == null) { - certType = "client"; - } - if (certType.equals("raSigningCert")) { - certType = "ra"; - } - if (certType.equals("ocspSigningCert")) { - certType = "ocsp"; - } - pkcs10request = props.getProperty("enroll.pkcs10"); - ssl_client = props.getProperty("enroll.sslclient"); - if (ssl_client == null) { - ssl_client = "true"; - } - - String de = props.getProperty("enroll.debug"); - - if (de == null) { - debug = false; - } else if (de.equals("true")) { - debug = true; - } else { - debug = false; - } - - // Enroll using a pkscks10 request - return (pkcs10()); - } - - public static void main(String args[]) { - // Exit Status - (0) for error/Fail - // - requestId Pass - - UserEnroll e = new UserEnroll("jupiter2", "1027", - "E=test,cn=test,uid=test", "test", "test", "test", "t1", "t", - "/u/lgopal/work/tetCMS/ns/tetframework/testcases/CMS/6.0/acceptanceJava/data/certdb", - "secret12", "true", "1024", "RSA", "rn", "re", "client"); - - e.clientCertEnroll(); - - /* if ( args.length < 1) - { - System.out.println("Usage : propertiesfile"); - System.exit(0); - } - - - UserEnroll t = new UserEnroll(args[0]); - st=t.enroll(); - if (st){ - System.out.println("User Enrolled successfully . RequestId is "+t.getrequestId()); - System.exit(t.getRequestId()); - } - else{ - - System.out.println("Error: " + t.getErrorDetail()); - System.exit(0); - } - */ - }// end of function main - -} // end of class - diff --git a/base/silent/src/com/netscape/pkisilent/common/Utilities.java b/base/silent/src/com/netscape/pkisilent/common/Utilities.java deleted file mode 100644 index 79712eb11..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/Utilities.java +++ /dev/null @@ -1,413 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedReader; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStreamReader; - -import netscape.security.x509.CertificateSerialNumber; -import netscape.security.x509.CertificateSubjectName; -import netscape.security.x509.RDN; -import netscape.security.x509.SerialNumber; -import netscape.security.x509.X500Name; -import netscape.security.x509.X509CertImpl; -import netscape.security.x509.X509CertInfo; - -import com.netscape.cmsutil.util.Utils; - -public class Utilities { - - public Utilities() {// Do nothing - } - - public String cleanupQuotes(String token) { - StringBuffer buf = new StringBuffer(); - int length = token.length(); - int curIndex = 0; - - if (token.startsWith("\"") && token.endsWith("\"")) { - curIndex = 1; - length--; - } - - boolean oneQuoteFound = false; - boolean twoQuotesFound = false; - - while (curIndex < length) { - char curChar = token.charAt(curIndex); - - if (curChar == '"') { - twoQuotesFound = (oneQuoteFound) ? true : false; - oneQuoteFound = true; - } else { - oneQuoteFound = false; - twoQuotesFound = false; - } - - if (twoQuotesFound) { - twoQuotesFound = false; - oneQuoteFound = false; - curIndex++; - continue; - } - - buf.append(curChar); - curIndex++; - } - - return buf.toString(); - } - - public String removechar(String token) { - - StringBuffer buf = new StringBuffer(); - int end = token.length(); - int begin = 0; - - if (token.endsWith(";")) { - end--; - } - - while (begin < end) { - char curChar = token.charAt(begin); - - buf.append(curChar); - begin++; - } - return buf.toString(); - - } - - public String parse_httpresponse(String line) { - // look for name=value pair - // remove trailing white spaces - // remove trailing ; - // remove double quotes - - String temp = line.substring(line.indexOf("=") + 1); - - return cleanupQuotes(removechar(temp.trim())); - - } - - public String remove_newline(String s) { - if (s == null) { - return null; - } - - StringBuffer val = new StringBuffer(); - - for (int i = 0; i < s.length(); i++) { - if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { - i++; - continue; - } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { - i++; - continue; - } else if (s.charAt(i) == '"') { - continue; - } - val.append(s.charAt(i)); - } - return val.toString(); - - } - - public String normalize(String s) { - - if (s == null) { - return null; - } - - StringBuffer val = new StringBuffer(); - - for (int i = 0; i < s.length(); i++) { - if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { - val.append("\n"); - i++; - continue; - } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { - i++; - continue; - } else if (s.charAt(i) == '"') { - continue; - } - val.append(s.charAt(i)); - } - return val.toString(); - } - - /* - * format of the file should be like this: - * -----BEGIN CERTIFICATE----- - * base64 encoded certificate - * -----END CERTIFICATE----- - */ - public String getcertfromfile(String filename) { - StringBuffer tempBuffer = new StringBuffer(); - BufferedReader in = null; - FileInputStream fis = null; - try { - fis = new FileInputStream(filename); - in = new BufferedReader(new InputStreamReader(fis)); - - String temp; - while ((temp = in.readLine()) != null) { - - if (temp.equalsIgnoreCase("-----BEGIN CERTIFICATE-----") - || temp.equalsIgnoreCase("-----END CERTIFICATE-----")) { - continue; - } - tempBuffer.append(temp); - } - - return tempBuffer.toString(); - } catch (Exception e) { - System.out.println("ERROR: getcertfromfile" + e.toString()); - e.printStackTrace(); - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (fis != null) { - try { - fis.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - return null; - } - - public String getcertfromfile_withheaders(String filename) { - StringBuffer tempBuffer = new StringBuffer(); - BufferedReader in = null; - FileInputStream fis = null; - try { - fis = new FileInputStream(filename); - in = new BufferedReader(new InputStreamReader(fis)); - - String temp; - while ((temp = in.readLine()) != null) { - tempBuffer.append(temp); - } - return tempBuffer.toString(); - } catch (Exception e) { - System.out.println( - "ERROR: getcertfromfile_withheaders" + e.toString()); - e.printStackTrace(); - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (fis != null) { - try { - fis.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - return null; - } - - /* - * format of the file should be like this: - * -----BEGIN CERTIFICATE REVOCATION LIST----- - * base64 encoded CRL - * -----END CERTIFICATE REVOCATION LIST----- - */ - public String getcrlfromfile(String filename) { - StringBuffer tempBuffer = new StringBuffer(); - BufferedReader in = null; - FileInputStream fis = null; - try { - fis = new FileInputStream(filename); - in = new BufferedReader(new InputStreamReader(fis)); - - String temp; - while ((temp = in.readLine()) != null) { - tempBuffer.append(temp); - } - - return tempBuffer.toString(); - } catch (Exception e) { - System.out.println("ERROR: getcrlfromfile" + e.toString()); - e.printStackTrace(); - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - System.out.println("ERROR: Unable to close the input reader"); - e.printStackTrace(); - } - } - if (fis != null) { - try { - fis.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - - return null; - } - - /* - * format of the file should be like this: - * -----BEGIN CERTIFICATE----- - * base64 encoded certificate - * -----END CERTIFICATE----- - */ - public String getcafromfile(String filename) { - StringBuffer tempBuffer = new StringBuffer(); - BufferedReader in = null; - FileInputStream fis = null; - try { - fis = new FileInputStream(filename); - in = new BufferedReader(new InputStreamReader(fis)); - - String temp; - while ((temp = in.readLine()) != null) { - tempBuffer.append(temp); - } - - return tempBuffer.toString(); - } catch (Exception e) { - System.out.println("ERROR: getcafromfile" + e.toString()); - e.printStackTrace(); - } finally { - if (in != null) { - try { - in.close(); - } catch (IOException e) { - System.out.println("ERROR: Unable to close the input reader"); - e.printStackTrace(); - } - } - if (fis != null) { - try { - fis.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - return null; - } - - /* - * function for RFC 2254. converts a x509 certificate given as - * a binary array[] to a Ldap filter string - */ - public static String escapeBinaryData(byte data[]) { - StringBuffer result = new StringBuffer(); - - for (int i = 0; i < data.length; i++) { - String s = Integer.toHexString(0xff & data[i]); - - if (s.length() == 1) { - s = "0" + s; - } - result.append("\\" + s); - } - - System.out.println("LDAP_FILTER=" + result.toString()); - return result.toString(); - } - - /* - * function to decode base64 encoded certificate - */ - public CertificateRecord decode_cert(String cert) { - - String head = "-----BEGIN CERTIFICATE-----"; - String tail = "-----END CERTIFICATE-----"; - - CertificateRecord cr = new CertificateRecord(); - - int head_pos = cert.indexOf(head); - int tail_pos = cert.indexOf(tail); - - // String not found - if (head_pos == -1 || tail_pos == -1) { - return null; - } - - String temp = cert.substring(head_pos + head.length(), tail_pos); - - temp = temp.replaceAll("\\r", ""); - temp = temp.replaceAll("\\n", ""); - - try { - // BASE64Decoder base64 = new BASE64Decoder(); - // byte decodedBASE64Cert[] = base64.decodeBuffer(temp); - byte decodedBASE64Cert[] = Utils.base64decode(temp); - X509CertImpl x509_cert = new X509CertImpl(decodedBASE64Cert); - X509CertInfo certinfo = (X509CertInfo) x509_cert.get("x509.INFO"); - - /* Get Serial Number */ - CertificateSerialNumber csn = (CertificateSerialNumber) - certinfo.get(X509CertInfo.SERIAL_NUMBER); - SerialNumber sn = (SerialNumber) csn.get("NUMBER"); - - // just adding serialnumber for add. - // we can add mode here like subject name, extensions,issuer to this record. - cr.serialNumber = sn.getNumber().toString().trim(); - - /* Get Subject Name */ - - CertificateSubjectName csn1 = (CertificateSubjectName) - certinfo.get(X509CertInfo.SUBJECT); - - X500Name dname = (X500Name) csn1.get(CertificateSubjectName.DN_NAME); - - StringBuffer pp = new StringBuffer(); - RDN[] rdns = dname.getNames(); - - for (int i = rdns.length - 1; i >= 0; i--) { - pp.append(rdns[i] + "\n"); - } - - cr.subject = pp.toString(); - - } catch (Exception e) { - System.out.println("ERROR: Exception when decoding certificate=" + e); - e.printStackTrace(); - return null; - } - - return cr; - - } - -}; // end class diff --git a/base/silent/src/com/netscape/pkisilent/common/checkRequest.java b/base/silent/src/com/netscape/pkisilent/common/checkRequest.java deleted file mode 100644 index e785657c0..000000000 --- a/base/silent/src/com/netscape/pkisilent/common/checkRequest.java +++ /dev/null @@ -1,614 +0,0 @@ -package com.netscape.pkisilent.common; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedOutputStream; -import java.io.BufferedReader; -import java.io.FileOutputStream; -import java.io.InputStreamReader; -import java.io.OutputStream; -import java.io.PrintStream; -import java.util.Date; -import java.util.GregorianCalendar; - -import org.mozilla.jss.ssl.SSLSocket; - -/** - * CMS Test framework . - * Submits a checkRequestStatus request to the server. parses the response from server and can import cert to the - * specified client database. - * <P> - */ - -public class checkRequest extends TestClient { - - private String certfile, importcert = "false", certnickname, serialNumber, ldapformat; - - private String requestId; - private String reqStatus = "false"; - private String pkcsCert, baseCert, ACTION_STRING, issuer, subject, AUTH = "ca"; - private int port; - private int type = 1; - - @SuppressWarnings("unused") - private long elapsedTime; - - private String host; - private String ports; - private String tokenpwd; - private String cdir; - - // public methods - - /** - * Constructor . Takes the parameter for Properties file name - * <p> - * - * @param propfilename name of the parameter file - */ - - public checkRequest(String pfile) { - propfileName = pfile; - } - - /** - * Constructor . Takes the parameter for hostname and EESSLportnumber - * <p> - */ - - public checkRequest(String h, String p) { - host = h; - ports = p; - }; - - /** - * Constructor . Takes the parameter for hostname , EESSLportnumber , Requestnumber and ImportCert ( true/false) - * <p> - */ - - public checkRequest(String h, String p, String snum, String impc) { - host = h; - ports = p; - requestId = snum; - importcert = impc; - } - - /** - * Constructor . Takes the parameter for hostname , EESSLportnumber , certdbdir, certdbpassword, Requestnumber - * ,certnickname and ImportCert ( true/false) - * <p> - */ - - public checkRequest(String hs, String pt, String certdir, String certtokenpwd, String seqnum, String nickname, - String impc) { - host = hs; - ports = pt; - cdir = certdir; - tokenpwd = certtokenpwd; - requestId = seqnum; - if (impc == null) { - importcert = "false"; - } else { - importcert = impc; - } - certnickname = nickname; - - } - - public void setDebug(boolean t) { - debug = t; - } - - public void setreqId(String seqnum) { - requestId = seqnum; - } - - public void setCertNickname(String cname) { - certnickname = cname; - } - - /** - * takes values - true/false - **/ - public void setImportCert(String impc) { - importcert = impc; - } - - public String getpkcs7ChainCert() { - return pkcsCert; - } - - /** - * returns Certificate - **/ - - public String getCert() { - return cCrypt.normalize(baseCert); - } - - /** - * returns Request status - "complete","pending" - **/ - - public String getRequestStatus() { - return reqStatus; - } - - /** - * returns the hex serial number of the certificate - **/ - - public String getSerialNumberHex() { - return serialNumber; - } - - /** - * returns the serial number as interger - **/ - - public int getSerialNumber() { - if (serialNumber != null) { - Integer y = new Integer(Integer.parseInt(serialNumber, 16)); - - return y.intValue(); - } - return 0; - } - - /** - * Submits a checkRequestStatus request to the server - **/ - - public boolean checkRequestStatus() { - - // Login to dB and genertae request - cCrypt.setCertDir(cdir); - cCrypt.setCertnickname(certnickname); - cCrypt.setKeySize(keysize); - cCrypt.setKeyType(keytype); - cCrypt.setTokenPWD(tokenpwd); - cCrypt.setDebug(debug); - - if (!cCrypt.loginDB()) { - System.out.println("Error : Login certdb failed "); - System.err.println("FAIL : Login certdb failed "); - return false; - } - - try { - - type = 1; - buildquery(); - if (debug) { - System.out.println(query); - } - setStatusString("Congratulations, your certificate has been issued."); - if (Send()) { - if (debug) { - System.out.println("Request Status :" + reqStatus); - } - if (reqStatus.equals("complete")) { - type = 2; - buildquery(); - if (debug) { - System.out.println(query); - } - if (Send()) { - return true; - } - } else { - return true; - } - - } - if (debug) { - System.out.println("Request Status :" + reqStatus); - } - - System.err.println("FAIL: reached end of checkRequestStatus()"); - - return false; - } catch (Exception e) { - System.err.println("some exception:" + e); - } - - return false; - } - - // Private functions - - private void setElapsedTime(long dif) { - elapsedTime = dif; - } - - private long calculateElapsedTime(GregorianCalendar b, GregorianCalendar e) { - - Date d1 = b.getTime(); - Date d2 = e.getTime(); - long l1 = d1.getTime(); - long l2 = d2.getTime(); - long difference = l2 - l1; - - return difference; - - } - - private boolean writeCert2File() { - if (serialNumber != null) { - - try { - FileOutputStream fos = new FileOutputStream(certfile); - - if (ldapformat.equals("true")) { - String tmp = "description: 2;" - + Integer.parseInt(serialNumber, 16) + ";" + issuer - + ";" + subject + "\n"; - - fos.write(tmp.getBytes()); - tmp = cCrypt.normalizeForLDAP(getCert()); - if (debug) { - System.out.println(tmp); - } - fos.write(("usercertificate:: ").getBytes()); - fos.write(tmp.getBytes()); - fos.close(); - } else { - String tmp = cCrypt.normalize(getCert()); - - if (debug) { - System.out.println(tmp); - } - fos.write(tmp.getBytes()); - fos.close(); - - } - - } catch (Exception e) { - System.out.println( - "exception in writeCert2File: " + e.getMessage()); - return false; - } - - } - - return true; - } - - private boolean importCert(String certpack) { - - if (importcert.equals("false")) { - return true; - } - - try { - if (certpack == null) { - return false; - } - - String s = cCrypt.normalize(certpack); - - if (AUTH.equals("ca")) { - String tmp = "-----BEGIN CERTIFICATE-----\n" + s + "\n" - + "-----END CERTIFICATE-----"; - - if (debug) { - System.out.println( - "importing cert" + tmp + "certnick" + certnickname); - } - s = tmp; - } - - if (cCrypt.importCert(s, certnickname)) { - System.out.println("successfully imported cert"); - return true; - } - - return false; - - } catch (Exception e) { - System.out.println( - "exception importing cert crequest" + e.getMessage()); - return false; - } - - } - - private boolean RetrieveRequestDetail(String line) { - String stat = "header.status = "; - boolean st = true; - - if (debug) { - System.out.println(line); - } - - if (line.indexOf(stat) != -1) { - String tm = line.substring(stat.length() + 1, - line.indexOf(";", 10) - 1); - - reqStatus = tm; - } - if (line.indexOf("header.pkcs7ChainBase64 = ") != -1) { - // if status is complete retrieve cert - pkcsCert = line.substring("header.pkcs7ChainBase64 = ".length() + 1, - line.indexOf(";", 10) - 1); - } - if (line.indexOf("record.serialNumber=") != -1) { - serialNumber = line.substring("record.serialNumber=".length() + 1, - line.indexOf(";", 1) - 1); - } - if (line.indexOf("header.authority =") == 0) { - AUTH = line.substring("header.authority =".length() + 2, - line.indexOf(";", 1) - 1); - } - - if (getError(line)) { - st = false; - } - - return st; - - } - - private boolean RetrieveCertDetails(String line) { - if (debug) { - System.out.println(line); - } - - boolean st = true; - - String retriveStr[] = { - "record.base64Cert=", "record.certPrettyPrint=", - "header.certChainBase64 = ", "header.certPrettyPrint = " }; - String baseCertStr, certPrettyprintStr; - - if (AUTH.equals("ra")) { - baseCertStr = retriveStr[0]; - certPrettyprintStr = retriveStr[1]; - } else { - baseCertStr = retriveStr[2]; - certPrettyprintStr = retriveStr[3]; - } - - if (line.indexOf(baseCertStr) != -1) { - - // if status is complete retrieve cert - baseCert = line.substring(baseCertStr.length() + 1, - line.indexOf(";", 10) - 1); - if (importcert.equals("true")) { - if (importCert(baseCert)) { - st = true; - } - } else { - st = true; - } - } - - if (line.indexOf(certPrettyprintStr) != -1) { - - System.out.println("Found certPrettyPrint"); - int ret = line.indexOf("Issuer: "); - - issuer = line.substring(("Issuer: ").length() + ret, - line.indexOf("Validi", ret) - 14); - ret = line.indexOf("Subject:"); - subject = line.substring(("Subject: ").length() + ret, - line.indexOf("Subject Public", ret) - 14); - - System.out.println(" HEADER : " + issuer); - - } - - // System.out.println("Debug :get Error detail " + line); - if (getError(line)) { - st = false; - } - - return st; - - } - - private synchronized boolean Send() { - boolean st = false; - - try { - if (debug) { - System.out.println("Step 3 : Socket initialize"); - } - - Integer x = new Integer(ports); - - port = x.intValue(); - - GregorianCalendar begin = new GregorianCalendar(); - - // SSLSocket socket = new SSLSocket(host,port); - SSLSocket socket = new SSLSocket(host, port, null, 0, this, null); - - socket.setUseClientMode(true); - - OutputStream rawos = socket.getOutputStream(); - BufferedOutputStream os = new BufferedOutputStream(rawos); - PrintStream ps = new PrintStream(os); - - ps.println("POST " + ACTION_STRING + " HTTP/1.0"); - ps.println("Connection: Keep-Alive"); - ps.println("Content-type: application/x-www-form-urlencoded"); - ps.println("Content-length: " + query.length()); - ps.println(""); - ps.println(query); - ps.println("\r"); - ps.flush(); - os.flush(); - BufferedReader stdin = new BufferedReader( - new InputStreamReader(socket.getInputStream())); - - if (debug) { - System.out.println("Step 4: Received the page"); - } - st = false; - String line; - - while ((line = stdin.readLine()) != null) { - switch (type) { - case 1: - RetrieveRequestDetail(line); - st = true; - break; - - case 2: - st = RetrieveCertDetails(line); - break; - - default: - System.out.println("invalid format"); - - } - - } - stdin.close(); - socket.close(); - os.close(); - rawos.close(); - ps.close(); - os = null; - rawos = null; - stdin = null; - ps = null; - line = null; - - GregorianCalendar end = new GregorianCalendar(); - long diff = calculateElapsedTime(begin, end); - - setElapsedTime(diff); - - } catch (Exception e) { - System.err.println("some exception: in Send routine" + e); - return false; - } - if ((certfile != null) && (type == 2)) { - st = writeCert2File(); - } - - if (debug) { - System.out.println(serialNumber); - } - - return st; - - } - - private void buildquery() { - - StringBuffer queryStrBuf = new StringBuffer(); - - if (type == 1) { - ACTION_STRING = "/checkRequest"; - queryStrBuf.append("requestId="); - queryStrBuf.append(requestId); - queryStrBuf.append("&importCert=true"); - } - - if (type == 2) { - ACTION_STRING = "/" + AUTH + "/displayBySerial"; - if (AUTH.equals("ra")) { - ACTION_STRING = "/displayCertFromRequest"; - queryStrBuf.append("requestId="); - queryStrBuf.append(requestId); - - } else { - ACTION_STRING = "/displayBySerial"; - queryStrBuf.append("op=displayBySerial"); - queryStrBuf.append("&serialNumber=0x"); - queryStrBuf.append(serialNumber); - } - } - - query = queryStrBuf.toString(); - - queryStrBuf = null; - - } - - private boolean readProperties() { - - // Read the properties file and assign values to variables . - try { - getProperties(propfileName); - } catch (Exception e) { - System.out.println( - "exception reading Properties File " + e.getMessage()); - return false; - } - - host = props.getProperty("enroll.host"); - ports = props.getProperty("enroll.port"); - cdir = props.getProperty("enroll.certdir"); - tokenpwd = props.getProperty("enroll.certtokenpwd"); - requestId = props.getProperty("enroll.seqnum"); - certfile = props.getProperty("enroll.certfile"); - importcert = props.getProperty("enroll.importCert"); - if (importcert == null) { - importcert = "false"; - } - ldapformat = props.getProperty("enroll.ldapformat"); - if (ldapformat == null) { - ldapformat = "true"; - } - System.out.println(ldapformat); - certnickname = props.getProperty("enroll.nickname"); - String de = props.getProperty("enroll.debug"); - - if (de == null) { - debug = false; - } else if (de.equals("true")) { - debug = true; - } else { - debug = false; - } - - // Enroll using a pkscks10 request - return (checkRequestStatus()); - } - - public static void main(String args[]) { - // Exit Status - (0) for error/Fail - // - requestId Pass - boolean st; - - if (args.length < 1) { - System.out.println("Usage : propertiesfile"); - System.exit(0); - } - - checkRequest t = new checkRequest(args[0]); - - st = t.readProperties(); - if (st) { - System.exit(t.getSerialNumber()); - } else { - - System.out.println("Request Status :" + t.getRequestStatus()); - System.out.println("Error: " + t.getErrorDetail()); - - System.exit(0); - } - }// end of function main - -} // end of class - diff --git a/base/silent/src/com/netscape/pkisilent/http/CertSelection.java b/base/silent/src/com/netscape/pkisilent/http/CertSelection.java deleted file mode 100644 index ff541b6c6..000000000 --- a/base/silent/src/com/netscape/pkisilent/http/CertSelection.java +++ /dev/null @@ -1,45 +0,0 @@ -package com.netscape.pkisilent.http; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.util.Vector; - -import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback; - -public class CertSelection implements SSLClientCertificateSelectionCallback { - - // make the select() call to use this client cert - public static String client_cert = null; - - public void setClientCert(String nickname) { - client_cert = nickname; - } - - public String select(@SuppressWarnings("rawtypes") Vector nicknames) { - - // when this method is called by SSLSocket we get a vector - // of nicknames to select similar to the way the browser presents - // the list. - - // We will just use the one thats set by setClientCert() - - return client_cert; - } - -}; // end class diff --git a/base/silent/src/com/netscape/pkisilent/http/HTMLDocument.java b/base/silent/src/com/netscape/pkisilent/http/HTMLDocument.java deleted file mode 100644 index ac935674c..000000000 --- a/base/silent/src/com/netscape/pkisilent/http/HTMLDocument.java +++ /dev/null @@ -1,592 +0,0 @@ -package com.netscape.pkisilent.http; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.File; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.LinkedHashSet; -import java.util.StringTokenizer; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -public class HTMLDocument { - // Indicates whether this HTML document has been parsed. - boolean parsed; - - // A list of URLs of files that should be retrieved along with the main - // contents of the document. This may include any images contained in the - // document, and possibly any external stylesheets. - LinkedHashSet<String> associatedFiles; - - // A list of URLs of frames that are contained in the document. - LinkedHashSet<String> documentFrames; - - // A list of URLs of links that are contained in the document. - LinkedHashSet<String> documentLinks; - - // A list of URLs of images that are contained in the document. - LinkedHashSet<String> documentImages; - - // A regular expression pattern that can be used to extract a URI from an HREF - // tag. - Pattern hrefPattern; - - // A regular expression pattern that can be used to extract a URI from a SRC - // tag. - Pattern srcPattern; - - // The base URL for relative links in this document. - String baseURL; - - // The URL that may be used to access this document. - String documentURL; - - // The actual contents of the page. - String htmlData; - - // The contents of the page converted to lowercase for easier matching. - String lowerData; - - // The URL for this document with only protocol, host, and port (i.e., no - // file). - String protocolHostPort; - - // A string buffer containing the contents of the page with tags removed. - StringBuffer textData; - - // A set of private variables used for internal processing. - private boolean lastElementIsAssociatedFile; - private boolean lastElementIsChunk; - private boolean lastElementIsComment; - private boolean lastElementIsFrame; - private boolean lastElementIsImage; - private boolean lastElementIsLink; - private boolean lastElementIsText; - private int lastElementEndPos; - private int lastElementStartPos; - private String lastURL; - - // constructor that helps to parse without url stuff - public HTMLDocument(String htmlData) { - this.documentURL = null; - this.htmlData = htmlData; - lowerData = htmlData.toLowerCase(); - associatedFiles = null; - documentLinks = null; - documentImages = null; - textData = null; - parsed = false; - - // Create the regex patterns that we will use for extracting URIs from tags. - hrefPattern = Pattern.compile(".*?[hH][rR][eE][fF][\\s=\\\"\\']+" + - "([^\\s\\\"\\'\\>]+).*", Pattern.DOTALL); - srcPattern = Pattern.compile(".*?[sS][rR][cC][\\s=\\\"\\']+" + - "([^\\s\\\"\\'\\>]+).*", Pattern.DOTALL); - } - - /** - * Creates a new HTML document using the provided data. - * - * @param documentURL The URL for this document. - * @param htmlData The actual data contained in the HTML document. - */ - public HTMLDocument(String documentURL, String htmlData) - throws MalformedURLException { - this.documentURL = documentURL; - this.htmlData = htmlData; - lowerData = htmlData.toLowerCase(); - associatedFiles = null; - documentLinks = null; - documentImages = null; - textData = null; - parsed = false; - - // Create the regex patterns that we will use for extracting URIs from tags. - hrefPattern = Pattern.compile(".*?[hH][rR][eE][fF][\\s=\\\"\\']+" + - "([^\\s\\\"\\'\\>]+).*", Pattern.DOTALL); - srcPattern = Pattern.compile(".*?[sS][rR][cC][\\s=\\\"\\']+" + - "([^\\s\\\"\\'\\>]+).*", Pattern.DOTALL); - - URL url = new URL(documentURL); - String urlPath = url.getPath(); - if ((urlPath == null) || (urlPath.length() == 0)) { - baseURL = documentURL; - protocolHostPort = documentURL; - } else if (urlPath.equals("/")) { - baseURL = documentURL; - protocolHostPort = documentURL.substring(0, documentURL.length() - 1); - } else if (urlPath.endsWith("/")) { - baseURL = documentURL; - - int port = url.getPort(); - if (port > 0) { - protocolHostPort = url.getProtocol() + "://" + url.getHost() + ":" + - port; - } else { - protocolHostPort = url.getProtocol() + "://" + url.getHost(); - } - } else { - int port = url.getPort(); - if (port > 0) { - protocolHostPort = url.getProtocol() + "://" + url.getHost() + ":" + - port; - } else { - protocolHostPort = url.getProtocol() + "://" + url.getHost(); - } - - File urlFile = new File(urlPath); - String parentDirectory = urlFile.getParent(); - if ((parentDirectory == null) || (parentDirectory.length() == 0)) { - parentDirectory = "/"; - } else if (!parentDirectory.startsWith("/")) { - parentDirectory = "/" + parentDirectory; - } - - baseURL = protocolHostPort + parentDirectory; - } - - if (!baseURL.endsWith("/")) { - baseURL = baseURL + "/"; - } - } - - /** - * Actually parses the HTML document and extracts useful elements from it. - * - * @return <CODE>true</CODE> if the page could be parsed successfully, or <CODE>false</CODE> if not. - */ - public boolean parse() { - if (parsed) { - return true; - } - - try { - associatedFiles = new LinkedHashSet<String>(); - documentFrames = new LinkedHashSet<String>(); - documentLinks = new LinkedHashSet<String>(); - documentImages = new LinkedHashSet<String>(); - textData = new StringBuffer(); - - lastElementStartPos = 0; - lastElementEndPos = -1; - String element; - while ((element = nextDocumentElement()) != null) { - if (element.length() == 0) { - continue; - } - - if (lastElementIsText) { - char lastChar; - if (textData.length() == 0) { - lastChar = ' '; - } else { - lastChar = textData.charAt(textData.length() - 1); - } - char firstChar = element.charAt(0); - if (!