summaryrefslogtreecommitdiffstats
path: root/base/silent
diff options
context:
space:
mode:
authorEndi Sukma Dewata <edewata@redhat.com>2012-03-24 02:27:47 -0500
committerEndi Sukma Dewata <edewata@redhat.com>2012-03-26 11:43:54 -0500
commit621d9e5c413e561293d7484b93882d985b3fe15f (patch)
tree638f3d75761c121d9a8fb50b52a12a6686c5ac5c /base/silent
parent40d3643b8d91886bf210aa27f711731c81a11e49 (diff)
downloadpki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz
pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz
pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip
Removed unnecessary pki folder.
Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131
Diffstat (limited to 'base/silent')
-rw-r--r--base/silent/CMakeLists.txt17
-rw-r--r--base/silent/LICENSE291
-rw-r--r--base/silent/scripts/CMakeLists.txt10
-rwxr-xr-xbase/silent/scripts/pkisilent117
-rw-r--r--base/silent/src/CMakeLists.txt82
-rw-r--r--base/silent/src/com/netscape/pkisilent/ConfigureCA.java1698
-rw-r--r--base/silent/src/com/netscape/pkisilent/ConfigureDRM.java1374
-rw-r--r--base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java1181
-rw-r--r--base/silent/src/com/netscape/pkisilent/ConfigureRA.java881
-rw-r--r--base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java1249
-rw-r--r--base/silent/src/com/netscape/pkisilent/ConfigureTKS.java1121
-rw-r--r--base/silent/src/com/netscape/pkisilent/ConfigureTPS.java1088
-rw-r--r--base/silent/src/com/netscape/pkisilent/PKISilent.java59
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/ArgParseException.java54
-rwxr-xr-xbase/silent/src/com/netscape/pkisilent/argparser/ArgParser.java2085
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/ArgParserTest.java1514
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/BooleanHolder.java54
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/CharHolder.java54
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/DoubleHolder.java54
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/FloatHolder.java54
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/IntHolder.java54
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/LongHolder.java54
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/ObjectHolder.java54
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/SimpleExample.java53
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/StringHolder.java54
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/StringScanException.java56
-rw-r--r--base/silent/src/com/netscape/pkisilent/argparser/StringScanner.java567
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/BaseState.java118
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/CMSConfig.java569
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java609
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/CMSProperties.java679
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/CMSTask.java190
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/CertificateRecord.java44
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/ComCrypto.java767
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/Con2Agent.java318
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/DirEnroll.java470
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/ParseXML.java170
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/PostQuery.java141
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/Request.java1138
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/ServerInfo.java355
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/TestClient.java941
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/UserEnroll.java536
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/Utilities.java347
-rw-r--r--base/silent/src/com/netscape/pkisilent/common/checkRequest.java617
-rw-r--r--base/silent/src/com/netscape/pkisilent/http/CertSelection.java45
-rw-r--r--base/silent/src/com/netscape/pkisilent/http/HTMLDocument.java595
-rw-r--r--base/silent/src/com/netscape/pkisilent/http/HTTPClient.java1231
-rw-r--r--base/silent/src/com/netscape/pkisilent/http/HTTPResponse.java314
-rwxr-xr-xbase/silent/templates/pki_silent.template1732
-rwxr-xr-xbase/silent/templates/subca_silent.template513
50 files changed, 26368 insertions, 0 deletions
diff --git a/base/silent/CMakeLists.txt b/base/silent/CMakeLists.txt
new file mode 100644
index 000000000..8f71375dc
--- /dev/null
+++ b/base/silent/CMakeLists.txt
@@ -0,0 +1,17 @@
+project(silent Java)
+
+add_subdirectory(src)
+add_subdirectory(scripts)
+
+install(
+ FILES
+ templates/pki_silent.template
+ templates/subca_silent.template
+ DESTINATION
+ ${DATA_INSTALL_DIR}/silent/
+ PERMISSIONS
+ OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ WORLD_EXECUTE WORLD_READ
+)
+
diff --git a/base/silent/LICENSE b/base/silent/LICENSE
new file mode 100644
index 000000000..e281f4362
--- /dev/null
+++ b/base/silent/LICENSE
@@ -0,0 +1,291 @@
+This Program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published
+by the Free Software Foundation; version 2 of the License.
+
+This Program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+for more details.
+
+You should have received a copy of the GNU General Public License
+along with this Program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
diff --git a/base/silent/scripts/CMakeLists.txt b/base/silent/scripts/CMakeLists.txt
new file mode 100644
index 000000000..df4dfc469
--- /dev/null
+++ b/base/silent/scripts/CMakeLists.txt
@@ -0,0 +1,10 @@
+install(
+ FILES
+ pkisilent
+ DESTINATION
+ ${BIN_INSTALL_DIR}
+ PERMISSIONS
+ OWNER_EXECUTE OWNER_WRITE OWNER_READ
+ GROUP_EXECUTE GROUP_READ
+ WORLD_EXECUTE WORLD_READ
+)
diff --git a/base/silent/scripts/pkisilent b/base/silent/scripts/pkisilent
new file mode 100755
index 000000000..c5be67855
--- /dev/null
+++ b/base/silent/scripts/pkisilent
@@ -0,0 +1,117 @@
+#!/usr/bin/perl
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA 02110-1301 USA
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+###############################################################################
+## (1) Specify variables used by this script. ##
+###############################################################################
+
+my $PRODUCT="pki";
+my $libpath="";
+
+
+###############################################################################
+## (2) Define helper functions. ##
+###############################################################################
+
+sub invalid_architecture()
+{
+ print "\n";
+ print "ERROR: pkisilent does not execute on this architecture\n";
+ print "ERROR: check to make sure pki-native-tools package is installed!\n";
+ print "\n";
+}
+
+
+###############################################################################
+## (3) Set the LD_LIBRARY_PATH environment variable ##
+## (as well as the ${libpath} java property) to determine the ##
+## search order this command uses to find shared libraries. ##
+###############################################################################
+
+my $ARCHITECTURE=`uname -i`;
+chop( $ARCHITECTURE );
+
+if( $ARCHITECTURE eq "i386" ) {
+ $libpath="/usr/lib";
+
+ $ENV{LD_LIBRARY_PATH} = "/usr/lib/jss:"
+ . "/usr/lib:/lib";
+} elsif($ARCHITECTURE eq "x86_64") {
+ $libpath="/usr/lib64";
+
+ $ENV{LD_LIBRARY_PATH} = "/usr/lib64/jss:"
+ . "/usr/lib64:/lib64:"
+ . "/usr/lib/jss:"
+ . "/usr/lib:/lib";
+} else {
+ invalid_architecture();
+ exit(255);
+}
+
+
+###############################################################################
+## (4) Set the CP environment variable to determine the search ##
+## order this command wrapper uses to find jar files. ##
+###############################################################################
+
+print "libpath=$libpath\n";
+
+$ENV{CLASSPATH} = "/usr/share/java/${PRODUCT}/pki-silent.jar:"
+ . "/usr/share/java/${PRODUCT}/pki-certsrv.jar:"
+ . "/usr/share/java/${PRODUCT}/pki-cmscore.jar:"
+ . "/usr/share/java/${PRODUCT}/pki-nsutil.jar:"
+ . "/usr/share/java/${PRODUCT}/pki-cmsutil.jar:"
+ . "/usr/share/java/${PRODUCT}/pki-tools.jar:"
+ . "/usr/share/java/ldapjdk.jar:"
+ . "/usr/share/java/commons-codec.jar:"
+ . "/usr/share/java/xerces-j2.jar:"
+ . "/usr/share/java/xml-commons-apis.jar:"
+ . "/usr/share/java/xml-commons-resolver.jar:";
+if( $ARCHITECTURE eq "x86_64" ) {
+ $ENV{CLASSPATH} = $ENV{CLASSPATH}
+ . "/usr/lib64/java/jss4.jar:"
+ . "/usr/lib/java/jss4.jar:";
+} else {
+ $ENV{CLASSPATH} = $ENV{CLASSPATH}
+ . "/usr/lib/java/jss4.jar:";
+}
+
+
+###############################################################################
+## (5) Execute the java command specified by this java command wrapper ##
+## based upon the preset LD_LIBRARY_PATH and CP environment variables. ##
+###############################################################################
+
+my @args = ();
+foreach (@ARGV) {
+ push(@args, quotemeta($_));
+}
+my $output = `java -cp $ENV{CLASSPATH} com.netscape.pkisilent.PKISilent @args`;
+my $status = $?;
+
+print "#######################################################################\n";
+print "$output\n";
+print "#######################################################################\n";
+
+if ($status != 0) {
+ exit(255);
+} else {
+ exit(0);
+}
diff --git a/base/silent/src/CMakeLists.txt b/base/silent/src/CMakeLists.txt
new file mode 100644
index 000000000..a3e6034f8
--- /dev/null
+++ b/base/silent/src/CMakeLists.txt
@@ -0,0 +1,82 @@
+project(pki-silent_java Java)
+
+find_file(JSS_JAR
+ NAMES
+ jss4.jar
+ PATHS
+ ${JAVA_LIB_INSTALL_DIR}
+ /usr/share/java
+)
+
+find_file(LDAPJDK_JAR
+ NAMES
+ ldapjdk.jar
+ PATHS
+ ${JAVA_LIB_INSTALL_DIR}
+ /usr/share/java
+)
+
+find_file(XERCES_JAR
+ NAMES
+ xerces-j2.jar
+ PATHS
+ ${JAVA_LIB_INSTALL_DIR}
+ /usr/share/java
+)
+
+set(pki-silent_java_SRCS
+ com/netscape/pkisilent/ConfigureTKS.java
+ com/netscape/pkisilent/ConfigureCA.java
+ com/netscape/pkisilent/argparser/CharHolder.java
+ com/netscape/pkisilent/argparser/ArgParseException.java
+ com/netscape/pkisilent/argparser/StringHolder.java
+ com/netscape/pkisilent/argparser/SimpleExample.java
+ com/netscape/pkisilent/argparser/ArgParser.java
+ com/netscape/pkisilent/argparser/DoubleHolder.java
+ com/netscape/pkisilent/argparser/ObjectHolder.java
+ com/netscape/pkisilent/argparser/FloatHolder.java
+ com/netscape/pkisilent/argparser/BooleanHolder.java
+ com/netscape/pkisilent/argparser/StringScanException.java
+ com/netscape/pkisilent/argparser/StringScanner.java
+ com/netscape/pkisilent/argparser/LongHolder.java
+ com/netscape/pkisilent/argparser/IntHolder.java
+ com/netscape/pkisilent/ConfigureTPS.java
+ com/netscape/pkisilent/http/HTTPClient.java
+ com/netscape/pkisilent/http/HTMLDocument.java
+ com/netscape/pkisilent/http/HTTPResponse.java
+ com/netscape/pkisilent/http/CertSelection.java
+ com/netscape/pkisilent/common/Request.java
+ com/netscape/pkisilent/common/CertificateRecord.java
+ com/netscape/pkisilent/common/Utilities.java
+ com/netscape/pkisilent/common/ComCrypto.java
+ com/netscape/pkisilent/common/BaseState.java
+ com/netscape/pkisilent/common/CMSLDAP.java
+ com/netscape/pkisilent/common/CMSConfig.java
+ com/netscape/pkisilent/common/PostQuery.java
+ com/netscape/pkisilent/common/ServerInfo.java
+ com/netscape/pkisilent/common/UserEnroll.java
+ com/netscape/pkisilent/common/ParseXML.java
+ com/netscape/pkisilent/common/CMSProperties.java
+ com/netscape/pkisilent/common/DirEnroll.java
+ com/netscape/pkisilent/common/Con2Agent.java
+ com/netscape/pkisilent/common/TestClient.java
+ com/netscape/pkisilent/common/CMSTask.java
+ com/netscape/pkisilent/ConfigureOCSP.java
+ com/netscape/pkisilent/ConfigureRA.java
+ com/netscape/pkisilent/ConfigureSubCA.java
+ com/netscape/pkisilent/ConfigureDRM.java
+ com/netscape/pkisilent/PKISilent.java
+)
+
+set(CMAKE_JAVA_INCLUDE_PATH
+ ${PKI_CERTSRV_JAR} ${PKI_CMS_JAR}
+ ${PKI_CMSUTIL_JAR} ${PKI_NSUTIL_JAR}
+ ${LDAPJDK_JAR} ${XERCES_JAR}
+ ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR})
+
+set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
+
+add_jar(pki-silent ${pki-silent_java_SRCS})
+add_dependencies(pki-silent symkey pki-cmsutil pki-nsutil pki-certsrv pki-cms)
+install_jar(pki-silent ${JAVA_JAR_INSTALL_DIR}/pki)
+set(PKI_SILENT_JAR ${pki-silent_JAR_FILE} CACHE INTERNAL "pki-silent jar file")
diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureCA.java b/base/silent/src/com/netscape/pkisilent/ConfigureCA.java
new file mode 100644
index 000000000..3c498febe
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/ConfigureCA.java
@@ -0,0 +1,1698 @@
+package com.netscape.pkisilent;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.DataInputStream;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStreamReader;
+import java.io.PrintStream;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+
+import org.mozilla.jss.asn1.SEQUENCE;
+import org.mozilla.jss.pkcs12.AuthenticatedSafes;
+import org.mozilla.jss.pkcs12.PFX;
+
+import com.netscape.pkisilent.argparser.ArgParser;
+import com.netscape.pkisilent.argparser.StringHolder;
+import com.netscape.pkisilent.common.ComCrypto;
+import com.netscape.pkisilent.common.ParseXML;
+import com.netscape.pkisilent.http.HTTPClient;
+import com.netscape.pkisilent.http.HTTPResponse;
+import com.netscape.cmsutil.util.Utils;
+
+public class ConfigureCA {
+
+ // global constants
+ public static final String DEFAULT_KEY_TYPE = "RSA";
+ public static final String DEFAULT_KEY_SIZE = "2048";
+ public static final String DEFAULT_KEY_CURVENAME = "nistp256";
+ public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA";
+ public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC";
+ public static final String SUCCESS = "success";
+ public static final String FAILURE = "failure";
+
+ // define global variables
+
+ public static HTTPClient hc = null;
+
+ public static String login_uri = "/ca/admin/console/config/login";
+ public static String wizard_uri = "/ca/admin/console/config/wizard";
+ public static String admin_uri = "/ca/admin/ca/getBySerial";
+ public static String pkcs12_uri = "/ca/admin/console/config/savepkcs12";
+ public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin";
+ public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie";
+
+ public static String cs_hostname = null;
+ public static String cs_port = null;
+ public static String client_certdb_dir = null;
+ public static String client_certdb_pwd = null;
+
+ public static String sd_hostname = null;
+ public static String sd_ssl_port = null;
+ public static String sd_agent_port = null;
+ public static String sd_admin_port = null;
+ public static String sd_admin_name = null;
+ public static String sd_admin_password = null;
+
+ // Login Panel
+ public static String pin = null;
+
+ public static String domain_name = null;
+
+ public static String admin_user = null;
+ public static String admin_email = null;
+ public static String admin_password = null;
+ public static String admin_serial_number = null;
+ public static String agent_name = null;
+
+ public static String ldap_host = null;
+ public static String ldap_port = null;
+ public static String bind_dn = null;
+ public static String bind_password = null;
+ public static String base_dn = null;
+ public static String db_name = null;
+ public static String secure_conn = null;
+ public static String remove_data = null;
+
+ public static String key_type = null;
+ public static String key_size = null;
+ public static String key_curvename = null;
+ public static String key_algorithm = null;
+ public static String signing_algorithm = null;
+
+ public static String signing_key_type = null;
+ public static String signing_key_size = null;
+ public static String signing_key_curvename = null;
+ public static String signing_signingalgorithm = null;
+
+ public static String ocsp_signing_key_type = null;
+ public static String ocsp_signing_key_size = null;
+ public static String ocsp_signing_key_curvename = null;
+ public static String ocsp_signing_signingalgorithm = null;
+
+ public static String subsystem_key_type = null;
+ public static String subsystem_key_size = null;
+ public static String subsystem_key_curvename = null;
+
+ public static String audit_signing_key_type = null;
+ public static String audit_signing_key_size = null;
+ public static String audit_signing_key_curvename = null;
+
+ public static String sslserver_key_type = null;
+ public static String sslserver_key_size = null;
+ public static String sslserver_key_curvename = null;
+
+ public static String token_name = null;
+ public static String token_pwd = null;
+
+ public static String agent_key_size = null;
+ public static String agent_key_type = null;
+ public static String agent_cert_subject = null;
+
+ public static String save_p12 = null;
+ public static String backup_pwd = null;
+ public static String backup_fname = null;
+
+ public static String ca_cert_name = null;
+ public static String ca_cert_req = null;
+ public static String ca_cert_pp = null;
+ public static String ca_cert_cert = null;
+
+ public static String ocsp_cert_name = null;
+ public static String ocsp_cert_req = null;
+ public static String ocsp_cert_pp = null;
+ public static String ocsp_cert_cert = null;
+
+ public static String server_cert_name = null;
+ public static String server_cert_req = null;
+ public static String server_cert_pp = null;
+ public static String server_cert_cert = null;
+
+ public static String ca_subsystem_cert_name = null;
+ public static String ca_subsystem_cert_req = null;
+ public static String ca_subsystem_cert_pp = null;
+ public static String ca_subsystem_cert_cert = null;
+
+ public static String ca_audit_signing_cert_name = null;
+ public static String ca_audit_signing_cert_req = null;
+ public static String ca_audit_signing_cert_pp = null;
+ public static String ca_audit_signing_cert_cert = null;
+
+ // names
+ public static String ca_sign_cert_subject_name = null;
+ public static String ca_subsystem_cert_subject_name = null;
+ public static String ca_ocsp_cert_subject_name = null;
+ public static String ca_server_cert_subject_name = null;
+ public static String ca_audit_signing_cert_subject_name = null;
+
+ public static String subsystem_name = null;
+
+ public static String external_ca = null;
+ public static String ext_ca_cert_file = null;
+ public static String ext_ca_cert_chain_file = null;
+ public static String ext_csr_file = null;
+ public static String signing_cc = null;
+
+ public static boolean clone = false;
+ public static String clone_uri = null;
+ public static String clone_p12_passwd = null;
+ public static String clone_p12_file = null;
+ public static String clone_master_port = null;
+ public static String clone_replica_port = null;
+ public static String clone_replication_security = null;
+
+ //for correct selection of CA to be cloned
+ public static String urls;
+
+ public ConfigureCA() {// do nothing :)
+ }
+
+ public String getStatus(HTTPResponse hr, String name) {
+ ByteArrayInputStream bais = null;
+ String status = null;
+ try {
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ ParseXML px = new ParseXML();
+ px.parse(bais);
+ px.prettyprintxml();
+ status = px.getvalue(name);
+ } catch (Exception e) {
+ System.out.println("Exception in getStatus(): " + e.toString());
+ }
+ return status;
+ }
+
+ public boolean checkStatus(HTTPResponse hr, String name,
+ String expected, String location) {
+ return checkStatus(hr, name, new String[] { expected }, location);
+ }
+
+ public boolean checkStatus(HTTPResponse hr, String name,
+ String[] expected, String location) {
+ String status = getStatus(hr, name);
+ if (status == null) {
+ System.out.println("Error in " + location + ": " + name +
+ " value is null");
+ return false;
+ }
+ for (int i = 0; i < expected.length; i++) {
+ if (status.equals(expected[i])) {
+ return true;
+ }
+ }
+ System.out.println("Error in " + location + ": " + name +
+ " returns " + status);
+ return false;
+ }
+
+ public boolean LoginPanel() {
+ try {
+ boolean st = false;
+ HTTPResponse hr = null;
+
+ String query_string = "pin=" + pin + "&xml=true";
+ hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string);
+ System.out.println("xml returned: " + hr.getHTML());
+
+ // parse xml here - nothing to parse
+
+ // get cookie
+ String temp = hr.getCookieValue("JSESSIONID");
+ if (temp != null) {
+ int index = temp.indexOf(";");
+
+ HTTPClient.j_session_id = temp.substring(0, index);
+ st = true;
+ }
+
+ hr = null;
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ "p=0&op=next&xml=true");
+ if (!checkStatus(hr, "status", "display", "LoginPanel()")) {
+ return false;
+ }
+
+ return st;
+ } catch (Exception e) {
+ System.out.println("Exception in LoginPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean TokenChoicePanel() {
+ try {
+ HTTPResponse hr = null;
+ String query_string = null;
+
+ // Software Token
+ if (token_name.equalsIgnoreCase("internal")) {
+ query_string = "p=1" + "&op=next" + "&xml=true" + "&choice="
+ + URLEncoder.encode("Internal Key Storage Token", "UTF-8") + "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "TokenChoicePanel()")) {
+ return false;
+ }
+ } // HSM
+ else {
+ // login to hsm first
+ query_string = "p=2" + "&op=next" + "&xml=true" + "&uTokName="
+ + URLEncoder.encode(token_name, "UTF-8") + "&__uPasswd="
+ + URLEncoder.encode(token_pwd, "UTF-8") + "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "TokenChoicePanel()")) {
+ return false;
+ }
+
+ // choice with token name now
+ query_string = "p=1" + "&op=next" + "&xml=true" + "&choice="
+ + URLEncoder.encode(token_name, "UTF-8") + "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "TokenChoicePanel()")) {
+ return false;
+ }
+ }
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in TokenChoicePanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean DomainPanel() {
+ try {
+ HTTPResponse hr = null;
+ String domain_url = "https://" + cs_hostname + ":" + cs_port;
+ String query_string = null;
+
+ if (!clone) {
+ query_string = "sdomainURL=" + URLEncoder.encode(domain_url, "UTF-8")
+ + "&sdomainName=" + URLEncoder.encode(domain_name, "UTF-8")
+ + "&choice=newdomain" + "&p=3" + "&op=next" + "&xml=true";
+ } else {
+ domain_url = "https://" + sd_hostname + ":" + sd_admin_port;
+ query_string = "sdomainURL=" + URLEncoder.encode(domain_url, "UTF-8")
+ + "&sdomainName="
+ + "&choice=existingdomain" + "&p=3" + "&op=next" + "&xml=true";
+ }
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "DomainPanel()")) {
+ return false;
+ }
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in DomainPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean DisplayCertChainPanel() {
+ try {
+ String query_string = "p=4" + "&op=next" + "&xml=true";
+ hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in DisplayCertChainPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean SecurityDomainLoginPanel() {
+ try {
+ HTTPResponse hr = null;
+
+ String subca_url = "https://" + cs_hostname + ":" + cs_port +
+ "/ca/admin/console/config/wizard" + "?p=5&subsystem=CA";
+
+ String query_string = "url=" + URLEncoder.encode(subca_url, "UTF-8");
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string);
+
+ String query_string_1 = "uid=" + sd_admin_name + "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") +
+ "&url=" + URLEncoder.encode(subca_url, "UTF-8");
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri,
+ query_string_1);
+
+ // get session id from security domain
+
+ String subca_session_id = hr.getContentValue("header.session_id");
+ String subca_url_1 = hr.getContentValue("header.url");
+
+ System.out.println("SUBCA_SESSION_ID=" + subca_session_id);
+ System.out.println("SUBCA_URL=" + subca_url_1);
+
+ // use session id to connect back to subCA
+
+ String query_string_2 = "p=5" + "&subsystem=CA" +
+ "&session_id=" + subca_session_id + "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_2);
+ urls = hr.getHTML();
+ int indx = urls.indexOf(clone_uri);
+ if (indx < 0) {
+ throw new Exception("Invalid clone_uri");
+ }
+ urls = urls.substring(urls.lastIndexOf("<option", indx), indx);
+ urls = urls.split("\"")[1];
+
+ System.out.println("urls =" + urls);
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in SecurityDomainLoginPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean CreateCAPanel() {
+ try {
+ HTTPResponse hr = null;
+ String query_string = null;
+
+ if (!clone) {
+ query_string = "p=5" + "&op=next" + "&xml=true"
+ + "&choice=newsubsystem" + "&subsystemName="
+ + URLEncoder.encode(subsystem_name, "UTF-8");
+ } else {
+ query_string = "p=5" + "&op=next" + "&xml=true"
+ + "&choice=clonesubsystem" + "&subsystemName="
+ + URLEncoder.encode(subsystem_name, "UTF-8")
+ + "&urls=" + urls + "";
+ }
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "CreateCAPanel()")) {
+ return false;
+ }
+
+ if (clone) {
+
+ hr = null;
+ query_string = "p=6" + "&op=next" + "&xml=true";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "CreateCAPanel(2)")) {
+ return false;
+ }
+ }
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in CreateCAPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean RestoreKeyCertPanel() {
+ try {
+ HTTPResponse hr = null;
+
+ String query_string = "p=7" + "&op=next" + "&xml=true"
+ + "&__password=" + URLEncoder.encode(clone_p12_passwd, "UTF-8")
+ + "&path=" + URLEncoder.encode(clone_p12_file, "UTF-8") + "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "RestoreKeyCertPanel()")) {
+ return false;
+ }
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in RestoreKeyCertPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean HierarchyPanel() {
+ try {
+ HTTPResponse hr = null;
+
+ String query_string = "p=8" + "&op=next" + "&xml=true";
+ if (external_ca.equalsIgnoreCase("true"))
+ query_string += "&choice=join";
+ else
+ query_string += "&choice=root";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "HierarchyPanel()")) {
+ return false;
+ }
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in HierarchyPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+
+ }
+
+ public boolean LdapConnectionPanel() {
+ try {
+ HTTPResponse hr = null;
+
+ String query_string = "p=9" + "&op=next" + "&xml=true" + "&host="
+ + URLEncoder.encode(ldap_host,"UTF-8") + "&port="
+ + URLEncoder.encode(ldap_port,"UTF-8") + "&binddn="
+ + URLEncoder.encode(bind_dn, "UTF-8") + "&__bindpwd="
+ + URLEncoder.encode(bind_password, "UTF-8") + "&basedn="
+ + URLEncoder.encode(base_dn, "UTF-8") + "&database="
+ + URLEncoder.encode(db_name, "UTF-8") + "&display="
+ + URLEncoder.encode("$displayStr", "UTF-8")
+ + (secure_conn.equals("true") ? "&secureConn=on" : "")
+ + "&masterReplicationPort=" + URLEncoder.encode(clone_master_port, "UTF-8")
+ + "&cloneReplicationPort=" + URLEncoder.encode(clone_replica_port, "UTF-8")
+ + "&replicationSecurity=" + URLEncoder.encode(clone_replication_security, "UTF-8")
+ + (remove_data.equals("true") ? "&removeData=true" : "");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "LdapConnectionPanel()")) {
+ return false;
+ }
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in LdapConnectionPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean KeyPanel() {
+ try {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ ArrayList<String> al = null;
+ String query_string = null;
+ if (clone) {
+ query_string = "p=10" + "&op=next" + "&xml=true"
+ + "&sslserver_custom_size=" + sslserver_key_size
+ + "&sslserver_custom_curvename=" + sslserver_key_curvename
+ + "&sslserver_choice=custom"
+ + "&sslserver_keytype=" + sslserver_key_type
+ + "&choice=custom" + "&keytype=" + key_type
+ + "&custom_size=" + key_size;
+ } else {
+ query_string = "p=10" + "&op=next" + "&xml=true"
+ + "&subsystem_custom_size=" + subsystem_key_size
+ + "&subsystem_custom_curvename=" + subsystem_key_curvename
+ + "&subsystem_keytype=" + subsystem_key_type
+ + "&subsystem_choice=custom"
+ + "&sslserver_custom_size=" + sslserver_key_size
+ + "&sslserver_custom_curvename=" + sslserver_key_curvename
+ + "&sslserver_keytype=" + sslserver_key_type
+ + "&sslserver_choice=custom"
+ + "&signing_custom_size=" + signing_key_size
+ + "&signing_custom_curvename=" + signing_key_curvename
+ + "&signing_keytype=" + signing_key_type
+ + "&signing_choice=custom"
+ + "&signing_keyalgorithm=" + key_algorithm
+ + "&signing_signingalgorithm=" + signing_signingalgorithm
+ + "&ocsp_signing_custom_size=" + ocsp_signing_key_size
+ + "&ocsp_signing_custom_curvename=" + ocsp_signing_key_curvename
+ + "&ocsp_signing_keytype=" + ocsp_signing_key_type
+ + "&ocsp_signing_choice=custom"
+ + "&ocsp_signing_signingalgorithm=" + ocsp_signing_signingalgorithm
+ + "&audit_signing_custom_size=" + audit_signing_key_size
+ + "&audit_signing_custom_curvename=" + audit_signing_key_curvename
+ + "&audit_signing_keytype=" + audit_signing_key_type
+ + "&audit_signing_choice=custom"
+ + "&custom_size=" + key_size
+ + "&custom_curvename=" + key_curvename
+ + "&keytype=" + key_type
+ + "&choice=custom"
+ + "&signingalgorithm=" + signing_algorithm
+ + "&keyalgorithm=" + key_algorithm;
+ }
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "KeyPanel()")) {
+ return false;
+ }
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+
+ al = px.constructValueList("CertReqPair", "DN");
+ // get ca cert subject name
+ if (al != null) {
+ for (int i = 0; i < al.size(); i++) {
+ String temp = al.get(i);
+
+ if (temp.indexOf("Certificate Authority") > 0) {
+ ca_cert_name = temp;
+ } else if (temp.indexOf("OCSP Signing Certificate") > 0) {
+ ocsp_cert_name = temp;
+ } else if (temp.indexOf("Subsystem Certificate") > 0) {
+ ca_subsystem_cert_name = temp;
+ } else if (temp.indexOf("Audit Signing Certificate") > 0) {
+ ca_audit_signing_cert_name = temp;
+ } else {
+ server_cert_name = temp;
+ }
+ }
+ }
+
+ System.out.println("default: ca_cert_name=" + ca_cert_name);
+ System.out.println("default: ocsp_cert_name=" + ocsp_cert_name);
+ System.out.println(
+ "default: ca_subsystem_cert_name=" + ca_subsystem_cert_name);
+ System.out.println(
+ "default: ca_audit_signing_cert_name=" + ca_audit_signing_cert_name);
+ System.out.println("default: server_cert_name=" + server_cert_name);
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in KeyPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean CertSubjectPanel() {
+ try {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ ArrayList<String> req_list = null;
+ ArrayList<String> cert_list = null;
+ ArrayList<String> dn_list = null;
+ String query_string = null;
+
+ // use subject names provided as input
+
+ if (!clone) {
+ query_string = "p=11" + "&op=next" + "&xml=true" + "&subsystem="
+ + URLEncoder.encode(ca_subsystem_cert_subject_name, "UTF-8")
+ + "&ocsp_signing="
+ + URLEncoder.encode(ca_ocsp_cert_subject_name, "UTF-8") + "&signing="
+ + URLEncoder.encode(ca_sign_cert_subject_name, "UTF-8") + "&sslserver="
+ + URLEncoder.encode(ca_server_cert_subject_name, "UTF-8") + "&audit_signing="
+ + URLEncoder.encode(ca_audit_signing_cert_subject_name, "UTF-8") + "&urls=0"
+ + "";
+ } else {
+ query_string = "p=11" + "&op=next" + "&xml=true" + "&sslserver="
+ + URLEncoder.encode(ca_server_cert_subject_name, "UTF-8") + "&urls=0"
+ + "";
+ }
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "CertSubjectPanel()")) {
+ return false;
+ }
+
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+
+ req_list = px.constructValueList("CertReqPair", "Request");
+ cert_list = px.constructValueList("CertReqPair", "Certificate");
+ dn_list = px.constructValueList("CertReqPair", "Nickname");
+
+ System.out.println("req_list_size=" + req_list.size());
+ System.out.println("cert_list_size=" + cert_list.size());
+ System.out.println("dn_list_size=" + dn_list.size());
+
+ if (external_ca.equalsIgnoreCase("true")) {
+ if ((req_list != null) && (dn_list != null)) {
+ for (int i = 0; i < dn_list.size(); i++) {
+ String temp = dn_list.get(i);
+ if (temp.indexOf("caSigningCert") >= 0) {
+ ca_cert_req = req_list.get(i);
+ }
+ }
+ }
+
+ if (ext_ca_cert_file == null) {
+ try {
+ FileOutputStream fos = new FileOutputStream(ext_csr_file);
+ PrintStream p = new PrintStream(fos);
+ p.println(ca_cert_req);
+ p.close();
+ return true;
+ } catch (Exception e) {
+ System.out.println("CertSubjectPanel: Unable to write CSR for external CA to " + ext_csr_file);
+ System.out.println(e.toString());
+ return false;
+ }
+ } else {
+ try {
+ ca_cert_cert = "";
+ FileInputStream fis = new FileInputStream(ext_ca_cert_file);
+ DataInputStream in = new DataInputStream(fis);
+ while (in.available() != 0) {
+ ca_cert_cert += in.readLine();
+ }
+ in.close();
+
+ signing_cc = "";
+ fis = new FileInputStream(ext_ca_cert_chain_file);
+ in = new DataInputStream(fis);
+ while (in.available() != 0) {
+ signing_cc += in.readLine();
+ }
+ in.close();
+ return true;
+ } catch (Exception e) {
+ System.out.println(
+ "CertSubjectPanel: Unable to read in external approved CA cert or certificate chain.");
+ System.out.println(e.toString());
+ return false;
+ }
+ }
+ }
+
+ if (req_list != null && cert_list != null && dn_list != null) {
+ for (int i = 0; i < dn_list.size(); i++) {
+ String temp = dn_list.get(i);
+
+ if (temp.indexOf("caSigningCert") >= 0) {
+ ca_cert_req = req_list.get(i);
+ ca_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("ocspSigningCert") >= 0) {
+ ocsp_cert_req = req_list.get(i);
+ ocsp_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("subsystemCert") >= 0) {
+ ca_subsystem_cert_req = req_list.get(i);
+ ca_subsystem_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("auditSigningCert") >= 0) {
+ ca_audit_signing_cert_req = req_list.get(i);
+ ca_audit_signing_cert_cert = cert_list.get(i);
+ } else {
+ server_cert_req = req_list.get(i);
+ server_cert_cert = cert_list.get(i);
+ }
+ }
+ }
+
+ // print out subject names
+ System.out.println("ca_cert_name=" + ca_sign_cert_subject_name);
+ System.out.println("ocsp_cert_name=" + ca_ocsp_cert_subject_name);
+ System.out.println(
+ "ca_subsystem_cert_name=" + ca_subsystem_cert_subject_name);
+ System.out.println("server_cert_name=" + ca_server_cert_subject_name);
+ System.out.println("audit_signing_cert_name=" + ca_audit_signing_cert_subject_name);
+
+ // print out requests
+ System.out.println("ca_cert_req=" + ca_cert_req);
+ System.out.println("ocsp_cert_req=" + ocsp_cert_req);
+ System.out.println("ca_subsystem_cert_req=" + ca_subsystem_cert_req);
+ System.out.println("server_cert_req=" + server_cert_req);
+ System.out.println("ca_audit_siging_cert_req=" + ca_audit_signing_cert_req);
+
+ // print out certs
+ System.out.println("ca_cert_cert=" + ca_cert_cert);
+ System.out.println("ocsp_cert_cert=" + ocsp_cert_cert);
+ System.out.println("ca_subsystem_cert_cert=" + ca_subsystem_cert_cert);
+ System.out.println("server_cert_cert=" + server_cert_cert);
+ System.out.println("ca_audit_signing_cert_cert=" + ca_audit_signing_cert_cert);
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in CertSubjectPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+
+ }
+
+ public boolean CertificatePanel() {
+ try {
+ HTTPResponse hr = null;
+
+ String query_string = "p=12" + "&op=next" + "&xml=true" + "&subsystem="
+ + URLEncoder.encode(ca_subsystem_cert_cert, "UTF-8") + "&subsystem_cc="
+ + "&ocsp_signing=" + URLEncoder.encode(ocsp_cert_cert, "UTF-8")
+ + "&ocsp_signing_cc=" + "&signing="
+ + URLEncoder.encode(ca_cert_cert, "UTF-8") + "&signing_cc="
+ + "&audit_signing=" + URLEncoder.encode(ca_audit_signing_cert_cert, "UTF-8")
+ + "&audit_signing_cc="
+ + "&sslserver=" + URLEncoder.encode(server_cert_cert, "UTF-8")
+ + "&sslserver_cc=" + "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "CertificatePanel()")) {
+ return false;
+ }
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in CertificatePanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+
+ }
+
+ public boolean CertificatePanelExternal() {
+ try {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ ArrayList<String> req_list = null;
+ ArrayList<String> cert_list = null;
+ ArrayList<String> dn_list = null;
+ String genString = "...certificate be generated internally...";
+
+ String query_string = "p=12" + "&op=apply" + "&xml=true" + "&subsystem="
+ + URLEncoder.encode(genString, "UTF-8") + "&subsystem_cc="
+ + "&ocsp_signing=" + URLEncoder.encode(genString, "UTF-8")
+ + "&ocsp_signing_cc=" + "&signing="
+ + URLEncoder.encode(ca_cert_cert, "UTF-8") + "&signing_cc="
+ + URLEncoder.encode(signing_cc, "UTF-8")
+ + "&audit_signing=" + URLEncoder.encode(genString, "UTF-8")
+ + "&audit_signing_cc="
+ + "&sslserver=" + URLEncoder.encode(genString, "UTF-8")
+ + "&sslserver_cc=" + "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "CertificatePanelExternal()")) {
+ return false;
+ }
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+
+ req_list = px.constructValueList("CertReqPair", "Request");
+ cert_list = px.constructValueList("CertReqPair", "Certificate");
+ dn_list = px.constructValueList("CertReqPair", "Nickname");
+
+ System.out.println("req_list_size=" + req_list.size());
+ System.out.println("cert_list_size=" + cert_list.size());
+ System.out.println("dn_list_size=" + dn_list.size());
+
+ if (req_list != null && cert_list != null && dn_list != null) {
+ for (int i = 0; i < dn_list.size(); i++) {
+ String temp = dn_list.get(i);
+
+ if (temp.indexOf("caSigningCert") >= 0) {
+ ca_cert_req = req_list.get(i);
+ ca_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("ocspSigningCert") >= 0) {
+ ocsp_cert_req = req_list.get(i);
+ ocsp_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("subsystemCert") >= 0) {
+ ca_subsystem_cert_req = req_list.get(i);
+ ca_subsystem_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("auditSigningCert") >= 0) {
+ ca_audit_signing_cert_req = req_list.get(i);
+ ca_audit_signing_cert_cert = cert_list.get(i);
+ } else {
+ server_cert_req = req_list.get(i);
+ server_cert_cert = cert_list.get(i);
+ }
+ }
+ }
+
+ // print out subject name
+ System.out.println("ca_cert_name=" + ca_sign_cert_subject_name);
+ System.out.println("ocsp_cert_name=" + ca_ocsp_cert_subject_name);
+ System.out.println(
+ "ca_subsystem_cert_name=" + ca_subsystem_cert_subject_name);
+ System.out.println("server_cert_name=" + ca_server_cert_subject_name);
+ System.out.println(
+ "ca_audit_signing_cert_name=" + ca_audit_signing_cert_subject_name);
+
+ // print out requests
+ System.out.println("ca_cert_req=" + ca_cert_req);
+ System.out.println("ocsp_cert_req=" + ocsp_cert_req);
+ System.out.println("ca_subsystem_cert_req=" + ca_subsystem_cert_req);
+ System.out.println("server_cert_req=" + server_cert_req);
+ System.out.println("ca_audit_signing_cert_req=" + ca_audit_signing_cert_req);
+
+ // print out certs
+ System.out.println("ca_cert_cert=" + ca_cert_cert);
+ System.out.println("ocsp_cert_cert=" + ocsp_cert_cert);
+ System.out.println("ca_subsystem_cert_cert=" + ca_subsystem_cert_cert);
+ System.out.println("server_cert_cert=" + server_cert_cert);
+ System.out.println("ca_audit_signing_cert_cert=" + ca_audit_signing_cert_cert);
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in CertificatePanelExternal(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+
+ }
+
+ public boolean BackupPanel() {
+ try {
+ HTTPResponse hr = null;
+
+ if (save_p12.equalsIgnoreCase("true")) {
+ String query_string = "p=13" + "&op=next" + "&xml=true"
+ + "&choice=backupkey" + "&__pwd=" + URLEncoder.encode(backup_pwd, "UTF-8")
+ + "&__pwdagain=" + URLEncoder.encode(backup_pwd, "UTF-8");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "BackupPanel()")) {
+ return false;
+ }
+
+ query_string = "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string);
+
+ // dump hr.getResponseData() to file
+
+ try {
+ FileOutputStream fos = new FileOutputStream(backup_fname);
+
+ fos.write(hr.getResponseData());
+ fos.close();
+
+ // set file to permissions 600
+ String rtParams[] = { "chmod", "600", backup_fname };
+ Process proc = Runtime.getRuntime().exec(rtParams);
+
+ BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream()));
+ String line = null;
+ while ((line = br.readLine()) != null)
+ System.out.println("Error: " + line);
+ proc.waitFor();
+
+ // verify p12 file
+ // Decode the P12 file
+ FileInputStream fis = new FileInputStream(backup_fname);
+ PFX.Template pfxt = new PFX.Template();
+ PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048));
+
+ System.out.println("Decoded PFX");
+
+ // now peruse it for interesting info
+ System.out.println("Version: " + pfx.getVersion());
+ AuthenticatedSafes authSafes = pfx.getAuthSafes();
+ SEQUENCE asSeq = authSafes.getSequence();
+
+ System.out.println(
+ "AuthSafes has " + asSeq.size() + " SafeContents");
+
+ fis.close();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in BackupPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean BackupContinuePanel() {
+ try {
+ HTTPResponse hr = null;
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ "p=14&op=next&xml=true");
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "BackupContinuePanel()")) {
+ return false;
+ }
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in BackupContinuePanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean ImportCACertPanel() {
+ try {
+ HTTPResponse hr = null;
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ "p=15&op=next&xml=true");
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "ImportCACertPanel()")) {
+ return false;
+ }
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in ImportCACertPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean AdminCertReqPanel() {
+ try {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ String admin_cert_request = null;
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd,
+ agent_cert_subject, agent_key_size, agent_key_type);
+
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.setTransportCert(null);
+ cCrypt.setDualKey(false);
+ cCrypt.loginDB();
+
+ String crmf_request = cCrypt.generateCRMFrequest();
+
+ if (crmf_request == null) {
+ System.out.println("ERROR: AdminCertReqPanel() cert req gen failed");
+ return false;
+ }
+
+ admin_cert_request = crmf_request;
+
+ String query_string = "p=16" + "&op=next" + "&xml=true"
+ + "&cert_request_type=" + "crmf" + "&uid=" + admin_user
+ + "&name=" + admin_user + "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8")
+ + "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") + "&profileId="
+ + "caAdminCert" + "&email=" + URLEncoder.encode(admin_email, "UTF-8")
+ + "&cert_request=" + URLEncoder.encode(admin_cert_request, "UTF-8")
+ + "&subject=" + URLEncoder.encode(agent_cert_subject, "UTF-8")
+ + "&clone=new"
+ + "&import=true" + "&securitydomain="
+ + URLEncoder.encode(domain_name, "UTF-8") + "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "AdminCertReqPanel()")) {
+ return false;
+ }
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+
+ admin_serial_number = px.getvalue("serialNumber");
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in AdminCertReqPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+
+ }
+
+ public boolean AdminCertImportPanel() {
+ try {
+ boolean st = false;
+ HTTPResponse hr = null;
+ String cert_to_import = null;
+
+ String query_string = "&serialNumber=" + admin_serial_number
+ + "&importCert=true" + "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, admin_uri, query_string);
+
+ try {
+ // get response data
+ // Convert a byte array to base64 string
+ // cert_to_import = new sun.misc.BASE64Encoder().encode(
+ // hr.getResponseData());
+ cert_to_import = Utils.base64encode(hr.getResponseData());
+
+ // Convert base64 string to a byte array
+ // buf = new sun.misc.BASE64Decoder().decodeBuffer(s);
+
+ System.out.println("Cert to Import =" + cert_to_import);
+ } catch (Exception e) {
+ System.out.println("ERROR: failed to retrieve cert");
+ }
+
+ System.out.println("Cert to Import =" + cert_to_import);
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd,
+ null, null, null);
+
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ String start = "-----BEGIN CERTIFICATE-----\r\n";
+ String end = "\r\n-----END CERTIFICATE-----";
+
+ st = cCrypt.importCert(start + cert_to_import + end, agent_name);
+ if (!st) {
+ System.out.println(
+ "ERROR: AdminCertImportPanel() during cert import");
+ return false;
+ }
+
+ System.out.println("SUCCESS: imported admin user cert");
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in AdminCertImportPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean UpdateDomainPanel() {
+ try {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=17" + "&op=next" + "&xml=true" + "&caHost="
+ + URLEncoder.encode("/", "UTF-8") + "&caPort=" + URLEncoder.encode("/", "UTF-8")
+ + "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "UpdateDomainPanel()")) {
+ return false;
+ }
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+
+ String caHost = px.getvalue("host");
+ String caPort = px.getvalue("port");
+ String systemType = px.getvalue("systemType");
+
+ System.out.println("caHost=" + caHost);
+ System.out.println("caPort=" + caPort);
+ System.out.println("systemType=" + systemType);
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in UpdateDomainPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+
+ }
+
+ public boolean ConfigureCAInstance() {
+ // 0. login to cert db
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd,
+ null, null, null);
+
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ // instantiate http client
+ // enable ecc if need be
+
+ if (key_type.equalsIgnoreCase("ecc")) {
+ hc = new HTTPClient(true);
+ } else {
+ hc = new HTTPClient(false);
+ }
+
+ // 1. Login panel
+ boolean log_st = LoginPanel();
+
+ if (!log_st) {
+ System.out.println("ERROR: ConfigureCA: LoginPanel() failure");
+ return false;
+ }
+
+ // 2. Token Choice Panel
+ boolean disp_token = TokenChoicePanel();
+
+ if (!disp_token) {
+ System.out.println("ERROR: ConfigureCA: TokenChoicePanel() failure");
+ return false;
+ }
+
+ // 3. domain panel
+ boolean dom_st = DomainPanel();
+
+ if (!dom_st) {
+ System.out.println("ERROR: ConfigureCA: DomainPanel() failure");
+ return false;
+ }
+
+ // 4. display cert chain panel and security domain login
+ if (clone) {
+ boolean disp_st = DisplayCertChainPanel();
+ if (!disp_st) {
+ System.out.println("ERROR: ConfigureCA: DisplayCertChainPanel() failure");
+ return false;
+ }
+
+ boolean sd_st = SecurityDomainLoginPanel();
+ if (!sd_st) {
+ System.out.println("ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure");
+ return false;
+ }
+
+ }
+
+ // 5. display create CA panel
+ boolean disp_cert = CreateCAPanel();
+
+ if (!disp_cert) {
+ System.out.println("ERROR: ConfigureCA: CreateCAPanel() failure");
+ return false;
+ }
+
+ // 6. display restore key cert panel
+ if (clone) {
+ boolean restore_st = RestoreKeyCertPanel();
+ if (!restore_st) {
+ System.out.println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure");
+ return false;
+ }
+ }
+
+ // 7. hierarchy panel
+ if (!clone) {
+ boolean disp_h = HierarchyPanel();
+
+ if (!disp_h) {
+ System.out.println("ERROR: ConfigureCA: HierarchyPanel() failure");
+ return false;
+ }
+ }
+
+ // 8. ldap connection panel
+ boolean disp_ldap = LdapConnectionPanel();
+
+ if (!disp_ldap) {
+ System.out.println(
+ "ERROR: ConfigureCA: LdapConnectionPanel() failure");
+ return false;
+ }
+
+ // 9. Key Panel
+ boolean disp_key = KeyPanel();
+
+ if (!disp_key) {
+ System.out.println("ERROR: ConfigureCA: KeyPanel() failure");
+ return false;
+ }
+
+ // 10. Cert Subject Panel
+ boolean disp_csubj = CertSubjectPanel();
+
+ if (!disp_csubj) {
+ System.out.println("ERROR: ConfigureCA: CertSubjectPanel() failure");
+ return false;
+ }
+
+ // 11. Certificate Panel
+ boolean disp_cp;
+
+ if (external_ca.equalsIgnoreCase("true")) {
+ if (ext_ca_cert_file != null) {
+ // second pass - cacert file defined
+ disp_cp = CertificatePanelExternal();
+
+ if (!disp_cp) {
+ System.out.println("ERROR: ConfigureCA: CertificatePanelExternal() failure");
+ return false;
+ }
+ } else {
+ // first pass - cacert file not defined
+ System.out.println("A Certificate Request has been generated and stored in " + ext_csr_file);
+ System.out.println(
+ "Please submit this CSR to your external CA and obtain the CA Cert and CA Cert Chain");
+ return true;
+ }
+ }
+
+ disp_cp = CertificatePanel();
+
+ if (!disp_cp) {
+ System.out.println("ERROR: ConfigureCA: CertificatePanel() failure");
+ return false;
+ }
+
+ // 13. Backup Panel
+ boolean disp_back = BackupPanel();
+
+ if (!disp_back) {
+ System.out.println("ERROR: ConfigureCA: BackupPanel() failure");
+ return false;
+ }
+
+ // 14. Backup Continue Panel
+ boolean disp_back_cont = BackupContinuePanel();
+
+ if (!disp_back_cont) {
+ System.out.println("ERROR: ConfigureCA: BackupContinuePanel() failure");
+ return false;
+ }
+
+ // 15. Import CA Cert panel
+ boolean disp_import_cacert = ImportCACertPanel();
+
+ if (!disp_import_cacert) {
+ System.out.println("ERROR: ConfigureCA: ImportCACertPanel() failure");
+ return false;
+ }
+
+ if (clone) {
+ // no other panels required for clone
+ return true;
+ }
+
+ // 16. Admin Cert Req Panel
+ boolean disp_adm = AdminCertReqPanel();
+
+ if (!disp_adm) {
+ System.out.println("ERROR: ConfigureCA: AdminCertReqPanel() failure");
+ return false;
+ }
+
+ // 14. Admin Cert import Panel
+ boolean disp_im = AdminCertImportPanel();
+
+ if (!disp_im) {
+ System.out.println(
+ "ERROR: ConfigureCA: AdminCertImportPanel() failure");
+ return false;
+ }
+
+ // 15. Update Domain Panel
+ boolean disp_ud = UpdateDomainPanel();
+
+ if (!disp_ud) {
