Removed unnecessary pki folder.

Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.

Ticket #131

4 files changed, 314 insertions, 0 deletions

diff --git a/base/migrate/80/MigrateSecurityDomain.class b/base/migrate/80/MigrateSecurityDomain.class
new file mode 100644
index 000000000..f2a174dab
--- /dev/null
+++ b/base/migrate/80/MigrateSecurityDomain.class
diff --git a/base/migrate/80/MigrateSecurityDomain.java b/base/migrate/80/MigrateSecurityDomain.java
new file mode 100644
index 000000000..4624f1259
--- /dev/null
+++ b/base/migrate/80/MigrateSecurityDomain.java
@@ -0,0 +1,235 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2008 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Vector;
+
+import netscape.ldap.LDAPAttribute;
+import netscape.ldap.LDAPAttributeSet;
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPEntry;
+import netscape.ldap.LDAPException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+import com.netscape.cmscore.base.FileConfigStore;
+import com.netscape.cmscore.ldapconn.LdapJssSSLSocketFactory;
+import com.netscape.cmsutil.ldap.LDAPUtil;
+import com.netscape.cmsutil.xml.XMLObject;
+
+public class MigrateSecurityDomain {
+
+    private static LDAPConnection getLDAPConn(FileConfigStore cs, String passwd)
+            throws IOException {
+
+        String host = "";
+        String port = "";
+        String binddn = "";
+        String security = "";
+
+        try {
+            host = cs.getString("internaldb.ldapconn.host");
+            port = cs.getString("internaldb.ldapconn.port");
+            binddn = cs.getString("internaldb.ldapauth.bindDN");
+            security = cs.getString("internaldb.ldapconn.secureConn");
+        } catch (Exception e) {
+            System.out.println("MigrateSecurityDomain: getLDAPConnection" + e.toString());
+            throw new IOException(
+                    "Failed to retrieve LDAP information from CS.cfg.");
+        }
+
+        int p = -1;
+
+        try {
+            p = Integer.parseInt(port);
+        } catch (Exception e) {
+            System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString());
+            throw new IOException("Port is not valid");
+        }
+
+        LDAPConnection conn = null;
+        if (security.equals("true")) {
+            System.out.println("MigrateSecurityDomain getLDAPConn: creating secure (SSL) connection for internal ldap");
+            conn = new LDAPConnection(new LdapJssSSLSocketFactory());
+        } else {
+            System.out.println(
+                    "MigrateSecurityDomain getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+            conn = new LDAPConnection();
+        }
+
+        System.out.println("MigrateSecurityDomain connecting to " + host + ":" + p);
+        try {
+            conn.connect(host, p, binddn, passwd);
+        } catch (LDAPException e) {
+            System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString());
+            throw new IOException("Failed to connect to the internal database.");
+        }
+
+        return conn;
+    }
+
+    public static void main(String args[]) throws Exception {
+        if (args.length != 2) {
+            System.out.println("Usage: MigrateSecurityDomain <instance root path> <directory manager password>");
+            System.exit(0);
+        }
+
+        String instRoot = args[0];
+        String dmPass = args[1];
+
+        XMLObject parser = null;
+        // get the security domain data from the domain.xml file
+        try {
+            String path = instRoot + "/conf/domain.xml";
+            System.out.println("MigrateSecurityDomain: Reading domain.xml from file ...");
+            parser = new XMLObject(new FileInputStream(path));
+
+        } catch (Exception e) {
+            System.out.println("MigrateSecurityDomain: Unable to get domain info from domain.xml file");
+            System.out.println(e.toString());
+            System.exit(1);
+        }
+
+        try {
+            String configFile = instRoot + "/conf/CS.cfg";
+            FileConfigStore cs = new FileConfigStore(configFile);
+
+            LDAPConnection conn = null;
+            conn = MigrateSecurityDomain.getLDAPConn(cs, dmPass);
+            if (conn == null) {
+                System.out.println("MigrateSecurityDomain: Failed to connect to internal database");
+                System.exit(1);
+            }
+
+            // add new schema elements
+            String importFile = "./schema-add.ldif";
+            ArrayList<String> errors = new ArrayList<String>();
+            try {
+                LDAPUtil.importLDIF(conn, importFile, errors);
+                if (! errors.isEmpty()) {
+                    System.out.println("MigrateSecurityDomain: Errors in adding new schema elements:");
+                    for (String error: errors) {
+                        System.out.println(error);
+                    }
+                }
+            } catch (Exception e) {
+                System.out.println("MigrateSecurityDomain: Error in adding new schema elements");
+                System.exit(1);
+            }
+            // create the containers
+            String basedn = cs.getString("internaldb.basedn");
+            String secdomain = parser.getValue("Name");
+
+            try {
+                String dn = "ou=Security Domain," + basedn;
+                System.out.println("MigrateSecurityDomain: creating ldap entry : " + dn);
+
+                LDAPEntry entry = null;
+                LDAPAttributeSet attrs = null;
+                attrs = new LDAPAttributeSet();
+                attrs.add(new LDAPAttribute("objectclass", "top"));
+                attrs.add(new LDAPAttribute("objectclass", "organizationalUnit"));
+                attrs.add(new LDAPAttribute("name", secdomain));
+                attrs.add(new LDAPAttribute("ou", "Security Domain"));
+                entry = new LDAPEntry(dn, attrs);
+                conn.add(entry);
+            } catch (LDAPException e) {
+                if (e.getLDAPResultCode() != 68) {
+                    System.out.println("Unable to create security domain" + e.toString());
