diff options
| author | Ade Lee <alee@redhat.com> | 2012-04-13 13:51:32 -0400 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2012-05-01 17:22:38 -0400 |
| commit | 80aff97bedf8c2ee5f58209f36f18ebbc475ccb1 (patch) | |
| tree | 7a4e6a79f0e29c0596c81aaef47009d66cb56ccf /base/common/functional | |
| parent | dd566ed3c64a69801a9edf3b27f11077aa40ecef (diff) | |
| download | pki-80aff97bedf8c2ee5f58209f36f18ebbc475ccb1.tar.gz pki-80aff97bedf8c2ee5f58209f36f18ebbc475ccb1.tar.xz pki-80aff97bedf8c2ee5f58209f36f18ebbc475ccb1.zip | |
RESTful servlet to configure system in a single servlet.
Installation code common to the panels and the installation servlet are extracted to a
ConfigurationUtils file. The panel code will be cleaned up to use the code in this
class in a later commit.
Contains restful client and test driver code. The test driver code should be modified
and placed in a junit/system test framework. Installation has been tested to work with
the following installations: master CA, clone CA, KRA, OCSP, TKS, subordinate CA, CA
signed by external CA (parts 1 and 2).
Ticket #155
Diffstat (limited to 'base/common/functional')
| -rw-r--r-- | base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java | 1048 |
1 files changed, 1048 insertions, 0 deletions
diff --git a/base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java b/base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java new file mode 100644 index 000000000..4ac322d63 --- /dev/null +++ b/base/common/functional/src/com/netscape/cms/servlet/test/ConfigurationTest.java @@ -0,0 +1,1048 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.servlet.test; + +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.FileReader; +import java.io.IOException; +import java.net.URISyntaxException; +import java.security.KeyPair; +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Iterator; + +import netscape.security.x509.X500Name; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.CommandLineParser; +import org.apache.commons.cli.HelpFormatter; +import org.apache.commons.cli.Options; +import org.apache.commons.cli.ParseException; +import org.apache.commons.cli.PosixParser; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.asn1.ASN1Util; +import org.mozilla.jss.asn1.BIT_STRING; +import org.mozilla.jss.asn1.INTEGER; +import org.mozilla.jss.asn1.InvalidBERException; +import org.mozilla.jss.asn1.SEQUENCE; +import org.mozilla.jss.crypto.AlreadyInitializedException; +import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.crypto.KeyPairAlgorithm; +import org.mozilla.jss.crypto.KeyPairGenerator; +import org.mozilla.jss.crypto.TokenException; +import org.mozilla.jss.pkix.crmf.CertReqMsg; +import org.mozilla.jss.pkix.crmf.CertRequest; +import org.mozilla.jss.pkix.crmf.CertTemplate; +import org.mozilla.jss.pkix.crmf.POPOPrivKey; +import org.mozilla.jss.pkix.crmf.ProofOfPossession; +import org.mozilla.jss.pkix.primitive.Name; +import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo; +import org.mozilla.jss.util.Password; + +import com.netscape.cms.servlet.csadmin.ConfigurationRESTClient; +import com.netscape.cms.servlet.csadmin.model.CertData; +import com.netscape.cms.servlet.csadmin.model.ConfigurationData; +import com.netscape.cms.servlet.csadmin.model.ConfigurationResponseData; +import com.netscape.cmsutil.util.Utils; + +/** + * @author alee + * + */ +public class ConfigurationTest { + + public static void usage(Options options) { + HelpFormatter formatter = new HelpFormatter(); + formatter.printHelp("ConfigurationTest", options); + System.exit(1); + } + + public static void main(String args[]) throws NoSuchAlgorithmException, TokenException, IOException, InvalidBERException { + String host = null; + String port = null; + String cstype = null; + String token_pwd = null; + String db_dir = "./"; + String protocol = "https"; + String pin = null; + String extCertFile = null; + String extChainFile = null; + int testnum=1; + + // parse command line arguments + Options options = new Options(); + options.addOption("t", true, "Subsystem type"); + options.addOption("h", true, "Hostname of the CS subsystem"); + options.addOption("p", true, "Port of the CS subsystem"); + options.addOption("w", true, "Token password"); + options.addOption("d", true, "Directory for tokendb"); + options.addOption("s", true, "preop pin"); + options.addOption("e", true, "File for externally signed signing