+ System.out.println("ERROR: ConfigureCA: UpdateDomainPanel() failure");
+ return false;
+ }
+
+ return true;
+ }
+
+ private static String set_default(String val, String def) {
+ if ((val == null) || (val.equals(""))) {
+ return def;
+ } else {
+ return val;
+ }
+ }
+
+ public static void main(String args[]) {
+ ConfigureCA ca = new ConfigureCA();
+
+ // set variables
+ StringHolder x_cs_hostname = new StringHolder();
+ StringHolder x_cs_port = new StringHolder();
+ StringHolder x_client_certdb_dir = new StringHolder();
+ StringHolder x_client_certdb_pwd = new StringHolder();
+ StringHolder x_preop_pin = new StringHolder();
+
+ StringHolder x_domain_name = new StringHolder();
+
+ StringHolder x_admin_user = new StringHolder();
+ StringHolder x_admin_email = new StringHolder();
+ StringHolder x_admin_password = new StringHolder();
+
+ // ldap
+ StringHolder x_ldap_host = new StringHolder();
+ StringHolder x_ldap_port = new StringHolder();
+ StringHolder x_bind_dn = new StringHolder();
+ StringHolder x_bind_password = new StringHolder();
+ StringHolder x_base_dn = new StringHolder();
+ StringHolder x_db_name = new StringHolder();
+ StringHolder x_secure_conn = new StringHolder();
+ StringHolder x_remove_data = new StringHolder();
+
+ // key properties (defaults)
+ StringHolder x_key_size = new StringHolder();
+ StringHolder x_key_type = new StringHolder();
+ StringHolder x_key_curvename = new StringHolder();
+ StringHolder x_key_algorithm = new StringHolder();
+ StringHolder x_signing_algorithm = new StringHolder();
+
+ // key properties (custom - signing)
+ StringHolder x_signing_key_size = new StringHolder();
+ StringHolder x_signing_key_type = new StringHolder();
+ StringHolder x_signing_key_curvename = new StringHolder();
+ StringHolder x_signing_signingalgorithm = new StringHolder();
+
+ // key properties (custom - ocsp_signing)
+ StringHolder x_ocsp_signing_key_size = new StringHolder();
+ StringHolder x_ocsp_signing_key_type = new StringHolder();
+ StringHolder x_ocsp_signing_key_curvename = new StringHolder();
+ StringHolder x_ocsp_signing_signingalgorithm = new StringHolder();
+
+ // key properties (custom - audit_signing)
+ StringHolder x_audit_signing_key_size = new StringHolder();
+ StringHolder x_audit_signing_key_type = new StringHolder();
+ StringHolder x_audit_signing_key_curvename = new StringHolder();
+
+ // key properties (custom - subsystem)
+ StringHolder x_subsystem_key_size = new StringHolder();
+ StringHolder x_subsystem_key_type = new StringHolder();
+ StringHolder x_subsystem_key_curvename = new StringHolder();
+
+ // key properties (custom - sslserver)
+ StringHolder x_sslserver_key_size = new StringHolder();
+ StringHolder x_sslserver_key_type = new StringHolder();
+ StringHolder x_sslserver_key_curvename = new StringHolder();
+
+ StringHolder x_token_name = new StringHolder();
+ StringHolder x_token_pwd = new StringHolder();
+
+ StringHolder x_agent_name = new StringHolder();
+ StringHolder x_save_p12 = new StringHolder();
+ StringHolder x_backup_pwd = new StringHolder();
+ StringHolder x_backup_fname = new StringHolder();
+
+ // separate key size for agent cert
+ StringHolder x_agent_key_size = new StringHolder();
+ StringHolder x_agent_key_type = new StringHolder();
+ StringHolder x_agent_cert_subject = new StringHolder();
+
+ // ca cert subject name params
+ StringHolder x_ca_sign_cert_subject_name = new StringHolder();
+ StringHolder x_ca_subsystem_cert_subject_name = new StringHolder();
+ StringHolder x_ca_ocsp_cert_subject_name = new StringHolder();
+ StringHolder x_ca_server_cert_subject_name = new StringHolder();
+ StringHolder x_ca_audit_signing_cert_subject_name = new StringHolder();
+
+ // subsystemName
+ StringHolder x_subsystem_name = new StringHolder();
+
+ // external CA cert
+ StringHolder x_external_ca = new StringHolder();
+ StringHolder x_ext_ca_cert_file = new StringHolder();
+ StringHolder x_ext_ca_cert_chain_file = new StringHolder();
+ StringHolder x_ext_csr_file = new StringHolder();
+
+ //clone parameters
+ StringHolder x_clone = new StringHolder();
+ StringHolder x_clone_uri = new StringHolder();
+ StringHolder x_clone_p12_file = new StringHolder();
+ StringHolder x_clone_p12_passwd = new StringHolder();
+ StringHolder x_clone_master_port = new StringHolder();
+ StringHolder x_clone_replica_port = new StringHolder();
+ StringHolder x_clone_replication_security = new StringHolder();
+
+ //security domain
+ StringHolder x_sd_hostname = new StringHolder();
+ StringHolder x_sd_ssl_port = new StringHolder();
+ StringHolder x_sd_agent_port = new StringHolder();
+ StringHolder x_sd_admin_port = new StringHolder();
+ StringHolder x_sd_admin_name = new StringHolder();
+ StringHolder x_sd_admin_password = new StringHolder();
+
+ // parse the args
+ ArgParser parser = new ArgParser("ConfigureCA");
+
+ parser.addOption("-cs_hostname %s #CS Hostname", x_cs_hostname);
+ parser.addOption("-cs_port %s #CS SSL Admin port", x_cs_port);
+ parser.addOption("-client_certdb_dir %s #Client CertDB dir",
+ x_client_certdb_dir);
+ parser.addOption("-client_certdb_pwd %s #client certdb password",
+ x_client_certdb_pwd);
+ parser.addOption("-preop_pin %s #pre op pin", x_preop_pin);
+ parser.addOption("-domain_name %s #domain name", x_domain_name);
+ parser.addOption("-admin_user %s #Admin User Name", x_admin_user);
+ parser.addOption("-admin_email %s #Admin email", x_admin_email);
+ parser.addOption("-admin_password %s #Admin password", x_admin_password);
+ parser.addOption("-agent_name %s #Agent Cert Nickname", x_agent_name);
+ parser.addOption("-agent_key_size %s #Agent Cert Key size",
+ x_agent_key_size);
+ parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]",
+ x_agent_key_type);
+ parser.addOption("-agent_cert_subject %s #Agent Certificate Subject",
+ x_agent_cert_subject);
+
+ parser.addOption("-ldap_host %s #ldap host", x_ldap_host);
+ parser.addOption("-ldap_port %s #ldap port", x_ldap_port);
+ parser.addOption("-bind_dn %s #ldap bind dn", x_bind_dn);
+ parser.addOption("-bind_password %s #ldap bind password",
+ x_bind_password);
+ parser.addOption("-base_dn %s #base dn", x_base_dn);
+ parser.addOption("-db_name %s #db name", x_db_name);
+ parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
+ parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+
+ // key and algorithm options (default)
+ parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
+ parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
+ parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
+ parser.addOption(
+ "-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)",
+ x_key_algorithm);
+ parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)",
+ x_signing_algorithm);
+
+ // key and algorithm options for signing certificate (overrides default)
+ parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type);
+ parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size);
+ parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_signing_key_curvename);
+ parser.addOption(
+ "-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)",
+ x_signing_signingalgorithm);
+
+ // key and algorithm options for ocsp_signing certificate (overrides default)
+ parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_ocsp_signing_key_type);
+ parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_ocsp_signing_key_size);
+ parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_ocsp_signing_key_curvename);
+ parser.addOption(
+ "-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)",
+ x_ocsp_signing_signingalgorithm);
+
+ // key and algorithm options for audit_signing certificate (overrides default)
+ parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
+
+ // key and algorithm options for subsystem certificate (overrides default)
+ parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
+
+ // key and algorithm options for sslserver certificate (overrides default)
+ parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
+
+ parser.addOption("-token_name %s #HSM/Software Token name", x_token_name);
+ parser.addOption("-token_pwd %s #HSM/Software Token password (optional - only required for HSM)",
+ x_token_pwd);
+
+ parser.addOption("-save_p12 %s #Enable/Disable p12 Export[true,false]",
+ x_save_p12);
+ parser.addOption("-backup_pwd %s #Backup Password for p12 (optional, only required if -save_p12 = true)",
+ x_backup_pwd);
+ parser.addOption("-backup_fname %s #Backup File for p12, (optional, default is /root/tmp-ca.p12)",
+ x_backup_fname);
+
+ parser.addOption("-ca_sign_cert_subject_name %s #CA cert subject name",
+ x_ca_sign_cert_subject_name);
+ parser.addOption(
+ "-ca_subsystem_cert_subject_name %s #CA subsystem cert subject name",
+ x_ca_subsystem_cert_subject_name);
+ parser.addOption(
+ "-ca_ocsp_cert_subject_name %s #CA ocsp cert subject name",
+ x_ca_ocsp_cert_subject_name);
+ parser.addOption(
+ "-ca_server_cert_subject_name %s #CA server cert subject name",
+ x_ca_server_cert_subject_name);
+ parser.addOption(
+ "-ca_audit_signing_cert_subject_name %s #CA audit signing cert subject name",
+ x_ca_audit_signing_cert_subject_name);
+
+ parser.addOption("-subsystem_name %s #CA subsystem name",
+ x_subsystem_name);
+
+ parser.addOption("-external %s #Subordinate to external CA [true,false] (optional, default false)",
+ x_external_ca);
+ parser.addOption("-ext_ca_cert_file %s #File with CA cert from external CA (optional)",
+ x_ext_ca_cert_file);
+ parser.addOption("-ext_ca_cert_chain_file %s #File with CA cert from external CA (optional)",
+ x_ext_ca_cert_chain_file);
+ parser.addOption("-ext_csr_file %s #File to save the CSR for submission to an external CA (optional)",
+ x_ext_csr_file);
+
+ parser.addOption("-clone %s #Clone of another CA [true, false] (optional, default false)", x_clone);
+ parser.addOption(
+ "-clone_uri %s #URL of Master CA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)",
+ x_clone_uri);
+ parser.addOption(
+ "-clone_p12_file %s #File containing pk12 keys of Master CA (optional, required if -clone=true)",
+ x_clone_p12_file);
+ parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)",
+ x_clone_p12_passwd);
+
+ // replication agreement options
+ parser.addOption("-clone_master_port %s #Master Port to be used in replication agreement (optional)",
+ x_clone_master_port);
+ parser.addOption("-clone_replica_port %s #Replica Port to be used in replication agreement (optional)",
+ x_clone_replica_port);
+ parser.addOption("-clone_replication_security %s #Type of security in replication agreement (optional)",
+ x_clone_replication_security);
+
+ parser.addOption("-sd_hostname %s #Security Domain Hostname (optional, required if -clone=true)", x_sd_hostname);
+ parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port (optional, required if -clone=true)",
+ x_sd_ssl_port);
+ parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port (optional, required if -clone=true)",
+ x_sd_agent_port);
+ parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port (optional, required if -clone=true)",
+ x_sd_admin_port);
+ parser.addOption("-sd_admin_name %s #Security Domain admin name (optional, required if -clone=true)",
+ x_sd_admin_name);
+ parser.addOption("-sd_admin_password %s #Security Domain admin password (optional, required if -clone=true)",
+ x_sd_admin_password);
+
+ // and then match the arguments
+ String[] unmatched = null;
+
+ unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED);
+
+ if (unmatched != null) {
+ System.out.println("ERROR: Argument Mismatch");
+ System.exit(-1);
+ }
+
+ parser.checkRequiredArgs();
+
+ // set variables
+ cs_hostname = x_cs_hostname.value;
+ cs_port = x_cs_port.value;
+ client_certdb_dir = x_client_certdb_dir.value;
+ client_certdb_pwd = x_client_certdb_pwd.value;
+ pin = x_preop_pin.value;
+ domain_name = x_domain_name.value;
+ admin_user = x_admin_user.value;
+ admin_email = x_admin_email.value;
+ admin_password = x_admin_password.value;
+ agent_name = x_agent_name.value;
+
+ ldap_host = x_ldap_host.value;
+ ldap_port = x_ldap_port.value;
+ bind_dn = x_bind_dn.value;
+ bind_password = x_bind_password.value;
+ base_dn = x_base_dn.value;
+ db_name = x_db_name.value;
+ secure_conn = set_default(x_secure_conn.value, "false");
+ remove_data = set_default(x_remove_data.value, "false");
+
+ key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE);
+ signing_key_type = set_default(x_signing_key_type.value, key_type);
+ ocsp_signing_key_type = set_default(x_ocsp_signing_key_type.value, key_type);
+ audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type);
+ subsystem_key_type = set_default(x_subsystem_key_type.value, key_type);
+ sslserver_key_type = set_default(x_sslserver_key_type.value, key_type);
+
+ key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE);
+ signing_key_size = set_default(x_signing_key_size.value, key_size);
+ ocsp_signing_key_size = set_default(x_ocsp_signing_key_size.value, key_size);
+ audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size);
+ subsystem_key_size = set_default(x_subsystem_key_size.value, key_size);
+ sslserver_key_size = set_default(x_sslserver_key_size.value, key_size);
+
+ key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME);
+ signing_key_curvename = set_default(x_signing_key_curvename.value, key_curvename);
+ ocsp_signing_key_curvename = set_default(x_ocsp_signing_key_curvename.value, key_curvename);
+ audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename);
+ subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename);
+ sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename);
+
+ if (signing_key_type.equalsIgnoreCase("RSA")) {
+ key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA);
+ } else {
+ key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC);
+ }
+
+ signing_algorithm = set_default(x_signing_algorithm.value, key_algorithm);
+ signing_signingalgorithm = set_default(x_signing_signingalgorithm.value, signing_algorithm);
+ ocsp_signing_signingalgorithm = set_default(x_ocsp_signing_signingalgorithm.value, signing_algorithm);
+
+ token_name = x_token_name.value;
+ token_pwd = x_token_pwd.value;
+ save_p12 = x_save_p12.value;
+ backup_pwd = x_backup_pwd.value;
+ backup_fname = set_default(x_backup_fname.value, "/root/tmp-ca.p12");
+
+ agent_key_size = x_agent_key_size.value;
+ agent_key_type = x_agent_key_type.value;
+ agent_cert_subject = x_agent_cert_subject.value;
+
+ ca_sign_cert_subject_name = x_ca_sign_cert_subject_name.value;
+ ca_subsystem_cert_subject_name = x_ca_subsystem_cert_subject_name.value;
+ ca_ocsp_cert_subject_name = x_ca_ocsp_cert_subject_name.value;
+ ca_server_cert_subject_name = x_ca_server_cert_subject_name.value;
+ ca_audit_signing_cert_subject_name = x_ca_audit_signing_cert_subject_name.value;
+
+ subsystem_name = x_subsystem_name.value;
+
+ external_ca = set_default(x_external_ca.value, "false");
+ ext_ca_cert_file = x_ext_ca_cert_file.value;
+ ext_ca_cert_chain_file = x_ext_ca_cert_chain_file.value;
+ ext_csr_file = set_default(x_ext_csr_file.value, "/tmp/ext_ca.csr");
+
+ if ((x_clone.value != null) && (x_clone.value.equalsIgnoreCase("true"))) {
+ clone = true;
+ } else {
+ clone = false;
+ }
+ clone_uri = x_clone_uri.value;
+ clone_p12_file = x_clone_p12_file.value;
+ clone_p12_passwd = x_clone_p12_passwd.value;
+ clone_master_port = set_default(x_clone_master_port.value, "");
+ clone_replica_port = set_default(x_clone_replica_port.value, "");
+ clone_replication_security = set_default(x_clone_replication_security.value, "None");
+
+ sd_hostname = x_sd_hostname.value;
+ sd_ssl_port = x_sd_ssl_port.value;
+ sd_agent_port = x_sd_agent_port.value;
+ sd_admin_port = x_sd_admin_port.value;
+ sd_admin_name = x_sd_admin_name.value;
+ sd_admin_password = x_sd_admin_password.value;
+
+ boolean st = ca.ConfigureCAInstance();
+
+ if (!st) {
+ System.out.println("ERROR: unable to create CA");
+ System.exit(-1);
+ }
+
+ System.out.println("Certificate System - CA Instance Configured.");
+ System.exit(0);
+
+ }
+
+};
diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java b/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
new file mode 100644
index 000000000..7d548ddf3
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
@@ -0,0 +1,1374 @@
+package com.netscape.pkisilent;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStreamReader;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+
+import org.mozilla.jss.asn1.SEQUENCE;
+import org.mozilla.jss.pkcs12.AuthenticatedSafes;
+import org.mozilla.jss.pkcs12.PFX;
+
+import com.netscape.pkisilent.argparser.ArgParser;
+import com.netscape.pkisilent.argparser.StringHolder;
+import com.netscape.pkisilent.common.ComCrypto;
+import com.netscape.pkisilent.common.ParseXML;
+import com.netscape.pkisilent.http.HTTPClient;
+import com.netscape.pkisilent.http.HTTPResponse;
+import com.netscape.cmsutil.util.Utils;
+
+public class ConfigureDRM {
+
+ // global constants
+ public static final String DEFAULT_KEY_TYPE = "RSA";
+ public static final String DEFAULT_KEY_SIZE = "2048";
+ public static final String DEFAULT_KEY_CURVENAME = "nistp256";
+ public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA";
+ public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC";
+
+ // define global variables
+
+ public static HTTPClient hc = null;
+
+ public static String login_uri = "/kra/admin/console/config/login";
+ public static String wizard_uri = "/kra/admin/console/config/wizard";
+ public static String admin_uri = "/ca/admin/ca/getBySerial";
+
+ public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin";
+ public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie";
+ public static String pkcs12_uri = "/kra/admin/console/config/savepkcs12";
+
+ public static String cs_hostname = null;
+ public static String cs_port = null;
+
+ public static String sd_hostname = null;
+ public static String sd_ssl_port = null;
+ public static String sd_agent_port = null;
+ public static String sd_admin_port = null;
+ public static String sd_admin_name = null;
+ public static String sd_admin_password = null;
+
+ public static String ca_hostname = null;
+ public static String ca_port = null;
+ public static String ca_ssl_port = null;
+
+ public static String client_certdb_dir = null;
+ public static String client_certdb_pwd = null;
+
+ // Login Panel
+ public static String pin = null;
+
+ public static String domain_name = null;
+
+ public static String admin_user = null;
+ public static String admin_email = null;
+ public static String admin_password = null;
+ public static String admin_serial_number = null;
+ public static String agent_name = null;
+
+ public static String ldap_host = null;
+ public static String ldap_port = null;
+ public static String bind_dn = null;
+ public static String bind_password = null;
+ public static String base_dn = null;
+ public static String db_name = null;
+ public static String secure_conn = null;
+ public static String remove_data = null;
+
+ public static String key_type = null;
+ public static String key_size = null;
+ public static String key_curvename = null;
+ public static String signing_algorithm = null;
+
+ public static String transport_key_type = null;
+ public static String transport_key_size = null;
+ public static String transport_key_curvename = null;
+ public static String transport_signingalgorithm = null;
+
+ public static String storage_key_type = null;
+ public static String storage_key_size = null;
+ public static String storage_key_curvename = null;
+
+ public static String subsystem_key_type = null;
+ public static String subsystem_key_size = null;
+ public static String subsystem_key_curvename = null;
+
+ public static String audit_signing_key_type = null;
+ public static String audit_signing_key_size = null;
+ public static String audit_signing_key_curvename = null;
+
+ public static String sslserver_key_type = null;
+ public static String sslserver_key_size = null;
+ public static String sslserver_key_curvename = null;
+
+ public static String token_name = null;
+ public static String token_pwd = null;
+
+ public static String agent_key_size = null;
+ public static String agent_key_type = null;
+ public static String agent_cert_subject = null;
+
+ public static String drm_transport_cert_name = null;
+ public static String drm_transport_cert_req = null;
+ public static String drm_transport_cert_pp = null;
+ public static String drm_transport_cert_cert = null;
+
+ public static String drm_storage_cert_name = null;
+ public static String drm_storage_cert_req = null;
+ public static String drm_storage_cert_pp = null;
+ public static String drm_storage_cert_cert = null;
+
+ public static String server_cert_name = null;
+ public static String server_cert_req = null;
+ public static String server_cert_pp = null;
+ public static String server_cert_cert = null;
+
+ public static String drm_subsystem_cert_name = null;
+ public static String drm_subsystem_cert_req = null;
+ public static String drm_subsystem_cert_pp = null;
+ public static String drm_subsystem_cert_cert = null;
+
+ public static String drm_audit_signing_cert_name = null;
+ public static String drm_audit_signing_cert_req = null;
+ public static String drm_audit_signing_cert_pp = null;
+ public static String drm_audit_signing_cert_cert = null;
+
+ public static String backup_pwd = null;
+ public static String backup_fname = null;
+
+ // cert subject names
+ public static String drm_transport_cert_subject_name = null;
+ public static String drm_subsystem_cert_subject_name = null;
+ public static String drm_storage_cert_subject_name = null;
+ public static String drm_server_cert_subject_name = null;
+ public static String drm_audit_signing_cert_subject_name = null;
+
+ public static String subsystem_name = null;
+
+ // cloning
+ public static boolean clone = false;
+ public static String clone_uri = null;
+ public static String clone_p12_passwd = null;
+ public static String clone_p12_file = null;
+ public static String clone_master_port = null;
+ public static String clone_replica_port = null;
+ public static String clone_replication_security = null;
+
+ //for correct selection of CA to be cloned
+ public static String urls;
+
+ public ConfigureDRM() {
+ // do nothing :)
+ }
+
+ public void sleep_time() {
+ try {
+ System.out.println("Sleeping for 5 secs..");
+ Thread.sleep(5000);
+ } catch (Exception e) {
+ System.out.println("ERROR: sleep problem");
+ }
+
+ }
+
+ public boolean LoginPanel() {
+ boolean st = false;
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "pin=" + pin + "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string);
+ System.out.println("xml returned: " + hr.getHTML());
+
+ // parse xml here - nothing to parse
+
+ // get cookie
+ String temp = hr.getCookieValue("JSESSIONID");
+
+ if (temp != null) {
+ int index = temp.indexOf(";");
+ HTTPClient.j_session_id = temp.substring(0, index);
+ st = true;
+ }
+
+ hr = null;
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, "p=0&op=next&xml=true");
+
+ // parse xml here
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return st;
+ }
+
+ public boolean TokenChoicePanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = null;
+
+ // Software Token
+ if (token_name.equalsIgnoreCase("internal")) {
+ query_string = "p=1" + "&op=next" + "&xml=true" +
+ "&choice=" +
+ URLEncoder.encode("Internal Key Storage Token", "UTF-8");
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+ } else {
+ // login to hsm first
+ query_string = "p=2" + "&op=next" + "&xml=true" +
+ "&uTokName=" +
+ URLEncoder.encode(token_name, "UTF-8") +
+ "&__uPasswd=" +
+ URLEncoder.encode(token_pwd, "UTF-8");
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ // choice with token name now
+ query_string = "p=1" + "&op=next" + "&xml=true" +
+ "&choice=" +
+ URLEncoder.encode(token_name, "UTF-8");
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+ }
+
+ return true;
+ }
+
+ public boolean DomainPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String domain_url = "https://" + sd_hostname + ":" + sd_admin_port;
+
+ String query_string = "sdomainURL=" +
+ URLEncoder.encode(domain_url, "UTF-8") +
+ "&choice=existingdomain" +
+ "&p=3" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+
+ }
+
+ public boolean DisplayChainPanel() {
+ String query_string = "p=4" + "&op=next" + "&xml=true";
+ hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ return true;
+
+ }
+
+ public boolean SecurityDomainLoginPanel() {
+ try {
+ HTTPResponse hr = null;
+
+ String kra_url = "https://" + cs_hostname + ":" + cs_port +
+ "/kra/admin/console/config/wizard" +
+ "?p=5&subsystem=KRA";
+
+ String query_string = "url=" + URLEncoder.encode(kra_url, "UTF-8");
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string);
+
+ String query_string_1 = "uid=" + sd_admin_name +
+ "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") +
+ "&url=" + URLEncoder.encode(kra_url, "UTF-8");
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri,
+ query_string_1);
+
+ // get session id from security domain
+
+ String kra_session_id = hr.getContentValue("header.session_id");
+ String kra_url_1 = hr.getContentValue("header.url");
+
+ System.out.println("KRA_SESSION_ID=" + kra_session_id);
+ System.out.println("KRA_URL=" + kra_url_1);
+
+ // use session id to connect back to KRA
+
+ String query_string_2 = "p=5" +
+ "&subsystem=KRA" +
+ "&session_id=" + kra_session_id +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string_2);
+
+ if (clone) {
+ // parse urls
+ urls = hr.getHTML();
+ int indx = urls.indexOf(clone_uri);
+ if (indx < 0) {
+ throw new Exception("Invalid clone_uri");
+ }
+ urls = urls.substring(urls.lastIndexOf("<option", indx), indx);
+ urls = urls.split("\"")[1];
+
+ System.out.println("urls =" + urls);
+ }
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in SecurityDomainLoginPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean SubsystemPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ String query_string = null;
+ if (!clone) {
+ query_string = "p=5" + "&op=next" + "&xml=true"
+ + "&choice=newsubsystem" + "&subsystemName="
+ + URLEncoder.encode(subsystem_name, "UTF-8");
+ } else {
+ query_string = "p=5" + "&op=next" + "&xml=true"
+ + "&choice=clonesubsystem" + "&subsystemName="
+ + URLEncoder.encode(subsystem_name, "UTF-8")
+ + "&urls=" + urls;
+ }
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean RestoreKeyCertPanel() {
+ try {
+ ByteArrayInputStream bais = null;
+ HTTPResponse hr = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=6" + "&op=next" + "&xml=true"
+ + "&__password=" + URLEncoder.encode(clone_p12_passwd, "UTF-8")
+ + "&path=" + URLEncoder.encode(clone_p12_file, "UTF-8") + "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in RestoreKeyCertPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean LdapConnectionPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=7" + "&op=next" + "&xml=true" +
+ "&host=" + URLEncoder.encode(ldap_host, "UTF-8") +
+ "&port=" + URLEncoder.encode(ldap_port, "UTF-8") +
+ "&binddn=" + URLEncoder.encode(bind_dn, "UTF-8") +
+ "&__bindpwd=" + URLEncoder.encode(bind_password, "UTF-8") +
+ "&basedn=" + URLEncoder.encode(base_dn, "UTF-8") +
+ "&database=" + URLEncoder.encode(db_name, "UTF-8") +
+ "&display=" + URLEncoder.encode("$displayStr", "UTF-8") +
+ (secure_conn.equals("true") ? "&secureConn=on" : "") +
+ "&masterReplicationPort=" + URLEncoder.encode(clone_master_port, "UTF-8") +
+ "&cloneReplicationPort=" + URLEncoder.encode(clone_replica_port, "UTF-8") +
+ "&replicationSecurity=" + URLEncoder.encode(clone_replication_security, "UTF-8") +
+ (remove_data.equals("true") ? "&removeData=true" : "");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean KeyPanel() {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ ArrayList<String> al = null;
+
+ String query_string = null;
+
+ if (!clone) {
+ query_string = "p=8" + "&op=next" + "&xml=true" +
+ "&transport_custom_size=" + transport_key_size +
+ "&storage_custom_size=" + storage_key_size +
+ "&subsystem_custom_size=" + subsystem_key_size +
+ "&sslserver_custom_size=" + sslserver_key_size +
+ "&audit_signing_custom_size=" + key_size +
+ "&custom_size=" + key_size +
+ "&transport_custom_curvename=" + transport_key_curvename +
+ "&storage_custom_curvename=" + storage_key_curvename +
+ "&subsystem_custom_curvename=" + subsystem_key_curvename +
+ "&sslserver_custom_curvename=" + sslserver_key_curvename +
+ "&audit_signing_custom_curvename=" + audit_signing_key_curvename +
+ "&custom_curvename=" + key_curvename +
+ "&transport_keytype=" + transport_key_type +
+ "&storage_keytype=" + storage_key_type +
+ "&subsystem_keytype=" + subsystem_key_type +
+ "&sslserver_keytype=" + sslserver_key_type +
+ "&audit_signing_keytype=" + audit_signing_key_type +
+ "&keytype=" + key_type +
+ "&transport_choice=custom" +
+ "&storage_choice=custom" +
+ "&subsystem_choice=custom" +
+ "&sslserver_choice=custom" +
+ "&choice=custom" +
+ "&audit_signing_choice=custom" +
+ "&signingalgorithm=" + signing_algorithm +
+ "&transport_signingalgorithm=" + transport_signingalgorithm;
+
+ } else {
+ query_string = "p=8" + "&op=next" + "&xml=true" +
+ "&sslserver_custom_size=" + sslserver_key_size +
+ "&sslserver_keytype=" + sslserver_key_type +
+ "&sslserver_choice=custom" +
+ "&custom_size=" + key_size +
+ "&keytype=" + key_type +
+ "&choice=custom";
+ }
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ al = px.constructValueList("CertReqPair", "DN");
+ // get ca cert subject name
+ if (al != null) {
+ for (int i = 0; i < al.size(); i++) {
+ String temp = al.get(i);
+ if (temp.indexOf("DRM Transport") > 0) {
+ drm_transport_cert_name = temp;
+ } else if (temp.indexOf("DRM Storage") > 0) {
+ drm_storage_cert_name = temp;
+ } else if (temp.indexOf("DRM Subsystem") > 0) {
+ drm_subsystem_cert_name = temp;
+ } else if (temp.indexOf("DRM Audit Signing Certificate") > 0) {
+ drm_audit_signing_cert_name = temp;
+ } else {
+ server_cert_name = temp;
+ }
+ }
+ }
+
+ System.out.println("default: drm_transport_cert_name=" +
+ drm_transport_cert_name);
+ System.out.println("default: drm_storage_cert_name=" +
+ drm_storage_cert_name);
+ System.out.println("default: drm_subsystem_cert_name=" +
+ drm_subsystem_cert_name);
+ System.out.println("default: drm_audit_signing_cert_name=" +
+ drm_audit_signing_cert_name);
+
+ System.out.println("default: server_cert_name=" +
+ server_cert_name);
+ return true;
+ }
+
+ public boolean CertSubjectPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ ArrayList<String> req_list = null;
+ ArrayList<String> cert_list = null;
+ ArrayList<String> dn_list = null;
+ String query_string = null;
+
+ String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port;
+
+ if (!clone) {
+ query_string = "p=9" + "&op=next" + "&xml=true" +
+ "&subsystem=" +
+ URLEncoder.encode(drm_subsystem_cert_subject_name, "UTF-8") +
+ "&transport=" +
+ URLEncoder.encode(drm_transport_cert_subject_name, "UTF-8") +
+ "&storage=" +
+ URLEncoder.encode(drm_storage_cert_subject_name, "UTF-8") +
+ "&sslserver=" +
+ URLEncoder.encode(drm_server_cert_subject_name, "UTF-8") +
+ "&audit_signing=" +
+ URLEncoder.encode(drm_audit_signing_cert_subject_name, "UTF-8") +
+ "&urls=" +
+ URLEncoder.encode(domain_url, "UTF-8");
+ } else {
+ query_string = "p=9" + "&op=next" + "&xml=true" +
+ "&sslserver=" +
+ URLEncoder.encode(drm_server_cert_subject_name, "UTF-8") +
+ "&urls=" +
+ URLEncoder.encode(domain_url, "UTF-8");
+ }
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ req_list = px.constructValueList("CertReqPair", "Request");
+ cert_list = px.constructValueList("CertReqPair", "Certificate");
+ dn_list = px.constructValueList("CertReqPair", "Nickname");
+
+ if (req_list != null && cert_list != null && dn_list != null) {
+ for (int i = 0; i < dn_list.size(); i++) {
+ String temp = dn_list.get(i);
+
+ if (temp.indexOf("transportCert") >= 0) {
+ drm_transport_cert_req = req_list.get(i);
+ drm_transport_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("storageCert") >= 0) {
+ drm_storage_cert_req = req_list.get(i);
+ drm_storage_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("subsystemCert") >= 0) {
+ drm_subsystem_cert_req = req_list.get(i);
+ drm_subsystem_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("auditSigningCert") >= 0) {
+ drm_audit_signing_cert_req = req_list.get(i);
+ drm_audit_signing_cert_cert = cert_list.get(i);
+ } else {
+ server_cert_req = req_list.get(i);
+ server_cert_cert = cert_list.get(i);
+ }
+ }
+ }
+
+ return true;
+ }
+
+ public boolean CertificatePanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=10" + "&op=next" + "&xml=true" +
+ "&subsystem=" +
+ URLEncoder.encode(drm_subsystem_cert_cert, "UTF-8") +
+ "&subsystem_cc=" +
+ "&transport=" +
+ URLEncoder.encode(drm_transport_cert_cert, "UTF-8") +
+ "&transport_cc=" +
+ "&storage=" +
+ URLEncoder.encode(drm_storage_cert_cert, "UTF-8") +
+ "&storage_cc=" +
+ "&sslserver=" +
+ URLEncoder.encode(server_cert_cert, "UTF-8") +
+ "&sslserver_cc=" +
+ "&audit_signing=" +
+ URLEncoder.encode(drm_audit_signing_cert_cert, "UTF-8") +
+ "&audit_signing_cc=";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean BackupPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=11" + "&op=next" + "&xml=true" +
+ "&choice=backupkey" +
+ "&__pwd=" + URLEncoder.encode(backup_pwd, "UTF-8") +
+ "&__pwdagain=" + URLEncoder.encode(backup_pwd, "UTF-8");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean SavePKCS12Panel() {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string);
+
+ // dump hr.getResponseData() to file
+ try {
+ FileOutputStream fos = new FileOutputStream(backup_fname);
+ fos.write(hr.getResponseData());
+ fos.close();
+
+ // set file to permissions 600
+ String rtParams[] = { "chmod", "600", backup_fname };
+ Process proc = Runtime.getRuntime().exec(rtParams);
+
+ BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream()));
+ String line = null;
+ while ((line = br.readLine()) != null)
+ System.out.println("Error: " + line);
+ proc.waitFor();
+
+ // verify p12 file
+
+ // Decode the P12 file
+ FileInputStream fis = new FileInputStream(backup_fname);
+ PFX.Template pfxt = new PFX.Template();
+ PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048));
+ System.out.println("Decoded PFX");
+
+ // now peruse it for interesting info
+ System.out.println("Version: " + pfx.getVersion());
+ AuthenticatedSafes authSafes = pfx.getAuthSafes();
+ SEQUENCE asSeq = authSafes.getSequence();
+ System.out.println("AuthSafes has " +
+ asSeq.size() + " SafeContents");
+
+ fis.close();
+
+ if (clone) {
+ query_string = "p=12" + "&op=next" + "&xml=true";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+ }
+ } catch (Exception e) {
+ System.out.println("ERROR: Exception=" + e.getMessage());
+ return false;
+ }
+
+ return true;
+ }
+
+ public boolean AdminCertReqPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ String admin_cert_request = null;
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ agent_cert_subject,
+ agent_key_size,
+ agent_key_type);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.setTransportCert(null);
+ cCrypt.setDualKey(false);
+ cCrypt.loginDB();
+
+ String crmf_request = cCrypt.generateCRMFrequest();
+
+ if (crmf_request == null) {
+ System.out.println("ERROR: AdminCertReqPanel() cert req gen failed");
+ return false;
+ }
+
+ admin_cert_request = crmf_request;
+
+ String query_string = "p=13" + "&op=next" + "&xml=true" +
+ "&cert_request_type=" + "crmf" +
+ "&uid=" + admin_user +
+ "&name=" + admin_user +
+ "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&profileId=" + "caAdminCert" +
+ "&email=" +
+ URLEncoder.encode(admin_email, "UTF-8") +
+ "&cert_request=" +
+ URLEncoder.encode(admin_cert_request, "UTF-8") +
+ "&subject=" +
+ URLEncoder.encode(agent_cert_subject, "UTF-8") +
+ "&clone=new" +
+ "&import=true" +
+ "&securitydomain=" +
+ URLEncoder.encode(domain_name, "UTF-8");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ admin_serial_number = px.getvalue("serialNumber");
+
+ return true;
+ }
+
+ public boolean AdminCertImportPanel() {
+ boolean st = false;
+ HTTPResponse hr = null;
+
+ String query_string = "serialNumber=" + admin_serial_number +
+ "&importCert=" + "true";
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, admin_uri, query_string);
+
+ // get response data
+ // String cert_to_import =
+ // new sun.misc.BASE64Encoder().encode(hr.getResponseData());
+ String cert_to_import =
+ Utils.base64encode(hr.getResponseData());
+ System.out.println("Imported Cert=" + cert_to_import);
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ String start = "-----BEGIN CERTIFICATE-----\r\n";
+ String end = "\r\n-----END CERTIFICATE-----";
+
+ st = cCrypt.importCert(start + cert_to_import + end, agent_name);
+ if (!st) {
+ System.out.println("ERROR: AdminCertImportPanel() during cert import");
+ return false;
+ }
+
+ System.out.println("SUCCESS: imported admin user cert");
+ return true;
+ }
+
+ public boolean UpdateDomainPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=14" + "&op=next" + "&xml=true" +
+ "&caHost=" + URLEncoder.encode(sd_hostname, "UTF-8") +
+ "&caPort=" + URLEncoder.encode(sd_agent_port, "UTF-8");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean ConfigureDRMInstance() throws UnsupportedEncodingException {
+ // 0. login to cert db
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ // instantiate http client
+ hc = new HTTPClient();
+
+ // 1. Login panel
+ boolean log_st = LoginPanel();
+ if (!log_st) {
+ System.out.println("ERROR: ConfigureDRM: LoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 2. Token Choice Panel
+ boolean disp_token = TokenChoicePanel();
+ if (!disp_token) {
+ System.out.println("ERROR: ConfigureDRM: TokenChoicePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 3. domain panel
+ boolean dom_st = DomainPanel();
+ if (!dom_st) {
+ System.out.println("ERROR: ConfigureDRM: DomainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 4. display cert chain panel
+ boolean disp_st = DisplayChainPanel();
+ if (!disp_st) {
+ System.out.println("ERROR: ConfigureDRM: DisplayChainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // security domain login panel
+ boolean disp_sd = SecurityDomainLoginPanel();
+ if (!disp_sd) {
+ System.out.println("ERROR: ConfigureDRM: SecurityDomainLoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // subsystem panel
+ boolean disp_ss = SubsystemPanel();
+ if (!disp_ss) {
+ System.out.println("ERROR: ConfigureDRM: SubsystemPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 6. display restore key cert panel
+ if (clone) {
+ boolean restore_st = RestoreKeyCertPanel();
+ if (!restore_st) {
+ System.out.println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure");
+ return false;
+ }
+ }
+
+ sleep_time();
+ // 7. ldap connection panel
+ boolean disp_ldap = LdapConnectionPanel();
+ if (!disp_ldap) {
+ System.out.println("ERROR: ConfigureDRM: LdapConnectionPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ sleep_time();
+ // 9. Key Panel
+ boolean disp_key = KeyPanel();
+ if (!disp_key) {
+ System.out.println("ERROR: ConfigureDRM: KeyPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 10. Cert Subject Panel
+ boolean disp_csubj = CertSubjectPanel();
+ if (!disp_csubj) {
+ System.out.println("ERROR: ConfigureDRM: CertSubjectPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 11. Certificate Panel
+ boolean disp_cp = CertificatePanel();
+ if (!disp_cp) {
+ System.out.println("ERROR: ConfigureDRM: CertificatePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // backup panel
+ boolean disp_back = BackupPanel();
+ if (!disp_back) {
+ System.out.println("ERROR: ConfigureDRM: BackupPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // save panel
+ boolean disp_save = SavePKCS12Panel();
+ if (!disp_save) {
+ System.out.println("ERROR: ConfigureDRM: SavePKCS12Panel() failure");
+ return false;
+ }
+
+ if (clone) {
+ // no other panels required for clone
+ return true;
+ }
+
+ sleep_time();
+ // 13. Admin Cert Req Panel
+ boolean disp_adm = AdminCertReqPanel();
+ if (!disp_adm) {
+ System.out.println("ERROR: ConfigureDRM: AdminCertReqPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 14. Admin Cert import Panel
+ boolean disp_im = AdminCertImportPanel();
+ if (!disp_im) {
+ System.out.println("ERROR: ConfigureDRM: AdminCertImportPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 15. Update Domain Panel
+ boolean disp_ud = UpdateDomainPanel();
+ if (!disp_ud) {
+ System.out.println("ERROR: ConfigureDRM: UpdateDomainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ return true;
+ }
+
+ private static String set_default(String val, String def) {
+ if ((val == null) || (val.equals(""))) {
+ return def;
+ } else {
+ return val;
+ }
+ }
+
+ public static void main(String args[]) throws UnsupportedEncodingException {
+ ConfigureDRM ca = new ConfigureDRM();
+
+ // set variables
+ StringHolder x_cs_hostname = new StringHolder();
+ StringHolder x_cs_port = new StringHolder();
+
+ StringHolder x_sd_hostname = new StringHolder();
+ StringHolder x_sd_ssl_port = new StringHolder();
+ StringHolder x_sd_agent_port = new StringHolder();
+ StringHolder x_sd_admin_port = new StringHolder();
+ StringHolder x_sd_admin_name = new StringHolder();
+ StringHolder x_sd_admin_password = new StringHolder();
+
+ StringHolder x_ca_hostname = new StringHolder();
+ StringHolder x_ca_port = new StringHolder();
+ StringHolder x_ca_ssl_port = new StringHolder();
+
+ StringHolder x_client_certdb_dir = new StringHolder();
+ StringHolder x_client_certdb_pwd = new StringHolder();
+ StringHolder x_preop_pin = new StringHolder();
+
+ StringHolder x_domain_name = new StringHolder();
+
+ StringHolder x_admin_user = new StringHolder();
+ StringHolder x_admin_email = new StringHolder();
+ StringHolder x_admin_password = new StringHolder();
+
+ // ldap
+ StringHolder x_ldap_host = new StringHolder();
+ StringHolder x_ldap_port = new StringHolder();
+ StringHolder x_bind_dn = new StringHolder();
+ StringHolder x_bind_password = new StringHolder();
+ StringHolder x_base_dn = new StringHolder();
+ StringHolder x_db_name = new StringHolder();
+ StringHolder x_secure_conn = new StringHolder();
+ StringHolder x_remove_data = new StringHolder();
+
+ // key properties (defaults)
+ StringHolder x_key_size = new StringHolder();
+ StringHolder x_key_type = new StringHolder();
+ StringHolder x_key_curvename = new StringHolder();
+ StringHolder x_signing_algorithm = new StringHolder();
+
+ // key properties (custom - transport)
+ StringHolder x_transport_key_size = new StringHolder();
+ StringHolder x_transport_key_type = new StringHolder();
+ StringHolder x_transport_key_curvename = new StringHolder();
+ StringHolder x_transport_signingalgorithm = new StringHolder();
+
+ // key properties (custom - storage)
+ StringHolder x_storage_key_size = new StringHolder();
+ StringHolder x_storage_key_type = new StringHolder();
+ StringHolder x_storage_key_curvename = new StringHolder();
+
+ // key properties (custom - audit_signing)
+ StringHolder x_audit_signing_key_size = new StringHolder();
+ StringHolder x_audit_signing_key_type = new StringHolder();
+ StringHolder x_audit_signing_key_curvename = new StringHolder();
+
+ // key properties (custom - subsystem)
+ StringHolder x_subsystem_key_size = new StringHolder();
+ StringHolder x_subsystem_key_type = new StringHolder();
+ StringHolder x_subsystem_key_curvename = new StringHolder();
+
+ // key properties (custom - sslserver)
+ StringHolder x_sslserver_key_size = new StringHolder();
+ StringHolder x_sslserver_key_type = new StringHolder();
+ StringHolder x_sslserver_key_curvename = new StringHolder();
+
+ StringHolder x_token_name = new StringHolder();
+ StringHolder x_token_pwd = new StringHolder();
+
+ StringHolder x_agent_key_size = new StringHolder();
+ StringHolder x_agent_key_type = new StringHolder();
+ StringHolder x_agent_cert_subject = new StringHolder();
+
+ StringHolder x_agent_name = new StringHolder();
+ StringHolder x_backup_pwd = new StringHolder();
+ StringHolder x_backup_fname = new StringHolder();
+
+ // drm cert subject name params
+ StringHolder x_drm_subsystem_cert_subject_name = new StringHolder();
+ StringHolder x_drm_server_cert_subject_name = new StringHolder();
+ StringHolder x_drm_transport_cert_subject_name = new StringHolder();
+ StringHolder x_drm_storage_cert_subject_name = new StringHolder();
+ StringHolder x_drm_audit_signing_cert_subject_name = new StringHolder();
+
+ // subsystemName
+ StringHolder x_subsystem_name = new StringHolder();
+
+ //clone parameters
+ StringHolder x_clone = new StringHolder();
+ StringHolder x_clone_uri = new StringHolder();
+ StringHolder x_clone_p12_file = new StringHolder();
+ StringHolder x_clone_p12_passwd = new StringHolder();
+ StringHolder x_clone_master_port = new StringHolder();
+ StringHolder x_clone_replica_port = new StringHolder();
+ StringHolder x_clone_replication_security = new StringHolder();
+
+ // parse the args
+ ArgParser parser = new ArgParser("ConfigureDRM");
+
+ parser.addOption("-cs_hostname %s #CS Hostname",
+ x_cs_hostname);
+ parser.addOption("-cs_port %s #CS SSL Admin port",
+ x_cs_port);
+
+ parser.addOption("-sd_hostname %s #Security Domain Hostname",
+ x_sd_hostname);
+ parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port",
+ x_sd_ssl_port);
+ parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port",
+ x_sd_agent_port);
+ parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port",
+ x_sd_admin_port);
+ parser.addOption("-sd_admin_name %s #Security Domain username",
+ x_sd_admin_name);
+ parser.addOption("-sd_admin_password %s #Security Domain password",
+ x_sd_admin_password);
+
+ parser.addOption("-ca_hostname %s #CA Hostname",
+ x_ca_hostname);
+ parser.addOption("-ca_port %s #CA non-SSL EE port",
+ x_ca_port);
+ parser.addOption("-ca_ssl_port %s #CA SSL EE port",
+ x_ca_ssl_port);
+
+ parser.addOption("-client_certdb_dir %s #Client CertDB dir",
+ x_client_certdb_dir);
+ parser.addOption("-client_certdb_pwd %s #client certdb password",
+ x_client_certdb_pwd);
+ parser.addOption("-preop_pin %s #pre op pin",
+ x_preop_pin);
+ parser.addOption("-domain_name %s #domain name",
+ x_domain_name);
+ parser.addOption("-admin_user %s #Admin User Name",
+ x_admin_user);
+ parser.addOption("-admin_email %s #Admin email",
+ x_admin_email);
+ parser.addOption("-admin_password %s #Admin password",
+ x_admin_password);
+ parser.addOption("-agent_name %s #Agent Cert Nickname",
+ x_agent_name);
+
+ parser.addOption("-ldap_host %s #ldap host",
+ x_ldap_host);
+ parser.addOption("-ldap_port %s #ldap port",
+ x_ldap_port);
+ parser.addOption("-bind_dn %s #ldap bind dn",
+ x_bind_dn);
+ parser.addOption("-bind_password %s #ldap bind password",
+ x_bind_password);
+ parser.addOption("-base_dn %s #base dn",
+ x_base_dn);
+ parser.addOption("-db_name %s #db name",
+ x_db_name);
+ parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
+ parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+
+ // key and algorithm options (default)
+ parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
+ parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
+ parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
+ parser.addOption(
+ "-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)",
+ x_signing_algorithm);
+
+ // key and algorithm options for transport certificate (overrides default)
+ parser.addOption("-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_transport_key_type);
+ parser.addOption("-transport_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_transport_key_size);
+ parser.addOption("-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_transport_key_curvename);
+ parser.addOption(
+ "-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)",
+ x_transport_signingalgorithm);
+
+ // key and algorithm options for storage certificate (overrides default)
+ parser.addOption("-storage_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_storage_key_type);
+ parser.addOption("-storage_key_size %s #Key Size (optional, for RSA default is key_size)", x_storage_key_size);
+ parser.addOption("-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_storage_key_curvename);
+
+ // key and algorithm options for audit_signing certificate (overrides default)
+ parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
+
+ // key and algorithm options for subsystem certificate (overrides default)
+ parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
+
+ // key and algorithm options for sslserver certificate (overrides default)
+ parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
+
+ parser.addOption("-token_name %s #HSM/Software Token name",
+ x_token_name);
+ parser.addOption("-token_pwd %s #HSM/Software Token password (optional, required for HSM)",
+ x_token_pwd);
+
+ parser.addOption("-agent_key_size %s #Agent Cert Key Size",
+ x_agent_key_size);
+ parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]",
+ x_agent_key_type);
+ parser.addOption("-agent_cert_subject %s #Agent Cert Subject ",
+ x_agent_cert_subject);
+
+ parser.addOption("-backup_pwd %s #PKCS12 password",
+ x_backup_pwd);
+
+ parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-kra.p12)",
+ x_backup_fname);
+
+ parser.addOption(
+ "-drm_transport_cert_subject_name %s #DRM transport cert subject name",
+ x_drm_transport_cert_subject_name);
+ parser.addOption(