((lastChar == ' ') || (lastChar == '\t') || - (lastChar == '\r') || (lastChar == '\n')) || - (firstChar == ' ') || (firstChar == '\t') || - (firstChar == '\r') || (firstChar == '\n')) { - textData.append(" "); - } - - textData.append(element); - } else if (lastElementIsImage) { - if (lastURL != null) { - documentImages.add(lastURL); - associatedFiles.add(lastURL); - } - } else if (lastElementIsFrame) { - if (lastURL != null) { - documentFrames.add(lastURL); - associatedFiles.add(lastURL); - } - } else if (lastElementIsLink) { - if (lastURL != null) { - documentLinks.add(lastURL); - } - } else if (lastElementIsAssociatedFile) { - if (lastURL != null) { - associatedFiles.add(lastURL); - } - } else if (lastElementIsChunk || lastElementIsComment) { - // Don't need to do anything with this. - } else { - // Also don't need anything here. - } - } - - parsed = true; - } catch (Exception e) { - associatedFiles = null; - documentLinks = null; - documentImages = null; - textData = null; - parsed = false; - } - - return parsed; - } - - /** - * Retrieves the next element from the HTML document. An HTML element can - * include a string of plain text, a single HTML tag, or a larger chunk of - * HTML including a start and end tag, all of which should be considered a - * single element. - */ - private String nextDocumentElement() { - // If we're at the end of the HTML, then return null. - if (lastElementEndPos >= htmlData.length()) { - return null; - } - - // Initialize the variables we will use for the search. - lastElementStartPos = lastElementEndPos + 1; - lastElementIsAssociatedFile = false; - lastElementIsChunk = false; - lastElementIsComment = false; - lastElementIsFrame = false; - lastElementIsImage = false; - lastElementIsLink = false; - lastElementIsText = false; - lastURL = null; - - // Find the location of the next open angle bracket. If there is none, then - // the rest of the document must be plain text. - int openPos = lowerData.indexOf('<', lastElementStartPos); - if (openPos < 0) { - lastElementEndPos = htmlData.length(); - lastElementIsText = true; - return htmlData.substring(lastElementStartPos); - } - - // If the location of the next open tag is not we started looking, then read - // everything up to that tag as text. - if (openPos > lastElementStartPos) { - lastElementEndPos = openPos - 1; - lastElementIsText = true; - return htmlData.substring(lastElementStartPos, openPos); - } - - // The start position is an open tag. See if the tag is actually "<!--", - // which indicates an HTML comment. If that's the case, then find the - // closing "-->". - if (openPos == lowerData.indexOf("<!--", lastElementStartPos)) { - int closePos = lowerData.indexOf("-->", openPos + 1); - if (closePos < 0) { - // This looks like an unterminated comment. We can't do much else - // here, so just stop parsing. - return null; - } else { - lastElementEndPos = closePos + 2; - lastElementIsComment = true; - return htmlData.substring(lastElementStartPos, lastElementEndPos + 1); - } - } - - // Find the location of the next close angle bracket. If there is none, - // then we have an unmatched open tag. What to do here? I guess just treat - // the rest of the document as text. - int closePos = lowerData.indexOf('>', openPos + 1); - if (closePos < 0) { - lastElementEndPos = htmlData.length(); - lastElementIsText = true; - return htmlData.substring(lastElementStartPos); - } - - // Grab the contents of the tag in both normal and lowercase. - String tag = htmlData.substring(openPos, closePos + 1); - String strippedTag = htmlData.substring(openPos + 1, closePos).trim(); - StringTokenizer tokenizer = new StringTokenizer(strippedTag, " \t\r\n=\"'"); - lastElementEndPos = closePos; - - if (!tokenizer.hasMoreTokens()) { - return tag; - } - - String token = tokenizer.nextToken(); - String lowerToken = token.toLowerCase(); - - if (lowerToken.equals("a") || lowerToken.equals("area")) { - while (tokenizer.hasMoreTokens()) { - token = tokenizer.nextToken(); - if (token.equalsIgnoreCase("href")) { - Matcher matcher = hrefPattern.matcher(tag); - lastURL = uriToURL(matcher.replaceAll("$1")); - if (lastURL != null) { - lastElementIsLink = true; - } - break; - } - } - } else if (lowerToken.equals("base")) { - while (tokenizer.hasMoreTokens()) { - token = tokenizer.nextToken(); - if (token.equalsIgnoreCase("href")) { - try { - Matcher matcher = hrefPattern.matcher(tag); - String uri = matcher.replaceAll("$1"); - if (!uri.endsWith("/")) { - uri = uri + "/"; - } - - baseURL = uri; - } catch (Exception e) { - } - break; - } - } - } else if (lowerToken.equals("frame") || lowerToken.equals("iframe") || - lowerToken.equals("input")) { - while (tokenizer.hasMoreTokens()) { - token = tokenizer.nextToken(); - if (token.equalsIgnoreCase("src")) { - try { - Matcher matcher = srcPattern.matcher(tag); - String uri = matcher.replaceAll("$1"); - lastURL = uriToURL(uri); - if (lastURL != null) { - lastElementIsFrame = true; - lastElementIsAssociatedFile = true; - } - } catch (Exception e) { - } - break; - } - } - } else if (lowerToken.equals("img")) { - while (tokenizer.hasMoreTokens()) { - token = tokenizer.nextToken(); - if (token.equalsIgnoreCase("src")) { - try { - Matcher matcher = srcPattern.matcher(tag); - String uri = matcher.replaceAll("$1"); - lastURL = uriToURL(uri); - if (lastURL != null) { - lastElementIsImage = true; - } - } catch (Exception e) { - } - break; - } - } - } else if (lowerToken.equals("link")) { - boolean isStyleSheet = false; - - while (tokenizer.hasMoreTokens()) { - token = tokenizer.nextToken(); - if (token.equalsIgnoreCase("href")) { - try { - Matcher matcher = hrefPattern.matcher(tag); - String uri = matcher.replaceAll("$1"); - lastURL = uriToURL(uri); - if (lastURL != null) { - lastElementIsLink = true; - } - } catch (Exception e) { - } - break; - } else if (token.equalsIgnoreCase("rel")) { - if (tokenizer.hasMoreTokens()) { - String relType = tokenizer.nextToken(); - if (relType.equalsIgnoreCase("stylesheet")) { - isStyleSheet = true; - } - } - } - } - - if (lastURL != null) { - if (isStyleSheet) { - lastElementIsAssociatedFile = true; - } else { - lastElementIsLink = true; - } - } - } else if (lowerToken.equals("script")) { - while (tokenizer.hasMoreTokens()) { - token = tokenizer.nextToken(); - if (token.equalsIgnoreCase("src")) { - try { - Matcher matcher = srcPattern.matcher(tag); - String uri = matcher.replaceAll("$1"); - lastURL = uriToURL(uri); - } catch (Exception e) { - } - break; - } - } - - if (lastURL == null) { - int endScriptPos = lowerData.indexOf("</script>", lastElementEndPos + 1); - if (endScriptPos > 0) { - lastElementEndPos = endScriptPos + 8; - tag = htmlData.substring(lastElementStartPos, lastElementEndPos + 1); - lastElementIsChunk = true; - } - } else { - lastElementIsAssociatedFile = true; - } - } - - return tag; - } - - /** - * Converts the provided URI to a URL. The provided URI may be a URL already, - * or it may also be an absolute path on the server or a path relative to the - * base URL. - * - * @param uri The URI to convert to a URL. - * - * @return The URL based on the provided URI. - */ - private String uriToURL(String uri) { - String url = null; - - if (uri.indexOf("://") > 0) { - if (uri.startsWith("http")) { - url = uri; - } - } else if (uri.startsWith("/")) { - url = protocolHostPort + uri; - } else { - url = baseURL + uri; - } - - return url; - } - - /** - * Retrieves the URL of this HTML document. - * - * @return The URL of this HTML document. - */ - public String getDocumentURL() { - return documentURL; - } - - /** - * Retrieves the original HTML data used to create this document. - * - * @return The orginal HTML data used to create this document. - */ - public String getHTMLData() { - return htmlData; - } - - /** - * Retrieves the contents of the HTML document with all tags removed. - * - * @return The contents of the HTML document with all tags removed, or <CODE>null</CODE> if a problem occurs while - * trying to parse the - * HTML. - */ - public String getTextData() { - if (!parsed) { - if (!parse()) { - return null; - } - } - - return textData.toString(); - } - - /** - * Retrieves an array containing a set of URLs parsed from the HTML document - * that reference files that would normally be downloaded as part of - * retrieving a page in a browser. This includes images and external style - * sheets. - * - * @return An array containing a set of URLs to files associated with the - * HTML document, or <CODE>null</CODE> if a problem occurs while - * trying to parse the HTML. - */ - public String[] getAssociatedFiles() { - if (!parsed) { - if (!parse()) { - return null; - } - } - - String[] urlArray = new String[associatedFiles.size()]; - associatedFiles.toArray(urlArray); - return urlArray; - } - - /** - * Retrieves an array containing a set of URLs parsed from the HTML document - * that are in the form of links to other content. - * - * @return An array containing a set of URLs parsed from the HTML document - * that are in the form of links to other content, or <CODE>null</CODE> if a problem occurs while trying to - * parse the - * HTML. - */ - public String[] getDocumentLinks() { - if (!parsed) { - if (!parse()) { - return null; - } - } - - String[] urlArray = new String[documentLinks.size()]; - documentLinks.toArray(urlArray); - return urlArray; - } - - /** - * Retrieves an array containing a set of URLs parsed from the HTML document - * that reference images used in the document. - * - * @return An array containing a set of URLs parsed from the HTML document - * that reference images used in the document. - */ - public String[] getDocumentImages() { - if (!parsed) { - if (!parse()) { - return null; - } - } - - String[] urlArray = new String[documentImages.size()]; - documentImages.toArray(urlArray); - return urlArray; - } - - /** - * Retrieves an array containing a set of URLs parsed from the HTML document - * that reference frames used in the document. - * - * @return An array containing a set of URLs parsed from the HTML document - * that reference frames used in the document. - */ - public String[] getDocumentFrames() { - if (!parsed) { - if (!parse()) { - return null; - } - } - - String[] urlArray = new String[documentFrames.size()]; - documentFrames.toArray(urlArray); - return urlArray; - } -} diff --git a/base/silent/src/com/netscape/pkisilent/http/HTTPClient.java b/base/silent/src/com/netscape/pkisilent/http/HTTPClient.java deleted file mode 100644 index 4ab7c606d..000000000 --- a/base/silent/src/com/netscape/pkisilent/http/HTTPClient.java +++ /dev/null @@ -1,1271 +0,0 @@ -package com.netscape.pkisilent.http; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.io.BufferedOutputStream; -import java.io.DataOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.PrintStream; -import java.net.InetAddress; -import java.net.Socket; -import java.net.URLDecoder; -import java.nio.ByteBuffer; -import java.util.ArrayList; -import java.util.StringTokenizer; - -import org.mozilla.jss.crypto.X509Certificate; -import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; -import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback; -import org.mozilla.jss.ssl.SSLSocket; -import org.mozilla.jss.ssl.TestCertApprovalCallback; -import org.mozilla.jss.ssl.TestClientCertificateSelectionCallback; - -import com.netscape.cmsutil.util.Utils; -import com.netscape.pkisilent.argparser.ArgParser; -import com.netscape.pkisilent.argparser.StringHolder; -import com.netscape.pkisilent.common.ComCrypto; - -public class HTTPClient implements SSLCertificateApprovalCallback { - - public static final int BUFFER_SIZE = 4096; - public boolean debugMode = true; - - public static String basic_auth_header_value = null; - - public static String cs_hostname = null; - public static String cs_port = null; - public static String ssl = null; - public static String client_certdb_dir = null; - public static String client_certdb_pwd = null; - public static String client_cert_nickname = null; - public static String uri = null; - public static String query = null; - public static String request_type = null; - public static String user_id = null; - public static String user_password = null; - public static String auth_type = null; - public static String debug = null; - - public static boolean parse_xml = false; - - public static X509Certificate server_cert = null; - - // cookie variable for CS install UI - public static String j_session_id = null; - public static boolean ecc_support = false; - - public HTTPClient() { - // constructor - // turn off ecc by default - ecc_support = true; - } - - public HTTPClient(boolean ecc) { - ecc_support = ecc; - } - - public boolean setCipherPref(SSLSocket socket) { - - if (ecc_support) { - int ecc_Ciphers[] = { - SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA, SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA, - SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, - SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA, - SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA, SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA, - SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA, SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA, - SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - 0 }; - - try { - for (int i = 0; i < ecc_Ciphers.length; i++) { - if (ecc_Ciphers[i] > 0) - socket.setCipherPreference( - ecc_Ciphers[i], true); - } - } catch (Exception e) { - System.out.println("ERROR: unable to set ECC Cipher List"); - System.out.println("ERROR: Exception = " + e.getMessage()); - } - - } - return true; - } - - public boolean disableSSL2(SSLSocket socket) { - try { - SSLSocket.enableSSL3Default(true); - socket.enableSSL3(true); - socket.enableSSL2(false); - SSLSocket.enableSSL2Default(false); - socket.enableV2CompatibleHello(false); - } catch (Exception e) { - System.out.println("ERROR: Exception = " + e.getMessage()); - } - return true; - } - - public X509Certificate getServerCert() { - return server_cert; - } - - public void set_parse_xml(boolean b) { - parse_xml = b; - } - - public boolean approve(X509Certificate cert, - SSLCertificateApprovalCallback.ValidityStatus status) { - - // when this method is called by SSLSocket we get the server cert - // we can capture this for future use. - server_cert = cert; - return true; - } - - public boolean testsslConnect(String hostname, String portnumber) { - boolean st = true; - - try { - - System.out.println("#############################################"); - System.out.println("Attempting to connect to: " + hostname + ":" + - portnumber); - - Integer x = new Integer(portnumber); - int port = x.intValue(); - - SSLClientCertificateSelectionCallback certSelectionCallback = - new TestClientCertificateSelectionCallback(); - - Socket js = new Socket(InetAddress.getByName(hostname), port); - SSLSocket socket = new SSLSocket(js, hostname, this, - certSelectionCallback); - setCipherPref(socket); - disableSSL2(socket); - socket.forceHandshake(); - System.out.println("Connected."); - socket.setUseClientMode(true); - - // test connection to obtain server cert. close it. - socket.close(); - - } - - catch (Exception e) { - System.err.println("Exception: Unable to Send Request:" + e); - e.printStackTrace(); - st = false; - } - - if (!st) - return false; - else - return true; - } - - // performs ssl connect to given host/port requiring client auth - // posts the given query data - // returns HTTPResponse - public HTTPResponse sslConnectClientAuth(String hostname, String portnumber, - String client_cert, String url, String query) throws Exception { - - HTTPResponse hr = null; - PrintStream ps = null; - SSLSocket socket = null; - Socket js = null; - OutputStream rawos = null; - BufferedOutputStream os = null; - try { - - System.out.println("#############################################"); - System.out.println("Attempting to connect to: " + hostname + ":" + - portnumber); - - Integer x = new Integer(portnumber); - int port = x.intValue(); - - SSLCertificateApprovalCallback approvalCallback = - new TestCertApprovalCallback(); - CertSelection certSelectionCallback = - new CertSelection(); - - // Client Cert for Auth is set here - certSelectionCallback.setClientCert(client_cert); - - js = new Socket(InetAddress.getByName(hostname), port); - socket = new SSLSocket(js, hostname, approvalCallback, - certSelectionCallback); - disableSSL2(socket); - setCipherPref(socket); - socket.forceHandshake(); - System.out.println("Connected."); - socket.setUseClientMode(true); - - System.out.println("Posting Query = " + - "https://" + hostname + - ":" + portnumber + - "/" + url + - "?" + query); - - rawos = socket.getOutputStream(); - os = new BufferedOutputStream(rawos); - ps = new PrintStream(os); - - ps.println("POST " + url + " HTTP/1.0"); - ps.println("Connection: Keep-Alive"); - ps.println("Content-type: application/x-www-form-urlencoded"); - ps.println("Content-length: " + query.length()); - ps.println(""); - ps.print(query); - ps.flush(); - os.flush(); - hr = readResponse(socket.getInputStream()); - hr.parseContent(); - } - - catch (Exception e) { - System.err.println("Exception: Unable to Send Request:" + e); - throw e; - } finally { - if (ps != null) { - ps.close(); - ps = null; - } - if (socket != null) { - try { - socket.