cert"); + options.addOption("g", true, "File for external CA cert chain"); + options.addOption("x", true, "Test number"); + + try { + CommandLineParser parser = new PosixParser(); + CommandLine cmd = parser.parse(options, args); + + if (cmd.hasOption("t")) { + cstype = cmd.getOptionValue("t"); + } else { + System.err.println("Error: no subsystem type provided."); + usage(options); + } + + if (cmd.hasOption("h")) { + host = cmd.getOptionValue("h"); + } else { + System.err.println("Error: no hostname provided."); + usage(options); + } + + if (cmd.hasOption("p")) { + port = cmd.getOptionValue("p"); + } else { + System.err.println("Error: no port provided"); + usage(options); + } + + if (cmd.hasOption("w")) { + token_pwd = cmd.getOptionValue("w"); + } else { + System.err.println("Error: no token password provided"); + usage(options); + } + + if (cmd.hasOption("d")) { + db_dir = cmd.getOptionValue("d"); + } + + if (cmd.hasOption("s")) { + pin = cmd.getOptionValue("s"); + } + + if (cmd.hasOption("e")) { + extCertFile = cmd.getOptionValue("e"); + } + + if (cmd.hasOption("g")) { + extChainFile = cmd.getOptionValue("g"); + } + + if (cmd.hasOption("x")) { + testnum = Integer.parseInt(cmd.getOptionValue("x")); + } + } catch (ParseException e) { + System.err.println("Error in parsing command line options: " + e.getMessage()); + usage(options); + } + + // Initialize token + try { + CryptoManager.initialize(db_dir); + } catch (AlreadyInitializedException e) { + // it is ok if it is already initialized + } catch (Exception e) { + System.out.println("INITIALIZATION ERROR: " + e.toString()); + System.exit(1); + } + + // log into token + CryptoManager manager = null; + CryptoToken token = null; + try { + manager = CryptoManager.getInstance(); + token = manager.getInternalKeyStorageToken(); + Password password = new Password(token_pwd.toCharArray()); + try { + token.login(password); + } catch (Exception e) { + System.out.println("login Exception: " + e.toString()); + if (!token.isLoggedIn()) { + token.initPassword(password, password); + } + } + } catch (Exception e) { + System.out.println("Exception in logging into token:" + e.toString()); + } + + String baseUri = protocol + "://" + host + ":" + port + "/" + cstype + "/pki"; + ConfigurationRESTClient client = null; + try { + client = new ConfigurationRESTClient(baseUri, null); + } catch (URISyntaxException e1) { + e1.printStackTrace(); + System.exit(1); + } + + ConfigurationData data = null; + switch (testnum) { + case 1: + data = constructCAData(host, port, pin, db_dir, token_pwd, token); + break; + case 2: + data = constructCloneCAData(host, port, pin, db_dir, token_pwd, token); + break; + case 3: + data = constructKRAData(host, port, pin, db_dir, token_pwd, token); + break; + case 4: + data = constructOCSPData(host, port, pin, db_dir, token_pwd, token); + break; + case 5: + data = constructTKSData(host, port, pin, db_dir, token_pwd, token); + break; + case 6: + data = constructSubCAData(host, port, pin, db_dir, token_pwd, token); + break; + case 7: + data = constructExternalCADataPart1(host, port, pin, db_dir, token_pwd, token); + break; + case 8: + data = constructExternalCADataPart2(host, port, pin, db_dir, token_pwd, token, extCertFile, extChainFile); + break; + default: + System.out.println("Invalid test"); + System.exit(1); + } + + ConfigurationResponseData response = client.configure(data); + + System.out.println("status: " + response.getStatus()); + System.out.println("adminCert: " + response.getAdminCert().getCert()); + Collection<CertData> certs = response.getSystemCerts(); + Iterator<CertData> iterator = certs.iterator(); + while (iterator.hasNext()) { + CertData cdata = iterator.next(); + System.out.println("tag: " + cdata.getTag()); + System.out.println("cert: " + cdata.getCert()); + System.out.println("request: " + cdata.getRequest()); + } + + } + + private static ConfigurationData constructCAData(String host, String port, String pin, String db_dir, + String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException, + InvalidBERException { + ConfigurationData data = new ConfigurationData(); + data.setPin(pin); + data.setSecurityDomainType(ConfigurationData.NEW_DOMAIN); + data.setSecurityDomainName("Testca2 security domain"); + data.setIsClone("false"); + data.setHierarchy("root"); + data.setToken(ConfigurationData.TOKEN_DEFAULT); + data.setSubsystemName("test ca