diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-24 02:27:47 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-26 11:43:54 -0500 |
| commit | 621d9e5c413e561293d7484b93882d985b3fe15f (patch) | |
| tree | 638f3d75761c121d9a8fb50b52a12a6686c5ac5c /base/silent/src/com/netscape/pkisilent/common | |
| parent | 40d3643b8d91886bf210aa27f711731c81a11e49 (diff) | |
| download | pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip | |
Removed unnecessary pki folder.
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
Diffstat (limited to 'base/silent/src/com/netscape/pkisilent/common')
17 files changed, 8009 insertions, 0 deletions
diff --git a/base/silent/src/com/netscape/pkisilent/common/BaseState.java b/base/silent/src/com/netscape/pkisilent/common/BaseState.java new file mode 100644 index 000000000..0d5e9cfc6 --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/BaseState.java @@ -0,0 +1,118 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +/** + * CMS Test framework . + * This class reads and sets the values for a CMS subsytems Config file (CS.cfg) + * Using this class you can set the server to a base state. + */ + +public class BaseState { + + private String CMSConfigFile; + private CMSConfig cmscfg = null; + private String ldapbase, ldaphost, ldapport, ldapdn, ldapdnpw; + private boolean ldapsecConn = false; + + // Constructor + + public BaseState() { + } + + /** + * Constructor . Takes the parameter CMSConfigfilename ( with fullpath) + * + * @param CMSConfigfile. + */ + + public BaseState(String cmscfilename) { + CMSConfigFile = cmscfilename; + + } + + /** + * Set the publishing directory information . Takes the paramters ldaphost,ldapport,ldapDN, ldapDN password, BaseDN + * , Secure coonection (true/false) + */ + public void setLDAPInfo(String h, String p, String dn, String pw, String base, boolean sc) { + ldaphost = h; + ldapport = p; + ldapdn = dn; + ldapdnpw = pw; + ldapbase = base; + ldapsecConn = sc; + + } + + /** + * Enable SSL Client authentication for Directory enrollment and publishing + */ + + public void EnableSSLClientAuth() { + ldapsecConn = true; + cmscfg = new CMSConfig(CMSConfigFile); + // Enable DirBaseEnrollment + cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport); + // Enable Publishing + cmscfg.EnablePublishing(ldapsecConn, ldapdn, ldapdnpw, ldaphost, + ldapport); + cmscfg.saveCMSConfig(); + + } + + /** + * Set to CA 's base state . Enables Directory based enrollment , publishing and Portal enrollment + */ + + public void CABaseState() { + cmscfg = new CMSConfig(CMSConfigFile); + cmscfg.EnableAdminEnrollment(); + // Enable DirBaseEnrollment + cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport); + // Enable Publishing + cmscfg.DisablePublishing(ldapsecConn, ldapdn, ldapdnpw, ldaphost, + ldapport, ldapbase); + // Enable Portalbased enrollment + cmscfg.EnablePortalAuth(ldapsecConn, ldapdn, ldapdnpw, ldaphost, + ldapport, ldapbase); + cmscfg.saveCMSConfig(); + + } + + /** + * Set to RA 's base state . Enables Directory based enrollment and Portal enrollment + */ + + public void RABaseState() { + cmscfg = new CMSConfig(CMSConfigFile); + cmscfg.EnableAdminEnrollment(); + // Enable DirBaseEnrollment + cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport); + // Enable Portalbased enrollment + cmscfg.EnablePortalAuth(ldapsecConn, ldapdn, ldapdnpw, ldaphost, + ldapport, ldapbase); + cmscfg.saveCMSConfig(); + + } + + public static void main(String args[]) { + }// end of function main + +} diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java b/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java new file mode 100644 index 000000000..3e4f0bfa2 --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java @@ -0,0 +1,569 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.FileInputStream; +import java.io.FileOutputStream; + +/** + * CMS Test framework . + * This class reads,modifies and saves CS.cfg file + */ + +public class CMSConfig extends ServerInfo { + + /** + * Constructor . Reads the CS.cfg file .Takes the parameter for Configfile ( Provide fullpath) + */ + + public CMSConfig(String confFile) { + CMSConfigFile = confFile; + System.out.println(CMSConfigFile); + readCMSConfig(); + } + + private void readCMSConfig() { + + try { + FileInputStream fiscfg = new FileInputStream(CMSConfigFile); + + CMSprops = new CMSProperties(); + CMSprops.load(fiscfg); + System.out.println("Reading CMS Config file successful"); + fiscfg.close(); + System.out.println("Number in size " + CMSprops.size()); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + /** + * Saves the config file + **/ + + public void saveCMSConfig() { + try { + // Properties s = new Properties(CMSprops); + FileOutputStream fos = new FileOutputStream(CMSConfigFile); + + System.out.println("Number in size " + CMSprops.size()); + // CMSprops.list(System.out); + CMSprops.store(fos, null); + System.out.println("Writing to CMS Config file successful"); + fos.close(); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + // AdminEnrollment + + public void EnableAdminEnrollment() { + CMSprops.setProperty("cmsgateway.enableAdminEnroll", "true"); + + } + + // Authentication + + // Enable DirectoryBased Authentication + /** + * Takes parameters : secureConnection( true/false), basedn, ldaphostname, lapdaportnumber ( in case of secured + * connection give ldap secured port) + */ + + public void EnableDirEnrollment(boolean secureConn, String ldapbase, String lhost, String lport) { + CMSprops.setProperty("auths.instance.UserDirEnrollment.dnpattern", + "UID=$attr.uid,E=$attr.mail.1,CN=$attr.cn,OU=$dn.ou.2,O=$dn.o,C=US"); + CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.basedn", + ldapbase); + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.host", lhost); + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.version", "3"); + CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.maxConns", + "8"); + CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.minConns", + "2"); + // CMSprops.setProperty("auths.instance.UserDirEnrollment.ldapByteAttributes=",""); + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldapStringAttributes", "mail"); + CMSprops.setProperty("auths.instance.UserDirEnrollment.pluginName", + "UidPwdDirAuth"); + if (secureConn) { + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn", + "true"); + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.port", lport); + + } else { + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn", + "false"); + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.port", lport); + + } + } + + public void DisableDirEnrollment() { + CMSprops.remove("auths.instance.UserDirEnrollment.dnpattern"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.basedn"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.host"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.port"); + CMSprops.remove( + "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.version"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.maxConns"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.minConns"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldapByteAttributes="); + CMSprops.remove("auths.instance.UserDirEnrollment.ldapStringAttributes"); + CMSprops.remove("auths.instance.UserDirEnrollment.pluginName"); + + } + + public void EnableCMCAuth() { + + CMSprops.setProperty("auths.instance.testcmc.pluginName", + "CMCAuthentication"); + } + + /** + * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber ( + * in case of secured connection give ldap secured port), basedn (e.g ou=people,o=mcom.com) + */ + + void EnablePortalAuth(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport, + String lbsuffix) { + String certnickname = null; + + CMSprops.setProperty("auths.instance.PortalEnrollment.pluginName", + "PortalEnroll"); + CMSprops.setProperty("auths.instance.PortalEnrollment.dnpattern", + "uid=$attr.uid,cn=$attr.cn,O=$dn.co,C=$dn.c"); + CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.basedn", + lbsuffix); + CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.maxConns", + "3"); + CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.minConns", + "2"); + CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.objectclass", + "inetOrgPerson"); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.bindDN", + ldaprootDN); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.bindPassword", + ldaprootDNPW); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.bindPWPrompt", + "Rule PortalEnrollment"); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.host", lhost); + if (secureConn) { + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.secureConn", + "true"); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.clientCertNickname", + certnickname); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.authtype", + "SslClientAuth"); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.port", lport); + + } else { + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.secureConn", + "false"); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.port", lport); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.authtype", + "BasicAuth"); + } + + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.version", "3"); + + } + + // Publishing + /** + * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber ( + * in case of secured connection give ldap secured port) + */ + + public void EnablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport) { + + CMSprops.setProperty("ca.publish.enable", "true"); + CMSprops.setProperty("ca.publish.ldappublish.enable", "true"); + if (secureConn) { + CMSprops.setProperty( + "ca.publish.ldappublish.ldap.ldapconn.secureConn", "true"); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", + lport); + + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", + "SslClientAuth"); + } else { + CMSprops.setProperty( + "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false"); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", + lport); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", + "BasicAuth"); + } + + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindDN", + ldaprootDN); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPassword", + ldaprootDNPW); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt", + "CA LDAP Publishing"); + + // set the hostname with fully qulified name if you are using SSL + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.host", lhost); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.version", "3"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapCaSimpleMap.class", + "com.netscape.cms.publish.mappers.LdapCaSimpleMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapDNCompsMap.class", + "com.netscape.cms.publish.mappers.Lda pCertCompsMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapDNExactMap.class", + "com.netscape.cms.publish.mappers.LdapCertExactMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapEnhancedMap.class", + "com.netscape.cms.publish.mappers.LdapEnhancedMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapSimpleMap.class", + "com.netscape.cms.publish.mappers.LdapSimpleMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapSubjAttrMap.class", + "com.netscape.cms.publish.mappers.LdapCertSubjMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.createCAEntry", "true"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.dnPattern", + "UID=CManager,OU=people,O=mcom.com"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.pluginName", + "LdapCaSimpleMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCrlMap.createCAEntry", "true"); + CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.dnPattern", + "UID=CManager,OU=people,O=mcom.com"); + CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.pluginName", + "LdapCaSimpleMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapUserCertMap.dnPattern", + "UID=$subj.UID,OU=people,O=mcom.com"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapUserCertMap.pluginName", + "LdapSimpleMap"); + CMSprops.setProperty( + "ca.publish.publisher.impl.FileBasedPublisher.class", + "com.netscape.cms.publish.publishers.FileBasedPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.impl.LdapCaCertPublisher.class", + "com.netscape.cms.publish.publishers.LdapCaCertPublisher"); + CMSprops.setProperty("ca.publish.publisher.impl.LdapCrlPublisher.class", + "com.netscape.cms.publish.publishers.LdapCrlPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.impl.LdapUserCertPublisher.class", + "com.netscape.cms.publish.publishers.LdapUserCertPublisher"); + CMSprops.setProperty("ca.publish.publisher.impl.OCSPPublisher.class", + "com.netscape.cms.publish.publishers.OCSPPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr", + "caCertificate;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass", + "certificationAuthority"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.pluginName", + "LdapCaCertPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCrlPublisher.crlAttr", + "certificateRevocationList;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCrlPublisher.pluginName", + "LdapCrlPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapUserCertPublisher.certAttr", + "userCertificate;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapUserCertPublisher.pluginName", + "LdapUserCertPublisher"); + } + + public void DisablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, + String lport, String base) { + + CMSprops.setProperty("ca.publish.enable", "false"); + CMSprops.setProperty("ca.publish.ldappublish.enable", "false"); + if (secureConn) { + CMSprops.setProperty( + "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false"); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", + lport); + + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", + "SslClientAuth"); + } else { + CMSprops.setProperty( + "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false"); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", + lport); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", + "BasicAuth"); + } + + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindDN", + ldaprootDN); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPassword", + ldaprootDNPW); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt", + "CA LDAP Publishing"); + + // set the hostname with fully qulified name if you are using SSL + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.host", lhost); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.version", "3"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapCaSimpleMap.class", + "com.netscape.cms.publish.mappers.LdapCaSimpleMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapDNCompsMap.class", + "com.netscape.cms.publish.mappers.Lda pCertCompsMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapDNExactMap.class", + "com.netscape.cms.publish.mappers.LdapCertExactMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapEnhancedMap.class", + "com.netscape.cms.publish.mappers.LdapEnhancedMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapSimpleMap.class", + "com.netscape.cms.publish.mappers.LdapSimpleMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapSubjAttrMap.class", + "com.netscape.cms.publish.mappers.LdapCertSubjMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.createCAEntry", + "false"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.dnPattern", + "UID=CManager,OU=people," + base); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.pluginName", + "LdapCaSimpleMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCrlMap.createCAEntry", "false"); + CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.dnPattern", + "UID=CManager,OU=people," + base); + CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.pluginName", + "LdapCaSimpleMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapUserCertMap.dnPattern", + "UID=$subj.UID,OU=people," + base); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapUserCertMap.pluginName", + "LdapSimpleMap"); + CMSprops.setProperty( + "ca.publish.publisher.impl.FileBasedPublisher.class", + "com.netscape.cms.publish.publishers.FileBasedPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.impl.LdapCaCertPublisher.class", + "com.netscape.cms.publish.publishers.LdapCaCertPublisher"); + CMSprops.setProperty("ca.publish.publisher.impl.LdapCrlPublisher.class", + "com.netscape.cms.publish.publishers.LdapCrlPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.impl.LdapUserCertPublisher.class", + "com.netscape.cms.publish.publishers.LdapUserCertPublisher"); + CMSprops.setProperty("ca.publish.publisher.impl.OCSPPublisher.class", + "com.netscape.cms.publish.publishers.OCSPPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr", + "caCertificate;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass", + "certificationAuthority"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.pluginName", + "LdapCaCertPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCrlPublisher.crlAttr", + "certificateRevocationList;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCrlPublisher.pluginName", + "LdapCrlPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapUserCertPublisher.certAttr", + "userCertificate;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapUserCertPublisher.pluginName", + "LdapUserCertPublisher"); + } + + public void CreateOCSPPublisher(String OCSPHost, String OCSPPort, String OCSPEEPort) { + // Set host nmae with fully qualified hostname + String location = "http://" + OCSPHost + ":" + OCSPEEPort + "/ocsp"; + + CMSprops.setProperty("ca.crl.MasterCRL.alwaysUpdate", "true"); + CMSprops.setProperty( + "ca.publish.publisher.instance.CAOCSPPublisher.host", OCSPHost); + CMSprops.setProperty( + "ca.publish.publisher.instance.CAOCSPPublisher.path", + "/ocsp/addCRL"); + CMSprops.setProperty( + "ca.publish.publisher.instance.CAOCSPPublisher.pluginName", + "OCSPPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.CAOCSPPublisher.port", OCSPPort); + CMSprops.setProperty( + "ca.publish.rule.instance.OCSPPublishingRule.enable", "true"); + CMSprops.setProperty( + "ca.publish.rule.instance.OCSPPublishingRule.mapper", ""); + CMSprops.setProperty( + "ca.publish.rule.instance.OCSPPublishingRule.pluginName", "Rule"); + CMSprops.setProperty( + "ca.publish.rule.instance.OCSPPublishingRule.predicate", ""); + CMSprops.setProperty( + "ca.publish.rule.instance.OCSPPublishingRule.publisher", + "CAOCSPPublisher"); + CMSprops.setProperty("ca.publish.rule.instance.OCSPPublishingRule.type", + "crl"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.ad0_location", + location); + CMSprops.setProperty( + "ca.Policy.rule.AuthInfoAccessExt.ad0_location_type", "URL"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.ad0_method", + "ocsp"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.critical", + "false"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.enable", "true"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.implName", + "AuthInfoAccessExt"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.numADs", "1"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.predicate", + "HTTP_PARAMS.certType == client"); + + } + + public void EnableOCSPLDAPStore(String certInstanceID) { + String certNickName = "ocspSigningCert cert-" + certInstanceID; + + CMSprops.setProperty("ocsp.storeId", "ldapStore"); + CMSprops.setProperty("ocsp.store.defStore.byName", "true"); + CMSprops.setProperty("ocsp.store.defStore.class", + "com.netscape.cms.ocsp.DefStore"); + CMSprops.setProperty("ocsp.store.defStore.includeNextUpdate", "true"); + CMSprops.setProperty("ocsp.store.defStore.notFoundAsGood", "true"); + CMSprops.setProperty("ocsp.store.ldapStore.baseDN0", ldapBaseSuffix); + CMSprops.setProperty("ocsp.store.ldapStore.byName", "true"); + CMSprops.setProperty("ocsp.store.ldapStore.caCertAttr", + "cACertificate;binary"); + CMSprops.setProperty("ocsp.store.ldapStore.class", + "com.netscape.cms.ocsp.LDAPStore"); + CMSprops.setProperty("ocsp.store.ldapStore.crlAttr", + "certificateRevocationList;binary"); + CMSprops.setProperty("ocsp.store.ldapStore.host0", ldapHost); + CMSprops.setProperty("ocsp.store.ldapStore.includeNextUpdate", "true"); + CMSprops.setProperty("ocsp.store.ldapStore.notFoundAsGood", "true"); + CMSprops.setProperty("ocsp.store.ldapStore.numConns", "1"); + CMSprops.setProperty("ocsp.store.ldapStore.port0", ldapPort); + CMSprops.setProperty("ocsp.store.ldapStore.refreshInSec0", "864"); + CMSprops.setProperty("ocsp.signing.certnickname", certNickName); + CMSprops.setProperty("ocsp.signing.defaultSigningAlgorithm", + "MD5withRSA"); + CMSprops.setProperty("ocsp.signing.tokenname", "internal"); + + } + + public void SetupKRAConnectorInCA(String certInstanceID, String KRAHost, String KRAPort) { + String certNickName = "Server-Cert " + certInstanceID; + + CMSprops.setProperty("ca.connector.KRA.enable", "true"); + CMSprops.setProperty("ca.connector.KRA.host", KRAHost); + CMSprops.setProperty("ca.connector.KRA.local", "false"); + CMSprops.setProperty("ca.connector.KRA.nickName", certNickName); + CMSprops.setProperty("ca.connector.KRA.port", KRAPort); + CMSprops.setProperty("ca.connector.KRA.timeout", "30"); + CMSprops.setProperty("ca.connector.KRA.uri", "/kra/connector"); + + } + + public void DisableCardCryptoValidationinTKS() { + CMSprops.setProperty("cardcryptogram.validate.enable", "false"); + } + + // Policies + public void DefaultValidityRule(String SubsystemType, String lagtime, String leadtime, String maxValidity) { + if (SubsystemType.equals("ca")) { + CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.enable", + "true"); + CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.implName", + "ValidityConstraints"); + CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.lagTime", + lagtime); + CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.leadTime", + leadtime); + CMSprops.setProperty( + "ca.Policy.rule.DefaultValidityRule.maxValidity", + maxValidity); + CMSprops.setProperty( + "ca.Policy.rule.DefaultValidityRule.minValidity", "1"); + CMSprops.setProperty( + "ca.Policy.rule.DefaultValidityRule.notBeforeSkew", "5"); + CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.predicate", + null); + } else { + + CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.enable", + "true"); + CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.implName", + "ValidityConstraints"); + CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.lagTime", + lagtime); + CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.leadTime", + leadtime); + CMSprops.setProperty( + "ra.Policy.rule.DefaultValidityRule.maxValidity", + maxValidity); + CMSprops.setProperty( + "ra.Policy.rule.DefaultValidityRule.minValidity", "1"); + CMSprops.setProperty( + "ra.Policy.rule.DefaultValidityRule.notBeforeSkew", "5"); + CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.predicate", + null); + } + + } + + // Main Function + public static void main(String args[]) { + System.out.println(args.length); + + if (args.length < 1) { + System.out.println("Usage : ConfigFilePath"); + System.exit(-1); + } + + CMSConfig s = new CMSConfig(args[0]); + + // boolean secureC = false; + // s.EnableDirEnrollment(secureC); + s.saveCMSConfig(); + + }// end of function main + +} // end of class + diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java b/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java new file mode 100644 index 000000000..91a273df6 --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java @@ -0,0 +1,609 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.ByteArrayInputStream; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; + +import netscape.ldap.LDAPAttribute; +import netscape.ldap.LDAPAttributeSet; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPEntry; +import netscape.ldap.LDAPException; +import netscape.ldap.LDAPModification; +import netscape.ldap.LDAPModificationSet; +import netscape.ldap.LDAPSearchResults; +import netscape.ldap.LDAPv2; + +/** + * CMS Test framework . + * Using this class you can add a user and user certificate to LDAP server. + * You can also check if a certificate / CRL is published in LDAP server + * USe this class to turn of SSL and turn on SSL in a LDAP server. + */ + +public class CMSLDAP { + + private String HOST, DN, BASEDN, PASSWORD; + private int PORT; + + private LDAPConnection conn = new LDAPConnection(); + + public CMSLDAP() { + } + + /** + * Constructor. Takes parametes ldaphost, ldapport + */ + public CMSLDAP(String h, String p) { + HOST = h; + PORT = Integer.parseInt(p); + } + + /** + * Cosntructor. Takes parameters ldaphost,ldapport,ldapbinddn, ldapbindnpassword. + */ + public CMSLDAP(String h, String p, String dn, String pwd) { + HOST = h; + PORT = Integer.parseInt(p); + DN = dn; + PASSWORD = pwd; + } + + /** + * Connect to ldap server + */ + + public boolean connect() { + try { + conn.connect(HOST, PORT, DN, PASSWORD); + return true; + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + } + + /** + * Disconnect form ldap server + */ + + public void disconnect() { + + if ((conn != null) && conn.isConnected()) { + try { + conn.disconnect(); + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + } + + } + + } + + /** + * Search for certificaterevocationList attribute. Takes basedn and filter as parameters + */ + + public boolean searchCRL(String basedn, String filter) throws LDAPException { + int searchScope = LDAPv2.SCOPE_SUB; + String getAttrs[] = { "certificateRevocationList;binary" }; + LDAPSearchResults results = conn.search(basedn, searchScope, filter, + getAttrs, false); + + if (results == null) { + System.out.println("Could not search"); + return false; + } + while (results.hasMoreElements()) { + LDAPEntry entry = (LDAPEntry) results.nextElement(); + + System.out.println(entry.getDN()); + LDAPAttribute anAttr = entry.getAttribute( + "certificateRevocationList;binary"); + + if (anAttr == null) { + System.out.println("Attribute not found "); + return false; + } else { + System.out.println(anAttr.getName()); + System.out.println(anAttr.getByteValueArray()); + return true; + } + } + return true; + } + + /** + * Search for attriburte usercertificate. Takes parameters basedn and filter + */ + + public boolean searchUserCert(String basedn, String filter) throws LDAPException { + int searchScope = LDAPv2.SCOPE_SUB; + String getAttrs[] = { "usercertificate;binary" }; + LDAPSearchResults results = conn.search(basedn, searchScope, filter, + getAttrs, false); + + if (results == null) { + System.out.println("Could not search"); + return false; + } + while (results.hasMoreElements()) { + LDAPEntry entry = (LDAPEntry) results.nextElement(); + + System.out.println(entry.getDN()); + LDAPAttribute anAttr = entry.getAttribute("usercertificate;binary"); + + if (anAttr == null) { + System.out.println("Attribute not found "); + return false; + } else { + System.out.println(anAttr.getName()); + System.out.println(anAttr.getByteValueArray()); + return true; + } + } + return true; + } + + /** + * Adds a user to direcrtory server . Takes parameters basedn, cn,sn,uid and passwd + */ + + public boolean userAdd(String basedn, String cn, String sn, String uid, String pwd) { + try { + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + + attrSet.add( + new LDAPAttribute("objectclass", + new String[] { + "top", "person", "organizationalPerson", + "inetorgperson" })); + attrSet.add(new LDAPAttribute("cn", cn)); + attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com")); + attrSet.add(new LDAPAttribute("userpassword", pwd)); + attrSet.add(new LDAPAttribute("sn", sn)); + attrSet.add(new LDAPAttribute("givenName", cn + sn)); + String name = "uid=" + uid + "," + basedn; + + System.out.println("Basedn " + name); + LDAPEntry entry = new LDAPEntry(name, attrSet); + + conn.add(entry); + System.out.println("ADDED: " + name); + return true; + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + private X509Certificate getXCertificate(byte[] cpack) { + + try { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream s = new ByteArrayInputStream(cpack); + + System.out.println("Building certificate :" + cpack); + java.security.cert.X509Certificate the_cert = ( + java.security.cert.X509Certificate) cf.generateCertificate(s); + + return the_cert; + } catch (Exception e) { + System.out.println("ERROR: getXCertificate " + e.toString()); + return null; + } + + } + + private String buildDNString(String s) { + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == ',') && (s.charAt(i + 1) == ' ')) { + val += ','; + i++; + continue; + } else { + val += s.charAt(i); + } + } + return val; + } + + /** + * Returns the SerialNumber;issuerDN;SubjectDN string. + * Takes certificate as parameter + */ + + public String getCertificateString(X509Certificate cert) { + if (cert == null) { + return null; + } + String idn = ((cert.getIssuerDN()).toString()).trim(); + + idn = buildDNString(idn); + String sdn = ((cert.getSubjectDN()).toString()).trim(); + + sdn = buildDNString(sdn); + + System.out.println("GetCertificateString : " + idn + ";" + sdn); + + // note that it did not represent a certificate fully + // return cert.getVersion() + ";" + cert.getSerialNumber().toString() + + // ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); + return "2;" + cert.getSerialNumber().toString() + ";" + idn + ";" + sdn; + + } + + /** + * Adds a user of objectclass cmsuser . Takes cn,sn,uid,password,certificate as parameters. + */ + public boolean CMSuserAdd(String cn, String sn, String uid, String pwd, byte[] certpack) { + try { + X509Certificate cert = getXCertificate(certpack); + + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + + attrSet.add( + new LDAPAttribute("objectclass", + new String[] { + "top", "person", "organizationalPerson", + "inetorgperson", "cmsuser" })); + attrSet.add(new LDAPAttribute("cn", cn)); + attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com")); + attrSet.add(new LDAPAttribute("userpassword", pwd)); + attrSet.add(new LDAPAttribute("sn", sn)); + attrSet.add(new LDAPAttribute("givenName", cn + sn)); + attrSet.add(new LDAPAttribute("usertype", "sub")); + attrSet.add(new LDAPAttribute("userstate", "1")); + + attrSet.add( + new LDAPAttribute("description", getCertificateString(cert))); + LDAPAttribute attrCertBin = new LDAPAttribute("usercertificate"); + + attrCertBin.addValue(cert.getEncoded()); + attrSet.add(attrCertBin); + + String name = "uid=" + uid + "," + + "ou=People,o=netscapecertificateServer"; + LDAPEntry entry = new LDAPEntry(name, attrSet); + + conn.add(entry); + System.out.println("ADDED: " + name); + return true; + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + /** + * Adds a user of objectclass cmsuser . Takes cn,sn,uid,password,certificate as parameters. + */ + + public boolean CMSuserAdd(String cn, String sn, String uid, String pwd, X509Certificate cert) { + + try { + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + + attrSet.add( + new LDAPAttribute("objectclass", + new String[] { + "top", "person", "organizationalPerson", + "inetorgperson", "cmsuser" })); + attrSet.add(new LDAPAttribute("cn", cn)); + attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com")); + attrSet.add(new LDAPAttribute("userpassword", pwd)); + attrSet.add(new LDAPAttribute("sn", sn)); + attrSet.add(new LDAPAttribute("givenName", cn + sn)); + attrSet.add(new LDAPAttribute("usertype", "sub")); + attrSet.add(new LDAPAttribute("userstate", "1")); + + attrSet.add( + new LDAPAttribute("description", getCertificateString(cert))); + + LDAPAttribute attrCertBin = new LDAPAttribute("usercertificate"); + + attrCertBin.addValue(cert.getEncoded()); + attrSet.add(attrCertBin); + + String name = "uid=" + uid + "," + + "ou=People,o=netscapecertificateServer"; + LDAPEntry entry = new LDAPEntry(name, attrSet); + + conn.add(entry); + System.out.println("ADDED: " + name); + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + return true; + } + + /** + * adds a cms user to Trusted Manager Group. Takes uid as parameter. + */ + + public boolean addCMSUserToTMGroup(String uid) { + try { + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + LDAPAttribute um = new LDAPAttribute("uniquemember", + "uid=" + uid + ",ou=People,o=NetscapeCertificateServer"); + + attrSet.add(um); + LDAPModification gr = new LDAPModification(LDAPModification.ADD, um); + + String dn = "cn=Trusted Managers,ou=groups,o=netscapeCertificateServer"; + + conn.modify(dn, gr); + return true; + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + /** + * adds a cms user to Agent Group. Takes subsytem (ca/ra/ocsp/kra) and uid as parameters . + */ + + public boolean addCMSUserToAgentGroup(String subsystem, String uid) { + try { + String dn = null; + + if (subsystem.equals("ocsp")) { + dn = "cn=Online Certificate Status Manager Agents,ou=groups,o=netscapeCertificateServer"; + } + if (subsystem.equals("kra")) { + dn = "cn=Data Recovery Manager Agents,ou=groups,o=netscapeCertificateServer"; + } + if (subsystem.equals("ra")) { + dn = "cn=Registration Manager Agents,ou=groups,o=netscapeCertificateServer"; + } + if (subsystem.equals("ca")) { + dn = "cn=Certificate Manager Agents,ou=groups,o=netscapeCertificateServer"; + } + if (subsystem.equals("tks")) { + dn = "cn=Token Key Service Manager Agents,ou=groups,o=netscapeCertificateServer"; + } + + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + LDAPAttribute um = new LDAPAttribute("uniquemember", + "uid=" + uid + ",ou=People,o=NetscapeCertificateServer"); + + System.out.println( + "uid=" + uid + ",ou=People,o=NetscapeCertificateServer"); + + attrSet.add(um); + LDAPModification gr = new LDAPModification(LDAPModification.ADD, um); + + conn.modify(dn, gr); + + return true; + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + /** + * Will trun of SSL in LDAP server + **/ + + public boolean TurnOffSSL() { + try { + + LDAPModificationSet mods = new LDAPModificationSet(); + LDAPAttribute ssl3 = new LDAPAttribute("nsssl3", "off"); + LDAPAttribute ssl3ciphers = new LDAPAttribute("nsssl3ciphers", ""); + LDAPAttribute kfile = new LDAPAttribute("nskeyfile", "alias/"); + LDAPAttribute cfile = new LDAPAttribute("nscertfile", "alias/"); + LDAPAttribute cauth = new LDAPAttribute("nssslclientauth", "allowed"); + + // conn.delete("cn=RSA,cn=encryption,cn=config"); + + mods.add(LDAPModification.REPLACE, ssl3); + mods.add(LDAPModification.DELETE, ssl3ciphers); + mods.add(LDAPModification.DELETE, kfile); + mods.add(LDAPModification.DELETE, cfile); + mods.add(LDAPModification.DELETE, cauth); + System.out.println("going to mod"); + // conn.modify("cn=encryption,cn=config",mods); + System.out.println("mod en=encryption"); + int i = 4; + + while (i >= 0) { + mods.removeElementAt(i); + i--; + } + + LDAPAttribute sec = new LDAPAttribute("nsslapd-security", "off"); + + mods.add(LDAPModification.REPLACE, sec); + conn.modify("cn=config", mods); + System.out.println("mod cn=config"); + + return true; + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + /** + * Will Turn ON SSL in LDAP server . Takes certPrefix, certificatenickanme and sslport as parameters. + **/ + + public boolean TurnOnSSL(String certPrefix, String certName, String sslport) { + String CIPHERS = + "-rsa_null_md5,+rsa_fips_3des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_rc4_128_md5,+rsa_des_sha,+rsa_rc2_40_md5,+rsa_rc4_40_md5"; + + try { + int searchScope = LDAPv2.SCOPE_SUB; + String getAttrs[] = { "nssslactivation" }; + + LDAPModificationSet mods = new LDAPModificationSet(); + LDAPAttribute sec = new LDAPAttribute("nsslapd-security", "on"); + LDAPAttribute sp = new LDAPAttribute("nsslapd-securePort", sslport); + + mods.add(LDAPModification.REPLACE, sec); + mods.add(LDAPModification.REPLACE, sp); + conn.modify("cn=config", mods); + mods.removeElementAt(1); + mods.removeElementAt(0); + + LDAPAttribute ssl3 = new LDAPAttribute("nsssl3", "on"); + LDAPAttribute ssl3ciphers = new LDAPAttribute("nsssl3ciphers", + CIPHERS); + LDAPAttribute kfile = new LDAPAttribute("nskeyfile", + "alias/" + certPrefix + "-key3.db"); + LDAPAttribute cfile = new LDAPAttribute("nscertfile", + "alias/" + certPrefix + "-cert7.db"); + LDAPAttribute cauth = new LDAPAttribute("nssslclientauth", "allowed"); + + mods.add(LDAPModification.REPLACE, ssl3); + mods.add(LDAPModification.REPLACE, ssl3ciphers); + mods.add(LDAPModification.REPLACE, kfile); + mods.add(LDAPModification.REPLACE, cfile); + mods.add(LDAPModification.REPLACE, cauth); + + conn.modify("cn=encryption,cn=config", mods); + int i = 4; + + while (i >= 0) { + mods.removeElementAt(i); + i--; + } + + // conn.delete("cn=RSA,cn=encryption,cn=config"); + try { + conn.search( + "cn=RSA,cn=encryption,cn=config", searchScope, null, + getAttrs, false); // check for errors + + LDAPAttribute cn = new LDAPAttribute("cn", "RSA"); + LDAPAttribute ssltoken = new LDAPAttribute("nsssltoken", + "internal (software)"); + LDAPAttribute activation = new LDAPAttribute("nssslactivation", + "on"); + LDAPAttribute cname = new LDAPAttribute("nssslpersonalityssl", + certName); + + mods.add(LDAPModification.REPLACE, cn); + mods.add(LDAPModification.REPLACE, ssltoken); + mods.add(LDAPModification.REPLACE, activation); + mods.add(LDAPModification.REPLACE, cname); + + conn.modify("cn=RSA,cn=encryption,cn=config", mods); + + } catch (Exception e1) { + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + + attrSet.add( + new LDAPAttribute("objectclass", + new String[] { "top", "nsEncryptionModule" })); + attrSet.add(new LDAPAttribute("cn", "RSA")); + attrSet.add( + new LDAPAttribute("nsssltoken", "internal (software)")); + attrSet.add(new LDAPAttribute("nssslactivation", "on")); + attrSet.add(new LDAPAttribute("nssslpersonalityssl", certName)); + LDAPEntry entry = new LDAPEntry("cn=RSA,cn=encryption,cn=config", + attrSet); + + conn.add(entry); + } + + return true; + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + public static void main(String args[]) { + String HOST = args[0]; + // int PORT = Integer.parseInt(args[1]); + String PORT = args[1]; + String DN = args[2]; + String PASSWORD = args[3]; + String BASEDN = args[4]; + + String s = + "MIICFzCCAYCgAwIBAgIBBjANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVz\ndDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MTEyMTUx\nMzZaFw0wNDA0MTAwOTQ2NTVaMFwxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNTU0wxHTAbBgNVBAsT\nFHNzbHRlc3QxMDUwMDk3ODkzNzQ1MSAwHgYDVQQDExdqdXBpdGVyMi5uc2NwLmFvbHR3Lm5ldDBc\nMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCsCTIIQ+bJMfPHi6kwa7HF+/xSTVHcpZ5zsodXsNWjPlD\noRu/5KAO8NotfwGnYmALWdYnqXCF0q0gkaJQalQTAgMBAAGjRjBEMA4GA1UdDwEB/wQEAwIFoDAR\nBglghkgBhvhCAQEEBAMCBkAwHwYDVR0jBBgwFoAUzxZkSySZT/Y3SxGMEiNyHnLUOPAwDQYJKoZI\nhvcNAQEEBQADgYEALtpqMOtZt6j5KlghDFgdg/dvf36nWiZwC1ap6+ka22shLkA/RjmOix97btzT\nQ+8LcmdkAW5iap4YbtrCu0wdN6IbIEXoQI1QGZBoKO2o02utssXANmTnRCyH/GX2KefQlp1NSRj9\nZNZ+GRT2Qk/8G5Ds9vVjm1I5+/AkzI9jS14="; + + s = "-----BEGIN CERTIFICATE-----" + "\n" + s + "\n" + + "-----END CERTIFICATE-----\n"; + + try { + + System.out.println(HOST + PORT + DN + PASSWORD + BASEDN); + CMSLDAP caIdb = new CMSLDAP(HOST, PORT, DN, PASSWORD); + + /* FileInputStream fis = new FileInputStream("t1"); + DataInputStream dis = new DataInputStream(fis); + + byte[] bytes = new byte[dis.available()]; + dis.readFully(bytes); + + // bytes=s.getBytes(); + */ + + if (!caIdb.connect()) { + System.out.println("Could not connect to CA internal DB port"); + } + + if (!caIdb.searchCRL("o=mcom.com", "uid=CManager")) { + System.out.println("CRL is not published"); + } + + // if(!caIdb.searchUserCert("o=mcom.com","uid=test")) + // System.out.println("USer cert is not published"); + + // if (!caIdb.CMSuserAdd("ra-trust" ,"ra-trust","ra-trust","netscape",bytes)) + // {System.out.println("Trusted MAnager user Could not be add ");} + + // if(!caIdb.addCMSUserToTMGroup("ra-trust")) + // {System.out.println("CMS user Could not be added to Trusted manager group "); } + + // if(!caIdb.addCMSUserToAgentGroup("ra","ra-agent")) + // {System.out.println("CMS user Could not be added to Trusted manager group "); } + /* if(!caIdb.userAdd(BASEDN,"raeetest1","raeetest1","raeetest1","netscape")) + {System.out.println("CMS user Could not be added to Trusted manager group "); } + */ + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + } + + } +} diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java b/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java new file mode 100644 index 000000000..a4ba55d29 --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java @@ -0,0 +1,679 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +/* + * @(#)Properties.java 1.60 00/02/02 + * + * Copyright 1995-2000 Sun Microsystems, Inc. All Rights Reserved. + * + * This software is the proprietary information of Sun Microsystems, Inc. + * Use is subject to license terms. + * + */ + +import java.io.BufferedReader; +import java.io.BufferedWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.PrintStream; +import java.io.PrintWriter; +import java.util.Date; +import java.util.Enumeration; +import java.util.Hashtable; + +/** + * The <code>Properties</code> class represents a persistent set of + * properties. The <code>Properties</code> can be saved to a stream + * or loaded from a stream. Each key and its corresponding value in + * the property list is a string. + * <p> + * A property list can contain another property list as its "defaults"; this second property list is searched if the + * property key is not found in the original property list. + * <p> + * Because <code>Properties</code> inherits from <code>Hashtable</code>, the <code>put</code> and <code>putAll</code> + * methods can be applied to a <code>Properties</code> object. Their use is strongly discouraged as they allow the + * caller to insert entries whose keys or values are not <code>Strings</code>. The <code>setProperty</code> method + * should be used instead. If the <code>store</code> or <code>save</code> method is called on a "compromised" + * <code>Properties</code> object that contains a non- <code>String</code> key or value, the call will fail. + * <p> + * <a name="encoding"></a> When saving properties to a stream or loading them from a stream, the ISO 8859-1 character + * encoding is used. For characters that cannot be directly represented in this encoding, <a + * href="http://java.sun.com/docs/books/jls/html/3.doc.html#100850">Unicode escapes</a> are used; however, only a single + * 'u' character is allowed in an escape sequence. The native2ascii tool can be used to convert property files to and + * from other character encodings. + * + * @see <a href="../../../tooldocs/solaris/native2ascii.html">native2ascii tool for Solaris</a> + * @see <a href="../../../tooldocs/win32/native2ascii.html">native2ascii tool for Windows</a> + * + * @author Arthur van Hoff + * @author Michael McCloskey + * @version 1.60, 02/02/00 + * @since JDK1.0 + */ + +class CMSProperties extends Hashtable<String, String> { + + /** + * use serialVersionUID from JDK 1.1.X for interoperability + */ + private static final long serialVersionUID = 4112578634029874840L; + + /** + * A property list that contains default values for any keys not + * found in this property list. + * + * @serial + */ + protected CMSProperties defaults; + + /** + * Creates an empty property list with no default values. + */ + public CMSProperties() { + this(null); + } + + /** + * Creates an empty property list with the specified defaults. + * + * @param defaults the defaults. + */ + public CMSProperties(CMSProperties defaults) { + this.defaults = defaults; + } + + /** + * Calls the hashtable method <code>put</code>. Provided for + * parallelism with the <tt>getProperty</tt> method. Enforces use of + * strings for property keys and values. + * + * @param key the key to be placed into this property list. + * @param value the value corresponding to <tt>key</tt>. + * @see #getProperty + * @since 1.2 + */ + public synchronized Object setProperty(String key, String value) { + return put(key, value); + } + + private static final String keyValueSeparators = "=: \t\r\n\f"; + + private static final String strictKeyValueSeparators = "=:"; + + private static final String specialSaveChars = " \t\r\n\f"; + + private static final String whiteSpaceChars = " \t\r\n\f"; + + /** + * Reads a property list (key and element pairs) from the input stream. + * The stream is assumed to be using the ISO 8859-1 character encoding. + * <p> + * Every property occupies one line of the input stream. Each line is terminated by a line terminator ( + * <code>\n</code> or <code>\r</code> or <code>\r\n</code>). Lines from the input stream are processed until end of + * file is reached on the input stream. + * <p> + * A line that contains only whitespace or whose first non-whitespace character is an ASCII <code>#</code> or + * <code>!</code> is ignored (thus, <code>#</code> or <code>!</code> indicate comment lines). + * <p> + * Every line other than a blank line or a comment line describes one property to be added to the table (except that + * if a line ends with \, then the following line, if it exists, is treated as a continuation line, as described + * below). The key consists of all the characters in the line starting with the first non-whitespace character and + * up to, but not including, the first ASCII <code>=</code>, <code>:</code>, or whitespace character. All of the key + * termination characters may be included in the key by preceding them with a \. Any whitespace after the key is + * skipped; if the first non-whitespace character after the key is <code>=</code> or <code>:</code>, then it is + * ignored and any whitespace characters after it are also skipped. All remaining characters on the line become part + * of the associated element string. Within the element string, the ASCII escape sequences <code>\t</code>, + * <code>\n</code>, <code>\r</code>, <code>\\</code>, <code>\"</code>, <code>\'</code>, <code>\  </code>  (a + * backslash and a space), and <code>\u</code><i>xxxx</i> are recognized and converted to single characters. + * Moreover, if the last character on the line is <code>\</code>, then the next line is treated as a continuation of + * the current line; the <code>\</code> and line terminator are simply discarded, and any leading whitespace + * characters on the continuation line are also discarded and are not part of the element string. + * <p> + * As an example, each of the following four lines specifies the key <code>"Truth"</code> and the associated element + * value <code>"Beauty"</code>: + * <p> + * + * <pre> + * Truth = Beauty + * Truth:Beauty + * Truth :Beauty + * </pre> + * + * As another example, the following three lines specify a single property: + * <p> + * + * <pre> + * fruits apple, banana, pear, \ + * cantaloupe, watermelon, \ + * kiwi, mango + * </pre> + * + * The key is <code>"fruits"</code> and the associated element is: + * <p> + * + * <pre> + * "apple, banana, pear, cantaloupe, watermelon,kiwi, mango" + * </pre> + * + * Note that a space appears before each <code>\</code> so that a space will appear after each comma in the final + * result; the <code>\</code>, line terminator, and leading whitespace on the continuation line are merely discarded + * and are <i>not</i> replaced by one or more other characters. + * <p> + * As a third example, the line: + * <p> + * + * <pre> + * cheeses + * </pre> + * + * specifies that the key is <code>"cheeses"</code> and the associated element is the empty string. + * <p> + * + * @param inStream the input stream. + * @exception IOException if an error occurred when reading from the + * input stream. + */ + public synchronized void load(InputStream inStream) throws IOException { + + BufferedReader in = new BufferedReader( + new InputStreamReader(inStream, "8859_1")); + + while (true) { + // Get next line + String line = in.readLine(); + + if (line == null) { + return; + } + + if (line.length() > 0) { + // Continue lines that end in slashes if they are not comments + char firstChar = line.charAt(0); + + if ((firstChar != '#') && (firstChar != '!')) { + while (continueLine(line)) { + String nextLine = in.readLine(); + + if (nextLine == null) { + nextLine = new String(""); + } + String loppedLine = line.substring(0, line.length() - 1); + // Advance beyond whitespace on new line + int startIndex = 0; + + for (startIndex = 0; startIndex < nextLine.length(); startIndex++) { + if (whiteSpaceChars.indexOf( + nextLine.charAt(startIndex)) == -1) { + break; + } + } + nextLine = nextLine.substring(startIndex, + nextLine.length()); + line = new String(loppedLine + nextLine); + } + + // Find start of key + int len = line.length(); + int keyStart; + + for (keyStart = 0; keyStart < len; keyStart++) { + if (whiteSpaceChars.indexOf(line.charAt(keyStart)) == -1) { + break; + } + } + + // Blank lines are ignored + if (keyStart == len) { + continue; + } + + // Find separation between key and value + int separatorIndex; + + for (separatorIndex = keyStart; separatorIndex < len; separatorIndex++) { + char currentChar = line.charAt(separatorIndex); + + if (currentChar == '\\') { + separatorIndex++; + } else if (keyValueSeparators.indexOf(currentChar) != -1) { + break; + } + } + + // Skip over whitespace after key if any + int valueIndex; + + for (valueIndex = separatorIndex; valueIndex < len; valueIndex++) { + if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) == -1) { + break; + } + } + + // Skip over one non whitespace key value separators if any + if (valueIndex < len) { + if (strictKeyValueSeparators.indexOf( + line.charAt(valueIndex)) != -1) { + valueIndex++; + } + } + + // Skip over white space after other separators if any + while (valueIndex < len) { + if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) == -1) { + break; + } + valueIndex++; + } + String key = line.substring(keyStart, separatorIndex); + String value = (separatorIndex < len) + ? line.substring(valueIndex, len) + : ""; + + // Convert then store key and value + key = loadConvert(key); + value = loadConvert(value); + put(key, value); + } + } + } + } + + /* + * Returns true if the given line is a line that must + * be appended to the next line + */ + private boolean continueLine(String line) { + int slashCount = 0; + int index = line.length() - 1; + + while ((index >= 0) && (line.charAt(index--) == '\\')) { + slashCount++; + } + return (slashCount % 2 == 1); + } + + /* + * Converts encoded \uxxxx to unicode chars + * and changes special saved chars to their original forms + */ + private String loadConvert(String theString) { + char aChar; + int len = theString.length(); + StringBuffer outBuffer = new StringBuffer(len); + + for (int x = 0; x < len;) { + aChar = theString.charAt(x++); + if (aChar == '\\') { + aChar = theString.charAt(x++); + if (aChar == 'u') { + // Read the xxxx + int value = 0; + + for (int i = 0; i < 4; i++) { + aChar = theString.charAt(x++); + switch (aChar) { + case '0': + case '1': + case '2': + case '3': + case '4': + case '5': + case '6': + case '7': + case '8': + case '9': + value = (value << 4) + aChar - '0'; + break; + + case 'a': + case 'b': + case 'c': + case 'd': + case 'e': + case 'f': + value = (value << 4) + 10 + aChar - 'a'; + break; + + case 'A': + case 'B': + case 'C': + case 'D': + case 'E': + case 'F': + value = (value << 4) + 10 + aChar - 'A'; + break; + + default: + throw new IllegalArgumentException( + "Malformed \\uxxxx encoding."); + } + } + outBuffer.append((char) value); + } else { + if (aChar == 't') { + aChar = '\t'; + } else if (aChar == 'r') { + aChar = '\r'; + } else if (aChar == 'n') { + aChar = '\n'; + } else if (aChar == 'f') { + aChar = '\f'; + } + outBuffer.append(aChar); + } + } else { + outBuffer.append(aChar); + } + } + return outBuffer.toString(); + } + + /* + * Converts unicodes to encoded \uxxxx + * and writes out any of the characters in specialSaveChars + * with a preceding slash + */ + private String saveConvert(String theString, boolean escapeSpace) { + int len = theString.length(); + StringBuffer outBuffer = new StringBuffer(len * 2); + + for (int x = 0; x < len; x++) { + char aChar = theString.charAt(x); + + switch (aChar) { + case ' ': + if (x == 0 || escapeSpace) { + outBuffer.append('\\'); + } + + outBuffer.append(' '); + break; + + case '\\': + outBuffer.append('\\'); + outBuffer.append('\\'); + break; + + case '\t': + outBuffer.append('\\'); + outBuffer.append('t'); + break; + + case '\n': + outBuffer.append('\\'); + outBuffer.append('n'); + break; + + case '\r': + outBuffer.append('\\'); + outBuffer.append('r'); + break; + + case '\f': + outBuffer.append('\\'); + outBuffer.append('f'); + break; + + default: + if ((aChar < 0x0020) || (aChar > 0x007e)) { + outBuffer.append('\\'); + outBuffer.append('u'); + outBuffer.append(toHex((aChar >> 12) & 0xF)); + outBuffer.append(toHex((aChar >> 8) & 0xF)); + outBuffer.append(toHex((aChar >> 4) & 0xF)); + outBuffer.append(toHex(aChar & 0xF)); + } else { + if (specialSaveChars.indexOf(aChar) != -1) { + outBuffer.append('\\'); + } + outBuffer.append(aChar); + } + } + } + return outBuffer.toString(); + } + + /** + * Calls the <code>store(OutputStream out, String header)</code> method + * and suppresses IOExceptions that were thrown. + * + * @deprecated This method does not throw an IOException if an I/O error + * occurs while saving the property list. As of the Java 2 platform v1.2, the preferred + * way to save a properties list is via the <code>store(OutputStream out, + * String header)</code> method. + * + * @param out an output stream. + * @param header a description of the property list. + * @exception ClassCastException if this <code>Properties</code> object + * contains any keys or values that are not <code>Strings</code>. + */ + public synchronized void save(OutputStream out, String header) { + try { + store(out, header); + } catch (IOException e) { + } + } + + /** + * Writes this property list (key and element pairs) in this <code>Properties</code> table to the output stream in a + * format suitable + * for loading into a <code>Properties</code> table using the <code>load</code> method. + * The stream is written using the ISO 8859-1 character encoding. + * <p> + * Properties from the defaults table of this <code>Properties</code> table (if any) are <i>not</i> written out by + * this method. + * <p> + * If the header argument is not null, then an ASCII <code>#</code> character, the header string, and a line + * separator are first written to the output stream. Thus, the <code>header</code> can serve as an identifying + * comment. + * <p> + * Next, a comment line is always written, consisting of an ASCII <code>#</code> character, the current date and + * time (as if produced by the <code>toString</code> method of <code>Date</code> for the current time), and a line + * separator as generated by the Writer. + * <p> + * Then every entry in this <code>Properties</code> table is written out, one per line. For each entry the key + * string is written, then an ASCII <code>=</code>, then the associated element string. Each character of the + * element string is examined to see whether it should be rendered as an escape sequence. The ASCII characters + * <code>\</code>, tab, newline, and carriage return are written as <code>\\</code>, <code>\t</code>, + * <code>\n</code>, and <code>\r</code>, respectively. Characters less than <code>\u0020</code> and characters + * greater than <code>\u007E</code> are written as <code>\u</code><i>xxxx</i> for the appropriate + * hexadecimal value <i>xxxx</i>. Leading space characters, but not embedded or trailing space characters, are + * written with a preceding <code>\</code>. The key and value characters <code>#</code>, <code>!</code>, + * <code>=</code>, and <code>:</code> are written with a preceding slash to ensure that they are properly loaded. + * <p> + * After the entries have been written, the output stream is flushed. The output stream remains open after this + * method returns. + * + * @param out an output stream. + * @param header a description of the property list. + * @exception IOException if writing this property list to the specified + * output stream throws an <tt>IOException</tt>. + * @exception ClassCastException if this <code>Properties</code> object + * contains any keys or values that are not <code>Strings</code>. + */ + public synchronized void store(OutputStream out, String header) + throws IOException { + BufferedWriter awriter; + + awriter = new BufferedWriter(new OutputStreamWriter(out, "8859_1")); + if (header != null) { + writeln(awriter, "#" + header); + } + writeln(awriter, "#" + new Date().toString()); + for (Enumeration<String> e = keys(); e.hasMoreElements();) { + String key = e.nextElement(); + String val = get(key); + + key = saveConvert(key, true); + + /* No need to escape embedded and trailing spaces for value, hence + * pass false to flag. + */ + val = saveConvert(val, false); + writeln(awriter, key + "=" + val); + } + awriter.flush(); + } + + private static void writeln(BufferedWriter bw, String s) throws IOException { + bw.write(s); + bw.newLine(); + } + + /** + * Searches for the property with the specified key in this property list. + * If the key is not found in this property list, the default property list, + * and its defaults, recursively, are then checked. The method returns <code>null</code> if the property is not + * found. + * + * @param key the property key. + * @return the value in this property list with the specified key value. + * @see #setProperty + * @see #defaults + */ + public String getProperty(String key) { + String oval = super.get(key); + String sval = (oval instanceof String) ? oval : null; + + return ((sval == null) && (defaults != null)) + ? defaults.getProperty(key) + : sval; + } + + /** + * Searches for the property with the specified key in this property list. + * If the key is not found in this property list, the default property list, + * and its defaults, recursively, are then checked. The method returns the + * default value argument if the property is not found. + * + * @param key the hashtable key. + * @param defaultValue a default value. + * + * @return the value in this property list with the specified key value. + * @see #setProperty + * @see #defaults + */ + public String getProperty(String key, String defaultValue) { + String val = getProperty(key); + + return (val == null) ? defaultValue : val; + } + + /** + * Returns an enumeration of all the keys in this property list, including + * the keys in the default property list. + * + * @return an enumeration of all the keys in this property list, including + * the keys in the default property list. + * @see java.util.Enumeration + * @see java.util.Properties#defaults + */ + public Enumeration<String> propertyNames() { + Hashtable<String, String> h = new Hashtable<String, String>(); + + enumerate(h); + return h.keys(); + } + + /** + * Prints this property list out to the specified output stream. + * This method is useful for debugging. + * + * @param out an output stream. + */ + public void list(PrintStream out) { + out.println("-- listing properties --"); + Hashtable<String, String> h = new Hashtable<String, String>(); + + enumerate(h); + for (Enumeration<String> e = h.keys(); e.hasMoreElements();) { + String key = e.nextElement(); + String val = h.get(key); + + if (val.length() > 40) { + val = val.substring(0, 37) + "..."; + } + out.println(key + "=" + val); + } + } + + /** + * Prints this property list out to the specified output stream. + * This method is useful for debugging. + * + * @param out an output stream. + * @since JDK1.1 + */ + + /* + * Rather than use an anonymous inner class to share common code, this + * method is duplicated in order to ensure that a non-1.1 compiler can + * compile this file. + */ + public void list(PrintWriter out) { + out.println("-- listing properties --"); + Hashtable<String, String> h = new Hashtable<String, String>(); + + enumerate(h); + for (Enumeration<String> e = h.keys(); e.hasMoreElements();) { + String key = e.nextElement(); + String val = h.get(key); + + if (val.length() > 40) { + val = val.substring(0, 37) + "..."; + } + out.println(key + "=" + val); + } + } + + /** + * Enumerates all key/value pairs in the specified hastable. + * + * @param h the hashtable + */ + private synchronized void enumerate(Hashtable<String, String> h) { + if (defaults != null) { + defaults.enumerate(h); + } + for (Enumeration<String> e = keys(); e.hasMoreElements();) { + String key = e.nextElement(); + + h.put(key, get(key)); + } + } + + /** + * Convert a nibble to a hex character + * + * @param nibble the nibble to convert. + */ + private static char toHex(int nibble) { + return hexDigit[(nibble & 0xF)]; + } + + /** A table of hex digits */ + private static final char[] hexDigit = { + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', + 'E', 'F' + }; +} diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSTask.java b/base/silent/src/com/netscape/pkisilent/common/CMSTask.java new file mode 100644 index 000000000..4b6c75ba3 --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/CMSTask.java @@ -0,0 +1,190 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.BufferedReader; +import java.io.IOException; +import java.io.InputStreamReader; + +import com.netscape.pkisilent.argparser.ArgParser; +import com.netscape.pkisilent.argparser.StringHolder; + +/** + * CS Test framework . + * This class starts and stops CS server from command line + */ + +public class CMSTask { + + private static String operation; + private static String debug; + private static String serverRoot; + private Process p = null; + + /** + * Constructor . Takes CMS server root as parameter + * for example (/export/qa/cert-jupiter2) + **/ + + public CMSTask() {// do nothing + } + + public CMSTask(String sroot) { + serverRoot = sroot; + } + + public boolean CMSStart() { + + try { + System.out.println("Starting Certificate System:"); + Runtime r = Runtime.getRuntime(); + + p = r.exec(serverRoot + "/start-cert"); + + InputStreamReader isr = new InputStreamReader(p.getInputStream()); + BufferedReader br = new BufferedReader(isr); + String s = null; + + try { + while ((s = br.readLine()) != null) { + if (s.indexOf("started") > 0) { + return true; + } + // do something + } + } catch (IOException ioe) { + ioe.printStackTrace(); + } + + return false; + + } catch (Throwable e) { + e.printStackTrace(); + } + + return false; + } + + public boolean CMSStop() { + try { + Runtime r = Runtime.getRuntime(); + + System.out.println("Stopping Certificate System:"); + p = r.exec(serverRoot + "/stop-cert"); + BufferedReader br = new BufferedReader( + new InputStreamReader(p.getInputStream())); + String line; + + while ((line = br.readLine()) != null) { + System.out.println(" " + line); + if (line.indexOf("server shut down") > -1) { + return true; + } else { + return false; + } + } + } catch (Throwable e) { + e.printStackTrace(); + } + return false; + } + + public boolean CMSRestart() { + try { + System.out.println("Restarting Certificate System:"); + Runtime r = Runtime.getRuntime(); + + p = r.exec(serverRoot + "/restart-cert"); + BufferedReader br = new BufferedReader( + new InputStreamReader(p.getInputStream())); + String line; + + while ((line = br.readLine()) != null) { + System.out.println(" " + line); + if (line.indexOf("started") > -1) { + return true; + } else { + return false; + } + } + + } catch (Throwable e) { + e.printStackTrace(); + } + return false; + } + + public boolean task() { + if (operation.equalsIgnoreCase("stop")) { + CMSStop(); + return true; + } + + if (operation.equalsIgnoreCase("start")) { + CMSStart(); + return true; + } + + if (operation.equalsIgnoreCase("restart")) { + CMSRestart(); + return true; + } + + return false; + } + + public static void main(String args[]) { + CMSTask prof = new CMSTask(); + // parse args + StringHolder x_instance_root = new StringHolder(); + StringHolder x_operation = new StringHolder(); + + // parse the args + ArgParser parser = new ArgParser("CMSTask"); + + parser.addOption("-instance_root %s #CA Server Root", x_instance_root); + parser.addOption("-operation %s #CA operation [stop,start,restart]", + x_operation); + + // and then match the arguments + String[] unmatched = null; + + unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED); + + if (unmatched != null) { + System.out.println("ERROR: Argument Mismatch"); + System.exit(-1); + } + + // set variables + serverRoot = x_instance_root.value; + operation = x_operation.value; + + boolean st = prof.task(); + + if (!st) { + System.out.println("ERROR"); + } + + System.out.println("SUCCESS"); + + } // end of function main + +} // end of class + diff --git a/base/silent/src/com/netscape/pkisilent/common/CertificateRecord.java b/base/silent/src/com/netscape/pkisilent/common/CertificateRecord.java new file mode 100644 index 000000000..9599eb6dd --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/CertificateRecord.java @@ -0,0 +1,44 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +public class CertificateRecord { + + public String revokedOn = null; + public String revokedBy = null; + public String revocation_info = null; + public String signatureAlgorithm = null; + public String serialNumber = null; + public String subjectPublicKeyLength = null; + public String type = null; + public String subject = null; + public String issuedOn = null; + public String validNotBefore = null; + public String validNotAfter = null; + public String issuedBy = null; + public String subjectPublicKeyAlgorithm = null; + public String certChainBase64 = null; + public String certFingerprint = null; + public String pkcs7ChainBase64 = null; + public String certPrettyPrint = null; + + public CertificateRecord() {// Do nothing + } + +}; diff --git a/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java b/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java new file mode 100644 index 000000000..d629030f2 --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java @@ -0,0 +1,767 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.ByteArrayInputStream; +import java.security.KeyPair; + +import netscape.security.x509.X500Name; + +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.asn1.ASN1Util; +import org.mozilla.jss.asn1.BIT_STRING; +import org.mozilla.jss.asn1.INTEGER; +import org.mozilla.jss.asn1.OBJECT_IDENTIFIER; +import org.mozilla.jss.asn1.OCTET_STRING; +import org.mozilla.jss.asn1.SEQUENCE; +import org.mozilla.jss.crypto.AlreadyInitializedException; +import org.mozilla.jss.crypto.CryptoStore; +import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.crypto.IVParameterSpec; +import org.mozilla.jss.crypto.InternalCertificate; +import org.mozilla.jss.crypto.KeyGenAlgorithm; +import org.mozilla.jss.crypto.KeyGenerator; +import org.mozilla.jss.crypto.KeyPairAlgorithm; +import org.mozilla.jss.crypto.KeyPairGenerator; +import org.mozilla.jss.crypto.KeyWrapAlgorithm; +import org.mozilla.jss.crypto.KeyWrapper; +import org.mozilla.jss.crypto.PrivateKey; +import org.mozilla.jss.crypto.SymmetricKey; +import org.mozilla.jss.crypto.X509Certificate; +import org.mozilla.jss.pkcs11.PK11Token; +import org.mozilla.jss.pkix.crmf.CertReqMsg; +import org.mozilla.jss.pkix.crmf.CertRequest; +import org.mozilla.jss.pkix.crmf.CertTemplate; +import org.mozilla.jss.pkix.crmf.EncryptedKey; +import org.mozilla.jss.pkix.crmf.EncryptedValue; +import org.mozilla.jss.pkix.crmf.PKIArchiveOptions; +import org.mozilla.jss.pkix.crmf.POPOPrivKey; +import org.mozilla.jss.pkix.crmf.ProofOfPossession; +import org.mozilla.jss.pkix.primitive.AVA; +import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; +import org.mozilla.jss.pkix.primitive.Name; +import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo; +import org.mozilla.jss.util.Password; +import com.netscape.cmsutil.util.Utils; + +/** + * CMS Test framework . + * Use this class to initalize,add a certificate ,generate a certificate request from certificate database. + */ + +public class ComCrypto { + + private String cdir, certnickname, keysize, keytype, tokenpwd; + private String certpackage, pkcs10request; + private boolean debug = true; + private boolean DBlogin = false; + private boolean generaterequest = false; + + private String transportcert = null; + private boolean dualkey = false; + public String CRMF_REQUEST = null; + int START = 1; + int END = START + 1; + Password password = null; + + public static CryptoManager manager; + public static CryptoToken token; + private CryptoStore store; + private Password pass1 = null, pass2 = null; + + private String bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----"; + private String blob, Blob1 = null; + private String Blob2 = null; + private String estr = "-----END NEW CERTIFICATE REQUEST-----"; + + private String certprefix = null; + + public ComCrypto() { + }; + + /** + * Constructor . Takes the parameter certificatedbdirectory , passwordfor cert database, + * certificatenickname,keysize, keytype(RSA/DSA) + * + * @param certdbdirectory. + * @param certdbpassword + * @param certnickname + * @param keysize (1024/2048/4096) + * @param keytype (RSA/DSA) + */ + + public ComCrypto(String cd, String tpwd, String cn, String ks, String kt) { + cdir = cd; + tokenpwd = tpwd; + certnickname = cn; + keysize = ks; + keytype = kt; + } + + // Set and Get functions + + public void setCertDir(String cd) { + cdir = cd; + } + + public void setCertnickname(String cd) { + certnickname = cd; + } + + public void setKeySize(String cd) { + keysize = cd; + } + + public void setKeyType(String cd) { + keytype = cd; + } + + public void setTokenPWD(String cd) { + tokenpwd = cd; + } + + public void setCertPackage(String cd) { + certpackage = cd; + } + + public void setGenerateRequest(boolean c) { + generaterequest = c; + } + + public void setDebug(boolean t) { + debug = t; + } + + public void setCertPrefix(String prefix) { + certprefix = prefix; + } + + /* + * setTransportCert() should only be called when the calling profile + * needs to do key archivals with the DRM and make sure the function + * generateCRMFtransport() is called for the CRMF request generation + * part. + */ + public void setTransportCert(String tcert) { + transportcert = tcert; + } + + public void setDualKey(boolean dkey) { + dualkey = dkey; + } + + public String getPkcs10Request() { + return pkcs10request; + } + + /** + * Parses the Certificate and returns SubjectDN . Takes certificate as parameter + */ + + public String getCertificateString(X509Certificate cert) { + if (cert == null) { + return null; + } + + // note that it did not represent a certificate fully + return cert.getVersion() + ";" + cert.getSerialNumber().toString() + ";" + + cert.getIssuerDN() + ";" + cert.getSubjectDN(); + } + + /** + * Finds and returns Certificate . Takes certificatenickname as parameter. + */ + + public X509Certificate findCert(String certname) { + try { + + X509Certificate cert2 = manager.findCertByNickname(certname); + + return cert2; + + } catch (Exception e) { + System.out.println("exception importing cert " + e.getMessage()); + return null; + } + + } + + /** + * Imports a certificate to Certificate Database. Takes certificate and nickname as parameters. + */ + + public boolean importCert(X509Certificate xcert, String nickname) { + try { + + System.out.println( + "importCert x509 : importing with nickname: " + nickname); + + InternalCertificate cert2 = manager.importCertToPerm(xcert, nickname); + + cert2.setSSLTrust(2); + return true; + + } catch (Exception e) { + System.out.println("exception importing cert " + e.getMessage()); + return false; + } + + } + + /** + * Imports a certificate to Certificate Database. Takes certificate and nickname as parameters. + */ + + public boolean importCert(String cpack, String cn) { + + System.out.println("importCert string: importing with nickname: " + cn); + try { + + String tmp = normalize(cpack); + + if (DBlogin) { + System.out.println("Already logged into to DB"); + } + + if (manager == null) { + System.out.println("Manager object is null"); + } + + manager.importCertPackage(tmp.getBytes(), cn); + + return true; + + } catch (Exception e) { + System.out.println( + "ERROR:exception importing cert " + e.getMessage()); + e.printStackTrace(); + return false; + } + + } + + /* imports CA certificate + */ + + public boolean importCACert(String cpack) { + + try { + String tmp = normalize(cpack); + + if (DBlogin) { + System.out.println("Already logged into to DB"); + } + + if (manager == null) { + System.out.println("Manager object is null"); + } + + manager.importCACertPackage(tmp.getBytes()); + + return true; + + } catch (Exception e) { + System.out.println( + "ERROR:exception importing cert " + e.getMessage()); + return false; + } + + } + + /** + * Normalizes a given certificate string . Removes the extra \\ in the certificate returned by CMS server. + */ + + public String normalize(String s) { + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { + val += '\n'; + i++; + continue; + } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { + i++; + continue; + } else if (s.charAt(i) == '"') { + continue; + } + val += s.charAt(i); + } + return val; + } + + /** + * Normalizes a given certificate string . Removes the extra \\ in the certificate returned by CMS server. + */ + + public String normalizeForLDAP(String s) { + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { + val += '\n' + " "; + i++; + continue; + } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { + i++; + continue; + } else if (s.charAt(i) == '"') { + continue; + } + val += s.charAt(i); + } + return val; + } + + /** + * Convert to pkcs7 format + */ + + public String pkcs7Convertcert(String s) { + + String val = ""; + + int len = s.length(); + + for (int i = 0; i < len; i = i + 64) { + + if (i + 64 < len) { + val = val + s.substring(i, i + 64) + "\n"; + } else { + val = val + s.substring(i, len); + } + + } + return val; + } + + /** + * Delete all keys frim key3.db + **/ + + public void deleteKeys() { + try { + int i = 0; + + store = token.getCryptoStore(); + PrivateKey[] keys = store.getPrivateKeys(); + + if (debug) { + System.out.println("Now we shall delete all the keys!"); + } + + keys = store.getPrivateKeys(); + for (i = 0; i < keys.length; i++) { + PrivateKey key = (PrivateKey) keys[i]; + + store.deletePrivateKey(key); + } + + } catch (Exception e) { + e.printStackTrace(); + } + } + + /** + * Creates a new certificate database + **/ + + public boolean CreateCertDB() { + return loginDB(); + + } + + /** + * Login to cert database + **/ + + public boolean loginDB() { + Password pass1 = null; + + try { + if (debug) { + System.out.println("CRYPTO INIT WITH CERTDB:" + cdir); + } + + // this piece of code is to create db's with certain prefix + if (certprefix != null) { + CryptoManager.InitializationValues vals; + + vals = new CryptoManager.InitializationValues(cdir, certprefix, + certprefix, "secmod.db"); + CryptoManager.initialize(vals); + } else { + CryptoManager.initialize(cdir); + } + + manager = CryptoManager.getInstance(); + token = (PK11Token) manager.getInternalKeyStorageToken(); + pass1 = new Password(tokenpwd.toCharArray()); + if (token.isLoggedIn() && debug) { + System.out.println("Already Logged in "); + } + + if (debug) { + System.out.println("tokenpwd:" + tokenpwd); + } + + token.login(pass1); + pass1.clear(); + + } catch (AlreadyInitializedException e) { + if (debug) { + System.out.println("Crypto manager already initialized"); + } + } catch (Exception e) { + try { + if (!token.isLoggedIn()) { + token.initPassword(pass1, pass1); + } + return true; + } catch (Exception er) { + System.err.println("some exception:" + e); + return false; + } + } + DBlogin = true; + return true; + } + + /** + * Generate Certificate Request + **/ + + public synchronized boolean generateRequest() { + + System.out.println("generating pkcs10 Request"); + loginDB(); + + try { + debug = true; + System.out.println("Generating request : keysize :" + keysize); + System.out.println("Generating request : subject :" + certnickname); + System.out.println("Generating request : keytype :" + keytype); + + Integer n = new Integer(keysize); + + if (generaterequest) { + blob = token.generateCertRequest(certnickname, n.intValue(), + keytype, (byte[]) null, (byte[]) null, (byte[]) null); + + System.out.println("Cert Request Generated."); + + bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----"; + Blob1 = blob.substring(bstr.length() + 1); + Blob2 = Blob1.substring(0, Blob1.indexOf(estr)); + + System.out.println(Blob2); + pkcs10request = Blob2; + } + + return true; + + } catch (Exception e) { + System.out.println("Exception: Unable to generate request: " + e); + } + + return false; + } + + public String generateCRMFrequest() { + KeyPair pair = null; + + System.out.println("Debug : initialize crypto Manager"); + try { + + // Step 1. initialize crypto Manager + try { + CryptoManager.initialize(cdir); + } catch (Exception e) { + // it is ok if it is already initialized + System.out.println("INITIALIZATION ERROR: " + e.toString()); + System.out.println("cdir = " + cdir); + } + + // Step 2 log into database + try { + + System.out.println("Debug : before getInstance"); + + manager = CryptoManager.getInstance(); + String token_pwd = tokenpwd; + + System.out.println("Debug : before get token"); + + token = manager.getInternalKeyStorageToken(); + password = new Password(token_pwd.toCharArray()); + + System.out.println("Debug : before login password"); + + token.login(password); + + System.out.println("Debug : after login password"); + } catch (Exception e) { + System.out.println("INITIALIZATION ERROR: " + e.toString()); + + if (!token.isLoggedIn()) { + token.initPassword(password, password); + } + } + + // Generating CRMF request + + KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA); + + Integer x = new Integer(keysize); + int key_len = x.intValue(); + + kg.initialize(key_len); + + // 1st key pair + pair = kg.genKeyPair(); + + // create CRMF + CertTemplate certTemplate = new CertTemplate(); + + certTemplate.setVersion(new INTEGER(2)); + + if (certnickname != null) { + X500Name name = new X500Name(certnickname); + ByteArrayInputStream cs = new ByteArrayInputStream(name.getEncoded()); + Name n = (Name) Name.getTemplate().decode(cs); + certTemplate.setSubject(n); + } + + certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); + + SEQUENCE seq = new SEQUENCE(); + CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, + seq); + byte popdata[] = { 0x0, 0x3, 0x0 }; + + ProofOfPossession pop = ProofOfPossession.createKeyEncipherment( + POPOPrivKey.createThisMessage(new BIT_STRING(popdata, 3))); + + CertReqMsg crmfMsg = new CertReqMsg(certReq, pop, null); + + SEQUENCE s1 = new SEQUENCE(); + + // 1st : Encryption key + + s1.addElement(crmfMsg); + + // 2nd : Signing Key + + if (dualkey) { + System.out.println("dualkey = true"); + SEQUENCE seq1 = new SEQUENCE(); + CertRequest certReqSigning = new CertRequest(new INTEGER(1), + certTemplate, seq1); + CertReqMsg signingMsg = new CertReqMsg(certReqSigning, pop, null); + + s1.addElement(signingMsg); + } + + byte encoded[] = ASN1Util.encode(s1); + + // BASE64Encoder encoder = new BASE64Encoder(); + // String Req1 = encoder.encodeBuffer(encoded); + String Req1 = Utils.base64encode(encoded); + + // Set CRMF_REQUEST variable + CRMF_REQUEST = Req1; + + System.out.println("CRMF_REQUEST = " + CRMF_REQUEST); + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + e.printStackTrace(); + return null; + } + + return CRMF_REQUEST; + } + + /* + * This function is used to Generated CRMF requests wrapped with the + * transport cert so that we can do key archival with the drm. + * This function expects transportcert variable to be set in this class. + * Use setTransportCert() to do the same. + */ + + public String generateCRMFtransport() { + + KeyPair pair = null; + + try { + // Step 1. initialize crypto Manager + try { + CryptoManager.initialize(cdir); + } catch (Exception e) { + // it is ok if it is already initialized + System.out.println("INITIALIZATION ERROR: " + e.toString()); + System.out.println("cdir = " + cdir); + } + + // Step 2 log into database + try { + + System.out.println("Debug : before getInstance"); + + manager = CryptoManager.getInstance(); + String token_pwd = tokenpwd; + + System.out.println("Debug : before get token"); + + token = manager.getInternalKeyStorageToken(); + password = new Password(token_pwd.toCharArray()); + + System.out.println("Debug : before login password"); + + token.login(password); + + System.out.println("Debug : after login password"); + } catch (Exception e) { + System.out.println("INITIALIZATION ERROR: " + e.toString()); + + if (!token.isLoggedIn()) { + token.initPassword(password, password); + } + } + + // Key Pair Generation + KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA); + Integer x = new Integer(keysize); + int key_len = x.intValue(); + + kg.initialize(key_len); + + pair = kg.genKeyPair(); + + // wrap private key + // BASE64Decoder decoder = new BASE64Decoder(); + // byte transport[] = decoder.decodeBuffer(transportcert); + byte transport[] = Utils.base64decode(transportcert); + + X509Certificate tcert = manager.importCACertPackage(transport); + + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; + + KeyGenerator kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3); + SymmetricKey sk = kg1.generate(); + + // wrap private key using session + KeyWrapper wrapper1 = token.getKeyWrapper( + KeyWrapAlgorithm.DES3_CBC_PAD); + + wrapper1.initWrap(sk, new IVParameterSpec(iv)); + + byte key_data[] = wrapper1.wrap(( + org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()); + + // wrap session using transport + KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + + rsaWrap.initWrap(tcert.getPublicKey(), null); + + byte session_data[] = rsaWrap.wrap(sk); + + // create CRMF + CertTemplate certTemplate = new CertTemplate(); + + certTemplate.setVersion(new INTEGER(2)); + + if (certnickname != null) { + X500Name name = new X500Name(certnickname); + ByteArrayInputStream cs = new ByteArrayInputStream(name.getEncoded()); + Name n = (Name) Name.getTemplate().decode(cs); + certTemplate.setSubject(n); + } + + certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); + + // set extension + AlgorithmIdentifier algS = new AlgorithmIdentifier( + new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), + new OCTET_STRING(iv)); + + EncryptedValue encValue = new EncryptedValue(null, algS, + new BIT_STRING(session_data, 0), null, null, + new BIT_STRING(key_data, 0)); + + EncryptedKey key = new EncryptedKey(encValue); + PKIArchiveOptions opt = new PKIArchiveOptions(key); + + SEQUENCE seq = new SEQUENCE(); + + seq.addElement( + new AVA(new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.5.1.4"), opt)); + + CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, + seq); + + // Adding proof of possesion data + byte popdata[] = { 0x0, 0x3, 0x0 }; + ProofOfPossession pop = ProofOfPossession.createKeyEncipherment( + POPOPrivKey.createThisMessage(new BIT_STRING(popdata, 3))); + + CertReqMsg crmfMsg = new CertReqMsg(certReq, pop, null); + + SEQUENCE s1 = new SEQUENCE(); + + // 1st : Encryption key + s1.addElement(crmfMsg); + + // 2nd : Signing Key + + if (dualkey) { + System.out.println("dualkey = true"); + SEQUENCE seq1 = new SEQUENCE(); + CertRequest certReqSigning = new CertRequest(new INTEGER(1), + certTemplate, seq1); + CertReqMsg signingMsg = new CertReqMsg(certReqSigning, pop, null); + + s1.addElement(signingMsg); + } + + byte encoded[] = ASN1Util.encode(s1); + + // BASE64Encoder encoder = new BASE64Encoder(); + + // CRMF_REQUEST = encoder.encodeBuffer(encoded); + CRMF_REQUEST = Utils.base64encode(encoded); + + System.out.println("Generated crmf request: ...... "); + System.out.println(""); + + System.out.println(CRMF_REQUEST); + System.out.println(""); + System.out.println("End crmf Request:"); + } catch (Exception e) { + System.out.println("Exception: " + e.getMessage()); + } + + return CRMF_REQUEST; + } + +} // end of class + diff --git a/base/silent/src/com/netscape/pkisilent/common/Con2Agent.java b/base/silent/src/com/netscape/pkisilent/common/Con2Agent.java new file mode 100644 index 000000000..61305305e --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/Con2Agent.java @@ -0,0 +1,318 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.BufferedOutputStream; +import java.io.BufferedReader; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.PrintStream; +import java.util.Vector; + +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.AlreadyInitializedException; +import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.crypto.X509Certificate; +import org.mozilla.jss.pkcs11.PK11Token; +import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; +import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback; +import org.mozilla.jss.ssl.SSLSocket; +import org.mozilla.jss.util.Password; + +/** + * CMS Test framework . + * Submits a requests to agent port with sslclient authentication. + */ + +public class Con2Agent implements SSLClientCertificateSelectionCallback, + SSLCertificateApprovalCallback { + + private int i, port; + private String host, certdir, certnickname, tokenpwd, certname, query; + private String ACTIONURL; + + private BufferedReader stdin = null; + private StringBuffer stdout = new StringBuffer(); + + public Con2Agent() { + } + + /** + * Constructor. Takes hostname , portnumber , certificate nickname, token password ,client certdb directory + * + * @param hostname + * @param portnumber + * @param agent cert nickname + * @param token password + * @param certdb directory + */ + + public Con2Agent(String hs, int p, String cname, String tpwd, String cdir) { + host = hs; + port = p; + certnickname = cname; + tokenpwd = tpwd; + certdir = cdir; + } + + public boolean approve(X509Certificate x509, SSLCertificateApprovalCallback.ValidityStatus status) { + return true; + } + + public String select(@SuppressWarnings("rawtypes") Vector nicknames) { + + System.out.println("nicknames size = " + nicknames.size()); + int i = nicknames.size(); + + if (i > 0) { + return (String) nicknames.elementAt(0); + } else { + return null; + } + + } + + // Get and Set methods + + /* + * Get the page returned by the server + */ + + public StringBuffer getPage() { + return stdout; + } + + /* + * Set the query string to be submitted to the server + */ + + public void setQueryString(String qu) { + query = qu; + } + + /* + *Set token password + */ + + public void setTokenPassword(String pwd) { + tokenpwd = pwd; + } + + /* + * Set Client cert database + */ + + public void setCertDBDir(String cdir) { + certdir = cdir; + } + + /* + * Set host name + */ + + public void setHost(String hs) { + host = hs; + } + + /* + * set Agent port number + */ + + public void setPort(int p) { + port = p; + } + + /* + * Set Agent cert nickname + */ + + public void setCertNickName(String cname) { + certnickname = cname; + } + + /* + * Set action URL + */ + + public void setActionURL(String url) { + ACTIONURL = url; + } + + // Submit requests + + public boolean Send() { + try { + + if (!loginCertDB()) { + return false; + } + + SSLSocket socket = new SSLSocket(host, port, null, 0, this, null); + + System.out.println("Con2Agent.java: host = " + host); + System.out.println("Con2Agent.java: port = " + port); + System.out.println("Con2Agent.java: certnickname = " + certnickname); + + socket.setClientCertNickname(certnickname); + System.out.println("Connected to the socket"); + + OutputStream rawos = socket.getOutputStream(); + BufferedOutputStream os = new BufferedOutputStream(rawos); + PrintStream ps = new PrintStream(os); + + System.out.println(ACTIONURL); + System.out.println("Query :" + query); + ps.println("POST " + ACTIONURL + " HTTP/1.0"); + ps.println("Connection: Keep-Alive"); + ps.println("Content-type: application/x-www-form-urlencoded"); + ps.println("Content-length: " + query.length()); + ps.println(""); + ps.println(query); + ps.println("\r"); + ps.flush(); + os.flush(); + BufferedReader stdin1 = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + String line; + + while ((line = stdin1.readLine()) != null) { + stdout.append(line + "\n"); + System.out.println(line); + } + + // Send Connection: close to let the server close the connection. + // Else the socket on the server side continues to remain in TIME_WAIT state + + ps.println("Connection: close"); + ps.flush(); + os.flush(); + os.close(); + rawos.close(); + ps.close(); + stdin1.close(); + socket.close(); + + if (socket.isClosed()) { + System.out.println("Con2Agent.java : Socket is Closed"); + } else { + System.out.println("Con2Agent.java : Socket not Closed"); + } + + } catch (Exception e) { + System.out.println("some exception: in Send routine" + e); + return false; + } + + return true; + + } + + private boolean loginCertDB() { + CryptoManager manager; + Password pass1 = null; + + try { + System.out.println("Step 1: Initializing CryptoManager"); + CryptoManager.initialize(certdir); + + System.out.println("Step 2: Login to Cert Database"); + manager = CryptoManager.getInstance(); + CryptoToken token = (PK11Token) manager.getInternalKeyStorageToken(); + + if (token.isLoggedIn()) { + System.out.println("Con2Agent: Logged in incorrect"); + } + + System.out.println("tokenpwd:" + tokenpwd); + char[] passchar1 = new char[tokenpwd.length()]; + + tokenpwd.getChars(0, tokenpwd.length(), passchar1, 0); + + pass1 = new Password((char[]) passchar1.clone()); + token.login(pass1); + + X509Certificate cert2 = manager.findCertByNickname(certnickname); + + certname = cert2.getNickname(); + return true; + + } catch (AlreadyInitializedException e) { + System.out.println("Crypto manager already initialized"); + return true; + } catch (NumberFormatException e) { + System.err.println("Invalid key size: " + e); + return false; + } catch (java.security.InvalidParameterException e) { + System.err.println("Invalid key size: " + e); + return false; + + } catch (Exception e) { + System.err.println("some exception:" + e); + e.printStackTrace(); + return false; + } + + } + + public boolean Send_withGET() { + + try { + + if (!loginCertDB()) { + return false; + } + + SSLSocket socket = new SSLSocket(host, port, null, 0, this, null); + + socket.setClientCertNickname(certnickname); + System.out.println("Connected to the socket"); + + OutputStream rawos = socket.getOutputStream(); + BufferedOutputStream os = new BufferedOutputStream(rawos); + PrintStream ps = new PrintStream(os); + + System.out.println("Query in con2agent :" + query); + System.out.println("ACTIONURL in con2agent : " + ACTIONURL); + + ps.println("GET " + ACTIONURL + query + " HTTP/1.0"); + ps.println(""); + ps.println("\r"); + ps.flush(); + os.flush(); + BufferedReader stdin2 = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + String line; + + while ((line = stdin2.readLine()) != null) { + stdout.append(line + "\n"); + } + stdin2.close(); + + socket.close(); + + } catch (Exception e) { + System.err.println("some exception: in Send routine" + e); + return false; + } + + return true; + + } + +} // end of class diff --git a/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java b/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java new file mode 100644 index 000000000..019b75825 --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java @@ -0,0 +1,470 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.BufferedOutputStream; +import java.io.BufferedReader; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.PrintStream; +import java.io.UnsupportedEncodingException; +import java.net.URLEncoder; +import java.util.Date; +import java.util.GregorianCalendar; + +import org.mozilla.jss.ssl.SSLSocket; + +/** + * CMS Test framework - Legacyenrollment forms for Directory based enrollmnet and Portal based enrollment . + * Certificate issuance through Legacy Directory based enrollment and Portal based enrollment form. + * <P> + */ + +public class DirEnroll extends TestClient { + + private int i; + private String Authenticator = "UserDir"; + private int port; + private long elapsedTime; + + private String importcert = "false"; + private boolean impStatus = false; + + // Constructors + + /** + * Constructor . Takes the parameter for Properties file name + * <p> + * + * @param propfilename name of the parameter file + */ + + public DirEnroll(String pfile) { + propfileName = pfile; + } + + /** + * Constructor. Takes hostname , EESSLportnumber as parameter + * <p> + * + * @param hostname + * @param portnumber + */ + + public DirEnroll(String h, String p) { + host = h; + ports = p; + } + + /** + * Constructor. Takes + * hostname,EESSLportnumber,uid,password,certdbdirectorypath,certdbpassword,certificatenickname,keysize,teytype + * <p> + * + * @param hostname + * @param portnumber + * @param subjectdn + * @param admuserid + * @param adminpassword + */ + + public DirEnroll(String hs, String p, String uid, String pw, String certdir, String certtokenpwd, String nickname, + String ksz, String kt) { + + host = hs; + ports = p; + UID = uid; + PWD = pw; + cdir = certdir; + tokenpwd = certtokenpwd; + certnickname = nickname; + keysize = "1024"; + keytype = "RSA"; + } + + // Set and Get functions + + /** + * Use this method to set User Info + */ + public void setUIDInfo(String uid, String pw) { + UID = uid; + PWD = pw; + } + + /** + * Returns a string "UserDir" / "Portal" + */ + + public String getAuthenticator() { + return Authenticator; + } + + /** + * Valid values for s - UserDir for Directory based Authntication + * Portal for Portal based Authentication + */ + public void setAuthenticator(String s) { + Authenticator = s; + } + + public boolean enroll_load() throws UnsupportedEncodingException { + buildquery(); + return (Send()); + } + + private boolean pkcs10() { + System.out.println(" In pkcs10 Keysize , key type " + keysize + keytype); + cCrypt.setCertDir(cdir); + cCrypt.setCertnickname("cn=test"); + cCrypt.setKeySize(keysize); + cCrypt.setKeyType(keytype); + cCrypt.setTokenPWD(tokenpwd); + + cCrypt.setDebug(debug); + cCrypt.setGenerateRequest(true); + if (!cCrypt.generateRequest()) { + System.out.println("Request could not be generated "); + return false; + } + pkcs10request = cCrypt.getPkcs10Request(); + + try { + buildquery(); + System.out.println(query); + setStatusString("Congratulations, your certificate has been issued."); + return (Send()); + } catch (Exception e) { + System.err.println("some exception:" + e); + } + + return false; + + } + + /** + * Enroll for certificate . Before calling this mentod SetAuthenticator and setUIDInfo + */ + public boolean enroll() { + return (pkcs10()); + } + + private boolean readProperties() { + + // Read the properties file and assign values to variables . + try { + getProperties(propfileName); + } catch (Exception e) { + System.out.println( + "exception reading Properties File " + e.getMessage()); + return false; + } + + System.out.println("Reading"); + host = props.getProperty("enroll.host"); + ports = props.getProperty("enroll.port"); + UID = props.getProperty("enroll.UID"); + PWD = props.getProperty("enroll.pwd"); + cdir = props.getProperty("enroll.certdir"); + tokenpwd = props.getProperty("enroll.certtokenpwd"); + certnickname = props.getProperty("enroll.nickname"); + keysize = props.getProperty("enroll.keysize"); + keytype = props.getProperty("enroll.keytype"); + Authenticator = props.getProperty("enroll.authenticator"); + GN = props.getProperty("enroll.GN"); + SN = props.getProperty("enroll.SN"); + CN = props.getProperty("enroll.CN"); + OU = props.getProperty("enroll.OU"); + O = props.getProperty("enroll.O"); + MAIL = props.getProperty("enroll.mail"); + L = props.getProperty("enroll.l"); + + importcert = props.getProperty("enroll.importCert"); + if (importcert == null) { + importcert = "false"; + } + String de = props.getProperty("enroll.debug"); + + if (de == null) { + debug = false; + } else if (de.equals("true")) { + debug = true; + } else { + debug = false; + } + + System.out.println("Reading done"); + // Enroll using a pkscks10 request + return true; + } + + // Private functions + + private boolean importCert(String certpack) { + + if (importcert.equals("false")) { + return true; + } + + try { + if (certpack == null) { + return false; + } + + if (debug) { + System.out.println( + "importing cert" + certpack + "certnick" + certnickname); + } + + cCrypt.importCert(certpack, certnickname); + + return true; + + } catch (Exception e) { + System.out.println("exception importing cert " + e.getMessage()); + return false; + } + + } + + private void setElapsedTime(long dif) { + elapsedTime = dif; + } + + private long calculateElapsedTime(GregorianCalendar b, GregorianCalendar e) { + + Date d1 = b.getTime(); + Date d2 = e.getTime(); + long l1 = d1.getTime(); + long l2 = d2.getTime(); + long difference = l2 - l1; + + return difference; + + } + + private boolean Send() { + boolean st = false; + + try { + if (debug) { + System.out.println("Step 3 : Socket initialize"); + } + + Integer x = new Integer(ports); + + port = x.intValue(); + ErrorDetail = null; + GregorianCalendar begin = new GregorianCalendar(); + + // SSLSocket socket = new SSLSocket(host,port); + SSLSocket socket = new SSLSocket(host, port, null, 0, this, null); + + socket.setUseClientMode(true); + + OutputStream rawos = socket.getOutputStream(); + BufferedOutputStream os = new BufferedOutputStream(rawos); + PrintStream ps = new PrintStream(os); + + ps.println("POST /enrollment HTTP/1.0"); + ps.println("Connection: Keep-Alive"); + ps.println("Content-type: application/x-www-form-urlencoded"); + ps.println("Content-length: " + query.length()); + ps.println(""); + ps.println(query); + ps.println("\r"); + ps.flush(); + os.flush(); + BufferedReader stdin = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + + if (debug) { + System.out.println("Step 4: Received the page"); + } + st = false; + String line; + + while ((line = stdin.readLine()) != null) { + if (debug) { + System.out.println(line); + } + if (line.indexOf(STATUS) != -1) { + st = true; + } + if (getError(line)) { + st = true; + } + + if (line.indexOf("record.base64Cert=") > -1) { + String baseCert = line; + + System.out.println("BaseCert : " + baseCert); + if (importcert.equals("true")) { + String strbase = "record.base64Cert="; + + int n = strbase.length() + 1; + + baseCert = baseCert.substring(n); + String tmp = baseCert.substring(0, baseCert.length() - 2); + + if (importCert(tmp)) { + impStatus = true; + } + } else { + impStatus = true; + } + } + + } + stdin.close(); + socket.close(); + os.close(); + rawos.close(); + ps.close(); + os = null; + rawos = null; + stdin = null; + ps = null; + line = null; + + GregorianCalendar end = new GregorianCalendar(); + long diff = calculateElapsedTime(begin, end); + + setElapsedTime(diff); + + } catch (Exception e) { + System.err.println("some exception: in Send routine" + e); + return false; + } + + return st; + + } + + private void buildquery() throws UnsupportedEncodingException { + + StringBuffer queryStrBuf = new StringBuffer(); + + queryStrBuf.append("certType=client"); + queryStrBuf.append("&importCert=off"); + queryStrBuf.append("&non_repudiation=true"); + queryStrBuf.append("&submit=Submit"); + queryStrBuf.append("&key_encipherment=true"); + queryStrBuf.append("&digital_signature=true"); + queryStrBuf.append("&ssl_client=true"); + + System.out.println("Authenticator : " + Authenticator); + + if (Authenticator.equals("UserDir")) { + queryStrBuf.append("&authenticator=UserDirEnrollment"); + queryStrBuf.append("&requestFormat=keygen"); + queryStrBuf.append("&uid="); + queryStrBuf.append(URLEncoder.encode(UID, "UTF-8")); + queryStrBuf.append("&pwd="); + queryStrBuf.append(URLEncoder.encode(PWD, "UTF-8")); + queryStrBuf.append("&email=true"); + queryStrBuf.append("&cryptprovider=1"); + + } + + if (Authenticator.equals("Portal")) { + queryStrBuf.append("&authenticator=PortalEnrollment"); + queryStrBuf.append("&requestFormat=keygen"); + queryStrBuf.append("&uid="); + queryStrBuf.append(URLEncoder.encode(UID, "UTF-8")); + queryStrBuf.append("&userPassword="); + queryStrBuf.append(URLEncoder.encode(PWD, "UTF-8")); + GN = "test"; + SN = "test"; + CN = "test"; + MAIL = "test@netscape.com"; + OU = "aol"; + O = "aol"; + L = "MV"; + queryStrBuf.append("&givenname="); + queryStrBuf.append(URLEncoder.encode(GN, "UTF-8")); + + queryStrBuf.append("&sn="); + queryStrBuf.append(URLEncoder.encode(SN, "UTF-8")); + queryStrBuf.append("&cn="); + queryStrBuf.append(URLEncoder.encode(CN, "UTF-8")); + + queryStrBuf.append("&mail="); + queryStrBuf.append(URLEncoder.encode(MAIL, "UTF-8")); + queryStrBuf.append("&ou="); + queryStrBuf.append(URLEncoder.encode(OU, "UTF-8")); + queryStrBuf.append("&o="); + queryStrBuf.append(URLEncoder.encode(O, "UTF-8")); + queryStrBuf.append("&l="); + queryStrBuf.append(URLEncoder.encode(L, "UTF-8")); + + queryStrBuf.append("&email=true"); + + } + + if (Authenticator.equals("NIS")) { + queryStrBuf.append("&authenticator=NISAuth"); + queryStrBuf.append("&requestFormat=keygen"); + queryStrBuf.append("&uid="); + queryStrBuf.append(URLEncoder.encode(UID, "UTF-8")); + queryStrBuf.append("&pwd="); + queryStrBuf.append(URLEncoder.encode(PWD, "UTF-8")); + queryStrBuf.append("&email=true"); + + } + + queryStrBuf.append("&pkcs10Request="); + queryStrBuf.append(URLEncoder.encode(pkcs10request, "UTF-8")); + query = queryStrBuf.toString(); + + System.out.println(query); + + } + + public static void main(String args[]) { + // Exit Status - (0) for error/Fail + // - requestId Pass + boolean st; + + System.out.println(args.length); + if (args.length < 1) { + System.out.println("Usage : propertiesfile"); + System.exit(0); + } + + DirEnroll t = new DirEnroll(args[0]); + + t.readProperties(); + st = t.enroll(); + if (st) { + System.out.println( + t.getAuthenticator() + " based enrollment successfull. "); + System.exit(1); + } else { + + System.out.println( + t.getAuthenticator() + + " based enrollment was not successful." + + "Error: " + t.getErrorDetail()); + System.exit(0); + } + }// end of function main + +} // end of class + diff --git a/base/silent/src/com/netscape/pkisilent/common/ParseXML.java b/base/silent/src/com/netscape/pkisilent/common/ParseXML.java new file mode 100644 index 000000000..de1b38172 --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/ParseXML.java @@ -0,0 +1,170 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.BufferedReader; +import java.io.FileInputStream; +import java.io.InputStreamReader; +import java.util.ArrayList; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.apache.xml.serialize.OutputFormat; +import org.apache.xml.serialize.XMLSerializer; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +public class ParseXML { + Document dom = null; + + public ParseXML() {// nothing + } + + public void parse(java.io.InputStream is) { + try { + // get the factory + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + + // Using factory get an instance of document builder + DocumentBuilder db = dbf.newDocumentBuilder(); + + // parse using builder to get DOM representation of the XML file + dom = db.parse(is); + } catch (Exception se) { + System.out.println("ERROR: unable to parse xml"); + se.printStackTrace(); + + try { + BufferedReader br = new BufferedReader(new InputStreamReader(is)); + StringBuilder sb = new StringBuilder(); + String line = null; + + while ((line = br.readLine()) != null) { + sb.append(line + "\n"); + } + + br.close(); + System.out.println("ERROR XML = " + sb.toString()); + } catch (Exception se1) { + System.out.println("ERROR: unable to print xml"); + se1.printStackTrace(); + } + } + } + + public String getvalue(String tag) { + String temp = null; + + try { + + // get the root elememt + Element docEle = dom.getDocumentElement(); + + // get a nodelist of <employee> elements + NodeList nl = docEle.getElementsByTagName(tag); + + if (nl != null && nl.getLength() > 0) { + Element el = (Element) nl.item(0); + + if (el != null) { + temp = el.getFirstChild().getNodeValue(); + } + } + } catch (Exception e) { + System.out.println("ERROR: Tag=" + tag + "has no values"); + return null; + } + + return temp; + } + + public void prettyprintxml() { + try { + // Serialize the document + OutputFormat format = new OutputFormat(dom); + + format.setLineWidth(65); + format.setIndenting(true); + format.setIndent(2); + XMLSerializer serializer = new XMLSerializer(System.out, format); + + serializer.serialize(dom); + } catch (Exception e) { + } + } + + private String getTextValue(Element ele, String tagName) { + String textVal = null; + NodeList nl = ele.getElementsByTagName(tagName); + + if (nl != null && nl.getLength() > 0) { + Element el = (Element) nl.item(0); + + textVal = el.getFirstChild().getNodeValue(); + } + + return textVal; + } + + // returns an arraylist of values for the corresponding tag + + public ArrayList<String> constructValueList(String first, String second) { + ArrayList<String> al = new ArrayList<String>(); + + try { + // get the root elememt + Element docEle = dom.getDocumentElement(); + + // get a nodelist of <employee> elements + NodeList nl = docEle.getElementsByTagName(first); + + if (nl != null && nl.getLength() > 0) { + for (int i = 0; i < nl.getLength(); i++) { + Element el = (Element) nl.item(i); + String value = getTextValue(el, second); + + System.out.println("tag=" + second + " value=" + value); + if (value != null) { + al.add(value); + } + } + } + } catch (Exception e) { + System.out.println("ERROR: Tag=" + first + " has no values"); + } + + return al; + } + + public static void main(String args[]) { + try { + + ParseXML px = new ParseXML(); + FileInputStream fiscfg = new FileInputStream("/tmp/test.xml"); + + px.parse(fiscfg); + px.prettyprintxml(); + + } catch (Exception e) { + } + } + +}; // end class diff --git a/base/silent/src/com/netscape/pkisilent/common/PostQuery.java b/base/silent/src/com/netscape/pkisilent/common/PostQuery.java new file mode 100644 index 000000000..31fb07b3e --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/PostQuery.java @@ -0,0 +1,141 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.BufferedReader; +import java.io.DataOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.net.HttpURLConnection; +import java.net.MalformedURLException; +import java.net.URL; + +import com.netscape.cmsutil.util.Utils; + +/** + * CMS Test framework . + * This class submits request to admin server after authenticating with UID and Password. You can get back the response + * by calling the method. getPage(). + */ + +public class PostQuery { + + private boolean st; + private String NmcStatus = "NMC_STATUS: 0"; + private String postQuery = null; + private String adminID, adminPWD, URLString; + + private StringBuffer stdout = new StringBuffer(); + + /** + * Constructor . Takes the parameters urlstring("http://hostname:<portnumber> , Id for authenticating to the server, + * password for authentication to the server and query which needs to be submitted to the server + */ + + public PostQuery(String urlstr, String authid, String authpwd, String querystring) { + + URLString = urlstr; + adminID = authid; + adminPWD = authpwd; + postQuery = querystring; + + } + + public void setNMCStatus(String m) { + NmcStatus = m; + } + + public void setPostQueryString(String querystring) { + postQuery = querystring; + } + + public void setAuth(String ID, String Pwd) { + adminID = ID; + adminPWD = Pwd; + } + + public StringBuffer getPage() { + return stdout; + } + + public boolean Send() { + // / This functions connects to the URL and POST HTTP Request . + // It compares with NMC_STATUS and return the status. + System.out.println(URLString); + st = false; + + try { + + URL myUrl = new URL(URLString); + String userPassword = adminID + ":" + adminPWD; + + System.out.println("adminid=" + adminID); + System.out.println("adminpwd=" + adminPWD); + // String encoding = new sun.misc.BASE64Encoder().encode( + // userPassword.getBytes()); + String encoding = Utils.base64encode( + userPassword.getBytes()); + HttpURLConnection URLCon = (HttpURLConnection) myUrl.openConnection(); + + URLCon.setRequestProperty("Authorization", "Basic " + encoding); + URLCon.setDoOutput(true); + URLCon.setDoInput(true); + URLCon.setUseCaches(false); + URLCon.setRequestProperty("Content-type", + "application/x-www-form-urlencoded"); + // URLCon.setRequestMethod("POST"); + System.out.println("After post"); + + DataOutputStream os = new DataOutputStream(URLCon.getOutputStream()); + + System.out.println("Query: " + postQuery); + + os.writeBytes(postQuery); + os.flush(); + os.close(); + + InputStream Content = (InputStream) URLCon.getInputStream(); + + System.out.println("Configuring Cert Instance : Return Response"); + BufferedReader in = new BufferedReader( + new InputStreamReader(Content)); + String line; + + while ((line = in.readLine()) != null) { + System.out.println(line); + stdout.append(line + "\n"); + st = line.startsWith(NmcStatus); + if (st) { + break; + } + } + URLCon.disconnect(); + } // try + catch (MalformedURLException e) { + System.out.println(URLString + " is not a valid URL."); + + } catch (IOException e) { + System.out.println("exception : " + e.getMessage()); + } + System.out.println(st); + return st; + } + +} diff --git a/base/silent/src/com/netscape/pkisilent/common/Request.java b/base/silent/src/com/netscape/pkisilent/common/Request.java new file mode 100644 index 000000000..3dffc929c --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/Request.java @@ -0,0 +1,1138 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.UnsupportedEncodingException; +import java.net.URLEncoder; +import java.util.Calendar; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.Vector; + +/** + * CMS Test framework . + * Submits List,Approve,Reject,cancel requests to agent port + */ + +public class Request extends TestClient { + + private String validityperiod; + private String approveseqnum, type, reqType, reqState, agenttype; + private int i; + + // Program variables + private String ACTION_PROCESS_CERT_REQUEST = null; + private String ACTION_LISTREQUEST = "/queryReq"; + private int reqtype = 1; + private int seqNumFrom = 1; + private int maxCount = 50; + private int validperiod = 180; + private String cadualcert_name = null; + + private String approveseqnumFrom, approveseqnumTo; + // Request variables + private Vector<String> seqNum = new Vector<String>(); + private String AUTH_ID = null; + + // Cert Detail variables + + private String csrRequestorName, csrRequestorPhone, csrRequestorEmail, subject, subjectdn, reqStatus, certType; + private String requestType, requestID, sslclient, clientcert, servercert, emailcert, objectsigningcert, sslcacert, + objectsigningcacert, emailcacert, sigAlgo, totalRecord, validitylength, trustedManager; + + private int totalNumApproved = 0; + + // Constructors + + /** + * Constructor . Takes the parameter for Properties file name + * + * @param propfileName name of the parameter file. + */ + + public Request(String pfile) { + propfileName = pfile; + } + + /** + * Constructor . Takes the parameter host , port and "angent type - ca/ra" + * + * @param hostname. + * @param port + * @param agenttype Whether ca or ra agent + */ + + public Request(String h, String p, String at) { + host = h; + ports = p; + agenttype = at; + } + + /** + * Constructor . Takes the following parmaters + * + * @param hostName . + * @param port + * @param adminuid + * @param adminpwd + * @param agentcertnickname + * @param certdb + * @param tokenpwd + * @param approveSequncenumber + * @param ApproveSequenceNumberFrom + * @param ApproveSequnceNumberTo + * @param type + * @param reqtype enrollment/revoked + * @param requestState complete/pending + * @param agentType ra/ca + * @param trustedManager true/false + */ + + public Request(String h, String p, String aid, String apwd, String cname, String cd, String ctpwd, String snum, + String sfrom, String sto, String ty, String rty, String rstate, String aty, String tm) { + host = h; + ports = p; + adminid = aid; + adminpwd = apwd; + certnickname = cname; + cdir = cd; + tokenpwd = ctpwd; + approveseqnum = snum; + approveseqnumFrom = sfrom; + if (approveseqnumFrom == null) { + approveseqnumFrom = "1"; + } + + approveseqnumTo = sto; + if (approveseqnumTo == null) { + approveseqnumTo = "100"; + } + + type = ty; + reqType = rty; + reqState = rstate; + agenttype = aty; + if (agenttype == null) { + agenttype = "ca"; + } + + trustedManager = tm; + if (trustedManager.equals("true")) { + trustedManager = "true"; + } else { + trustedManager = "false"; + } + debug = false; + + } + + /** + * Set Agent Cert nick name + */ + public void setAgentCertName(String s) { + certnickname = s; + } + + /** + * List all pending enrollment request. Takes parameters fromRequestNumber,toRequestNumber + * + * @param fromrequest number + * @param endrequestnumber. + * @throws UnsupportedEncodingException + */ + + public Vector<String> ListPendingRequests(String fromRequestNumber, String toRequestNumber) throws UnsupportedEncodingException { + reqState = "showWaiting"; + reqType = "enrollment"; + approveseqnumFrom = fromRequestNumber; + approveseqnumTo = toRequestNumber; + listRequest(approveseqnumFrom, approveseqnumTo); + return seqNum; + } + + /** + * List all pending request. Takes parameters fromRequestNumber,toRequestNumber + * + * @param fromrequest number + * @param endrequestnumber. + * @throws UnsupportedEncodingException + */ + + public Vector<String> ListAllRequests(String fromRequestNumber, String toRequestNumber) throws UnsupportedEncodingException { + reqState = "showAll"; + reqType = "enrollment"; + approveseqnumFrom = fromRequestNumber; + approveseqnumTo = toRequestNumber; + listRequest(approveseqnumFrom, approveseqnumTo); + return seqNum; + } + + /** + * Approve pending enrollment request. Takes parameters RequestNumber + * + * @param request number + * @throws UnsupportedEncodingException + */ + + public int ApproveRequests(String requestNumber) throws UnsupportedEncodingException { + reqState = "showWaiting"; + reqType = "enrollment"; + approveseqnum = requestNumber; + approveseqnumFrom = requestNumber; + approveseqnumTo = requestNumber; + if (approveRequest()) { + System.out.println("Approve Request :" + totalNumApproved); + return totalNumApproved; + } else { + return -1; + } + + } + + /** + * Approve profile based pending enrollment request. Takes parameters RequestNumber + * + * @param request number + * @throws UnsupportedEncodingException + */ + + public int ApproveProfileRequests(String RequestNumber) throws UnsupportedEncodingException { + + approveseqnum = RequestNumber; + approveseqnumFrom = RequestNumber; + approveseqnumTo = RequestNumber; + + reqtype = 4; + buildquery(); + if (!Send()) { + System.out.println("Error: Approving request " + approveseqnum); + return 0; + } + return 1; + + } + + public boolean Approve_cadualcert_Profile_Request(String RequestNumber, String name) throws UnsupportedEncodingException { + + approveseqnum = RequestNumber; + approveseqnumFrom = RequestNumber; + approveseqnumTo = RequestNumber; + + cadualcert_name = name; + + // reqtype = 7 means cadualcert profile request + // this is just a convention that we follow within this file to distinguish + // bet'n the different requests + + reqtype = 7; + + buildquery(); + + if (!Send()) { + System.out.println("Error: Approving request " + approveseqnum); + return false; + } + + return true; + + } + + /** + * Reject profile based pending enrollment request. Takes parameters RequestNumber + * + * @param request number + * @throws UnsupportedEncodingException + */ + + public int RejectProfileRequests(String RequestNumber) throws UnsupportedEncodingException { + + approveseqnum = RequestNumber; + approveseqnumFrom = RequestNumber; + approveseqnumTo = RequestNumber; + + reqtype = 5; + buildquery(); + if (!Send()) { + System.out.println("Error: Rejecting request " + approveseqnum); + return 0; + } + return 1; + + } + + /** + * Cancel profile based pending enrollment request. Takes parameters RequestNumber + * + * @param request number + * @throws UnsupportedEncodingException + */ + + public int CancelProfileRequests(String RequestNumber) throws UnsupportedEncodingException { + + approveseqnum = RequestNumber; + approveseqnumFrom = RequestNumber; + approveseqnumTo = RequestNumber; + + reqtype = 6; + buildquery(); + if (!Send()) { + System.out.println("Error: canceling request " + approveseqnum); + return 0; + } + return 1; + + } + + // private methods + private boolean RetrieveProfileCancel(StringBuffer s) { + String res = s.toString(); + int ret = 0; + + ret = res.indexOf("requestStatus="); + String status = res.substring(ret + "requestStatus=".length() + 1, + res.indexOf(";", ret) - 1); + + if (!status.equals("canceled")) { + ErrorDetail = res.substring(ret + "errorReason=".length() + 1, + res.indexOf(";", ret) - 1); + return false; + } + + return true; + } + + private boolean RetrieveProfileReject(StringBuffer s) { + String res = s.toString(); + int ret = 0; + + ret = res.indexOf("requestStatus="); + String status = res.substring(ret + "requestStatus=".length() + 1, + res.indexOf(";", ret) - 1); + + if (!status.equals("rejected")) { + ErrorDetail = res.substring(ret + "errorReason=".length() + 1, + res.indexOf(";", ret) - 1); + return false; + } + + return true; + } + + private boolean RetrieveProfileApproval(StringBuffer s) { + String res = s.toString(); + int ret = 0; + + ret = res.indexOf("requestStatus="); + String status = res.substring(ret + "requestStatus=".length() + 1, + res.indexOf(";", ret) - 1); + + if (!status.equals("complete")) { + ErrorDetail = res.substring(ret + "errorReason=".length() + 1, + res.indexOf(";", ret) - 1); + return false; + } + + return true; + + } + + private boolean RetrieveReq(StringBuffer s) { + String AUTHID = "header.authorityid = "; + String seqnum = "record.seqNum"; + + String res = s.toString(); + int ret = 0; + + if ((ret = res.indexOf(AUTHID)) > -1) { + AUTH_ID = res.substring(ret + AUTHID.length() + 1, + res.indexOf(";", ret) - 1); + while (ret > 0) { + if ((ret = res.indexOf(seqnum, ret)) > -1) { + int bi = ret + seqnum.length() + 2; + int be = res.indexOf(";", ret) - 1; + + seqNum.addElement(res.substring(bi, be)); + ret++; + } + + } + + } + + ret = res.indexOf("header.totalRecordCount ="); + totalRecord = res.substring(ret + "header.totalRecordCount = ".length(), + res.indexOf(";", ret)); + + return true; + + } + + private boolean RetrieveCertDetails(StringBuffer s) { + + // System.out.println("Debug : Retrieving cert details "); + String res = s.toString(); + + if (debug) { + System.out.println(res); + } + int ret = 0; + + boolean st = false; + + for (int t = 0; t < 25; t++) { + String cmp = "header.SERVER_ATTRS[" + t + "].name="; + + ret = res.indexOf(cmp); + if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( + "requestId")) { + ret = res.indexOf("header.SERVER_ATTRS[" + t + "].value="); + requestID = res.substring( + ret + "header.SERVER_ATTRS[t].value=".length() + 1, + res.indexOf(";", ret) - 1); + } + if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( + "requestStatus")) { + ret = res.indexOf("header.SERVER_ATTRS[" + t + "].value="); + reqStatus = res.substring( + ret + "header.SERVER_ATTRS[t].value=".length() + 1, + res.indexOf(";", ret) - 1); + } + + if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( + "requestType")) { + ret = res.indexOf("header.SERVER_ATTRS[" + t + "].value="); + requestType = res.substring( + ret + "header.SERVER_ATTRS[t].value=".length() + 1, + res.indexOf(";", ret) - 1); + } + + } // end of for loop + + // System.out.println("Debug : Retrieving cert details Serverattributes "); + + if (requestID.equals(approveseqnum)) { + st = true; + } + + if (!st) { + System.out.println("Error in retrieving the record " + approveseqnum); + return false; + } + + // System.out.println("Debug : Retrieving cert details HTTP parmas "); + + for (int t = 0; t < 25; t++) { + String cmp = "header.HTTP_PARAMS[" + t + "].name="; + + ret = res.indexOf(cmp); + if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( + "csrRequestorEmail")) { + ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value="); + csrRequestorEmail = res.substring( + ret + "header.HTTP_PARAMS[t].value=".length() + 1, + res.indexOf(";", ret) - 1); + } + if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( + "csrRequestorPhone")) { + ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value="); + csrRequestorPhone = res.substring( + ret + "header.HTTP_PARAMS[t].value=".length() + 1, + res.indexOf(";", ret) - 1); + } + if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( + "csrRequestorName")) { + ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value="); + csrRequestorName = res.substring( + ret + "header.HTTP_PARAMS[t].value=".length() + 1, + res.indexOf(";", ret) - 1); + } + + if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( + "subject")) { + ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value="); + subjectdn = res.substring( + ret + "header.HTTP_PARAMS[t].value=".length() + 1, + res.indexOf(";", ret) - 1); + } + + } // end of for loop + + // System.out.println("Debug : Retrieving cert details"); + + ret = res.indexOf("header.subject ="); + if (ret > 0) { + subject = res.substring(ret + "header.subject = ".length() + 1, + res.indexOf(";", ret) - 1); + } + // System.out.println("Debug : Retrieving cert details "); + + sslclient = + clientcert = + servercert = + emailcert = objectsigningcert = sslcacert = objectsigningcacert = emailcacert = "false"; + ret = res.indexOf("header.sslclient ="); + if (ret > 0) { + sslclient = res.substring(ret + "header.sslclient = ".length() + 1, + res.indexOf(";", ret) - 1); + } + // System.out.println("Debug : Retrieving cert details "); + + ret = res.indexOf("header.ext_ssl_client ="); + if (ret > 0) { + clientcert = res.substring( + ret + "header.ext_ssl_client = ".length() + 1, + res.indexOf(";", ret) - 1); + } + // System.out.println("Debug : Retrieving cert details "); + + ret = res.indexOf("header.ext_email ="); + if (ret > 0) { + emailcert = res.substring(ret + "header.ext_email = ".length() + 1, + res.indexOf(";", ret) - 1); + } + // System.out.println("Debug : Retrieving cert details "); + + ret = res.indexOf("header.ext_ssl_server ="); + if (ret > 0) { + servercert = res.substring( + ret + "header.ext_ssl_server = ".length() + 1, + res.indexOf(";", ret) - 1); + } + + // System.out.println("Debug : Retrieving cert details "); + + ret = res.indexOf("header.ext_object_signing ="); + if (ret > 0) { + objectsigningcert = res.substring( + ret + "header.ext_object_signing = ".length() + 1, + res.indexOf(";", ret) - 1); + } + + // System.out.println("Debug : Retrieving cert details "); + + ret = res.indexOf("header.ext_ssl_ca ="); + if (ret > 0) { + sslcacert = res.substring(ret + "header.ext_ssl_ca = ".length() + 1, + res.indexOf(";", ret) - 1); + } + + // System.out.println("Debug : Retrieving cert details "); + + if (ret > 0) { + ret = res.indexOf("header.ext_object_signing_ca="); + } + objectsigningcacert = res.substring( + ret + "header.ext_object_signing_ca = ".length() + 1, + res.indexOf(";", ret) - 1); + + // System.out.println("Debug : Retrieving cert details "); + + ret = res.indexOf("header.ext_email_ca ="); + if (ret > 0) { + emailcacert = res.substring( + ret + "header.ext_email_ca = ".length() + 1, + res.indexOf(";", ret) - 1); + } + + // System.out.println("Debug : Retrieving cert details "); + + ret = res.indexOf("header.certType ="); + if (ret > 0) { + certType = res.substring(ret + "header.certType = ".length() + 1, + res.indexOf(";", ret) - 1); + } + // System.out.println("Debug : Retrieving cert details "); + + ret = res.indexOf("header.signatureAlgorithmName ="); + if (ret > 0) { + sigAlgo = res.substring( + ret + "header.signatureAlgorithmName = ".length() + 1, + res.indexOf(";", ret) - 1); + } + + ret = res.indexOf("header.validityLength ="); + if (ret > 0) { + validitylength = res.substring( + ret + "header.validityLength = ".length() + 1, + res.indexOf(";", ret) - 1); + } + + return true; + + } + + private boolean approveRequestStatus(StringBuffer s) { + + String res = s.toString(); + + if (debug) { + System.out.println(res); + } + + // Find th Server_ATTRS paramteter value of reqStatus + + int i = 1; + int ret; + + for (int t = 0; t < 25; t++) { + String cmp = "header.SERVER_ATTRS[" + t + "].name="; + + ret = res.indexOf(cmp); + if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals( + "requestStatus")) { + i = t; + break; + } + + } + + String req = "header.SERVER_ATTRS[" + i + "].value="; + + ret = res.indexOf(req); + reqStatus = res.substring(ret + req.length() + 1, + res.indexOf(";", ret) - 1); + + if (reqStatus != null) { + reqStatus.toLowerCase(); + if (reqStatus.equals("complete")) { + return true; + } else { + return false; + } + } + + return false; + + } + + private boolean Send() { + debug = true; + boolean st = false; + + try { + // Covert the string port to int port + + Integer x = new Integer(ports); + + port = x.intValue(); + + Con2Agent con = new Con2Agent(host, port, certnickname, tokenpwd, + cdir); + + con.setQueryString(query); + con.setActionURL(ACTION_STRING); + con.Send(); + StringBuffer s = new StringBuffer(); + + s = con.getPage(); + + if (debug) { + System.out.println(s.toString()); + } + switch (reqtype) { + case 1: + st = RetrieveReq(s); + break; + + case 2: + st = RetrieveCertDetails(s); + break; + + case 3: + st = approveRequestStatus(s); + break; + + case 4: + st = RetrieveProfileApproval(s); + break; + + case 5: + st = RetrieveProfileReject(s); + break; + + case 6: + st = RetrieveProfileCancel(s); + break; + + case 7: + st = RetrieveProfileApproval(s); + break; + + default: + System.out.println("reqtype not recognized"); + } + } catch (Exception e) { + System.err.println("exception: in Send routine" + e); + return false; + } + + return st; + } + + private void buildquery() throws UnsupportedEncodingException { + + if (reqtype == 1) { // req type = list + ACTION_STRING = "/" + agenttype + ACTION_LISTREQUEST; + query = "seqNumFrom=" + seqNumFrom; + query += "&maxCount=" + maxCount; + query += "&reqType=" + reqType; + query += "&reqState=" + reqState; + + } + + if (reqtype == 2) { // get cert details + ACTION_PROCESS_CERT_REQUEST = "/" + AUTH_ID + "/processCertReq"; + ACTION_STRING = ACTION_PROCESS_CERT_REQUEST; + query = "seqNum=" + approveseqnum; + + } + + if (reqtype == 3) { // aaprove cert + + if (validityperiod != null) { + Integer x = new Integer(validityperiod); + + validperiod = x.intValue(); + } else { + validperiod = 180; + } + + ACTION_PROCESS_CERT_REQUEST = "/" + AUTH_ID + "/processCertReq"; + ACTION_STRING = ACTION_PROCESS_CERT_REQUEST; + query = "seqNum=" + approveseqnum; + query += "&toDo=accept"; + if (subjectdn != null) { + query += "&subject=" + URLEncoder.encode(subjectdn, "UTF-8"); + } else if (subject != null) { + query += "&subject=" + URLEncoder.encode(subject, "UTF-8"); + } + + if (csrRequestorName != null) { + query += "&csrRequestorName=" + csrRequestorName; + } + if (csrRequestorPhone != null) { + query += "&csrRequestorPhone=" + csrRequestorPhone; + } + + if (csrRequestorEmail != null) { + query += "&csrRequestorEmail=" + csrRequestorEmail; + } + if (sigAlgo != null) { + query += "&signatureAlgorithm=" + sigAlgo; + } + query += "&grantUID=u" + approveseqnum; + + GregorianCalendar begin = new GregorianCalendar(); + GregorianCalendar end = new GregorianCalendar(); + + end.add(GregorianCalendar.DATE, validperiod); + Date begindate = begin.getTime(); + Date enddate = end.getTime(); + + query += "¬ValidBefore=" + begindate.getTime() / 1000; + query += "¬ValidAfter=" + enddate.getTime() / 1000; + + if (clientcert.equals("true")) { + query += "&certTypeSSLClient=" + clientcert; + } + + if (servercert.equals("true")) { + query += "&certTypeSSLServer=" + servercert; + } + + if (emailcert.equals("true")) { + query += "&certTypeEmail=" + emailcert; + } + + if (objectsigningcert.equals("true")) { + query += "&certTypeObjSigning=" + objectsigningcert; + } + + query += "&grantTrustedManagerPrivilege=" + trustedManager; + + } + + if ((reqtype == 4) || (reqtype == 5) || (reqtype == 6)) { // profile based cert request + + if (validityperiod != null) { + Integer x = new Integer(validityperiod); + + validperiod = x.intValue(); + } else { + validperiod = 180; + } + + ACTION_PROCESS_CERT_REQUEST = "/" + agenttype + "/profileProcess"; + ACTION_STRING = ACTION_PROCESS_CERT_REQUEST; + query = "requestId=" + approveseqnum; + query += "&name=" + + URLEncoder.encode( + "UID=test,E=test,CN=test,OU=netscape,O=aol", "UTF-8"); + query += "&keyUsageCritical=true"; + query += "&keyUsageDigitalSignature=true"; + query += "&keyUsageNonRepudiation=true"; + query += "&keyUsageKeyEncipherment=true"; + query += "&keyUsageDataEncipherment=false"; + query += "&keyUsageKeyAgreement=false"; + query += "&keyUsageKeyCertSign=false"; + query += "&keyUsageCrlSign=false"; + query += "&keyUsageEncipherOnly=false"; + query += "&keyUsageDecipherOnly=false"; + + query += "&nsCertCritical=false"; + query += "&nsCertSSLClient=true"; + + query += "&nsCertSSLServer=false"; + query += "&nsCertEmail=true"; + query += "&nsCertObjectSigning=false"; + query += "&nsCertSSLCA=false"; + query += "&nsCertEmailCA=false"; + query += "&nsCertObjectSigningCA=false"; + + query += "&subAltNameExtCritical=false"; + query += "&subjAltNames=RFC822Name:" + + URLEncoder.encode(" thomasknscp@aol.com", "UTF-8"); + query += "&signingAlg=MD5withRSA"; + + query += "&submit=submit"; + + GregorianCalendar begin = new GregorianCalendar(); + GregorianCalendar end = new GregorianCalendar(); + + end.add(GregorianCalendar.DATE, validperiod); + // Date begindate = begin.getTime(); + // Date enddate = end.getTime(); + String nb = begin.get(Calendar.YEAR) + "-" + + begin.get(Calendar.MONTH) + "-" + begin.get(Calendar.DATE) + + " " + begin.get(Calendar.HOUR) + ":" + + begin.get(Calendar.MINUTE) + ":" + + begin.get(Calendar.SECOND); + + String nat = end.get(Calendar.YEAR) + "-" + end.get(Calendar.MONTH) + + "-" + end.get(Calendar.DATE) + " " + + end.get(Calendar.HOUR) + ":" + end.get(Calendar.MINUTE) + + ":" + end.get(Calendar.SECOND); + + query += "¬Before=" + nb; + query += "¬After=" + nat; + + query += "&authInfoAccessCritical=false"; + query += "&authInfoAccessGeneralNames="; + query += "&exKeyUsageOIDs=" + "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"; + + } + + if (reqtype == 4) { + query += "&op=approve"; + } + + if (reqtype == 5) { + query += "&op=reject"; + } + + if (reqtype == 6) { + query += "&op=cancel"; + } + + if (reqtype == 7) { + // cadualcert profile approval + ACTION_STRING = "/" + "ca" + "/profileProcess"; + + GregorianCalendar begin = new GregorianCalendar(); + GregorianCalendar end = new GregorianCalendar(); + + end.add(GregorianCalendar.DATE, validperiod); + + String nb = begin.get(Calendar.YEAR) + "-" + + begin.get(Calendar.MONTH) + "-" + begin.get(Calendar.DATE) + + " " + begin.get(Calendar.HOUR) + ":" + + begin.get(Calendar.MINUTE) + ":" + + begin.get(Calendar.SECOND); + + String nat = end.get(Calendar.YEAR) + "-" + end.get(Calendar.MONTH) + + "-" + end.get(Calendar.DATE) + " " + + end.get(Calendar.HOUR) + ":" + end.get(Calendar.MINUTE) + + ":" + end.get(Calendar.SECOND); + + query = "requestId=" + approveseqnum + "&name=" + + URLEncoder.encode(cadualcert_name, "UTF-8") + "¬Before=" + nb + + "¬After=" + nat + "&authInfoAccessCritical=false" + + "&authInfoAccessGeneralNames=" + "&keyUsageCritical=true" + + "&keyUsageDigitalSignature=false" + + "&keyUsageNonRepudiation=false" + + "&keyUsageKeyEncipherment=true" + + "&keyUsageDataEncipherment=false" + + "&keyUsageKeyAgreement=false" + + "&keyUsageKeyCertSign=false" + "&keyUsageCrlSign=false" + + "&keyUsageEncipherOnly=false" + + "&keyUsageDecipherOnly=false" + /* -- For Older CMS 6.x servers use these + "&nsCertCritical=false" + + "&nsCertSSLClient=true" + + "&nsCertSSLServer=false" + + "&nsCertEmail=true" + + "&nsCertObjectSigning=false" + + "&nsCertSSLCA=false" + + "&nsCertEmailCA=false" + + "&nsCertObjectSigningCA=false" + + "&subjAltNameExtCritical=false" + + "&subjAltNames=RFC822Name: null" + + "&signingAlg=MD5withRSA" + + */// For newer CS 7.x servers use these + "&exKeyUsageCritical=false" + + "&exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4" + + "&subjAltNameExtCritical=false" + + "&subjAltNames=RFC822Name: null" + + "&signingAlg=SHA1withRSA" + "&requestNotes=" + + "&op=approve" + "&submit=submit"; + + } + + } + + private void readProperties() { + + // Read the properties file and assign values to variables . + try { + getProperties(propfileName); + } catch (Exception e) { + System.out.println( + "exception reading Properties File " + e.getMessage()); + } + + // Read the properties file + host = props.getProperty("enroll.host"); + ports = props.getProperty("enroll.port"); + adminid = props.getProperty("enroll.adminid"); + adminpwd = props.getProperty("enroll.adminpwd"); + certnickname = props.getProperty("enroll.nickname"); + cdir = props.getProperty("enroll.certdir"); + tokenpwd = props.getProperty("enroll.certtokenpwd"); + approveseqnum = props.getProperty("enroll.seqnum"); + if (approveseqnum == null) { + System.out.println("Seq num is null"); + } + + approveseqnumFrom = props.getProperty("enroll.seqnumFrom"); + if (approveseqnumFrom == null) { + approveseqnumFrom = "1"; + } + + approveseqnumTo = props.getProperty("enroll.seqnumTo"); + if (approveseqnumTo == null) { + approveseqnumTo = "100"; + } + validityperiod = props.getProperty("enroll.validperiod"); + type = props.getProperty("enroll.type"); + reqType = props.getProperty("enroll.reqtype"); + reqState = props.getProperty("enroll.reqstate"); + agenttype = props.getProperty("enroll.agenttype"); + if (agenttype == null) { + agenttype = "ca"; + } + + trustedManager = props.getProperty("enroll.trust"); + if (trustedManager.equals("true")) { + trustedManager = "true"; + } else { + trustedManager = "false"; + } + + String de = props.getProperty("enroll.debug"); + + if (de == null) { + debug = false; + } else if (de.equals("true")) { + debug = true; + } else { + debug = false; + } + + } + + private boolean listRequest(String from, String To) throws UnsupportedEncodingException { + + Integer x = new Integer(from); + + seqNumFrom = x.intValue(); + + Integer y = new Integer(To); + + if ((y.intValue() - seqNumFrom) > 50) { + maxCount = 50; + } else { + maxCount = y.intValue() - x.intValue(); + } + if (maxCount == 0) { + maxCount = 1; + } + + reqtype = 1; + buildquery(); + return (Send()); + } + + private boolean approveRequest() throws UnsupportedEncodingException { + + boolean st = true; + + listRequest(approveseqnumFrom, approveseqnumTo); + + if (seqNum.isEmpty()) { + System.out.println("No Requests for approval"); + return false; + } + + if (approveseqnum.length() > 0) { + if (seqNum.contains(approveseqnum)) { + seqNum.removeAllElements(); + seqNum.addElement(approveseqnum); + } else { + System.out.println( + " Seq num " + approveseqnum + " already approved "); + return false; + } + } else { + System.out.println( + " Seq num not specified . Approving all pending request From : " + + approveseqnumFrom + " To : " + approveseqnumTo); + } + + boolean flag = true; + + Integer y = new Integer(approveseqnumTo); + int torequest = y.intValue(); + + while (flag) { + + i = 0; + while (i < seqNum.size()) { + + approveseqnum = (seqNum.elementAt(i)).toString(); + // Get request details + reqtype = 2; + buildquery(); + if (!Send()) { + System.out.println("Error : Getting Request details "); + i++; + continue; + } + + if (debug) { + System.out.println( + csrRequestorName + " " + csrRequestorPhone + " " + + csrRequestorEmail + " " + requestID + " " + + subject); + } + // Now for pending status - approve the request + reqtype = 3; + buildquery(); + if (!Send()) { + System.out.println( + "Error: Approving request " + approveseqnum); + i++; + continue; + } + System.out.println("Request " + approveseqnum + " is approved "); + totalNumApproved++; + i++; + } + Integer x = new Integer(approveseqnum); + + if (x.intValue() >= torequest) { + flag = false; + } else { + listRequest(approveseqnum, approveseqnumTo); + } + + } + return st; + } + + /** + * Use this method when you need to use properties file. + * @throws UnsupportedEncodingException + */ + + public int processRequest() throws UnsupportedEncodingException { + if (propfileName != null) { + readProperties(); + } + + if (approveseqnum.length() > 0) { + approveseqnumFrom = approveseqnum; + approveseqnumTo = approveseqnum; + } + + type = type.toLowerCase(); + if (type.equals("approve")) { + if (approveRequest()) { + System.out.println("Approve Request :" + totalNumApproved); + return totalNumApproved; + } else { + return -1; + } + + } + + if (type.equals("list")) { + + if (listRequest(approveseqnumFrom, approveseqnumTo)) { + System.out.println("List Request : " + seqNum.size()); + if (seqNum.size() > 0) { + return seqNum.size(); + } else { + return 0; + } + } else { + return -1; + } + + } + + return -1; + } + + public static void main(String args[]) { + // Exit Status - (0) for error + // - any number > 0 Pass + int st = 0; + + if (args.length < 1) { + System.out.println("Usage : propertiesfile"); + System.exit(0); + } + + Request t = new Request(args[0]); + + try { + st = t.processRequest(); + } catch (UnsupportedEncodingException e) { + System.out.println(e); + e.printStackTrace(); + } + if (st == -1) { + System.exit(0); + } else { + System.exit(st); + } + + }// end of function main + +} // end of class + diff --git a/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java b/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java new file mode 100644 index 000000000..f63456b4d --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java @@ -0,0 +1,355 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.BufferedReader; +import java.io.FileInputStream; +import java.io.FileReader; +import java.net.InetAddress; +import java.util.StringTokenizer; + +/** + * CMS Test framework . + * This class fetches all the necssary ServerInformation to run the test . For example AdminServer information linke + * port , hsotname, Config LDAP server port, CMS servers Agentport,AdminPort, EESSL port, EE port etc.. + */ + +public class ServerInfo { + + public String serverRoot, instanceRoot, instanceID; + public String ldapPort, ldapHost, ldapSSLPort, ldapBaseSuffix, adminPort, admDN, admDNPW, singleSignOnPWD, domain; + public String caSigningCertNickName, raSigningCertNickName, ocspSigningCertNickName, kraTransportCertNickName; + public String ServerCertNickName, CertAuthority; + public String CMSAgentPort, CMSEESSLPort, CMSEEPort, CMSAdminPort, IDBPort; + + public static CMSProperties props = null; + public static CMSProperties CMSprops = null; + + // Private variables + private int i; + public String CMSConfigFile, AdminConfigFile; + + public ServerInfo() { + } + + /** + * Constructor. Takes Server root as parameter for example ( /export/qa). Reads and collects information about + * adminserver and Config LDAP server. + */ + public ServerInfo(String sroot) { + serverRoot = sroot; + AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf"; + readAdminConfig(); + SystemInfo(); + } + + /** + * Constructor. Takes Serverroot ( /export/qa) and instanceRoot (/export/qa/cert-jupiter2) as parameters . Reads and + * collects information about Admin Server , Config LDAP server and CMS server . + */ + + public ServerInfo(String sroot, String instRoot) { + serverRoot = sroot; + instanceRoot = instRoot; + CMSConfigFile = instanceRoot + "/config/CS.cfg"; + AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf"; + instanceID = instanceRoot.substring(instanceRoot.indexOf("cert-") + 5); + readAdminConfig(); + SystemInfo(); + parseServerXML(); + readCMSConfig(); + } + + public String GetAdminPort() { + return adminPort; + } + + public String GetConfigLDAPPort() { + return ldapPort; + } + + public String GetHostName() { + if (domain.indexOf(".") > 0) { + return domain.substring(0, domain.indexOf(".")); + } else { + return domain; + } + } + + public String GetInstanceID() { + return instanceID; + } + + public String GetCMSConfigFileName() { + return CMSConfigFile; + } + + public String GetDomainName() { + return ldapHost.substring(ldapHost.indexOf(".") + 1); + } + + public String GetAgentPort() { + return CMSAgentPort; + } + + public String GetEESSLPort() { + return CMSEESSLPort; + } + + public String GetEEPort() { + return CMSEEPort; + } + + public String GetCMSAdminPort() { + return CMSAdminPort; + } + + public String GetInternalDBPort() { + return IDBPort; + } + + public String GetCertAuthority() { + return CertAuthority; + } + + public String GetCASigningCert() { + return caSigningCertNickName; + } + + public String GetRASigningCert() { + return raSigningCertNickName; + } + + public String GetServerCertNickName() { + return ServerCertNickName; + } + + public void setInstanceRoot(String instRoot) { + instanceRoot = instRoot; + CMSConfigFile = instanceRoot + "/config/CS.cfg"; + AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf"; + instanceID = instanceRoot.substring(instanceRoot.indexOf("cert-") + 5); + SystemInfo(); + parseServerXML(); + readCMSConfig(); + } + + // Private functions + private void SystemInfo() { + try { + domain = InetAddress.getLocalHost().getHostName(); + System.out.println("Debu:SystemInfo " + domain); + } catch (Exception e) { + System.out.println("Exception InetAddress : " + e.getMessage()); + } + + } + + private void parseServerXML() { + int AGENT = 1; + int ADMIN = 2; + int EE_SSL = 3; + int EE_NON_SSL = 4; + int IP = 5; + int PORT = 6; + BufferedReader in = null; + + try { + String xmlFilePath = instanceRoot + "/config/server.xml"; + + in = new BufferedReader(new FileReader(xmlFilePath)); + String s = in.readLine(); + + while (s != null) { + // <LS id="agent" ip="0.0.0.0" port="8101" security="on" + // acceptorthreads="1" blocking="no"> + if (s.startsWith("<LS id=")) { + StringTokenizer st = new StringTokenizer(s, "\""); + int index1 = 5, index2 = 3; + + while (st.hasMoreTokens()) { + String token = st.nextToken(); + + if (token.equalsIgnoreCase("agent")) { + index1 = AGENT; + } else if (token.equalsIgnoreCase("admin")) { + index1 = ADMIN; + } else if (token.equalsIgnoreCase("eeSSL")) { + index1 = EE_SSL; + } else if (token.equalsIgnoreCase("ee_nonSSL")) { + index1 = EE_NON_SSL; + } else if (token.equals(" ip=")) { + index2 = IP; + } else if (token.equals(" port=")) { + index2 = PORT; + } + + if (index1 != 5 && index2 == IP && !token.equals(" ip=")) { + // token contains the ip value + } else if (index2 == PORT && !token.equals(" port=")) { + + switch (index1) { + case 1: + CMSAgentPort = token; + break; + + case 2: + CMSAdminPort = token; + break; + + case 3: + CMSEESSLPort = token; + break; + + case 4: + CMSEEPort = token; + break; + + default: + break; + + } + + break; + } + } // while token + } // if LS + s = in.readLine(); + } // while file no end + in.close(); + } catch (Exception e) { + if (in != null) { + try { + in.close(); + } catch (Exception ex) { + } + } + } + } + + private String stripSpace(String s) { + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == ' ')) { + i++; + continue; + } else { + val += s.charAt(i); + } + } + return val; + } + + private void readAdminConfig() { + String ldapHostStr = "ldapHost:"; + String ldapPortStr = "ldapPort:"; + String adminPortStr = "port:"; + + try { + FileInputStream fis = new FileInputStream(AdminConfigFile); + int size = fis.available(); + byte b[] = new byte[size]; + + if (fis.read(b) != b.length) { + System.out.println("Could not read "); + + } else { + String tmpstr = new String(b, 0, b.length); + int ret; + + if ((ret = tmpstr.indexOf(ldapHostStr)) > -1) { + ldapHost = tmpstr.substring(ret + ldapHostStr.length() + 1, + tmpstr.indexOf("ldapPort", ret) - 1); + ldapHost = stripSpace(ldapHost); + // System.out.println(ldapPort); + } + + if ((ret = tmpstr.indexOf(ldapPortStr)) > -1) { + ldapPort = tmpstr.substring(ret + ldapPortStr.length() + 1, + tmpstr.indexOf("sie", ret) - 1); + ldapPort = stripSpace(ldapPort); + // System.out.println(ldapPort); + } + if ((ret = tmpstr.indexOf(adminPortStr)) > -1) { + adminPort = tmpstr.substring(ret + adminPortStr.length() + 1, + tmpstr.indexOf("ldapStart", ret) - 1); + adminPort = stripSpace(adminPort); + // System.out.println(adminPort); + } + + } + + fis.close(); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + private void readCMSConfig() { + + try { + FileInputStream fis = new FileInputStream(CMSConfigFile); + + CMSprops = new CMSProperties(); + CMSprops.load(fis); + System.out.println("Reading CMS Config file successful"); + CertAuthority = CMSprops.getProperty("subsystem.0.id"); + if (CertAuthority.equals("ca")) { + caSigningCertNickName = CMSprops.getProperty( + "ca.signing.cacertnickname"); + ServerCertNickName = "Server-Cert cert-" + instanceID; + } + if (CertAuthority.equals("ra")) { + raSigningCertNickName = CMSprops.getProperty( + "ra.signing.cacertnickname"); + ServerCertNickName = "Server-Cert cert-" + instanceID; + } + IDBPort = CMSprops.getProperty("internaldb.ldapconn.port"); + + fis.close(); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + public static void main(String args[]) { + ServerInfo s = new ServerInfo("Test", "Test"); + + System.out.println(" Admin Port : " + s.GetAdminPort()); + System.out.println(" LDAP Port : " + s.GetConfigLDAPPort()); + System.out.println("Hostname " + s.GetHostName()); + System.out.println("InstanceID" + s.GetInstanceID()); + System.out.println(" doamin name : " + s.GetDomainName()); + System.out.println("AgentPort " + s.GetAgentPort()); + System.out.println("EESSLPort " + s.GetEESSLPort()); + System.out.println("EEPort " + s.GetEEPort()); + System.out.println("CMSAdminPort :" + s.GetCMSAdminPort()); + System.out.println("CAAuthority : " + s.GetCertAuthority()); + System.out.println("CASigningCert:" + s.GetCASigningCert()); + System.out.println("RASigningCert:" + s.GetRASigningCert()); + System.out.println("ServerCert" + s.GetServerCertNickName()); + + }// end of function main + +} // end of class + diff --git a/base/silent/src/com/netscape/pkisilent/common/TestClient.java b/base/silent/src/com/netscape/pkisilent/common/TestClient.java new file mode 100644 index 000000000..0e4ed9cdd --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/TestClient.java @@ -0,0 +1,941 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.BufferedReader; +import java.io.FileInputStream; +import java.io.InputStreamReader; +import java.net.ServerSocket; +import java.util.Properties; + +import org.mozilla.jss.crypto.X509Certificate; +import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; + +/** + * CMS Test framework . + * Before createing an instance of this class make sure you havae set an environment variable TEST_CONFIG_FILE. + */ + +public class TestClient implements SSLCertificateApprovalCallback { + + public int port; + + // properties file parameters + public static String host, ports, adminid, adminpwd, propfileName, cdir; + public static String certnickname, keysize, keytype, tokenpwd; + public static String serverRoot, instanceRoot, ldaprootDN, ldaprootDNPW, caInstanceRoot, dataDirectory; + + // Program variables + public String STATUS; + public Properties props = null; + public String ACTION_STRING; + public String query; + public boolean debug = false; + // Certificate nicknames to be used by Test Clients + private int i; + private String testConfigFile; + + public String caAgentCertName = "ca-agent"; + public String raAgentCertName = "ra-agent"; + public String ocspAgentCertName = "ocsp-agent"; + public String kraAgentCertName = "kra-agent"; + public String tksAgentCertName = "tks-agent"; + public String singleSignOnPWD = "secret12"; + public String adminCertName = "cn=admin"; + private String ldapBaseSuffix = "dc=netscape,dc=com"; + private String admDN = "admin"; + private String admDNPW = "admin"; + private String TmpDir; + private String TestLogFile; + private String startupTests, cleanupTests; + + private X509Certificate SSLServerCert = null; + + // Cert Sub vart + public String UID, OU, O, DN, E, CN, C, GN, SN, L, MAIL; + // Enroll + protected String PWD; + // CRypto + public ComCrypto cCrypt = new ComCrypto(); + public String pkcs10request = null; + + // Error + + public String ErrorDetail; + + private String serverKeyType, serverKeySize, serverKeyAlgo; + + private String unauth[] = { + "Unauthorized Access", "Server Error", + "Not Found", "Generic Unauthorized" }; + + public boolean approve(X509Certificate x509, SSLCertificateApprovalCallback.ValidityStatus status) { + SSLServerCert = x509; + return true; + } + + // Constructor + + public TestClient() { + keysize = "1024"; + keytype = "RSA"; + } + + /** + * Constructor . Takes the parameter for keysize and keytype . + * Before creating a new instance of this class make sure you have set TEST_CONFIG_FILE variable in your + * environnemt. + * Reads the TEST_CONFIG_FILE . Initializes the certificate database. See engage.cfg file for example. + * + * @param keysize + * @param keytype + */ + + public TestClient(String ks, String kt) { + + testConfigFile = ReadEnv("TEST_CONFIG_FILE"); + + System.out.println(testConfigFile); + readConfigFile(); + keysize = ks; + keytype = kt; + cCrypt.setCertDir(cdir); + cCrypt.setCertnickname(adminCertName); + cCrypt.setKeySize(keysize); + cCrypt.setKeyType(keytype); + cCrypt.setTokenPWD(tokenpwd); + cCrypt.setDebug(true); + cCrypt.CreateCertDB(); + + } + + /** + * Gets the SSLServer Certificate of the server + */ + + public X509Certificate getSSLServerCert() { + return SSLServerCert; + } + + /** + * finds the cert with nickname cname in the clients cert database + */ + + public X509Certificate findCertByNickname(String cname) { + + return cCrypt.findCert(cname); + + } + + /** + * Imports certificate to cert database.Takes parameters Certpackage and certnickname + */ + boolean importCert(String cp, String nickname) { + + return cCrypt.importCert(cp, nickname); + + } + + /** + * This function returns true if you choose to executeStartupTests + */ + + public boolean executeStartupTests() { + + if (startupTests == null) { + return false; + } else if (startupTests.equals("y")) { + return true; + } else { + return false; + } + + } + + /** + * This function returns true if you choose to executeCleanupTests + */ + + public boolean executeCleanupTests() { + + if (cleanupTests == null) { + return false; + } else if (cleanupTests.equals("y")) { + return true; + } else { + return false; + } + + } + + public String GetServerRoot() { + return serverRoot; + } + + public String GetInstanceRoot() { + return instanceRoot; + } + + public String getErrorDetail() { + return ErrorDetail; + } + + public String GetAdminDN() { + return admDN; + } + + public String GetAdminDNPWD() { + return admDNPW; + } + + public String GetLDAPDN() { + return ldaprootDN; + } + + public String GetLDAPDNPW() { + return ldaprootDNPW; + } + + public String GetLDAPBASE() { + return ldapBaseSuffix; + } + + public String GetAdminCertName() { + return adminCertName; + } + + public String GetRAAgentCertName() { + return raAgentCertName; + } + + public String GetKRAAgentCertName() { + return kraAgentCertName; + } + + public String GetOCSPAgentCertName() { + return ocspAgentCertName; + } + + public String GetTKSAgentCertName() { + return tksAgentCertName; + } + + public String GetDataDirectory() { + return dataDirectory; + } + + public String GetClientCertDB() { + return cdir; + } + + public String GetClientCertDBPW() { + return tokenpwd; + } + + public String GetSingleSignOnPW() { + return singleSignOnPWD; + } + + public String GetCARoot() { + return caInstanceRoot; + } + + public String GetTmpDir() { + return TmpDir; + } + + public String GetServerKeySize() { + return serverKeySize; + } + + public String GetServerKeyType() { + return serverKeyType; + } + + public String GetServerKeyAlgorithm() { + return serverKeyAlgo; + } + + public void setStatusString(String ststr) { + STATUS = ststr; + } + + public void setDebug(boolean t) { + debug = t; + } + + public void setpkcs10Request(String t) { + pkcs10request = t; + } + + public void setHostName(String s) { + host = s; + } + + public void setCARoot(String s) { + caInstanceRoot = s; + } + + public void setTestLogFile(String s) { + TestLogFile = s; + } + + /** + * parses a http page and returns true if any error is returned by server + **/ + + public boolean getError(String line) { + + int ret; + + ret = line.indexOf("fixed.errorDetails"); + + if (line.indexOf("fixed.errorDetails") == 0) { + ErrorDetail = line.substring( + ret + ("fixed.errorDetails = ").length()); + return true; + } + + if (line.indexOf("fixed.errorDetails") >= 0) { + ErrorDetail = line.substring( + ret + ("fixed.errorDetails = ").length()); + return true; + } + + ret = line.indexOf("fixed.unexpectedError"); + + if (line.indexOf("fixed.unexpectedError") == 0) { + System.out.println("Processing unexpectedError"); + ErrorDetail = line.substring( + ret + ("fixed.unexpectedError = ").length()); + return true; + } + + if (line.indexOf(unauth[0]) > 0) { + ErrorDetail = unauth[0]; + return true; + } + if (line.indexOf(unauth[1]) > -1) { + ErrorDetail = unauth[1]; + return true; + } + if (line.indexOf(unauth[2]) > -1) { + ErrorDetail = unauth[2]; + return true; + } + if (line.indexOf(unauth[3]) > -1) { + ErrorDetail = unauth[3]; + return true; + } + + if (line.indexOf("errorReason") >= 0) { + ErrorDetail = line.substring(ret + ("errorReason=").length()); + return true; + } + + return false; + } + + /** + * Reads a properties file . Takes filename as input parameter. + */ + + public void getProperties(String fileName) throws Exception { + try { + FileInputStream fis = new FileInputStream(fileName); + + props = new Properties(); + props.load(fis); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + public String ReadEnv(String str) { + try { + Process p = null; + Runtime r = Runtime.getRuntime(); + String OS = System.getProperty("os.name").toLowerCase(); + + if (OS.indexOf("windows") > 1) { + p = r.exec("cmd.exe /c set"); + } else { + p = r.exec("env"); + } + + BufferedReader br = new BufferedReader( + new