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (os != null) - try { - os.close(); - } catch (Exception e) { - e.printStackTrace(); - } - if (rawos != null) - try { - rawos.close(); - } catch (Exception e) { - e.printStackTrace(); - } - if (js != null) - try { - js.close(); - } catch (Exception e) { - e.printStackTrace(); - } - } - - return hr; - } - - // performs ssl connect to given host/port - // posts the given query data - // returns HTTPResponse - public HTTPResponse sslConnect(String hostname, String portnumber, - String url, String query) throws Exception { - - Socket js = null; - SSLSocket socket = null; - OutputStream rawos = null; - BufferedOutputStream os = null; - PrintStream ps = null; - - try { - - System.out.println("#############################################"); - System.out.println("Attempting to connect to: " + hostname + ":" + - portnumber); - - Integer x = new Integer(portnumber); - int port = x.intValue(); - - SSLCertificateApprovalCallback approvalCallback = - new TestCertApprovalCallback(); - SSLClientCertificateSelectionCallback certSelectionCallback = - new TestClientCertificateSelectionCallback(); - - js = new Socket(InetAddress.getByName(hostname), port); - socket = new SSLSocket(js, hostname, approvalCallback, - certSelectionCallback); - setCipherPref(socket); - disableSSL2(socket); - socket.forceHandshake(); - System.out.println("Connected."); - socket.setUseClientMode(true); - - System.out.println("Posting Query = " + - "https://" + hostname + - ":" + portnumber + - "/" + url + - "?" + query); - - rawos = socket.getOutputStream(); - os = new BufferedOutputStream(rawos); - ps = new PrintStream(os); - - ps.println("POST " + url + " HTTP/1.0"); - - // check to see if we have a cookie to send - if (j_session_id != null) - ps.println("Cookie: " + j_session_id); - - ps.println("Content-type: application/x-www-form-urlencoded"); - ps.println("Content-length: " + query.length()); - ps.println("Connection: Keep-Alive"); - - // special header posting if available - if (basic_auth_header_value != null) { - System.out.println("basic_auth = " + basic_auth_header_value); - ps.println("Authorization: Basic " + basic_auth_header_value); - } - - ps.println(""); - ps.println(query); - ps.println("\r"); - ps.flush(); - os.flush(); - - HTTPResponse hr = readResponse(socket.getInputStream()); - hr.parseContent(); - - return hr; - - } catch (Exception e) { - System.err.println("Exception: Unable to Send Request:" + e); - throw e; - - } finally { - if (ps != null) - ps.close(); - if (os != null) - try { - os.close(); - } catch (Exception e) { - e.printStackTrace(); - } - if (rawos != null) - try { - rawos.close(); - } catch (Exception e) { - e.printStackTrace(); - } - if (socket != null) - try { - socket.close(); - } catch (Exception e) { - e.printStackTrace(); - } - if (js != null) - try { - js.close(); - } catch (Exception e) { - e.printStackTrace(); - } - } - } - - // performs non ssl connect to given host/port - // posts the given query data - // returns HTTPResponse - public HTTPResponse nonsslConnect(String hostname, String portnumber, - String url, String query) throws Exception { - - Socket socket = null; - OutputStream rawos = null; - BufferedOutputStream os = null; - PrintStream ps = null; - try { - - System.out.println("#############################################"); - System.out.println("Attempting to connect to: " + hostname + ":" + - portnumber); - - Integer x = new Integer(portnumber); - int port = x.intValue(); - - socket = new Socket(hostname, port); - - System.out.println("Posting Query = " + - "http://" + hostname + - ":" + portnumber + - "/" + url + - "?" + query); - - rawos = socket.getOutputStream(); - os = new BufferedOutputStream(rawos); - ps = new PrintStream(os); - - System.out.println("Connected."); - - ps.println("POST " + url + " HTTP/1.0"); - - // check to see if we have a cookie to send - if (j_session_id != null) - ps.println("Cookie: " + j_session_id); - - ps.println("Content-type: application/x-www-form-urlencoded"); - ps.println("Content-length: " + query.length()); - ps.println("Connection: Keep-Alive"); - - // special header posting if available - if (basic_auth_header_value != null) { - System.out.println("basic_auth = " + basic_auth_header_value); - ps.println("Authorization: Basic " + basic_auth_header_value); - } - - ps.println(""); - ps.println(query); - ps.println("\r"); - ps.flush(); - os.flush(); - - HTTPResponse hr = readResponse(socket.getInputStream()); - hr.parseContent(); - - return hr; - - } catch (Exception e) { - System.err.println("Exception: Unable to Send Request:" + e); - throw e; - - } finally { - if (ps != null) - ps.close(); - if (os != null) - try { - os.close(); - } catch (Exception e) { - e.printStackTrace(); - } - if (rawos != null) - try { - rawos.close(); - } catch (Exception e) { - e.printStackTrace(); - } - if (socket != null) - try { - socket.close(); - } catch (Exception e) { - e.printStackTrace(); - } - } - } - - public HTTPResponse readResponse(InputStream inputStream) - throws Exception { - // read response from http input stream and return HTTPResponse - byte[] buffer = new byte[BUFFER_SIZE]; - HTTPResponse response = null; - int statusCode = 0; - - // Read an initial chunk of the response from the server. - int bytesRead = inputStream.read(buffer); - if (bytesRead < 0) { - throw new IOException("Unexpected end of input stream from server"); - } - - // Hopefully, this initial chunk will contain the entire header, so look for - // it. Technically, HTTP is supposed to use CRLF as the end-of-line - // character, so look for that first, but also check for LF by itself just - // in case. - int headerEndPos = -1; - int dataStartPos = -1; - for (int i = 0; i < (bytesRead - 3); i++) { - if ((buffer[i] == '\r') && (buffer[i + 1] == '\n') && - (buffer[i + 2] == '\r') && (buffer[i + 3] == '\n')) { - headerEndPos = i; - dataStartPos = i + 4; - break; - } - } - - if (headerEndPos < 0) { - for (int i = 0; i < (bytesRead - 1); i++) { - if ((buffer[i] == '\n') && (buffer[i + 1] == '\n')) { - headerEndPos = i; - dataStartPos = i + 2; - break; - } - } - } - - // In the event that we didn't get the entire header in the first pass, keep - // reading until we do have enough. - if (headerEndPos < 0) { - byte[] buffer2 = new byte[BUFFER_SIZE]; - while (headerEndPos < 0) { - int startPos = bytesRead; - int moreBytesRead = inputStream.read(buffer2); - if (moreBytesRead < 0) { - throw new IOException("Unexpected end of input stream from server " + - "when reading more data from response"); - } - - byte[] newBuffer = new byte[bytesRead + moreBytesRead]; - System.arraycopy(buffer, 0, newBuffer, 0, bytesRead); - System.arraycopy(buffer2, 0, newBuffer, bytesRead, moreBytesRead); - buffer = newBuffer; - bytesRead += moreBytesRead; - - for (int i = startPos; i < (bytesRead - 3); i++) { - if ((buffer[i] == '\r') && (buffer[i + 1] == '\n') && - (buffer[i + 2] == '\r') && (buffer[i + 3] == '\n')) { - headerEndPos = i; - dataStartPos = i + 4; - break; - } - } - - if (headerEndPos < 0) { - for (int i = startPos; i < (bytesRead - 1); i++) { - if ((buffer[i] == '\n') && (buffer[i + 1] == '\n')) { - headerEndPos = i; - dataStartPos = i + 2; - break; - } - } - } - } - } - - // At this point, we should have the entire header, so read and analyze it. - String headerStr = new String(buffer, 0, headerEndPos); - StringTokenizer tokenizer = new StringTokenizer(headerStr, "\r\n"); - if (tokenizer.hasMoreTokens()) { - String statusLine = tokenizer.nextToken(); - if (debugMode) { - System.out.println("RESPONSE STATUS: " + statusLine); - } - - int spacePos = statusLine.indexOf(' '); - if (spacePos < 0) { - System.out.println("ERROR: Unable to parse response header -- could " + - "not find protocol/version delimiter"); - return null; - - } - - String protocolVersion = statusLine.substring(0, spacePos); - int spacePos2 = statusLine.indexOf(' ', spacePos + 1); - if (spacePos2 < 0) { - System.out.println("ERROR: Unable to parse response header -- could " + - "not find response code delimiter"); - return null; - } - - try { - statusCode = Integer.parseInt(statusLine.substring(spacePos + 1, - spacePos2)); - } catch (NumberFormatException nfe) { - System.out.println("Unable to parse response header -- could " + - "not interpret status code as an integer"); - return null; - } - - String responseMessage = statusLine.substring(spacePos2 + 1); - response = new HTTPResponse(statusCode, protocolVersion, - responseMessage); - - while (tokenizer.hasMoreTokens()) { - String headerLine = tokenizer.nextToken(); - if (debugMode) { - System.out.println("RESPONSE HEADER: " + headerLine); - } - - int colonPos = headerLine.indexOf(':'); - if (colonPos < 0) { - if (headerLine.toLowerCase().startsWith("http/")) { - // This is a direct violation of RFC 2616, but certain HTTP servers - // seem to immediately follow a 100 continue with a 200 ok without - // the required CRLF in between. - System.out.println("ERROR: Found illegal status line '" + headerLine + - "'in the middle of a response -- attempting " + - "to deal with it as the start of a new " + - "response."); - statusLine = headerLine; - spacePos = statusLine.indexOf(' '); - if (spacePos < 0) { - System.out.println("ERROR: Unable to parse response header -- " + - "could not find protocol/version " + - "delimiter"); - return null; - } - - protocolVersion = statusLine.substring(0, spacePos); - spacePos2 = statusLine.indexOf(' ', spacePos + 1); - if (spacePos2 < 0) { - System.out.println("ERROR: Unable to parse response header -- " + - "could not find response code delimiter"); - return null; - } - - try { - statusCode = Integer.parseInt(statusLine.substring(spacePos + 1, - spacePos2)); - } catch (NumberFormatException nfe) { - System.out.println("ERROR: Unable to parse response header -- " + - "could not interpret status code as an " + - "integer"); - return null; - } - - responseMessage = statusLine.substring(spacePos2 + 1); - response = new HTTPResponse(statusCode, protocolVersion, - responseMessage); - continue; - } else { - System.out.println("ERROR: Unable to parse response header -- no " + - "colon found on header line \"" + - headerLine + "\""); - } - } - - String headerName = headerLine.substring(0, colonPos); - String headerValue = headerLine.substring(colonPos + 1).trim(); - response.addHeader(headerName, headerValue); - } - } else { - // This should never happen -- an empty response - System.out.println("Unable to parse response header -- empty " + - "header"); - throw new Exception("Unable to create response. Empty header."); - } - - // If the status code was 100 (continue), then it was an intermediate header - // and we need to keep reading until we get the real response header. - while (response.getStatusCode() == 100) { - if (dataStartPos < bytesRead) { - byte[] newBuffer = new byte[bytesRead - dataStartPos]; - System.arraycopy(buffer, dataStartPos, newBuffer, 0, newBuffer.length); - buffer = newBuffer; - bytesRead = buffer.length; - - headerEndPos = -1; - for (int i = 0; i < (bytesRead - 3); i++) { - if ((buffer[i] == '\r') && (buffer[i + 1] == '\n') && - (buffer[i + 2] == '\r') && (buffer[i + 3] == '\n')) { - headerEndPos = i; - dataStartPos = i + 4; - break; - } - } - - if (headerEndPos < 0) { - for (int i = 0; i < (bytesRead - 1); i++) { - if ((buffer[i] == '\n') && (buffer[i + 1] == '\n')) { - headerEndPos = i; - dataStartPos = i + 2; - break; - } - } - } - } else { - buffer = new byte[0]; - bytesRead = 0; - headerEndPos = -1; - } - - byte[] buffer2 = new byte[BUFFER_SIZE]; - while (headerEndPos < 0) { - int startPos = bytesRead; - int moreBytesRead = inputStream.read(buffer2); - - if (moreBytesRead < 0) { - throw new IOException("Unexpected end of input stream from server " + - "when reading more data from response"); - } - - byte[] newBuffer = new byte[bytesRead + moreBytesRead]; - System.arraycopy(buffer, 0, newBuffer, 0, bytesRead); - System.arraycopy(buffer2, 0, newBuffer, bytesRead, moreBytesRead); - buffer = newBuffer; - bytesRead += moreBytesRead; - - for (int i = startPos; i < (bytesRead - 3); i++) { - if ((buffer[i] == '\r') && (buffer[i + 1] == '\n') && - (buffer[i + 2] == '\r') && (buffer[i + 3] == '\n')) { - headerEndPos = i; - dataStartPos = i + 4; - break; - } - } - - if (headerEndPos < 0) { - for (int i = startPos; i < (bytesRead - 1); i++) { - if ((buffer[i] == '\n') && (buffer[i + 1] == '\n')) { - headerEndPos = i; - dataStartPos = i + 2; - break; - } - } - } - } - - // We should now have the next header, so examine it. - headerStr = new String(buffer, 0, headerEndPos); - tokenizer = new StringTokenizer(headerStr, "\r\n"); - if (tokenizer.hasMoreTokens()) { - String statusLine = tokenizer.nextToken(); - if (debugMode) { - System.out.println("RESPONSE STATUS: " + statusLine); - } - - int spacePos = statusLine.indexOf(' '); - if (spacePos < 0) { - System.out.println("Unable to parse response header -- could " + - "not find protocol/version delimiter"); - } - - String protocolVersion = statusLine.substring(0, spacePos); - int spacePos2 = statusLine.indexOf(' ', spacePos + 1); - if (spacePos2 < 0) { - System.out.println("Unable to parse response header -- could " + - "not find response code delimiter"); - } - - try { - statusCode = Integer.parseInt(statusLine.substring(spacePos + 1, - spacePos2)); - } catch (NumberFormatException nfe) { - System.out.println("Unable to parse response header -- could " + - "not interpret status code as an integer"); - } - - String responseMessage = statusLine.substring(spacePos2 + 1); - response = new HTTPResponse(statusCode, protocolVersion, - responseMessage); - - while (tokenizer.hasMoreTokens()) { - String headerLine = tokenizer.nextToken(); - if (debugMode) { - System.out.println("RESPONSE HEADER: " + headerLine); - } - - int colonPos = headerLine.indexOf(':'); - if (colonPos < 0) { - System.out.println("Unable to parse response header -- no " + - "colon found on header line \"" + - headerLine + "\""); - } - - String headerName = headerLine.substring(0, colonPos); - String headerValue = headerLine.substring(colonPos + 1).trim(); - response.addHeader(headerName, headerValue); - } - } else { - // This should never happen -- an empty response - System.out.println("Unable to parse response header -- empty " + - "header"); - } - } - - // Now that we have parsed the header, use it to determine how much data - // there is. If we're lucky, the server will have told us using the - // "Content-Length" header. - int contentLength = response.getContentLength(); - - if (contentLength >= 0) { - readContentDataUsingLength(response, inputStream, contentLength, buffer, - dataStartPos, bytesRead); - } else { - // It's not chunked encoding, so our last hope is that the connection - // will be closed when all the data has been sent. - String connectionStr = response.getHeader("connection"); - if ((connectionStr != null) && - (!connectionStr.equalsIgnoreCase("close"))) { - System.out.println("ERROR:Unable to determine how to find when the " + - "end of the data has been reached (no " + - "content length, not chunked encoding, " + - "connection string is \"" + connectionStr + - "\" rather than \"close\")"); - } else { - readContentDataUsingConnectionClose(response, inputStream, buffer, - dataStartPos, bytesRead); - } - } - // Finally, return the response to the caller. - return response; - } - - /** - * Reads the actual data of the response based on the content length provided - * by the server in the response header. - * - * @param response The response with which the data is associated. - * @param inputStream The input stream from which to read the response. - * @param contentLength The number of bytes that the server said are in the - * response. - * @param dataRead The data that we have already read. This includes - * the header data, but may also include some or all of - * the content data as well. - * @param dataStartPos The position in the provided array at which the - * content data starts. - * @param dataBytesRead The total number of valid bytes in the provided - * array that should be considered part of the - * response (the number of header bytes is included in - * this count). - * - * @throws IOException If a problem occurs while reading data from the - * server. - */ - private void readContentDataUsingLength(HTTPResponse response, - InputStream inputStream, - int contentLength, byte[] dataRead, - int dataStartPos, int dataBytesRead) - throws IOException { - if (contentLength <= 0) { - response.setResponseData(new byte[0]); - return; - } - - byte[] contentBytes = new byte[contentLength]; - int startPos = 0; - if (dataBytesRead > dataStartPos) { - // We've already got some data to include in the header, so copy that into - // the content array. Make sure the server didn't do something stupid - // like return more data than it told us was in the response. - int bytesToCopy = Math.min(contentBytes.length, - (dataBytesRead - dataStartPos)); - System.arraycopy(dataRead, dataStartPos, contentBytes, 0, bytesToCopy); - startPos = bytesToCopy; - } - - byte[] buffer = new byte[BUFFER_SIZE]; - while (startPos < contentBytes.length) { - int bytesRead = inputStream.read(buffer); - if (bytesRead < 0) { - throw new IOException("Unexpected end of input stream reached when " + - "reading data from the server"); - } - - System.arraycopy(buffer, 0, contentBytes, startPos, bytesRead); - startPos += bytesRead; - } - - response.setResponseData(contentBytes); - } - - /** - * Reads the actual data of the response using chunked encoding, which is a - * way for the server to provide the data in several chunks rather than all at - * once. - * - * @param response The response with which the data is associated. - * @param inputStream The input stream from which to read the response. - * @param dataRead The data that we have already read. This includes - * the header data, but may also include some or all of - * the content data as well. - * @param dataStartPos The position in the provided array at which the - * content data starts. - * @param dataBytesRead The total number of valid bytes in the provided - * array that should be considered part of the - * response (the number of header bytes is included in - * this count). - * - * @throws IOException If a problem occurs while reading data from the - * server. - */ - private void readContentDataUsingConnectionClose(HTTPResponse response, - InputStream inputStream, - byte[] dataRead, - int dataStartPos, - int dataBytesRead) - throws IOException { - // Create an array list that we will use to hold the chunks of information - // read from the server. - ArrayList<ByteBuffer> bufferList = new ArrayList<ByteBuffer>(); - - // Create a variable to hold the total number of bytes in the data. - int totalBytes = 0; - - // See if we have unread data in the array already provided. - int existingBytes = dataBytesRead - dataStartPos; - if (existingBytes > 0) { - ByteBuffer byteBuffer = ByteBuffer.allocate(existingBytes); - byteBuffer.put(dataRead, dataStartPos, existingBytes); - bufferList.add(byteBuffer); - totalBytes += existingBytes; - } - - // Keep reading until we hit the end of the input stream. - byte[] buffer = new byte[BUFFER_SIZE]; - while (true) { - try { - int bytesRead = inputStream.read(buffer); - if (bytesRead < 0) { - // We've hit the end of the stream and therefore the end of the - // document. - break; - } else if (bytesRead > 0) { - ByteBuffer byteBuffer = ByteBuffer.allocate(bytesRead); - byteBuffer.put(buffer, 0, bytesRead); - bufferList.add(byteBuffer); - totalBytes += bytesRead; - } - } catch (IOException ioe) { - // In this case we'll assume that the end of the stream has been - // reached. It's possible that there was some other error, but we can't - // do anything about it so try to process what we've got so far. - System.out.println("ERROR: unable to read until end of stream"); - System.out.println("ERROR: " + ioe.getMessage()); - break; - } - } - - // Assemble the contents of all the buffers into a big array and store that - // array in the response. - int startPos = 0; - byte[] contentData = new byte[totalBytes]; - for (int i = 0; i < bufferList.size(); i++) { - ByteBuffer byteBuffer = bufferList.get(i); - byteBuffer.flip(); - byteBuffer.get(contentData, startPos, byteBuffer.limit()); - startPos += byteBuffer.limit(); - } - response.setResponseData(contentData); - } - - // performs ssl connect to given host/port - // posts the given query data - format - a byte array - // returns HTTPResponse - - public HTTPResponse sslConnect(String hostname, String portnumber, - String url, byte[] data) { - - boolean st = true; - HTTPResponse hr = null; - DataOutputStream dos = null; - SSLSocket socket = null; - Socket js = null; - try { - - System.out.println("#############################################"); - System.out.println("Attempting to connect to: " + hostname + ":" + - portnumber); - - Integer x = new Integer(portnumber); - int port = x.intValue(); - - SSLCertificateApprovalCallback approvalCallback = - new TestCertApprovalCallback(); - SSLClientCertificateSelectionCallback certSelectionCallback = - new TestClientCertificateSelectionCallback(); - - js = new Socket(InetAddress.getByName(hostname), port); - socket = new SSLSocket(js, hostname, approvalCallback, - certSelectionCallback); - setCipherPref(socket); - disableSSL2(socket); - socket.forceHandshake(); - System.out.println("Connected."); - socket.setUseClientMode(true); - - dos = new DataOutputStream(socket.getOutputStream()); - dos.writeBytes("POST /ocsp HTTP/1.0\r\n"); - dos.writeBytes("Content-length: " + data.length + "\r\n"); - dos.writeBytes("\r\n"); - dos.write(data); - dos.writeBytes("\r\n"); - dos.flush(); - hr = readResponse(socket.getInputStream()); - hr.parseContent(); - - } - - catch (Exception e) { - System.err.println("Exception: Unable to Send Request:" + e); - e.printStackTrace(); - st = false; - } finally { - if (dos != null) { - try { - dos.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (socket != null) { - try { - socket.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (js != null) { - try { - js.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - - if (!st) - return null; - else - return hr; - } - - // performs non ssl connect to given host/port - // posts the given query data - // returns HTTPResponse - public HTTPResponse nonsslConnect(String hostname, String portnumber, - String url, byte[] data) { - - boolean st = true; - HTTPResponse hr = null; - DataOutputStream dos = null; - Socket socket = null; - try { - - System.out.println("#############################################"); - System.out.println("Attempting to connect to: " + hostname + ":" + - portnumber); - - Integer x = new Integer(portnumber); - int port = x.intValue(); - - socket = new Socket(hostname, port); - - System.out.println("Posting Query = " + - "http://" + hostname + - ":" + portnumber + - "/" + url); - - System.out.println("Connected."); - - dos = new DataOutputStream(socket.getOutputStream()); - dos.writeBytes("POST " + url + " HTTP/1.0\r\n"); - dos.writeBytes("Content-length: " + data.length + "\r\n"); - dos.writeBytes("\r\n"); - dos.write(data); - dos.writeBytes("\r\n"); - dos.flush(); - - hr = readResponse(socket.getInputStream()); - hr.parseContent(); - - } - - catch (Exception e) { - System.err.println("Exception: Unable to Send Request:" + e); - e.printStackTrace(); - st = false; - } finally { - if (dos != null) { - try { - dos.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - if (socket != null) { - try { - socket.close(); - } catch (IOException e) { - e.printStackTrace(); - } - } - } - - if (!st) - return null; - else - return hr; - } - - public static boolean init_nss() { - try { - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(false); - cCrypt.loginDB(); - } catch (Exception e) { - System.out.println("ERROR: unable to login to : " + - client_certdb_dir); - return false; - } - - return true; - } - - public static void main(String args[]) throws Exception { - HTTPClient hc = new HTTPClient(); - HTTPResponse hr = null; - - // parse args - StringHolder x_hostname = new StringHolder(); - StringHolder x_port = new StringHolder(); - StringHolder x_ssl = new StringHolder(); - StringHolder x_client_certdb_dir = new StringHolder(); - StringHolder x_client_certdb_pwd = new StringHolder(); - StringHolder x_client_cert_nickname = new StringHolder(); - StringHolder x_uri = new StringHolder(); - StringHolder x_query = new StringHolder(); - StringHolder x_request_type = new StringHolder(); - StringHolder x_auth_type = new StringHolder(); - StringHolder x_user_id = new StringHolder(); - StringHolder x_user_password = new StringHolder(); - StringHolder x_debug = new StringHolder(); - StringHolder x_decode = new StringHolder(); - - // parse the args - ArgParser parser = new ArgParser("HTTPClient"); - - parser.addOption("-hostname %s #Hostname", - x_hostname); - parser.addOption("-port %s #port number", - x_port); - parser.addOption("-ssl %s #HTTP or HTTPS[true or false]", - x_ssl); - parser.addOption("-client_certdb_dir %s #CertDB dir", - x_client_certdb_dir); - parser.addOption("-client_certdb_pwd %s #CertDB password", - x_client_certdb_pwd); - parser.addOption("-client_cert_nickname %s #client cert nickname", - x_client_cert_nickname); - parser.addOption("-uri %s #URI", - x_uri); - parser.addOption("-query %s #URL encoded query string[note: url encode value part only for CS operations]", - x_query); - parser.addOption("-request_type %s #Request Type [ post ]", - x_request_type); - parser.addOption("-user_id %s #user id for authorization", - x_user_id); - parser.addOption("-user_password %s #password for authorization", - x_user_password); - parser.addOption("-auth_type %s #type of authorization [ BASIC ]", - x_auth_type); - parser.addOption("-debug %s #enables display of debugging info", - x_debug); - parser.addOption("-decode %s #URL Decode the resulting output", - x_decode); - - // and then match the arguments - String[] unmatched = null; - unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED); - - if (unmatched != null) { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - // set variables - cs_hostname = x_hostname.value; - cs_port = x_port.value; - ssl = x_ssl.value; - client_certdb_dir = x_client_certdb_dir.value; - client_certdb_pwd = x_client_certdb_pwd.value; - client_cert_nickname = x_client_cert_nickname.value; - uri = x_uri.value; - query = x_query.value; - request_type = x_request_type.value; - user_id = x_user_id.value; - user_password = x_user_password.value; - auth_type = x_auth_type.value; - debug = x_debug.value; - - String decode = x_decode.value; - - // init_nss if needed - boolean st = init_nss(); - if (!st) - System.exit(-1); - - // set basic auth if needed - if (auth_type != null && auth_type.equalsIgnoreCase("BASIC")) { - // BASE64Encoder encoder = new BASE64Encoder(); - - // String temp = encoder.encodeBuffer((user_id + - // ":" + user_password).getBytes()); - String temp = Utils.base64encode((user_id + - ":" + user_password).getBytes()); - - // note: temp already contains \r and \n. - // remove \r and \n from the base64 encoded string. - // causes problems when sending http post requests - // using PrintStream.println() - - temp = temp.replaceAll("\\r", ""); - temp = temp.replaceAll("\\n", ""); - - basic_auth_header_value = temp; - } - - // route to proper function - - if (ssl != null && ssl.equalsIgnoreCase("true")) { - if (client_cert_nickname != null && - !client_cert_nickname.equalsIgnoreCase("null")) { - // ssl client auth call - - hr = hc.sslConnectClientAuth(cs_hostname, cs_port, - client_cert_nickname, - uri, query); - } - - else { - // ssl client call - hr = hc.sslConnect(cs_hostname, cs_port, uri, query); - } - } else if (ssl != null && ssl.equalsIgnoreCase("false")) { - // non ssl connect - hr = hc.nonsslConnect(cs_hostname, cs_port, uri, query); - } else { - System.out.println("ERROR: ssl parameter is null"); - System.exit(-1); - } - - // collect and print response - - if (hr.getStatusCode() == 200) - System.out.println("Response from Host:" + cs_hostname + " OK"); - else { - System.out.println("ERROR: unable to get response from host:" + - cs_hostname); - System.exit(-1); - } - - String responseValue = null; - if (decode.equalsIgnoreCase("true")) - responseValue = URLDecoder.decode(hr.getHTML(), "UTF-8"); - else - responseValue = hr.getHTML(); - - System.out.println("###############################"); - System.out.println("RESULT=" + responseValue); - System.out.println("###############################"); - - } - -}; diff --git a/base/silent/src/com/netscape/pkisilent/http/HTTPResponse.java b/base/silent/src/com/netscape/pkisilent/http/HTTPResponse.java deleted file mode 100644 index f8073f7bc..000000000 --- a/base/silent/src/com/netscape/pkisilent/http/HTTPResponse.java +++ /dev/null @@ -1,314 +0,0 @@ -package com.netscape.pkisilent.http; - -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- - -import