subsystem"); + + data.setDsHost(host); + data.setDsPort("7389"); + data.setBaseDN("o=testca2"); + data.setBindDN("cn=Directory Manager"); + data.setDatabase("o=testca2"); + data.setBindpwd("redhat123"); + data.setRemoveData("true"); + data.setSecureConn("false"); + + data.setBackupKeys("true"); + data.setBackupFile("/tmp/testca.p12"); + data.setBackupPassword("redhat123"); + + data.setAdminEmail("alee@redhat.com"); + data.setAdminName("admin"); + data.setAdminPassword("redhat123"); + data.setAdminProfileID("caAdminCert"); + data.setAdminUID("admin"); + String subjectdn = "CN=CA Administrator of Instance testca, UID=admin, E=alee@redhat.com, o=testca2"; + data.setAdminSubjectDN(subjectdn); + + String crmf_request = generateCRMFRequest(token, "2048", subjectdn, false); + data.setAdminCertRequest(crmf_request); + data.setAdminCertRequestType("crmf"); + + // create system certs + Collection<CertData> systemCerts = new ArrayList<CertData>(); + CertData cert1 = new CertData(); + cert1.setTag("signing"); + cert1.setKeyAlgorithm("SHA256withRSA"); + cert1.setKeySize("2048"); + cert1.setKeyType("rsa"); + cert1.setNickname("signingCert testca"); + cert1.setSigningAlgorithm("SHA256withRSA"); + cert1.setSubjectDN("CN=CA Signing Certificate"); + cert1.setToken("Internal Key Storage Token"); + + systemCerts.add(cert1); + + CertData cert2 = new CertData(); + cert2.setTag("ocsp_signing"); + cert2.setKeyAlgorithm("SHA256withRSA"); + cert2.setKeySize("2048"); + cert2.setKeyType("rsa"); + cert2.setNickname("ocspSigningCert testca"); + cert2.setSigningAlgorithm("SHA256withRSA"); + cert2.setSubjectDN("CN= CA OCSP Signing Certificate"); + cert2.setToken("Internal Key Storage Token"); + systemCerts.add(cert2); + + CertData cert3 = new CertData(); + cert3.setTag("sslserver"); + cert3.setKeyAlgorithm("SHA256withRSA"); + cert3.setKeySize("2048"); + cert3.setKeyType("rsa"); + cert3.setNickname("sslServerCert testca"); + cert3.setSubjectDN("CN=" + host); + cert3.setToken("Internal Key Storage Token"); + systemCerts.add(cert3); + + CertData cert4 = new CertData(); + cert4.setTag("subsystem"); + cert4.setKeyAlgorithm("SHA256withRSA"); + cert4.setKeySize("2048"); + cert4.setKeyType("rsa"); + cert4.setNickname("subsystemCert testca"); + cert4.setSubjectDN("CN=CA Subsystem Certificate"); + cert4.setToken("Internal Key Storage Token"); + systemCerts.add(cert4); + + CertData cert5 = new CertData(); + cert5.setTag("audit_signing"); + cert5.setKeyAlgorithm("SHA256withRSA"); + cert5.setKeySize("2048"); + cert5.setKeyType("rsa"); + cert5.setNickname("auditSigningCert testca"); + cert5.setSigningAlgorithm("SHA256withRSA"); + cert5.setSubjectDN("CN=CA Audit Signing Certificate"); + cert5.setToken("Internal Key Storage Token"); + systemCerts.add(cert5); + + data.setSystemCerts(systemCerts); + + return data; + } + + private static ConfigurationData constructSubCAData(String host, String port, String pin, String db_dir, + String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException, + InvalidBERException { + ConfigurationData data = new ConfigurationData(); + data.setPin(pin); + + data.setSecurityDomainType(ConfigurationData.EXISTING_DOMAIN); + data.setSecurityDomainUri("https://" + host + ":9225"); + data.setSecurityDomainUser("admin"); + data.setSecurityDomainPassword("redhat123"); + + data.setIsClone("false"); + data.setHierarchy("join"); + data.setToken(ConfigurationData.TOKEN_DEFAULT); + data.setSubsystemName("test subca subsystem"); + + data.setDsHost(host); + data.setDsPort("7389"); + data.setBaseDN("o=testsubca"); + data.setBindDN("cn=Directory Manager"); + data.setDatabase("o=testsubca"); + data.setBindpwd("redhat123"); + data.setRemoveData("true"); + data.setSecureConn("false"); + + data.setBackupKeys("true"); + data.setBackupFile("/tmp/testsubca.p12"); + data.setBackupPassword("redhat123"); + + data.setAdminEmail("alee@redhat.com"); + data.setAdminName("admin"); + data.setAdminPassword("redhat123"); + data.setAdminProfileID("caAdminCert"); + data.setAdminUID("admin"); + String subjectdn = "CN=CA Administrator of Instance testsubca, UID=admin, E=alee@redhat.com, o=testsubca"; + data.setAdminSubjectDN(subjectdn); + + String crmf_request = generateCRMFRequest(token, "2048", subjectdn, false); + data.setAdminCertRequest(crmf_request); + data.setAdminCertRequestType("crmf"); + + data.setIssuingCA("https://" + host + ":9224"); + + // create system certs + Collection<CertData> systemCerts = new ArrayList<CertData>(); + CertData cert1 = new CertData(); + cert1.setTag("signing"); + cert1.setKeyAlgorithm("SHA256withRSA"); + cert1.setKeySize("2048"); + cert1.setKeyType("rsa"); + cert1.setNickname("signingCert testsubca"); + cert1.setSigningAlgorithm("SHA256withRSA"); + cert1.setSubjectDN("CN=SubCA Signing Certificate"); + cert1.setToken("Internal Key Storage Token"); + + systemCerts.add(cert1); + + CertData cert2 = new CertData(); + cert2.setTag("ocsp_signing"); + cert2.setKeyAlgorithm("SHA256withRSA"); + cert2.setKeySize("2048"); + cert2.setKeyType("rsa"); + cert2.setNickname("ocspSigningCert testsubca"); + cert2.setSigningAlgorithm("SHA256withRSA"); + cert2.setSubjectDN("CN= SubCA OCSP Signing Certificate"); + cert2.setToken("Internal Key Storage Token"); + systemCerts.add(cert2); + + CertData cert3 = new CertData(); + cert3.setTag("sslserver"); + cert3.setKeyAlgorithm("SHA256withRSA"); + cert3.setKeySize("2048"); + cert3.setKeyType("rsa"); + cert3.setNickname("sslServerCert testsubca"); + cert3.setSubjectDN("CN=" + host); + cert3.setToken("Internal Key Storage Token"); + systemCerts.add(cert3); + + CertData cert4 = new CertData(); + cert4.setTag("subsystem"); + cert4.setKeyAlgorithm("SHA256withRSA"); + cert4.setKeySize("2048"); + cert4.setKeyType("rsa"); + cert4.setNickname("subsystemCert testsubca"); + cert4.setSubjectDN("CN=SubCA Subsystem Certificate"); + cert4.setToken("Internal Key Storage Token"); + systemCerts.add(cert4); + + CertData cert5 = new CertData(); + cert5.setTag("audit_signing"); + cert5.setKeyAlgorithm("SHA256withRSA"); + cert5.setKeySize("2048"); + cert5.setKeyType("rsa"); + cert5.setNickname("auditSigningCert testsubca"); + cert5.setSigningAlgorithm("SHA256withRSA"); + cert5.setSubjectDN("CN=SubCA Audit Signing Certificate"); + cert5.setToken("Internal Key Storage Token"); + systemCerts.add(cert5); + + data.setSystemCerts(systemCerts); + + return data; + } + + private static ConfigurationData constructExternalCADataPart1(String host, String port, String pin, String db_dir, + String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException, + InvalidBERException { + ConfigurationData data = new ConfigurationData(); + data.setPin(pin); + + data.setSecurityDomainType(ConfigurationData.NEW_DOMAIN); + data.setSecurityDomainName("External CA security domain"); + + data.setIsClone("false"); + data.setHierarchy("join"); + data.setToken(ConfigurationData.TOKEN_DEFAULT); + data.setSubsystemName("test external ca subsystem"); + + data.setDsHost(host); + data.setDsPort("7389"); + data.setBaseDN("o=testexternalca"); + data.setBindDN("cn=Directory Manager"); + data.setDatabase("o=testexternalca"); + data.setBindpwd("redhat123"); + data.setRemoveData("true"); + data.setSecureConn("false"); + + data.setBackupKeys("true"); + data.setBackupFile("/tmp/testexternalca.p12"); + data.setBackupPassword("redhat123"); + + data.setAdminEmail("alee@redhat.com"); + data.setAdminName("admin"); + data.setAdminPassword("redhat123"); + data.setAdminProfileID("caAdminCert"); + data.setAdminUID("admin"); + String subjectdn = "CN=CA Administrator of Instance testexternalca, UID=admin, E=alee@redhat.com, o=testexternalca"; + data.setAdminSubjectDN(subjectdn); + + String crmf_request = generateCRMFRequest(token, "2048", subjectdn, false); + data.setAdminCertRequest(crmf_request); + data.setAdminCertRequestType("crmf"); + + data.setIssuingCA("External CA"); + + // create system certs + Collection<CertData> systemCerts = new ArrayList<CertData>(); + CertData cert1 = new CertData(); + cert1.setTag("signing"); + cert1.setKeyAlgorithm("SHA256withRSA"); + cert1.setKeySize("2048"); + cert1.setKeyType("rsa"); + cert1.setNickname("signingCert testexternalca"); + cert1.setSigningAlgorithm("SHA256withRSA"); + cert1.setSubjectDN("CN=External CA Signing Certificate"); + cert1.setToken("Internal Key Storage Token"); + + systemCerts.add(cert1); + + CertData cert2 = new CertData(); + cert2.setTag("ocsp_signing"); + cert2.setKeyAlgorithm("SHA256withRSA"); + cert2.setKeySize("2048"); + cert2.setKeyType("rsa"); + cert2.setNickname("ocspSigningCert testexternalca"); + cert2.setSigningAlgorithm("SHA256withRSA"); + cert2.setSubjectDN("CN= External CA OCSP Signing Certificate"); + cert2.setToken("Internal Key Storage Token"); + systemCerts.add(cert2); + + CertData cert3 = new