+ "-drm_subsystem_cert_subject_name %s #DRM subsystem cert subject name",
+ x_drm_subsystem_cert_subject_name);
+ parser.addOption(
+ "-drm_storage_cert_subject_name %s #DRM storage cert subject name",
+ x_drm_storage_cert_subject_name);
+ parser.addOption(
+ "-drm_server_cert_subject_name %s #DRM server cert subject name",
+ x_drm_server_cert_subject_name);
+
+ parser.addOption(
+ "-subsystem_name %s #CA subsystem name",
+ x_subsystem_name);
+
+ parser.addOption(
+ "-drm_audit_signing_cert_subject_name %s #DRM audit signing cert subject name",
+ x_drm_audit_signing_cert_subject_name);
+
+ parser.addOption("-clone %s #Clone of another KRA [true, false] (optional, default false)", x_clone);
+ parser.addOption(
+ "-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)",
+ x_clone_uri);
+ parser.addOption(
+ "-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)",
+ x_clone_p12_file);
+ parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)",
+ x_clone_p12_passwd);
+
+ // replication agreement options
+ parser.addOption("-clone_master_port %s #Master Port to be used in replication agreement (optional)",
+ x_clone_master_port);
+ parser.addOption("-clone_replica_port %s #Replica Port to be used in replication agreement (optional)",
+ x_clone_replica_port);
+ parser.addOption("-clone_replication_security %s #Type of security in replication agreement (optional)",
+ x_clone_replication_security);
+
+
+ // and then match the arguments
+ String[] unmatched = null;
+ unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED);
+
+ if (unmatched != null) {
+ System.out.println("ERROR: Argument Mismatch");
+ System.exit(-1);
+ }
+
+ parser.checkRequiredArgs();
+
+ // set variables
+ cs_hostname = x_cs_hostname.value;
+ cs_port = x_cs_port.value;
+
+ sd_hostname = x_sd_hostname.value;
+ sd_ssl_port = x_sd_ssl_port.value;
+ sd_agent_port = x_sd_agent_port.value;
+ sd_admin_port = x_sd_admin_port.value;
+ sd_admin_name = x_sd_admin_name.value;
+ sd_admin_password = x_sd_admin_password.value;
+
+ ca_hostname = x_ca_hostname.value;
+ ca_port = x_ca_port.value;
+ ca_ssl_port = x_ca_ssl_port.value;
+
+ client_certdb_dir = x_client_certdb_dir.value;
+ client_certdb_pwd = x_client_certdb_pwd.value;
+ pin = x_preop_pin.value;
+ domain_name = x_domain_name.value;
+
+ admin_user = x_admin_user.value;
+ admin_email = x_admin_email.value;
+ admin_password = x_admin_password.value;
+ agent_name = x_agent_name.value;
+
+ ldap_host = x_ldap_host.value;
+ ldap_port = x_ldap_port.value;
+ bind_dn = x_bind_dn.value;
+ bind_password = x_bind_password.value;
+ base_dn = x_base_dn.value;
+ db_name = x_db_name.value;
+ secure_conn = set_default(x_secure_conn.value, "false");
+ remove_data = set_default(x_remove_data.value, "false");
+
+ key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE);
+ transport_key_type = set_default(x_transport_key_type.value, key_type);
+ storage_key_type = set_default(x_storage_key_type.value, key_type);
+ audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type);
+ subsystem_key_type = set_default(x_subsystem_key_type.value, key_type);
+ sslserver_key_type = set_default(x_sslserver_key_type.value, key_type);
+
+ key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE);
+ transport_key_size = set_default(x_transport_key_size.value, key_size);
+ storage_key_size = set_default(x_storage_key_size.value, key_size);
+ audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size);
+ subsystem_key_size = set_default(x_subsystem_key_size.value, key_size);
+ sslserver_key_size = set_default(x_sslserver_key_size.value, key_size);
+
+ key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME);
+ transport_key_curvename = set_default(x_transport_key_curvename.value, key_curvename);
+ storage_key_curvename = set_default(x_storage_key_curvename.value, key_curvename);
+ audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename);
+ subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename);
+ sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename);
+
+ if (transport_key_type.equalsIgnoreCase("RSA")) {
+ signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA);
+ } else {
+ signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC);
+ }
+
+ transport_signingalgorithm = set_default(x_transport_signingalgorithm.value, signing_algorithm);
+
+ token_name = x_token_name.value;
+ token_pwd = x_token_pwd.value;
+
+ agent_key_size = x_agent_key_size.value;
+ agent_key_type = x_agent_key_type.value;
+ agent_cert_subject = x_agent_cert_subject.value;
+
+ backup_pwd = x_backup_pwd.value;
+ backup_fname = set_default(x_backup_fname.value, "/root/tmp-kra.p12");
+
+ drm_transport_cert_subject_name =
+ x_drm_transport_cert_subject_name.value;
+ drm_subsystem_cert_subject_name =
+ x_drm_subsystem_cert_subject_name.value;
+ drm_storage_cert_subject_name = x_drm_storage_cert_subject_name.value;
+ drm_server_cert_subject_name = x_drm_server_cert_subject_name.value;
+ drm_audit_signing_cert_subject_name = x_drm_audit_signing_cert_subject_name.value;
+
+ subsystem_name = x_subsystem_name.value;
+
+ if ((x_clone.value != null) && (x_clone.value.equalsIgnoreCase("true"))) {
+ clone = true;
+ } else {
+ clone = false;
+ }
+ clone_uri = x_clone_uri.value;
+ clone_p12_file = x_clone_p12_file.value;
+ clone_p12_passwd = x_clone_p12_passwd.value;
+ clone_master_port = set_default(x_clone_master_port.value, "");
+ clone_replica_port = set_default(x_clone_replica_port.value, "");
+ clone_replication_security = set_default(x_clone_replication_security.value, "None");
+
+ boolean st = ca.ConfigureDRMInstance();
+
+ if (!st) {
+ System.out.println("ERROR: unable to create DRM");
+ System.exit(-1);
+ }
+
+ System.out.println("Certificate System - DRM Instance Configured");
+ System.exit(0);
+ }
+
+};
diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java b/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java
new file mode 100644
index 000000000..53c014b74
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java
@@ -0,0 +1,1181 @@
+package com.netscape.pkisilent;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStreamReader;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+
+import org.mozilla.jss.asn1.SEQUENCE;
+import org.mozilla.jss.pkcs12.AuthenticatedSafes;
+import org.mozilla.jss.pkcs12.PFX;
+
+import com.netscape.pkisilent.argparser.ArgParser;
+import com.netscape.pkisilent.argparser.StringHolder;
+import com.netscape.pkisilent.common.ComCrypto;
+import com.netscape.pkisilent.common.ParseXML;
+import com.netscape.pkisilent.http.HTTPClient;
+import com.netscape.pkisilent.http.HTTPResponse;
+import com.netscape.cmsutil.util.Utils;
+
+public class ConfigureOCSP {
+ public static final String DEFAULT_KEY_TYPE = "RSA";
+ public static final String DEFAULT_KEY_SIZE = "2048";
+ public static final String DEFAULT_KEY_CURVENAME = "nistp256";
+ public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA";
+ public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC";
+
+ // define global variables
+
+ public static HTTPClient hc = null;
+
+ public static String login_uri = "/ocsp/admin/console/config/login";
+ public static String wizard_uri = "/ocsp/admin/console/config/wizard";
+ public static String admin_uri = "/ca/admin/ca/getBySerial";
+
+ public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin";
+ public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie";
+ public static String pkcs12_uri = "/ocsp/admin/console/config/savepkcs12";
+
+ public static String cs_hostname = null;
+ public static String cs_port = null;
+
+ public static String sd_hostname = null;
+ public static String sd_ssl_port = null;
+ public static String sd_agent_port = null;
+ public static String sd_admin_port = null;
+ public static String sd_admin_name = null;
+ public static String sd_admin_password = null;
+
+ public static String ca_hostname = null;
+ public static String ca_port = null;
+ public static String ca_ssl_port = null;
+
+ public static String client_certdb_dir = null;
+ public static String client_certdb_pwd = null;
+
+ // Login Panel
+ public static String pin = null;
+
+ public static String domain_name = null;
+
+ public static String admin_user = null;
+ public static String admin_email = null;
+ public static String admin_password = null;
+ public static String admin_serial_number = null;
+ public static String agent_name = null;
+
+ public static String ldap_host = null;
+ public static String ldap_port = null;
+ public static String bind_dn = null;
+ public static String bind_password = null;
+ public static String base_dn = null;
+ public static String db_name = null;
+ public static String secure_conn = null;
+ public static String remove_data = null;
+
+ public static String key_type = null;
+ public static String key_size = null;
+ public static String key_curvename = null;
+ public static String signing_algorithm = null;
+
+ public static String signing_key_type = null;
+ public static String signing_key_size = null;
+ public static String signing_key_curvename = null;
+ public static String signing_signingalgorithm = null;
+
+ public static String subsystem_key_type = null;
+ public static String subsystem_key_size = null;
+ public static String subsystem_key_curvename = null;
+
+ public static String audit_signing_key_type = null;
+ public static String audit_signing_key_size = null;
+ public static String audit_signing_key_curvename = null;
+
+ public static String sslserver_key_type = null;
+ public static String sslserver_key_size = null;
+ public static String sslserver_key_curvename = null;
+
+ public static String token_name = null;
+ public static String token_pwd = null;
+
+ public static String agent_key_size = null;
+ public static String agent_key_type = null;
+ public static String agent_cert_subject = null;
+
+ public static String ocsp_signing_cert_name = null;
+ public static String ocsp_signing_cert_req = null;
+ public static String ocsp_signing_cert_pp = null;
+ public static String ocsp_signing_cert_cert = null;
+
+ public static String server_cert_name = null;
+ public static String server_cert_req = null;
+ public static String server_cert_pp = null;
+ public static String server_cert_cert = null;
+
+ public static String ocsp_subsystem_cert_name = null;
+ public static String ocsp_subsystem_cert_req = null;
+ public static String ocsp_subsystem_cert_pp = null;
+ public static String ocsp_subsystem_cert_cert = null;
+
+ public static String ocsp_audit_signing_cert_name = null;
+ public static String ocsp_audit_signing_cert_req = null;
+ public static String ocsp_audit_signing_cert_pp = null;
+ public static String ocsp_audit_signing_cert_cert = null;
+
+ public static String backup_pwd = null;
+ public static String backup_fname = null;
+
+ // cert subject names
+ public static String ocsp_sign_cert_subject_name = null;
+ public static String ocsp_subsystem_cert_subject_name = null;
+ public static String ocsp_server_cert_subject_name = null;
+ public static String ocsp_audit_signing_cert_subject_name = null;
+
+ public static String subsystem_name = null;
+
+ public ConfigureOCSP() {
+ // do nothing :)
+ }
+
+ public void sleep_time() {
+ try {
+ System.out.println("Sleeping for 5 secs..");
+ Thread.sleep(5000);
+ } catch (Exception e) {
+ System.out.println("ERROR: sleep problem");
+ }
+
+ }
+
+ public boolean LoginPanel() {
+ boolean st = false;
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "pin=" + pin + "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string);
+ System.out.println("xml returned: " + hr.getHTML());
+
+ // parse xml here - nothing to parse
+
+ // get cookie
+ String temp = hr.getCookieValue("JSESSIONID");
+
+ if (temp != null) {
+ int index = temp.indexOf(";");
+ HTTPClient.j_session_id = temp.substring(0, index);
+ st = true;
+ }
+
+ hr = null;
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ "p=0&op=next&xml=true");
+
+ // parse xml here
+
+ bais = new ByteArrayInputStream(
+ hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return st;
+ }
+
+ public boolean TokenChoicePanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = null;
+
+ // Software Token
+ if (token_name.equalsIgnoreCase("internal")) {
+ query_string = "p=1" + "&op=next" + "&xml=true" +
+ "&choice=" + URLEncoder.encode("Internal Key Storage Token", "UTF-8");
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+ }
+ // HSM
+ else {
+ // login to hsm first
+ query_string = "p=2" + "&op=next" + "&xml=true" +
+ "&uTokName=" +
+ URLEncoder.encode(token_name, "UTF-8") +
+ "&__uPasswd=" +
+ URLEncoder.encode(token_pwd, "UTF-8");
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ // choice with token name now
+ query_string = "p=1" + "&op=next" + "&xml=true" +
+ "&choice=" +
+ URLEncoder.encode(token_name, "UTF-8");
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ }
+ return true;
+ }
+
+ public boolean DomainPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String domain_url = "https://" + sd_hostname + ":" + sd_admin_port;
+
+ String query_string = "sdomainURL=" +
+ URLEncoder.encode(domain_url, "UTF-8") +
+ "&choice=existingdomain" +
+ "&p=3" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+
+ }
+
+ public boolean DisplayChainPanel() {
+ String query_string = null;
+
+ query_string = "p=4" + "&op=next" + "&xml=true";
+ hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ // bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ // px.parse(bais);
+ // px.prettyprintxml();
+
+ return true;
+
+ }
+
+ public boolean SecurityDomainLoginPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+
+ String ocsp_url = "https://" + cs_hostname + ":" + cs_port +
+ "/ocsp/admin/console/config/wizard" +
+ "?p=5&subsystem=OCSP";
+
+ String query_string = "url=" + URLEncoder.encode(ocsp_url, "UTF-8");
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string);
+
+ String query_string_1 = "uid=" + sd_admin_name +
+ "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") +
+ "&url=" + URLEncoder.encode(ocsp_url, "UTF-8");
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri,
+ query_string_1);
+
+ // get session id from security domain
+
+ String ocsp_session_id = hr.getContentValue("header.session_id");
+ String ocsp_url_1 = hr.getContentValue("header.url");
+
+ System.out.println("OCSP_SESSION_ID=" + ocsp_session_id);
+ System.out.println("OCSP_URL=" + ocsp_url_1);
+
+ // use session id to connect back to OCSP
+
+ String query_string_2 = "p=5" +
+ "&subsystem=OCSP" +
+ "&session_id=" + ocsp_session_id +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string_2);
+
+ return true;
+
+ }
+
+ public boolean SubsystemPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=5" + "&op=next" + "&xml=true" +
+ "&subsystemName=" +
+ URLEncoder.encode(subsystem_name, "UTF-8") +
+ "&choice=newsubsystem";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean LdapConnectionPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=7" + "&op=next" + "&xml=true" +
+ "&host=" + URLEncoder.encode(ldap_host, "UTF-8") +
+ "&port=" + URLEncoder.encode(ldap_port, "UTF-8") +
+ "&binddn=" + URLEncoder.encode(bind_dn, "UTF-8") +
+ "&__bindpwd=" + URLEncoder.encode(bind_password, "UTF-8") +
+ "&basedn=" + URLEncoder.encode(base_dn, "UTF-8") +
+ "&database=" + URLEncoder.encode(db_name, "UTF-8") +
+ "&display=" + URLEncoder.encode("$displayStr", "UTF-8") +
+ (secure_conn.equals("true") ? "&secureConn=on" : "") +
+ (remove_data.equals("true") ? "&removeData=true" : "");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean KeyPanel() {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ ArrayList<String> al = null;
+
+ String query_string = "p=8" + "&op=next" + "&xml=true" +
+ "&signing_custom_size=" + signing_key_size +
+ "&subsystem_custom_size=" + subsystem_key_size +
+ "&sslserver_custom_size=" + sslserver_key_size +
+ "&audit_signing_custom_size=" + audit_signing_key_size +
+ "&custom_size=" + key_size +
+ "&signing_custom_curvename=" + signing_key_curvename +
+ "&subsystem_custom_curvename=" + subsystem_key_curvename +
+ "&sslserver_custom_curvename=" + sslserver_key_curvename +
+ "&audit_signing_custom_curvename=" + audit_signing_key_curvename +
+ "&custom_curvename=" + key_curvename +
+ "&signing_keytype=" + signing_key_type +
+ "&subsystem_keytype=" + subsystem_key_type +
+ "&sslserver_keytype=" + sslserver_key_type +
+ "&audit_signing_keytype=" + audit_signing_key_type +
+ "&keytype=" + key_type +
+ "&signing_choice=custom" +
+ "&subsystem_choice=custom" +
+ "&sslserver_choice=custom" +
+ "&audit_signing_choice=custom" +
+ "&signingalgorithm=" + signing_algorithm +
+ "&signing_signingalgorithm=" + signing_signingalgorithm +
+ "&choice=custom";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ al = px.constructValueList("CertReqPair", "DN");
+ // get ca cert subject name
+ if (al != null) {
+ for (int i = 0; i < al.size(); i++) {
+ String temp = al.get(i);
+ if (temp.indexOf("OCSP Signing") > 0) {
+ ocsp_signing_cert_name = temp;
+ } else if (temp.indexOf("OCSP Subsystem") > 0) {
+ ocsp_subsystem_cert_name = temp;
+ } else if (temp.indexOf("Audit Signing Certificate") > 0) {
+ ocsp_audit_signing_cert_name = temp;
+ } else {
+ server_cert_name = temp;
+ }
+ }
+ }
+
+ System.out.println("default: ocsp_signing_cert_name=" + ocsp_signing_cert_name);
+ System.out.println("default: ocsp_subsystem_cert_name=" + ocsp_subsystem_cert_name);
+ System.out.println("default: server_cert_name=" + server_cert_name);
+ System.out.println("default: oscp_audit_signing_cert_name=" + ocsp_audit_signing_cert_name);
+
+ return true;
+ }
+
+ public boolean CertSubjectPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ ArrayList<String> req_list = null;
+ ArrayList<String> cert_list = null;
+ ArrayList<String> dn_list = null;
+
+ String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port;
+
+ String query_string = "p=9" + "&op=next" + "&xml=true" +
+ "&subsystem=" +
+ URLEncoder.encode(ocsp_subsystem_cert_subject_name, "UTF-8") +
+ "&signing=" +
+ URLEncoder.encode(ocsp_sign_cert_subject_name, "UTF-8") +
+ "&sslserver=" +
+ URLEncoder.encode(ocsp_server_cert_subject_name, "UTF-8") +
+ "&audit_signing=" +
+ URLEncoder.encode(ocsp_audit_signing_cert_subject_name, "UTF-8") +
+ "&urls=" +
+ URLEncoder.encode(domain_url, "UTF-8") +
+ "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ req_list = px.constructValueList("CertReqPair", "Request");
+ cert_list = px.constructValueList("CertReqPair", "Certificate");
+ dn_list = px.constructValueList("CertReqPair", "Nickname");
+
+ if (req_list != null && cert_list != null && dn_list != null) {
+ for (int i = 0; i < dn_list.size(); i++) {
+ String temp = dn_list.get(i);
+
+ if (temp.indexOf("ocspSigningCert") >= 0) {
+ ocsp_signing_cert_req = req_list.get(i);
+ ocsp_signing_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("subsystemCert") >= 0) {
+ ocsp_subsystem_cert_req = req_list.get(i);
+ ocsp_subsystem_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("auditSigningCert") >= 0) {
+ ocsp_audit_signing_cert_req = req_list.get(i);
+ ocsp_audit_signing_cert_cert = cert_list.get(i);
+ } else {
+ server_cert_req = req_list.get(i);
+ server_cert_cert = cert_list.get(i);
+ }
+ }
+ }
+
+ return true;
+ }
+
+ public boolean CertificatePanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=10" + "&op=next" + "&xml=true" +
+ "&subsystem=" +
+ URLEncoder.encode(ocsp_subsystem_cert_cert, "UTF-8") +
+ "&subsystem_cc=" +
+ "&signing=" +
+ URLEncoder.encode(ocsp_signing_cert_cert, "UTF-8") +
+ "&signing_cc=" +
+ "&sslserver=" +
+ URLEncoder.encode(server_cert_cert, "UTF-8") +
+ "&sslserver_cc=" +
+ "&audit_signing=" +
+ URLEncoder.encode(ocsp_audit_signing_cert_cert, "UTF-8") +
+ "&audit_signing_cc=";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+
+ System.out.println("html returned=" + hr.getHTML());
+
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean BackupPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=11" + "&op=next" + "&xml=true" +
+ "&choice=backupkey" +
+ "&__pwd=" + URLEncoder.encode(backup_pwd, "UTF-8") +
+ "&__pwdagain=" + URLEncoder.encode(backup_pwd, "UTF-8");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean SavePKCS12Panel() {
+ HTTPResponse hr = null;
+
+ String query_string = "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string);
+
+ // dump hr.getResponseData() to file
+
+ try {
+ FileOutputStream fos = new FileOutputStream(backup_fname);
+ fos.write(hr.getResponseData());
+ fos.close();
+
+ // set file to permissions 600
+ String rtParams[] = { "chmod", "600", backup_fname };
+ Process proc = Runtime.getRuntime().exec(rtParams);
+
+ BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream()));
+ String line = null;
+ while ((line = br.readLine()) != null)
+ System.out.println("Error: " + line);
+ proc.waitFor();
+
+ // verify p12 file
+
+ // Decode the P12 file
+ FileInputStream fis = new FileInputStream(backup_fname);
+ PFX.Template pfxt = new PFX.Template();
+ PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048));
+ System.out.println("Decoded PFX");
+
+ // now peruse it for interesting info
+ System.out.println("Version: " + pfx.getVersion());
+ AuthenticatedSafes authSafes = pfx.getAuthSafes();
+ SEQUENCE asSeq = authSafes.getSequence();
+ System.out.println("AuthSafes has " +
+ asSeq.size() + " SafeContents");
+
+ fis.close();
+ } catch (Exception e) {
+ System.out.println("ERROR: Exception=" + e.getMessage());
+ return false;
+ }
+
+ return true;
+ }
+
+ public boolean AdminCertReqPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ String admin_cert_request = null;
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ agent_cert_subject,
+ agent_key_size,
+ agent_key_type);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.setTransportCert(null);
+ cCrypt.setDualKey(false);
+ cCrypt.loginDB();
+
+ String crmf_request = cCrypt.generateCRMFrequest();
+
+ if (crmf_request == null) {
+ System.out.println("ERROR: AdminCertReqPanel() cert req gen failed");
+ return false;
+ }
+
+ admin_cert_request = crmf_request;
+
+ String query_string = "p=13" + "&op=next" + "&xml=true" +
+ "&cert_request_type=" + "crmf" +
+ "&uid=" + admin_user +
+ "&name=" + admin_user +
+ "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&profileId=" + "caAdminCert" +
+ "&email=" +
+ URLEncoder.encode(admin_email, "UTF-8") +
+ "&cert_request=" +
+ URLEncoder.encode(admin_cert_request, "UTF-8") +
+ "&subject=" +
+ URLEncoder.encode(agent_cert_subject, "UTF-8") +
+ "&clone=new" +
+ "&import=true" +
+ "&securitydomain=" +
+ URLEncoder.encode(domain_name, "UTF-8");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ admin_serial_number = px.getvalue("serialNumber");
+
+ return true;
+ }
+
+ public boolean AdminCertImportPanel() {
+ boolean st = false;
+ HTTPResponse hr = null;
+
+ String query_string = "serialNumber=" + admin_serial_number +
+ "&importCert=" + "true" +
+ "";
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, admin_uri, query_string);
+
+ // get response data
+ // String cert_to_import =
+ // new sun.misc.BASE64Encoder().encode(hr.getResponseData());
+ String cert_to_import =
+ Utils.base64encode(hr.getResponseData());
+ System.out.println("Imported Cert=" + cert_to_import);
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ String start = "-----BEGIN CERTIFICATE-----\r\n";
+ String end = "\r\n-----END CERTIFICATE-----";
+
+ st = cCrypt.importCert(start + cert_to_import + end, agent_name);
+ if (!st) {
+ System.out.println("ERROR: AdminCertImportPanel() during cert import");
+ return false;
+ }
+
+ System.out.println("SUCCESS: imported admin user cert");
+ return true;
+ }
+
+ public boolean UpdateDomainPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=14" + "&op=next" + "&xml=true" +
+ "&caHost=" + URLEncoder.encode(sd_hostname, "UTF-8") +
+ "&caPort=" + URLEncoder.encode(sd_agent_port, "UTF-8");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean ConfigureOCSPInstance() throws UnsupportedEncodingException {
+ // 0. login to cert db
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ // instantiate http client
+ hc = new HTTPClient();
+
+ // 1. Login panel
+ boolean log_st = LoginPanel();
+ if (!log_st) {
+ System.out.println("ERROR: ConfigureOCSP: LoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 2. Token Choice Panel
+ boolean disp_token = TokenChoicePanel();
+ if (!disp_token) {
+ System.out.println("ERROR: ConfigureOCSP: TokenChoicePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 3. domain panel
+ boolean dom_st = DomainPanel();
+ if (!dom_st) {
+ System.out.println("ERROR: ConfigureOCSP: DomainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 4. display cert chain panel
+ boolean disp_st = DisplayChainPanel();
+ if (!disp_st) {
+ System.out.println("ERROR: ConfigureOCSP: DisplayChainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // security domain login panel
+ boolean disp_sd = SecurityDomainLoginPanel();
+ if (!disp_sd) {
+ System.out.println("ERROR: ConfigureOCSP: SecurityDomainLoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // subsystem panel
+ boolean disp_ss = SubsystemPanel();
+ if (!disp_ss) {
+ System.out.println("ERROR: ConfigureOCSP: SubsystemPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 7. ldap connection panel
+ boolean disp_ldap = LdapConnectionPanel();
+ if (!disp_ldap) {
+ System.out.println("ERROR: ConfigureOCSP: LdapConnectionPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ sleep_time();
+ // 9. Key Panel
+ boolean disp_key = KeyPanel();
+ if (!disp_key) {
+ System.out.println("ERROR: ConfigureOCSP: KeyPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 10. Cert Subject Panel
+ boolean disp_csubj = CertSubjectPanel();
+ if (!disp_csubj) {
+ System.out.println("ERROR: ConfigureOCSP: CertSubjectPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 11. Certificate Panel
+ boolean disp_cp = CertificatePanel();
+ if (!disp_cp) {
+ System.out.println("ERROR: ConfigureOCSP: CertificatePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // backup panel
+ boolean disp_back = BackupPanel();
+ if (!disp_back) {
+ System.out.println("ERROR: ConfigureOCSP: BackupPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // save panel
+ boolean disp_save = SavePKCS12Panel();
+ if (!disp_save) {
+ System.out.println("ERROR: ConfigureOCSP: SavePKCS12Panel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 13. Admin Cert Req Panel
+ boolean disp_adm = AdminCertReqPanel();
+ if (!disp_adm) {
+ System.out.println("ERROR: ConfigureOCSP: AdminCertReqPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 14. Admin Cert import Panel
+ boolean disp_im = AdminCertImportPanel();
+ if (!disp_im) {
+ System.out.println("ERROR: ConfigureOCSP: AdminCertImportPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 15. Update Domain Panel
+ boolean disp_ud = UpdateDomainPanel();
+ if (!disp_ud) {
+ System.out.println("ERROR: ConfigureOCSP: UpdateDomainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ return true;
+ }
+
+ private static String set_default(String val, String def) {
+ if ((val == null) || (val.equals(""))) {
+ return def;
+ } else {
+ return val;
+ }
+ }
+
+ public static void main(String args[]) throws UnsupportedEncodingException {
+ ConfigureOCSP ca = new ConfigureOCSP();
+
+ // set variables
+ StringHolder x_cs_hostname = new StringHolder();
+ StringHolder x_cs_port = new StringHolder();
+
+ StringHolder x_sd_hostname = new StringHolder();
+ StringHolder x_sd_ssl_port = new StringHolder();
+ StringHolder x_sd_agent_port = new StringHolder();
+ StringHolder x_sd_admin_port = new StringHolder();
+ StringHolder x_sd_admin_name = new StringHolder();
+ StringHolder x_sd_admin_password = new StringHolder();
+
+ StringHolder x_ca_hostname = new StringHolder();
+ StringHolder x_ca_port = new StringHolder();
+ StringHolder x_ca_ssl_port = new StringHolder();
+
+ StringHolder x_client_certdb_dir = new StringHolder();
+ StringHolder x_client_certdb_pwd = new StringHolder();
+ StringHolder x_preop_pin = new StringHolder();
+
+ StringHolder x_domain_name = new StringHolder();
+
+ StringHolder x_admin_user = new StringHolder();
+ StringHolder x_admin_email = new StringHolder();
+ StringHolder x_admin_password = new StringHolder();
+
+ // ldap
+ StringHolder x_ldap_host = new StringHolder();
+ StringHolder x_ldap_port = new StringHolder();
+ StringHolder x_bind_dn = new StringHolder();
+ StringHolder x_bind_password = new StringHolder();
+ StringHolder x_base_dn = new StringHolder();
+ StringHolder x_db_name = new StringHolder();
+ StringHolder x_secure_conn = new StringHolder();
+ StringHolder x_remove_data = new StringHolder();
+
+ // key properties (defaults)
+ StringHolder x_key_size = new StringHolder();
+ StringHolder x_key_type = new StringHolder();
+ StringHolder x_key_curvename = new StringHolder();
+ StringHolder x_signing_algorithm = new StringHolder();
+
+ // key properties (custom - signing)
+ StringHolder x_signing_key_size = new StringHolder();
+ StringHolder x_signing_key_type = new StringHolder();
+ StringHolder x_signing_key_curvename = new StringHolder();
+ StringHolder x_signing_signingalgorithm = new StringHolder();
+
+ // key properties (custom - audit_signing)
+ StringHolder x_audit_signing_key_size = new StringHolder();
+ StringHolder x_audit_signing_key_type = new StringHolder();
+ StringHolder x_audit_signing_key_curvename = new StringHolder();
+
+ // key properties (custom - subsystem)
+ StringHolder x_subsystem_key_size = new StringHolder();
+ StringHolder x_subsystem_key_type = new StringHolder();
+ StringHolder x_subsystem_key_curvename = new StringHolder();
+
+ // key properties (custom - sslserver)
+ StringHolder x_sslserver_key_size = new StringHolder();
+ StringHolder x_sslserver_key_type = new StringHolder();
+ StringHolder x_sslserver_key_curvename = new StringHolder();
+
+ StringHolder x_token_name = new StringHolder();
+ StringHolder x_token_pwd = new StringHolder();
+
+ StringHolder x_agent_key_size = new StringHolder();
+ StringHolder x_agent_key_type = new StringHolder();
+ StringHolder x_agent_cert_subject = new StringHolder();
+
+ StringHolder x_agent_name = new StringHolder();
+ StringHolder x_backup_pwd = new StringHolder();
+ StringHolder x_backup_fname = new StringHolder();
+
+ // ca cert subject name params
+ StringHolder x_ocsp_sign_cert_subject_name = new StringHolder();
+ StringHolder x_ocsp_subsystem_cert_subject_name = new StringHolder();
+ StringHolder x_ocsp_server_cert_subject_name = new StringHolder();
+ StringHolder x_ocsp_audit_signing_cert_subject_name = new StringHolder();
+
+ // subsystemName
+ StringHolder x_subsystem_name = new StringHolder();
+
+ // parse the args
+ ArgParser parser = new ArgParser("ConfigureOCSP");
+
+ parser.addOption("-cs_hostname %s #CS Hostname",
+ x_cs_hostname);
+ parser.addOption("-cs_port %s #CS SSL Admin port",
+ x_cs_port);
+
+ parser.addOption("-sd_hostname %s #Security Domain Hostname",
+ x_sd_hostname);
+ parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port",
+ x_sd_ssl_port);
+ parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port",
+ x_sd_agent_port);
+ parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port",
+ x_sd_admin_port);
+ parser.addOption("-sd_admin_name %s #Security Domain Admin Name",
+ x_sd_admin_name);
+ parser.addOption("-sd_admin_password %s #Security Domain Admin password",
+ x_sd_admin_password);
+
+ parser.addOption("-ca_hostname %s #CA Hostname",
+ x_ca_hostname);
+ parser.addOption("-ca_port %s #CA non-SSL EE port",
+ x_ca_port);
+ parser.addOption("-ca_ssl_port %s #CA SSL EE port",
+ x_ca_ssl_port);
+
+ parser.addOption("-client_certdb_dir %s #Client CertDB dir",
+ x_client_certdb_dir);
+ parser.addOption("-client_certdb_pwd %s #client certdb password",
+ x_client_certdb_pwd);
+ parser.addOption("-preop_pin %s #pre op pin",
+ x_preop_pin);
+ parser.addOption("-domain_name %s #domain name",
+ x_domain_name);
+ parser.addOption("-admin_user %s #Admin User Name",
+ x_admin_user);
+ parser.addOption("-admin_email %s #Admin email",
+ x_admin_email);
+ parser.addOption("-admin_password %s #Admin password",
+ x_admin_password);
+ parser.addOption("-agent_name %s #Agent Cert Nickname",
+ x_agent_name);
+
+ parser.addOption("-ldap_host %s #ldap host",
+ x_ldap_host);
+ parser.addOption("-ldap_port %s #ldap port",
+ x_ldap_port);
+ parser.addOption("-bind_dn %s #ldap bind dn",
+ x_bind_dn);
+ parser.addOption("-bind_password %s #ldap bind password",
+ x_bind_password);
+ parser.addOption("-base_dn %s #base dn",
+ x_base_dn);
+ parser.addOption("-db_name %s #db name",
+ x_db_name);
+ parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
+ parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+
+ // key and algorithm options (default)
+ parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
+ parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
+ parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
+ parser.addOption(
+ "-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)",
+ x_signing_algorithm);
+
+ // key and algorithm options for signing certificate (overrides default)
+ parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type);
+ parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size);
+ parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_signing_key_curvename);
+ parser.addOption(
+ "-signing_signingalgorithm %s #Algorithm used be ocsp signing cert to sign objects (optional, default is signing_algorithm)",
+ x_signing_signingalgorithm);
+
+ // key and algorithm options for audit_signing certificate (overrides default)
+ parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
+
+ // key and algorithm options for subsystem certificate (overrides default)
+ parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
+
+ // key and algorithm options for sslserver certificate (overrides default)
+ parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
+
+ parser.addOption("-token_name %s #HSM/Software Token name",
+ x_token_name);
+ parser.addOption("-token_pwd %s #HSM/Software Token password (optional, required for HSM)",
+ x_token_pwd);
+
+ parser.addOption("-agent_key_size %s #Agent Cert Key Size",
+ x_agent_key_size);
+ parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]",
+ x_agent_key_type);
+ parser.addOption("-agent_cert_subject %s #Agent Cert Subject",
+ x_agent_cert_subject);
+
+ parser.addOption("-backup_pwd %s #PKCS12 password",
+ x_backup_pwd);
+
+ parser.addOption(
+ "-ocsp_sign_cert_subject_name %s #OCSP cert subject name",
+ x_ocsp_sign_cert_subject_name);
+ parser.addOption(
+ "-ocsp_subsystem_cert_subject_name %s #OCSP subsystem cert subject name",
+ x_ocsp_subsystem_cert_subject_name);
+ parser.addOption(
+ "-ocsp_server_cert_subject_name %s #OCSP server cert subject name",
+ x_ocsp_server_cert_subject_name);
+
+ parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-ocsp.p12",
+ x_backup_fname);
+
+ parser.addOption(
+ "-subsystem_name %s #OCSP subsystem name",
+ x_subsystem_name);
+
+ parser.addOption(
+ "-ocsp_audit_signing_cert_subject_name %s #OCSP audit signing cert subject name",
+ x_ocsp_audit_signing_cert_subject_name);
+
+ // and then match the arguments
+ String[] unmatched = null;
+ unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED);
+
+ if (unmatched != null) {
+ System.out.println("ERROR: Argument Mismatch");
+ System.exit(-1);
+ }
+
+ parser.checkRequiredArgs();
+
+ // set variables
+ cs_hostname = x_cs_hostname.value;
+ cs_port = x_cs_port.value;
+
+ sd_hostname = x_sd_hostname.value;
+ sd_ssl_port = x_sd_ssl_port.value;
+ sd_agent_port = x_sd_agent_port.value;
+ sd_admin_port = x_sd_admin_port.value;
+ sd_admin_name = x_sd_admin_name.value;
+ sd_admin_password = x_sd_admin_password.value;
+
+ ca_hostname = x_ca_hostname.value;
+ ca_port = x_ca_port.value;
+ ca_ssl_port = x_ca_ssl_port.value;
+
+ client_certdb_dir = x_client_certdb_dir.value;
+ client_certdb_pwd = x_client_certdb_pwd.value;
+ pin = x_preop_pin.value;
+ domain_name = x_domain_name.value;
+
+ admin_user = x_admin_user.value;
+ admin_email = x_admin_email.value;
+ admin_password = x_admin_password.value;
+ agent_name = x_agent_name.value;
+
+ ldap_host = x_ldap_host.value;
+ ldap_port = x_ldap_port.value;
+ bind_dn = x_bind_dn.value;
+ bind_password = x_bind_password.value;
+ base_dn = x_base_dn.value;
+ db_name = x_db_name.value;
+ secure_conn = set_default(x_secure_conn.value, "false");
+ remove_data = set_default(x_remove_data.value, "false");
+
+ key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE);
+ signing_key_type = set_default(x_signing_key_type.value, key_type);
+ audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type);
+ subsystem_key_type = set_default(x_subsystem_key_type.value, key_type);
+ sslserver_key_type = set_default(x_sslserver_key_type.value, key_type);
+
+ key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE);
+ signing_key_size = set_default(x_signing_key_size.value, key_size);
+ audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size);
+ subsystem_key_size = set_default(x_subsystem_key_size.value, key_size);
+ sslserver_key_size = set_default(x_sslserver_key_size.value, key_size);
+
+ key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME);
+ signing_key_curvename = set_default(x_signing_key_curvename.value, key_curvename);
+ audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename);
+ subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename);
+ sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename);
+
+ if (signing_key_type.equalsIgnoreCase("RSA")) {
+ signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA);
+ } else {
+ signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC);
+ }
+ signing_signingalgorithm = set_default(x_signing_signingalgorithm.value, signing_algorithm);
+
+ token_name = x_token_name.value;
+ token_pwd = x_token_pwd.value;
+
+ agent_key_size = x_agent_key_size.value;
+ agent_key_type = x_agent_key_type.value;
+ agent_cert_subject = x_agent_cert_subject.value;
+
+ backup_pwd = x_backup_pwd.value;
+ backup_fname = set_default(x_backup_fname.value, "/root/tmp-ocsp.p12");
+
+ ocsp_sign_cert_subject_name = x_ocsp_sign_cert_subject_name.value;
+ ocsp_subsystem_cert_subject_name =
+ x_ocsp_subsystem_cert_subject_name.value;
+ ocsp_server_cert_subject_name = x_ocsp_server_cert_subject_name.value;
+ ocsp_audit_signing_cert_subject_name = x_ocsp_audit_signing_cert_subject_name.value;
+
+ subsystem_name = x_subsystem_name.value;
+
+ boolean st = ca.ConfigureOCSPInstance();
+
+ if (!st) {
+ System.out.println("ERROR: unable to create OCSP");
+ System.exit(-1);
+ }
+
+ System.out.println("Certificate System - OCSP Instance Configured");
+ System.exit(0);
+
+ }
+
+};
diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureRA.java b/base/silent/src/com/netscape/pkisilent/ConfigureRA.java
new file mode 100644
index 000000000..3de70a067
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/ConfigureRA.java
@@ -0,0 +1,881 @@
+package com.netscape.pkisilent;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.ByteArrayInputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+
+import com.netscape.pkisilent.argparser.ArgParser;
+import com.netscape.pkisilent.argparser.StringHolder;
+import com.netscape.pkisilent.common.ComCrypto;
+import com.netscape.pkisilent.common.ParseXML;
+import com.netscape.pkisilent.http.HTTPClient;
+import com.netscape.pkisilent.http.HTTPResponse;
+import com.netscape.cmsutil.util.Utils;
+
+public class ConfigureRA {
+
+ // define global variables
+
+ public static HTTPClient hc = null;
+
+ public static String login_uri = "/ra/admin/console/config/login";
+ public static String wizard_uri = "/ra/admin/console/config/wizard";
+ public static String admin_uri = "/ca/admin/ca/getBySerial";
+
+ public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin";
+ public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie";
+ public static String sd_update_domain_uri = "/ca/agent/ca/updateDomainXML";
+ public static String pkcs12_uri = "/ra/admin/console/config/savepkcs12";
+
+ public static String cs_hostname = null;
+ public static String cs_port = null;
+ public static String cs_clientauth_port = null;
+
+ public static String sd_hostname = null;
+ public static String sd_ssl_port = null;
+ public static String sd_agent_port = null;
+ public static String sd_admin_port = null;
+ public static String sd_admin_name = null;
+ public static String sd_admin_password = null;
+
+ public static String ca_hostname = null;
+ public static String ca_port = null;
+ public static String ca_ssl_port = null;
+ public static String ca_admin_port = null;
+
+ public static String client_certdb_dir = null;
+ public static String client_certdb_pwd = null;
+
+ // Login Panel
+ public static String pin = null;
+
+ public static String domain_name = null;
+
+ public static String admin_user = null;
+ public static String admin_email = null;
+ public static String admin_password = null;
+ public static String admin_serial_number = null;
+ public static String agent_name = null;
+
+ public static String key_size = null;
+ public static String key_type = null;
+ public static String token_name = null;
+ public static String token_pwd = null;
+
+ public static String agent_key_size = null;
+ public static String agent_key_type = null;
+ public static String agent_cert_subject = null;
+
+ public static String server_cert_name = null;
+ public static String server_cert_req = null;
+ public static String server_cert_pp = null;
+ public static String server_cert_cert = null;
+
+ public static String ra_subsystem_cert_name = null;
+ public static String ra_subsystem_cert_req = null;
+ public static String ra_subsystem_cert_pp = null;
+ public static String ra_subsystem_cert_cert = null;
+
+ // names
+ public static String ra_server_cert_subject_name = null;
+ public static String ra_server_cert_nickname = null;
+ public static String ra_subsystem_cert_subject_name = null;
+ public static String ra_subsystem_cert_nickname = null;
+ public static String subsystem_name = null;
+
+ // Security Domain Login Panel
+ public static String ra_session_id = null;
+
+ // Admin Certificate Request Panel
+ public static String requestor_name = null;
+
+ public ConfigureRA() {
+ // do nothing :)
+ }
+
+ public void sleep_time() {
+ try {
+ System.out.println("Sleeping for 5 secs..");
+ Thread.sleep(5000);
+ } catch (Exception e) {
+ System.out.println("ERROR: sleep problem");
+ }
+
+ }
+
+ public boolean LoginPanel() {
+ boolean st = false;
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "pin=" + pin + "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string);
+ System.out.println("xml returned: " + hr.getHTML());
+
+ // parse xml here - nothing to parse
+
+ // no cookie for ra
+ // get cookie
+ String temp = hr.getCookieValue("pin");
+
+ if (temp != null) {
+ int index = temp.indexOf(";");
+ HTTPClient.j_session_id = temp.substring(0, index);
+ st = true;
+ }
+
+ hr = null;
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ "p=0&op=next&xml=true");
+
+ // parse xml here
+
+ bais = new ByteArrayInputStream(
+ hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ st = true;
+ return st;
+ }
+
+ public boolean DomainPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String domain_url = "https://" + sd_hostname + ":" + sd_admin_port;
+
+ String query_string = "p=1" +
+ "&choice=existingdomain" +
+ "&sdomainURL=" +
+ URLEncoder.encode(domain_url, "UTF-8") +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+
+ }
+
+ public boolean DisplayChainPanel() {
+ String query_string = "p=2" + "&op=next" + "&xml=true";
+ hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ return true;
+
+ }
+
+ public boolean SecurityDomainLoginPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+
+ String ra_url = "https://" + cs_hostname + ":" + cs_port +
+ "/ra/admin/console/config/wizard" +
+ "?p=3&subsystem=RA";
+
+ String query_string = "url=" + URLEncoder.encode(ra_url, "UTF-8") + "";
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string);
+
+ String query_string_1 = "uid=" + sd_admin_name +
+ "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") +
+ "&url=" + URLEncoder.encode(ra_url, "UTF-8") +
+ "";
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri,
+ query_string_1);
+
+ // get session id from security domain
+ sleep_time();
+
+ ra_session_id = hr.getContentValue("header.session_id");
+ String ra_url_1 = hr.getContentValue("header.url");
+
+ System.out.println("RA_SESSION_ID=" + ra_session_id);
+ System.out.println("RA_URL=" + ra_url_1);
+
+ // use session id to connect back to RA
+
+ String query_string_2 = "p=3" +
+ "&subsystem=RA" +
+ "&session_id=" + ra_session_id +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string_2);
+
+ // parse xml - no parsing
+
+ return true;
+
+ }
+
+ public boolean SubsystemPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ sleep_time();
+ String query_string = "p=3" +
+ "&choice=newsubsystem" +
+ "&subsystemName=" +
+ URLEncoder.encode(subsystem_name, "UTF-8") +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ sleep_time();
+
+ // CA choice panel
+ query_string = "p=4" +
+ "&urls=0" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean DBPanel() {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ // SQL LITE PANEL
+
+ String query_string = "p=5" + "&op=next" + "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean TokenChoicePanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ ////////////////////////////////////////////////////////
+ String query_string = null;
+
+ // Software Token
+ if (token_name.equalsIgnoreCase("internal")) {
+ query_string = "p=6" +
+ "&choice=" +
+ URLEncoder.encode("NSS Certificate DB", "UTF-8") +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+ }
+ // HSM
+ else {
+ // login to hsm first
+ query_string = "p=7" +
+ "&uTokName=" +
+ URLEncoder.encode(token_name, "UTF-8") +
+ "&__uPasswd=" +
+ URLEncoder.encode(token_pwd, "UTF-8") +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ // choice with token name now
+ query_string = "p=6" +
+ "&choice=" +
+ URLEncoder.encode(token_name, "UTF-8") +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ }
+
+ return true;
+ }
+
+ public boolean KeyPanel() {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=8" +
+ "&keytype=" + key_type +
+ "&choice=default" +
+ "&custom_size=" + key_size +
+ "&sslserver_keytype=" + key_type +
+ "&sslserver_choice=custom" +
+ "&sslserver_custom_size=" + key_size +
+ "&subsystem_keytype=" + key_type +
+ "&subsystem_choice=custom" +
+ "&subsystem_custom_size=" + key_size +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean CertSubjectPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=9" +
+ "&sslserver=" +
+ URLEncoder.encode(ra_server_cert_subject_name, "UTF-8") +
+ "&sslserver_nick=" +
+ URLEncoder.encode(ra_server_cert_nickname, "UTF-8") +
+ "&subsystem=" +
+ URLEncoder.encode(ra_subsystem_cert_subject_name, "UTF-8") +
+ "&subsystem_nick=" +
+ URLEncoder.encode(ra_subsystem_cert_nickname, "UTF-8") +
+ "&urls=0" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean CertificatePanel() {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=10" +
+ "&sslserver=" +
+ "&sslserver_cc=" +
+ "&subsystem=" +
+ "&subsystem_cc=" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean AdminCertReqPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ String admin_cert_request = null;
+
+ requestor_name = "RA-" + cs_hostname + "-" + cs_clientauth_port;
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ agent_cert_subject,
+ agent_key_size,
+ agent_key_type);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.setTransportCert(null);
+ cCrypt.setDualKey(false);
+ cCrypt.loginDB();
+
+ String crmf_request = cCrypt.generateCRMFrequest();
+
+ if (crmf_request == null) {
+ System.out.println("ERROR: AdminCertReqPanel() cert req gen failed");
+ return false;
+ }
+
+ admin_cert_request = crmf_request;
+
+ String query_string = "p=11" +
+ "&uid=" + admin_user +
+ "&name=" +
+ URLEncoder.encode("RA Administrator", "UTF-8") +
+ "&email=" +
+ URLEncoder.encode(admin_email, "UTF-8") +
+ "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&cert_request=" +
+ URLEncoder.encode(admin_cert_request, "UTF-8") +
+ "&display=0" +
+ "&profileId=" + "caAdminCert" +
+ "&cert_request_type=" + "crmf" +
+ "&import=true" +
+ "&uid=" + admin_user +
+ "&clone=0" +
+ "&securitydomain=" +
+ URLEncoder.encode(domain_name, "UTF-8") +
+ "&subject=" +
+ URLEncoder.encode(agent_cert_subject, "UTF-8") +
+ "&requestor_name=" +
+ URLEncoder.encode(requestor_name, "UTF-8") +
+ "&sessionID=" + ra_session_id +
+ "&auth_hostname=" + ca_hostname +
+ "&auth_port=" + ca_ssl_port +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ admin_serial_number = px.getvalue("serialNumber");
+
+ return true;
+ }
+
+ public boolean AdminCertImportPanel() throws UnsupportedEncodingException {
+ boolean st = false;
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ String cert_to_import = null;
+
+ String query_string = "serialNumber=" + admin_serial_number +
+ "&importCert=" + "true" +
+ "";
+
+ // NOTE: CA, DRM, OCSP, and TKS use the Security Domain Admin Port;
+ // whereas RA and TPS use the CA Admin Port associated with
+ // the 'CA choice panel' as invoked from the SubsystemPanel()
+ // which MAY or MAY NOT be the same CA as the CA specified
+ // by the Security Domain.