java.util.ArrayList; -import java.util.StringTokenizer; - -import com.netscape.pkisilent.common.Utilities; - -public class HTTPResponse { - // The set of cookie values included in this response. - ArrayList<String> cookieValueList; - - // The names of the headers included in this response. - ArrayList<String> headerNameList; - - // The values of the headers included in this response. - ArrayList<String> headerValueList; - - // The actual data associated with this response. - byte[] responseData; - - // The HTML document included in the response, if appropriate. - HTMLDocument htmlDocument; - - // The number of bytes contained in the content of the response. - int contentLength; - - // The HTTP status code for the response. - int statusCode; - - // The MIME type of the response. - String contentType; - - // The protocol version string for this response. - String protolVersion; - - // The response message for this response. - String responseMessage; - - // Parsed Content Name/Value pair info - ArrayList<String> contentName; - ArrayList<String> contentValue; - - /** - * Creates a new HTTP response with the provided status code. - * - * @param statusCode The HTTP status code for this response. - * @param protocolVersion The protocol and version for this response. - * @param responseMessage The message associated with this response. - */ - public HTTPResponse(int statusCode, String protocolVersion, - String responseMessage) { - this.statusCode = statusCode; - this.protolVersion = protocolVersion; - this.responseMessage = responseMessage; - - htmlDocument = null; - contentType = null; - contentLength = -1; - responseData = new byte[0]; - cookieValueList = new ArrayList<String>(); - headerNameList = new ArrayList<String>(); - headerValueList = new ArrayList<String>(); - contentName = new ArrayList<String>(); - contentValue = new ArrayList<String>(); - } - - /** - * Retrieves the status code for this HTTP response. - * - * @return The status code for this HTTP response. - */ - public int getStatusCode() { - return statusCode; - } - - /** - * Retrieves the protocol version for this HTTP response. - * - * @return The protocol version for this HTTP response. - */ - public String getProtocolVersion() { - return protolVersion; - } - - /** - * Retrieves the response message for this HTTP response. - * - * @return The response message for this HTTP response. - */ - public String getResponseMessage() { - return responseMessage; - } - - /** - * Retrieves the value of the header with the specified name. If the - * specified header has more than one value, then only the first will be - * retrieved. - * - * @return The value of the header with the specified name, or <CODE>null</CODE> if no such header is available. - */ - public String getHeader(String headerName) { - String lowerName = headerName.toLowerCase(); - - for (int i = 0; i < headerNameList.size(); i++) { - if (lowerName.equals(headerNameList.get(i))) { - return headerValueList.get(i); - } - } - - return null; - } - - /** - * Retrieves the set of values for the specified header. - * - * @return The set of values for the specified header. - */ - public String[] getHeaderValues(String headerName) { - ArrayList<String> valueList = new ArrayList<String>(); - String lowerName = headerName.toLowerCase(); - - for (int i = 0; i < headerNameList.size(); i++) { - if (lowerName.equals(headerNameList.get(i))) { - valueList.add(headerValueList.get(i)); - } - } - - String[] values = new String[valueList.size()]; - valueList.toArray(values); - return values; - } - - /** - * Adds a header with the given name and value to this response. - * - * @param headerName The name of the header to add to this response. - * @param headerValue The value of the header to add to this response. - */ - public void addHeader(String headerName, String headerValue) { - String lowerName = headerName.toLowerCase(); - headerNameList.add(lowerName); - headerValueList.add(headerValue); - - if (lowerName.equals("content-length")) { - try { - contentLength = Integer.parseInt(headerValue); - } catch (NumberFormatException nfe) { - } - } else if (lowerName.equals("content-type")) { - contentType = headerValue; - } else if (lowerName.equals("set-cookie")) { - cookieValueList.add(headerValue); - } - } - - /** - * Retrieves a two-dimensional array containing the header data for this - * response, with each element being an array containing a name/value pair. - * - * @return A two-dimensional array containing the header data for this - * response. - */ - public String[][] getHeaderElements() { - String[][] headerElements = new String[headerNameList.size()][2]; - for (int i = 0; i < headerNameList.size(); i++) { - headerElements[i][0] = headerNameList.get(i); - headerElements[i][1] = headerValueList.get(i); - } - - return headerElements; - } - - /** - * Retrieves the raw data included in this HTTP response. If the response did - * not include any data, an empty array will be returned. - * - * @return The raw data included in this HTTP response. - */ - public byte[] getResponseData() { - return responseData; - } - - public String getHTML() { - String htmlString = new String(responseData); - return htmlString; - } - - public String getHTMLwithoutTags() { - String htmlString = new String(responseData); - HTMLDocument htmldocument = new HTMLDocument(htmlString); - return htmldocument.getTextData(); - } - - public void parseContent() { - // parse the responseData byte[] buffer and split content into name - // value pair - String htmlString = new String(responseData); - StringTokenizer st = new StringTokenizer(htmlString, "\n"); - Utilities ut = new Utilities(); - - while (st.hasMoreTokens()) { - String line = st.nextToken(); - // format for line assumed to be name="value"; format - - int eqPos = line.indexOf('='); - if (eqPos != -1) { - String name = line.substring(0, eqPos); - String tempval = line.substring(eqPos + 1).trim(); - String value = ut.cleanupQuotes(ut.removechar(tempval)); - - // add to array - this.contentName.add(name.trim()); - this.contentValue.add(value); - } - - } - - } - - public String getContentValue(String headerName) { - for (int i = 0; i < contentName.size(); i++) { - if (headerName.equals(contentName.get(i))) { - return contentValue.get(i); - } - } - - return null; - } - - public ArrayList<String> getContentNames() { - return contentName; - } - - public ArrayList<String> getContentValues() { - return contentValue; - } - - /** - * Sets the actual data associated with this response. - * - * @param responseData The actual data associated with this response. - */ - public void setResponseData(byte[] responseData) { - if (responseData == null) { - this.responseData = new byte[0]; - } else { - this.responseData = responseData; - } - } - - /** - * Retrieves the content length associated with this response. - * - * @return The content length associated with this response, or -1 if no - * content length is available. - */ - public int getContentLength() { - return contentLength; - } - - /** - * Retrieves the content type associated with this response. - * - * @return The content type associated with this response, or <CODE>null</CODE> if no content type is available. - */ - public String getContentType() { - return contentType; - } - - /** - * Retrieves an array containing the values of the cookies that should be set - * based on the information in this response. - * - * @return An array containing the values of the cookies that should be set - * based on the information in this response. - */ - public String[] getCookieValues() { - String[] cookieValues = new String[cookieValueList.size()]; - cookieValueList.toArray(cookieValues); - return cookieValues; - } - - public String getCookieValue(String headerName) { - for (int i = 0; i < cookieValueList.size(); i++) { - System.out.println("cookie list: " + cookieValueList.get(i)); - - String temp = cookieValueList.get(i); - if (temp.startsWith(headerName)) { - return cookieValueList.get(i); - } - } - - return null; - } - -} diff --git a/base/silent/src/pki-silent.mf b/base/silent/src/pki-silent.mf deleted file mode 100644 index 13c91de27..000000000 --- a/base/silent/src/pki-silent.mf +++ /dev/null @@ -1,3 +0,0 @@ -Name: pki-silent -Specification-Version: ${APPLICATION_VERSION} -Implementation-Version: ${VERSION} diff --git a/base/silent/templates/pki_silent.template b/base/silent/templates/pki_silent.template deleted file mode 100755 index c88d4d334..000000000 --- a/base/silent/templates/pki_silent.template +++ /dev/null @@ -1,391 +0,0 @@ -#!/bin/bash -## BEGIN COPYRIGHT BLOCK -## (C) 2009 Red Hat, Inc. -## All rights reserved. -## END COPYRIGHT BLOCK - - -## Always switch into this base directory -## prior to script execution so that all -## of its output is written to this directory - -cd `dirname $0` - - -## Disallow script to be run as the name of this template -pki_silent_script=`basename $0` -if [ "${pki_silent_script}" = "pki_silent.template" ] ; then - printf "\n" - printf "Usage: (1) Install AND configure a directory server instance.\n\n" - printf " (2) Install, but do NOT configure ALL six\n" - printf " 'default' PKI subsystem instances.\n\n" - printf " (3) Copy '$0' to a new script name\n" - printf " without the '.template' extension.\n" - printf " (e .g. - 'configure_default_pki_instances')\n\n" - printf " (4) Fill in all MANDATORY user-defined variables\n" - printf " in the new script.\n\n" - printf " (5) Change any OPTIONAL user-defined variables\n" - printf " in the new script as desired.\n\n" - printf " (6) Become the 'root' user, and execute the new script to\n" - printf " configure ALL six 'default' PKI subsystem instances.\n\n" - exit 255 -fi - - -## -## This script MUST be run as root! -## - -ROOTUID=0 - -OS=`uname` -if [ "${OS}" = "Linux" ] ; then - MY_EUID=`/usr/bin/id -u` - MY_UID=`/usr/bin/id -ur` - USERNAME=`/usr/bin/id -un` -else - printf "ERROR: Unsupported operating system '${OS}'!\n" - exit 255 -fi - -if [ "${MY_UID}" != "${ROOTUID}" ] && - [ "${MY_EUID}" != "${ROOTUID}" ] ; then - printf "ERROR: The '$0' script must be run as root!\n" - exit 255 -fi - -if [ -z "${HOME}" ]; then - printf "ERROR: The 'HOME' environment variable must be set!\n" - exit 255 -fi - - -############################################################################## -############################################################################## -## ## -## P K I S I L E N T - V A R I A B L E D E C L A R A T I O N ## -## ## -############################################################################## -############################################################################## - -############################################################################## -## U S E R - D E F I N E D V A R I A B L E S ( M A N D A T O R Y ) ## -############################################################################## - -## -## IMPORTANT: 'Escape' ALL spaces in EACH variable specified below! -## -## For Example: -## -## pki_security_domain_name="My\ Security\ Domain" -## - -## PKI Silent Security Database Variables -## (e. g. - PKI Silent "browser" database) -pki_silent_security_database_repository="${HOME}/.dogtag/certs" -pki_silent_security_database_password= - -## PKI Security Domain Variables -## (e. g. - Security Domain Login Panel) -pki_security_domain_name= -pki_security_domain_host=`hostname` -pki_security_domain_admin_name=admin -pki_security_domain_admin_password= - -## PKI Instance-Specific Token Variables -## (e. g. - Module Panel) -ra_token_name=internal -ra_token_password= - -## PKI Email Variables -## -## For example, to specify 'pkitest@example.com': -## -## pki_email_name=pkitest -## pki_email_company=example -## pki_email_domain=com -## -pki_email_name= -pki_email_company= -pki_email_domain= - -## PKI Silent Admin Variables -## (e. g. - Import Admin Certificate into PKI Silent "browser" database) -pki_silent_admin_user=admin -pki_silent_admin_password= -pki_silent_admin_email="${pki_email_name}\@${pki_email_company}\.${pki_email_domain}" - - - -############################################################################## -## P R E - D E F I N E D " D E F A U L T " V A R I A B L E S ## -############################################################################## - -## PKI Subsystem Host (computed by default) -pki_host=`hostname` - -## PKI Subsystem Names -ra_subsystem_name="Registration\ Authority" - -## PKI Subsystem Instance Names -ra_instance_name="pki-ra" - -## PKI Subsystem Init Script Names -ra_init_script="pki-rad" - -## CA ports -ca_nonssl_port=8080 -ca_agent_port=8443 -ca_ee_port=8443 -ca_admin_port=8443 - -## RA ports -ra_nonssl_port=12888 -ra_clientauth_port=12889 -ra_nonclientauth_port=12890 - - - -############################################################################## -## U S E R - D E F I N E D V A R I A B L E S ( O P T I O N A L ) ## -############################################################################## - -## PKI Silent Log Files -pki_silent_ra_log=/tmp/ra.log - - -## Miscellaneous RA Variables -## -## REMINDER: 'Escape' ALL spaces in EACH variable specified below! -## -## NOTE: For comparison's sake, if the default instances were manually -## configured using a Firefox browser, the content of the corresponding -## "/var/lib/${ra_instance_name}/alias/" security libraries would be -## something similar to this: -## -## Certificate Nickname Trust Attributes -## SSL,S/MIME,JAR/XPI -## -## subsystemCert cert-${ra_instance_name} u,u,u -## caCert CT,C,C -## Server-Cert cert-${ra_instance_name} u,u,u -## -## where: -## -## Nickname: "subsystemCert cert-${ra_instance_name}" -## Subject Name: "cn=RA Subsystem Certificate," -## + "ou=${ra_instance_name}," -## + "o=${pki_security_domain_name}" -## -## Nickname: "caCert" -## Subject Name: "cn=Certificate Authority," -## + "o=${pki_security_domain_name}" -## -## Nickname: "Server-Cert cert-${ra_instance_name}" -## Subject Name: "cn=${pki_host}," -## + "ou=${ra_instance_name}," -## + "o=${pki_security_domain_name}" -## - -ra_chosen_ca_hostname=${pki_security_domain_host} -ra_chosen_ca_nonssl_port=${ca_nonssl_port} -ra_chosen_ca_ssl_port=${ca_ee_port} -ra_chosen_ca_admin_port=${ca_admin_port} -ra_agent_name="RA\ Administrator\'s\ ${pki_security_domain_name}\ ID" -ra_agent_key_size=2048 -ra_agent_key_type=rsa -ra_agent_cert_subject="cn=RA\ Administrator,uid=admin,e=${pki_silent_admin_email},o=${pki_security_domain_name}" -ra_key_size=2048 -ra_key_type=rsa -ra_server_cert_nickname="Server-Cert\ cert-${ra_instance_name}" -ra_server_cert_subject_name="cn=${pki_host},ou=${ra_instance_name},o=${pki_security_domain_name}" -ra_subsystem_cert_nickname="subsystemCert\ cert-${ra_instance_name}" -ra_subsystem_cert_subject_name="cn=RA\ Subsystem\ Certificate,ou=${ra_instance_name},o=${pki_security_domain_name}" - - - -############################################################################## -############################################################################## -## ## -## P K I S I L E N T - S U B S Y S T E M C O N F I G U R A T I O N ## -## ## -############################################################################## -############################################################################## - -############################################################################## -## P K I S I L E N T I N I T I A L I Z A T I O N ## -############################################################################## - -## (1) Make certain that user has defined all MANDATORY user-defined variables! -usage_errors=0 -usage_error_preamble="ERROR: User MUST define a value for" - -if [ "${pki_silent_security_database_password}" = "" ] ; then - printf "${usage_error_preamble} 'pki_silent_security_database_password'!