CertData(); + cert3.setTag("sslserver"); + cert3.setKeyAlgorithm("SHA256withRSA"); + cert3.setKeySize("2048"); + cert3.setKeyType("rsa"); + cert3.setNickname("sslServerCert testexternalca"); + cert3.setSubjectDN("CN=" + host); + cert3.setToken("Internal Key Storage Token"); + systemCerts.add(cert3); + + CertData cert4 = new CertData(); + cert4.setTag("subsystem"); + cert4.setKeyAlgorithm("SHA256withRSA"); + cert4.setKeySize("2048"); + cert4.setKeyType("rsa"); + cert4.setNickname("subsystemCert testexternalca"); + cert4.setSubjectDN("CN=External CA Subsystem Certificate"); + cert4.setToken("Internal Key Storage Token"); + systemCerts.add(cert4); + + CertData cert5 = new CertData(); + cert5.setTag("audit_signing"); + cert5.setKeyAlgorithm("SHA256withRSA"); + cert5.setKeySize("2048"); + cert5.setKeyType("rsa"); + cert5.setNickname("auditSigningCert testexternalca"); + cert5.setSigningAlgorithm("SHA256withRSA"); + cert5.setSubjectDN("CN=SubCA Audit Signing Certificate"); + cert5.setToken("Internal Key Storage Token"); + systemCerts.add(cert5); + + data.setSystemCerts(systemCerts); + + return data; + } + + private static ConfigurationData constructExternalCADataPart2(String host, String port, String pin, String db_dir, + String token_pwd, CryptoToken token, String extCertFile, String extChainFile) + throws NoSuchAlgorithmException, TokenException, IOException, InvalidBERException { + ConfigurationData data = new ConfigurationData(); + data.setPin(pin); + + data.setSecurityDomainType(ConfigurationData.NEW_DOMAIN); + data.setSecurityDomainName("External CA security domain"); + + data.setIsClone("false"); + data.setHierarchy("join"); + data.setToken(ConfigurationData.TOKEN_DEFAULT); + data.setSubsystemName("test external ca subsystem"); + + data.setDsHost(host); + data.setDsPort("7389"); + data.setBaseDN("o=testexternalca"); + data.setBindDN("cn=Directory Manager"); + data.setDatabase("o=testexternalca"); + data.setBindpwd("redhat123"); + data.setRemoveData("true"); + data.setSecureConn("false"); + + data.setBackupKeys("true"); + data.setBackupFile("/tmp/testexternalca.p12"); + data.setBackupPassword("redhat123"); + + data.setAdminEmail("alee@redhat.com"); + data.setAdminName("admin"); + data.setAdminPassword("redhat123"); + data.setAdminProfileID("caAdminCert"); + data.setAdminUID("admin"); + String subjectdn = "CN=CA Administrator of Instance testexternalca, UID=admin, E=alee@redhat.com, o=testexternalca"; + data.setAdminSubjectDN(subjectdn); + + String crmf_request = generateCRMFRequest(token, "2048", subjectdn, false); + data.setAdminCertRequest(crmf_request); + data.setAdminCertRequestType("crmf"); + + data.setIssuingCA("External CA"); + data.setStepTwo("true"); + + // create system certs + Collection<CertData> systemCerts = new ArrayList<CertData>(); + CertData cert1 = new CertData(); + cert1.setTag("signing"); + cert1.setKeyAlgorithm("SHA256withRSA"); + cert1.setKeySize("2048"); + cert1.setKeyType("rsa"); + cert1.setNickname("signingCert testexternalca"); + cert1.setSigningAlgorithm("SHA256withRSA"); + cert1.setSubjectDN("CN=External CA Signing Certificate"); + cert1.setToken("Internal Key Storage Token"); + + String extCert = ""; + BufferedReader in = new BufferedReader(new FileReader(extCertFile)); + while (in.ready()) { + extCert += in.readLine(); + } + in.close(); + cert1.setCert(extCert); + + String extCertChain = ""; + in = new BufferedReader(new FileReader(extChainFile)); + while (in.ready()) { + extCertChain += in.readLine(); + } + in.close(); + cert1.setCertChain(extCertChain); + + systemCerts.add(cert1); + + CertData cert2 = new CertData(); + cert2.setTag("ocsp_signing"); + cert2.setKeyAlgorithm("SHA256withRSA"); + cert2.setKeySize("2048"); + cert2.setKeyType("rsa"); + cert2.setNickname("ocspSigningCert testexternalca"); + cert2.setSigningAlgorithm("SHA256withRSA"); + cert2.setSubjectDN("CN= External CA OCSP Signing Certificate"); + cert2.setToken("Internal Key Storage Token"); + systemCerts.add(cert2); + + CertData cert3 = new CertData(); + cert3.setTag("sslserver"); + cert3.setKeyAlgorithm("SHA256withRSA"); + cert3.setKeySize("2048"); + cert3.setKeyType("rsa"); + cert3.setNickname("sslServerCert testexternalca"); + cert3.setSubjectDN("CN=" + host); + cert3.setToken("Internal Key Storage Token"); + systemCerts.add(cert3); + + CertData cert4 = new CertData(); + cert4.setTag("subsystem"); + cert4.setKeyAlgorithm("SHA256withRSA"); + cert4.setKeySize("2048"); + cert4.setKeyType("rsa"); + cert4.setNickname("subsystemCert