InputStreamReader(p.getInputStream())); + String line; + + while ((line = br.readLine()) != null) { + int idx = line.indexOf('='); + String key = line.substring(0, idx); + String value = line.substring(idx + 1); + + // System.out.println(key + "=" + value); + if (key.startsWith(str)) { + return value; + } + } + return null; + } catch (Throwable e) { + e.printStackTrace(); + } + return null; + } + + private void readConfigFile() { + try { + getProperties(testConfigFile); + } catch (Exception e) { + System.out.println( + "exception reading TestConfigFile " + e.getMessage()); + } + + serverRoot = props.getProperty("SROOT"); + instanceRoot = props.getProperty("IROOT"); + dataDirectory = props.getProperty("DATA_DIR"); + ldapBaseSuffix = props.getProperty("LDAPBASESUFFIX"); + + if (ldapBaseSuffix.indexOf("\"") > -1) { + ldapBaseSuffix = ldapBaseSuffix.substring(1, + ldapBaseSuffix.length() - 1); + } + + ldaprootDN = props.getProperty("LDAPROOTDN"); + // Strip of th e quotes "cn=directory manager" string + if (ldaprootDN.indexOf("\"") > -1) { + ldaprootDN = ldaprootDN.substring(1, ldaprootDN.length() - 1); + } + System.out.println("ldaprootDN : " + ldaprootDN); + + ldaprootDNPW = props.getProperty("LDAPROOTDNPW"); + cdir = props.getProperty("CERTDB"); + tokenpwd = props.getProperty("CERTDBPW"); + caInstanceRoot = props.getProperty("CAIROOT"); + admDN = props.getProperty("ADMINDN"); + admDNPW = props.getProperty("ADMINDNPW"); + singleSignOnPWD = props.getProperty("SINGLESIGNONPW"); + serverKeySize = props.getProperty("KEYSIZE"); + serverKeyType = props.getProperty("KEYTYPE"); + serverKeyAlgo = props.getProperty("KEYALGORITHM"); + + TmpDir = props.getProperty("TMP_DIR"); + TestLogFile = props.getProperty("TEST_LOG_FILE"); + + String de = props.getProperty("DEBUG"); + + if (de == null) { + debug = false; + } else if (de.equals("true")) { + debug = true; + } else { + debug = false; + } + + } + + /** + * returns a String representation of an interger + */ + public String getString(int m) { + Integer x = new Integer(m); + String s = x.toString(); + + return s; + } + + /** + * returns FreePort in this machine . Takes a parmater portnumber. For example getFreePort("4026"). + */ + public String getFreePort(String s) { + Integer x = new Integer(s); + int p = x.intValue(); + + // if p = 0, then the serversocket constructor get a free port by itself + p = 0; + try { + ServerSocket ss1 = new ServerSocket(p); + + p = ss1.getLocalPort(); + System.out.println("Obtained Free Port = " + p); + ss1.close(); + return (getString(p)); + } catch (Exception e) { + System.out.println("Unable to get Free Port"); + e.printStackTrace(); + p = 0; + return (getString(p)); + } + + // This following method doesn't Always get a free port. + // while (st) { + // if(isSocketUnused(host,p) ) + // st=false; + // p++; + // } + // return (getString(p)); + + } + + /** + * Reads a file and returns the cert request as string + **/ + + public String readRequest(String filename) { + try { + FileInputStream f1 = new FileInputStream(filename); + int size = f1.available(); + byte b[] = new byte[size]; + + if (f1.read(b) != b.length) { + return null; + } + + f1.close(); + String s = new String(b); + + return s; + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + return null; + } + } + + public static void main(String args[]) { + TestClient t = new TestClient("1024", "RSA"); + + /* + ******************************************************************* + * Sample programs to initialze calsses + ******************************************************************* + */ + + /* + ******************************************************************** + * To Test AutoInstaller + ******************************************************************* + */ + + /* + AutoInstaller a = new AutoInstaller(t.GetServerRoot()); + + ServerInfo s = new ServerInfo(t.GetServerRoot()); + System.out.println (" Admin Port : " + s.GetAdminPort()); + System.out.println (" LDAP Port : "+ s.GetConfigLDAPPort()); + System.out.println( "Hostname " + s.GetHostName()); + System.out.println(" doamin name : " + s.GetDomainName()); + + t.setHostName(s.GetHostName()); + // Set adminServer Info + a.setAdminInfo(s.GetHostName(),s.GetAdminPort(),s.GetDomainName(),"admin","admin"); + a.setAdminInfo(s.GetHostName(),s.GetAdminPort(),"mcom.com","admin","admin"); + + // setCAInfo + a.setCAInfo(s.GetHostName(),"1027","8100","admin","secret12"); + //setInternalDB info + String dp = t.getFreePort("38900"); + a.setInternalDBInfo(s.GetHostName(),"38907","ca-db","cn=directory manager","secret12" ); + + // set tokenInfo + + a.setTokenInfo("Internal","secret12"); + + // set Subsystem info + String agp = t.getFreePort("8100"); + String adp = t.getFreePort("8200"); + String eesp = t.getFreePort("1027"); + String eep = t.getFreePort("1100"); + + System.out.println(agp); + + a.setSubSystemInfo("testra",t.GetServerRoot(),"RSA","1024","MD5","365","cn=certificate manager,ou=test,o=test",adp,agp,eesp,eep); + + a.setClientDBInfo(t.GetClientCertDB(),"secret12",t.GetAdminCertName()); + + a.ConfigureCA("admin","admin","secret12","secret12"); + + // a.ConfigureRA("admin","admin","secret12","secret12"); + + */ + + /* + ****************************************************** + * Example to Get Server Details + ****************************************************** + */ + + ServerInfo s = new ServerInfo(t.GetServerRoot(), t.GetInstanceRoot()); + + t.setHostName(s.GetHostName()); + + System.out.println("AgentPort " + s.GetAgentPort()); + System.out.println("EESSLPort " + s.GetEESSLPort()); + System.out.println("EEPort " + s.GetEEPort()); + System.out.println("CMSAdminPort :" + s.GetCMSAdminPort()); + System.out.println("IDBPort : " + s.GetInternalDBPort()); + System.out.println("CAAuthority : " + s.GetCertAuthority()); + System.out.println("CASigningCert:" + s.GetCASigningCert()); + System.out.println("RASigningCert:" + s.GetRASigningCert()); + System.out.println("ServerCert" + s.GetServerCertNickName()); + System.out.println("------------------------------------------"); + System.out.println(" Internal Database Test:"); + System.out.println(" LDAP Port : " + s.GetConfigLDAPPort()); + System.out.println("Hostname " + s.GetHostName()); + + DirEnroll de = new DirEnroll(s.GetHostName(), s.GetEESSLPort()); + + de.setAuthenticator("Portal"); + de.setUIDInfo("caeetest110", "secret12"); + de.enroll(); + + /* **************************************************************** + * CMC Enroll + *************************************************************** + */ + + /* CMSUtils cmsutils = new CMSUtils(t.GetServerRoot()); + String requestfile="/u/lgopal/work/tetCMS/ns/tetframework/testcases/CMS/6.0/acceptance/data/basic/cmcreq/cmctest1.req"; + cmsutils.runCMCEnroll(t.GetClientCertDB(),"cn=admin",t.GetClientCertDBPW(),requestfile); + Profiles pr = new Profiles(s.GetHostName(),s.GetEESSLPort()); + pr.setProfileType("caCMCUserCert"); + pr.setCertAuthority("ca"); + + String request = t.readRequest(requestfile+".out"); + String bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----"; + String estr="-----END NEW CERTIFICATE REQUEST-----"; + String Blob1 = request.substring(bstr.length() + 1); + String Blob2 = Blob1.substring(0,Blob1.indexOf(estr)); + request=Blob2; + + + pr.setRequest(request); + + pr.setUserInfo("UID=test1,Ou=netscape,o=aol","test","test","test","netscape","aol"); + pr.clientCertEnroll(); + */ + + /* **************************************************************** + * OCSP Client stuff + ************************************************************ + */ + + /* + String ip= "10.169.25.26"; + OCSPClient ocspclient= new OCSPClient(s.GetHostName(),ip,s.GetEEPort(),t.GetClientCertDB(),t.GetClientCertDBPW(),"cn=admin" ,"/tmp/ocsp.out","4"); + ocspclient.setCert(t.findCertByNickname("ocsp-agent")); + + ocspclient.SendOCSPRequest(); + */ + + /* + ***************************************************** + * Test CRMFcleint and KRA REcovery and Archival + ***************************************************** + */ + + /* + ********************************************************* + * OCSP Agent stuff + ********************************************************* + */ + + /* Retrieval rtr = new Retrieval(s.GetHostName(),s.GetEESSLPort()); + rtr.getCACert(); + System.out.println("CA Cert chain" + rtr.getCert()); + + OcspAgent ocspAgent= new OcspAgent(s.GetHostName(),"8111"); + ocspAgent.setAgentCertName(t.GetOCSPAgentCertName()); + + String cert = "-----BEGIN CERTIFICATE-----"+"\n"+rtr.getCert()+"\n"+"-----END CERTIFICATE-----\n"; + + ocspAgent.setCACert(cert); + ocspAgent.addCA(); + */ + + /* + *************************************************************** + Submit Profile based request + ********************************************************* + */ + + /* + Profiles pr = new Profiles(s.GetHostName(),s.GetEESSLPort()); + pr.setProfileType("caUserCert"); + // pr.setProfileType("caDirUserCert"); + + pr.setCertAuthority("ca"); + pr.setUserInfo("UID=test1,Ou=netscape,o=aol","test","test","test","netscape","aol"); + //pr.setDirUserInfo("test","netscape"); + pr.clientCertEnroll(); + System.out.println("Request ID is " + pr.getRequestID()); + + + Request re = new Request (s.GetHostName(),s.GetAgentPort(),"ca"); + re.setAgentCertName(t.GetAdminCertName()); + re.ApproveProfileRequests(pr.getRequestID()); + */ + + /* + String TransportCert="MIICJTCCAY6gAwIBAgIBBTANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVzdDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MjMyMTM3NTFaFw0wNDA0MjIwOTMzMzFaMDkxETAPBgNVBAoTCHRlc3QxMDI0MRcwFQYDVQQLEw5hY2NlcHRhbmNldGVzdDELMAkGA1UEAxMCcmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANVW81T7GatHIB25kF0jdY4h4hOF1NAlAHE2YdN/UEyXuU22CfwrIltA3x/6sKFHhbbFysn6nGJlgKipPJqJDwyYTIv07hgoXqgcUu8fSYQg4BDHYhpHJxsUt3BSfADTjxAUHize7C2F8TVhBIcWW043FSkwvAiUjJb7uqQRKn7lAgMBAAGjMzAxMA4GA1UdDwEB/wQEAwIFIDAfBgNVHSMEGDAWgBTqvc3UPGDSWq+21DZGSUABNGIUbDANBgkqhkiG9w0BAQQFAAOBgQCNLJivNDHTTmCb2vDefUwLMxXNjuHwrbjVqymHPFqUjredTq2Yp+Ed1zxj+mxRovzegd65Tbnx+MV84j8K3Qc1kWOC+kbohAY9svSPsN3o5Q5BB19+5nUPC5Gk/mxkWJWWJLOnpKJGiAHMZIr58TH7hF8KQWXWMN9ikSFkPj0a/g=="; + + + CRMFClient CrmfClient = new CRMFClient(s.GetHostName(),s.GetEEPort()); + CrmfClient.setDBInfo(t.GetClientCertDB(),t.GetClientCertDBPW()); + CrmfClient.setTransportCert(TransportCert); + CrmfClient.setUserInfo("user","netscape"); + CrmfClient.setLDAPInfo(t.GetLDAPDN(),t.GetLDAPDNPW()); + CrmfClient.setDualKey(true); + + if(!CrmfClient.Enroll()) + {System.out.println("CRMFClient : could not submit request");} + + + checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),t.getString(CrmfClient.getRequestId()),"false"); + cr.checkRequestStatus(); + System.out.println("Serial num " + cr.getSerialNumber()); + System.out.println("cert pack " + cr.getCert()); + + KraAgent kraAgent = new KraAgent(s.GetHostName(),"8111"); + kraAgent.setAgentCertName("cn=admin"); + System.out.println("KRAAgent List archival"); + + Vector aReq= kraAgent.ListArchivalRequests(); + int i=0; + while(i < aReq.size() ) + { + System.out.print(aReq.elementAt(i) + " "); + i++; + } + + kraAgent.setCertificate(cr.getCert()); + kraAgent.setLocalAgent(false); + kraAgent.recoverKeys(); + */ + + /* + ************************************************************* + * Example to Connect oto Config Directory port + ************************************************************* + */ + + /* + CMSLDAP cmsldap = new CMSLDAP(s.GetHostName(),s.GetConfigLDAPPort(),t.GetLDAPDN(),t.GetLDAPDNPW()); + if(cmsldap.connect()) + System.out.println("LDAP Connection successful"); + else + System.out.println("Error Connecting to LDAPSERVER"); + + // Add user to config directoory + if (cmsldap.userAdd("ou=people,"+t.GetLDAPBASE(),"t2","t2","t2","netscape")) + System.out.println("Added user to Config directory"); + + */ + + /* + ************************************************************* + * Example to Submit a CRMFCleint request to CA + ************************************************************* + */ + + /* + String TransportCert = + "MIICJTCCAY6gAwIBAgIBBTANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVzdDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MTgyMjMwMDhaFw0wNDA0MTcxMDI2MDhaMDkxETAPBgNVBAoTCHRlc3QxMDI0MRcwFQYDVQQLEw5hY2NlcHRhbmNldGVzdDELMAkGA1UEAxMCcmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN6sQ3mSU8mL6i6gTZIXDLzOZPhYOkQLpnJjit5hcPZ0JMn0CQVXo4QjKN1xvuZv8qVlZoQw9czmzp/knTa0sCDgFKd0r+u0TnLeZkJMSimgFnma9CnChlaDHnBd8Beu4vyaHmo7rJ0xA4etn7HjhmKbaQZOcv/aP0SW9JXRga7ZAgMBAAGjMzAxMA4GA1UdDwEB/wQEAwIFIDAfBgNVHSMEGDAWgBSC3fsQHb7fddr2vL0UdkM2dAmUWzANBgkqhkiG9w0BAQQFAAOBgQBkAGbgd9HIqwoLKAr+V6bj9oWesDmDH80gPPxj10qyWSQYIs8PofOs/75yGS9nxhydtgSMFoBgCPdroUI31kZQQlFzxtudGoKD+5MWSXho79XzPwpjheOBYgpX6ch+L4tMLFDpqeraB1yZESO5EEeKm20DGVBOKVWxHhddO1BenA=="; + + CRMFClient CrmfClient = new CRMFClient(s.GetHostName(),s.GetEEPort()); + CrmfClient.setDBInfo(t.GetClientCertDB(),t.GetClientCertDBPW()); + CrmfClient.setTransportCert(TransportCert); + CrmfClient.setUserInfo("user","netscape"); + CrmfClient.setLDAPInfo(t.GetLDAPDN(),t.GetLDAPDNPW()); + CrmfClient.setDualKey(true); + + if(!CrmfClient.Enroll()) + {System.out.println("CRMFClient : could not submit request");} + */ + + /* KRA Agent list archived request */ + + /* ServerInfo KRAsvrInfo = new ServerInfo(t.GetServerRoot()); + String KRAinstanceRoot=t.GetServerRoot() + "/cert-" + "KRARSA1024" ; + KRAsvrInfo.setInstanceRoot(KRAinstanceRoot);*/ + + /* System.out.println("KRAAgent "); + KraAgent kraAgent = new KraAgent(s.GetHostName(),s.GetAgentPort()); + kraAgent.setAgentCertName(t.GetKRAAgentCertName()); + System.out.println("KRAAgent List archival"); + + Vector aReq= kraAgent.ListArchivalRequests(); + int i=0; + while(i < aReq.size() ) + { + System.out.print(aReq.elementAt(i) + " "); + i++; + } + + */ + + // cmsldap.disconnect(); + + /* + ************************************************************* + * Example to submit manual user enrollment request + ************************************************************* + /* + + + /* + UserEnroll ue = new UserEnroll(s.GetHostName(),"1029"); + ue.setUserInfo("E=testman,CN=testman,OU=netscape,O=aol,UID=testman1,C=US","testman", "testman", "testman1", "netscape","t"); + + boolean flag = ue.clientCertEnroll(); + if(flag) + System.out.println("Success submitted request"); + */ + + /* + ************************************************************* + * Example to submit Directory based enroolemt request + ************************************************************* + /* + + /* + // Add user to config directoory + if (cmsldap.userAdd("dc=netscape,dc=com","t2","t2","t2","netscape")) + System.out.println("Success "); + + if(cmsldap.TurnOnSSL("slapd-jupiter2","Server-Cert cert-jupiter2","7000")) + System.out.println("Turned on ssl"); + else + return; + + cmsldap.TurnOffSSL(); + + cmsldap.disconnect(); + + DirEnroll de = new DirEnroll(s.GetHostName(),s.GetEESSLPort()); + de.setUIDInfo("t2","netscape"); + de.enroll(); + + */ + + /* + ************************************************************* + * Example to submit Admin Enrollment request + ************************************************************* + /* + + /* + + AdminEnroll ade = new AdminEnroll("jupiter2","8200","cn=CMS Administrator,UID=admin,C=US","admin", "secret12"); + flag = ade.Enroll(); + if (flag) + System.out.println("adminEnrolled Successfully"); + */ + + /* + ************************************************************* + * Example gent List Pending request + ************************************************************* + /* + + /* + + // Agent List and Approve Request + Request re = new Request (s.GetHostName(),s.GetAgentPort(),s.GetCertAuthority()); + re.setAgentCertName(t.GetAdminCertName()); + re.ListPendingRequests("2","70"); + re.ApproveRequests(t.getString(ue.getRequestId())); + */ + + /* + ************************************************************* + * Example for CheckRequest Status and add the certificate to internal db + ************************************************************* + /* + + /* + // check request status and Revoke cert + checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),t.getString(ue.getRequestId()),"false"); + checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),"1","false"); + + cr.checkRequestStatus(); + System.out.println("Serial num " + cr.getSerialNumber()); + System.out.println("cert pack " + cr.getCert()); + + String st= "-----BEGIN CERTIFICATE-----"+"\n"+cr.getCert()+"\n"+"-----END CERTIFICATE-----\n"; + System.out.println("cert pack " + st); + + cmsldap.getXCertificate(st.getBytes()); + + */ + + /* + ************************************************************* + * Example agent ro revoke request + ************************************************************* + /* + + /* + Revoke rr = new Revoke (s.GetHostName(),s.GetAgentPort(),s.GetCertAuthority(),t.getString(cr.getSerialNumber())); + rr.revokeCerts(); + */ + + /* + ************************************************************* + * Example Agent update CRL + ************************************************************* + /* + + /* + // Update CRLand DISPLAY it + + System.out.println("Displayin CRL"); + CRL crl = new CRL (s.GetHostName(),s.GetAgentPort(),"/tmp/crlfile"); + crl.setAgentCertName(t.GetAdminCertName()); + crl.updateCRL(); + crl.displayCRL(); + crl.getRevokedCerts(); + */ + + // Update CRL in Directory + /* UpdateDir dcrl = new UpdateDir(s.GetHostName(),s.GetEESSLPort()); + dcrl.updateDir();*/ + + /* + ************************************************************* + * Example for stopping and starting servers + ************************************************************* + */ + + /* + DSTask idb = new DSTask(t.GetServerRoot()+"/slapd-jupiter2-db"); + if (idb.ldapStop()) System.out.println("IDB stopped"); + if(idb.ldapStart()) System.out.println("IDB Started"); + + System.out.println("------------------------------------------"); + System.out.println(" CMS Test:"); + CMSTask task = new CMSTask(t.GetInstanceRoot()); + task.CMSStop(); + task.CMSStart(); + */ + + }// end of function main + +} diff --git a/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java b/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java new file mode 100644 index 000000000..c55088bc6 --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java @@ -0,0 +1,536 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.BufferedOutputStream; +import java.io.BufferedReader; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.PrintStream; +import java.io.UnsupportedEncodingException; +import java.net.URLEncoder; +import java.util.Date; +import java.util.GregorianCalendar; + +import org.mozilla.jss.ssl.SSLSocket; + +/** + * CMS Test framework . + * Submits Legacy Manual User Enrollment request from EESSL port. Parses the response from server and return RequestID. + * <P> + */ + +public class UserEnroll extends TestClient { + + private int i; + private String requestorName, requestorEmail, requestorPhone, requestorComments, requestId, certType, ssl_client; + private int port; + private long elapsedTime; + + // Constructor + public UserEnroll() { + } + + /** + * Constructor . Takes the parameter hostname and EESSLport + * <p> + */ + + public UserEnroll(String h, String p) { + host = h; + ports = p; + } + + /** + * Constructor . Takes the parameter for Properties file name + * <p> + * + * @param propfilename name of the parameter file + */ + + public UserEnroll(String pfile) { + propfileName = pfile; + } + + /** + * Constructor . Takes the parameter for hostname, EESSLportnumber, subjectdn, E, CN,UID,OU,O, + * CertdbDirecrory(fullpath) , certdbPassword, keysize, keytype, requestorName,requestorEmail and Certtype. + * valid values for Certtype - "ca","ra","ocsp" + * <p> + * + * @param propfilename name of the parameter file + */ + + public UserEnroll(String h, String p, String dn, String e, String cn, String uid, String ou, String o, String cd, + String tpwd, String sslcl, String ksize, String keyty, String reqname, String reqemail, String ctype) { + + host = h; + ports = p; + DN = dn; + E = e; + CN = cn; + UID = uid; + OU = ou; + O = o; + C = "US"; + cdir = cd; + tokenpwd = tpwd; + ssl_client = sslcl; + keysize = ksize; + keytype = keyty; + requestorName = reqname; + requestorPhone = "650"; + requestorEmail = "lg"; + requestorComments = "load Test"; + certnickname = "cn=test"; + keytype = "RSA"; + keysize = "1024"; + certType = ctype; + if (certType.equals("caSigningCert")) { + certType = "ca"; + } + if (certType.equals("raSigningCert")) { + certType = "ra"; + } + if (certType.equals("ocspSigningCert")) { + certType = "ocsp"; + } + } + + /** + * Set Certificate Request information. Takes parameters - subjectdn,E,CN,UID,OU,O + */ + + public void setUserInfo(String dn, String e, String cn, String uid, String ou, String o) { + DN = dn; + E = e; + CN = cn; + UID = uid; + OU = ou; + O = o; + requestorName = "test"; + requestorPhone = "650"; + requestorEmail = "lg"; + requestorComments = "Test"; + certnickname = "cn=test"; + + } + + public void setUserInfo(String dn, String e, String cn, String uid, String ou, String o, String nickname) { + DN = dn; + E = e; + CN = cn; + UID = uid; + OU = ou; + O = o; + requestorName = "test"; + requestorPhone = "650"; + requestorEmail = "lg"; + requestorComments = "Test"; + certnickname = nickname; + + } + + /** + * Set Certificat Type for which you want to submit a request . Valid values - "ca"/"ra"/"ocsp" + */ + public void setCertType(String ct) { + certType = ct; + } + + public boolean enroll_load() throws UnsupportedEncodingException { + buildquery(); + setStatusString(""); + return (Send()); + } + + private boolean pkcs10() { + + System.out.println(" In pkcs10 Keysize , key type " + keysize + keytype); + // ComCrypto cCrypt = new ComCrypto(cdir,tokenpwd,certnickname,keysize,keytype); + cCrypt.setCertDir(cdir); + cCrypt.setCertnickname(adminCertName); + cCrypt.setKeySize(keysize); + cCrypt.setKeyType(keytype); + cCrypt.setTokenPWD(tokenpwd); + cCrypt.setDebug(true); + if (pkcs10request != null) { + cCrypt.setGenerateRequest(false); + cCrypt.loginDB(); + } else { + cCrypt.setGenerateRequest(true); + if (!cCrypt.generateRequest()) { + System.out.println("Request could not be generated "); + return false; + } + pkcs10request = cCrypt.getPkcs10Request(); + } + + try { + System.out.println("Debug: building query "); + buildquery(); + if (debug) { + System.out.println(query); + } + setStatusString(""); + return (Send()); + } catch (Exception e) { + System.err.println("some exception:" + e); + } + + return (false); + + } + + // Private methods + + private void setElapsedTime(long dif) { + elapsedTime = dif; + } + + private long calculateElapsedTime(GregorianCalendar b, GregorianCalendar e) { + + Date d1 = b.getTime(); + Date d2 = e.getTime(); + long l1 = d1.getTime(); + long l2 = d2.getTime(); + long difference = l2 - l1; + + return difference; + + } + + private boolean Send() { + boolean st = false; + + try { + + if (debug) { + System.out.println("Step 3 : Socket initialize"); + } + + Integer x = new Integer(ports); + + port = x.intValue(); + + GregorianCalendar begin = new GregorianCalendar(); + + // SSLSocket socket = new SSLSocket(host,port); + SSLSocket socket = new SSLSocket(host, port, null, 0, this, null); + + socket.setUseClientMode(true); + OutputStream rawos = socket.getOutputStream(); + BufferedOutputStream os = new BufferedOutputStream(rawos); + PrintStream ps = new PrintStream(os); + + ps.println("POST /enrollment HTTP/1.0"); + ps.println("Connection: Keep-Alive"); + ps.println("Content-type: application/x-www-form-urlencoded"); + ps.println("Content-length: " + query.length()); + ps.println(""); + ps.println(query); + ps.println("\r"); + ps.flush(); + os.flush(); + BufferedReader stdin = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + + if (debug) { + System.out.println("Step 4: Received the page"); + } + st = false; + String line; + + while ((line = stdin.readLine()) != null) { + if (debug) { + System.out.println(line); + } + if (line.indexOf(STATUS) != -1) { + st = true; + } + if (line.indexOf("fixed.requestId = ") != -1) { + requestId = line.substring("fixed.requestId = ".length() + 1, + line.indexOf(";") - 1); + } + + if (getError(line)) { + st = false; + } + + } + stdin.close(); + socket.close(); + os.close(); + rawos.close(); + ps.close(); + os = null; + rawos = null; + stdin = null; + ps = null; + line = null; + GregorianCalendar end = new GregorianCalendar(); + long diff = calculateElapsedTime(begin, end); + + setElapsedTime(diff); + + } catch (Exception e) { + System.err.println("some exception: in Send routine" + e); + return false; + } + + return st; + + } + + private void buildquery() throws UnsupportedEncodingException { + + StringBuffer queryStrBuf = new StringBuffer(); + + if (certType.equals("client")) { + queryStrBuf.append("certType="); + queryStrBuf.append(certType); + queryStrBuf.append("&Send=submit"); + + queryStrBuf.append("&key_encipherment=true"); + + queryStrBuf.append("&digital_signature=true"); + + queryStrBuf.append("&requestFormat=keygen"); + + queryStrBuf.append("&cryptprovider=1"); + if (ssl_client.equals("true")) { + queryStrBuf.append("&ssl_client=true"); + } else { + queryStrBuf.append("&ssl_server=true"); + } + + queryStrBuf.append("&non_repudiation=true"); + + if (requestorName.length() > 0) { + queryStrBuf.append("&csrRequestorName="); + } + queryStrBuf.append(URLEncoder.encode(requestorName, "UTF-8")); + if (requestorEmail.length() > 0) { + queryStrBuf.append("&csrRequestorEmail="); + queryStrBuf.append(URLEncoder.encode(requestorEmail, "UTF-8")); + queryStrBuf.append("&email=true"); + + } else { + queryStrBuf.append("&email=false"); + } + + if (requestorPhone.length() > 