\n" - usage_errors=`expr ${usage_errors} + 1` -fi -if [ "${pki_security_domain_name}" = "" ] ; then - printf "${usage_error_preamble} 'pki_security_domain_name'!\n" - usage_errors=`expr ${usage_errors} + 1` -fi -if [ "${pki_security_domain_admin_password}" = "" ] ; then - printf "${usage_error_preamble} 'pki_security_domain_admin_password'!\n" - usage_errors=`expr ${usage_errors} + 1` -fi -if [ "${ra_token_password}" = "" ] ; then - printf "${usage_error_preamble} 'ra_token_password'!\n" - usage_errors=`expr ${usage_errors} + 1` -fi -if [ "${pki_email_name}" = "" ] ; then - printf "${usage_error_preamble} 'pki_email_name'!\n" - usage_errors=`expr ${usage_errors} + 1` -fi -if [ "${pki_email_company}" = "" ] ; then - printf "${usage_error_preamble} 'pki_email_company'!\n" - usage_errors=`expr ${usage_errors} + 1` -fi -if [ "${pki_email_domain}" = "" ] ; then - printf "${usage_error_preamble} 'pki_email_domain'!\n" - usage_errors=`expr ${usage_errors} + 1` -fi -if [ "${pki_silent_admin_password}" = "" ] ; then - printf "${usage_error_preamble} 'pki_silent_admin_password'!\n" - usage_errors=`expr ${usage_errors} + 1` -fi - - -## (2) Make certain that a PKI instance of the specified name EXISTS, -## but has NOT been previously CONFIGURED! -existence_errors=0 -existence_error_preamble="ERROR: No PKI Instance named" -configuration_errors=0 -configuration_error_preamble="ERROR: A PKI Instance named" -configuration_error_postamble="EXISTS,\n but has PREVIOUSLY been CONFIGURED!" - -if [ ! -f "/var/lib/${ra_instance_name}/conf/CS.cfg" ] ; then - printf "${existence_error_preamble} '${ra_instance_name}' EXISTS!\n" - existence_errors=`expr ${existence_errors} + 1` -else - ra_configuration_check=`grep -c preop /var/lib/${ra_instance_name}/conf/CS.cfg` - if [ ${ra_configuration_check} -eq 0 ] ; then - printf "${configuration_error_preamble} '${ra_instance_name}' " - printf "${configuration_error_postamble}\n" - configuration_errors=`expr ${configuration_errors} + 1` - fi -fi - - -if [ ${usage_errors} -ne 0 ] || - [ ${existence_errors} -ne 0 ] || - [ ${configuration_errors} -ne 0 ] ; then - printf "\n" - printf "Please correct ALL errors listed above and re-run\n" - printf "the '$0' script!\n\n" - exit 255 -fi - - -## (3) Make certain that 'pkisilent' exists and is executable on this system. -if [ ! -x "/usr/bin/pkisilent" ] ; then - printf "\n" - printf "ERROR: Please install the 'pki-server' package and re-run\n" - printf "the '$0' script!\n\n" - exit 255 -fi - - -## (4) Check for old PKI Silent Security Databases, but DO NOT remove them! -## Instead, inform the user and exit this script. -if [ -f "${pki_silent_security_database_repository}/cert8.db" ] || - [ -f "${pki_silent_security_database_repository}/key3.db" ] || - [ -f "${pki_silent_security_database_repository}/secmod.db" ] ; then - printf "\n" - printf "WARNING: At least one of the security databases\n" - printf " (i. e. - 'cert8.db', 'key3.db', and/or 'secmod.db')\n" - printf " required by '${pki_silent_script}' exists at the\n" - printf " specified location '${pki_silent_security_database_repository}'.\n" - printf "\n" - printf " Please MANUALLY move or erase these security database(s),\n" - printf " or specify a different location before re-running this script.\n\n" - exit 255 -fi - - -## (5) Remove ALL old PKI Silent log files -printf "Removing old PKI Silent log files:\n" -if [ -f ${pki_silent_ra_log} ] ; then - printf " Removing old '${pki_silent_ra_log}' . . . " - rm ${pki_silent_ra_log} - printf "done.\n" -fi -printf "Done.\n\n" - - - -############################################################################## -## C A L C U L A T E P K I I N S T A N C E P I N S ## -############################################################################## - -## PKI Subsystem Instance PINS -ra_preop_pin=`cat /var/lib/${ra_instance_name}/conf/CS.cfg \ - | grep preop.pin | grep -v grep | awk -F= '{print $2}'` - - - -############################################################################## -## R E G I S T R A T I O N A U T H O R I T Y ## -############################################################################## -## -## For example, upon completion, -## execute '/sbin/service ${ra_init_script} status ${ra_instance_name}': -## -## ${ra_instance_name} (pid 15769) is running ... -## -## Unsecure Port = http://${pki_host}:12888 -## Secure Clientauth Port = https://${pki_host}:12889 -## Secure Non-Clientauth Port = https://${pki_host}:12890 -## - -## Configure RA -printf "'${pki_silent_script}': Configuring '${ra_instance_name}' . . .\n" -pkisilent ConfigureRA \ - -cs_hostname "${pki_host}" \ - -cs_port ${ra_nonclientauth_port} \ - -cs_clientauth_port ${ra_clientauth_port} \ - -sd_hostname "${pki_security_domain_host}" \ - -sd_ssl_port ${ca_ee_port} \ - -sd_agent_port ${ca_agent_port} \ - -sd_admin_port ${ca_admin_port} \ - -sd_admin_name "${pki_security_domain_admin_name}" \ - -sd_admin_password ${pki_security_domain_admin_password} \ - -ca_hostname ${ra_chosen_ca_hostname} \ - -ca_port ${ra_chosen_ca_nonssl_port} \ - -ca_ssl_port ${ra_chosen_ca_ssl_port} \ - -ca_admin_port ${ra_chosen_ca_admin_port} \ - -client_certdb_dir ${pki_silent_security_database_repository} \ - -client_certdb_pwd ${pki_silent_security_database_password} \ - -preop_pin ${ra_preop_pin} \ - -domain_name "${pki_security_domain_name}" \ - -admin_user ${pki_silent_admin_user} \ - -admin_password ${pki_silent_admin_password} \ - -admin_email "${pki_silent_admin_email}" \ - -agent_name ${ra_agent_name} \ - -key_size ${ra_key_size} \ - -key_type ${ra_key_type} \ - -token_name ${ra_token_name} \ - -token_pwd ${ra_token_password} \ - -agent_key_size ${ra_agent_key_size} \ - -agent_key_type ${ra_agent_key_type} \ - -agent_cert_subject "${ra_agent_cert_subject}" \ - -subsystem_name ${ra_subsystem_name} \ - -ra_server_cert_nickname "${ra_server_cert_nickname}" \ - -ra_server_cert_subject_name "${ra_server_cert_subject_name}" \ - -ra_subsystem_cert_nickname "${ra_subsystem_cert_nickname}" \ - -ra_subsystem_cert_subject_name "${ra_subsystem_cert_subject_name}" \ - | tee ${pki_silent_ra_log} - -## Restart RA -/sbin/service ${ra_init_script} restart ${ra_instance_name} - -exit 0 - diff --git a/scripts/build_dogtag_pki b/scripts/build_dogtag_pki index 91acc3b0a..058abc931 100755 --- a/scripts/build_dogtag_pki +++ b/scripts/build_dogtag_pki @@ -104,7 +104,6 @@ fi PKI_COMPOSE_SCRIPTS_DIR="${PKI_PWD}/${PKI_DIR}/${PKI_SCRIPTS_DIR}" COMPOSE_DOGTAG_PKI_THEME_PACKAGES="compose_dogtag_pki_theme_packages" COMPOSE_PKI_CORE_PACKAGES="compose_pki_core_packages" -COMPOSE_PKI_RA_PACKAGES="compose_pki_ra_packages" COMPOSE_PKI_TPS_PACKAGES="compose_pki_tps_packages" COMPOSE_PKI_CONSOLE_PACKAGES="compose_pki_console_packages" @@ -112,13 +111,11 @@ COMPOSE_PKI_CONSOLE_PACKAGES="compose_pki_console_packages" PKI_PACKAGES_DIR="${PKI_PWD}/packages" PKI_DOGTAG_THEME_PACKAGES_DIR="${PKI_PWD}/packages.dogtag_theme" PKI_CORE_PACKAGES_DIR="${PKI_PWD}/packages.core" -PKI_RA_PACKAGES_DIR="${PKI_PWD}/packages.ra" PKI_TPS_PACKAGES_DIR="${PKI_PWD}/packages.tps" PKI_CONSOLE_PACKAGES_DIR="${PKI_PWD}/packages.console" # Establish PKI theme package names PKI_SERVER_THEME=${PKI_FLAVOR}-pki-server-theme${RPM_EXT} -PKI_RA_THEME=${PKI_FLAVOR}-pki-ra-theme${RPM_EXT} PKI_TPS_THEME=${PKI_FLAVOR}-pki-tps-theme${RPM_EXT} PKI_CONSOLE_THEME=${PKI_FLAVOR}-pki-console-theme${RPM_EXT} @@ -134,9 +131,6 @@ PKI_KRA=pki-kra${RPM_EXT} PKI_OCSP=pki-ocsp${RPM_EXT} PKI_TKS=pki-tks${RPM_EXT} -# Establish PKI ra package names -PKI_RA=pki-ra${RPM_EXT} - # Establish PKI tps package names PKI_TPS=pki-tps${RPM_EXT} @@ -147,7 +141,6 @@ PKI_CONSOLE=pki-console${RPM_EXT} rm -rf ${PKI_PACKAGES_DIR} rm -rf ${PKI_DOGTAG_THEME_PACKAGES_DIR} rm -rf ${PKI_CORE_PACKAGES_DIR} -rm -rf ${PKI_RA_PACKAGES_DIR} rm -rf ${PKI_TPS_PACKAGES_DIR} rm -rf ${PKI_CONSOLE_PACKAGES_DIR} @@ -156,7 +149,7 @@ cd ${PKI_PWD} ${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_DOGTAG_PKI_THEME_PACKAGES} rpms mv ${PKI_PACKAGES_DIR} ${PKI_DOGTAG_THEME_PACKAGES_DIR} cd ${PKI_DOGTAG_THEME_PACKAGES_DIR}/${RPM_DIR}/${NOARCH} -${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_SERVER_THEME} ${PKI_RA_THEME} ${PKI_TPS_THEME} ${PKI_CONSOLE_THEME} +${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_SERVER_THEME} ${PKI_TPS_THEME} ${PKI_CONSOLE_THEME} # Compose and install 'pki-core' packages cd ${PKI_PWD} @@ -168,13 +161,6 @@ cp -p ${NOARCH}/*.rpm ${PKI_ARCH}/*.rpm ${PKI_CORE_PACKAGES_DIR}/${RPM_DIR}/${CO cd ${PKI_CORE_PACKAGES_DIR}/${RPM_DIR}/${COMBINED} ${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_SYMKEY} ${PKI_BASE} ${PKI_JAVADOC} ${PKI_TOOLS} ${PKI_SERVER} ${PKI_SELINUX} ${PKI_CA} ${PKI_KRA} ${PKI_OCSP} ${PKI_TKS} -# Compose and install 'pki-ra' packages -cd ${PKI_PWD} -${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_PKI_RA_PACKAGES} rpms -mv ${PKI_PACKAGES_DIR} ${PKI_RA_PACKAGES_DIR} -cd ${PKI_RA_PACKAGES_DIR}/${RPM_DIR}/${NOARCH} -${PKI_SUDO} ${YUM_EXE} ${YUM_EXE_OPTIONS} ${PKI_RA} - # Compose and install 'pki-tps' packages cd ${PKI_PWD} ${PKI_COMPOSE_SCRIPTS_DIR}/${COMPOSE_PKI_TPS_PACKAGES} rpms diff --git a/scripts/compose_pki_core_packages b/scripts/compose_pki_core_packages index 67d85a599..18cddb00b 100755 --- a/scripts/compose_pki_core_packages +++ b/scripts/compose_pki_core_packages @@ -45,7 +45,7 @@ if [ "$WITHOUT_JAVADOC" = "" ]; then fi if [ "$WITHOUT_SERVER" = "" ]; then - PKI_COMPONENT_LIST="$PKI_COMPONENT_LIST server ca kra ocsp tks tps-tomcat setup silent" + PKI_COMPONENT_LIST="$PKI_COMPONENT_LIST server ca kra ocsp tks tps-tomcat setup" fi ## diff --git a/scripts/compose_pki_ra_packages b/scripts/compose_pki_ra_packages deleted file mode 100755 index 5c37a52c8..000000000 --- a/scripts/compose_pki_ra_packages +++ /dev/null @@ -1,199 +0,0 @@ -#!/bin/bash -# BEGIN COPYRIGHT BLOCK -# (C) 2010 Red Hat, Inc. -# All rights reserved. -# END COPYRIGHT BLOCK - -## -## Include common 'compose' functions -## - -COMPOSE_PWD=`dirname $0` -source ${COMPOSE_PWD}/compose_functions - - -## Always switch into the base directory three levels -## above this shell script prior to executing it so -## that all of its output is written to this directory - -cd `dirname $0`/../.. - - -## -## Retrieve the name of this base directory -## - -PKI_PWD=`pwd` - - -## -## Establish the 'pki-ra' name and version information -## - -PKI_RA="pki-ra" -PKI_RA_VERSION="10.2.0" - - -## -## Establish the SOURCE files/directories of the 'pki-ra' source directory -## - -PKI_SPECS_FILE="${PKI_DIR}/specs/${PKI_RA}.spec" -PKI_COMPONENT_LIST="ra" - - -## -## Establish the TARGET files/directories of the 'pki-ra' source/spec files -## - -if [ $WORK_DIR ]; then - PKI_PACKAGES="`cd $WORK_DIR ; pwd`" -else - PKI_PACKAGES="${PKI_PWD}/packages" -fi - -PKI_RA_BUILD_DIR="${PKI_PACKAGES}/BUILD" -PKI_RA_RPMS_DIR="${PKI_PACKAGES}/RPMS" -PKI_RA_SOURCES_DIR="${PKI_PACKAGES}/SOURCES" -PKI_RA_SPECS_DIR="${PKI_PACKAGES}/SPECS" -PKI_RA_SRPMS_DIR="${PKI_PACKAGES}/SRPMS" - -PKI_RA_TARBALL="${PKI_RA}-${PKI_RA_VERSION}.tar.gz" -PKI_RA_SPEC_FILE="${PKI_RA_SPECS_DIR}/${PKI_RA}.spec" -PKI_RA_PACKAGE_SCRIPT="${PKI_PACKAGES}/package_${PKI_RA}" -PKI_RA_PACKAGE_COMMAND="${RPMBUILD_CMD} SPECS/${PKI_RA}.spec" - -PKI_RA_STAGING_DIR="${PKI_PACKAGES}/staging" -PKI_RA_DIR="${PKI_RA_STAGING_DIR}/${PKI_RA}-${PKI_RA_VERSION}" -PKI_RA_BASE_DIR="${PKI_RA_DIR}/base" - - -## -## Always create a top-level 'packages' directory -## - -mkdir -p ${PKI_PACKAGES} - - -## -## Always create 'pki-ra' package directories -## - -mkdir -p ${PKI_RA_BUILD_DIR} -mkdir -p ${PKI_RA_RPMS_DIR} -mkdir -p ${PKI_RA_SOURCES_DIR} -mkdir -p ${PKI_RA_SPECS_DIR} -mkdir -p ${PKI_RA_SRPMS_DIR} - - -## -## Always start with new 'pki-ra' package files -## - -rm -rf ${PKI_RA_BUILD_DIR}/${PKI_RA}-${PKI_RA_VERSION} -rm -f ${PKI_RA_RPMS_DIR}/${PKI_RA}-${PKI_RA_VERSION}*.rpm -rm -f ${PKI_RA_SOURCES_DIR}/${PKI_RA_TARBALL} -rm -f ${PKI_RA_SPEC_FILE} -rm -f ${PKI_RA_SRPMS_DIR}/${PKI_RA}-${PKI_RA_VERSION}*.rpm - - -## -## Copy a new 'pki-ra' spec file from the -## current contents of the PKI working repository -## - -cp -p ${PKI_SPECS_FILE} ${PKI_RA_SPECS_DIR} - - -## -## If specified, copy all Patches from the spec file URL to SOURCES -## - -if [ ${FETCH_PATCH_FILES} -eq 1 ] ; then - Fetch_Patch_Files ${PKI_SPECS_FILE} ${PKI_RA_SOURCES_DIR} -fi - - -## -## Copy the specified Source Tarball from the spec file URL to SOURCES, or -## Generate a fresh Source Tarball from the local source -## - -if [ ${FETCH_SOURCE_TARBALL} -eq 1 ] ; then - Fetch_Source_Tarball ${PKI_SPECS_FILE} ${PKI_RA_SOURCES_DIR} -else - ## - ## Always start with a new 'pki-ra' staging directory - ## - - rm -rf ${PKI_RA_STAGING_DIR} - - - ## - ## To generate the 'pki-ra' tarball, construct a staging area - ## consisting of the 'pki-ra' source components from the - ## current contents of the PKI working repository - ## - - mkdir -p ${PKI_RA_DIR} - cd ${PKI_DIR} - for file in "${PKI_FILE_LIST}" ; - do - cp -p ${file} ${PKI_RA_DIR} - done - find ${PKI_CMAKE_DIR} \ - -name .svn -prune -o \ - -name *.swp -prune -o \ - -print | cpio -pdum ${PKI_RA_DIR} > /dev/null 2>&1 - cd - > /dev/null 2>&1 - - mkdir -p ${PKI_RA_BASE_DIR} - cd ${PKI_BASE_DIR} - cp -p ${PKI_BASE_MANIFEST} ${PKI_RA_BASE_DIR} - for component in "${PKI_COMPONENT_LIST}" ; - do - find ${component} \ - -name .svn -prune -o \ - -name *.swp -prune -o \ - -print | cpio -pdum ${PKI_RA_BASE_DIR} > /dev/null 2>&1 - done - cd - > /dev/null 2>&1 - - - ## - ## Create the 'pki-ra' tarball - ## - - mkdir -p ${PKI_RA_SOURCES_DIR} - cd ${PKI_RA_STAGING_DIR} - gtar -zcvf ${PKI_RA_TARBALL} \ - "${PKI_RA}-${PKI_RA_VERSION}" > /dev/null 2>&1 - mv ${PKI_RA_TARBALL} ${PKI_RA_SOURCES_DIR} - cd - > /dev/null 2>&1 - - - ## - ## Always remove the PKI staging area - ## - - rm -rf ${PKI_RA_STAGING_DIR} -fi - - -## -## Always generate a fresh 'pki-ra' package script -## - -rm -rf ${PKI_RA_PACKAGE_SCRIPT} -printf "#!