testexternalca"); + cert4.setSubjectDN("CN=External CA Subsystem Certificate"); + cert4.setToken("Internal Key Storage Token"); + systemCerts.add(cert4); + + CertData cert5 = new CertData(); + cert5.setTag("audit_signing"); + cert5.setKeyAlgorithm("SHA256withRSA"); + cert5.setKeySize("2048"); + cert5.setKeyType("rsa"); + cert5.setNickname("auditSigningCert testexternalca"); + cert5.setSigningAlgorithm("SHA256withRSA"); + cert5.setSubjectDN("CN=SubCA Audit Signing Certificate"); + cert5.setToken("Internal Key Storage Token"); + systemCerts.add(cert5); + + data.setSystemCerts(systemCerts); + + return data; + } + + private static ConfigurationData constructCloneCAData(String host, String port, String pin, String db_dir, + String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException, + InvalidBERException { + ConfigurationData data = new ConfigurationData(); + data.setPin(pin); + data.setSecurityDomainType(ConfigurationData.EXISTING_DOMAIN); + data.setSecurityDomainUri("https://" + host + ":9225"); + data.setSecurityDomainUser("admin"); + data.setSecurityDomainPassword("redhat123"); + + data.setIsClone("true"); + data.setCloneUri("https://" + host + ":9224" ); + data.setP12File("master.p12"); + data.setP12Password("redhat123"); + + data.setHierarchy("root"); + data.setToken(ConfigurationData.TOKEN_DEFAULT); + data.setSubsystemName("test clone ca subsystem"); + + data.setDsHost(host); + data.setDsPort("7494"); + data.setBaseDN("o=testca2"); + data.setBindDN("cn=Directory Manager"); + data.setDatabase("o=testca2"); + data.setBindpwd("redhat123"); + data.setRemoveData("true"); + data.setSecureConn("false"); + + data.setBackupKeys("false"); + + // create system certs + Collection<CertData> systemCerts = new ArrayList<CertData>(); + CertData cert3 = new CertData(); + cert3.setTag("sslserver"); + cert3.setKeyAlgorithm("SHA256withRSA"); + cert3.setKeySize("2048"); + cert3.setKeyType("rsa"); + cert3.setNickname("sslServerCert testca"); + cert3.setSubjectDN("CN=" + host); + cert3.setToken("Internal Key Storage Token"); + systemCerts.add(cert3); + + data.setSystemCerts(systemCerts); + + return data; + } + + private static ConfigurationData constructKRAData(String host, String port, String pin, String db_dir, + String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException, + InvalidBERException { + ConfigurationData data = new ConfigurationData(); + data.setPin(pin); + + data.setSecurityDomainType(ConfigurationData.EXISTING_DOMAIN); + data.setSecurityDomainUri("https://" + host + ":9225"); + data.setSecurityDomainUser("admin"); + data.setSecurityDomainPassword("redhat123"); + + data.setIsClone("false"); + data.setToken(ConfigurationData.TOKEN_DEFAULT); + data.setSubsystemName("test kra subsystem"); + + data.setDsHost(host); + data.setDsPort("7389"); + data.setBaseDN("o=testkra22"); + data.setBindDN("cn=Directory Manager"); + data.setDatabase("o=testkra"); + data.setBindpwd("redhat123"); + data.setRemoveData("true"); + data.setSecureConn("false"); + + data.setBackupKeys("true"); + data.setBackupFile("/tmp/testkra.p12"); + data.setBackupPassword("redhat123"); + + data.setAdminEmail("alee@redhat.com"); + data.setAdminName("admin"); + data.setAdminPassword("redhat123"); + data.setAdminProfileID("caAdminCert"); + data.setAdminUID("admin"); + String subjectdn = "CN=KRA Administrator of Instance testkra, UID=admin, E=alee@redhat.com, o=testkra22"; + data.setAdminSubjectDN(subjectdn); + + String crmf_request = generateCRMFRequest(token, "2048", subjectdn, false); + data.setAdminCertRequest(crmf_request); + data.setAdminCertRequestType("crmf"); + + data.setIssuingCA("https://" + host + ":9224"); + + // create system certs + Collection<CertData> systemCerts = new ArrayList<CertData>(); + CertData cert1 = new CertData(); + cert1.setTag("transport"); + cert1.setKeyAlgorithm("SHA256withRSA"); + cert1.setKeySize("2048"); + cert1.setKeyType("rsa"); + cert1.setNickname("transportCert testkra"); + cert1.setSigningAlgorithm("SHA256withRSA"); + cert1.setSubjectDN("CN=KRA Transport Certificate"); + cert1.setToken("Internal Key Storage Token"); + + systemCerts.add(cert1); + + CertData cert2 = new CertData(); + cert2.setTag("storage"); + cert2.setKeyAlgorithm("SHA256withRSA"); + cert2.setKeySize("2048"); + cert2.setKeyType("rsa"); + cert2.setNickname("storageCert testkra"); + cert2.setSigningAlgorithm("SHA256withRSA"); + cert2.setSubjectDN("CN= KRA