+ hr = hc.sslConnect(ca_hostname, ca_admin_port, admin_uri, query_string);
+
+ try {
+ // cert_to_import =
+ // new sun.misc.BASE64Encoder().encode(hr.getResponseData());
+ cert_to_import =
+ Utils.base64encode(hr.getResponseData());
+
+ } catch (Exception e) {
+ System.out.println("ERROR: failed to retrieve cert");
+ }
+
+ System.out.println("Imported Cert=" + cert_to_import);
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ String start = "-----BEGIN CERTIFICATE-----\r\n";
+ String end = "\r\n-----END CERTIFICATE-----";
+
+ st = cCrypt.importCert(start + cert_to_import + end, agent_name);
+ if (!st) {
+ System.out.println("ERROR: AdminCertImportPanel() during cert import");
+ return false;
+ }
+
+ System.out.println("SUCCESS: imported admin user cert");
+
+ String query_string_1 = "p=12" +
+ "&serialNumber=" + admin_serial_number +
+ "&caHost=" +
+ URLEncoder.encode(ca_hostname, "UTF-8") +
+ "&caPort=" + ca_admin_port +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_1);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean ConfigureRAInstance() throws UnsupportedEncodingException {
+ // 0. login to cert db
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ // instantiate http client
+ hc = new HTTPClient();
+
+ sleep_time();
+ // 1. Login panel
+ boolean log_st = LoginPanel();
+ if (!log_st) {
+ System.out.println("ERROR: JSESSIONID not found.");
+ System.out.println("ERROR: ConfigureRA: LoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 2. domain panel
+ boolean dom_st = DomainPanel();
+ if (!dom_st) {
+ System.out.println("ERROR: ConfigureRA: DomainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 3. display cert chain panel
+ boolean disp_st = DisplayChainPanel();
+ if (!disp_st) {
+ System.out.println("ERROR: ConfigureRA: DisplayChainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // security domain login panel
+ boolean disp_sd = SecurityDomainLoginPanel();
+ if (!disp_sd) {
+ System.out.println("ERROR: ConfigureRA: SecurityDomainLoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 4. subsystem panel
+ boolean disp_ss = SubsystemPanel();
+ if (!disp_ss) {
+ System.out.println("ERROR: ConfigureRA: SubsystemPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 5. ldap connection panel
+ boolean disp_ldap = DBPanel();
+ if (!disp_ldap) {
+ System.out.println("ERROR: ConfigureRA: DBPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 6. Token Choice Panel
+ boolean disp_token = TokenChoicePanel();
+ if (!disp_token) {
+ System.out.println("ERROR: ConfigureRA: TokenChoicePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 8. Key Panel
+ boolean disp_key = KeyPanel();
+ if (!disp_key) {
+ System.out.println("ERROR: ConfigureRA: KeyPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 9. Cert Subject Panel
+ boolean disp_csubj = CertSubjectPanel();
+ if (!disp_csubj) {
+ System.out.println("ERROR: ConfigureRA: CertSubjectPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 10. Certificate Panel
+ boolean disp_cp = CertificatePanel();
+ if (!disp_cp) {
+ System.out.println("ERROR: ConfigureRA: CertificatePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 11. Admin Cert Req Panel
+ boolean disp_adm = AdminCertReqPanel();
+ if (!disp_adm) {
+ System.out.println("ERROR: ConfigureRA: AdminCertReqPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 12. Admin Cert import Panel
+ boolean disp_im = AdminCertImportPanel();
+ if (!disp_im) {
+ System.out.println("ERROR: ConfigureRA: AdminCertImportPanel() failure");
+ return false;
+ }
+
+ return true;
+ }
+
+ public static void main(String args[]) throws UnsupportedEncodingException {
+ ConfigureRA ca = new ConfigureRA();
+
+ // set variables
+ StringHolder x_cs_hostname = new StringHolder();
+ StringHolder x_cs_port = new StringHolder();
+ StringHolder x_cs_clientauth_port = new StringHolder();
+
+ StringHolder x_sd_hostname = new StringHolder();
+ StringHolder x_sd_ssl_port = new StringHolder();
+ StringHolder x_sd_agent_port = new StringHolder();
+ StringHolder x_sd_admin_port = new StringHolder();
+ StringHolder x_sd_admin_name = new StringHolder();
+ StringHolder x_sd_admin_password = new StringHolder();
+
+ StringHolder x_ca_hostname = new StringHolder();
+ StringHolder x_ca_port = new StringHolder();
+ StringHolder x_ca_ssl_port = new StringHolder();
+ StringHolder x_ca_admin_port = new StringHolder();
+
+ StringHolder x_client_certdb_dir = new StringHolder();
+ StringHolder x_client_certdb_pwd = new StringHolder();
+ StringHolder x_preop_pin = new StringHolder();
+
+ StringHolder x_domain_name = new StringHolder();
+
+ StringHolder x_admin_user = new StringHolder();
+ StringHolder x_admin_email = new StringHolder();
+ StringHolder x_admin_password = new StringHolder();
+
+ // key size
+ StringHolder x_token_name = new StringHolder();
+ StringHolder x_token_pwd = new StringHolder();
+ StringHolder x_key_size = new StringHolder();
+ StringHolder x_key_type = new StringHolder();
+
+ StringHolder x_agent_key_size = new StringHolder();
+ StringHolder x_agent_key_type = new StringHolder();
+ StringHolder x_agent_cert_subject = new StringHolder();
+
+ StringHolder x_agent_name = new StringHolder();
+
+ // ra cert subject name params
+ StringHolder x_ra_server_cert_subject_name = new StringHolder();
+ StringHolder x_ra_server_cert_nickname = new StringHolder();
+ StringHolder x_ra_subsystem_cert_subject_name = new StringHolder();
+ StringHolder x_ra_subsystem_cert_nickname = new StringHolder();
+
+ // subsystemName
+ StringHolder x_subsystem_name = new StringHolder();
+
+ // parse the args
+ ArgParser parser = new ArgParser("ConfigureRA");
+
+ parser.addOption("-cs_hostname %s #CS Hostname",
+ x_cs_hostname);
+ parser.addOption("-cs_port %s #CS SSL port",
+ x_cs_port);
+ parser.addOption("-cs_clientauth_port %s #CS SSL port",
+ x_cs_clientauth_port);
+
+ parser.addOption("-sd_hostname %s #Security Domain Hostname",
+ x_sd_hostname);
+ parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port",
+ x_sd_ssl_port);
+ parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port",
+ x_sd_agent_port);
+ parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port",
+ x_sd_admin_port);
+ parser.addOption("-sd_admin_name %s #Security Domain username",
+ x_sd_admin_name);
+ parser.addOption("-sd_admin_password %s #Security Domain password",
+ x_sd_admin_password);
+
+ parser.addOption("-ca_hostname %s #CA Hostname",
+ x_ca_hostname);
+ parser.addOption("-ca_port %s #CA non-SSL port",
+ x_ca_port);
+ parser.addOption("-ca_ssl_port %s #CA SSL port",
+ x_ca_ssl_port);
+ parser.addOption("-ca_admin_port %s #CA SSL Admin port",
+ x_ca_admin_port);
+
+ parser.addOption("-client_certdb_dir %s #Client CertDB dir",
+ x_client_certdb_dir);
+ parser.addOption("-client_certdb_pwd %s #client certdb password",
+ x_client_certdb_pwd);
+ parser.addOption("-preop_pin %s #pre op pin",
+ x_preop_pin);
+ parser.addOption("-domain_name %s #domain name",
+ x_domain_name);
+ parser.addOption("-admin_user %s #Admin User Name",
+ x_admin_user);
+ parser.addOption("-admin_email %s #Admin email",
+ x_admin_email);
+ parser.addOption("-admin_password %s #Admin password",
+ x_admin_password);
+ parser.addOption("-agent_name %s #Agent Cert Nickname",
+ x_agent_name);
+
+ parser.addOption("-token_name %s #HSM/Software Token name",
+ x_token_name);
+ parser.addOption("-token_pwd %s #HSM/Software Token password",
+ x_token_pwd);
+ parser.addOption("-key_size %s #Key Size",
+ x_key_size);
+ parser.addOption("-key_type %s #Key type [rsa,ecc]",
+ x_key_type);
+
+ parser.addOption("-agent_key_size %s #Agent Cert Key Size",
+ x_agent_key_size);
+ parser.addOption("-agent_key_type %s #Agent cert Key type [rsa]",
+ x_agent_key_type);
+ parser.addOption("-agent_cert_subject %s #Agent cert Subject",
+ x_agent_cert_subject);
+
+ parser.addOption(
+ "-ra_server_cert_subject_name %s #RA server cert subject name",
+ x_ra_server_cert_subject_name);
+ parser.addOption(
+ "-ra_server_cert_nickname %s #RA server cert nickname",
+ x_ra_server_cert_nickname);
+ parser.addOption(
+ "-ra_subsystem_cert_subject_name %s #RA subsystem cert subject name",
+ x_ra_subsystem_cert_subject_name);
+ parser.addOption(
+ "-ra_subsystem_cert_nickname %s #RA subsystem cert nickname",
+ x_ra_subsystem_cert_nickname);
+
+ parser.addOption(
+ "-subsystem_name %s #RA subsystem name",
+ x_subsystem_name);
+
+ // and then match the arguments
+ String[] unmatched = null;
+ unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED);
+
+ if (unmatched != null) {
+ System.out.println("ERROR: Argument Mismatch");
+ System.exit(-1);
+ }
+
+ // set variables
+ cs_hostname = x_cs_hostname.value;
+ cs_port = x_cs_port.value;
+ cs_clientauth_port = x_cs_clientauth_port.value;
+
+ sd_hostname = x_sd_hostname.value;
+ sd_ssl_port = x_sd_ssl_port.value;
+ sd_agent_port = x_sd_agent_port.value;
+ sd_admin_port = x_sd_admin_port.value;
+ sd_admin_name = x_sd_admin_name.value;
+ sd_admin_password = x_sd_admin_password.value;
+
+ ca_hostname = x_ca_hostname.value;
+ ca_port = x_ca_port.value;
+ ca_ssl_port = x_ca_ssl_port.value;
+ ca_admin_port = x_ca_admin_port.value;
+
+ client_certdb_dir = x_client_certdb_dir.value;
+ client_certdb_pwd = x_client_certdb_pwd.value;
+ pin = x_preop_pin.value;
+ domain_name = x_domain_name.value;
+
+ admin_user = x_admin_user.value;
+ admin_email = x_admin_email.value;
+ admin_password = x_admin_password.value;
+ agent_name = x_agent_name.value;
+
+ key_size = x_key_size.value;
+ key_type = x_key_type.value;
+ token_name = x_token_name.value;
+ token_pwd = x_token_pwd.value;
+
+ agent_key_size = x_agent_key_size.value;
+ agent_key_type = x_agent_key_type.value;
+ agent_cert_subject = x_agent_cert_subject.value;
+
+ ra_server_cert_subject_name =
+ x_ra_server_cert_subject_name.value;
+ ra_server_cert_nickname =
+ x_ra_server_cert_nickname.value;
+ ra_subsystem_cert_subject_name =
+ x_ra_subsystem_cert_subject_name.value;
+ ra_subsystem_cert_nickname =
+ x_ra_subsystem_cert_nickname.value;
+
+ subsystem_name = x_subsystem_name.value;
+
+ boolean st = ca.ConfigureRAInstance();
+
+ if (!st) {
+ System.out.println("ERROR: unable to create RA");
+ System.exit(-1);
+ }
+
+ System.out.println("Certificate System - RA Instance Configured");
+ System.exit(0);
+
+ }
+
+};
diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java b/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java
new file mode 100644
index 000000000..706827c74
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java
@@ -0,0 +1,1249 @@
+package com.netscape.pkisilent;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.ByteArrayInputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+
+import com.netscape.pkisilent.argparser.ArgParser;
+import com.netscape.pkisilent.argparser.StringHolder;
+import com.netscape.pkisilent.common.ComCrypto;
+import com.netscape.pkisilent.common.ParseXML;
+import com.netscape.pkisilent.http.HTTPClient;
+import com.netscape.pkisilent.http.HTTPResponse;
+import com.netscape.cmsutil.util.Utils;
+
+public class ConfigureSubCA {
+
+ // global constants
+ public static final String DEFAULT_KEY_TYPE = "RSA";
+ public static final String DEFAULT_KEY_SIZE = "2048";
+ public static final String DEFAULT_KEY_CURVENAME = "nistp256";
+ public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA";
+ public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC";
+
+ // define global variables
+
+ public static HTTPClient hc = null;
+
+ public static String login_uri = "/ca/admin/console/config/login";
+ public static String wizard_uri = "/ca/admin/console/config/wizard";
+ public static String admin_uri = "/ca/admin/ca/getBySerial";
+
+ public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin";
+ public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie";
+ public static String pkcs12_uri = "/ca/admin/console/config/savepkcs12";
+
+ public static String cs_hostname = null;
+ public static String cs_port = null;
+
+ public static String sd_hostname = null;
+ public static String sd_ssl_port = null;
+ public static String sd_agent_port = null;
+ public static String sd_admin_port = null;
+ public static String sd_admin_name = null;
+ public static String sd_admin_password = null;
+
+ public static String ca_hostname = null;
+ public static String ca_port = null;
+ public static String ca_ssl_port = null;
+
+ public static String client_certdb_dir = null;
+ public static String client_certdb_pwd = null;
+
+ // Login Panel
+ public static String pin = null;
+
+ public static String domain_name = null;
+
+ public static String admin_user = null;
+ public static String admin_email = null;
+ public static String admin_password = null;
+ public static String admin_serial_number = null;
+ public static String agent_name = null;
+
+ public static String ldap_host = null;
+ public static String ldap_port = null;
+ public static String bind_dn = null;
+ public static String bind_password = null;
+ public static String base_dn = null;
+ public static String db_name = null;
+ public static String secure_conn = null;
+ public static String remove_data = null;
+
+ public static String key_type = null;
+ public static String key_size = null;
+ public static String key_curvename = null;
+ public static String key_algorithm = null;
+ public static String signing_algorithm = null;
+
+ public static String signing_key_type = null;
+ public static String signing_key_size = null;
+ public static String signing_key_curvename = null;
+ public static String signing_signingalgorithm = null;
+
+ public static String ocsp_signing_key_type = null;
+ public static String ocsp_signing_key_size = null;
+ public static String ocsp_signing_key_curvename = null;
+ public static String ocsp_signing_signingalgorithm = null;
+
+ public static String subsystem_key_type = null;
+ public static String subsystem_key_size = null;
+ public static String subsystem_key_curvename = null;
+
+ public static String audit_signing_key_type = null;
+ public static String audit_signing_key_size = null;
+ public static String audit_signing_key_curvename = null;
+
+ public static String sslserver_key_type = null;
+ public static String sslserver_key_size = null;
+ public static String sslserver_key_curvename = null;
+
+ public static String token_name = null;
+ public static String token_pwd = null;
+
+ public static String agent_key_size = null;
+ public static String agent_key_type = null;
+ public static String agent_cert_subject = null;
+
+ public static String ca_cert_name = null;
+ public static String ca_cert_req = null;
+ public static String ca_cert_pp = null;
+ public static String ca_cert_cert = null;
+
+ public static String ocsp_cert_name = null;
+ public static String ocsp_cert_req = null;
+ public static String ocsp_cert_pp = null;
+ public static String ocsp_cert_cert = null;
+
+ public static String server_cert_name = null;
+ public static String server_cert_req = null;
+ public static String server_cert_pp = null;
+ public static String server_cert_cert = null;
+
+ public static String ca_subsystem_cert_name = null;
+ public static String ca_subsystem_cert_req = null;
+ public static String ca_subsystem_cert_pp = null;
+ public static String ca_subsystem_cert_cert = null;
+
+ public static String ca_audit_signing_cert_name = null;
+ public static String ca_audit_signing_cert_req = null;
+ public static String ca_audit_signing_cert_pp = null;
+ public static String ca_audit_signing_cert_cert = null;
+
+ public static String backup_pwd = null;
+
+ public static String subsystem_name = null;
+
+ // names
+ public static String subca_sign_cert_subject_name = null;
+ public static String subca_subsystem_cert_subject_name = null;
+ public static String subca_ocsp_cert_subject_name = null;
+ public static String subca_server_cert_subject_name = null;
+ public static String subca_audit_signing_cert_subject_name = null;
+
+ public ConfigureSubCA() {
+ // do nothing :)
+ }
+
+ public void sleep_time() {
+ try {
+ System.out.println("Sleeping for 5 secs..");
+ Thread.sleep(5000);
+ } catch (Exception e) {
+ System.out.println("ERROR: sleep problem");
+ }
+
+ }
+
+ public boolean LoginPanel() {
+ boolean st = false;
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "pin=" + pin + "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string);
+ System.out.println("xml returned: " + hr.getHTML());
+
+ // parse xml here - nothing to parse
+
+ // get cookie
+ String temp = hr.getCookieValue("JSESSIONID");
+
+ if (temp != null) {
+ int index = temp.indexOf(";");
+ HTTPClient.j_session_id = temp.substring(0, index);
+ st = true;
+ }
+
+ hr = null;
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ "p=0&op=next&xml=true");
+
+ // parse xml here
+
+ bais = new ByteArrayInputStream(
+ hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return st;
+ }
+
+ public boolean TokenChoicePanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ ///////////////////////////////////////////////////////
+ String query_string = null;
+
+ // Software Token
+ if (token_name.equalsIgnoreCase("internal")) {
+ query_string = "p=1" + "&op=next" + "&xml=true" +
+ "&choice=" +
+ URLEncoder.encode("Internal Key Storage Token", "UTF-8") +
+ "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+ }
+ // HSM
+ else {
+ // login to hsm first
+ query_string = "p=2" + "&op=next" + "&xml=true" +
+ "&uTokName=" +
+ URLEncoder.encode(token_name, "UTF-8") +
+ "&__uPasswd=" +
+ URLEncoder.encode(token_pwd, "UTF-8") +
+ "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ // choice with token name now
+ query_string = "p=1" + "&op=next" + "&xml=true" +
+ "&choice=" +
+ URLEncoder.encode(token_name, "UTF-8") +
+ "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ }
+
+ return true;
+ }
+
+ public boolean DomainPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String domain_url = "https://" + sd_hostname + ":" + sd_admin_port;
+
+ String query_string = "sdomainURL=" +
+ URLEncoder.encode(domain_url, "UTF-8") +
+ "&sdomainName=" +
+ URLEncoder.encode(domain_name, "UTF-8") +
+ "&choice=existingdomain" +
+ "&p=3" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ String query_string_1 = "p=4" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_1);
+
+ return true;
+
+ }
+
+ public boolean SecurityDomainLoginPanel() throws UnsupportedEncodingException {
+ String subca_url = "https://" + cs_hostname + ":" + cs_port +
+ "/ca/admin/console/config/wizard" +
+ "?p=5&subsystem=CA";
+
+ String query_string = "url=" + URLEncoder.encode(subca_url, "UTF-8");
+
+ HTTPResponse hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string);
+
+ String query_string_1 = "uid=" + sd_admin_name +
+ "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") +
+ "&url=" + URLEncoder.encode(subca_url, "UTF-8");
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri,
+ query_string_1);
+
+ // get session id from security domain
+
+ String subca_session_id = hr.getContentValue("header.session_id");
+ String subca_url_1 = hr.getContentValue("header.url");
+
+ System.out.println("SUBCA_SESSION_ID=" + subca_session_id);
+ System.out.println("SUBCA_URL=" + subca_url_1);
+
+ // use session id to connect back to subCA
+
+ String query_string_2 = "p=5" +
+ "&subsystem=CA" +
+ "&session_id=" + subca_session_id +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string_2);
+
+ return true;
+
+ }
+
+ public boolean DisplayChainPanel() throws UnsupportedEncodingException {
+ String query_string = "p=5" + "&op=next" + "&xml=true" +
+ "&choice=newsubsystem" +
+ "&subsystemName=" +
+ URLEncoder.encode(subsystem_name, "UTF-8") +
+ "&subsystemName=" +
+ URLEncoder.encode(subsystem_name, "UTF-8") +
+ "&urls=0";
+ hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ // bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ // px.parse(bais);
+ // px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean HierarchyPanel() {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=8" + "&op=next" + "&xml=true" +
+ "&choice=join";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+
+ }
+
+ public boolean LdapConnectionPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=9" + "&op=next" + "&xml=true" +
+ "&host=" + URLEncoder.encode(ldap_host, "UTF-8") +
+ "&port=" + URLEncoder.encode(ldap_port, "UTF-8") +
+ "&basedn=" + URLEncoder.encode(base_dn, "UTF-8") +
+ "&database=" + URLEncoder.encode(db_name, "UTF-8") +
+ "&binddn=" + URLEncoder.encode(bind_dn, "UTF-8") +
+ "&__bindpwd=" + URLEncoder.encode(bind_password, "UTF-8") +
+ "&display=" + URLEncoder.encode("$displayStr", "UTF-8") +
+ (secure_conn.equals("true") ? "&secureConn=on" : "") +
+ (remove_data.equals("true") ? "&removeData=true" : "");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean KeyPanel() {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ ArrayList<String> al = null;
+
+ String query_string = "p=10" + "&op=next" + "&xml=true"
+ + "&subsystem_custom_size=" + subsystem_key_size
+ + "&subsystem_custom_curvename=" + subsystem_key_curvename
+ + "&subsystem_keytype=" + subsystem_key_type
+ + "&subsystem_choice=custom"
+ + "&sslserver_custom_size=" + sslserver_key_size
+ + "&sslserver_custom_curvename=" + sslserver_key_curvename
+ + "&sslserver_keytype=" + sslserver_key_type
+ + "&sslserver_choice=custom"
+ + "&signing_custom_size=" + signing_key_size
+ + "&signing_custom_curvename=" + signing_key_curvename
+ + "&signing_keytype=" + signing_key_type
+ + "&signing_choice=custom"
+ + "&signing_keyalgorithm=" + key_algorithm
+ + "&signing_signingalgorithm=" + signing_signingalgorithm
+ + "&ocsp_signing_custom_size=" + ocsp_signing_key_size
+ + "&ocsp_signing_custom_curvename=" + ocsp_signing_key_curvename
+ + "&ocsp_signing_keytype=" + ocsp_signing_key_type
+ + "&ocsp_signing_choice=custom"
+ + "&ocsp_signing_signingalgorithm=" + ocsp_signing_signingalgorithm
+ + "&audit_signing_custom_size=" + audit_signing_key_size
+ + "&audit_signing_custom_curvename=" + audit_signing_key_curvename
+ + "&audit_signing_keytype=" + audit_signing_key_type
+ + "&audit_signing_choice=custom"
+ + "&custom_size=" + key_size
+ + "&custom_curvename=" + key_curvename
+ + "&keytype=" + key_type
+ + "&choice=custom"
+ + "&signingalgorithm=" + signing_algorithm
+ + "&keyalgorithm=" + key_algorithm;
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ al = px.constructValueList("CertReqPair", "DN");
+ // get ca cert subject name
+ if (al != null) {
+ for (int i = 0; i < al.size(); i++) {
+ String temp = al.get(i);
+ if (temp.indexOf("Certificate Authority") > 0) {
+ ca_cert_name = temp;
+ } else if (temp.indexOf("OCSP Signing Certificate") > 0) {
+ ocsp_cert_name = temp;
+ } else if (temp.indexOf("Subsystem Certificate") > 0) {
+ ca_subsystem_cert_name = temp;
+ } else if (temp.indexOf("Audit Signing Certificate") > 0) {
+ ca_audit_signing_cert_name = temp;
+ } else {
+ server_cert_name = temp;
+ }
+ }
+ }
+
+ System.out.println("default: ca_cert_name=" + ca_cert_name);
+ System.out.println("default: ocsp_cert_name=" + ocsp_cert_name);
+ System.out.println("default: ca_subsystem_cert_name=" +
+ ca_subsystem_cert_name);
+ System.out.println("default: server_cert_name=" + server_cert_name);
+ System.out.println("default: ca_audit_signing_cert_name=" +
+ ca_audit_signing_cert_name);
+ return true;
+ }
+
+ public boolean CertSubjectPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ ArrayList<String> req_list = null;
+ ArrayList<String> cert_list = null;
+ ArrayList<String> dn_list = null;
+
+ String query_string = "p=11" + "&op=next" + "&xml=true" +
+ "&signing=" +
+ URLEncoder.encode(subca_sign_cert_subject_name, "UTF-8") +
+ "&ocsp_signing=" +
+ URLEncoder.encode(subca_ocsp_cert_subject_name, "UTF-8") +
+ "&sslserver=" +
+ URLEncoder.encode(subca_server_cert_subject_name, "UTF-8") +
+ "&subsystem=" +
+ URLEncoder.encode(subca_subsystem_cert_subject_name, "UTF-8") +
+ "&audit_signing=" +
+ URLEncoder.encode(subca_audit_signing_cert_subject_name, "UTF-8") +
+ "&urls=0" +
+ "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ req_list = px.constructValueList("CertReqPair", "Request");
+ cert_list = px.constructValueList("CertReqPair", "Certificate");
+ dn_list = px.constructValueList("CertReqPair", "Nickname");
+
+ System.out.println("req_list_size=" + req_list.size());
+ System.out.println("cert_list_size=" + cert_list.size());
+ System.out.println("dn_list_size=" + dn_list.size());
+
+ if (req_list != null && cert_list != null && dn_list != null) {
+ for (int i = 0; i < dn_list.size(); i++) {
+ String temp = dn_list.get(i);
+
+ if (temp.indexOf("caSigningCert") >= 0) {
+ ca_cert_req = req_list.get(i);
+ ca_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("ocspSigningCert") >= 0) {
+ ocsp_cert_req = req_list.get(i);
+ ocsp_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("subsystemCert") >= 0) {
+ ca_subsystem_cert_req = req_list.get(i);
+ ca_subsystem_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("auditSigningCert") >= 0) {
+ ca_audit_signing_cert_req = req_list.get(i);
+ ca_audit_signing_cert_cert = cert_list.get(i);
+ } else {
+ server_cert_req = req_list.get(i);
+ server_cert_cert = cert_list.get(i);
+ }
+ }
+ }
+
+ System.out.println("ca_cert_name=" + subca_sign_cert_subject_name);
+ System.out.println("ocsp_cert_name=" + subca_ocsp_cert_subject_name);
+ System.out.println("ca_subsystem_cert_name=" +
+ subca_subsystem_cert_subject_name);
+ System.out.println("server_cert_name=" +
+ subca_server_cert_subject_name);
+ System.out.println("audit_signing_cert_name=" +
+ subca_audit_signing_cert_subject_name);
+
+ System.out.println("ca_cert_req=" + ca_cert_req);
+ System.out.println("ocsp_cert_req=" + ocsp_cert_req);
+ System.out.println("ca_subsystem_cert_req=" + ca_subsystem_cert_req);
+ System.out.println("server_cert_req=" + server_cert_req);
+ System.out.println("ca_audit_siging_cert_req=" +
+ ca_audit_signing_cert_req);
+
+ System.out.println("ca_cert_cert=" + ca_cert_cert);
+ System.out.println("ocsp_cert_cert=" + ocsp_cert_cert);
+ System.out.println("ca_subsystem_cert_cert=" + ca_subsystem_cert_cert);
+ System.out.println("server_cert_cert=" + server_cert_cert);
+ System.out.println("ca_audit_signing_cert_cert=" +
+ ca_audit_signing_cert_cert);
+
+ return true;
+ }
+
+ public boolean CertificatePanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=12" + "&op=next" + "&xml=true" +
+ "&signing=" +
+ URLEncoder.encode(ca_cert_cert, "UTF-8") +
+ "&signing_cc=" +
+ "&ocsp_signing=" +
+ URLEncoder.encode(ocsp_cert_cert, "UTF-8") +
+ "&ocsp_signing_cc=" +
+ "&sslserver=" +
+ URLEncoder.encode(server_cert_cert, "UTF-8") +
+ "&sslserver_cc=" +
+ "&subsystem=" +
+ URLEncoder.encode(ca_subsystem_cert_cert, "UTF-8") +
+ "&subsystem_cc=" +
+ "&audit_signing=" +
+ URLEncoder.encode(ca_audit_signing_cert_cert, "UTF-8") +
+ "&audit_signing_cc=" +
+ "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean BackupPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=13" + "&op=next" + "&xml=true" +
+ "&choice=backupkey" +
+ "&__pwd=" + URLEncoder.encode(backup_pwd, "UTF-8") +
+ "&__pwdagain=" + URLEncoder.encode(backup_pwd, "UTF-8");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean ImportCACertPanel() {
+ try {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ "p=15&op=next&xml=true");
+
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ } catch (Exception e) {
+ System.out.println("Exception in ImportCACertPanel(): " + e.toString());
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ public boolean AdminCertReqPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ String admin_cert_request = null;
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ agent_cert_subject,
+ agent_key_size,
+ agent_key_type);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.setTransportCert(null);
+ cCrypt.setDualKey(false);
+ cCrypt.loginDB();
+
+ String crmf_request = cCrypt.generateCRMFrequest();
+
+ if (crmf_request == null) {
+ System.out.println("ERROR: AdminCertReqPanel() cert req gen failed");
+ return false;
+ }
+
+ admin_cert_request = crmf_request;
+
+ String query_string = "p=16" + "&op=next" + "&xml=true" +
+ "&uid=" + admin_user +
+ "&name=" + URLEncoder.encode(agent_name, "UTF-8") +
+ "&email=" +
+ URLEncoder.encode(admin_email, "UTF-8") +
+ "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&cert_request=" +
+ URLEncoder.encode(admin_cert_request, "UTF-8") +
+ "&display=" + URLEncoder.encode("$displayStr", "UTF-8") +
+ "&profileId=" + "caAdminCert" +
+ "&cert_request_type=" + "crmf" +
+ "&import=true" +
+ "&uid=" + admin_user +
+ "&securitydomain=" +
+ URLEncoder.encode(domain_name, "UTF-8") +
+ "&subject=" +
+ URLEncoder.encode(agent_cert_subject, "UTF-8") +
+ "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ admin_serial_number = px.getvalue("serialNumber");
+
+ return true;
+ }
+
+ public boolean AdminCertImportPanel() {
+ boolean st = false;
+
+ String query_string = "serialNumber=" + admin_serial_number +
+ "&importCert=" + "true" +
+ "";
+
+ HTTPResponse hr = hc.sslConnect(cs_hostname, cs_port, admin_uri, query_string);
+
+ // get response data
+ // String cert_to_import =
+ // new sun.misc.BASE64Encoder().encode(hr.getResponseData());
+ String cert_to_import =
+ Utils.base64encode(hr.getResponseData());
+ System.out.println("Imported Cert=" + cert_to_import);
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ String start = "-----BEGIN CERTIFICATE-----\r\n";
+ String end = "\r\n-----END CERTIFICATE-----";
+
+ st = cCrypt.importCert(start + cert_to_import + end, agent_name);
+ if (!st) {
+ System.out.println("ERROR: AdminCertImportPanel() during cert import");
+ return false;
+ }
+
+ System.out.println("SUCCESS: imported admin user cert: " + agent_name);
+
+ return true;
+ }
+
+ public boolean UpdateDomainPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=17" +
+ "&serialNumber=" + admin_serial_number +
+ "&caHost=" + URLEncoder.encode(sd_hostname, "UTF-8") +
+ "&caPort=" + URLEncoder.encode(sd_admin_port, "UTF-8") +
+ "&importCert=" + "true" +
+ "&op=next" + "&xml=true" +
+ "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ String caHost = px.getvalue("host");
+ String caPort = px.getvalue("port");
+ String systemType = px.getvalue("systemType");
+
+ System.out.println("caHost=" + caHost);
+ System.out.println("caPort=" + caPort);
+ System.out.println("systemType=" + systemType);
+
+ return true;
+ }
+
+ public boolean ConfigureSubCAInstance() throws UnsupportedEncodingException {
+ // 0. login to cert db
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ // instantiate http client
+ hc = new HTTPClient();
+
+ sleep_time();
+ // 0. Login panel
+ boolean log_st = LoginPanel();
+ if (!log_st) {
+ System.out.println("ERROR: ConfigureSubCA: LoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 1. Token Choice Panel
+ boolean disp_token = TokenChoicePanel();
+ if (!disp_token) {
+ System.out.println("ERROR: ConfigureSubCA: TokenChoicePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 2. domain panel
+ boolean dom_st = DomainPanel();
+ if (!dom_st) {
+ System.out.println("ERROR: ConfigureSubCA: DomainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 3. domain panel
+ boolean sd_st = SecurityDomainLoginPanel();
+ if (!sd_st) {
+ System.out.println("ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 4. display cert chain panel
+ boolean disp_st = DisplayChainPanel();
+ if (!disp_st) {
+ System.out.println("ERROR: ConfigureSubCA: DisplayChainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 6. hierarchy panel
+ boolean disp_h = HierarchyPanel();
+ if (!disp_h) {
+ System.out.println("ERROR: ConfigureSubCA: HierarchyPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 7. ldap connection panel
+ boolean disp_ldap = LdapConnectionPanel();
+ if (!disp_ldap) {
+ System.out.println("ERROR: ConfigureSubCA: LdapConnectionPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ sleep_time();
+ // 10. Key Panel
+ boolean disp_key = KeyPanel();
+ if (!disp_key) {
+ System.out.println("ERROR: ConfigureSubCA: KeyPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 11. Cert Subject Panel
+ boolean disp_csubj = CertSubjectPanel();
+ if (!disp_csubj) {
+ System.out.println("ERROR: ConfigureSubCA: CertSubjectPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 12. Certificate Panel
+ boolean disp_cp = CertificatePanel();
+ if (!disp_cp) {
+ System.out.println("ERROR: ConfigureSubCA: CertificatePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 13. Backup Panel
+ boolean disp_back = BackupPanel();
+ if (!disp_back) {
+ System.out.println("ERROR: ConfigureSubCA: BackupPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 15. Import CA Certificate Panel
+ boolean disp_cert = ImportCACertPanel();
+ if (!disp_cert) {
+ System.out.println("ERROR: ConfigureSubCA: ImportCACertPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 16. Admin Cert Req Panel
+ boolean disp_adm = AdminCertReqPanel();
+ if (!disp_adm) {
+ System.out.println("ERROR: ConfigureSubCA: AdminCertReqPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ boolean disp_im = AdminCertImportPanel();
+ if (!disp_im) {
+ System.out.println("ERROR: ConfigureSubCA: AdminCertImportPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 17. Update Domain Panel
+ boolean disp_ud = UpdateDomainPanel();
+ if (!disp_ud) {
+ System.out.println("ERROR: ConfigureSubCA: UpdateDomainPanel() failure");
+ return false;
+ }
+
+ return true;
+ }
+
+ private static String set_default(String val, String def) {
+ if ((val == null) || (val.equals(""))) {
+ return def;
+ } else {
+ return val;
+ }
+ }
+
+ public static void main(String args[]) throws UnsupportedEncodingException {
+ ConfigureSubCA ca = new ConfigureSubCA();
+
+ // set variables
+ StringHolder x_cs_hostname = new StringHolder();
+ StringHolder x_cs_port = new StringHolder();
+
+ StringHolder x_sd_hostname = new StringHolder();
+ StringHolder x_sd_ssl_port = new StringHolder();
+ StringHolder x_sd_agent_port = new StringHolder();
+ StringHolder x_sd_admin_port = new StringHolder();
+ StringHolder x_sd_admin_name = new StringHolder();
+ StringHolder x_sd_admin_password = new StringHolder();
+
+ StringHolder x_ca_hostname = new StringHolder();
+ StringHolder x_ca_port = new StringHolder();
+ StringHolder x_ca_ssl_port = new StringHolder();
+
+ StringHolder x_client_certdb_dir = new StringHolder();
+ StringHolder x_client_certdb_pwd = new StringHolder();
+ StringHolder x_preop_pin = new StringHolder();
+
+ StringHolder x_domain_name = new StringHolder();
+
+ StringHolder x_admin_user = new StringHolder();
+ StringHolder x_admin_email = new StringHolder();
+ StringHolder x_admin_password = new StringHolder();
+
+ // ldap
+ StringHolder x_ldap_host = new StringHolder();
+ StringHolder x_ldap_port = new StringHolder();
+ StringHolder x_bind_dn = new StringHolder();
+ StringHolder x_bind_password = new StringHolder();
+ StringHolder x_base_dn = new StringHolder();
+ StringHolder x_db_name = new StringHolder();
+ StringHolder x_secure_conn = new StringHolder();
+ StringHolder x_remove_data = new StringHolder();
+
+ // key properties (defaults)
+ StringHolder x_key_size = new StringHolder();
+ StringHolder x_key_type = new StringHolder();
+ StringHolder x_key_curvename = new StringHolder();
+ StringHolder x_key_algorithm = new StringHolder();
+ StringHolder x_signing_algorithm = new StringHolder();
+
+ // key properties (custom - signing)
+ StringHolder x_signing_key_size = new StringHolder();
+ StringHolder x_signing_key_type = new StringHolder();
+ StringHolder x_signing_key_curvename = new StringHolder();
+ StringHolder x_signing_signingalgorithm = new StringHolder();
+
+ // key properties (custom - ocsp_signing)
+ StringHolder x_ocsp_signing_key_size = new StringHolder();
+ StringHolder x_ocsp_signing_key_type = new StringHolder();
+ StringHolder x_ocsp_signing_key_curvename = new StringHolder();
+ StringHolder x_ocsp_signing_signingalgorithm = new StringHolder();
+
+ // key properties (custom - audit_signing)
+ StringHolder x_audit_signing_key_size = new StringHolder();
+ StringHolder x_audit_signing_key_type = new StringHolder();
+ StringHolder x_audit_signing_key_curvename = new StringHolder();
+
+ // key properties (custom - subsystem)
+ StringHolder x_subsystem_key_size = new StringHolder();
+ StringHolder x_subsystem_key_type = new StringHolder();
+ StringHolder x_subsystem_key_curvename = new StringHolder();
+
+ // key properties (custom - sslserver)
+ StringHolder x_sslserver_key_size = new StringHolder();
+ StringHolder x_sslserver_key_type = new StringHolder();
+ StringHolder x_sslserver_key_curvename = new StringHolder();
+
+ StringHolder x_token_name = new StringHolder();
+ StringHolder x_token_pwd = new StringHolder();
+
+ StringHolder x_agent_key_size = new StringHolder();
+ StringHolder x_agent_key_type = new StringHolder();
+ StringHolder x_agent_cert_subject = new StringHolder();
+
+ StringHolder x_agent_name = new StringHolder();
+ StringHolder x_backup_pwd = new StringHolder();
+
+ // subsystem name
+ StringHolder x_subsystem_name = new StringHolder();
+
+ // subject names
+ StringHolder x_subca_sign_cert_subject_name = new StringHolder();
+ StringHolder x_subca_subsystem_cert_subject_name = new StringHolder();
+ StringHolder x_subca_ocsp_cert_subject_name = new StringHolder();
+ StringHolder x_subca_server_cert_subject_name = new StringHolder();
+ StringHolder x_subca_audit_signing_cert_subject_name = new StringHolder();
+
+ // parse the args
+ ArgParser parser = new ArgParser("ConfigureSubCA");
+
+ parser.addOption("-cs_hostname %s #CS Hostname",
+ x_cs_hostname);
+ parser.addOption("-cs_port %s #CS SSL port",
+ x_cs_port);
+
+ parser.addOption("-sd_hostname %s #Security Domain Hostname",
+ x_sd_hostname);
+ parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port",
+ x_sd_ssl_port);
+ parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port",
+ x_sd_agent_port);
+ parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port",
+ x_sd_admin_port);
+ parser.addOption("-sd_admin_name %s #Security Domain admin name",
+ x_sd_admin_name);
+ parser.addOption("-sd_admin_password %s #Security Domain admin password",
+ x_sd_admin_password);
+
+ parser.addOption("-ca_hostname %s #CA Hostname",
+ x_ca_hostname);
+ parser.addOption("-ca_port %s #CA non-SSL port",
+ x_ca_port);
+ parser.addOption("-ca_ssl_port %s #CA SSL port",
+ x_ca_ssl_port);
+
+ parser.addOption("-client_certdb_dir %s #Client CertDB dir",
+ x_client_certdb_dir);
+ parser.addOption("-client_certdb_pwd %s #client certdb password",
+ x_client_certdb_pwd);
+ parser.addOption("-preop_pin %s #pre op pin",
+ x_preop_pin);
+ parser.addOption("-domain_name %s #domain name",
+ x_domain_name);
+ parser.addOption("-admin_user %s #Admin User Name",
+ x_admin_user);
+ parser.addOption("-admin_email %s #Admin email",
+ x_admin_email);
+ parser.addOption("-admin_password %s #Admin password",
+ x_admin_password);
+ parser.addOption("-agent_name %s #Agent Cert Nickname",
+ x_agent_name);
+
+ parser.addOption("-ldap_host %s #ldap host",
+ x_ldap_host);
+ parser.addOption("-ldap_port %s #ldap port",
+ x_ldap_port);
+ parser.addOption("-bind_dn %s #ldap bind dn",
+ x_bind_dn);
+ parser.addOption("-bind_password %s #ldap bind password",
+ x_bind_password);
+ parser.addOption("-base_dn %s #base dn",
+ x_base_dn);
+ parser.addOption("-db_name %s #db name",
+ x_db_name);
+ parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
+ parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+
+ // key and algorithm options (default)
+ parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
+ parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
+ parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
+ parser.addOption(
+ "-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)",
+ x_key_algorithm);
+ parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)",
+ x_signing_algorithm);
+
+ // key and algorithm options for signing certificate (overrides default)
+ parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type);
+ parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size);
+ parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_signing_key_curvename);
+ parser.addOption(
+ "-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)",
+ x_signing_signingalgorithm);
+
+ // key and algorithm options for ocsp_signing certificate (overrides default)
+ parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_ocsp_signing_key_type);
+ parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_ocsp_signing_key_size);
+ parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_ocsp_signing_key_curvename);
+ parser.addOption(
+ "-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)",
+ x_ocsp_signing_signingalgorithm);
+
+ // key and algorithm options for audit_signing certificate (overrides default)
+ parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
+
+ // key and algorithm options for subsystem certificate (overrides default)
+ parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
+
+ // key and algorithm options for sslserver certificate (overrides default)
+ parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
+
+ parser.addOption("-token_name %s #HSM/Software Token name",
+ x_token_name);
+ parser.addOption("-token_pwd %s #HSM/Software Token password (optional - required for HSM)",
+ x_token_pwd);
+
+ parser.addOption("-agent_key_size %s #Agent Cert Key Size",
+ x_agent_key_size);
+ parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]",
+ x_agent_key_type);
+ parser.addOption("-agent_cert_subject %s #Agent Cert Subject",
+ x_agent_cert_subject);
+
+ parser.addOption("-backup_pwd %s #PKCS12 backup password",
+ x_backup_pwd);
+
+ parser.addOption("-subsystem_name %s #Subsystem name",
+ x_subsystem_name);
+
+ parser.addOption(
+ "-subca_sign_cert_subject_name %s #subCA cert subject name",
+ x_subca_sign_cert_subject_name);
+ parser.addOption(
+ "-subca_subsystem_cert_subject_name %s #subCA subsystem cert subject name",
+ x_subca_subsystem_cert_subject_name);
+ parser.addOption(
+ "-subca_ocsp_cert_subject_name %s #subCA ocsp cert subject name",
+ x_subca_ocsp_cert_subject_name);
+ parser.addOption(
+ "-subca_server_cert_subject_name %s #subCA server cert subject name",
+ x_subca_server_cert_subject_name);
+ parser.addOption(
+ "-subca_audit_signing_cert_subject_name %s #CA audit signing cert subject name",
+ x_subca_audit_signing_cert_subject_name);
+
+ // and then match the arguments
+ String[] unmatched = null;
+ unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED);
+
+ if (unmatched != null) {
+ System.out.println("ERROR: Argument Mismatch");
+ System.exit(-1);
+ }
+
+ parser.checkRequiredArgs();
+
+ // set variables
+ cs_hostname = x_cs_hostname.value;
+ cs_port = x_cs_port.value;
+
+ sd_hostname = x_sd_hostname.value;
+ sd_ssl_port = x_sd_ssl_port.value;
+ sd_agent_port = x_sd_agent_port.value;
+ sd_admin_port = x_sd_admin_port.value;
+ sd_admin_name = x_sd_admin_name.value;
+ sd_admin_password = x_sd_admin_password.value;
+
+ ca_hostname = x_ca_hostname.value;
+ ca_port = x_ca_port.value;
+ ca_ssl_port = x_ca_ssl_port.value;
+
+ client_certdb_dir = x_client_certdb_dir.value;
+ client_certdb_pwd = x_client_certdb_pwd.value;
+ pin = x_preop_pin.value;
+ domain_name = x_domain_name.value;
+ admin_user = x_admin_user.value;
+ admin_email = x_admin_email.value;
+ admin_password = x_admin_password.value;
+ agent_name = x_agent_name.value;
+
+ ldap_host = x_ldap_host.value;
+ ldap_port = x_ldap_port.value;
+ bind_dn = x_bind_dn.value;
+ bind_password = x_bind_password.value;
+ base_dn = x_base_dn.value;
+ db_name = x_db_name.value;
+ secure_conn = set_default(x_secure_conn.value, "false");
+ remove_data = set_default(x_remove_data.value, "false");
+
+ key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE);
+ signing_key_type = set_default(x_signing_key_type.value, key_type);
+ ocsp_signing_key_type = set_default(x_ocsp_signing_key_type.value, key_type);
+ audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type);
+ subsystem_key_type = set_default(x_subsystem_key_type.value, key_type);
+ sslserver_key_type = set_default(x_sslserver_key_type.value, key_type);
+
+ key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE);
+ signing_key_size = set_default(x_signing_key_size.value, key_size);
+ ocsp_signing_key_size = set_default(x_ocsp_signing_key_size.value, key_size);
+ audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size);
+ subsystem_key_size = set_default(x_subsystem_key_size.value, key_size);
+ sslserver_key_size = set_default(x_sslserver_key_size.value, key_size);
+
+ key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME);
+ signing_key_curvename = set_default(x_signing_key_curvename.value, key_curvename);
+ ocsp_signing_key_curvename = set_default(x_ocsp_signing_key_curvename.value, key_curvename);
+ audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename);
+ subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename);
+ sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename);
+
+ if (signing_key_type.equalsIgnoreCase("RSA")) {
+ key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA);
+ } else {
+ key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC);
+ }
+
+ signing_algorithm = set_default(x_signing_algorithm.value, key_algorithm);
+ signing_signingalgorithm = set_default(x_signing_signingalgorithm.value, signing_algorithm);
+ ocsp_signing_signingalgorithm = set_default(x_ocsp_signing_signingalgorithm.value, signing_algorithm);
+
+ token_name = x_token_name.value;
+ token_pwd = x_token_pwd.value;
+
+ agent_key_size = x_agent_key_size.value;
+ agent_key_type = x_agent_key_type.value;
+ agent_cert_subject = x_agent_cert_subject.value;
+
+ backup_pwd = x_backup_pwd.value;
+ subsystem_name = x_subsystem_name.value;
+
+ subca_sign_cert_subject_name = x_subca_sign_cert_subject_name.value;
+ subca_subsystem_cert_subject_name =
+ x_subca_subsystem_cert_subject_name.value;
+ subca_ocsp_cert_subject_name = x_subca_ocsp_cert_subject_name.value;
+ subca_server_cert_subject_name = x_subca_server_cert_subject_name.value;
+ subca_audit_signing_cert_subject_name = x_subca_audit_signing_cert_subject_name.value;
+
+ boolean st = ca.ConfigureSubCAInstance();
+
+ if (!st) {
+ System.out.println("ERROR: unable to create Subordinate CA");
+ System.exit(-1);
+ }
+
+ System.out.println("Certificate System - Subordinate CA Instance Configured.");
+ System.exit(0);
+
+ }
+
+};
diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java b/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java
new file mode 100644
index 000000000..760690888
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java
@@ -0,0 +1,1121 @@
+package com.netscape.pkisilent;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.InputStreamReader;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.ArrayList;
+
+import org.mozilla.jss.asn1.SEQUENCE;
+import org.mozilla.jss.pkcs12.AuthenticatedSafes;
+import org.mozilla.jss.pkcs12.PFX;
+
+import com.netscape.pkisilent.argparser.ArgParser;
+import com.netscape.pkisilent.argparser.StringHolder;
+import com.netscape.pkisilent.common.ComCrypto;
+import com.netscape.pkisilent.common.ParseXML;
+import com.netscape.pkisilent.http.HTTPClient;
+import com.netscape.pkisilent.http.HTTPResponse;
+import com.netscape.cmsutil.util.Utils;
+
+public class ConfigureTKS {
+
+ public static final String DEFAULT_KEY_TYPE = "RSA";
+ public static final String DEFAULT_KEY_SIZE = "2048";
+ public static final String DEFAULT_KEY_CURVENAME = "nistp256";
+
+ // define global variables
+
+ public static HTTPClient hc = null;
+
+ public static String login_uri = "/tks/admin/console/config/login";
+ public static String wizard_uri = "/tks/admin/console/config/wizard";
+ public static String admin_uri = "/ca/admin/ca/getBySerial";
+
+ public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin";
+ public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie";
+ public static String pkcs12_uri = "/tks/admin/console/config/savepkcs12";
+
+ public static String cs_hostname = null;
+ public static String cs_port = null;
+
+ public static String sd_hostname = null;
+ public static String sd_ssl_port = null;
+ public static String sd_agent_port = null;
+ public static String sd_admin_port = null;
+ public static String sd_admin_name = null;
+ public static String sd_admin_password = null;
+
+ public static String ca_hostname = null;
+ public static String ca_port = null;
+ public static String ca_ssl_port = null;
+
+ public static String client_certdb_dir = null;
+ public static String client_certdb_pwd = null;
+
+ // Login Panel
+ public static String pin = null;
+
+ public static String domain_name = null;
+
+ public static String admin_user = null;
+ public static String admin_email = null;
+ public static String admin_password = null;
+ public static String admin_serial_number = null;
+ public static String agent_name = null;
+
+ public static String ldap_host = null;
+ public static String ldap_port = null;
+ public static String bind_dn = null;
+ public static String bind_password = null;
+ public static String base_dn = null;
+ public static String db_name = null;
+ public static String secure_conn = null;
+ public static String remove_data = null;
+
+ public static String key_type = null;
+ public static String key_size = null;
+ public static String key_curvename = null;
+
+ public static String subsystem_key_type = null;
+ public static String subsystem_key_size = null;
+ public static String subsystem_key_curvename = null;
+
+ public static String audit_signing_key_type = null;
+ public static String audit_signing_key_size = null;
+ public static String audit_signing_key_curvename = null;
+
+ public static String sslserver_key_type = null;
+ public static String sslserver_key_size = null;
+ public static String sslserver_key_curvename = null;
+
+ public static String token_name = null;
+ public static String token_pwd = null;
+
+ public static String agent_key_size = null;
+ public static String agent_key_type = null;
+ public static String agent_cert_subject = null;
+
+ public static String server_cert_name = null;
+ public static String server_cert_req = null;
+ public static String server_cert_pp = null;
+ public static String server_cert_cert = null;
+
+ public static String tks_subsystem_cert_name = null;
+ public static String tks_subsystem_cert_req = null;
+ public static String tks_subsystem_cert_pp = null;
+ public static String tks_subsystem_cert_cert = null;
+
+ public static String tks_audit_signing_cert_name = null;
+ public static String tks_audit_signing_cert_req = null;
+ public static String tks_audit_signing_cert_pp = null;
+ public static String tks_audit_signing_cert_cert = null;
+
+ public static String backup_pwd = null;
+ public static String backup_fname = null;
+
+ // names
+ public static String tks_subsystem_cert_subject_name = null;
+ public static String tks_server_cert_subject_name = null;
+ public static String subsystem_name = null;
+ public static String tks_audit_signing_cert_subject_name = null;
+
+ public ConfigureTKS() {
+ // do nothing :)
+ }
+
+ public void sleep_time() {
+ try {
+ System.out.println("Sleeping for 5 secs..");
+ Thread.sleep(5000);
+ } catch (Exception e) {
+ System.out.println("ERROR: sleep problem");
+ }
+ }
+
+ public boolean LoginPanel() {
+ boolean st = false;
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "pin=" + pin + "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string);
+ System.out.println("xml returned: " + hr.getHTML());
+
+ // parse xml here - nothing to parse
+
+ // get cookie
+ String temp = hr.getCookieValue("JSESSIONID");
+
+ if (temp != null) {
+ int index = temp.indexOf(";");
+ HTTPClient.j_session_id = temp.substring(0, index);
+ st = true;
+ }
+
+ hr = null;
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ "p=0&op=next&xml=true");
+
+ // parse xml here
+
+ bais = new ByteArrayInputStream(
+ hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return st;
+ }
+
+ public boolean TokenChoicePanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = null;
+
+ // Software Token
+ if (token_name.equalsIgnoreCase("internal")) {
+ query_string = "p=1" + "&op=next" + "&xml=true" +
+ "&choice=" +
+ URLEncoder.encode("Internal Key Storage Token", "UTF-8") +
+ "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+ }
+ // HSM
+ else {
+ // login to hsm first
+ query_string = "p=2" + "&op=next" + "&xml=true" +
+ "&uTokName=" +
+ URLEncoder.encode(token_name, "UTF-8") +
+ "&__uPasswd=" +
+ URLEncoder.encode(token_pwd, "UTF-8") +
+ "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ // choice with token name now
+ query_string = "p=1" + "&op=next" + "&xml=true" +
+ "&choice=" +
+ URLEncoder.encode(token_name, "UTF-8") +
+ "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+ }
+
+ return true;
+ }
+
+ public boolean DomainPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String domain_url = "https://" + sd_hostname + ":" + sd_admin_port;
+
+ String query_string = "sdomainURL=" +
+ URLEncoder.encode(domain_url, "UTF-8") +
+ "&choice=existingdomain" +
+ "&p=3" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+
+ }
+
+ public boolean DisplayChainPanel() {
+ String query_string = "p=4" + "&op=next" + "&xml=true";
+ hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ // bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ // px.parse(bais);
+ // px.prettyprintxml();
+
+ return true;
+
+ }
+
+ public boolean SecurityDomainLoginPanel() throws UnsupportedEncodingException {
+ String tks_url = "https://" + cs_hostname + ":" + cs_port +
+ "/tks/admin/console/config/wizard" +
+ "?p=5&subsystem=TKS";
+
+ String query_string = "url=" + URLEncoder.encode(tks_url, "UTF-8");
+
+ HTTPResponse hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string);
+
+ String query_string_1 = "uid=" + sd_admin_name +
+ "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") +
+ "&url=" + URLEncoder.encode(tks_url, "UTF-8");
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri,
+ query_string_1);
+
+ // get session id from security domain
+
+ String tks_session_id = hr.getContentValue("header.session_id");
+ String tks_url_1 = hr.getContentValue("header.url");
+
+ System.out.println("TKS_SESSION_ID=" + tks_session_id);
+ System.out.println("TKS_URL=" + tks_url_1);
+
+ // use session id to connect back to TKS
+
+ String query_string_2 = "p=5" +
+ "&subsystem=TKS" +
+ "&session_id=" + tks_session_id +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string_2);
+
+ // parse xml
+ // bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ // px.parse(bais);
+ // px.prettyprintxml();
+
+ return true;
+
+ }
+
+ public boolean SubsystemPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=5" + "&op=next" + "&xml=true" +
+ "&subsystemName=" +
+ URLEncoder.encode(subsystem_name, "UTF-8") +
+ "&choice=newsubsystem";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean LdapConnectionPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=7" + "&op=next" + "&xml=true" +
+ "&host=" + URLEncoder.encode(ldap_host, "UTF-8") +
+ "&port=" + URLEncoder.encode(ldap_port, "UTF-8") +
+ "&binddn=" + URLEncoder.encode(bind_dn, "UTF-8") +
+ "&__bindpwd=" + URLEncoder.encode(bind_password, "UTF-8") +
+ "&basedn=" + URLEncoder.encode(base_dn, "UTF-8") +
+ "&database=" + URLEncoder.encode(db_name, "UTF-8") +
+ "&display=" + URLEncoder.encode("$displayStr", "UTF-8") +
+ (secure_conn.equals("true") ? "&secureConn=on" : "") +
+ (remove_data.equals("true") ? "&removeData=true" : "");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean KeyPanel() {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ ArrayList<String> al = null;
+
+ String query_string = "p=8" + "&op=next" + "&xml=true" +
+ "&subsystem_custom_size=" + subsystem_key_size +
+ "&sslserver_custom_size=" + sslserver_key_size +
+ "&audit_signing_custom_size=" + audit_signing_key_size +
+ "&custom_size=" + key_size +
+ "&subsystem_custom_curvename=" + subsystem_key_curvename +
+ "&sslserver_custom_curvename=" + sslserver_key_curvename +
+ "&audit_signing_custom_curvename=" + audit_signing_key_curvename +
+ "&custom_curvename=" + key_curvename +
+ "&subsystem_keytype=" + subsystem_key_type +
+ "&sslserver_keytype=" + sslserver_key_type +
+ "&audit_signing_keytype=" + audit_signing_key_type +
+ "&keytype=" + key_type +
+ "&subsystem_choice=custom" +
+ "&sslserver_choice=custom" +
+ "&audit_signing_choice=custom" +
+ "&choice=custom";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ al = px.constructValueList("CertReqPair", "DN");
+ // get ca cert subject name
+ if (al != null) {
+ for (int i = 0; i < al.size(); i++) {
+ String temp = al.get(i);
+ if (temp.indexOf("TKS Subsystem") > 0) {
+ tks_subsystem_cert_name = temp;
+ } else if (temp.indexOf("Audit Signing Certificate") > 0) {
+ tks_audit_signing_cert_name = temp;
+ } else {
+ server_cert_name = temp;
+ }
+ }
+ }
+
+ System.out.println("default: tks_subsystem_cert_name=" +
+ tks_subsystem_cert_name);
+ System.out.println("default: server_cert_name=" +
+ server_cert_name);
+ System.out.println("default: tks_audit_signing_cert_name=" + tks_audit_signing_cert_name);
+ return true;
+ }
+
+ public boolean CertSubjectPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ ArrayList<String> req_list = null;
+ ArrayList<String> cert_list = null;
+ ArrayList<String> dn_list = null;
+
+ String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port;
+
+ String query_string = "p=9" + "&op=next" + "&xml=true" +
+ "&subsystem=" +
+ URLEncoder.encode(tks_subsystem_cert_subject_name, "UTF-8") +
+ "&sslserver=" +
+ URLEncoder.encode(tks_server_cert_subject_name, "UTF-8") +
+ "&audit_signing=" +
+ URLEncoder.encode(tks_audit_signing_cert_subject_name, "UTF-8") +
+ "&urls=" +
+ URLEncoder.encode(domain_url, "UTF-8") +
+ "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ req_list = px.constructValueList("CertReqPair", "Request");
+ cert_list = px.constructValueList("CertReqPair", "Certificate");
+ dn_list = px.constructValueList("CertReqPair", "Nickname");
+
+ if (req_list != null && cert_list != null && dn_list != null) {
+ for (int i = 0; i < dn_list.size(); i++) {
+ String temp = dn_list.get(i);
+
+ if (temp.indexOf("subsystemCert") >= 0) {
+ tks_subsystem_cert_req = req_list.get(i);
+ tks_subsystem_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("auditSigningCert") >= 0) {
+ tks_audit_signing_cert_req = req_list.get(i);
+ tks_audit_signing_cert_cert = cert_list.get(i);
+ } else {
+ server_cert_req = req_list.get(i);
+ server_cert_cert = cert_list.get(i);
+ }
+ }
+ }
+
+ return true;
+ }
+
+ public boolean CertificatePanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=10" + "&op=next" + "&xml=true" +
+ "&subsystem=" +
+ URLEncoder.encode(tks_subsystem_cert_cert, "UTF-8") +
+ "&subsystem_cc=" +
+ "&sslserver=" +
+ URLEncoder.encode(server_cert_cert, "UTF-8") +
+ "&sslserver_cc=" +
+ "&audit_signing=" +
+ URLEncoder.encode(tks_audit_signing_cert_cert, "UTF-8") +
+ "&audit_signing_cc=" +
+ "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean BackupPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=11" + "&op=next" + "&xml=true" +
+ "&choice=backupkey" +
+ "&__pwd=" + URLEncoder.encode(backup_pwd, "UTF-8") +
+ "&__pwdagain=" + URLEncoder.encode(backup_pwd, "UTF-8");
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean SavePKCS12Panel() {
+ String query_string = "";
+
+ HTTPResponse hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string);
+
+ // dump hr.getResponseData() to file
+
+ try {
+ FileOutputStream fos = new FileOutputStream(backup_fname);
+ fos.write(hr.getResponseData());
+ fos.close();
+
+ // set file to permissions 600
+ String rtParams[] = { "chmod", "600", backup_fname };
+ Process proc = Runtime.getRuntime().exec(rtParams);
+
+ BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream()));
+ String line = null;
+ while ((line = br.readLine()) != null)
+ System.out.println("Error: " + line);
+ proc.waitFor();
+
+ // verify p12 file
+
+ // Decode the P12 file
+ FileInputStream fis = new FileInputStream(backup_fname);
+ PFX.Template pfxt = new PFX.Template();
+ PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048));
+ System.out.println("Decoded PFX");
+
+ // now peruse it for interesting info
+ System.out.println("Version: " + pfx.getVersion());
+ AuthenticatedSafes authSafes = pfx.getAuthSafes();
+ SEQUENCE asSeq = authSafes.getSequence();
+ System.out.println("AuthSafes has " +
+ asSeq.size() + " SafeContents");
+
+ fis.close();
+ } catch (Exception e) {
+ System.out.println("ERROR: Exception=" + e.getMessage());
+ return false;
+ }
+
+ return true;
+ }
+
+ public boolean AdminCertReqPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ String admin_cert_request = null;
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ agent_cert_subject,
+ agent_key_size,
+ agent_key_type);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.setTransportCert(null);
+ cCrypt.setDualKey(false);
+ cCrypt.loginDB();
+
+ String crmf_request = cCrypt.generateCRMFrequest();
+
+ if (crmf_request == null) {
+ System.out.println("ERROR: AdminCertReqPanel() cert req gen failed");
+ return false;
+ }
+
+ admin_cert_request = crmf_request;
+
+ String query_string = "p=13" + "&op=next" + "&xml=true" +
+ "&cert_request_type=" + "crmf" +
+ "&uid=" + admin_user +
+ "&name=" + admin_user +
+ "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&profileId=" + "caAdminCert" +
+ "&email=" +
+ URLEncoder.encode(admin_email, "UTF-8") +
+ "&cert_request=" +
+ URLEncoder.encode(admin_cert_request, "UTF-8") +
+ "&subject=" +
+ URLEncoder.encode(agent_cert_subject, "UTF-8") +
+ "&clone=new" +
+ "&import=true" +
+ "&securitydomain=" +
+ URLEncoder.encode(domain_name, "UTF-8") +
+ "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ admin_serial_number = px.getvalue("serialNumber");
+
+ return true;
+ }
+
+ public boolean AdminCertImportPanel() {
+ boolean st = false;
+
+ String query_string = "serialNumber=" + admin_serial_number +
+ "&importCert=" + "true" +
+ "";
+
+ HTTPResponse hr = hc.sslConnect(sd_hostname, sd_admin_port, admin_uri, query_string);
+
+ // get response data
+ // String cert_to_import =
+ // new sun.misc.BASE64Encoder().encode(hr.getResponseData());
+ String cert_to_import =
+ Utils.base64encode(hr.getResponseData());
+ System.out.println("Imported Cert=" + cert_to_import);
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ String start = "-----BEGIN CERTIFICATE-----\r\n";
+ String end = "\r\n-----END CERTIFICATE-----";
+
+ st = cCrypt.importCert(start + cert_to_import + end, agent_name);
+ if (!st) {
+ System.out.println("ERROR: AdminCertImportPanel() during cert import");
+ return false;
+ }
+
+ System.out.println("SUCCESS: imported admin user cert");
+ return true;
+ }
+
+ public boolean UpdateDomainPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=14" + "&op=next" + "&xml=true" +
+ "&caHost=" + URLEncoder.encode(sd_hostname, "UTF-8") +
+ "&caPort=" + URLEncoder.encode(sd_agent_port, "UTF-8") +
+ "";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean ConfigureTKSInstance() throws UnsupportedEncodingException {
+ // 0. login to cert db
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ // instantiate http client
+ hc = new HTTPClient();
+
+ sleep_time();
+ // 1. Login panel
+ boolean log_st = LoginPanel();
+ if (!log_st) {
+ System.out.println("ERROR: ConfigureTKS: LoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 2. Token Choice Panel
+ boolean disp_token = TokenChoicePanel();
+ if (!disp_token) {
+ System.out.println("ERROR: ConfigureTKS: TokenChoicePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 3. domain panel
+ boolean dom_st = DomainPanel();
+ if (!dom_st) {
+ System.out.println("ERROR: ConfigureTKS: DomainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 4. display cert chain panel
+ boolean disp_st = DisplayChainPanel();
+ if (!disp_st) {
+ System.out.println("ERROR: ConfigureTKS: DisplayChainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // security domain login panel
+ boolean disp_sd = SecurityDomainLoginPanel();
+ if (!disp_sd) {
+ System.out.println("ERROR: ConfigureTKS: SecurityDomainLoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // subsystem panel
+ boolean disp_ss = SubsystemPanel();
+ if (!disp_ss) {
+ System.out.println("ERROR: ConfigureTKS: SubsystemPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 7. ldap connection panel
+ boolean disp_ldap = LdapConnectionPanel();
+ if (!disp_ldap) {
+ System.out.println("ERROR: ConfigureTKS: LdapConnectionPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ sleep_time();
+ // 9. Key Panel
+ boolean disp_key = KeyPanel();
+ if (!disp_key) {
+ System.out.println("ERROR: ConfigureTKS: KeyPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 10. Cert Subject Panel
+ boolean disp_csubj = CertSubjectPanel();
+ if (!disp_csubj) {
+ System.out.println("ERROR: ConfigureTKS: CertSubjectPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 11. Certificate Panel
+ boolean disp_cp = CertificatePanel();
+ if (!disp_cp) {
+ System.out.println("ERROR: ConfigureTKS: CertificatePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // backup panel
+ boolean disp_back = BackupPanel();
+ if (!disp_back) {
+ System.out.println("ERROR: ConfigureTKS: BackupPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // save panel
+ boolean disp_save = SavePKCS12Panel();
+ if (!disp_save) {
+ System.out.println("ERROR: ConfigureTKS: SavePKCS12Panel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 13. Admin Cert Req Panel
+ boolean disp_adm = AdminCertReqPanel();
+ if (!disp_adm) {
+ System.out.println("ERROR: ConfigureTKS: AdminCertReqPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 14. Admin Cert import Panel
+ boolean disp_im = AdminCertImportPanel();
+ if (!disp_im) {
+ System.out.println("ERROR: ConfigureTKS: AdminCertImportPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 15. Update Domain Panel
+ boolean disp_ud = UpdateDomainPanel();
+ if (!disp_ud) {
+ System.out.println("ERROR: ConfigureTKS: UpdateDomainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ return true;
+ }
+
+ private static String set_default(String val, String def) {
+ if ((val == null) || (val.equals(""))) {
+ return def;
+ } else {
+ return val;
+ }
+ }
+
+ public static void main(String args[]) throws UnsupportedEncodingException {
+ ConfigureTKS ca = new ConfigureTKS();
+
+ // set variables
+ StringHolder x_cs_hostname = new StringHolder();
+ StringHolder x_cs_port = new StringHolder();
+
+ StringHolder x_sd_hostname = new StringHolder();
+ StringHolder x_sd_ssl_port = new StringHolder();
+ StringHolder x_sd_agent_port = new StringHolder();
+ StringHolder x_sd_admin_port = new StringHolder();
+ StringHolder x_sd_admin_name = new StringHolder();
+ StringHolder x_sd_admin_password = new StringHolder();
+
+ StringHolder x_ca_hostname = new StringHolder();
+ StringHolder x_ca_port = new StringHolder();
+ StringHolder x_ca_ssl_port = new StringHolder();
+
+ StringHolder x_client_certdb_dir = new StringHolder();
+ StringHolder x_client_certdb_pwd = new StringHolder();
+ StringHolder x_preop_pin = new StringHolder();
+
+ StringHolder x_domain_name = new StringHolder();
+
+ StringHolder x_admin_user = new StringHolder();
+ StringHolder x_admin_email = new StringHolder();
+ StringHolder x_admin_password = new StringHolder();
+
+ // ldap
+ StringHolder x_ldap_host = new StringHolder();
+ StringHolder x_ldap_port = new StringHolder();
+ StringHolder x_bind_dn = new StringHolder();
+ StringHolder x_bind_password = new StringHolder();
+ StringHolder x_base_dn = new StringHolder();
+ StringHolder x_db_name = new StringHolder();
+ StringHolder x_secure_conn = new StringHolder();
+ StringHolder x_remove_data = new StringHolder();
+
+ // key properties (defaults)
+ StringHolder x_key_size = new StringHolder();
+ StringHolder x_key_type = new StringHolder();
+ StringHolder x_key_curvename = new StringHolder();
+
+ // key properties (custom - audit_signing)
+ StringHolder x_audit_signing_key_size = new StringHolder();
+ StringHolder x_audit_signing_key_type = new StringHolder();
+ StringHolder x_audit_signing_key_curvename = new StringHolder();
+
+ // key properties (custom - subsystem)
+ StringHolder x_subsystem_key_size = new StringHolder();
+ StringHolder x_subsystem_key_type = new StringHolder();
+ StringHolder x_subsystem_key_curvename = new StringHolder();
+
+ // key properties (custom - sslserver)
+ StringHolder x_sslserver_key_size = new StringHolder();
+ StringHolder x_sslserver_key_type = new StringHolder();
+ StringHolder x_sslserver_key_curvename = new StringHolder();
+
+ StringHolder x_token_name = new StringHolder();
+ StringHolder x_token_pwd = new StringHolder();
+
+ StringHolder x_agent_key_size = new StringHolder();
+ StringHolder x_agent_key_type = new StringHolder();
+ StringHolder x_agent_cert_subject = new StringHolder();
+
+ StringHolder x_agent_name = new StringHolder();
+ StringHolder x_backup_pwd = new StringHolder();
+ StringHolder x_backup_fname = new StringHolder();
+
+ // tks cert subject name params
+ StringHolder x_tks_subsystem_cert_subject_name = new StringHolder();
+ StringHolder x_tks_server_cert_subject_name = new StringHolder();
+ StringHolder x_tks_audit_signing_cert_subject_name = new StringHolder();
+
+ // subsystemName
+ StringHolder x_subsystem_name = new StringHolder();
+
+ // parse the args
+ ArgParser parser = new ArgParser("ConfigureTKS");
+
+ parser.addOption("-cs_hostname %s #CS Hostname",
+ x_cs_hostname);
+ parser.addOption("-cs_port %s #CS SSL Admin port",
+ x_cs_port);
+
+ parser.addOption("-sd_hostname %s #Security Domain Hostname",
+ x_sd_hostname);
+ parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port",
+ x_sd_ssl_port);
+ parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port",
+ x_sd_agent_port);
+ parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port",
+ x_sd_admin_port);
+ parser.addOption("-sd_admin_name %s #Security Domain Admin Name",
+ x_sd_admin_name);
+ parser.addOption("-sd_admin_password %s #Security Domain Admin password",
+ x_sd_admin_password);
+
+ parser.addOption("-ca_hostname %s #CA Hostname",
+ x_ca_hostname);
+ parser.addOption("-ca_port %s #CA non-SSL EE port",
+ x_ca_port);
+ parser.addOption("-ca_ssl_port %s #CA SSL EE port",
+ x_ca_ssl_port);
+
+ parser.addOption("-client_certdb_dir %s #Client CertDB dir",
+ x_client_certdb_dir);
+ parser.addOption("-client_certdb_pwd %s #client certdb password",
+ x_client_certdb_pwd);
+ parser.addOption("-preop_pin %s #pre op pin",
+ x_preop_pin);
+ parser.addOption("-domain_name %s #domain name",
+ x_domain_name);
+ parser.addOption("-admin_user %s #Admin User Name",
+ x_admin_user);
+ parser.addOption("-admin_email %s #Admin email",
+ x_admin_email);
+ parser.addOption("-admin_password %s #Admin password",
+ x_admin_password);
+ parser.addOption("-agent_name %s #Agent Cert Nickname",
+ x_agent_name);
+
+ parser.addOption("-ldap_host %s #ldap host",
+ x_ldap_host);
+ parser.addOption("-ldap_port %s #ldap port",
+ x_ldap_port);
+ parser.addOption("-bind_dn %s #ldap bind dn",
+ x_bind_dn);
+ parser.addOption("-bind_password %s #ldap bind password",
+ x_bind_password);
+ parser.addOption("-base_dn %s #base dn",
+ x_base_dn);
+ parser.addOption("-db_name %s #db name",
+ x_db_name);
+ parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
+ parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+
+ // key and algorithm options (default)
+ parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
+ parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
+ parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
+
+ // key and algorithm options for audit_signing certificate (overrides default)
+ parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
+
+ // key and algorithm options for subsystem certificate (overrides default)
+ parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
+
+ // key and algorithm options for sslserver certificate (overrides default)
+ parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
+
+ parser.addOption("-token_name %s #HSM/Software Token name",
+ x_token_name);
+ parser.addOption("-token_pwd %s #HSM/Software Token password (optional, required for HSM)",
+ x_token_pwd);
+
+ parser.addOption("-agent_key_size %s #Agent Cert Key Size",
+ x_agent_key_size);
+ parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]",
+ x_agent_key_type);
+ parser.addOption("-agent_cert_subject %s #Agent Cert Subject",
+ x_agent_cert_subject);
+
+ parser.addOption("-backup_pwd %s #PKCS12 password",
+ x_backup_pwd);
+
+ parser.addOption(
+ "-tks_subsystem_cert_subject_name %s #TKS subsystem cert subject name",
+ x_tks_subsystem_cert_subject_name);
+ parser.addOption(
+ "-tks_server_cert_subject_name %s #TKS server cert subject name",
+ x_tks_server_cert_subject_name);
+
+ parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-tks.p12",
+ x_backup_fname);
+
+ parser.addOption(
+ "-subsystem_name %s #CA subsystem name",
+ x_subsystem_name);
+
+ parser.addOption(
+ "-tks_audit_signing_cert_subject_name %s #TKS audit signing cert subject name",
+ x_tks_audit_signing_cert_subject_name);
+
+ // and then match the arguments
+ String[] unmatched = null;
+ unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED);
+
+ if (unmatched != null) {
+ System.out.println("ERROR: Argument Mismatch");
+ System.exit(-1);
+ }
+
+ parser.checkRequiredArgs();
+
+ // set variables
+ cs_hostname = x_cs_hostname.value;
+ cs_port = x_cs_port.value;
+
+ sd_hostname = x_sd_hostname.value;
+ sd_ssl_port = x_sd_ssl_port.value;
+ sd_agent_port = x_sd_agent_port.value;
+ sd_admin_port = x_sd_admin_port.value;
+ sd_admin_name = x_sd_admin_name.value;
+ sd_admin_password = x_sd_admin_password.value;
+
+ ca_hostname = x_ca_hostname.value;
+ ca_port = x_ca_port.value;
+ ca_ssl_port = x_ca_ssl_port.value;
+
+ client_certdb_dir = x_client_certdb_dir.value;
+ client_certdb_pwd = x_client_certdb_pwd.value;
+ pin = x_preop_pin.value;
+ domain_name = x_domain_name.value;
+
+ admin_user = x_admin_user.value;
+ admin_email = x_admin_email.value;
+ admin_password = x_admin_password.value;
+ agent_name = x_agent_name.value;
+
+ ldap_host = x_ldap_host.value;
+ ldap_port = x_ldap_port.value;
+ bind_dn = x_bind_dn.value;
+ bind_password = x_bind_password.value;
+ base_dn = x_base_dn.value;
+ db_name = x_db_name.value;
+ secure_conn = set_default(x_secure_conn.value, "false");
+ remove_data = set_default(x_remove_data.value, "false");
+
+ key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE);
+ audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type);
+ subsystem_key_type = set_default(x_subsystem_key_type.value, key_type);
+ sslserver_key_type = set_default(x_sslserver_key_type.value, key_type);
+
+ key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE);
+ audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size);
+ subsystem_key_size = set_default(x_subsystem_key_size.value, key_size);
+ sslserver_key_size = set_default(x_sslserver_key_size.value, key_size);
+
+ key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME);
+ audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename);
+ subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename);
+ sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename);
+
+ token_name = x_token_name.value;
+ token_pwd = x_token_pwd.value;
+
+ agent_key_size = x_agent_key_size.value;
+ agent_key_type = x_agent_key_type.value;
+ agent_cert_subject = x_agent_cert_subject.value;
+
+ backup_pwd = x_backup_pwd.value;
+ backup_fname = set_default(x_backup_fname.value, "/root/tmp-tks.p12");
+
+ tks_subsystem_cert_subject_name =
+ x_tks_subsystem_cert_subject_name.value;
+ tks_server_cert_subject_name =
+ x_tks_server_cert_subject_name.value;
+
+ subsystem_name = x_subsystem_name.value;
+ tks_audit_signing_cert_subject_name = x_tks_audit_signing_cert_subject_name.value;
+
+ boolean st = ca.ConfigureTKSInstance();
+
+ if (!st) {
+ System.out.println("ERROR: unable to create TKS");
+ System.exit(-1);
+ }
+
+ System.out.println("Certificate System - TKS Instance Configured.");
+ System.exit(0);
+
+ }
+
+};
diff --git a/base/silent/src/com/netscape/pkisilent/ConfigureTPS.java b/base/silent/src/com/netscape/pkisilent/ConfigureTPS.java
new file mode 100644
index 000000000..366fb57b6
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/ConfigureTPS.java
@@ -0,0 +1,1088 @@
+package com.netscape.pkisilent;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.ByteArrayInputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+
+import com.netscape.pkisilent.argparser.ArgParser;
+import com.netscape.pkisilent.argparser.StringHolder;
+import com.netscape.pkisilent.common.ComCrypto;
+import com.netscape.pkisilent.common.ParseXML;
+import com.netscape.pkisilent.http.HTTPClient;
+import com.netscape.pkisilent.http.HTTPResponse;
+import com.netscape.cmsutil.util.Utils;
+
+public class ConfigureTPS {
+ // define global variables
+
+ public static HTTPClient hc = null;
+
+ public static String login_uri = "/tps/admin/console/config/login";
+ public static String wizard_uri = "/tps/admin/console/config/wizard";
+ public static String admin_uri = "/ca/admin/ca/getBySerial";
+
+ public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin";
+ public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie";
+ public static String sd_update_domain_uri = "/ca/agent/ca/updateDomainXML";
+ public static String pkcs12_uri = "/tps/admin/console/config/savepkcs12";
+
+ public static String cs_hostname = null;
+ public static String cs_port = null;
+ public static String cs_clientauth_port = null;
+
+ public static String sd_hostname = null;
+ public static String sd_ssl_port = null;
+ public static String sd_agent_port = null;
+ public static String sd_admin_port = null;
+ public static String sd_admin_name = null;
+ public static String sd_admin_password = null;
+
+ public static String ca_hostname = null;
+ public static String ca_port = null;
+ public static String ca_ssl_port = null;
+ public static String ca_admin_port = null;
+
+ public static String drm_hostname = null;
+ public static String drm_ssl_port = null;
+
+ public static String tks_hostname = null;
+ public static String tks_ssl_port = null;
+
+ public static String client_certdb_dir = null;
+ public static String client_certdb_pwd = null;
+
+ // Login Panel
+ public static String pin = null;
+
+ public static String domain_name = null;
+
+ public static String admin_user = null;
+ public static String admin_email = null;
+ public static String admin_password = null;
+ public static String admin_serial_number = null;
+ public static String agent_name = null;
+
+ public static String ldap_auth_host = null;
+ public static String ldap_auth_port = null;
+ public static String ldap_auth_base_dn = null;
+
+ public static String ldap_host = null;
+ public static String ldap_port = null;
+ public static String bind_dn = null;
+ public static String bind_password = null;
+ public static String base_dn = null;
+ public static String db_name = null;
+
+ public static String key_size = null;
+ public static String key_type = null;
+ public static String token_name = null;
+ public static String token_pwd = null;
+
+ public static String agent_key_size = null;
+ public static String agent_key_type = null;
+ public static String agent_cert_subject = null;
+
+ public static String tps_transport_cert_name = null;
+ public static String tps_transport_cert_req = null;
+ public static String tps_transport_cert_pp = null;
+ public static String tps_transport_cert_cert = null;
+
+ public static String tps_storage_cert_name = null;
+ public static String tps_storage_cert_req = null;
+ public static String tps_storage_cert_pp = null;
+ public static String tps_storage_cert_cert = null;
+
+ public static String server_cert_name = null;
+ public static String server_cert_req = null;
+ public static String server_cert_pp = null;
+ public static String server_cert_cert = null;
+
+ public static String tps_subsystem_cert_name = null;
+ public static String tps_subsystem_cert_req = null;
+ public static String tps_subsystem_cert_pp = null;
+ public static String tps_subsystem_cert_cert = null;
+
+ public static String tps_audit_signing_cert_name = null;
+ public static String tps_audit_signing_cert_req = null;
+ public static String tps_audit_signing_cert_pp = null;
+ public static String tps_audit_signing_cert_cert = null;
+
+ public static String ss_keygen = null;
+
+ // names
+ public static String tps_server_cert_subject_name = null;
+ public static String tps_server_cert_nickname = null;
+ public static String tps_subsystem_cert_subject_name = null;
+ public static String tps_subsystem_cert_nickname = null;
+ public static String tps_audit_signing_cert_subject_name = null;
+ public static String tps_audit_signing_cert_nickname = null;
+ public static String subsystem_name = null;
+
+ // Security Domain Login Panel
+ public static String tps_session_id = null;
+
+ // Admin Certificate Request Panel
+ public static String requestor_name = null;
+
+ public ConfigureTPS() {
+ // do nothing :)
+ }
+
+ public void sleep_time() {
+ try {
+ System.out.println("Sleeping for 5 secs..");
+ Thread.sleep(5000);
+ } catch (Exception e) {
+ System.out.println("ERROR: sleep problem");
+ }
+
+ }
+
+ public boolean LoginPanel() {
+ boolean st = false;
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "pin=" + pin + "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string);
+ System.out.println("xml returned: " + hr.getHTML());
+
+ // parse xml here - nothing to parse
+
+ // no cookie for tps
+ // get cookie
+ String temp = hr.getCookieValue("pin");
+
+ if (temp != null) {
+ int index = temp.indexOf(";");
+ HTTPClient.j_session_id = temp.substring(0, index);
+ st = true;
+ }
+
+ hr = null;
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ "p=0&op=next&xml=true");
+
+ // parse xml here
+
+ bais = new ByteArrayInputStream(
+ hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ st = true;
+ return st;
+ }
+
+ public boolean DomainPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String domain_url = "https://" + sd_hostname + ":" + sd_admin_port;
+
+ String query_string = "p=3" +
+ "&choice=existingdomain" +
+ "&sdomainURL=" +
+ URLEncoder.encode(domain_url, "UTF-8") +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+
+ }
+
+ public boolean DisplayChainPanel() {
+ String query_string = "p=4" + "&op=next" + "&xml=true";
+ hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ return true;
+
+ }
+
+ public boolean SecurityDomainLoginPanel() throws UnsupportedEncodingException {
+ String tps_url = "https://" + cs_hostname + ":" + cs_port +
+ "/tps/admin/console/config/wizard" +
+ "?p=3&subsystem=TPS";
+
+ String query_string = "url=" + URLEncoder.encode(tps_url, "UTF-8") + "";
+
+ HTTPResponse hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, query_string);
+
+ String query_string_1 = "uid=" + sd_admin_name +
+ "&pwd=" + URLEncoder.encode(sd_admin_password, "UTF-8") +
+ "&url=" + URLEncoder.encode(tps_url, "UTF-8") +
+ "";
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri,
+ query_string_1);
+
+ // get session id from security domain
+ sleep_time();
+
+ tps_session_id = hr.getContentValue("header.session_id");
+ String tps_url_1 = hr.getContentValue("header.url");
+
+ System.out.println("TPS_SESSION_ID=" + tps_session_id);
+ System.out.println("TPS_URL=" + tps_url_1);
+
+ // use session id to connect back to TPS
+
+ String query_string_2 = "p=5" +
+ "&subsystem=TPS" +
+ "&session_id=" + tps_session_id +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string_2);
+
+ // parse xml - no parsing
+
+ return true;
+
+ }
+
+ public boolean SubsystemPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ sleep_time();
+ String query_string = "p=5" +
+ "&choice=newsubsystem" +
+ "&subsystemName=" +
+ URLEncoder.encode(subsystem_name, "UTF-8") +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ sleep_time();
+
+ // CA choice panel
+ query_string = "p=6" +
+ "&urls=0" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ sleep_time();
+ query_string = "p=7" +
+ "&urls=0" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ // DRM / server side keygen panel
+
+ sleep_time();
+ if (ss_keygen.equalsIgnoreCase("true")) {
+ ss_keygen = "keygen";
+ }
+
+ query_string = "p=8" +
+ "&choice=" + ss_keygen +
+ "&urls=0" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean LdapAuthConnectionPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=9" +
+ "&host=" +
+ URLEncoder.encode(ldap_auth_host, "UTF-8") +
+ "&port=" +
+ URLEncoder.encode(ldap_auth_port, "UTF-8") +
+ "&basedn=" +
+ URLEncoder.encode(ldap_auth_base_dn, "UTF-8") +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean LdapConnectionPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=10" +
+ "&host=" +
+ URLEncoder.encode(ldap_host, "UTF-8") +
+ "&port=" +
+ URLEncoder.encode(ldap_port, "UTF-8") +
+ "&binddn=" +
+ URLEncoder.encode(bind_dn, "UTF-8") +
+ "&__bindpwd=" +
+ URLEncoder.encode(bind_password, "UTF-8") +
+ "&basedn=" +
+ URLEncoder.encode(base_dn, "UTF-8") +
+ "&database=" +
+ URLEncoder.encode(db_name, "UTF-8") +
+ "&display=" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean TokenChoicePanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ ////////////////////////////////////////////////////////
+ String query_string = null;
+
+ // Software Token
+ if (token_name.equalsIgnoreCase("internal")) {
+ query_string = "p=1" +
+ "&choice=" +
+ URLEncoder.encode("NSS Certificate DB", "UTF-8") +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+ }
+ // HSM
+ else {
+ // login to hsm first
+ query_string = "p=2" +
+ "&uTokName=" +
+ URLEncoder.encode(token_name, "UTF-8") +
+ "&__uPasswd=" +
+ URLEncoder.encode(token_pwd, "UTF-8") +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ // choice with token name now
+ query_string = "p=1" +
+ "&choice=" +
+ URLEncoder.encode(token_name, "UTF-8") +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ }
+
+ return true;
+ }
+
+ public boolean KeyPanel() {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=11" +
+ "&keytype=" + key_type +
+ "&choice=default" +
+ "&custom_size=" + key_size +
+ "&sslserver_keytype=" + key_type +
+ "&sslserver_choice=custom" +
+ "&sslserver_custom_size=" + key_size +
+ "&subsystem_keytype=" + key_type +
+ "&subsystem_choice=custom" +
+ "&subsystem_custom_size=" + key_size +
+ "&audit_signing_keytype=" + key_type +
+ "&audit_signing_choice=default" +
+ "&audit_signing_custom_size=" + key_size +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean CertSubjectPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=12" +
+ "&sslserver=" +
+ URLEncoder.encode(tps_server_cert_subject_name, "UTF-8") +
+ "&sslserver_nick=" +
+ URLEncoder.encode(tps_server_cert_nickname, "UTF-8") +
+ "&subsystem=" +
+ URLEncoder.encode(tps_subsystem_cert_subject_name, "UTF-8") +
+ "&subsystem_nick=" +
+ URLEncoder.encode(tps_subsystem_cert_nickname, "UTF-8") +
+ "&audit_signing=" +
+ URLEncoder.encode(tps_audit_signing_cert_subject_name, "UTF-8") +
+ "&audit_signing_nick=" +
+ URLEncoder.encode(tps_audit_signing_cert_nickname, "UTF-8") +
+ "&urls=0" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ // parse the certs if needed
+
+ return true;
+ }
+
+ public boolean CertificatePanel() {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+
+ String query_string = "p=13" +
+ "&sslserver=" +
+ "&sslserver_cc=" +
+ "&subsystem=" +
+ "&subsystem_cc=" +
+ "&audit_signing=" +
+ "&audit_signing_cc=" +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean AdminCertReqPanel() throws UnsupportedEncodingException {
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ String admin_cert_request = null;
+
+ requestor_name = "TPS-" + cs_hostname + "-" + cs_clientauth_port;
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ agent_cert_subject,
+ agent_key_size,
+ agent_key_type);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.setTransportCert(null);
+ cCrypt.setDualKey(false);
+ cCrypt.loginDB();
+
+ String crmf_request = cCrypt.generateCRMFrequest();
+
+ if (crmf_request == null) {
+ System.out.println("ERROR: AdminCertReqPanel() cert req gen failed");
+ return false;
+ }
+
+ admin_cert_request = crmf_request;
+
+ String query_string = "p=14" +
+ "&uid=" + admin_user +
+ "&name=" +
+ URLEncoder.encode("TPS Administrator", "UTF-8") +
+ "&email=" +
+ URLEncoder.encode(admin_email, "UTF-8") +
+ "&__pwd=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&__admin_password_again=" + URLEncoder.encode(admin_password, "UTF-8") +
+ "&cert_request=" +
+ URLEncoder.encode(admin_cert_request, "UTF-8") +
+ "&display=0" +
+ "&profileId=" + "caAdminCert" +
+ "&cert_request_type=" + "crmf" +
+ "&import=true" +
+ "&uid=" + admin_user +
+ "&clone=0" +
+ "&securitydomain=" +
+ URLEncoder.encode(domain_name, "UTF-8") +
+ "&subject=" +
+ URLEncoder.encode(agent_cert_subject, "UTF-8") +
+ "&requestor_name=" +
+ URLEncoder.encode(requestor_name, "UTF-8") +
+ "&sessionID=" + tps_session_id +
+ "&auth_hostname=" + ca_hostname +
+ "&auth_port=" + ca_ssl_port +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ admin_serial_number = px.getvalue("serialNumber");
+
+ return true;
+ }
+
+ public boolean AdminCertImportPanel() throws UnsupportedEncodingException {
+ boolean st = false;
+ HTTPResponse hr = null;
+ ByteArrayInputStream bais = null;
+ ParseXML px = new ParseXML();
+ String cert_to_import = null;
+
+ String query_string = "serialNumber=" + admin_serial_number +
+ "&importCert=" + "true" +
+ "";
+
+ // NOTE: CA, DRM, OCSP, and TKS use the Security Domain Admin Port;
+ // whereas RA and TPS use the CA Admin Port associated with
+ // the 'CA choice panel' as invoked from the SubsystemPanel()
+ // which MAY or MAY NOT be the same CA as the CA specified
+ // by the Security Domain.