/bin/bash\n\n" > ${PKI_RA_PACKAGE_SCRIPT} -printf "${PKI_RA_PACKAGE_COMMAND}\n\n" >> ${PKI_RA_PACKAGE_SCRIPT} -chmod 775 ${PKI_RA_PACKAGE_SCRIPT} - - -## -## Automatically invoke RPM/SRPM creation -## - -cd ${PKI_PACKAGES} ; -bash ./package_${PKI_RA} | tee package_${PKI_RA}.log 2>&1 - diff --git a/scripts/compose_pki_test_package b/scripts/compose_pki_test_package index 5b26220a7..2aea422e5 100755 --- a/scripts/compose_pki_test_package +++ b/scripts/compose_pki_test_package @@ -83,7 +83,6 @@ CLASSPATH=$CLASSPATH:$PKI_SOURCE_DIR/base/server/tomcat/src CLASSPATH=$CLASSPATH:$PKI_SOURCE_DIR/base/server/cms/src CLASSPATH=$CLASSPATH:$PKI_SOURCE_DIR/base/server/cmscore/src CLASSPATH=$CLASSPATH:$PKI_SOURCE_DIR/base/server/test -CLASSPATH=$CLASSPATH:$PKI_SOURCE_DIR/base/silent/src CLASSPATH=$CLASSPATH:$PKI_SOURCE_DIR/base/ca/src CLASSPATH=$CLASSPATH:$PKI_SOURCE_DIR/base/ca/functional/src CLASSPATH=$CLASSPATH:$PKI_SOURCE_DIR/base/kra/src diff --git a/scripts/pki_patch_maker b/scripts/pki_patch_maker index 08e8aacd8..69834100f 100755 --- a/scripts/pki_patch_maker +++ b/scripts/pki_patch_maker @@ -37,7 +37,7 @@ Usage() ## Identify source associated with srpm ## IPA_PKI_THEME="dogtag/ca-ui dogtag/common-ui" -PKI_CORE="base/ca base/common base/java-tools base/native-tools base/selinux base/setup base/silent base/symkey base/util" +PKI_CORE="base/ca base/common base/java-tools base/native-tools base/selinux base/setup base/symkey base/util" ## diff --git a/specs/pki-core.spec b/specs/pki-core.spec index 7c10c1ff1..40b80dc9b 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -5,7 +5,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} Name: pki-core Version: 10.2.0 -Release: 0.7%{?dist} +Release: 0.8%{?dist} Summary: Certificate System - PKI Core Components URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -712,8 +712,6 @@ echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 %dir %{_datadir}/pki/scripts %{_datadir}/pki/scripts/operations %{_datadir}/pki/scripts/pkicommon.pm -%{_datadir}/pki/scripts/functions -%{_datadir}/pki/scripts/pki_apache_initscript %{_bindir}/pkidaemon %dir %{_sysconfdir}/systemd/system/pki-tomcatd.target.wants %{_unitdir}/pki-tomcatd@.service @@ -721,15 +719,9 @@ echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 %{_javadir}/pki/pki-cms.jar %{_javadir}/pki/pki-cmsbundle.jar %{_javadir}/pki/pki-cmscore.jar -%{_javadir}/pki/pki-silent.jar %{_javadir}/pki/pki-tomcat.jar %dir %{_sharedstatedir}/pki -%{_bindir}/pkicreate -%{_bindir}/pkiremove %{_bindir}/pki-setup-proxy -%{_bindir}/pkisilent -%{_datadir}/pki/silent/ -%{_bindir}/pkicontrol %{_mandir}/man5/pki_default.cfg.5.gz %{_mandir}/man8/pki-server-upgrade.8.gz %{_mandir}/man8/pkidestroy.8.gz @@ -799,6 +791,10 @@ echo >> /var/log/pki/pki-server-upgrade-%{version}.log 2>&1 %endif # %{with server} %changelog +* Wed Aug 27 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.8 +- PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent' + packages . . . + * Wed Aug 13 2014 Jack Magne <jmagne@redhat.com> - 10.2.0-0.7 - Respin to include the applet files with the rpm install. No change to spec file needed. diff --git a/specs/pki-ra.spec b/specs/pki-ra.spec deleted file mode 100644 index 8561488a0..000000000 --- a/specs/pki-ra.spec +++ /dev/null @@ -1,367 +0,0 @@ -Name: pki-ra -Version: 10.2.0 -Release: 0.1%{?dist} -Summary: Certificate System - Registration Authority -URL: http://pki.fedoraproject.org/ -License: GPLv2 -Group: System Environment/Daemons - -BuildArch: noarch - -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - -BuildRequires: cmake >= 2.8.9-1 -BuildRequires: nspr-devel -BuildRequires: nss-devel >= 3.14.3 -BuildRequires: python -BuildRequires: systemd - -Requires: mod_nss >= 1.0.8 -Requires: mod_perl >= 1.99_16 -Requires: mod_revocator >= 1.0.3 -Requires: nss >= 3.14.3 -Requires: nss-tools >= 3.14.3 -Requires: pki-server >= 10.2.0 -Requires: pki-server-theme >= 10.2.0 -Requires: perl-DBD-SQLite -Requires: sqlite -Requires: /usr/sbin/sendmail -Requires(post): systemd-units -Requires(preun): systemd-units -Requires(postun): systemd-units - -Source0: http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}%{?prerel}.tar.gz - -%if 0%{?rhel} -ExcludeArch: ppc ppc64 ppcle ppc64le s390 s390x -%endif - -%description -Certificate System (CS) is an enterprise software system designed -to manage enterprise Public Key Infrastructure (PKI) deployments. - -The Registration Authority (RA) is an optional PKI subsystem that acts as a -front-end for authenticating and processing enrollment requests, PIN reset -requests, and formatting requests. - -An RA communicates over SSL with a Certificate Authority (CA) to fulfill -the user's requests. An RA may often be located outside an organization's -firewall to allow external users the ability to communicate with that -organization's PKI deployment. - -For deployment purposes, an RA requires the following components from the PKI -Core package: - - * pki-server - * pki-tools - -Additionally, Certificate System requires ONE AND ONLY ONE of the following -"Mutually-Exclusive" PKI Theme packages: - - * dogtag-pki-theme (Dogtag Certificate System deployments) - * dogtag-pki-server-theme - * redhat-pki-server-theme (Red Hat Certificate System deployments) - * redhat-pki-server-theme - * customized pki theme (Customized Certificate System deployments) - * <customized>-pki-server-theme - - -%prep - - -%setup -q -n %{name}-%{version}%{?prerel} - -cat << \EOF > %{name}-prov -#!/bin/sh -%{__perl_provides} $* |\ -sed -e '/perl(PKI.*)/d' -e '/perl(Template.*)/d' -EOF - -%global __perl_provides %{_builddir}/%{name}-%{version}%{?prerel}/%{name}-prov -chmod +x %{__perl_provides} - -cat << \EOF > %{name}-req -#!/bin/sh -%{__perl_requires} $* |\ -sed -e '/perl(PKI.*)/d' -e '/perl(Template.*)/d' -EOF - -%global __perl_requires %{_builddir}/%{name}-%{version}%{?prerel}/%{name}-req -chmod +x %{__perl_requires} - - -%clean -%{__rm} -rf %{buildroot} - - -%build -%{__mkdir_p} build -cd build -%cmake -DVERSION=%{version}-%{release} \ - -DVAR_INSTALL_DIR:PATH=/var \ - -DBUILD_PKI_RA:BOOL=ON \ - -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \ - .. -%{__make} VERBOSE=1 %{?_smp_mflags} - - -%install -%{__rm} -rf %{buildroot} -cd build -%{__make} install DESTDIR=%{buildroot} INSTALL="install -p" - -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/admin/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/admin/group/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/admin/user/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/agent/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/agent/cert/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/agent/request/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/ee/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/ee/agent/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/ee/request/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/ee/scep/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/ee/server/*.cgi -chmod 755 %{buildroot}%{_datadir}/pki/ra/docroot/ee/user/*.cgi - -# Details: -# -# * https://fedoraproject.org/wiki/Features/var-run-tmpfs -# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft -# -%{__mkdir_p} %{buildroot}%{_sysconfdir}/tmpfiles.d -# generate 'pki-ra.conf' under the 'tmpfiles.d' directory -echo "D /run/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ra.conf -echo "D /run/lock/pki/ra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ra.conf -echo "D /run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ra.conf -echo "D /run/pki/ra 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-ra.conf - -%{__rm} %{buildroot}%{_initrddir}/pki-rad - -%post -# Attempt to update ALL old "RA" instances to "systemd" -if [ -d /etc/sysconfig/pki/ra ]; then - for inst in `ls /etc/sysconfig/pki/ra`; do - if [ ! -e "/etc/systemd/system/pki-rad.target.wants/pki-rad@${inst}.service" ]; then - ln -s "/lib/systemd/system/pki-rad@.service" \ - "/etc/systemd/system/pki-rad.target.wants/pki-rad@${inst}.service" - - if [ -e /var/run/${inst}.pid ]; then - kill -9 `cat /var/run/${inst}.pid` || : - rm -f /var/run/${inst}.pid - echo "pkicreate.systemd.servicename=pki-rad@${inst}.service" >> \ - /var/lib/${inst}/conf/CS.cfg || : - /bin/systemctl daemon-reload >/dev/null 2>&1 || : - /bin/systemctl restart pki-rad@${inst}.service || : - else - echo "pkicreate.systemd.servicename=pki-rad@${inst}.service" >> \ - /var/lib/${inst}/conf/CS.cfg || : - fi - else - # Conditionally restart this Dogtag 9 instance - /bin/systemctl condrestart pki-rad@${inst}.service - fi - done -fi -/bin/systemctl daemon-reload >/dev/null 2>&1 || : - -%preun -if [ $1 = 0 ] ; then - /bin/systemctl --no-reload disable pki-rad.target > /dev/null 2>&1 || : - /bin/systemctl stop pki-rad.target > /dev/null 2>&1 || : -fi - -%postun -/bin/systemctl daemon-reload >/dev/null 2>&1 || : -if [ "$1" -ge "1" ] ; then - /bin/systemctl try-restart pki-rad.target >/dev/null 2>&1 || : -fi - - -%files -%defattr(-,root,root,-) -%doc base/ra/LICENSE -%dir %{_sysconfdir}/systemd/system/pki-rad.target.wants -%{_unitdir}/pki-rad@.service -%{_unitdir}/pki-rad.target -%dir %{_datadir}/pki/ra -%{_datadir}/pki/ra/conf/ -%{_datadir}/pki/ra/docroot/ -%{_datadir}/pki/ra/lib/ -%{_datadir}/pki/ra/scripts/ -%{_datadir}/pki/ra/setup/ -%dir %{_localstatedir}/lock/pki/ra -%dir %{_localstatedir}/run/pki/ra -# Details: -# -# * https://fedoraproject.org/wiki/Features/var-run-tmpfs -# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft -# -%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-ra.conf - - -%changelog -* Fri Nov 22 2013 Dogtag Team <pki-devel@redhat.com> 10.2.0-0.1 -- Updated version number to 10.2.0-0.1. - -* Fri Nov 15 2013 Ade Lee <alee@redhat.com> 10.1.0-1 -- Trac Ticket 788 - Clean up spec files -- Update release number for release build - -* Sun Nov 10 2013 Ade Lee <alee@redhat.com> 10.1.0-0.5 -- Change release number for beta build - -* Thu Oct 31 2013 Ade Lee <alee@redhat.com> 10.1.0-0.4 -- Fixed references to /var/run and /var/lock in tmpfiles. - -* Thu Jul 11 2013 Ade Lee <alee@redhat.com> 10.1.0-0.3 -- Add systemd build requirement to fix build failures in f19 - -* Tue Jun 11 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.2 -- Fixed dependencies on pki-server and pki-server-theme. - -* Tue May 7 2013 Ade Lee <alee@redhat.com> 10.1.0-0.1 -- Change release number for 10.1 development - -* Tue Apr 30 2013 Ade Lee <alee@redhat.com> 10.0.2-2 -- Added nss, nss-tools dependencies - -* Fri Apr 26 2013 Ade Lee <alee@redhat.com> 10.0.2-1 -- Change release number for official release. - -* Wed Mar 27 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.1 -- Updated version number to 10.0.2-0.1. - -* Tue Mar 12 2013 Endi S. Dewata <edewata@redhat.com> 10.0.0-3 -- Added python build-time dependency. - -* Mon Mar 4 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-2 -- TRAC Ticket #517 - Clean up theme dependencies -- TRAC Ticket #518 - Remove UI dependencies from pkispawn . . . - -* Fri Dec 7 2012 Ade Lee <alee@redhat.com> 10.0.0-1 -- Update to official release for rc1 - -* Tue Nov 20 2012 Ade Lee <alee@redhat.com> 10.0.0-0.12.b3 -- Update spec fiel to support fedora >= 17 and rhel 7+ -- Update cmake version - -* Mon Nov 12 2012 Ade Lee <alee@redhat.com> 10.0.0-0.11.b3 -- Update release to b3 - -* Mon Oct 29 2012 Ade Lee <alee@redhat.com> 10.0.0-0.10.b2 -- Update release to b2 - -* Mon Oct 8 2012 Ade Lee <alee@redhat.com> 10.0.0-0.9.b1 -- Update release to b1 - -* Fri Oct 5 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.9.a2 -- Merged pki-silent into pki-server. - -* Mon Oct 1 2012 Ade Lee <alee@redhat.com> 10.0.0-0.8.a2 -- Update release to a2 - -* Sun Sep 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.8.a1 -- Modified CMake to use RPM version number - -* Mon Sep 24 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.7.a1 -- Merged pki-setup into pki-server - -* Tue Sep 11 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.6.a1 -- TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances - upon RPM "update" . . . - -* Mon Aug 20 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.5.a1 -- Removed direct dependency on 'pki-native-tools'. - -* Mon Aug 20 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.4.a1 -- Replaced 'pki-deploy' with 'pki-server'. - -* Thu Aug 16 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.3.a1 -- Added 'pki-deploy' runtime dependency - -* Mon Aug 13 2012 Ade Lee <alee@redhat.com> 10.0.0-0.2.a1 -- Added systemd scripts -- Ported config files and init scripts to apache 2.4 - -* Wed Feb 1 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1 -- Updated package version number - -* Thu Sep 22 2011 Ade Lee <alee@redhat.com> 9.0.4-1 -- Bugzilla Bug #733065 - User enrollment with RA -- this fails with - CA Connection Error - -* Thu Jul 14 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-1 -- Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) -- Bugzilla Bug #699364 - PKI-RA instance not created successfully (alee) -- Bugzilla Bug #699837 - service command is not fully backwards - compatible with Dogtag pki subsystems (mharmsen) -- Bugzilla Bug #717765 - TPS configuration: logging into security domain - from tps does not work with clientauth=want. (alee) -- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - -* Tue Apr 26 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.2-1 -- Bugzilla Bug #694569 - parameter used by pkiremove not updated -- Bugzilla Bug #699364 - PKI-RA instance not created successfully -- Bugzilla Bug #699837 - service command is not fully backwards compatible - with Dogtag pki subsystems - -* Fri Mar 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-1 -- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) -- Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - -* Wed Dec 1 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1 -- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0 -- Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs - in the java subsystems -- Bugzilla Bug #651916 - kra and ocsp are using incorrect ports - to talk to CA and complete configuration in DonePanel -- Bugzilla Bug #632425 - Port to tomcat6 -- Bugzilla Bug #638377 - Generate PKI UI components which exclude - a GUI interface -- Bugzilla Bug #643206 - New CMake based build system for Dogtag -- Bugzilla Bug #499494 - change CA defaults to SHA2 -- Bugzilla Bug #656664 - Please Update Spec File to use 'ghost' on files - in /var/run and /var/lock -- Bugzilla Bug #606943 - Convert RA to use ldap utilities from - OpenLDAP instead of the Mozldap - -* Thu Apr 08 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.1-1 -- Bugzilla Bug #564131 - Config wizard : all subsystems - done panel text - needs correction - -* Tue Feb 16 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-6 -- Bugzilla Bug #566060 - Add 'pki-native-tools' as a runtime dependency - for RA, and TPS . . . - -* Fri Jan 29 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-5 -- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . . -- Applied filters for unwanted perl provides and requires -- Restored "perl-DBD-SQLite" runtime dependency - -* Tue Jan 26 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-4 -- Bugzilla Bug #553850 - Review Request: pki-ra - Dogtag Registration Authority -- Per direction from the Fedora community, - removed the following explicit "Requires": - perl-DBI - perl-HTML-Parser - perl-HTML-Tagset - perl-Parse-RecDescent - perl-URI - perl-XML-NamespaceSupport - perl-XML-Parser - perl-XML-Simple - -* Thu Jan 14 2010 Matthew Harmsen <mharmsen@redhat.com> 1.3.0-3 -- Bugzilla Bug #512234 - Move pkiuser:pkiuser check from spec file into pkicreate . . . -- Bugzilla Bug #547471 - Apply PKI SELinux changes to PKI registry model -- Bugzilla Bug #553076 - Apply "registry" logic to pki-ra . . . -- Bugzilla Bug #553078 - Apply "registry" logic to pki-tps . . . -- Bugzilla Bug #553850 - Review Request: pki-ra - Dogtag Registration Authority - -* Mon Dec 14 2009 Kevin Wright <kwright@redhat.com> 1.3.0-2 -- Removed 'with exceptions' from License - -* Fri Oct 16 2009 Ade Lee <alee@redhat.com> 1.3.0-1 -- Bugzilla Bug #X - Fedora Packaging Changes - |