Storage Certificate"); + cert2.setToken("Internal Key Storage Token"); + systemCerts.add(cert2); + + CertData cert3 = new CertData(); + cert3.setTag("sslserver"); + cert3.setKeyAlgorithm("SHA256withRSA"); + cert3.setKeySize("2048"); + cert3.setKeyType("rsa"); + cert3.setNickname("sslServerCert testkra"); + cert3.setSubjectDN("CN=" + host); + cert3.setToken("Internal Key Storage Token"); + systemCerts.add(cert3); + + CertData cert4 = new CertData(); + cert4.setTag("subsystem"); + cert4.setKeyAlgorithm("SHA256withRSA"); + cert4.setKeySize("2048"); + cert4.setKeyType("rsa"); + cert4.setNickname("subsystemCert testkra"); + cert4.setSubjectDN("CN=KRA Subsystem Certificate"); + cert4.setToken("Internal Key Storage Token"); + systemCerts.add(cert4); + + CertData cert5 = new CertData(); + cert5.setTag("audit_signing"); + cert5.setKeyAlgorithm("SHA256withRSA"); + cert5.setKeySize("2048"); + cert5.setKeyType("rsa"); + cert5.setNickname("auditSigningCert testkra"); + cert5.setSigningAlgorithm("SHA256withRSA"); + cert5.setSubjectDN("CN=KRA Audit Signing Certificate"); + cert5.setToken("Internal Key Storage Token"); + systemCerts.add(cert5); + + data.setSystemCerts(systemCerts); + + return data; + } + + private static ConfigurationData constructOCSPData(String host, String port, String pin, String db_dir, + String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException, + InvalidBERException { + ConfigurationData data = new ConfigurationData(); + data.setPin(pin); + + data.setSecurityDomainType(ConfigurationData.EXISTING_DOMAIN); + data.setSecurityDomainUri("https://" + host + ":9225"); + data.setSecurityDomainUser("admin"); + data.setSecurityDomainPassword("redhat123"); + + data.setIsClone("false"); + data.setToken(ConfigurationData.TOKEN_DEFAULT); + data.setSubsystemName("test ocsp subsystem"); + + data.setDsHost(host); + data.setDsPort("7389"); + data.setBaseDN("o=testocsp22"); + data.setBindDN("cn=Directory Manager"); + data.setDatabase("o=testocsp22"); + data.setBindpwd("redhat123"); + data.setRemoveData("true"); + data.setSecureConn("false"); + + data.setBackupKeys("true"); + data.setBackupFile("/tmp/testocsp.p12"); + data.setBackupPassword("redhat123"); + + data.setAdminEmail("alee@redhat.com"); + data.setAdminName("admin"); + data.setAdminPassword("redhat123"); + data.setAdminProfileID("caAdminCert"); + data.setAdminUID("admin"); + String subjectdn = "CN=OCSP Administrator of Instance testocsp, UID=admin, E=alee@redhat.com, o=testocsp22"; + data.setAdminSubjectDN(subjectdn); + + String crmf_request = generateCRMFRequest(token, "2048", subjectdn, false); + data.setAdminCertRequest(crmf_request); + data.setAdminCertRequestType("crmf"); + + data.setIssuingCA("https://" + host + ":9224"); + + // create system certs + Collection<CertData> systemCerts = new ArrayList<CertData>(); + CertData cert1 = new CertData(); + cert1.setTag("signing"); + cert1.setKeyAlgorithm("SHA256withRSA"); + cert1.setKeySize("2048"); + cert1.setKeyType("rsa"); + cert1.setNickname("ocspSigningCert testocsp"); + cert1.setSigningAlgorithm("SHA256withRSA"); + cert1.setSubjectDN("CN=OCSP Signing Certificate"); + cert1.setToken("Internal Key Storage Token"); + + systemCerts.add(cert1); + + CertData cert3 = new CertData(); + cert3.setTag("sslserver"); + cert3.setKeyAlgorithm("SHA256withRSA"); + cert3.setKeySize("2048"); + cert3.setKeyType("rsa"); + cert3.setNickname("sslServerCert testocsp"); + cert3.setSubjectDN("CN=" + host); + cert3.setToken("Internal Key Storage Token"); + systemCerts.add(cert3); + + CertData cert4 = new CertData(); + cert4.setTag("subsystem"); + cert4.setKeyAlgorithm("SHA256withRSA"); + cert4.setKeySize("2048"); + cert4.setKeyType("rsa"); + cert4.setNickname("subsystemCert testocsp"); + cert4.setSubjectDN("CN=OCSP Subsystem Certificate"); + cert4.setToken("Internal Key Storage Token"); + systemCerts.add(cert4); + + CertData cert5 = new CertData(); + cert5.setTag("audit_signing"); + cert5.setKeyAlgorithm("SHA256withRSA"); + cert5.setKeySize("2048"); + cert5.setKeyType("rsa"); + cert5.setNickname("auditSigningCert testocsp"); + cert5.setSigningAlgorithm("SHA256withRSA"); + cert5.setSubjectDN("CN=OCSP Audit Signing Certificate"); + cert5.setToken("Internal Key Storage Token"); + systemCerts.add(cert5); + + data.setSystemCerts(systemCerts); + + return data; + } + + private static ConfigurationData constructTKSData(String host, String port, String