+ hr = hc.sslConnect(ca_hostname, ca_admin_port, admin_uri, query_string);
+
+ try {
+ // cert_to_import =
+ // new sun.misc.BASE64Encoder().encode(hr.getResponseData());
+ cert_to_import =
+ Utils.base64encode(hr.getResponseData());
+
+ } catch (Exception e) {
+ System.out.println("ERROR: failed to retrieve cert");
+ }
+
+ System.out.println("Imported Cert=" + cert_to_import);
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ String start = "-----BEGIN CERTIFICATE-----\r\n";
+ String end = "\r\n-----END CERTIFICATE-----";
+
+ st = cCrypt.importCert(start + cert_to_import + end, agent_name);
+ if (!st) {
+ System.out.println("ERROR: AdminCertImportPanel() during cert import");
+ return false;
+ }
+
+ System.out.println("SUCCESS: imported admin user cert");
+
+ String query_string_1 = "p=15" +
+ "&serialNumber=" + admin_serial_number +
+ "&caHost=" +
+ URLEncoder.encode(ca_hostname, "UTF-8") +
+ "&caPort=" + ca_admin_port +
+ "&op=next" +
+ "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_1);
+
+ // parse xml
+ bais = new ByteArrayInputStream(hr.getHTML().getBytes());
+ px.parse(bais);
+ px.prettyprintxml();
+
+ return true;
+ }
+
+ public boolean ConfigureTPSInstance() throws UnsupportedEncodingException {
+ // 0. login to cert db
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(true);
+ cCrypt.loginDB();
+
+ // instantiate http client
+ hc = new HTTPClient();
+
+ sleep_time();
+ // 1. Login panel
+ boolean log_st = LoginPanel();
+ if (!log_st) {
+ System.out.println("ERROR: JSESSIONID not found.");
+ System.out.println("ERROR: ConfigureTPS: LoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 2. Token Choice Panel
+ boolean disp_token = TokenChoicePanel();
+ if (!disp_token) {
+ System.out.println("ERROR: ConfigureTPS: TokenChoicePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 3. domain panel
+ boolean dom_st = DomainPanel();
+ if (!dom_st) {
+ System.out.println("ERROR: ConfigureTPS: DomainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 4. display cert chain panel
+ boolean disp_st = DisplayChainPanel();
+ if (!disp_st) {
+ System.out.println("ERROR: ConfigureTPS: DisplayChainPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 5. security domain login panel
+ boolean disp_sd = SecurityDomainLoginPanel();
+ if (!disp_sd) {
+ System.out.println("ERROR: ConfigureTPS: SecurityDomainLoginPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 6. subsystem panel
+ boolean disp_ss = SubsystemPanel();
+ if (!disp_ss) {
+ System.out.println("ERROR: ConfigureTPS: SubsystemPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 7. ldap auth connection panel
+ boolean disp_ldap_auth = LdapAuthConnectionPanel();
+ if (!disp_ldap_auth) {
+ System.out.println("ERROR: ConfigureTPS: LdapAuthConnectionPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 8. ldap connection panel
+ boolean disp_ldap = LdapConnectionPanel();
+ if (!disp_ldap) {
+ System.out.println("ERROR: ConfigureTPS: LdapConnectionPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 11. Key Panel
+ boolean disp_key = KeyPanel();
+ if (!disp_key) {
+ System.out.println("ERROR: ConfigureTPS: KeyPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 12. Cert Subject Panel
+ boolean disp_csubj = CertSubjectPanel();
+ if (!disp_csubj) {
+ System.out.println("ERROR: ConfigureTPS: CertSubjectPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 13. Certificate Panel
+ boolean disp_cp = CertificatePanel();
+ if (!disp_cp) {
+ System.out.println("ERROR: ConfigureTPS: CertificatePanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 14. Admin Cert Req Panel
+ boolean disp_adm = AdminCertReqPanel();
+ if (!disp_adm) {
+ System.out.println("ERROR: ConfigureTPS: AdminCertReqPanel() failure");
+ return false;
+ }
+
+ sleep_time();
+ // 15. Admin Cert import Panel
+ boolean disp_im = AdminCertImportPanel();
+ if (!disp_im) {
+ System.out.println("ERROR: ConfigureTPS: AdminCertImportPanel() failure");
+ return false;
+ }
+
+ return true;
+ }
+
+ public static void main(String args[]) throws UnsupportedEncodingException {
+ ConfigureTPS ca = new ConfigureTPS();
+
+ // set variables
+ StringHolder x_cs_hostname = new StringHolder();
+ StringHolder x_cs_port = new StringHolder();
+ StringHolder x_cs_clientauth_port = new StringHolder();
+
+ StringHolder x_sd_hostname = new StringHolder();
+ StringHolder x_sd_ssl_port = new StringHolder();
+ StringHolder x_sd_agent_port = new StringHolder();
+ StringHolder x_sd_admin_port = new StringHolder();
+ StringHolder x_sd_admin_name = new StringHolder();
+ StringHolder x_sd_admin_password = new StringHolder();
+
+ StringHolder x_ca_hostname = new StringHolder();
+ StringHolder x_ca_port = new StringHolder();
+ StringHolder x_ca_ssl_port = new StringHolder();
+ StringHolder x_ca_admin_port = new StringHolder();
+
+ StringHolder x_drm_hostname = new StringHolder();
+ StringHolder x_drm_ssl_port = new StringHolder();
+
+ StringHolder x_tks_hostname = new StringHolder();
+ StringHolder x_tks_ssl_port = new StringHolder();
+
+ StringHolder x_client_certdb_dir = new StringHolder();
+ StringHolder x_client_certdb_pwd = new StringHolder();
+ StringHolder x_preop_pin = new StringHolder();
+
+ StringHolder x_domain_name = new StringHolder();
+
+ StringHolder x_admin_user = new StringHolder();
+ StringHolder x_admin_email = new StringHolder();
+ StringHolder x_admin_password = new StringHolder();
+
+ // ldap
+
+ StringHolder x_ldap_host = new StringHolder();
+ StringHolder x_ldap_port = new StringHolder();
+ StringHolder x_bind_dn = new StringHolder();
+ StringHolder x_bind_password = new StringHolder();
+ StringHolder x_base_dn = new StringHolder();
+ StringHolder x_db_name = new StringHolder();
+
+ StringHolder x_ldap_auth_host = new StringHolder();
+ StringHolder x_ldap_auth_port = new StringHolder();
+ StringHolder x_ldap_auth_base_dn = new StringHolder();
+
+ // key size
+ StringHolder x_token_name = new StringHolder();
+ StringHolder x_token_pwd = new StringHolder();
+ StringHolder x_key_size = new StringHolder();
+ StringHolder x_key_type = new StringHolder();
+
+ StringHolder x_agent_key_size = new StringHolder();
+ StringHolder x_agent_key_type = new StringHolder();
+ StringHolder x_agent_cert_subject = new StringHolder();
+
+ StringHolder x_agent_name = new StringHolder();
+
+ StringHolder x_ss_keygen = new StringHolder();
+
+ // tps cert subject name params
+ StringHolder x_tps_server_cert_subject_name = new StringHolder();
+ StringHolder x_tps_server_cert_nickname = new StringHolder();
+ StringHolder x_tps_subsystem_cert_subject_name = new StringHolder();
+ StringHolder x_tps_subsystem_cert_nickname = new StringHolder();
+ StringHolder x_tps_audit_signing_cert_subject_name = new StringHolder();
+ StringHolder x_tps_audit_signing_cert_nickname = new StringHolder();
+
+ // subsystemName
+ StringHolder x_subsystem_name = new StringHolder();
+
+ // parse the args
+ ArgParser parser = new ArgParser("ConfigureTPS");
+
+ parser.addOption("-cs_hostname %s #CS Hostname",
+ x_cs_hostname);
+ parser.addOption("-cs_port %s #CS SSL port",
+ x_cs_port);
+ parser.addOption("-cs_clientauth_port %s #CS SSL port",
+ x_cs_clientauth_port);
+
+ parser.addOption("-sd_hostname %s #Security Domain Hostname",
+ x_sd_hostname);
+ parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port",
+ x_sd_ssl_port);
+ parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port",
+ x_sd_agent_port);
+ parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port",
+ x_sd_admin_port);
+ parser.addOption("-sd_admin_name %s #Security Domain username",
+ x_sd_admin_name);
+ parser.addOption("-sd_admin_password %s #Security Domain password",
+ x_sd_admin_password);
+
+ parser.addOption("-ca_hostname %s #CA Hostname",
+ x_ca_hostname);
+ parser.addOption("-ca_port %s #CA non-SSL port",
+ x_ca_port);
+ parser.addOption("-ca_ssl_port %s #CA SSL port",
+ x_ca_ssl_port);
+ parser.addOption("-ca_admin_port %s #CA SSL Admin port",
+ x_ca_admin_port);
+
+ parser.addOption("-drm_hostname %s #DRM Hostname",
+ x_drm_hostname);
+ parser.addOption("-drm_ssl_port %s #DRM SSL port",
+ x_drm_ssl_port);
+ parser.addOption("-ss_keygen %s #Enable Server Side Keygen [true,false]",
+ x_ss_keygen);
+
+ parser.addOption("-tks_hostname %s #TKS Hostname",
+ x_tks_hostname);
+ parser.addOption("-tks_ssl_port %s #TKS SSL port",
+ x_tks_ssl_port);
+
+ parser.addOption("-client_certdb_dir %s #Client CertDB dir",
+ x_client_certdb_dir);
+ parser.addOption("-client_certdb_pwd %s #client certdb password",
+ x_client_certdb_pwd);
+ parser.addOption("-preop_pin %s #pre op pin",
+ x_preop_pin);
+ parser.addOption("-domain_name %s #domain name",
+ x_domain_name);
+ parser.addOption("-admin_user %s #Admin User Name",
+ x_admin_user);
+ parser.addOption("-admin_email %s #Admin email",
+ x_admin_email);
+ parser.addOption("-admin_password %s #Admin password",
+ x_admin_password);
+ parser.addOption("-agent_name %s #Agent Cert Nickname",
+ x_agent_name);
+
+ parser.addOption("-ldap_host %s #ldap host",
+ x_ldap_host);
+ parser.addOption("-ldap_port %s #ldap port",
+ x_ldap_port);
+ parser.addOption("-bind_dn %s #ldap bind dn",
+ x_bind_dn);
+ parser.addOption("-bind_password %s #ldap bind password",
+ x_bind_password);
+ parser.addOption("-base_dn %s #base dn",
+ x_base_dn);
+ parser.addOption("-db_name %s #db name",
+ x_db_name);
+
+ parser.addOption("-token_name %s #HSM/Software Token name",
+ x_token_name);
+ parser.addOption("-token_pwd %s #HSM/Software Token password (optional, required for HSM)",
+ x_token_pwd);
+ parser.addOption("-key_size %s #Key Size",
+ x_key_size);
+ parser.addOption("-key_type %s #Key type [rsa,ecc]",
+ x_key_type);
+
+ parser.addOption("-agent_key_size %s #Agent Cert Key Size",
+ x_agent_key_size);
+ parser.addOption("-agent_key_type %s #Agent cert Key type [rsa]",
+ x_agent_key_type);
+ parser.addOption("-agent_cert_subject %s #Agent cert Subject",
+ x_agent_cert_subject);
+
+ parser.addOption("-ldap_auth_host %s #ldap auth host",
+ x_ldap_auth_host);
+ parser.addOption("-ldap_auth_port %s #ldap auth port",
+ x_ldap_auth_port);
+ parser.addOption("-ldap_auth_base_dn %s #ldap auth base dn",
+ x_ldap_auth_base_dn);
+
+ parser.addOption(
+ "-tps_server_cert_subject_name %s #TPS server cert subject name",
+ x_tps_server_cert_subject_name);
+ parser.addOption(
+ "-tps_server_cert_nickname %s #TPS server cert nickname",
+ x_tps_server_cert_nickname);
+ parser.addOption(
+ "-tps_subsystem_cert_subject_name %s #TPS subsystem cert subject name",
+ x_tps_subsystem_cert_subject_name);
+ parser.addOption(
+ "-tps_subsystem_cert_nickname %s #TPS subsystem cert nickname",
+ x_tps_subsystem_cert_nickname);
+ parser.addOption(
+ "-tps_audit_signing_cert_subject_name %s #TPS audit signing cert subject name",
+ x_tps_audit_signing_cert_subject_name);
+ parser.addOption(
+ "-tps_audit_signing_cert_nickname %s #TPS audit signing cert nickname",
+ x_tps_audit_signing_cert_nickname);
+
+ parser.addOption(
+ "-subsystem_name %s #CA subsystem name",
+ x_subsystem_name);
+
+ // and then match the arguments
+ String[] unmatched = null;
+ unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED);
+
+ if (unmatched != null) {
+ System.out.println("ERROR: Argument Mismatch");
+ System.exit(-1);
+ }
+
+ parser.checkRequiredArgs();
+
+ // set variables
+ cs_hostname = x_cs_hostname.value;
+ cs_port = x_cs_port.value;
+ cs_clientauth_port = x_cs_clientauth_port.value;
+
+ sd_hostname = x_sd_hostname.value;
+ sd_ssl_port = x_sd_ssl_port.value;
+ sd_agent_port = x_sd_agent_port.value;
+ sd_admin_port = x_sd_admin_port.value;
+ sd_admin_name = x_sd_admin_name.value;
+ sd_admin_password = x_sd_admin_password.value;
+
+ ca_hostname = x_ca_hostname.value;
+ ca_port = x_ca_port.value;
+ ca_ssl_port = x_ca_ssl_port.value;
+ ca_admin_port = x_ca_admin_port.value;
+
+ tks_hostname = x_tks_hostname.value;
+ tks_ssl_port = x_tks_ssl_port.value;
+
+ drm_hostname = x_drm_hostname.value;
+ drm_ssl_port = x_drm_ssl_port.value;
+
+ client_certdb_dir = x_client_certdb_dir.value;
+ client_certdb_pwd = x_client_certdb_pwd.value;
+ pin = x_preop_pin.value;
+ domain_name = x_domain_name.value;
+
+ admin_user = x_admin_user.value;
+ admin_email = x_admin_email.value;
+ admin_password = x_admin_password.value;
+ agent_name = x_agent_name.value;
+
+ ldap_host = x_ldap_host.value;
+ ldap_port = x_ldap_port.value;
+ bind_dn = x_bind_dn.value;
+ bind_password = x_bind_password.value;
+ base_dn = x_base_dn.value;
+ db_name = x_db_name.value;
+
+ ldap_auth_host = x_ldap_auth_host.value;
+ ldap_auth_port = x_ldap_auth_port.value;
+ ldap_auth_base_dn = x_ldap_auth_base_dn.value;
+
+ key_size = x_key_size.value;
+ key_type = x_key_type.value;
+ token_name = x_token_name.value;
+ token_pwd = x_token_pwd.value;
+
+ agent_key_size = x_agent_key_size.value;
+ agent_key_type = x_agent_key_type.value;
+ agent_cert_subject = x_agent_cert_subject.value;
+
+ ss_keygen = x_ss_keygen.value;
+
+ tps_server_cert_subject_name =
+ x_tps_server_cert_subject_name.value;
+ tps_server_cert_nickname =
+ x_tps_server_cert_nickname.value;
+ tps_subsystem_cert_subject_name =
+ x_tps_subsystem_cert_subject_name.value;
+ tps_subsystem_cert_nickname =
+ x_tps_subsystem_cert_nickname.value;
+ tps_audit_signing_cert_subject_name =
+ x_tps_audit_signing_cert_subject_name.value;
+ tps_audit_signing_cert_nickname =
+ x_tps_audit_signing_cert_nickname.value;
+
+ subsystem_name = x_subsystem_name.value;
+
+ boolean st = ca.ConfigureTPSInstance();
+
+ if (!st) {
+ System.out.println("ERROR: unable to create TPS");
+ System.exit(-1);
+ }
+
+ System.out.println("Certificate System - TPS Instance Configured");
+ System.exit(0);
+
+ }
+
+};
diff --git a/base/silent/src/com/netscape/pkisilent/PKISilent.java b/base/silent/src/com/netscape/pkisilent/PKISilent.java
new file mode 100644
index 000000000..f90832481
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/PKISilent.java
@@ -0,0 +1,59 @@
+package com.netscape.pkisilent;
+
+import java.lang.reflect.Method;
+import java.util.Arrays;
+import java.util.HashMap;
+
+public class PKISilent {
+ private static void usage() {
+ System.out.print("usage: java " + PKISilent.class.getCanonicalName());
+ boolean first = true;
+ for (Class<?> c : classes) {
+ if (first) {
+ System.out.println(" [ ");
+ } else {
+ System.out.println(" | ");
+ }
+ first = false;
+ System.out.print(" " + c.getSimpleName());
+ }
+ System.out.println(" ] ");
+ }
+
+ static Class<?>[] classes = { ConfigureCA.class, ConfigureDRM.class,
+ ConfigureOCSP.class, ConfigureRA.class, ConfigureSubCA.class,
+ ConfigureTKS.class, ConfigureTPS.class, };
+
+ public static final void main(String[] args) {
+ HashMap<String, Method> classMap = new HashMap<String, Method>();
+ for (Class<?> c : classes) {
+ try {
+ classMap.put(c.getSimpleName(),
+ c.getMethod("main", String[].class));
+ } catch (Exception e) {
+ // The set of classes listed above is guaranteed to have a
+ // method 'main'
+ e.printStackTrace();
+ }
+ }
+ if (args.length == 0) {
+ usage();
+ System.exit(-1);
+ }
+ Method mainMethod = classMap.get(args[0]);
+ if (mainMethod == null) {
+ usage();
+ System.exit(-1);
+ }
+ String[] innerArgs = {};
+ if (args.length > 1) {
+ innerArgs = Arrays.copyOfRange(args, 1, args.length);
+ }
+
+ try {
+ mainMethod.invoke(null, (Object) innerArgs);
+ } catch (Exception e) {
+ // exception is guaranteed to have the static main method
+ }
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/ArgParseException.java b/base/silent/src/com/netscape/pkisilent/argparser/ArgParseException.java
new file mode 100644
index 000000000..de3c58bd4
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/ArgParseException.java
@@ -0,0 +1,54 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+import java.io.IOException;
+
+/**
+ * Exception class used by <code>ArgParser</code> when
+ * command line arguments contain an error.
+ *
+ * @author John E. Lloyd, Fall 2004
+ * @see ArgParser
+ */
+public class ArgParseException extends IOException {
+ /**
+ *
+ */
+ private static final long serialVersionUID = -604960834535589460L;
+
+ /**
+ * Creates a new ArgParseException with the given message.
+ *
+ * @param msg Exception message
+ */
+ public ArgParseException(String msg) {
+ super(msg);
+ }
+
+ /**
+ * Creates a new ArgParseException from the given
+ * argument and message.
+ *
+ * @param arg Offending argument
+ * @param msg Error message
+ */
+ public ArgParseException(String arg, String msg) {
+ super(arg + ": " + msg);
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java b/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java
new file mode 100755
index 000000000..ed5f98b1d
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/ArgParser.java
@@ -0,0 +1,2085 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Copyright John E. Lloyd, 2004. All rights reserved. Permission to use,
+ * copy, modify and redistribute is granted, provided that this copyright
+ * notice is retained and the author is given credit whenever appropriate.
+ *
+ * This software is distributed "as is", without any warranty, including
+ * any implied warranty of merchantability or fitness for a particular
+ * use. The author assumes no responsibility for, and shall not be liable
+ * for, any special, indirect, or consequential damages, or any damages
+ * whatsoever, arising out of or in connection with the use of this
+ * software.
+ */
+
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.LineNumberReader;
+import java.io.PrintStream;
+import java.io.Reader;
+import java.lang.reflect.Array;
+import java.util.Vector;
+
+/**
+ * ArgParser is used to parse the command line arguments for a java
+ * application program. It provides a compact way to specify options and match
+ * them against command line arguments, with support for
+ * <a href=#rangespec>range checking</a>,
+ * <a href=#multipleOptionNames>multiple option names</a> (aliases),
+ * <a href=#singleWordOptions>single word options</a>,
+ * <a href=#multipleOptionValues>multiple values associated with an option</a>,
+ * <a href=#multipleOptionInvocation>multiple option invocation</a>,
+ * <a href=#helpInfo>generating help information</a>,
+ * <a href=#customArgParsing>custom argument parsing</a>, and
+ * <a href=#argsFromAFile>reading arguments from a file</a>. The
+ * last feature is particularly useful and makes it
+ * easy to create ad-hoc configuration files for an application.
+ *
+ * <h3><a name="example">Basic Example</a></h3>
+ *
+ * <p>
+ * Here is a simple example in which an application has three command line options: <code>-theta</code> (followed by a
+ * floating point value), <code>-file</code> (followed by a string value), and <code>-debug</code>, which causes a
+ * boolean value to be set.
+ *
+ * <pre>
+ *
+ * static public void main(String[] args) {
+ * // create holder objects for storing results ...
+ *
+ * DoubleHolder theta = new DoubleHolder();
+ * StringHolder fileName = new StringHolder();
+ * BooleanHolder debug = new BooleanHolder();
+ *
+ * // create the parser and specify the allowed options ...
+ *
+ * ArgParser parser = new ArgParser(&quot;java argparser.SimpleExample&quot;);
+ * parser.addOption(&quot;-theta %f #theta value (in degrees)&quot;, theta);
+ * parser.addOption(&quot;-file %s #name of the operating file&quot;, fileName);
+ * parser.addOption(&quot;-debug %v #enables display of debugging info&quot;, debug);
+ *
+ * // match the arguments ...
+ *
+ * parser.matchAllArgs(args);
+ *
+ * // and print out the values
+ *
+ * System.out.println(&quot;theta=&quot; + theta.value);
+ * System.out.println(&quot;fileName=&quot; + fileName.value);
+ * System.out.println(&quot;debug=&quot; + debug.value);
+ * }
+ * </pre>
+ * <p>
+ * A command line specifying all three options might look like this:
+ *
+ * <pre>
+ * java argparser.SimpleExample -theta 7.8 -debug -file /ai/lloyd/bar
+ * </pre>
+ *
+ * <p>
+ * The application creates an instance of ArgParser and then adds descriptions of the allowed options using
+ * {@link #addOption addOption}. The method {@link #matchAllArgs(String[]) matchAllArgs} is then used to match these
+ * options against the command line arguments. Values associated with each option are returned in the <code>value</code>
+ * field of special ``holder'' classes (e.g., {@link argparser.DoubleHolder DoubleHolder},
+ * {@link argparser.StringHolder StringHolder}, etc.).
+ *
+ * <p>
+ * The first argument to {@link #addOption addOption} is a string that specifies (1) the option's name, (2) a conversion
+ * code for its associated value (e.g., <code>%f</code> for floating point, <code>%s</code> for a string,
+ * <code>%v</code> for a boolean flag), and (3) an optional description (following the <code>#</code> character) which
+ * is used for generating help messages. The second argument is the holder object through which the value is returned.
+ * This may be either a type-specific object (such as {@link argparser.DoubleHolder DoubleHolder} or
+ * {@link argparser.StringHolder
+ * StringHolder}), an array of the appropriate type, or <a href=#multipleOptionInvocation> an instance of
+ * <code>java.util.Vector</code></a>.
+ *
+ * <p>
+ * By default, arguments that don't match the specified options, are <a href=#rangespec>out of range</a>, or are
+ * otherwise formatted incorrectly, will cause <code>matchAllArgs</code> to print a message and exit the program.
+ * Alternatively, an application can use {@link #matchAllArgs(String[],int,int) matchAllArgs(args,idx,exitFlags)} to
+ * obtain an array of unmatched arguments which can then be <a href=#customArgParsing>processed separately</a>
+ *
+ * <h3><a name="rangespec">Range Specification</a></h3>
+ *
+ * The values associated with options can also be given range specifications. A range specification appears in curly
+ * braces immediately following the conversion code. In the code fragment below, we show how to specify an option
+ * <code>-name</code> that expects to be provided with one of three string values (<code>john</code>, <code>mary</code>,
+ * or <code>jane</code>), an option <code>-index</code> that expects to be supplied with a integer value in the range 1
+ * to 256, an option <code>-size</code> that expects to be supplied with integer values of either 1, 2, 4, 8, or 16, and
+ * an option <code>-foo</code> that expects to be supplied with floating point values in the ranges -99 < foo <= -50, or
+ * 50 <= foo < 99.
+ *
+ * <pre>
+ * StringHolder name = new StringHolder();
+ * IntHolder index = new IntHolder();
+ * IntHolder size = new IntHolder();
+ * DoubleHolder foo = new DoubleHolder();
+ *
+ * parser.addOption(&quot;-name %s {john,mary,jane}&quot;, name);
+ * parser.addOption(&quot;-index %d {[1,256]}&quot;, index);
+ * parser.addOption(&quot;-size %d {1,2,4,8,16}&quot;, size);
+ * parser.addOption(&quot;-foo %f {(-99,-50],[50,99)}&quot;, foo);
+ * </pre>
+ *
+ * If an argument value does not lie within a specified range, an error is generated.
+ *
+ * <h3><a name="multipleOptionNames">Multiple Option Names</a></h3>
+ *
+ * An option may be given several names, or aliases, in the form of a comma seperated list:
+ *
+ * <pre>
+ * parser.addOption(&quot;-v,--verbose %v #print lots of info&quot;);
+ * parser.addOption(&quot;-of,-outfile,-outputFile %s #output file&quot;);
+ * </pre>
+ *
+ * <h3><a name="singleWordOptions">Single Word Options</a></h3>
+ *
+ * Normally, options are assumed to be "multi-word", meaning that any associated value must follow the option as a
+ * separate argument string. For example,
+ *
+ * <pre>
+ * parser.addOption(&quot;-file %s #file name&quot;);
+ * </pre>
+ *
+ * will cause the parser to look for two strings in the argument list of the form
+ *
+ * <pre>
+ * -file someFileName
+ * </pre>
+ *
+ * However, if there is no white space separting the option's name from it's conversion code, then values associated
+ * with that option will be assumed to be part of the same argument string as the option itself. For example,
+ *
+ * <pre>
+ * parser.addOption(&quot;-file=%s #file name&quot;);
+ * </pre>
+ *
+ * will cause the parser to look for a single string in the argument list of the form
+ *
+ * <pre>
+ * -file=someFileName
+ * </pre>
+ *
+ * Such an option is called a "single word" option.
+ *
+ * <p>
+ * In cases where an option has multiple names, then this single word behavior is invoked if there is no white space
+ * between the last indicated name and the conversion code. However, previous names in the list will still be given
+ * multi-word behavior if there is white space between the name and the following comma. For example,
+ *
+ * <pre>
+ * parser.addOption(&quot;-nb=,-number ,-n%d #number of blocks&quot;);
+ * </pre>
+ *
+ * will cause the parser to look for one, two, and one word constructions of the forms
+ *
+ * <pre>
+ * -nb=N
+ * -number N
+ * -nN
+ * </pre>
+ *
+ * <h3><a name="multipleOptionValues">Multiple Option Values</a></h3>
+ *
+ * If may be useful for an option to be followed by several values. For instance, we might have an option
+ * <code>-velocity</code> which should be followed by three numbers denoting the x, y, and z components of a velocity
+ * vector. We can require multiple values for an option by placing a <i>multiplier</i> specification, of the form
+ * <code>X</code>N, where N is an integer, after the conversion code (or range specification, if present). For example,
+ *
+ * <pre>
+ * double[] pos = new double[3];
+ *
+ * addOption(&quot;-position %fX3 #position of the object&quot;, pos);
+ * </pre>
+ *
+ * will cause the parser to look for
+ *
+ * <pre>
+ * -position xx yy zz
+ * </pre>
+ *
+ * in the argument list, where <code>xx</code>, <code>yy</code>, and <code>zz</code> are numbers. The values are stored
+ * in the array <code>pos</code>.
+ *
+ * Options requiring multiple values must use arrays to return their values, and cannot be used in single word format.
+ *
+ * <h3><a name="multipleOptionInvocation">Multiple Option Invocation</a></h3>
+ *
+ * Normally, if an option appears twice in the command list, the value associated with the second instance simply
+ * overwrites the value associated with the first instance.
+ *
+ * However, the application can instead arrange for the storage of <i>all</i> values associated with multiple option
+ * invocation, by supplying a instance of <code>java.util.Vector</code> to serve as the value holder. Then every time
+ * the option appears in the argument list, the parser will create a value holder of appropriate type, set it to the
+ * current value, and store the holder in the vector. For example, the construction
+ *
+ * <pre>
+ * Vector vec = new Vector(10);
+ *
+ * parser.addOption(&quot;-foo %f&quot;, vec);
+ * parser.matchAllArgs(args);
+ * </pre>
+ *
+ * when supplied with an argument list that contains
+ *
+ * <pre>
+ * -foo 1.2 -foo 1000 -foo -78
+ * </pre>
+ *
+ * will create three instances of {@link argparser.DoubleHolder DoubleHolder}, initialized to <code>1.2</code>,
+ * <code>1000</code>, and <code>-78</code>, and store them in <code>vec</code>.
+ *
+ * <h3><a name="helpInfo">Generating help information</a></h3>
+ *
+ * ArgParser automatically generates help information for the options, and this information may be printed in response
+ * to a <i>help</i> option, or may be queried by the application using {@link #getHelpMessage getHelpMessage}. The
+ * information for each option consists of the option's name(s), it's required value(s), and an application-supplied
+ * description. Value information is generated automaticlly from the conversion code, range, and multiplier
+ * specifications (although this can be overriden, as <a href=#valueInfo>described below</a>). The application-supplied
+ * description is whatever appears in the specification string after the optional <code>#</code> character. The string
+ * returned by {@link #getHelpMessage getHelpMessage} for the <a href=#example>first example above</a> would be
+ *
+ * <pre>
+ * Usage: java argparser.SimpleExample
+ * Options include:
+ *
+ * -help,-? displays help information
+ * -theta &lt;float&gt; theta value (in degrees)
+ * -file &lt;string&gt; name of the operating file
+ * -debug enables display of debugging info
+ * </pre>
+ *
+ * The options <code>-help</code> and <code>-?</code> are including in the parser by default as help options, and they
+ * automatically cause the help message to be printed. To exclude these options, one should use the constructor
+ * {@link #ArgParser(String,boolean)
+ * ArgParser(synopsis,false)}. Help options can also be specified by the application using {@link #addOption addOption}
+ * and the conversion code <code>%h</code>. Help options can be disabled using {@link #setHelpOptionsEnabled
+ * setHelpOptionsEnabled(false)}.
+ *
+ * <p>
+ * <a name=valueInfo> A description of the required values for an option can be specified explicitly by placing a second
+ * <code>#</code> character in the specification string. Everything between the first and second <code>#</code>
+ * characters then becomes the value description, and everything after the second <code>#</code> character becomes the
+ * option description. For example, if the <code>-theta</code> option above was specified with
+ *
+ * <pre>
+ * parser.addOption(&quot;-theta %f #NUMBER#theta value (in degrees)&quot;, theta);
+ * </pre>
+ *
+ * instead of
+ *
+ * <pre>
+ * parser.addOption(&quot;-theta %f #theta value (in degrees)&quot;, theta);
+ * </pre>
+ *
+ * then the corresponding entry in the help message would look like
+ *
+ * <pre>
+ * -theta NUMBER theta value (in degrees)
+ * </pre>
+ *
+ * <h3><a name="customArgParsing">Custom Argument Parsing</a></h3>
+ *
+ * An application may find it necessary to handle arguments that don't fit into the framework of this class. There are a
+ * couple of ways to do this.
+ *
+ * <p>
+ * First, the method {@link #matchAllArgs(String[],int,int)
+ * matchAllArgs(args,idx,exitFlags)} returns an array of all unmatched arguments, which can then be handled specially:
+ *
+ * <pre>
+ * String[] unmatched =
+ * parser.matchAllArgs (args, 0, parser.EXIT_ON_ERROR);
+ * for (int i = 0; i < unmatched.length; i++)
+ * { ... handle unmatched arguments ...
+ * }
+ * </pre>
+ *
+ * For instance, this would be useful for an applicatoon that accepts an arbitrary number of input file names. The
+ * options can be parsed using <code>matchAllArgs</code>, and the remaining unmatched arguments give the file names.
+ *
+ * <p>
+ * If we need more control over the parsing, we can parse arguments one at a time using {@link #matchArg matchArg}:
+ *
+ * <pre>
+ * int idx = 0;
+ * while (idx < args.length)
+ * { try
+ * { idx = parser.matchArg (args, idx);
+ * if (parser.getUnmatchedArgument() != null)
+ * {
+ * ... handle this unmatched argument ourselves ...
+ * }
+ * }
+ * catch (ArgParserException e)
+ * { // malformed or erroneous argument
+ * parser.printErrorAndExit (e.getMessage());
+ * }
+ * }
+ * </pre>
+ *
+ * {@link #matchArg matchArg(args,idx)} matches one option at location <code>idx</code> in the argument list, and then
+ * returns the location value that should be used for the next match. If an argument does not match any option,
+ * {@link #getUnmatchedArgument getUnmatchedArgument} will return a copy of the unmatched argument.
+ *
+ * <h3><a name="argsFromAFile">Reading Arguments From a File</a></h3>
+ *
+ * The method {@link #prependArgs prependArgs} can be used to automatically read in a set of arguments from a file and
+ * prepend them onto an existing argument list. Argument words correspond to white-space-delimited strings, and the file
+ * may contain the comment character <code>#</code> (which comments out everything to the end of the current line). A
+ * typical usage looks like this:
+ *
+ * <pre>
+ * ... create parser and add options ...
+ *
+ * args = parser.prependArgs (new File(".configFile"), args);
+ *
+ * parser.matchAllArgs (args);
+ * </pre>
+ *
+ * This makes it easy to generate simple configuration files for an application.
+ *
+ * @author John E. Lloyd, Fall 2004
+ */
+public class ArgParser {
+ Vector<Record> matchList;
+ // int tabSpacing = 8;
+ String synopsisString;
+ boolean helpOptionsEnabled = true;
+ Record defaultHelpOption = null;
+ Record firstHelpOption = null;
+ PrintStream printStream = System.out;
+ int helpIndent = 24;
+ String errMsg = null;
+ String unmatchedArg = null;
+
+ static String validConversionCodes = "iodxcbfsvh";
+
+ /**
+ * Indicates that the program should exit with an appropriate message
+ * in the event of an erroneous or malformed argument.
+ */
+ public static int EXIT_ON_ERROR = 1;
+
+ /**
+ * Indicates that the program should exit with an appropriate message
+ * in the event of an unmatched argument.
+ */
+ public static int EXIT_ON_UNMATCHED = 2;
+
+ /**
+ * Returns a string containing the valid conversion codes. These
+ * are the characters which may follow the <code>%</code> character in
+ * the specification string of {@link #addOption addOption}.
+ *
+ * @return Valid conversion codes
+ * @see #addOption
+ */
+ public static String getValidConversionCodes() {
+ return validConversionCodes;
+ }
+
+ static class NameDesc {
+ String name;
+ // oneWord implies that any value associated with
+ // option is concatenated onto the argument string itself
+ boolean oneWord;
+ NameDesc next = null;
+ }
+
+ static class RangePnt {
+ double dval = 0;
+ long lval = 0;
+ String sval = null;
+ boolean bval = true;
+ boolean closed = true;
+
+ RangePnt(String s, boolean closed) {
+ sval = s;
+ this.closed = closed;
+ }
+
+ RangePnt(double d, boolean closed) {
+ dval = d;
+ this.closed = closed;
+ }
+
+ RangePnt(long l, boolean closed) {
+ lval = l;
+ this.closed = closed;
+ }
+
+ RangePnt(boolean b, boolean closed) {
+ bval = b;
+ this.closed = closed;
+ }
+
+ RangePnt(StringScanner scanner, int type)
+ throws IllegalArgumentException {
+ String typeName = null;
+ try {
+ switch (type) {
+ case Record.CHAR: {
+ typeName = "character";
+ lval = scanner.scanChar();
+ break;
+ }
+ case Record.INT:
+ case Record.LONG: {
+ typeName = "integer";
+ lval = scanner.scanInt();
+ break;
+ }
+ case Record.FLOAT:
+ case Record.DOUBLE: {
+ typeName = "float";
+ dval = scanner.scanDouble();
+ break;
+ }
+ case Record.STRING: {
+ typeName = "string";
+ sval = scanner.scanString();
+ break;
+ }
+ case Record.BOOLEAN: {
+ typeName = "boolean";
+ bval = scanner.scanBoolean();
+ break;
+ }
+ }
+ } catch (StringScanException e) {
+ throw new IllegalArgumentException(
+ "Malformed " + typeName + " '" +
+ scanner.substring(scanner.getIndex(),
+ e.getFailIndex() + 1) +
+ "' in range spec");
+ }
+ // this.closed = closed;
+ }
+
+ void setClosed(boolean closed) {
+ this.closed = closed;
+ }
+
+ boolean getClosed() {
+ return closed;
+ }
+
+ int compareTo(double d) {
+ if (dval < d) {
+ return -1;
+ } else if (d == dval) {
+ return 0;
+ } else {
+ return 1;
+ }
+ }
+
+ int compareTo(long l) {
+ if (lval < l) {
+ return -1;
+ } else if (l == lval) {
+ return 0;
+ } else {
+ return 1;
+ }
+ }
+
+ int compareTo(String s) {
+ return sval.compareTo(s);
+ }
+
+ int compareTo(boolean b) {
+ if (b == bval) {
+ return 0;
+ } else {
+ return 1;
+ }
+ }
+
+ public String toString() {
+ return "{ dval=" + dval + ", lval=" + lval +
+ ", sval=" + sval + ", bval=" + bval +
+ ", closed=" + closed + "}";
+ }
+ }
+
+ class RangeAtom {
+ RangePnt low = null;
+ RangePnt high = null;
+ RangeAtom next = null;
+
+ RangeAtom(RangePnt p0, RangePnt p1, int type)
+ throws IllegalArgumentException {
+ int cmp = 0;
+ switch (type) {
+ case Record.CHAR:
+ case Record.INT:
+ case Record.LONG: {
+ cmp = p0.compareTo(p1.lval);
+ break;
+ }
+ case Record.FLOAT:
+ case Record.DOUBLE: {
+ cmp = p0.compareTo(p1.dval);
+ break;
+ }
+ case Record.STRING: {
+ cmp = p0.compareTo(p1.sval);
+ break;
+ }
+ }
+ if (cmp > 0) { // then switch high and low
+ low = p1;
+ high = p0;
+ } else {
+ low = p0;
+ high = p1;
+ }
+ }
+
+ RangeAtom(RangePnt p0)
+ throws IllegalArgumentException {
+ low = p0;
+ }
+
+ boolean match(double d) {
+ int lc = low.compareTo(d);
+ if (high != null) {
+ int hc = high.compareTo(d);
+ return (lc * hc < 0 ||
+ (low.closed && lc == 0) || (high.closed && hc == 0));
+ } else {
+ return lc == 0;
+ }
+ }
+
+ boolean match(long l) {
+ int lc = low.compareTo(l);
+ if (high != null) {
+ int hc = high.compareTo(l);
+ return (lc * hc < 0 ||
+ (low.closed && lc == 0) || (high.closed && hc == 0));
+ } else {
+ return lc == 0;
+ }
+ }
+
+ boolean match(String s) {
+ int lc = low.compareTo(s);
+ if (high != null) {
+ int hc = high.compareTo(s);
+ return (lc * hc < 0 ||
+ (low.closed && lc == 0) || (high.closed && hc == 0));
+ } else {
+ return lc == 0;
+ }
+ }
+
+ boolean match(boolean b) {
+ return low.compareTo(b) == 0;
+ }
+
+ public String toString() {
+ return "low=" + (low == null ? "null" : low.toString()) +
+ ", high=" + (high == null ? "null" : high.toString());
+ }
+ }
+
+ class Record {
+ NameDesc nameList;
+ static final int NOTYPE = 0;
+ static final int BOOLEAN = 1;
+ static final int CHAR = 2;
+ static final int INT = 3;
+ static final int LONG = 4;
+ static final int FLOAT = 5;
+ static final int DOUBLE = 6;
+ static final int STRING = 7;
+ int type;
+ int numValues;
+ boolean vectorResult = false;
+ boolean required = true;
+
+ String helpMsg = null;
+ String valueDesc = null;
+ String rangeDesc = null;
+ Object resHolder = null;
+ RangeAtom rangeList = null;
+ RangeAtom rangeTail = null;
+ char convertCode;
+ boolean vval = true; // default value for now
+
+ NameDesc firstNameDesc() {
+ return nameList;
+ }
+
+ RangeAtom firstRangeAtom() {
+ return rangeList;
+ }
+
+ int numRangeAtoms() {
+ int cnt = 0;
+ for (RangeAtom ra = rangeList; ra != null; ra = ra.next) {
+ cnt++;
+ }
+ return cnt;
+ }
+
+ void addRangeAtom(RangeAtom ra) {
+ if (rangeList == null) {
+ rangeList = ra;
+ } else {
+ rangeTail.next = ra;
+ }
+ rangeTail = ra;
+ }
+
+ boolean withinRange(double d) {
+ if (rangeList == null) {
+ return true;
+ }
+ for (RangeAtom ra = rangeList; ra != null; ra = ra.next) {
+ if (ra.match(d)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ boolean withinRange(long l) {
+ if (rangeList == null) {
+ return true;
+ }
+ for (RangeAtom ra = rangeList; ra != null; ra = ra.next) {
+ if (ra.match(l)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ boolean withinRange(String s) {
+ if (rangeList == null) {
+ return true;
+ }
+ for (RangeAtom ra = rangeList; ra != null; ra = ra.next) {
+ if (ra.match(s)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ boolean withinRange(boolean b) {
+ if (rangeList == null) {
+ return true;
+ }
+ for (RangeAtom ra = rangeList; ra != null; ra = ra.next) {
+ if (ra.match(b)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ String valTypeName() {
+ switch (convertCode) {
+ case 'i': {
+ return ("integer");
+ }
+ case 'o': {
+ return ("octal integer");
+ }
+ case 'd': {
+ return ("decimal integer");
+ }
+ case 'x': {
+ return ("hex integer");
+ }
+ case 'c': {
+ return ("char");
+ }
+ case 'b': {
+ return ("boolean");
+ }
+ case 'f': {
+ return ("float");
+ }
+ case 's': {
+ return ("string");
+ }
+ }
+ return ("unknown");
+ }
+
+ void scanValue(Object result, String name, String s, int resultIdx)
+ throws ArgParseException {
+ double dval = 0;
+ String sval = null;
+ long lval = 0;
+ boolean bval = false;
+
+ if (s.length() == 0) {
+ throw new ArgParseException(name, "requires a contiguous value");
+ }
+ StringScanner scanner = new StringScanner(s);
+ try {
+ switch (convertCode) {
+ case 'i': {
+ lval = scanner.scanInt();
+ break;
+ }
+ case 'o': {
+ lval = scanner.scanInt(8, false);
+ break;
+ }
+ case 'd': {
+ lval = scanner.scanInt(10, false);
+ break;
+ }
+ case 'x': {
+ lval = scanner.scanInt(16, false);
+ break;
+ }
+ case 'c': {
+ lval = scanner.scanChar();
+ break;
+ }
+ case 'b': {
+ bval = scanner.scanBoolean();
+ break;
+ }
+ case 'f': {
+ dval = scanner.scanDouble();
+ break;
+ }
+ case 's': {
+ sval = scanner.getString();
+ break;
+ }
+ }
+ } catch (StringScanException e) {
+ throw new ArgParseException(
+ name, "malformed " + valTypeName() + " '" + s + "'");
+ }
+ scanner.skipWhiteSpace();
+ if (!scanner.atEnd()) {
+ throw new ArgParseException(
+ name, "malformed " + valTypeName() + " '" + s + "'");
+ }
+ boolean outOfRange = false;
+ switch (type) {
+ case CHAR:
+ case INT:
+ case LONG: {
+ outOfRange = !withinRange(lval);
+ break;
+ }
+ case FLOAT:
+ case DOUBLE: {
+ outOfRange = !withinRange(dval);
+ break;
+ }
+ case STRING: {
+ outOfRange = !withinRange(sval);
+ break;
+ }
+ case BOOLEAN: {
+ outOfRange = !withinRange(bval);
+ break;
+ }
+ }
+ if (outOfRange) {
+ throw new ArgParseException(
+ name, "value '" + s + "' not in range " + rangeDesc);
+ }
+ if (result.getClass().isArray()) {
+ switch (type) {
+ case BOOLEAN: {
+ ((boolean[]) result)[resultIdx] = bval;
+ break;
+ }
+ case CHAR: {
+ ((char[]) result)[resultIdx] = (char) lval;
+ break;
+ }
+ case INT: {
+ ((int[]) result)[resultIdx] = (int) lval;
+ break;
+ }
+ case LONG: {
+ ((long[]) result)[resultIdx] = lval;
+ break;
+ }
+ case FLOAT: {
+ ((float[]) result)[resultIdx] = (float) dval;
+ break;
+ }
+ case DOUBLE: {
+ ((double[]) result)[resultIdx] = dval;
+ break;
+ }
+ case STRING: {
+ ((String[]) result)[resultIdx] = sval;
+ break;
+ }
+ }
+ } else {
+ switch (type) {
+ case BOOLEAN: {
+ ((BooleanHolder) result).value = bval;
+ break;
+ }
+ case CHAR: {
+ ((CharHolder) result).value = (char) lval;
+ break;
+ }
+ case INT: {
+ ((IntHolder) result).value = (int) lval;
+ break;
+ }
+ case LONG: {
+ ((LongHolder) result).value = lval;
+ break;
+ }
+ case FLOAT: {
+ ((FloatHolder) result).value = (float) dval;
+ break;
+ }
+ case DOUBLE: {
+ ((DoubleHolder) result).value = dval;
+ break;
+ }
+ case STRING: {
+ ((StringHolder) result).value = sval;
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ private String firstHelpOptionName() {
+ if (firstHelpOption != null) {
+ return firstHelpOption.nameList.name;
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Creates an <code>ArgParser</code> with a synopsis
+ * string, and the default help options <code>-help</code> and <code>-&#063;</code>.
+ *
+ * @param synopsisString string that briefly describes program usage,
+ * for use by {@link #getHelpMessage getHelpMessage}.
+ * @see ArgParser#getSynopsisString
+ * @see ArgParser#getHelpMessage
+ */
+ public ArgParser(String synopsisString) {
+ this(synopsisString, true);
+ }
+
+ /**
+ * Creates an <code>ArgParser</code> with a synopsis
+ * string. The help options <code>-help</code> and <code>-?</code> are added if <code>defaultHelp</code> is true.
+ *
+ * @param synopsisString string that briefly describes program usage,
+ * for use by {@link #getHelpMessage getHelpMessage}.
+ * @param defaultHelp if true, adds the default help options
+ * @see ArgParser#getSynopsisString
+ * @see ArgParser#getHelpMessage
+ */
+ public ArgParser(String synopsisString, boolean defaultHelp) {
+ matchList = new Vector<Record>(128);
+ this.synopsisString = synopsisString;
+ if (defaultHelp) {
+ addOption("-help,-? %h #displays help information", null);
+ defaultHelpOption = firstHelpOption = matchList.get(0);
+ }
+ }
+
+ /**
+ * Returns the synopsis string used by the parser.
+ * The synopsis string is a short description of how to invoke
+ * the program, and usually looks something like
+ * <p>
+ * <prec> "java somepackage.SomeClass [options] files ..." </prec>
+ *
+ * <p>
+ * It is used in help and error messages.
+ *
+ * @return synopsis string
+ * @see ArgParser#setSynopsisString
+ * @see ArgParser#getHelpMessage
+ */
+ public String getSynopsisString() {
+ return synopsisString;
+ }
+
+ /**
+ * Sets the synopsis string used by the parser.
+ *
+ * @param s new synopsis string
+ * @see ArgParser#getSynopsisString
+ * @see ArgParser#getHelpMessage
+ */
+ public void setSynopsisString(String s) {
+ synopsisString = s;
+ }
+
+ /**
+ * Indicates whether or not help options are enabled.
+ *
+ * @return true if help options are enabled
+ * @see ArgParser#setHelpOptionsEnabled
+ * @see ArgParser#addOption
+ */
+ public boolean getHelpOptionsEnabled() {
+ return helpOptionsEnabled;
+ }
+
+ /**
+ * Enables or disables help options. Help options are those
+ * associated with a conversion code of <code>%h</code>. If
+ * help options are enabled, and a help option is matched,
+ * then the string produced by {@link #getHelpMessage getHelpMessage} is printed to the default print stream and the
+ * program
+ * exits with code 0. Otherwise, arguments which match help
+ * options are ignored.
+ *
+ * @param enable enables help options if <code>true</code>.
+ * @see ArgParser#getHelpOptionsEnabled
+ * @see ArgParser#addOption
+ * @see ArgParser#setDefaultPrintStream
+ */
+ public void setHelpOptionsEnabled(boolean enable) {
+ helpOptionsEnabled = enable;
+ }
+
+ /**
+ * Returns the default print stream used for outputting help
+ * and error information.
+ *
+ * @return default print stream
+ * @see ArgParser#setDefaultPrintStream
+ */
+ public PrintStream getDefaultPrintStream() {
+ return printStream;
+ }
+
+ /**
+ * Sets the default print stream used for outputting help
+ * and error information.
+ *
+ * @param stream new default print stream
+ * @see ArgParser#getDefaultPrintStream
+ */
+ public void setDefaultPrintStream(PrintStream stream) {
+ printStream = stream;
+ }
+
+ /**
+ * Gets the indentation used by {@link #getHelpMessage
+ * getHelpMessage}.
+ *
+ * @return number of indentation columns
+ * @see ArgParser#setHelpIndentation
+ * @see ArgParser#getHelpMessage
+ */
+ public int getHelpIndentation() {
+ return helpIndent;
+ }
+
+ /**
+ * Sets the indentation used by {@link #getHelpMessage
+ * getHelpMessage}. This is the number of columns that an option's help
+ * information is indented. If the option's name and value information
+ * can fit within this number of columns, then all information about
+ * the option is placed on one line. Otherwise, the indented help
+ * information is placed on a separate line.