0) { + queryStrBuf.append("&csrRequestorPhone="); + queryStrBuf.append(URLEncoder.encode(requestorPhone, "UTF-8")); + } + if (requestorComments.length() > 0) { + queryStrBuf.append("&csrRequestorComments="); + queryStrBuf.append(URLEncoder.encode(requestorComments, "UTF-8")); + } + System.out.println("buidlquery client E "); + if (E.length() > 0) { + queryStrBuf.append("&E="); + queryStrBuf.append(E); + } + if (CN.length() > 0) { + queryStrBuf.append("&CN="); + queryStrBuf.append(CN); + } + + if (UID.length() > 0) { + queryStrBuf.append("&UID="); + queryStrBuf.append(UID); + } + if (OU.length() > 0) { + queryStrBuf.append("&OU="); + queryStrBuf.append(OU); + } + // if(O.length() > 0) { queryStrBuf.append("&O=");queryStrBuf.append(O);} + // if(C.length() >0) { queryStrBuf.append("&C=");queryStrBuf.append(C);} + System.out.println("buidlquery client dn "); + queryStrBuf.append("&subject="); + queryStrBuf.append(URLEncoder.encode(DN, "UTF-8")); + } + + if (certType.equals("ra")) { + queryStrBuf.append("certType=" + certType); + queryStrBuf.append("&digital_signature=true"); + queryStrBuf.append("&non_repudiation=true"); + queryStrBuf.append("&ssl_client=true"); + } + + if (certType.equals("server")) { + queryStrBuf.append("certType=" + certType); + queryStrBuf.append("&digital_signature=true"); + queryStrBuf.append("&non_repudiation=true"); + queryStrBuf.append("&ssl_server=true"); + queryStrBuf.append("&key_encipherment=true"); + queryStrBuf.append("&data_encipherment=true"); + + } + + if (certType.equals("ocsp")) { + queryStrBuf.append("certType=ocspResponder"); + queryStrBuf.append("&digital_signature=true"); + queryStrBuf.append("&non_repudiation=true"); + queryStrBuf.append("&ssl_client=true"); + } + + if (certType.equals("ca")) { + queryStrBuf.append("certType=" + certType); + queryStrBuf.append("&digital_signature=true"); + queryStrBuf.append("&non_repudiation=true"); + queryStrBuf.append("&ssl_client=true"); + queryStrBuf.append("&object_signing_ca=true"); + queryStrBuf.append("&crl_sign=true"); + queryStrBuf.append("&ssl_ca=true"); + queryStrBuf.append("&key_certsign=true"); + queryStrBuf.append("&email_ca=true"); + + } + + queryStrBuf.append("&pkcs10Request="); + queryStrBuf.append(URLEncoder.encode(pkcs10request, "UTF-8")); + System.out.println("before converting bug to string "); + query = queryStrBuf.toString(); + + System.out.println(query); + queryStrBuf = null; + } + + public int getRequestId() { + Integer m = new Integer(requestId); + + return m.intValue(); + + } + + /** + * Submit enrollment request + */ + + public boolean clientCertEnroll() { + certType = "client"; + ssl_client = "true"; + debug = true; + return (pkcs10()); + } + + public boolean Enroll() { + debug = true; + return (pkcs10()); + } + + /** + * Read the properties file + **/ + + public boolean readProperties() { + + // Read the properties file and assign values to variables . + try { + getProperties(propfileName); + } catch (Exception e) { + System.out.println( + "exception reading Properties File " + e.getMessage()); + return false; + } + + host = props.getProperty("enroll.host"); + ports = props.getProperty("enroll.port"); + DN = props.getProperty("enroll.DN"); + requestorName = props.getProperty("enroll.name"); + requestorEmail = props.getProperty("enroll.email"); + requestorPhone = props.getProperty("enroll.phone"); + requestorComments = props.getProperty("enroll.comments"); + E = props.getProperty("enroll.E"); + CN = props.getProperty("enroll.CN"); + UID = props.getProperty("enroll.UID"); + OU = props.getProperty("enroll.OU"); + O = props.getProperty("enroll.O"); + C = props.getProperty("enroll.C"); + cdir = props.getProperty("enroll.certdir"); + tokenpwd = props.getProperty("enroll.certtokenpwd"); + certnickname = props.getProperty("enroll.nickname"); + keysize = props.getProperty("enroll.keysize"); + keytype = props.getProperty("enroll.keytype"); + certType = props.getProperty("enroll.certtype"); + if (certType == null) { + certType = "client"; + } + if (certType.equals("raSigningCert")) { + certType = "ra"; + } + if (certType.equals("ocspSigningCert")) { + certType = "ocsp"; + } + pkcs10request = props.getProperty("enroll.pkcs10"); + ssl_client = props.getProperty("enroll.sslclient"); + if (ssl_client == null) { + ssl_client = "true"; + } + + String de = props.getProperty("enroll.debug"); + + if (de == null) { + debug = false; + } else if (de.equals("true")) { + debug = true; + } else { + debug = false; + } + + // Enroll using a pkscks10 request + return (pkcs10()); + } + + public static void main(String args[]) { + // Exit Status - (0) for error/Fail + // - requestId Pass + + UserEnroll e = new UserEnroll("jupiter2", "1027", + "E=test,cn=test,uid=test", "test", "test", "test", "t1", "t", + "/u/lgopal/work/tetCMS/ns/tetframework/testcases/CMS/6.0/acceptanceJava/data/certdb", + "secret12", "true", "1024", "RSA", "rn", "re", "client"); + + e.clientCertEnroll(); + + /* if ( args.length < 1) + { + System.out.println("Usage : propertiesfile"); + System.exit(0); + } + + + UserEnroll t = new UserEnroll(args[0]); + st=t.enroll(); + if (st){ + System.out.println("User Enrolled successfully . RequestId is "+t.getrequestId()); + System.exit(t.getRequestId()); + } + else{ + + System.out.println("Error: " + t.getErrorDetail()); + System.exit(0); + } + */ + }// end of function main + +} // end of class + diff --git a/base/silent/src/com/netscape/pkisilent/common/Utilities.java b/base/silent/src/com/netscape/pkisilent/common/Utilities.java new file mode 100644 index 000000000..3e5d6fb4c --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/Utilities.java @@ -0,0 +1,347 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.DataInputStream; +import java.io.FileInputStream; + +import netscape.security.x509.CertificateSerialNumber; +import netscape.security.x509.CertificateSubjectName; +import netscape.security.x509.RDN; +import netscape.security.x509.SerialNumber; +import netscape.security.x509.X500Name; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + +import com.netscape.cmsutil.util.Utils; + +public class Utilities { + + public Utilities() {// Do nothing + } + + public String cleanupQuotes(String token) { + + StringBuffer buf = new StringBuffer(); + int length = token.length(); + int curIndex = 0; + + if (token.startsWith("\"") && token.endsWith("\"")) { + curIndex = 1; + length--; + } + + boolean oneQuoteFound = false; + boolean twoQuotesFound = false; + + while (curIndex < length) { + char curChar = token.charAt(curIndex); + + if (curChar == '"') { + twoQuotesFound = (oneQuoteFound) ? true : false; + oneQuoteFound = true; + } else { + oneQuoteFound = false; + twoQuotesFound = false; + } + + if (twoQuotesFound) { + twoQuotesFound = false; + oneQuoteFound = false; + curIndex++; + continue; + } + + buf.append(curChar); + curIndex++; + } + + return buf.toString(); + } + + public String removechar(String token) { + + StringBuffer buf = new StringBuffer(); + int end = token.length(); + int begin = 0; + + if (token.endsWith(";")) { + end--; + } + + while (begin < end) { + char curChar = token.charAt(begin); + + buf.append(curChar); + begin++; + } + return buf.toString(); + + } + + public String parse_httpresponse(String line) { + // look for name=value pair + // remove trailing white spaces + // remove trailing ; + // remove double quotes + + String temp = line.substring(line.indexOf("=") + 1); + + return cleanupQuotes(removechar(temp.trim())); + + } + + public String remove_newline(String s) { + if (s == null) { + return null; + } + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { + i++; + continue; + } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { + i++; + continue; + } else if (s.charAt(i) == '"') { + continue; + } + val += s.charAt(i); + } + return val; + + } + + public String normalize(String s) { + + if (s == null) { + return null; + } + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { + val += '\n'; + i++; + continue; + } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { + i++; + continue; + } else if (s.charAt(i) == '"') { + continue; + } + val += s.charAt(i); + } + return val; + } + + /* + * format of the file should be like this: + * -----BEGIN CERTIFICATE----- + * base64 encoded certificate + * -----END CERTIFICATE----- + */ + public String getcertfromfile(String filename) { + StringBuffer tempBuffer = new StringBuffer(); + + try { + FileInputStream fis = new FileInputStream(filename); + DataInputStream in = new DataInputStream(fis); + + while (in.available() != 0) { + String temp = in.readLine(); + + if (temp.equalsIgnoreCase("-----BEGIN CERTIFICATE-----") + || temp.equalsIgnoreCase("-----END CERTIFICATE-----")) { + continue; + } + tempBuffer.append(temp); + } + + return tempBuffer.toString(); + } catch (Exception e) { + System.out.println("ERROR: getcertfromfile" + e.toString()); + return null; + } + + } + + public String getcertfromfile_withheaders(String filename) { + StringBuffer tempBuffer = new StringBuffer(); + + try { + FileInputStream fis = new FileInputStream(filename); + DataInputStream in = new DataInputStream(fis); + + while (in.available() != 0) { + String temp = in.readLine(); + + tempBuffer.append(temp); + } + return tempBuffer.toString(); + } catch (Exception e) { + System.out.println( + "ERROR: getcertfromfile_withheaders" + e.toString()); + return null; + } + } + + /* + * format of the file should be like this: + * -----BEGIN CERTIFICATE REVOCATION LIST----- + * base64 encoded CRL + * -----END CERTIFICATE REVOCATION LIST----- + */ + public String getcrlfromfile(String filename) { + StringBuffer tempBuffer = new StringBuffer(); + + try { + FileInputStream fis = new FileInputStream(filename); + DataInputStream in = new DataInputStream(fis); + + while (in.available() != 0) { + String temp = in.readLine(); + + tempBuffer.append(temp); + } + + return tempBuffer.toString(); + } catch (Exception e) { + System.out.println("ERROR: getcrlfromfile" + e.toString()); + return null; + } + + } + + /* + * format of the file should be like this: + * -----BEGIN CERTIFICATE----- + * base64 encoded certificate + * -----END CERTIFICATE----- + */ + public String getcafromfile(String filename) { + StringBuffer tempBuffer = new StringBuffer(); + + try { + FileInputStream fis = new FileInputStream(filename); + DataInputStream in = new DataInputStream(fis); + + while (in.available() != 0) { + String temp = in.readLine(); + + tempBuffer.append(temp); + } + + return tempBuffer.toString(); + } catch (Exception e) { + System.out.println("ERROR: getcafromfile" + e.toString()); + return null; + } + + } + + /* + * function for RFC 2254. converts a x509 certificate given as + * a binary array[] to a Ldap filter string + */ + public static String escapeBinaryData(byte data[]) { + String result = ""; + + for (int i = 0; i < data.length; i++) { + String s = Integer.toHexString((int) (0xff & data[i])); + + if (s.length() == 1) { + s = "0" + s; + } + result = result + "\\" + s; + } + + System.out.println("LDAP_FILTER=" + result); + return result; + } + + /* + * function to decode base64 encoded certificate + */ + public CertificateRecord decode_cert(String cert) { + + String head = "-----BEGIN CERTIFICATE-----"; + String tail = "-----END CERTIFICATE-----"; + + CertificateRecord cr = new CertificateRecord(); + + int head_pos = cert.indexOf(head); + int tail_pos = cert.indexOf(tail); + + // String not found + if (head_pos == -1 || tail_pos == -1) { + return null; + } + + String temp = cert.substring(head_pos + head.length(), tail_pos); + + temp = temp.replaceAll("\\r", ""); + temp = temp.replaceAll("\\n", ""); + + try { + // BASE64Decoder base64 = new BASE64Decoder(); + // byte decodedBASE64Cert[] = base64.decodeBuffer(temp); + byte decodedBASE64Cert[] = Utils.base64decode(temp); + X509CertImpl x509_cert = new X509CertImpl(decodedBASE64Cert); + X509CertInfo certinfo = (X509CertInfo) x509_cert.get("x509.INFO"); + + /* Get Serial Number */ + CertificateSerialNumber csn = (CertificateSerialNumber) + certinfo.get(X509CertInfo.SERIAL_NUMBER); + SerialNumber sn = (SerialNumber) csn.get("NUMBER"); + + // just adding serialnumber for add. + // we can add mode here like subject name, extensions,issuer to this record. + cr.serialNumber = sn.getNumber().toString().trim(); + + /* Get Subject Name */ + + CertificateSubjectName csn1 = (CertificateSubjectName) + certinfo.get(X509CertInfo.SUBJECT); + + X500Name dname = (X500Name) csn1.get(CertificateSubjectName.DN_NAME); + + String pp = ""; + RDN[] rdns = dname.getNames(); + + for (int i = rdns.length - 1; i >= 0; i--) { + pp = pp + rdns[i] + "\n"; + } + + cr.subject = pp; + + } catch (Exception e) { + System.out.println("ERROR: Exception when decoding certificate=" + e); + e.printStackTrace(); + return null; + } + + return cr; + + } + +}; // end class diff --git a/base/silent/src/com/netscape/pkisilent/common/checkRequest.java b/base/silent/src/com/netscape/pkisilent/common/checkRequest.java new file mode 100644 index 000000000..c4599ffde --- /dev/null +++ b/base/silent/src/com/netscape/pkisilent/common/checkRequest.java @@ -0,0 +1,617 @@ +package com.netscape.pkisilent.common; + +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.BufferedOutputStream; +import java.io.BufferedReader; +import java.io.FileOutputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.PrintStream; +import java.util.Date; +import java.util.GregorianCalendar; + +import org.mozilla.jss.ssl.SSLSocket; + +/** + * CMS Test framework . + * Submits a checkRequestStatus request to the server. parses the response from server and can import cert to the + * specified client database. + * <P> + */ + +public class checkRequest extends TestClient { + + private int i; + private String certfile, importcert = "false", certnickname, serialNumber, ldapformat; + + private String requestId; + private String reqStatus = "false"; + private String pkcsCert, baseCert, ACTION_STRING, issuer, subject, AUTH = "ca"; + private int port; + private boolean impStatus = false; + private int type = 1; + + private long elapsedTime; + + private String host; + private String ports; + private String tokenpwd; + private String cdir; + + // public methods + + /** + * Constructor . Takes the parameter for Properties file name + * <p> + * + * @param propfilename name of the parameter file + */ + + public checkRequest(String pfile) { + propfileName = pfile; + } + + /** + * Constructor . Takes the parameter for hostname and EESSLportnumber + * <p> + */ + + public checkRequest(String h, String p) { + host = h; + ports = p; + }; + + /** + * Constructor . Takes the parameter for hostname , EESSLportnumber , Requestnumber and ImportCert ( true/false) + * <p> + */ + + public checkRequest(String h, String p, String snum, String impc) { + host = h; + ports = p; + requestId = snum; + importcert = impc; + } + + /** + * Constructor . Takes the parameter for hostname , EESSLportnumber , certdbdir, certdbpassword, Requestnumber + * ,certnickname and ImportCert ( true/false) + * <p> + */ + + public checkRequest(String hs, String pt, String certdir, String certtokenpwd, String seqnum, String nickname, + String impc) { + host = hs; + ports = pt; + cdir = certdir; + tokenpwd = certtokenpwd; + requestId = seqnum; + if (impc == null) { + importcert = "false"; + } else { + importcert = impc; + } + certnickname = nickname; + + } + + public void setDebug(boolean t) { + debug = t; + } + + public void setreqId(String seqnum) { + requestId = seqnum; + } + + public void setCertNickname(String cname) { + certnickname = cname; + } + + /** + * takes values - true/false + **/ + public void setImportCert(String impc) { + importcert = impc; + } + + public String getpkcs7ChainCert() { + return pkcsCert; + } + + /** + * returns Certificate + **/ + + public String getCert() { + return cCrypt.normalize(baseCert); + } + + /** + * returns Request status - "complete","pending" + **/ + + public String getRequestStatus() { + return reqStatus; + } + + /** + * returns the hex serial number of the certificate + **/ + + public String getSerialNumberHex() { + return serialNumber; + } + + /** + * returns the serial number as interger + **/ + + public int getSerialNumber() { + if (serialNumber != null) { + Integer y = new Integer(Integer.parseInt(serialNumber, 16)); + + return y.intValue(); + } + return 0; + } + + /** + * Submits a checkRequestStatus request to the server + **/ + + public boolean checkRequestStatus() { + + // Login to dB and genertae request + cCrypt.setCertDir(cdir); + cCrypt.setCertnickname(certnickname); + cCrypt.setKeySize(keysize); + cCrypt.setKeyType(keytype); + cCrypt.setTokenPWD(tokenpwd); + cCrypt.setDebug(debug); + + if (!cCrypt.loginDB()) { + System.out.println("Error : Login certdb failed "); + System.err.println("FAIL : Login certdb failed "); + return false; + } + + try { + + type = 1; + buildquery(); + if (debug) { + System.out.println(query); + } + setStatusString("Congratulations, your certificate has been issued."); + if (Send()) { + if (debug) { + System.out.println("Request Status :" + reqStatus); + } + if (reqStatus.equals("complete")) { + type = 2; + buildquery(); + if (debug) { + System.out.println(query); + } + if (Send()) { + return true; + } + } else { + return true; + } + + } + if (debug) { + System.out.println("Request Status :" + reqStatus); + } + + System.err.println("FAIL: reached end of checkRequestStatus()"); + + return false; + } catch (Exception e) { + System.err.println("some exception:" + e); + } + + return false; + } + + // Private functions + + private void setElapsedTime(long dif) { + elapsedTime = dif; + } + + private long calculateElapsedTime(GregorianCalendar b, GregorianCalendar e) { + + Date d1 = b.getTime(); + Date d2 = e.getTime(); + long l1 = d1.getTime(); + long l2 = d2.getTime(); + long difference = l2 - l1; + + return difference; + + } + + private boolean writeCert2File() { + if (serialNumber != null) { + + try { + FileOutputStream fos = new FileOutputStream(certfile); + + if (ldapformat.equals("true")) { + String tmp = "description: 2;" + + Integer.parseInt(serialNumber, 16) + ";" + issuer + + ";" + subject + "\n"; + + fos.write(tmp.getBytes()); + tmp = cCrypt.normalizeForLDAP(getCert()); + if (debug) { + System.out.println(tmp); + } + fos.write(("usercertificate:: ").getBytes()); + fos.write(tmp.getBytes()); + fos.close(); + } else { + String tmp = cCrypt.normalize(getCert()); + + if (debug) { + System.out.println(tmp); + } + fos.write(tmp.getBytes()); + fos.close(); + + } + + } catch (Exception e) { + System.out.println( + "exception in writeCert2File: " + e.getMessage()); + return false; + } + + } + + return true; + } + + private boolean importCert(String certpack) { + + if (importcert.equals("false")) { + return true; + } + + try { + if (certpack == null) { + return false; + } + + String s = cCrypt.normalize(certpack); + + if (AUTH.equals("ca")) { + String tmp = "-----BEGIN CERTIFICATE-----\n" + s + "\n" + + "-----END CERTIFICATE-----"; + + if (debug) { + System.out.println( + "importing cert" + tmp + "certnick" + certnickname); + } + s = tmp; + } + + if (cCrypt.importCert(s, certnickname)) { + System.out.println("successfully imported cert"); + return true; + } + + return false; + + } catch (Exception e) { + System.out.println( + "exception importing cert crequest" + e.getMessage()); + return false; + } + + } + + private boolean RetrieveRequestDetail(String line) { + String stat = "header.status = "; + boolean st = true; + + if (debug) { + System.out.println(line); + } + + if (line.indexOf(stat) != -1) { + String tm = line.substring(stat.length() + 1, + line.indexOf(";", 10) - 1); + + reqStatus = tm; + } + if (line.indexOf("header.pkcs7ChainBase64 = ") != -1) { + // if status is complete retrieve cert + pkcsCert = line.substring("header.pkcs7ChainBase64 = ".length() + 1, + line.indexOf(";", 10) - 1); + } + if (line.indexOf("record.serialNumber=") != -1) { + serialNumber = line.substring("record.serialNumber=".length() + 1, + line.indexOf(";", 1) - 1); + } + if (line.indexOf("header.authority =") == 0) { + AUTH = line.substring("header.authority =".length() + 2, + line.indexOf(";", 1) - 1); + } + + if (getError(line)) { + st = false; + } + + return st; + + } + + private boolean RetrieveCertDetails(String line) { + if (debug) { + System.out.println(line); + } + + boolean st = true; + + String retriveStr[] = { + "record.base64Cert=", "record.certPrettyPrint=", + "header.certChainBase64 = ", "header.certPrettyPrint = " }; + String baseCertStr, certPrettyprintStr; + + if (AUTH.equals("ra")) { + baseCertStr = retriveStr[0]; + certPrettyprintStr = retriveStr[1]; + } else { + baseCertStr = retriveStr[2]; + certPrettyprintStr = retriveStr[3]; + } + + if (line.indexOf(baseCertStr) != -1) { + + // if status is complete retrieve cert + baseCert = line.substring(baseCertStr.length() + 1, + line.indexOf(";", 10) - 1); + if (importcert.equals("true")) { + if (importCert(baseCert)) { + st = true; + } + } else { + st = true; + } + } + + if (line.indexOf(certPrettyprintStr) != -1) { + + System.out.println("Found certPrettyPrint"); + int ret = line.indexOf("Issuer: "); + + issuer = line.substring(("Issuer: ").length() + ret, + line.indexOf("Validi", ret) - 14); + ret = line.indexOf("Subject:"); + subject = line.substring(("Subject: ").length() + ret, + line.indexOf("Subject Public", ret) - 14); + + System.out.println(" HEADER : " + issuer); + + } + + // System.out.println("Debug :get Error detail " + line); + if (getError(line)) { + st = false; + } + + return st; + + } + + private synchronized boolean Send() { + boolean st = false; + + try { + if (debug) { + System.out.println("Step 3 : Socket initialize"); + } + + Integer x = new Integer(ports); + + port = x.intValue(); + + GregorianCalendar begin = new GregorianCalendar(); + + impStatus = false; + + // SSLSocket socket = new SSLSocket(host,port); + SSLSocket socket = new SSLSocket(host, port, null, 0, this, null); + + socket.setUseClientMode(true); + + OutputStream rawos = socket.getOutputStream(); + BufferedOutputStream os = new BufferedOutputStream(rawos); + PrintStream ps = new PrintStream(os); + + ps.println("POST " + ACTION_STRING + " HTTP/1.0"); + ps.println("Connection: Keep-Alive"); + ps.println("Content-type: application/x-www-form-urlencoded"); + ps.println("Content-length: " + query.length()); + ps.println(""); + ps.println(query); + ps.println("\r"); + ps.flush(); + os.flush(); + BufferedReader stdin = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + + if (debug) { + System.out.println("Step 4: Received the page"); + } + st = false; + String line; + + while ((line = stdin.readLine()) != null) { + switch (type) { + case 1: + RetrieveRequestDetail(line); + st = true; + break; + + case 2: + st = RetrieveCertDetails(line); + break; + + default: + System.out.println("invalid format"); + + } + + } + stdin.close(); + socket.close(); + os.close(); + rawos.close(); + ps.close(); + os = null; + rawos = null; + stdin = null; + ps = null; + line = null; + + GregorianCalendar end = new GregorianCalendar(); + long diff = calculateElapsedTime(begin, end); + + setElapsedTime(diff); + + } catch (Exception e) { + System.err.println("some exception: in Send routine" + e); + return false; + } + if ((certfile != null) && (type == 2)) { + st = writeCert2File(); + } + + if (debug) { + System.out.println(serialNumber); + } + + return st; + + } + + private void buildquery() { + + StringBuffer queryStrBuf = new StringBuffer(); + + if (type == 1) { + ACTION_STRING = "/checkRequest"; + queryStrBuf.append("requestId="); + queryStrBuf.append(requestId); + queryStrBuf.append("&importCert=true"); + } + + if (type == 2) { + ACTION_STRING = "/" + AUTH + "/displayBySerial"; + if (AUTH.equals("ra")) { + ACTION_STRING = "/displayCertFromRequest"; + queryStrBuf.append("requestId="); + queryStrBuf.append(requestId); + + } else { + ACTION_STRING = "/displayBySerial"; + queryStrBuf.append("op=displayBySerial"); + queryStrBuf.append("&serialNumber=0x"); + queryStrBuf.append(serialNumber); + } + } + + query = queryStrBuf.toString(); + + queryStrBuf = null; + + } + + private boolean readProperties() { + + // Read the properties file and assign values to variables . + try { + getProperties(propfileName); + } catch (Exception e) { + System.out.println( + "exception reading Properties File " + e.getMessage()); + return false; + } + + host = props.getProperty("enroll.host"); + ports = props.getProperty("enroll.port"); + cdir = props.getProperty("enroll.certdir"); + tokenpwd = props.getProperty("enroll.certtokenpwd"); + requestId = props.getProperty("enroll.seqnum"); + certfile = props.getProperty("enroll.certfile"); + importcert = props.getProperty("enroll.importCert"); + if (importcert == null) { + importcert = "false"; + } + ldapformat = props.getProperty("enroll.ldapformat"); + if (ldapformat == null) { + ldapformat = "true"; + } + System.out.println(ldapformat); + certnickname = props.getProperty("enroll.nickname"); + String de = props.getProperty("enroll.debug"); + + if (de == null) { + debug = false; + } else if (de.equals("true")) { + debug = true; + } else { + debug = false; + } + + // Enroll using a pkscks10 request + return (checkRequestStatus()); + } + + public static void main(String args[]) { + // Exit Status - (0) for error/Fail + // - requestId Pass + boolean st; + + if (args.length < 1) { + System.out.println("Usage : propertiesfile"); + System.exit(0); + } + + checkRequest t = new checkRequest(args[0]); + + st = t.readProperties(); + if (st) { + System.exit(t.getSerialNumber()); + } else { + + System.out.println("Request Status :" + t.getRequestStatus()); + System.out.println("Error: " + t.getErrorDetail()); + + System.exit(0); + } + }// end of function main + +} // end of class + |