pin, String db_dir, + String token_pwd, CryptoToken token) throws NoSuchAlgorithmException, TokenException, IOException, + InvalidBERException { + ConfigurationData data = new ConfigurationData(); + data.setPin(pin); + + data.setSecurityDomainType(ConfigurationData.EXISTING_DOMAIN); + data.setSecurityDomainUri("https://" + host + ":9225"); + data.setSecurityDomainUser("admin"); + data.setSecurityDomainPassword("redhat123"); + + data.setIsClone("false"); + data.setToken(ConfigurationData.TOKEN_DEFAULT); + data.setSubsystemName("test tks subsystem"); + + data.setDsHost(host); + data.setDsPort("7389"); + data.setBaseDN("o=testtks22"); + data.setBindDN("cn=Directory Manager"); + data.setDatabase("o=testtks22"); + data.setBindpwd("redhat123"); + data.setRemoveData("true"); + data.setSecureConn("false"); + + data.setBackupKeys("true"); + data.setBackupFile("/tmp/testtks.p12"); + data.setBackupPassword("redhat123"); + + data.setAdminEmail("alee@redhat.com"); + data.setAdminName("admin"); + data.setAdminPassword("redhat123"); + data.setAdminProfileID("caAdminCert"); + data.setAdminUID("admin"); + String subjectdn = "CN=TKS Administrator of Instance testtks, UID=admin, E=alee@redhat.com, o=testtks22"; + data.setAdminSubjectDN(subjectdn); + + String crmf_request = generateCRMFRequest(token, "2048", subjectdn, false); + data.setAdminCertRequest(crmf_request); + data.setAdminCertRequestType("crmf"); + + data.setIssuingCA("https://" + host + ":9224"); + + // create system certs + Collection<CertData> systemCerts = new ArrayList<CertData>(); + + CertData cert3 = new CertData(); + cert3.setTag("sslserver"); + cert3.setKeyAlgorithm("SHA256withRSA"); + cert3.setKeySize("2048"); + cert3.setKeyType("rsa"); + cert3.setNickname("sslServerCert testtks"); + cert3.setSubjectDN("CN=" + host); + cert3.setToken("Internal Key Storage Token"); + systemCerts.add(cert3); + + CertData cert4 = new CertData(); + cert4.setTag("subsystem"); + cert4.setKeyAlgorithm("SHA256withRSA"); + cert4.setKeySize("2048"); + cert4.setKeyType("rsa"); + cert4.setNickname("subsystemCert testtks"); + cert4.setSubjectDN("CN=TKS Subsystem Certificate"); + cert4.setToken("Internal Key Storage Token"); + systemCerts.add(cert4); + + CertData cert5 = new CertData(); + cert5.setTag("audit_signing"); + cert5.setKeyAlgorithm("SHA256withRSA"); + cert5.setKeySize("2048"); + cert5.setKeyType("rsa"); + cert5.setNickname("auditSigningCert testtks"); + cert5.setSigningAlgorithm("SHA256withRSA"); + cert5.setSubjectDN("CN=TKS Audit Signing Certificate"); + cert5.setToken("Internal Key Storage Token"); + systemCerts.add(cert5); + + data.setSystemCerts(systemCerts); + + return data; + } + + private static String generateCRMFRequest(CryptoToken token, String keysize, String subjectdn, boolean dualkey) + throws NoSuchAlgorithmException, TokenException, IOException, InvalidBERException { + KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA); + + Integer x = new Integer(keysize); + int key_len = x.intValue(); + + kg.initialize(key_len); + + // 1st key pair + KeyPair pair = kg.genKeyPair(); + + // create CRMF + CertTemplate certTemplate = new CertTemplate(); + + certTemplate.setVersion(new INTEGER(2)); + + if (subjectdn != null) { + X500Name name = new X500Name(subjectdn); + ByteArrayInputStream cs = new ByteArrayInputStream(name.getEncoded()); + Name n = (Name) Name.getTemplate().decode(cs); + certTemplate.setSubject(n); + } + + certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); + + SEQUENCE seq = new SEQUENCE(); + CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, + seq); + byte popdata[] = { 0x0, 0x3, 0x0 }; + + ProofOfPossession pop = ProofOfPossession.createKeyEncipherment( + POPOPrivKey.createThisMessage(new BIT_STRING(popdata, 3))); + + CertReqMsg crmfMsg = new CertReqMsg(certReq, pop, null); + + SEQUENCE s1 = new SEQUENCE(); + + // 1st : Encryption key + + s1.addElement(crmfMsg); + + // 2nd : Signing Key + + if (dualkey) { + System.out.println("dualkey = true"); + SEQUENCE seq1 = new SEQUENCE(); + CertRequest certReqSigning = new CertRequest(new INTEGER(1), + certTemplate, seq1); + CertReqMsg signingMsg = new CertReqMsg(certReqSigning, pop, null); + + s1.addElement(signingMsg); + } + + byte encoded[] = ASN1Util.encode(s1); + + // BASE64Encoder encoder = new BASE64Encoder(); + // String Req1 = encoder.encodeBuffer(encoded); + String Req1 = Utils.base64encode(encoded); + return Req1; + } +} |