+ *
+ * @param indent number of indentation columns
+ * @see ArgParser#getHelpIndentation
+ * @see ArgParser#getHelpMessage
+ */
+ public void setHelpIndentation(int indent) {
+ helpIndent = indent;
+ }
+
+ // public void setTabSpacing (int n)
+ // { tabSpacing = n;
+ // }
+
+ // public int getTabSpacing ()
+ // { return tabSpacing;
+ // }
+
+ private void scanRangeSpec(Record rec, String s)
+ throws IllegalArgumentException {
+ StringScanner scanner = new StringScanner(s);
+ char c, c0, c1;
+
+ scanner.setStringDelimiters(")],}");
+ c = scanner.getc(); // swallow the first '{'
+ scanner.skipWhiteSpace();
+ while ((c = scanner.peekc()) != '}') {
+ RangePnt p0, p1;
+
+ if (c == '[' || c == '(') {
+ if (rec.convertCode == 'v' || rec.convertCode == 'b') {
+ throw new IllegalArgumentException("Sub ranges not supported for %b or %v");
+ }
+ c0 = scanner.getc(); // record & swallow character
+ scanner.skipWhiteSpace();
+ p0 = new RangePnt(scanner, rec.type);
+ scanner.skipWhiteSpace();
+ if (scanner.getc() != ',') {
+ throw new IllegalArgumentException("Missing ',' in subrange specification");
+ }
+ p1 = new RangePnt(scanner, rec.type);
+ scanner.skipWhiteSpace();
+ if ((c1 = scanner.getc()) != ']' && c1 != ')') {
+ throw new IllegalArgumentException("Unterminated subrange");
+ }
+ if (c0 == '(') {
+ p0.setClosed(false);
+ }
+ if (c1 == ')') {
+ p1.setClosed(false);
+ }
+ rec.addRangeAtom(new RangeAtom(p0, p1, rec.type));
+ } else {
+ scanner.skipWhiteSpace();
+ p0 = new RangePnt(scanner, rec.type);
+ rec.addRangeAtom(new RangeAtom(p0));
+ }
+ scanner.skipWhiteSpace();
+ if ((c = scanner.peekc()) == ',') {
+ scanner.getc();
+ scanner.skipWhiteSpace();
+ } else if (c != '}') {
+ throw new IllegalArgumentException("Range spec: ',' or '}' expected");
+ }
+ }
+ if (rec.numRangeAtoms() == 1) {
+ rec.rangeDesc = s.substring(1, s.length() - 1);
+ } else {
+ rec.rangeDesc = s;
+ }
+ }
+
+ private int defaultResultType(char convertCode) {
+ switch (convertCode) {
+ case 'i':
+ case 'o':
+ case 'd':
+ case 'x': {
+ return Record.LONG;
+ }
+ case 'c': {
+ return Record.CHAR;
+ }
+ case 'v':
+ case 'b': {
+ return Record.BOOLEAN;
+ }
+ case 'f': {
+ return Record.DOUBLE;
+ }
+ case 's': {
+ return Record.STRING;
+ }
+ }
+ return Record.NOTYPE;
+ }
+
+ /**
+ * Adds a new option description to the parser. The method takes two
+ * arguments: a specification string, and a result holder in which to
+ * store the associated value.
+ *
+ * <p>
+ * The specification string has the general form
+ *
+ * <p>
+ * <var>optionNames</var> <code>%</code><var>conversionCode</var> [<code>{</code><var>rangeSpec</var><code>}</code>]
+ * [<code>X</code><var>multiplier</var>] [<code>#</code><var>valueDescription</var>] [<code>#</code>
+ * <var>optionDescription</var>] </code>
+ *
+ * <p>
+ * where
+ * <ul>
+ * <p>
+ * <li><var>optionNames</var> is a comma-separated list of names for the option (such as <code>-f, --file</code>).
+ *
+ * <p>
+ * <li><var>conversionCode</var> is a single letter, following a <code>%</code> character, specifying information
+ * about what value the option requires:
+ *
+ * <table>
+ * <tr>
+ * <td><code>%f</code></td>
+ * <td>a floating point number</td>
+ * <tr>
+ * <td><code>%i</code></td>
+ * <td>an integer, in either decimal, hex (if preceeded by <code>0x</code>), or octal (if preceeded by
+ * <code>0</code>)</td>
+ * <tr valign=top>
+ * <td><code>%d</code></td>
+ * <td>a decimal integer</td>
+ * <tr valign=top>
+ * <td><code>%o</code></td>
+ * <td>an octal integer</td>
+ * <tr valign=top>
+ * <td><code>%h</code></td>
+ * <td>a hex integer (without the preceeding <code>0x</code>)</td>
+ * <tr valign=top>
+ * <td><code>%c</code></td>
+ * <td>a single character, including escape sequences (such as <code>\n</code> or <code>\007</code>), and optionally
+ * enclosed in single quotes
+ * <tr valign=top>
+ * <td><code>%b</code></td>
+ * <td>a boolean value (<code>true</code> or <code>false</code>)</td>
+ * <tr valign=top>
+ * <td><code>%s</code></td>
+ * <td>a string. This will be the argument string itself (or its remainder, in the case of a single word option)</td>
+ * <tr valign=top>
+ * <td><code>%v</code></td>
+ * <td>no explicit value is expected, but a boolean value of <code>true</code> (by default) will be stored into the
+ * associated result holder if this option is matched. If one wishes to have a value of <code>false</code> stored
+ * instead, then the <code>%v</code> should be followed by a "range spec" containing <code>false</code>, as in
+ * <code>%v{false}</code>.
+ * </table>
+ *
+ * <p>
+ * <li><var>rangeSpec</var> is an optional range specification, placed inside curly braces, consisting of a
+ * comma-separated list of range items each specifying permissible values for the option. A range item may be an
+ * individual value, or it may itself be a subrange, consisting of two individual values, separated by a comma, and
+ * enclosed in square or round brackets. Square and round brackets denote closed and open endpoints of a subrange,
+ * indicating that the associated endpoint value is included or excluded from the subrange. The values specified in
+ * the range spec need to be consistent with the type of value expected by the option.
+ *
+ * <p>
+ * <b>Examples:</b>
+ *
+ * <p>
+ * A range spec of <code>{2,4,8,16}</code> for an integer value will allow the integers 2, 4, 8, or 16.
+ *
+ * <p>
+ * A range spec of <code>{[-1.0,1.0]}</code> for a floating point value will allow any floating point number in the
+ * range -1.0 to 1.0.
+ *
+ * <p>
+ * A range spec of <code>{(-88,100],1000}</code> for an integer value will allow values > -88 and <= 100, as well as
+ * 1000.
+ *
+ * <p>
+ * A range spec of <code>{"foo", "bar", ["aaa","zzz")} </code> for a string value will allow strings equal to
+ * <code>"foo"</code> or <code>"bar"</code>, plus any string lexically greater than or equal to <code>"aaa"</code>
+ * but less then <code>"zzz"</code>.
+ *
+ * <p>
+ * <li><var>multiplier</var> is an optional integer, following a <code>X</code> character, indicating the number of
+ * values which the option expects. If the multiplier is not specified, it is assumed to be 1. If the multiplier
+ * value is greater than 1, then the result holder should be either an array (of appropriate type) with a length
+ * greater than or equal to the multiplier value, or a <code>java.util.Vector</code> <a href=#vectorHolder>as
+ * discussed below</a>.
+ *
+ * <p>
+ * <li><var>valueDescription</var> is an optional description of the option's value requirements, and consists of
+ * all characters between two <code>#</code> characters. The final <code>#</code> character initiates the <i>option
+ * description</i>, which may be empty. The value description is used in <a href=#helpInfo>generating help
+ * messages</a>.
+ *
+ * <p>
+ * <li><var>optionDescription</var> is an optional description of the option itself, consisting of all characters
+ * between a <code>#</code> character and the end of the specification string. The option description is used in <a
+ * href=#helpInfo>generating help messages</a>.
+ * </ul>
+ *
+ * <p>
+ * The result holder must be an object capable of holding a value compatible with the conversion code, or it must be
+ * a <code>java.util.Vector</code>. When the option is matched, its associated value is placed in the result holder.
+ * If the same option is matched repeatedly, the result holder value will be overwritten, unless the result holder
+ * is a <code>java.util.Vector</code>, in which case new holder objects for each match will be allocated and added
+ * to the vector. Thus if multiple instances of an option are desired by the program, the result holder should be a
+ * <code>java.util.Vector</code>.
+ *
+ * <p>
+ * If the result holder is not a <code>Vector</code>, then it must correspond as follows to the conversion code:
+ *
+ * <table>
+ * <tr valign=top>
+ * <td><code>%i</code>, <code>%d</code>, <code>%x</code>, <code>%o</code></td>
+ * <td>{@link argparser.IntHolder IntHolder}, {@link argparser.LongHolder LongHolder}, <code>int[]</code>, or
+ * <code>long[]</code></td>
+ * </tr>
+ *
+ * <tr valign=top>
+ * <td><code>%f</code></td>
+ * <td>{@link argparser.FloatHolder FloatHolder}, {@link argparser.DoubleHolder DoubleHolder}, <code>float[]</code>,
+ * or <code>double[]</code></td>
+ * </tr>
+ *
+ * <tr valign=top>
+ * <td><code>%b</code>, <code>%v</code></td>
+ * <td>{@link argparser.BooleanHolder BooleanHolder} or <code>boolean[]</code></td>
+ * </tr>
+ *
+ * <tr valign=top>
+ * <td><code>%s</code></td>
+ * <td>{@link argparser.StringHolder StringHolder} or <code>String[]</code></td>
+ * </tr>
+ *
+ * <tr valign=top>
+ * <td><code>%c</code></td>
+ * <td>{@link argparser.CharHolder CharHolder} or <code>char[]</code></td>
+ * </tr>
+ * </table>
+ *
+ * <p>
+ * In addition, if the multiplier is greater than 1, then only the array type indicated above may be used, and the
+ * array must be at least as long as the multiplier.
+ *
+ * <p>
+ * <a name=vectorHolder>If the result holder is a <code>Vector</code>, then the system will create an appropriate
+ * result holder object and add it to the vector. Multiple occurances of the option will cause multiple results to
+ * be added to the vector.
+ *
+ * <p>
+ * The object allocated by the system to store the result will correspond to the conversion code as follows:
+ *
+ * <table>
+ * <tr valign=top>
+ * <td><code>%i</code>, <code>%d</code>, <code>%x</code>, <code>%o</code></td>
+ * <td>{@link argparser.LongHolder LongHolder}, or <code>long[]</code> if the multiplier value exceeds 1</td>
+ * </tr>
+ *
+ * <tr valign=top>
+ * <td><code>%f</code></td>
+ * <td>{@link argparser.DoubleHolder DoubleHolder}, or <code>double[]</code> if the multiplier value exceeds 1</td>
+ * </tr>
+ *
+ * <tr valign=top>
+ * <td><code>%b</code>, <code>%v</code></td>
+ * <td>{@link argparser.BooleanHolder BooleanHolder}, or <code>boolean[]</code> if the multiplier value exceeds 1</td>
+ * </tr>
+ *
+ * <tr valign=top>
+ * <td><code>%s</code></td>
+ * <td>{@link argparser.StringHolder StringHolder}, or <code>String[]</code> if the multiplier value exceeds 1</td>
+ * </tr>
+ *
+ * <tr valign=top>
+ * <td><code>%c</code></td>
+ * <td>{@link argparser.CharHolder CharHolder}, or <code>char[]</code> if the multiplier value exceeds 1</td>
+ * </tr>
+ * </table>
+ *
+ * @param spec the specification string
+ * @param resHolder object in which to store the associated
+ * value
+ * @throws IllegalArgumentException if there is an error in
+ * the specification or if the result holder is of an invalid
+ * type.
+ */
+ public void addOption(String spec, Object resHolder)
+ throws IllegalArgumentException {
+ // null terminated string is easier to parse
+ StringScanner scanner = new StringScanner(spec);
+ Record rec = null;
+ NameDesc nameTail = null;
+ NameDesc ndesc;
+ int i0, i1;
+ char c;
+
+ do {
+ ndesc = new NameDesc();
+ boolean nameEndsInWhiteSpace = false;
+
+ scanner.skipWhiteSpace();
+ i0 = scanner.getIndex();
+ while (!Character.isWhitespace(c = scanner.getc()) &&
+ c != ',' && c != '%' && c != '\000')
+ ;
+ i1 = scanner.getIndex();
+ if (c != '\000') {
+ i1--;
+ }
+ if (i0 == i1) { // then c is one of ',' '%' or '\000'
+ throw new IllegalArgumentException("Null option name given");
+ }
+ if (Character.isWhitespace(c)) {
+ nameEndsInWhiteSpace = true;
+ scanner.skipWhiteSpace();
+ c = scanner.getc();
+ }
+ if (c == '\000') {
+ throw new IllegalArgumentException("No conversion character given");
+ }
+ if (c != ',' && c != '%') {
+ throw new IllegalArgumentException("Names not separated by ','");
+ }
+ ndesc.name = scanner.substring(i0, i1);
+ if (rec == null) {
+ rec = new Record();
+ rec.nameList = ndesc;
+ } else {
+ nameTail.next = ndesc;
+ }
+ nameTail = ndesc;
+ ndesc.oneWord = !nameEndsInWhiteSpace;
+ } while (c != '%');
+
+ if (!nameTail.oneWord) {
+ for (ndesc = rec.nameList; ndesc != null; ndesc = ndesc.next) {
+ ndesc.oneWord = false;
+ }
+ }
+ c = scanner.getc();
+ if (c == '\000') {
+ throw new IllegalArgumentException("No conversion character given");
+ }
+ if (validConversionCodes.indexOf(c) == -1) {
+ throw new IllegalArgumentException("Conversion code '" + c + "' not one of '" +
+ validConversionCodes + "'");
+ }
+ rec.convertCode = c;
+
+ if (resHolder instanceof Vector) {
+ rec.vectorResult = true;
+ rec.type = defaultResultType(rec.convertCode);
+ } else {
+ switch (rec.convertCode) {
+ case 'i':
+ case 'o':
+ case 'd':
+ case 'x': {
+ if (resHolder instanceof LongHolder ||
+ resHolder instanceof long[]) {
+ rec.type = Record.LONG;
+ } else if (resHolder instanceof IntHolder ||
+ resHolder instanceof int[]) {
+ rec.type = Record.INT;
+ } else {
+ throw new IllegalArgumentException(
+ "Invalid result holder for %" + c);
+ }
+ break;
+ }
+ case 'c': {
+ if (!(resHolder instanceof CharHolder) &&
+ !(resHolder instanceof char[])) {
+ throw new IllegalArgumentException(
+ "Invalid result holder for %c");
+ }
+ rec.type = Record.CHAR;
+ break;
+ }
+ case 'v':
+ case 'b': {
+ if (!(resHolder instanceof BooleanHolder) &&
+ !(resHolder instanceof boolean[])) {
+ throw new IllegalArgumentException(
+ "Invalid result holder for %" + c);
+ }
+ rec.type = Record.BOOLEAN;
+ break;
+ }
+ case 'f': {
+ if (resHolder instanceof DoubleHolder ||
+ resHolder instanceof double[]) {
+ rec.type = Record.DOUBLE;
+ } else if (resHolder instanceof FloatHolder ||
+ resHolder instanceof float[]) {
+ rec.type = Record.FLOAT;
+ } else {
+ throw new IllegalArgumentException(
+ "Invalid result holder for %f");
+ }
+ break;
+ }
+ case 's': {
+ if (!(resHolder instanceof StringHolder) &&
+ !(resHolder instanceof String[])) {
+ throw new IllegalArgumentException(
+ "Invalid result holder for %s");
+ }
+ rec.type = Record.STRING;
+ break;
+ }
+ case 'h': { // resHolder is ignored for this type
+ break;
+ }
+ }
+ }
+ if (rec.convertCode == 'h') {
+ rec.resHolder = null;
+ } else {
+ rec.resHolder = resHolder;
+ }
+
+ scanner.skipWhiteSpace();
+ // get the range specification, if any
+ if (scanner.peekc() == '{') {
+ if (rec.convertCode == 'h') {
+ throw new IllegalArgumentException("Ranges not supported for %h");
+ }
+ // int bcnt = 0;
+ i0 = scanner.getIndex(); // beginning of range spec
+ do {
+ c = scanner.getc();
+ if (c == '\000') {
+ throw new IllegalArgumentException("Unterminated range specification");
+ }
+ // else if (c=='[' || c=='(')
+ // { bcnt++;
+ // }
+ // else if (c==']' || c==')')
+ // { bcnt--;
+ // }
+ // if ((rec.convertCode=='v'||rec.convertCode=='b') && bcnt>1)
+ // { throw new IllegalArgumentException
+ // ("Sub ranges not supported for %b or %v");
+ // }
+ } while (c != '}');
+ // if (c != ']')
+ // { throw new IllegalArgumentException
+ // ("Range specification must end with ']'");
+ // }
+ i1 = scanner.getIndex(); // end of range spec
+ scanRangeSpec(rec, scanner.substring(i0, i1));
+ if (rec.convertCode == 'v' && rec.rangeList != null) {
+ rec.vval = rec.rangeList.low.bval;
+ }
+ }
+ // check for value multiplicity information, if any
+ if (scanner.peekc() == 'X') {
+ if (rec.convertCode == 'h') {
+ throw new IllegalArgumentException("Multipliers not supported for %h");
+ }
+ scanner.getc();
+ try {
+ rec.numValues = (int) scanner.scanInt();
+ } catch (StringScanException e) {
+ throw new IllegalArgumentException("Malformed value multiplier");
+ }
+ if (rec.numValues <= 0) {
+ throw new IllegalArgumentException("Value multiplier number must be > 0");
+ }
+ } else {
+ rec.numValues = 1;
+ }
+ if (rec.numValues > 1) {
+ for (ndesc = rec.nameList; ndesc != null; ndesc = ndesc.next) {
+ if (ndesc.oneWord) {
+ throw new IllegalArgumentException(
+ "Multiplier value incompatible with one word option " + ndesc.name);
+ }
+ }
+ }
+ if (resHolder != null && resHolder.getClass().isArray()) {
+ if (Array.getLength(resHolder) < rec.numValues) {
+ throw new IllegalArgumentException(
+ "Result holder array must have a length >= " + rec.numValues);
+ }
+ } else {
+ if (rec.numValues > 1 && !(resHolder instanceof Vector)) {
+ throw new IllegalArgumentException(
+ "Multiplier requires result holder to be an array of length >= "
+ + rec.numValues);
+ }
+ }
+
+ // skip white space following conversion information
+ scanner.skipWhiteSpace();
+
+ // get the help message, if any
+
+ if (!scanner.atEnd()) {
+ if (scanner.getc() != '#') {
+ throw new IllegalArgumentException("Illegal character(s), expecting '#'");
+ }
+ String helpInfo = scanner.substring(scanner.getIndex());
+ // look for second '#'. If there is one, then info
+ // between the first and second '#' is the value descriptor.
+ int k = helpInfo.indexOf("#");
+ if (k != -1) {
+ rec.valueDesc = helpInfo.substring(0, k);
+ rec.helpMsg = helpInfo.substring(k + 1);
+ } else {
+ rec.helpMsg = helpInfo;
+ }
+ } else {
+ rec.helpMsg = "";
+ }
+
+ // parse helpMsg for required/optional information if present
+ // default to required
+ if (rec.helpMsg.indexOf("(optional") != -1) {
+ rec.required = false;
+ }
+
+ // add option information to match list
+ if (rec.convertCode == 'h' && firstHelpOption == defaultHelpOption) {
+ matchList.remove(defaultHelpOption);
+ firstHelpOption = rec;
+ }
+ matchList.add(rec);
+ }
+
+ Record lastMatchRecord() {
+ return (Record) matchList.lastElement();
+ }
+
+ private Record getRecord(String arg, ObjectHolder ndescHolder) {
+ NameDesc ndesc;
+ for (int i = 0; i < matchList.size(); i++) {
+ Record rec = (Record) matchList.get(i);
+ for (ndesc = rec.nameList; ndesc != null; ndesc = ndesc.next) {
+ if (rec.convertCode != 'v' && ndesc.oneWord) {
+ if (arg.startsWith(ndesc.name)) {
+ if (ndescHolder != null) {
+ ndescHolder.value = ndesc;
+ }
+ return rec;
+ }
+ } else {
+ if (arg.equals(ndesc.name)) {
+ if (ndescHolder != null) {
+ ndescHolder.value = ndesc;
+ }
+ return rec;
+ }
+ }
+ }
+ }
+ return null;
+ }
+
+ public void checkRequiredArgs() {
+ for (int i = 1; i < matchList.size(); i++) {
+ Record rec = (Record) matchList.get(i);
+ StringHolder myString = (StringHolder) rec.resHolder;
+ if (((myString.value == null) || (myString.value.equals(""))) && (rec.required)) {
+ printErrorAndExit("Required parameter " + rec.nameList.name + " is not specified.");
+ }
+ }
+ }
+
+ Object getResultHolder(String arg) {
+ Record rec = getRecord(arg, null);
+ return (rec != null) ? rec.resHolder : null;
+ }
+
+ String getOptionName(String arg) {
+ ObjectHolder ndescHolder = new ObjectHolder();
+ Record rec = getRecord(arg, ndescHolder);
+ return (rec != null) ? ((NameDesc) ndescHolder.value).name : null;
+ }
+
+ String getOptionRangeDesc(String arg) {
+ Record rec = getRecord(arg, null);
+ return (rec != null) ? rec.rangeDesc : null;
+ }
+
+ String getOptionTypeName(String arg) {
+ Record rec = getRecord(arg, null);
+ return (rec != null) ? rec.valTypeName() : null;
+ }
+
+ private Object createResultHolder(Record rec) {
+ if (rec.numValues == 1) {
+ switch (rec.type) {
+ case Record.LONG: {
+ return new LongHolder();
+ }
+ case Record.CHAR: {
+ return new CharHolder();
+ }
+ case Record.BOOLEAN: {
+ return new BooleanHolder();
+ }
+ case Record.DOUBLE: {
+ return new DoubleHolder();
+ }
+ case Record.STRING: {
+ return new StringHolder();
+ }
+ }
+ } else {
+ switch (rec.type) {
+ case Record.LONG: {
+ return new long[rec.numValues];
+ }
+ case Record.CHAR: {
+ return new char[rec.numValues];
+ }
+ case Record.BOOLEAN: {
+ return new boolean[rec.numValues];
+ }
+ case Record.DOUBLE: {
+ return new double[rec.numValues];
+ }
+ case Record.STRING: {
+ return new String[rec.numValues];
+ }
+ }
+ }
+ return null; // can't happen
+ }
+
+ static void stringToArgs(Vector<String> vec, String s,
+ boolean allowQuotedStrings)
+ throws StringScanException {
+ StringScanner scanner = new StringScanner(s);
+ scanner.skipWhiteSpace();
+ while (!scanner.atEnd()) {
+ if (allowQuotedStrings) {
+ vec.add(scanner.scanString());
+ } else {
+ vec.add(scanner.scanNonWhiteSpaceString());
+ }
+ scanner.skipWhiteSpace();
+ }
+ }
+
+ /**
+ * Reads in a set of strings from a reader and prepends them to an
+ * argument list. Strings are delimited by either whitespace or
+ * double quotes <code>"</code>. The character <code>#</code> acts as
+ * a comment character, causing input to the end of the current line to
+ * be ignored.
+ *
+ * @param reader Reader from which to read the strings
+ * @param args Initial set of argument values. Can be
+ * specified as <code>null</code>.
+ * @throws IOException if an error occured while reading.
+ */
+ public static String[] prependArgs(Reader reader, String[] args)
+ throws IOException {
+ if (args == null) {
+ args = new String[0];
+ }
+ LineNumberReader lineReader = new LineNumberReader(reader);
+ Vector<String> vec = new Vector<String>(100, 100);
+ String line;
+ int i, k;
+
+ while ((line = lineReader.readLine()) != null) {
+ int commentIdx = line.indexOf("#");
+ if (commentIdx != -1) {
+ line = line.substring(0, commentIdx);
+ }
+ try {
+ stringToArgs(vec, line, /*allowQuotedStings=*/true);
+ } catch (StringScanException e) {
+ throw new IOException(
+ "malformed string, line " + lineReader.getLineNumber());
+ }
+ }
+ String[] result = new String[vec.size() + args.length];
+ for (i = 0; i < vec.size(); i++) {
+ result[i] = (String) vec.get(i);
+ }
+ for (k = 0; k < args.length; k++) {
+ result[i++] = args[k];
+ }
+ return result;
+ }
+
+ /**
+ * Reads in a set of strings from a file and prepends them to an
+ * argument list. Strings are delimited by either whitespace or double
+ * quotes <code>"</code>. The character <code>#</code> acts as a
+ * comment character, causing input to the end of the current line to
+ * be ignored.
+ *
+ * @param file File to be read
+ * @param args Initial set of argument values. Can be
+ * specified as <code>null</code>.
+ * @throws IOException if an error occured while reading the file.
+ */
+ public static String[] prependArgs(File file, String[] args)
+ throws IOException {
+ if (args == null) {
+ args = new String[0];
+ }
+ if (!file.canRead()) {
+ return args;
+ }
+ try {
+ return prependArgs(new FileReader(file), args);
+ } catch (IOException e) {
+ throw new IOException(
+ "File " + file.getName() + ": " + e.getMessage());
+ }
+ }
+
+ /**
+ * Sets the parser's error message.
+ *
+ * @param s Error message
+ */
+ protected void setError(String msg) {
+ errMsg = msg;
+ }
+
+ /**
+ * Prints an error message, along with a pointer to help options,
+ * if available, and causes the program to exit with code 1.
+ */
+ public void printErrorAndExit(String msg) {
+ if (helpOptionsEnabled && firstHelpOptionName() != null) {
+ msg += "\nUse " + firstHelpOptionName() + " for help information";
+ }
+ if (printStream != null) {
+ printStream.println(msg);
+ }
+ System.exit(1);
+ }
+
+ /**
+ * Matches arguments within an argument list.
+ *
+ * <p>
+ * In the event of an erroneous or unmatched argument, the method prints a message and exits the program with code
+ * 1.
+ *
+ * <p>
+ * If help options are enabled and one of the arguments matches a help option, then the result of
+ * {@link #getHelpMessage
+ * getHelpMessage} is printed to the default print stream and the program exits with code 0. If help options are not
+ * enabled, they are ignored.
+ *
+ * @param args argument list
+ * @see ArgParser#getDefaultPrintStream
+ */
+ public void matchAllArgs(String[] args) {
+ matchAllArgs(args, 0, EXIT_ON_UNMATCHED | EXIT_ON_ERROR);
+ }
+
+ /**
+ * Matches arguments within an argument list and returns
+ * those which were not matched. The matching starts at a location
+ * in <code>args</code> specified by <code>idx</code>, and
+ * unmatched arguments are returned in a String array.
+ *
+ * <p>
+ * In the event of an erroneous argument, the method either prints a message and exits the program (if
+ * {@link #EXIT_ON_ERROR} is set in <code>exitFlags</code>) or terminates the matching and creates a error message
+ * that can be retrieved by {@link #getErrorMessage}.
+ *
+ * <p>
+ * In the event of an umatched argument, the method will print a message and exit if {@link #EXIT_ON_UNMATCHED} is
+ * set in <code>errorFlags</code>. Otherwise, the unmatched argument will be appended to the returned array of
+ * unmatched values, and the matching will continue at the next location.
+ *
+ * <p>
+ * If help options are enabled and one of the arguments matches a help option, then the result of
+ * {@link #getHelpMessage
+ * getHelpMessage} is printed to the the default print stream and the program exits with code 0. If help options are
+ * not enabled, then they will not be matched.
+ *
+ * @param args argument list
+ * @param idx starting location in list
+ * @param exitFlags conditions causing the program to exit. Should be
+ * an or-ed combintion of {@link #EXIT_ON_ERROR} or {@link #EXIT_ON_UNMATCHED}.
+ * @return array of arguments that were not matched, or <code>null</code> if all arguments were successfully matched
+ * @see ArgParser#getErrorMessage
+ * @see ArgParser#getDefaultPrintStream
+ */
+ public String[] matchAllArgs(String[] args, int idx, int exitFlags) {
+ Vector<String> unmatched = new Vector<String>(10);
+
+ while (idx < args.length) {
+ try {
+ idx = matchArg(args, idx);
+ if (unmatchedArg != null) {
+ if ((exitFlags & EXIT_ON_UNMATCHED) != 0) {
+ printErrorAndExit("Unrecognized argument: " + unmatchedArg);
+ } else {
+ unmatched.add(unmatchedArg);
+ }
+ }
+ } catch (ArgParseException e) {
+ if ((exitFlags & EXIT_ON_ERROR) != 0) {
+ printErrorAndExit(e.getMessage());
+ }
+ break;
+ }
+ }
+ if (unmatched.size() == 0) {
+ return null;
+ } else {
+ return (String[]) unmatched.toArray(new String[0]);
+ }
+ }
+
+ /**
+ * Matches one option starting at a specified location in an argument
+ * list. The method returns the location in the list where the next
+ * match should begin.
+ *
+ * <p>
+ * In the event of an erroneous argument, the method throws an {@link argparser.ArgParseException ArgParseException}
+ * with an appropriate error message. This error message can also be retrieved using {@link #getErrorMessage
+ * getErrorMessage}.
+ *
+ * <p>
+ * In the event of an umatched argument, the method will return idx + 1, and {@link #getUnmatchedArgument
+ * getUnmatchedArgument} will return a copy of the unmatched argument. If an argument is matched,
+ * {@link #getUnmatchedArgument getUnmatchedArgument} will return <code>null</code>.
+ *
+ * <p>
+ * If help options are enabled and the argument matches a help option, then the result of {@link #getHelpMessage
+ * getHelpMessage} is printed to the the default print stream and the program exits with code 0. If help options are
+ * not enabled, then they are ignored.
+ *
+ * @param args argument list
+ * @param idx location in list where match should start
+ * @return location in list where next match should start
+ * @throws ArgParseException if there was an error performing
+ * the match (such as improper or insufficient values).
+ * @see ArgParser#setDefaultPrintStream
+ * @see ArgParser#getHelpOptionsEnabled
+ * @see ArgParser#getErrorMessage
+ * @see ArgParser#getUnmatchedArgument
+ */
+ @SuppressWarnings("unchecked")
+ public int matchArg(String[] args, int idx)
+ throws ArgParseException {
+ unmatchedArg = null;
+ setError(null);
+ try {
+ ObjectHolder ndescHolder = new ObjectHolder();
+ Record rec = getRecord(args[idx], ndescHolder);
+ if (rec == null || (rec.convertCode == 'h' && !helpOptionsEnabled)) { // didn't match
+ unmatchedArg = new String(args[idx]);
+ return idx + 1;
+ }
+ NameDesc ndesc = (NameDesc) ndescHolder.value;
+ Object result;
+ if (rec.resHolder instanceof Vector) {
+ result = createResultHolder(rec);
+ } else {
+ result = rec.resHolder;
+ }
+ if (rec.convertCode == 'h') {
+ if (helpOptionsEnabled) {
+ printStream.println(getHelpMessage());
+ System.exit(0);
+ } else {
+ return idx + 1;
+ }
+ } else if (rec.convertCode != 'v') {
+ if (ndesc.oneWord) {
+ rec.scanValue(
+ result, ndesc.name,
+ args[idx].substring(ndesc.name.length()), 0);
+ } else {
+ if (idx + rec.numValues >= args.length) {
+ throw new ArgParseException(
+ ndesc.name, "requires " + rec.numValues + " value" +
+ (rec.numValues > 1 ? "s" : ""));
+ }
+ for (int k = 0; k < rec.numValues; k++) {
+ rec.scanValue(result, ndesc.name, args[++idx], k);
+ }
+ }
+ } else {
+ if (rec.resHolder instanceof BooleanHolder) {
+ ((BooleanHolder) result).value = rec.vval;
+ } else {
+ for (int k = 0; k < rec.numValues; k++) {
+ ((boolean[]) result)[k] = rec.vval;
+ }
+ }
+ }
+ if (rec.resHolder instanceof Vector) {
+ ((Vector<Object>) rec.resHolder).add(result);
+ }
+ } catch (ArgParseException e) {
+ setError(e.getMessage());
+ throw e;
+ }
+ return idx + 1;
+ }
+
+ private String spaceString(int n) {
+ StringBuffer sbuf = new StringBuffer(n);
+ for (int i = 0; i < n; i++) {
+ sbuf.append(' ');
+ }
+ return sbuf.toString();
+ }
+
+ // public String getShortHelpMessage ()
+ // {
+ // String s;
+ // Record rec;
+ // NameDesc ndesc;
+ // int initialIndent = 8;
+ // int col = initialIndent;
+
+ // if (maxcols <= 0)
+ // { maxcols = 80;
+ // }
+ // if (matchList.size() > 0)
+ // { ps.print (spaceString(initialIndent));
+ // }
+ // for (int i=0; i<matchList.size(); i++)
+ // { rec = (Record)matchList.get(i);
+ // s = "[";
+ // for (ndesc=rec.nameList; ndesc!=null; ndesc=ndesc.next)
+ // { s = s + ndesc.name;
+ // if (ndesc.oneWord == false)
+ // { s = s + " ";
+ // }
+ // if (ndesc.next != null)
+ // { s = s + ",";
+ // }
+ // }
+ // if (rec.convertCode != 'v' && rec.convertCode != 'h')
+ // { if (rec.valueDesc != null)
+ // { s += rec.valueDesc;
+ // }
+ // else
+ // { s = s + "<" + rec.valTypeName() + ">";
+ // if (rec.numValues > 1)
+ // { s += "X" + rec.numValues;
+ // }
+ // }
+ // }
+ // s = s + "]";
+ // /*
+ // (col+=s.length()) > (maxcols-1) => we will spill over edge.
+ // we use (maxcols-1) because if we go right to the edge
+ // (maxcols), we get wrap new line inserted "for us".
+ // i != 0 means we print the first entry, no matter
+ // how long it is. Subsequent entries are printed
+ // full length anyway. */
+
+ // if ((col+=s.length()) > (maxcols-1) && i != 0)
+ // { col = initialIndent+s.length();
+ // ps.print ("\n" + spaceString(initialIndent));
+ // }
+ // ps.print (s);
+ // }
+ // if (matchList.size() > 0)
+ // { ps.print ('\n');
+ // ps.flush();
+ // }
+ // }
+
+ /**
+ * Returns a string describing the allowed options
+ * in detail.
+ *
+ * @return help information string.
+ */
+ public String getHelpMessage() {
+ Record rec;
+ NameDesc ndesc;
+ boolean hasOneWordAlias = false;
+ String s;
+
+ s = "Usage: " + synopsisString + "\n";
+ s += "Options include:\n\n";
+ for (int i = 0; i < matchList.size(); i++) {
+ String optionInfo = "";
+ rec = (Record) matchList.get(i);
+ if (rec.convertCode == 'h' && !helpOptionsEnabled) {
+ continue;
+ }
+ for (ndesc = rec.nameList; ndesc != null; ndesc = ndesc.next) {
+ if (ndesc.oneWord) {
+ hasOneWordAlias = true;
+ break;
+ }
+ }
+ for (ndesc = rec.nameList; ndesc != null; ndesc = ndesc.next) {
+ optionInfo += ndesc.name;
+ if (hasOneWordAlias && !ndesc.oneWord) {
+ optionInfo += " ";
+ }
+ if (ndesc.next != null) {
+ optionInfo += ",";
+ }
+ }
+ if (!hasOneWordAlias) {
+ optionInfo += " ";
+ }
+ if (rec.convertCode != 'v' && rec.convertCode != 'h') {
+ if (rec.valueDesc != null) {
+ optionInfo += rec.valueDesc;
+ } else {
+ if (rec.rangeDesc != null) {
+ optionInfo += "<" + rec.valTypeName() + " "
+ + rec.rangeDesc + ">";
+ } else {
+ optionInfo += "<" + rec.valTypeName() + ">";
+ }
+ }
+ }
+ if (rec.numValues > 1) {
+ optionInfo += "X" + rec.numValues;
+ }
+ s += optionInfo;
+ if (rec.helpMsg.length() > 0) {
+ int pad = helpIndent - optionInfo.length();
+ if (pad < 2) { //s += '\n';
+ pad = helpIndent;
+ }
+ // s += spaceString(pad) + rec.helpMsg;
+ s += spaceString(4) + rec.helpMsg;
+ }
+ s += '\n';
+ }
+ return s;
+ }
+
+ /**
+ * Returns the parser's error message. This is automatically
+ * set whenever an error is encountered in <code>matchArg</code> or <code>matchAllArgs</code>, and is automatically
+ * set to <code>null</code> at the beginning of these methods.
+ *
+ * @return error message
+ */
+ public String getErrorMessage() {
+ return errMsg;
+ }
+
+ /**
+ * Returns the value of an unmatched argument discovered {@link #matchArg matchArg} or
+ * {@link #matchAllArgs(String[],int,int)
+ * matchAllArgs}. If there was no unmatched argument, <code>null</code> is returned.
+ *
+ * @return unmatched argument
+ */
+ public String getUnmatchedArgument() {
+ return unmatchedArg;
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/ArgParserTest.java b/base/silent/src/com/netscape/pkisilent/argparser/ArgParserTest.java
new file mode 100644
index 000000000..9ddb80778
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/ArgParserTest.java
@@ -0,0 +1,1514 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Copyright John E. Lloyd, 2004. All rights reserved. Permission to use,
+ * copy, modify and redistribute is granted, provided that this copyright
+ * notice is retained and the author is given credit whenever appropriate.
+ *
+ * This software is distributed "as is", without any warranty, including
+ * any implied warranty of merchantability or fitness for a particular
+ * use. The author assumes no responsibility for, and shall not be liable
+ * for, any special, indirect, or consequential damages, or any damages
+ * whatsoever, arising out of or in connection with the use of this
+ * software.
+ */
+
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.lang.reflect.Array;
+import java.util.Vector;
+
+/**
+ * Testing class for the class ArgParser. Executing the <code>main</code> method of this class will perform a suite of
+ * tests to help verify correct
+ * operation of the parser class.
+ *
+ * @author John E. Lloyd, Fall 2004
+ * @see ArgParser
+ */
+public class ArgParserTest {
+ ArgParser parser;
+
+ static final boolean CLOSED = true;
+ static final boolean OPEN = false;
+
+ static final boolean ONE_WORD = true;
+ static final boolean MULTI_WORD = false;
+
+ private static void verify(boolean ok, String msg) {
+ if (!ok) {
+ Throwable e = new Throwable();
+ System.out.println("Verification failed:" + msg);
+ e.printStackTrace();
+ System.exit(1);
+ }
+ }
+
+ private static String[] argsFromString(String s) {
+ Vector<String> vec = new Vector<String>(100);
+ try {
+ ArgParser.stringToArgs(vec, s, /*allowQuotedStings=*/false);
+ } catch (StringScanException e) {
+ e.printStackTrace();
+ System.exit(1);
+ }
+ String[] result = new String[vec.size()];
+ for (int i = 0; i < vec.size(); i++) {
+ result[i] = (String) vec.get(i);
+ }
+ return result;
+ }
+
+ static class RngCheck {
+ ArgParser.RangePnt low = null;
+ ArgParser.RangePnt high = null;
+ int type;
+
+ RngCheck(String s) {
+ low = new ArgParser.RangePnt(s, CLOSED);
+ type = 's';
+ }
+
+ RngCheck(double d) {
+ low = new ArgParser.RangePnt(d, CLOSED);
+ type = 'd';
+ }
+
+ RngCheck(long l) {
+ low = new ArgParser.RangePnt(l, CLOSED);
+ type = 'l';
+ }
+
+ RngCheck(boolean b) {
+ low = new ArgParser.RangePnt(b, CLOSED);
+ type = 'b';
+ }
+
+ RngCheck(String s1, boolean c1, String s2, boolean c2) {
+ low = new ArgParser.RangePnt(s1, c1);
+ high = new ArgParser.RangePnt(s2, c2);
+ type = 's';
+ }
+
+ RngCheck(double d1, boolean c1, double d2, boolean c2) {
+ low = new ArgParser.RangePnt(d1, c1);
+ high = new ArgParser.RangePnt(d2, c2);
+ type = 'd';
+ }
+
+ RngCheck(long l1, boolean c1, long l2, boolean c2) {
+ low = new ArgParser.RangePnt(l1, c1);
+ high = new ArgParser.RangePnt(l2, c2);
+ type = 'l';
+ }
+
+ void check(ArgParser.RangeAtom ra) {
+ verify((ra.low == null) == (low == null),
+ "(ra.low==null)=" + (ra.low == null) +
+ "(low==null)=" + (low == null));
+ verify((ra.high == null) == (high == null),
+ "(ra.high==null)=" + (ra.high == null) +
+ "(high==null)=" + (high == null));
+
+ if (ra.low != null) {
+ switch (type) {
+ case 'l': {
+ verify(ra.low.lval == low.lval,
+ "ra.low=" + ra.low + " low=" + low);
+ break;
+ }
+ case 'd': {
+ verify(ra.low.dval == low.dval,
+ "ra.low=" + ra.low + " low=" + low);
+ break;
+ }
+ case 's': {
+ verify(ra.low.sval.equals(low.sval),
+ "ra.low=" + ra.low + " low=" + low);
+ break;
+ }
+ case 'b': {
+ verify(ra.low.bval == low.bval,
+ "ra.low=" + ra.low + " low=" + low);
+ break;
+ }
+ }
+ verify(ra.low.closed == low.closed,
+ "ra.low=" + ra.low + " low=" + low);
+ }
+ if (ra.high != null) {
+ switch (type) {
+ case 'l': {
+ verify(ra.high.lval == high.lval,
+ "ra.high=" + ra.high + " high=" + high);
+ break;
+ }
+ case 'd': {
+ verify(ra.high.dval == high.dval,
+ "ra.high=" + ra.high + " high=" + high);
+ break;
+ }
+ case 's': {
+ verify(ra.high.sval.equals(high.sval),
+ "ra.high=" + ra.high + " high=" + high);
+ break;
+ }
+ case 'b': {
+ verify(ra.high.bval == high.bval,
+ "ra.high=" + ra.high + " high=" + high);
+ break;
+ }
+ }
+ verify(ra.high.closed == high.closed,
+ "ra.high=" + ra.high + " high=" + high);
+ }
+ }
+ }
+
+ ArgParserTest() {
+ parser = new ArgParser("fubar");
+ }
+
+ static void checkException(Exception e, String errmsg) {
+ if (errmsg != null) {
+ if (!e.getMessage().equals(errmsg)) {
+ System.out.println(
+ "Expecting exception '" + errmsg + "' but got '" +
+ e.getMessage() + "'");
+ e.printStackTrace();
+ (new Throwable()).printStackTrace();
+ System.exit(1);
+ }
+ } else {
+ System.out.println(
+ "Unexpected exception '" + e.getMessage() + "'");
+ e.printStackTrace();
+ (new Throwable()).printStackTrace();
+ System.exit(1);
+ }
+ }
+
+ void checkPrintHelp(String msg) {
+ ByteArrayOutputStream buf = new ByteArrayOutputStream(0x10000);
+ PrintStream ps = new PrintStream(buf);
+ ps.println(parser.getHelpMessage());
+ System.out.print(buf.toString());
+ }
+
+ // void checkGetSynopsis (String msg)
+ // {
+ // ByteArrayOutputStream buf = new ByteArrayOutputStream(0x10000);
+ // PrintStream ps = new PrintStream(buf);
+ // parser.printSynopsis (ps, 80);
+ // System.out.print (buf.toString());
+ // }
+
+ void checkAdd(String s, Object resHolder, String errmsg) {
+ checkAdd(s, resHolder, 0, 0, null, null, null, errmsg);
+ }
+
+ void add(String s, Object resHolder) {
+ try {
+ parser.addOption(s, resHolder);
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.exit(1);
+ }
+ }
+
+ void checkStringArray(String msg, String[] strs, String[] check) {
+ boolean dontMatch = false;
+ if (strs.length != check.length) {
+ dontMatch = true;
+ } else {
+ for (int i = 0; i < strs.length; i++) {
+ if (!strs[i].equals(check[i])) {
+ dontMatch = true;
+ break;
+ }
+ }
+ }
+ if (dontMatch) {
+ System.out.println(msg);
+ System.out.print("Expected: ");
+ for (int i = 0; i < check.length; i++) {
+ System.out.print("'" + check[i] + "'");
+ if (i < check.length - 1) {
+ System.out.print(" ");
+ }
+ }
+ System.out.println("");
+ System.out.print("Got: ");
+ for (int i = 0; i < strs.length; i++) {
+ System.out.print("'" + strs[i] + "'");
+ if (i < strs.length - 1) {
+ System.out.print(" ");
+ }
+ }
+ System.out.println("");
+ System.exit(1);
+ }
+ }
+
+ void checkAdd(String s, Object resHolder, int code, int numValues,
+ Object names, RngCheck[] rngCheck,
+ String helpMsg, String errmsg) {
+ boolean exceptionThrown = false;
+ String[] namelist = null;
+ try {
+ parser.addOption(s, resHolder);
+ } catch (Exception e) {
+ exceptionThrown = true;
+ checkException(e, errmsg);
+ }
+ if (names instanceof String) {
+ namelist = new String[] { (String) names };
+ } else {
+ namelist = (String[]) names;
+ }
+ if (!exceptionThrown) {
+ verify(errmsg == null,
+ "Expecting exception " + errmsg);
+ ArgParser.Record rec = parser.lastMatchRecord();
+ verify(rec.convertCode == code,
+ "code=" + rec.convertCode + ", expecting " + code);
+ ArgParser.NameDesc nd;
+ int i = 0;
+ for (nd = rec.firstNameDesc(); nd != null; nd = nd.next) {
+ i++;
+ }
+ verify(i == namelist.length,
+ "numNames=" + i + ", expecting " + namelist.length);
+ i = 0;
+ for (nd = rec.firstNameDesc(); nd != null; nd = nd.next) {
+ String ss;
+ if (!nd.oneWord) {
+ ss = new String(nd.name) + ' ';
+ } else {
+ ss = nd.name;
+ }
+ verify(ss.equals(namelist[i]),
+ "have name '" + ss + "', expecting '" + namelist[i] + "'");
+ i++;
+ }
+ ArgParser.RangeAtom ra;
+ i = 0;
+ for (ra = rec.firstRangeAtom(); ra != null; ra = ra.next) {
+ i++;
+ }
+ int expectedRangeNum = 0;
+ if (rngCheck != null) {
+ expectedRangeNum = rngCheck.length;
+ }
+ verify(i == expectedRangeNum,
+ "numRangeAtoms=" + i + ", expecting " + expectedRangeNum);
+ i = 0;
+ for (ra = rec.firstRangeAtom(); ra != null; ra = ra.next) {
+ rngCheck[i++].check(ra);
+ }
+ verify(rec.helpMsg.equals(helpMsg),
+ "helpMsg=" + rec.helpMsg + ", expecting " + helpMsg);
+ verify(rec.numValues == numValues,
+ "numValues=" + rec.numValues + ", expecting " + numValues);
+ }
+ }
+
+ double getDoubleValue(Object obj, int k) {
+ if (obj instanceof DoubleHolder) {
+ return ((DoubleHolder) obj).value;
+ } else if (obj instanceof FloatHolder) {
+ return ((FloatHolder) obj).value;
+ } else if (obj instanceof double[]) {
+ return ((double[]) obj)[k];
+ } else if (obj instanceof float[]) {
+ return ((float[]) obj)[k];
+ } else {
+ verify(false, "object doesn't contain double values");
+ return 0;
+ }
+ }
+
+ long getLongValue(Object obj, int k) {
+ if (obj instanceof LongHolder) {
+ return ((LongHolder) obj).value;
+ } else if (obj instanceof IntHolder) {
+ return ((IntHolder) obj).value;
+ } else if (obj instanceof long[]) {
+ return ((long[]) obj)[k];
+ } else if (obj instanceof int[]) {
+ return ((int[]) obj)[k];
+ } else {
+ verify(false, "object doesn't contain long values");
+ return 0;
+ }
+ }
+
+ String getStringValue(Object obj, int k) {
+ if (obj instanceof StringHolder) {
+ return ((StringHolder) obj).value;
+ } else if (obj instanceof String[]) {
+ return ((String[]) obj)[k];
+ } else {
+ verify(false, "object doesn't contain String values");
+ return null;
+ }
+ }
+
+ boolean getBooleanValue(Object obj, int k) {
+ if (obj instanceof BooleanHolder) {
+ return ((BooleanHolder) obj).value;
+ } else if (obj instanceof boolean[]) {
+ return ((boolean[]) obj)[k];
+ } else {
+ verify(false, "object doesn't contain boolean values");
+ return false;
+ }
+ }
+
+ char getCharValue(Object obj, int k) {
+ if (obj instanceof CharHolder) {
+ return ((CharHolder) obj).value;
+ } else if (obj instanceof char[]) {
+ return ((char[]) obj)[k];
+ } else {
+ verify(false, "object doesn't contain char values");
+ return 0;
+ }
+ }
+
+ static class MErr {
+ int code;
+ String valStr;
+
+ MErr(int code, String valStr) {
+ this.code = code;
+ this.valStr = valStr;
+ }
+ }
+
+ static class MTest {
+ String args;
+ Object result;
+ int resultIdx;
+
+ MTest(String args, Object result) {
+ this(args, result, -1);
+ }
+
+ MTest(String args, Object result, int resultIdx) {
+ this.args = args;
+ this.result = result;
+ this.resultIdx = resultIdx;
+ }
+ };
+
+ void checkMatch(String args[], int idx, String errMsg) {
+ getMatchResult(args, idx, -1, errMsg, -1);
+ }
+
+ void checkMatch(String args[], int idx, int cnt,
+ long check, int resultIdx) {
+ Object rholder = getMatchResult(args, idx, cnt, null, resultIdx);
+ long result = getLongValue(rholder, 0);
+ verify(result == check, "result " + result + " vs. " + check);
+ }
+
+ void checkMatch(String args[], int idx, int cnt,
+ double check, int resultIdx) {
+ Object rholder = getMatchResult(args, idx, cnt, null, resultIdx);
+ double result = getDoubleValue(rholder, 0);
+ verify(result == check, "result " + result + " vs. " + check);
+ }
+
+ void checkMatch(String args[], int idx, int cnt,
+ String check, int resultIdx) {
+ Object rholder = getMatchResult(args, idx, cnt, null, resultIdx);
+ String result = getStringValue(rholder, 0);
+ verify(result.equals(check), "result " + result + " vs. " + check);
+ }
+
+ void checkMatch(String args[], int idx, int cnt,
+ boolean check, int resultIdx) {
+ Object rholder = getMatchResult(args, idx, cnt, null, resultIdx);
+ boolean result = getBooleanValue(rholder, 0);
+ verify(result == check, "result " + result + " vs. " + check);
+ }
+
+ void checkMatch(String args[], int idx, int cnt,
+ char check, int resultIdx) {
+ Object rholder = getMatchResult(args, idx, cnt, null, resultIdx);
+ char result = getCharValue(rholder, 0);
+ verify(result == check, "result " + result + " vs. " + check);
+ }
+
+ void checkMatch(String args[], int idx, int cnt,
+ Object checkArray, int resultIdx) {
+ Object rholder = getMatchResult(args, idx, cnt, null, resultIdx);
+ if (!checkArray.getClass().isArray()) {
+ verify(false, "check is not an array");
+ }
+ for (int i = 0; i < Array.getLength(checkArray); i++) {
+ if (checkArray instanceof long[]) {
+ long result = getLongValue(rholder, i);
+ long check = ((long[]) checkArray)[i];
+ verify(result == check,
+ "result [" + i + "] " + result + " vs. " + check);
+ } else if (checkArray instanceof double[]) {
+ double result = getDoubleValue(rholder, i);
+ double check = ((double[]) checkArray)[i];
+ verify(result == check,
+ "result [" + i + "] " + result + " vs. " + check);
+ } else if (checkArray instanceof String[]) {
+ String result = getStringValue(rholder, i);
+ String check = ((String[]) checkArray)[i];
+ verify(result.equals(check),
+ "result [" + i + "] " + result + " vs. " + check);
+ } else if (checkArray instanceof boolean[]) {
+ boolean result = getBooleanValue(rholder, i);
+ boolean check = ((boolean[]) checkArray)[i];
+ verify(result == check,
+ "result [" + i + "] " + result + " vs. " + check);
+ } else if (checkArray instanceof char[]) {
+ char result = getCharValue(rholder, i);
+ char check = ((char[]) checkArray)[i];
+ verify(result == check,
+ "result [" + i + "] " + result + " vs. " + check);
+ } else {
+ verify(false, "unknown type for checkArray");
+ }
+ }
+ }
+
+ void checkMatch(MTest test, boolean oneWord) {
+ String[] argv;
+ if (oneWord) {
+ argv = new String[1];
+ argv[0] = test.args;
+ } else {
+ argv = argsFromString(test.args);
+ }
+ if (test.result instanceof Long) {
+ checkMatch(argv, 0, argv.length,
+ ((Long) test.result).longValue(),
+ test.resultIdx);
+ } else if (test.result instanceof Double) {
+ checkMatch(argv, 0, argv.length,
+ ((Double) test.result).doubleValue(),
+ test.resultIdx);
+ } else if (test.result instanceof String) {
+ checkMatch(argv, 0, argv.length,
+ (String) test.result,
+ test.resultIdx);
+ } else if (test.result instanceof Boolean) {
+ checkMatch(argv, 0, argv.length,
+ ((Boolean) test.result).booleanValue(),
+ test.resultIdx);
+ } else if (test.result instanceof Character) {
+ checkMatch(argv, 0, argv.length,
+ ((Character) test.result).charValue(),
+ test.resultIdx);
+ } else if (test.result.getClass().isArray()) {
+ checkMatch(argv, 0, argv.length, test.result,
+ test.resultIdx);
+ } else if (test.result instanceof MErr) {
+ MErr err = (MErr) test.result;
+ String argname = parser.getOptionName(argv[0]);
+ String msg = "";
+
+ switch (err.code) {
+ case 'c': {
+ msg = "requires a contiguous value";
+ break;
+ }
+ case 'm': {
+ msg = "malformed " + parser.getOptionTypeName(argv[0]) +
+ " '" + err.valStr + "'";
+ break;
+ }
+ case 'r': {
+ msg = "value '" + err.valStr + "' not in range " +
+ parser.getOptionRangeDesc(argv[0]);
+ break;
+ }
+ case 'v': {
+ msg = "requires " + err.valStr + " values";
+ break;
+ }
+ }
+ checkMatch(argv, 0, argname + ": " + msg);
+ } else {
+ verify(false, "Unknown result type");
+ }
+ }
+
+ void checkMatches(MTest[] tests, boolean oneWord) {
+ for (int i = 0; i < tests.length; i++) {
+ checkMatch(tests[i], oneWord);
+ }
+ }
+
+ Object getMatchResult(String args[], int idx, int cnt,
+ String errMsg, int resultIdx) {
+ boolean exceptionThrown = false;
+ int k = 0;
+ try {
+ k = parser.matchArg(args, idx);
+ } catch (Exception e) {
+ exceptionThrown = true;
+ checkException(e, errMsg);
+ }
+ if (!exceptionThrown) {
+ verify(k == idx + cnt,
+ "Expecting result index " + (idx + cnt) + ", got " + k);
+ Object result = parser.getResultHolder(args[0]);
+ if (resultIdx >= 0) {
+ verify(result instanceof Vector,
+ "Expecting result to be stored in a vector");
+ Vector<?> vec = (Vector<?>) result;
+ verify(vec.size() == resultIdx + 1,
+ "Expecting result vector size " + (resultIdx + 1));
+ return vec.get(resultIdx);
+ } else {
+ return result;
+ }
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Runs a set of tests to verify correct operation of the
+ * ArgParser class. If all the tests run correctly, the
+ * program prints the message <code>Passed</code> and terminates.