+                    System.exit(1);
+                }
+            }
+
+            // create list containers
+            String clist[] = { "CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList" };
+            for (int i = 0; i < 6; i++) {
+                LDAPEntry entry = null;
+                LDAPAttributeSet attrs = null;
+                String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn;
+                attrs = new LDAPAttributeSet();
+                attrs.add(new LDAPAttribute("objectclass", "top"));
+                attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup"));
+                attrs.add(new LDAPAttribute("cn", clist[i]));
+                entry = new LDAPEntry(dn, attrs);
+                try {
+                    conn.add(entry);
+                } catch (LDAPException e) {
+                    if (e.getLDAPResultCode() != 68) {
+                        System.out.println("Unable to create security domain list entry " + dn + ": " + e.toString());
+                        System.exit(1);
+                    }
+                }
+            }
+
+            // create system entries 
+            String tlist[] = { "CA", "OCSP", "KRA", "RA", "TKS", "TPS" };
+            Document doc = parser.getDocument();
+            for (int j = 0; j < 6; j++) {
+                String type = tlist[j];
+                NodeList nodeList = doc.getElementsByTagName(type);
+                int len = nodeList.getLength();
+                for (int i = 0; i < len; i++) {
+                    Vector<String> v_clone = parser.getValuesFromContainer(nodeList.item(i), "Clone");
+                    Vector<String> v_name = parser.getValuesFromContainer(nodeList.item(i), "SubsystemName");
+                    Vector<String> v_host = parser.getValuesFromContainer(nodeList.item(i), "Host");
+                    Vector<String> v_port = parser.getValuesFromContainer(nodeList.item(i), "SecurePort");
+
+                    String cn = (String) v_host.elementAt(0) + ":" + (String) v_port.elementAt(0);
+                    String dn = "cn=" + cn + ",cn=" + type + "List,ou=Security Domain," + basedn;
+                    LDAPEntry entry = null;
+                    LDAPAttributeSet attrs = null;
+                    attrs = new LDAPAttributeSet();
+                    attrs.add(new LDAPAttribute("objectclass", "top"));
+                    attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem"));
+                    attrs.add(new LDAPAttribute("Host", (String) v_host.elementAt(0)));
+                    attrs.add(new LDAPAttribute("SecurePort", (String) v_port.elementAt(0)));
+                    attrs.add(new LDAPAttribute("Clone", (String) v_clone.elementAt(0)));
+                    attrs.add(new LDAPAttribute("SubsystemName", (String) v_name.elementAt(0)));
+                    attrs.add(new LDAPAttribute("cn", cn));
+                    attrs.add(new LDAPAttribute("DomainManager", "true"));
+                    // Since the initial port separation feature didn't occur
+                    // until an RHCS 7.3 errata, simply store the "SecurePort"
+                    // value for BOTH the "SecureAgentPort" and the
+                    // "SecureAdminPort", and DON'T store any values for the
+                    // "UnSecurePort"
+                    attrs.add(new LDAPAttribute("SecureAgentPort", (String) v_port.elementAt(0)));
+                    attrs.add(new LDAPAttribute("SecureAdminPort", (String) v_port.elementAt(0)));
+                    entry = new LDAPEntry(dn, attrs);
+
+                    try {
+                        conn.add(entry);
+                    } catch (LDAPException e) {
+                        if (e.getLDAPResultCode() != 68) {
+                            System.out.println("Unable to create entry " + dn + ": " + e.toString());
+                        }
+                    }
+                }
+            }
+            cs.putString("securitydomain.store", "ldap");
+            cs.commit(false);
+            System.out.println("MigrateSecurityDomain: Domain successfully migrated.");
+        } catch (Exception e) {
+            System.out.println("MigrateSecurityDomain: Migration failed. " + e.toString());
+        }
+        System.exit(0);
+    }
+
+}
diff --git a/base/migrate/80/readme b/base/migrate/80/readme
new file mode 100644
index 000000000..50365c985
--- /dev/null
+++ b/base/migrate/80/readme
@@ -0,0 +1,29 @@
+Date
+
+  Fri Oct  3 00:37:14 EDT 2008
+
+Version
+
+  CMS 8.0
+
+Overview
+
+  In CMS8.0, the security domain data has been migrated into the 
+  internal LDAP database to allow easier replication of this data
+  when cloning.  Prior to this release, this information was stored
+  in the domain.xml configuration file on the CA serving as the Domain 
+  Master.  
+
+Program
+
+  MigrateSecurityDomain - This command will add the relevant schema and migrate 
+  security domain data that resides in domain.xml into the internal database.  
+  The program needs only two arguments - the location of the instance root directory 
+  (like /var/lib/pki-ca) and the directory user's password.
+
+Example
+
+  Here is an example of MigrateSecurityDomain usage
+java -cp /usr/share/java/ldapjdk.jar:/usr/share/java/pki/cmscore.jar:/usr/share/java/pki/cmsutil.jar:/usr/share/java/pki/certsrv.jar:.  MigrateSecurityDomain  /var/lib/pki-ca  mypassword
+
+
diff --git a/base/migrate/80/schema-add.ldif b/base/migrate/80/schema-add.ldif
new file mode 100644
index 000000000..fe6577e51
--- /dev/null
+++ b/base/migrate/80/schema-add.ldif
@@ -0,0 +1,50 @@
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( Clone-oid NAME 'Clone'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( DomainManager-oid NAME 'DomainManager'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SecurePort-oid NAME 'SecurePort'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SubsystemName-oid NAME 'SubsystemName'  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ name ) X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ UnSecurePort ) X-ORIGIN 'user defined' ) 
+