+ * Otherwise, diagnostic information is printed at the first
+ * point of failure.
+ */
+ public static void main(String[] args) {
+ ArgParserTest test = new ArgParserTest();
+
+ BooleanHolder bh = new BooleanHolder();
+ boolean[] b3 = new boolean[3];
+ CharHolder ch = new CharHolder();
+ char[] c3 = new char[3];
+ IntHolder ih = new IntHolder();
+ int[] i3 = new int[3];
+ LongHolder lh = new LongHolder();
+ long[] l3 = new long[3];
+ FloatHolder fh = new FloatHolder();
+ float[] f3 = new float[3];
+ DoubleHolder dh = new DoubleHolder();
+ double[] d3 = new double[3];
+ StringHolder sh = new StringHolder();
+ String[] s3 = new String[3];
+
+ test.checkAdd("-foo %i{[0,10)}X3 #sets the value of foo",
+ // 0123456789012345
+ i3, 'i', 3, new String[] { "-foo " },
+ new RngCheck[] {
+ new RngCheck(0, CLOSED, 10, OPEN) },
+ "sets the value of foo", null);
+
+ test.checkAdd("-arg1,,", null, "Null option name given");
+ test.checkAdd("-arg1,,goo %f ", null, "Null option name given");
+ test.checkAdd(" ", null, "Null option name given");
+ test.checkAdd("", null, "Null option name given");
+ test.checkAdd(" %v", null, "Null option name given");
+ test.checkAdd("-foo ", null, "No conversion character given");
+ test.checkAdd("-foo %", null, "No conversion character given");
+ test.checkAdd("foo, aaa bbb ", null, "Names not separated by ','");
+ test.checkAdd(" foo aaa %d", null, "Names not separated by ','");
+ test.checkAdd("-arg1,-b,", null, "Null option name given");
+ test.checkAdd("-arg1,-b", null, "No conversion character given");
+ test.checkAdd("-arg1 ", null, "No conversion character given");
+ test.checkAdd("-arg1, %v", null, "Null option name given");
+ test.checkAdd("-arg1,%v", null, "Null option name given");
+ test.checkAdd("-foo %V", null,
+ "Conversion code 'V' not one of 'iodxcbfsvh'");
+ test.checkAdd("-h %hX5", null, "Multipliers not supported for %h");
+ test.checkAdd("-h %h{}", null, "Ranges not supported for %h");
+ test.checkAdd("-help, -h %h #here is how we help you",
+ null, 'h', 1, new String[] { "-help ", "-h " },
+ null, "here is how we help you", null);
+
+ test.checkAdd(
+ "-arg1 ,-arg2=%d{0,3,(7,16]}X1 #x3 test",
+ l3, 'd', 1, new String[] { "-arg1 ", "-arg2=" },
+ new RngCheck[]
+ { new RngCheck(0),
+ new RngCheck(3),
+ new RngCheck(7, OPEN, 16, CLOSED),
+ },
+ "x3 test", null);
+
+ test.checkAdd(
+ "bbb,ccc%x{[1,2]} #X3 x3 test",
+ l3, 'x', 1, new String[] { "bbb", "ccc" },
+ new RngCheck[]
+ { new RngCheck(1, CLOSED, 2, CLOSED),
+ },
+ "X3 x3 test", null);
+
+ test.checkAdd(
+ " bbb ,ccc, ddd ,e , f=%bX1 #x3 test",
+ b3, 'b', 1, new String[] { "bbb ", "ccc", "ddd ", "e ", "f=" },
+ null,
+ "x3 test", null);
+
+ test.checkAdd(
+ " bbb ,ccc, ddd ,e , f= %bX3 #x3 test",
+ b3, 'b', 3, new String[] { "bbb ", "ccc ", "ddd ", "e ", "f= " },
+ null,
+ "x3 test", null);
+
+ test.checkAdd(
+ "-b,--bar %s{[\"john\",\"jerry\"),fred,\"harry\"} #sets bar",
+ sh, 's', 1, new String[] { "-b ", "--bar " },
+ new RngCheck[] {
+ new RngCheck("jerry", OPEN, "john", CLOSED),
+ new RngCheck("fred"),
+ new RngCheck("harry") },
+ "sets bar", null);
+
+ test.checkAdd(
+ "-c ,coven%f{0.0,9.0,(6,5],[-9.1,10.2]} ",
+ dh, 'f', 1, new String[] { "-c ", "coven" },
+ new RngCheck[] {
+ new RngCheck(0.0),
+ new RngCheck(9.0),
+ new RngCheck(5.0, CLOSED, 6.0, OPEN),
+ new RngCheck(-9.1, CLOSED, 10.2, CLOSED) },
+ "", null);
+
+ test.checkAdd(
+ "-b %b #a boolean value ",
+ bh, 'b', 1, new String[] { "-b " },
+ new RngCheck[] {},
+ "a boolean value ", null);
+
+ test.checkAdd("-a %i", ih, 'i', 1, "-a ", null, "", null);
+ test.checkAdd("-a %o", lh, 'o', 1, "-a ", null, "", null);
+ test.checkAdd("-a %d", i3, 'd', 1, "-a ", null, "", null);
+ test.checkAdd("-a %x", l3, 'x', 1, "-a ", null, "", null);
+ test.checkAdd("-a %c", ch, 'c', 1, "-a ", null, "", null);
+ test.checkAdd("-a %c", c3, 'c', 1, "-a ", null, "", null);
+ test.checkAdd("-a %v", bh, 'v', 1, "-a ", null, "", null);
+ test.checkAdd("-a %b", b3, 'b', 1, "-a ", null, "", null);
+ test.checkAdd("-a %f", fh, 'f', 1, "-a ", null, "", null);
+ test.checkAdd("-a %f", f3, 'f', 1, "-a ", null, "", null);
+ test.checkAdd("-a %f", dh, 'f', 1, "-a ", null, "", null);
+ test.checkAdd("-a %f", d3, 'f', 1, "-a ", null, "", null);
+
+ test.checkAdd("-a %i", fh, 'i', 1, "-a ", null, "",
+ "Invalid result holder for %i");
+ test.checkAdd("-a %c", i3, 'c', 1, "-a ", null, "",
+ "Invalid result holder for %c");
+ test.checkAdd("-a %v", d3, 'v', 1, "-a ", null, "",
+ "Invalid result holder for %v");
+ test.checkAdd("-a %f", sh, 'f', 1, "-a ", null, "",
+ "Invalid result holder for %f");
+ test.checkAdd("-a %s", l3, 's', 1, "-a ", null, "",
+ "Invalid result holder for %s");
+
+ test.checkAdd("-foo %i{} ", ih, 'i', 1, "-foo ", null, "", null);
+ test.checkAdd("-foo%i{}", ih, 'i', 1, "-foo", null, "", null);
+ test.checkAdd("-foo%i{ }", ih, 'i', 1, "-foo", null, "", null);
+ test.checkAdd("-foo%i{ }}", ih,
+ "Illegal character(s), expecting '#'");
+ test.checkAdd("-foo%i{ ", ih, "Unterminated range specification");
+ test.checkAdd("-foo%i{", ih, "Unterminated range specification");
+ test.checkAdd("-foo%i{0,9", ih, "Unterminated range specification");
+ test.checkAdd("-foo%i{1,2,3)", ih,
+ "Unterminated range specification");
+
+ test.checkAdd("-b %f{0.9}", fh, 'f', 1, "-b ",
+ new RngCheck[] { new RngCheck(0.9) },
+ "", null);
+ test.checkAdd("-b %f{ 0.9 ,7, -0.5,-4 ,6 }", fh, 'f', 1, "-b ",
+ new RngCheck[] { new RngCheck(0.9),
+ new RngCheck(7.0),
+ new RngCheck(-0.5),
+ new RngCheck(-4.0),
+ new RngCheck(6.0) },
+ "", null);
+ test.checkAdd("-b %f{ [0.9,7), (-0.5,-4),[9,6] , (10,13.4] }",
+ fh, 'f', 1, "-b ",
+ new RngCheck[] { new RngCheck(0.9, CLOSED, 7.0, OPEN),
+ new RngCheck(-4.0, OPEN, -.5, OPEN),
+ new RngCheck(6.0, CLOSED, 9.0, CLOSED),
+ new RngCheck(10.0, OPEN, 13.4, CLOSED),
+ },
+ "", null);
+ test.checkAdd("-b %f{(8 9]}", fh,
+ "Missing ',' in subrange specification");
+ test.checkAdd("-b %f{(8,9,]}", fh,
+ "Unterminated subrange");
+ test.checkAdd("-b %f{(8,9 ,]}", fh,
+ "Unterminated subrange");
+ test.checkAdd("-b %f{(8,9 8]}", fh,
+ "Unterminated subrange");
+ test.checkAdd("-b %f{8 9}", fh,
+ "Range spec: ',' or '}' expected");
+ test.checkAdd("-b %f{8 *}", fh,
+ "Range spec: ',' or '}' expected");
+
+ test.checkAdd("-b %f{8y}", fh,
+ "Range spec: ',' or '}' expected");
+ test.checkAdd("-b %f{.}", fh,
+ "Malformed float '.}' in range spec");
+ test.checkAdd("-b %f{1.0e}", fh,
+ "Malformed float '1.0e}' in range spec");
+ test.checkAdd("-b %f{[*]}", fh,
+ "Malformed float '*' in range spec");
+ test.checkAdd("-b %f{1.2e5t}", fh,
+ "Range spec: ',' or '}' expected");
+
+ test.checkAdd("-b %i{8}", ih, 'i', 1, "-b ",
+ new RngCheck[] { new RngCheck(8) },
+ "", null);
+ test.checkAdd("-b %i{8, 9,10 }", ih, 'i', 1, "-b ",
+ new RngCheck[] { new RngCheck(8),
+ new RngCheck(9),
+ new RngCheck(10) },
+ "", null);
+ test.checkAdd("-b %i{8, [-9,10),[-17,15],(2,-33),(8,9] }",
+ ih, 'i', 1, "-b ",
+ new RngCheck[] { new RngCheck(8),
+ new RngCheck(-9, CLOSED, 10, OPEN),
+ new RngCheck(-17, CLOSED, 15, CLOSED),
+ new RngCheck(-33, OPEN, 2, OPEN),
+ new RngCheck(8, OPEN, 9, CLOSED),
+ },
+ "", null);
+ test.checkAdd("-b %i{8.7}", ih,
+ "Range spec: ',' or '}' expected");
+ test.checkAdd("-b %i{6,[*]}", ih,
+ "Malformed integer '*' in range spec");
+ test.checkAdd("-b %i{g76}", ih,
+ "Malformed integer 'g' in range spec");
+
+ test.checkAdd("-b %s{foobar}", sh, 's', 1, "-b ",
+ new RngCheck[] { new RngCheck("foobar") },
+ "", null);
+ test.checkAdd("-b %s{foobar, 0x233,\" \"}", sh, 's', 1, "-b ",
+ new RngCheck[] { new RngCheck("foobar"),
+ new RngCheck("0x233"),
+ new RngCheck(" ") },
+ "", null);
+ test.checkAdd("-b %s{foobar,(bb,aa], [\"01\",02]}",
+ sh, 's', 1, "-b ",
+ new RngCheck[]
+ { new RngCheck("foobar"),
+ new RngCheck("aa", CLOSED, "bb", OPEN),
+ new RngCheck("01", CLOSED, "02", CLOSED),
+ },
+ "", null);
+
+ test.checkAdd("-b %c{'a'}", ch, 'c', 1, "-b ",
+ new RngCheck[] { new RngCheck('a') },
+ "", null);
+ test.checkAdd("-b %c{'\\n', '\\002', 'B'}", ch, 'c', 1, "-b ",
+ new RngCheck[] { new RngCheck('\n'),
+ new RngCheck('\002'),
+ new RngCheck('B') },
+ "", null);
+ test.checkAdd("-b %c{'q',('g','a'], ['\t','\\003']}",
+ ch, 'c', 1, "-b ",
+ new RngCheck[]
+ { new RngCheck('q'),
+ new RngCheck('a', CLOSED, 'g', OPEN),
+ new RngCheck('\003', CLOSED, '\t', CLOSED),
+ },
+ "", null);
+
+ test.checkAdd("-b %b{true}X2", b3, 'b', 2, "-b ",
+ new RngCheck[] { new RngCheck(true) },
+ "", null);
+ test.checkAdd("-b %b{ true , false, true }", bh, 'b', 1, "-b ",
+ new RngCheck[] { new RngCheck(true),
+ new RngCheck(false),
+ new RngCheck(true) },
+ "", null);
+ test.checkAdd("-b %v{true,[true,false)}", bh,
+ "Sub ranges not supported for %b or %v");
+ test.checkAdd("-b %v{true,[]}", bh,
+ "Sub ranges not supported for %b or %v");
+ test.checkAdd("-b %b{tru}", bh,
+ "Malformed boolean 'tru}' in range spec");
+
+ test.checkAdd("-b %iX2", i3, 'i', 2, "-b ", null, "", null);
+ test.checkAdd("-b %vX3", b3, 'v', 3, "-b ", null, "", null);
+ test.checkAdd("-b %v{ }X3", b3, 'v', 3, "-b ", null, "", null);
+
+ test.checkAdd("-b=%iX2", i3, 'i', 2, "-b", null, "",
+ "Multiplier value incompatible with one word option -b=");
+ test.checkAdd("-b %iX0", i3, 'i', 0, "-b ", null, "",
+ "Value multiplier number must be > 0");
+ test.checkAdd("-b %iX-6", i3, 'i', 0, "-b ", null, "",
+ "Value multiplier number must be > 0");
+ test.checkAdd("-b %iXy", i3, 'i', 0, "-b ", null, "",
+ "Malformed value multiplier");
+ test.checkAdd("-b %iX4", i3, 'i', 4, "-b ", null, "",
+ "Result holder array must have a length >= 4");
+ test.checkAdd("-b %iX4", ih, 'i', 4, "-b ", null, "",
+ "Multiplier requires result holder to be an array of length >= 4");
+
+ test.checkAdd("-b %i #X4", ih, 'i', 1, "-b ", null, "X4", null);
+ test.checkAdd("-b %i #[}X4", ih, 'i', 1, "-b ", null, "[}X4", null);
+
+ // test.checkPrintHelp("");
+ // test.checkPrintUsage("");
+
+ test = new ArgParserTest();
+
+ test.checkAdd(
+ "-intarg %i{1,2,(9,18],[22,27],[33,38),(45,48)} #test int arg",
+ ih, 'i', 1, "-intarg ",
+ new RngCheck[]
+ { new RngCheck(1),
+ new RngCheck(2),
+ new RngCheck(9, OPEN, 18, CLOSED),
+ new RngCheck(22, CLOSED, 27, CLOSED),
+ new RngCheck(33, CLOSED, 38, OPEN),
+ new RngCheck(45, OPEN, 48, OPEN),
+ },
+ "test int arg", null);
+
+ MTest[] tests;
+
+ tests = new MTest[]
+ {
+ new MTest("-intarg 1", new Long(1)),
+ new MTest("-intarg 3", new MErr('r', "3")),
+ new MTest("-intarg 9", new MErr('r', "9")),
+ new MTest("-intarg 11", new Long(11)),
+ new MTest("-intarg 18", new Long(18)),
+ new MTest("-intarg 22", new Long(22)),
+ new MTest("-intarg 25", new Long(25)),
+ new MTest("-intarg 27", new Long(27)),
+ new MTest("-intarg 33", new Long(33)),
+ new MTest("-intarg 35", new Long(35)),
+ new MTest("-intarg 38", new MErr('r', "38")),
+ new MTest("-intarg 45", new MErr('r', "45")),
+ new MTest("-intarg 46", new Long(46)),
+ new MTest("-intarg 48", new MErr('r', "48")),
+ new MTest("-intarg 100", new MErr('r', "100")),
+ new MTest("-intarg 0xbeef", new MErr('r', "0xbeef")),
+ new MTest("-intarg 0x2f", new Long(0x2f)),
+ new MTest("-intarg 041", new Long(041)),
+ };
+ test.checkMatches(tests, MULTI_WORD);
+
+ test.checkAdd(
+ "-farg %f{1,2,(9,18],[22,27],[33,38),(45,48)} #test float arg",
+ dh, 'f', 1, "-farg ",
+ new RngCheck[]
+ {
+ new RngCheck(1.0),
+ new RngCheck(2.0),
+ new RngCheck(9.0, OPEN, 18.0, CLOSED),
+ new RngCheck(22.0, CLOSED, 27.0, CLOSED),
+ new RngCheck(33.0, CLOSED, 38.0, OPEN),
+ new RngCheck(45.0, OPEN, 48.0, OPEN),
+ },
+ "test float arg", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-farg 1", new Double(1)),
+ new MTest("-farg 3", new MErr('r', "3")),
+ new MTest("-farg 9", new MErr('r', "9")),
+ new MTest("-farg 9.0001", new Double(9.0001)),
+ new MTest("-farg 11", new Double(11)),
+ new MTest("-farg 18", new Double(18)),
+ new MTest("-farg 22", new Double(22)),
+ new MTest("-farg 25", new Double(25)),
+ new MTest("-farg 27", new Double(27)),
+ new MTest("-farg 33", new Double(33)),
+ new MTest("-farg 35", new Double(35)),
+ new MTest("-farg 37.9999", new Double(37.9999)),
+ new MTest("-farg 38", new MErr('r', "38")),
+ new MTest("-farg 45", new MErr('r', "45")),
+ new MTest("-farg 45.0001", new Double(45.0001)),
+ new MTest("-farg 46", new Double(46)),
+ new MTest("-farg 47.9999", new Double(47.9999)),
+ new MTest("-farg 48", new MErr('r', "48")),
+ new MTest("-farg 100", new MErr('r', "100")),
+ new MTest("-farg 0", new MErr('r', "0")),
+ };
+ test.checkMatches(tests, MULTI_WORD);
+
+ test.checkAdd(
+ "-sarg %s{1,2,(AA,AZ],[BB,BX],[C3,C8),(d5,d8)} #test string arg",
+ s3, 's', 1, "-sarg ",
+ new RngCheck[]
+ { new RngCheck("1"),
+ new RngCheck("2"),
+ new RngCheck("AA", OPEN, "AZ", CLOSED),
+ new RngCheck("BB", CLOSED, "BX", CLOSED),
+ new RngCheck("C3", CLOSED, "C8", OPEN),
+ new RngCheck("d5", OPEN, "d8", OPEN),
+ },
+ "test string arg", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-sarg 1", "1"),
+ new MTest("-sarg 3", new MErr('r', "3")),
+ new MTest("-sarg AA", new MErr('r', "AA")),
+ new MTest("-sarg AM", "AM"),
+ new MTest("-sarg AZ", "AZ"),
+ new MTest("-sarg BB", "BB"),
+ new MTest("-sarg BL", "BL"),
+ new MTest("-sarg BX", "BX"),
+ new MTest("-sarg C3", "C3"),
+ new MTest("-sarg C6", "C6"),
+ new MTest("-sarg C8", new MErr('r', "C8")),
+ new MTest("-sarg d5", new MErr('r', "d5")),
+ new MTest("-sarg d6", "d6"),
+ new MTest("-sarg d8", new MErr('r', "d8")),
+ new MTest("-sarg zzz", new MErr('r', "zzz")),
+ new MTest("-sarg 0", new MErr('r', "0")),
+ };
+ test.checkMatches(tests, MULTI_WORD);
+
+ test = new ArgParserTest();
+
+ test.checkAdd(
+ "-carg %c{1,2,(a,z],['A','Z'],['\\001',\\007),(4,8)}",
+ c3, 'c', 1, "-carg ",
+ new RngCheck[]
+ { new RngCheck('1'),
+ new RngCheck('2'),
+ new RngCheck('a', OPEN, 'z', CLOSED),
+ new RngCheck('A', CLOSED, 'Z', CLOSED),
+ new RngCheck('\001', CLOSED, '\007', OPEN),
+ new RngCheck('4', OPEN, '8', OPEN),
+ },
+ "", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-carg 1", new Character('1')),
+ new MTest("-carg 3", new MErr('r', "3")),
+ new MTest("-carg a", new MErr('r', "a")),
+ new MTest("-carg m", new Character('m')),
+ new MTest("-carg z", new Character('z')),
+ new MTest("-carg A", new Character('A')),
+ new MTest("-carg 'L'", new Character('L')),
+ new MTest("-carg 'Z'", new Character('Z')),
+ new MTest("-carg \\001", new Character('\001')),
+ new MTest("-carg \\005", new Character('\005')),
+ new MTest("-carg '\\007'", new MErr('r', "'\\007'")),
+ new MTest("-carg '4'", new MErr('r', "'4'")),
+ new MTest("-carg 6", new Character('6')),
+ new MTest("-carg 8", new MErr('r', "8")),
+ new MTest("-carg '\\012'", new MErr('r', "'\\012'")),
+ new MTest("-carg 0", new MErr('r', "0")),
+ };
+ test.checkMatches(tests, MULTI_WORD);
+
+ test.checkAdd(
+ "-foo=%i{[-50,100]}", ih, 'i', 1, "-foo=",
+ new RngCheck[]
+ { new RngCheck(-50, CLOSED, 100, CLOSED),
+ },
+ "", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-foo=-51", new MErr('r', "-51")),
+ new MTest("-foo=-0x32", new Long(-0x32)),
+ new MTest("-foo=-0x33", new MErr('r', "-0x33")),
+ new MTest("-foo=-0777", new MErr('r', "-0777")),
+ new MTest("-foo=-07", new Long(-07)),
+ new MTest("-foo=0", new Long(0)),
+ new MTest("-foo=100", new Long(100)),
+ new MTest("-foo=0x5e", new Long(0x5e)),
+ new MTest("-foo=066", new Long(066)),
+ new MTest("-foo=06677", new MErr('r', "06677")),
+ new MTest("-foo=0xbeef", new MErr('r', "0xbeef")),
+ new MTest("-foo=foo", new MErr('m', "foo")),
+ new MTest("-foo=-51d", new MErr('m', "-51d")),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-foo2=%i", ih, 'i', 1, "-foo2=", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-foo2=-51", new Long(-51)),
+ new MTest("-foo2=-0x33", new Long(-0x33)),
+ new MTest("-foo2=-0777", new Long(-0777)),
+ new MTest("-foo2=06677", new Long(06677)),
+ new MTest("-foo2=0xbeef", new Long(0xbeef)),
+ new MTest("-foo2=foo", new MErr('m', "foo")),
+ new MTest("-foo2=-51d", new MErr('m', "-51d")),
+ new MTest("-foo2=-51", new Long(-51)),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-foo3 %iX3", i3, 'i', 3, "-foo3 ", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-foo3 -51 678 0x45",
+ new long[] { -51, 678, 0x45 }),
+ new MTest("-foo3 55 16f 55", new MErr('m', "16f")),
+ new MTest("-foo3 55 16", new MErr('v', "3")),
+ };
+ test.checkMatches(tests, MULTI_WORD);
+
+ Vector<String> vec = new Vector<String>(100);
+
+ test.checkAdd("-foov3 %iX3", vec, 'i', 3, "-foov3 ", null, "", null);
+ tests = new MTest[]
+ { new MTest("-foov3 -1 2 4", new long[] { -1, 2, 4 }, 0),
+ new MTest("-foov3 10 3 9", new long[] { 10, 3, 9 }, 1),
+ new MTest("-foov3 123 1 0", new long[] { 123, 1, 0 }, 2),
+ };
+ vec.clear();
+ test.checkMatches(tests, MULTI_WORD);
+ test.checkAdd("-foov %i", vec, 'i', 1, "-foov ", null, "", null);
+ tests = new MTest[]
+ { new MTest("-foov 11", new Long(11), 0),
+ new MTest("-foov 12", new Long(12), 1),
+ new MTest("-foov 13", new Long(13), 2),
+ };
+ vec.clear();
+ test.checkMatches(tests, MULTI_WORD);
+
+ test.checkAdd(
+ "-foo4 %i{[-50,100]}X2", i3, 'i', 2, "-foo4 ",
+ new RngCheck[]
+ { new RngCheck(-50, CLOSED, 100, CLOSED),
+ },
+ "", null);
+ tests = new MTest[]
+ {
+ new MTest("-foo4 -49 78",
+ new long[] { -49, 78 }),
+ new MTest("-foo4 -48 102", new MErr('r', "102")),
+ };
+ test.checkMatches(tests, MULTI_WORD);
+
+ test.checkAdd(
+ "-oct=%o{[-062,0144]}", ih, 'o', 1, "-oct=",
+ new RngCheck[]
+ { new RngCheck(-50, CLOSED, 100, CLOSED),
+ },
+ "", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-oct=-063", new MErr('r', "-063")),
+ new MTest("-oct=-0x32", new MErr('m', "-0x32")),
+ new MTest("-oct=-0777", new MErr('r', "-0777")),
+ new MTest("-oct=-07", new Long(-07)),
+ new MTest("-oct=0", new Long(0)),
+ new MTest("-oct=100", new Long(64)),
+ new MTest("-oct=0xae", new MErr('m', "0xae")),
+ new MTest("-oct=66", new Long(066)),
+ new MTest("-oct=06677", new MErr('r', "06677")),
+ new MTest("-oct=0xbeef", new MErr('m', "0xbeef")),
+ new MTest("-oct=foo", new MErr('m', "foo")),
+ new MTest("-oct=-51d", new MErr('m', "-51d")),
+ new MTest("-oct=78", new MErr('m', "78")),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-oct2=%o", ih, 'o', 1, "-oct2=", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-oct2=-063", new Long(-063)),
+ new MTest("-oct2=-0777", new Long(-0777)),
+ new MTest("-oct2=06677", new Long(06677)),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd(
+ "-dec=%d{[-0x32,0x64]}", ih, 'd', 1, "-dec=",
+ new RngCheck[]
+ { new RngCheck(-50, CLOSED, 100, CLOSED),
+ },
+ "", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-dec=-063", new MErr('r', "-063")),
+ new MTest("-dec=-0x32", new MErr('m', "-0x32")),
+ new MTest("-dec=-0777", new MErr('r', "-0777")),
+ new MTest("-dec=-07", new Long(-07)),
+ new MTest("-dec=0", new Long(0)),
+ new MTest("-dec=100", new Long(100)),
+ new MTest("-dec=0xae", new MErr('m', "0xae")),
+ new MTest("-dec=66", new Long(66)),
+ new MTest("-dec=06677", new MErr('r', "06677")),
+ new MTest("-dec=0xbeef", new MErr('m', "0xbeef")),
+ new MTest("-dec=foo", new MErr('m', "foo")),
+ new MTest("-dec=-51d", new MErr('m', "-51d")),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-dec2=%d", ih, 'd', 1, "-dec2=", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-dec2=-063", new Long(-63)),
+ new MTest("-dec2=-0777", new Long(-777)),
+ new MTest("-dec2=06677", new Long(6677)),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd(
+ "-hex=%x{[-0x32,0x64]}", ih, 'x', 1, "-hex=",
+ new RngCheck[]
+ { new RngCheck(-50, CLOSED, 100, CLOSED),
+ },
+ "", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-hex=-06", new Long(-0x6)),
+ new MTest("-hex=-0x3g2", new MErr('m', "-0x3g2")),
+ new MTest("-hex=-0777", new MErr('r', "-0777")),
+ new MTest("-hex=-017", new Long(-0x17)),
+ new MTest("-hex=0", new Long(0)),
+ new MTest("-hex=64", new Long(0x64)),
+ new MTest("-hex=5e", new Long(0x5e)),
+ new MTest("-hex=66", new MErr('r', "66")),
+ new MTest("-hex=06677", new MErr('r', "06677")),
+ new MTest("-hex=0xbeef", new MErr('m', "0xbeef")),
+ new MTest("-hex=foo", new MErr('m', "foo")),
+ new MTest("-hex=-51d", new MErr('r', "-51d")),
+ new MTest("-hex=-51g", new MErr('m', "-51g")),
+ new MTest("-hex=", new MErr('c', "")),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-hex2=%x", ih, 'x', 1, "-hex2=", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-hex2=-0777", new Long(-0x777)),
+ new MTest("-hex2=66", new Long(0x66)),
+ new MTest("-hex2=06677", new Long(0x6677)),
+ new MTest("-hex2=-51d", new Long(-0x51d)),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd(
+ "-char=%c{['b','m']}", ch, 'c', 1, "-char=",
+ new RngCheck[]
+ { new RngCheck('b', CLOSED, 'm', CLOSED),
+ },
+ "", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-char=a", new MErr('r', "a")),
+ new MTest("-char=b", new Character('b')),
+ new MTest("-char='b'", new Character('b')),
+ new MTest("-char='\142'", new Character('b')),
+ new MTest("-char='\141'", new MErr('r', "'\141'")),
+ new MTest("-char=\142", new Character('b')),
+ new MTest("-char=\141", new MErr('r', "\141")),
+ new MTest("-char=m", new Character('m')),
+ new MTest("-char=z", new MErr('r', "z")),
+ new MTest("-char=bb", new MErr('m', "bb")),
+ new MTest("-char='b", new MErr('m', "'b")),
+ new MTest("-char='", new MErr('m', "'")),
+ new MTest("-char=a'", new MErr('m', "a'")),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-char2=%c", ch, 'c', 1, "-char2=", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-char2=a", new Character('a')),
+ new MTest("-char2='\141'", new Character('\141')),
+ new MTest("-char2=\141", new Character('\141')),
+ new MTest("-char2=z", new Character('z')),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-charv3 %cX3", vec, 'c', 3, "-charv3 ", null, "", null);
+ tests = new MTest[]
+ { new MTest("-charv3 a b c", new char[] { 'a', 'b', 'c' }, 0),
+ new MTest("-charv3 'g' f '\\n'", new char[] { 'g', 'f', '\n' }, 1),
+ new MTest("-charv3 1 \001 3", new char[] { '1', '\001', '3' }, 2),
+ };
+ vec.clear();
+ test.checkMatches(tests, MULTI_WORD);
+ test.checkAdd("-charv=%c", vec, 'c', 1, "-charv=", null, "", null);
+ tests = new MTest[]
+ { new MTest("-charv=d", new Character('d'), 0),
+ new MTest("-charv='g'", new Character('g'), 1),
+ new MTest("-charv=\111", new Character('\111'), 2),
+ };
+ vec.clear();
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd(
+ "-bool=%b{true}", bh, 'b', 1, "-bool=",
+ new RngCheck[]
+ { new RngCheck(true),
+ },
+ "", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-bool=true", new Boolean(true)),
+ new MTest("-bool=false", new MErr('r', "false")),
+ new MTest("-bool=fals", new MErr('m', "fals")),
+ new MTest("-bool=falsem", new MErr('m', "falsem")),
+ new MTest("-bool=truex", new MErr('m', "truex")),
+ new MTest("-bool=foo", new MErr('m', "foo")),
+ new MTest("-bool=1", new MErr('m', "1")),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd(
+ "-boo2=%b{true,false}", bh, 'b', 1, "-boo2=",
+ new RngCheck[]
+ { new RngCheck(true),
+ new RngCheck(false),
+ },
+ "", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-boo2=true", new Boolean(true)),
+ new MTest("-boo2=false", new Boolean(false)),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-boo3=%b", bh, 'b', 1, "-boo3=", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-boo3=true", new Boolean(true)),
+ new MTest("-boo3=false", new Boolean(false)),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-boo3 %bX3", b3, 'b', 3, "-boo3 ", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-boo3 true false true",
+ new boolean[] { true, false, true }),
+ new MTest("-boo3 true fals true", new MErr('m', "fals")),
+ };
+ test.checkMatches(tests, MULTI_WORD);
+
+ test.checkAdd("-boov3 %bX3", vec, 'b', 3, "-boov3 ", null, "", null);
+ tests = new MTest[]
+ { new MTest("-boov3 true true false",
+ new boolean[] { true, true, false }, 0),
+ new MTest("-boov3 false false true",
+ new boolean[] { false, false, true }, 1),
+ };
+ vec.clear();
+ test.checkMatches(tests, MULTI_WORD);
+ test.checkAdd("-boov %b", vec, 'b', 1, "-boov ", null, "", null);
+ tests = new MTest[]
+ { new MTest("-boov true", new Boolean(true), 0),
+ new MTest("-boov false", new Boolean(false), 1),
+ new MTest("-boov true", new Boolean(true), 2),
+ };
+ vec.clear();
+ test.checkMatches(tests, MULTI_WORD);
+
+ test.checkAdd("-v3 %vX2", b3, 'v', 2, "-v3 ", null, "", null);
+ tests = new MTest[]
+ { new MTest("-v3", new boolean[] { true, true }),
+ };
+ test.checkMatches(tests, MULTI_WORD);
+
+ test.checkAdd(
+ "-vf %v{false,true}X2", b3, 'v', 2, "-vf ",
+ new RngCheck[]
+ { new RngCheck(false),
+ new RngCheck(true),
+ },
+ "", null);
+ tests = new MTest[]
+ { new MTest("-vf", new boolean[] { false, false }),
+ };
+ test.checkMatches(tests, MULTI_WORD);
+
+ test.checkAdd(
+ "-str=%s{(john,zzzz]}", sh, 's', 1, "-str=",
+ new RngCheck[]
+ { new RngCheck("john", OPEN, "zzzz", CLOSED),
+ },
+ "", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-str=john", new MErr('r', "john")),
+ new MTest("-str=joho ", "joho "),
+ new MTest("-str=joho ", "joho "),
+ new MTest("-str=zzzz", "zzzz"),
+ new MTest("-str= joho", new MErr('r', " joho")),
+ new MTest("-str=jnhn ", new MErr('r', "jnhn ")),
+ new MTest("-str=zzzzz", new MErr('r', "zzzzz")),
+ new MTest("-str=\"joho\"", new MErr('r', "\"joho\"")),
+ new MTest("-str=\"joho", new MErr('r', "\"joho")),
+ new MTest("-str=joho j", "joho j"), // new MErr('m', "joho j")),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-str2=%s", sh, 's', 1, "-str2=", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-str2= jnhn", " jnhn"),
+ new MTest("-str2=zzzzz", "zzzzz"),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-str3 %sX3", s3, 's', 3, "-str3 ", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-str3 foo bar johnny",
+ new String[] { "foo", "bar", "johnny" }),
+ new MTest("-str3 zzzzz \"bad foo",
+ new String[] { "zzzzz", "\"bad", "foo"
+ }), // new MErr('m', "\"bad")),
+ };
+ test.checkMatches(tests, MULTI_WORD);
+
+ test.checkAdd("-strv3 %sX3", vec, 's', 3, "-strv3 ", null, "", null);
+ tests = new MTest[]
+ { new MTest("-strv3 foo bar \"hihi\"",
+ new String[] { "foo", "bar", "\"hihi\"" }, 0),
+ new MTest("-strv3 a 123 gg",
+ new String[] { "a", "123", "gg" }, 1),
+ };
+ vec.clear();
+ test.checkMatches(tests, MULTI_WORD);
+ test.checkAdd("-strv=%s", vec, 's', 1, "-strv=", null, "", null);
+ tests = new MTest[]
+ { new MTest("-strv=d", "d", 0),
+ new MTest("-strv='g'", "'g'", 1),
+ new MTest("-strv=\\111", "\\111", 2),
+ };
+ vec.clear();
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd(
+ "-float=%f{(-0.001,1000.0]}", dh, 'f', 1, "-float=",
+ new RngCheck[]
+ { new RngCheck(-0.001, OPEN, 1000.0, CLOSED),
+ },
+ "", null);
+
+ tests = new MTest[]
+ {
+ new MTest("-float=-0.000999", new Double(-0.000999)),
+ new MTest("-float=1e-3", new Double(0.001)),
+ new MTest("-float=12.33e1", new Double(123.3)),
+ new MTest("-float=1e3", new Double(1e3)),
+ new MTest("-float=1000.000", new Double(1000.0)),
+ new MTest("-float=-0.001", new MErr('r', "-0.001")),
+ new MTest("-float=-1e-3", new MErr('r', "-1e-3")),
+ new MTest("-float=1000.001", new MErr('r', "1000.001")),
+ new MTest("-float=.", new MErr('m', ".")),
+ new MTest("-float= 124.5 ", new Double(124.5)),
+ new MTest("-float=124.5x", new MErr('m', "124.5x")),
+ new MTest("-float= foo ", new MErr('m', " foo ")),
+ new MTest("-float=1e1", new Double(10)),
+ new MTest("-float=1e ", new MErr('m', "1e ")),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-float2=%f", dh, 'f', 1, "-float2=", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-float2=-0.001", new Double(-0.001)),
+ new MTest("-float2=-1e-3", new Double(-1e-3)),
+ new MTest("-float2=1000.001", new Double(1000.001)),
+ };
+ test.checkMatches(tests, ONE_WORD);
+
+ test.checkAdd("-f3 %fX3", d3, 'f', 3, "-f3 ", null, "", null);
+ tests = new MTest[]
+ {
+ new MTest("-f3 -0.001 1.23e5 -9.88e-4",
+ new double[] { -0.001, 1.23e5, -9.88e-4 }),
+ new MTest("-f3 7.88 foo 9.0", new MErr('m', "foo")),
+ new MTest("-f3 7.88 . 9.0", new MErr('m', ".")),
+ new MTest("-f3 7.88 3.0 9.0x", new MErr('m', "9.0x")),
+ };
+ test.checkMatches(tests, MULTI_WORD);
+
+ test.checkAdd("-fv3 %fX3", vec, 'f', 3, "-fv3 ", null, "", null);
+ tests = new MTest[]
+ { new MTest("-fv3 1.0 3.444 6.7",
+ new double[] { 1.0, 3.444, 6.7 }, 0),
+ new MTest("-fv3 13e-5 145.678 0.0001e45",
+ new double[] { 13e-5, 145.678, 0.0001e45 }, 1),
+ new MTest("-fv3 11.11 3.1245 -1e-4",
+ new double[] { 11.11, 3.1245, -1e-4 }, 2),
+ new MTest("-fv3 1.0 2 3",
+ new double[] { 1.0, 2.0, 3.0 }, 3),
+ };
+ vec.clear();
+ test.checkMatches(tests, MULTI_WORD);
+ test.checkAdd("-fv %f", vec, 'f', 1, "-fv ", null, "", null);
+ tests = new MTest[]
+ { new MTest("-fv -15.1234", new Double(-15.1234), 0),
+ new MTest("-fv -1.234e-7", new Double(-1.234e-7), 1),
+ new MTest("-fv 0.001111", new Double(0.001111), 2),
+ };
+ vec.clear();
+ test.checkMatches(tests, MULTI_WORD);
+
+ IntHolder intHolder = new IntHolder();
+ StringHolder strHolder = new StringHolder();
+
+ ArgParser parser = new ArgParser("test");
+ parser.addOption("-foo %d #an int", intHolder);
+ parser.addOption("-bar %s #a string", strHolder);
+ args = new String[]
+ { "zzz", "-cat", "-foo", "123", "yyy", "-bar", "xxxx", "xxx"
+ };
+
+ String[] unmatchedCheck = new String[]
+ { "zzz", "-cat", "yyy", "xxx"
+ };
+
+ String[] unmatched = parser.matchAllArgs(args, 0, 0);
+ test.checkStringArray(
+ "Unmatched args:", unmatched, unmatchedCheck);
+
+ vec.clear();
+ for (int i = 0; i < args.length;) {
+ try {
+ i = parser.matchArg(args, i);
+ if (parser.getUnmatchedArgument() != null) {
+ vec.add(parser.getUnmatchedArgument());
+ }
+ } catch (Exception e) {
+ }
+ }
+ unmatched = (String[]) vec.toArray(new String[0]);
+ test.checkStringArray(
+ "My unmatched args:", unmatched, unmatchedCheck);
+
+ System.out.println("\nPassed\n");
+
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/BooleanHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/BooleanHolder.java
new file mode 100644
index 000000000..ba10022b5
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/BooleanHolder.java
@@ -0,0 +1,54 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Wrapper class which ``holds'' a boolean value,
+ * enabling methods to return boolean values through
+ * arguments.
+ */
+public class BooleanHolder implements java.io.Serializable {
+ /**
+ *
+ */
+ private static final long serialVersionUID = -2863748864787121510L;
+ /**
+ * Value of the boolean, set and examined
+ * by the application as needed.
+ */
+ public boolean value;
+
+ /**
+ * Constructs a new <code>BooleanHolder</code> with an initial
+ * value of <code>false</code>.
+ */
+ public BooleanHolder() {
+ value = false;
+ }
+
+ /**
+ * Constructs a new <code>BooleanHolder</code> with a
+ * specific initial value.
+ *
+ * @param b Initial boolean value.
+ */
+ public BooleanHolder(boolean b) {
+ value = b;
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/CharHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/CharHolder.java
new file mode 100644
index 000000000..453cac8b2
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/CharHolder.java
@@ -0,0 +1,54 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Wrapper class which ``holds'' a character value,
+ * enabling methods to return character values through
+ * arguments.
+ */
+public class CharHolder implements java.io.Serializable {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 7340010668929015745L;
+ /**
+ * Value of the character, set and examined
+ * by the application as needed.
+ */
+ public char value;
+
+ /**
+ * Constructs a new <code>CharHolder</code> with an initial
+ * value of 0.
+ */
+ public CharHolder() {
+ value = 0;
+ }
+
+ /**
+ * Constructs a new <code>CharHolder</code> with a
+ * specific initial value.
+ *
+ * @param c Initial character value.
+ */
+ public CharHolder(char c) {
+ value = c;
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/DoubleHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/DoubleHolder.java
new file mode 100644
index 000000000..13012a641
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/DoubleHolder.java
@@ -0,0 +1,54 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Wrapper class which ``holds'' a double value,
+ * enabling methods to return double values through
+ * arguments.
+ */
+public class DoubleHolder implements java.io.Serializable {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 5461991811517552431L;
+ /**
+ * Value of the double, set and examined
+ * by the application as needed.
+ */
+ public double value;
+
+ /**
+ * Constructs a new <code>DoubleHolder</code> with an initial
+ * value of 0.
+ */
+ public DoubleHolder() {
+ value = 0;
+ }
+
+ /**
+ * Constructs a new <code>DoubleHolder</code> with a
+ * specific initial value.
+ *
+ * @param d Initial double value.
+ */
+ public DoubleHolder(double d) {
+ value = d;
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/FloatHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/FloatHolder.java
new file mode 100644
index 000000000..b8474b535
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/FloatHolder.java
@@ -0,0 +1,54 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Wrapper class which ``holds'' a float value,
+ * enabling methods to return float values through
+ * arguments.
+ */
+public class FloatHolder implements java.io.Serializable {
+ /**
+ *
+ */
+ private static final long serialVersionUID = -7962968109874934361L;
+ /**
+ * Value of the float, set and examined
+ * by the application as needed.
+ */
+ public float value;
+
+ /**
+ * Constructs a new <code>FloatHolder</code> with an initial
+ * value of 0.
+ */
+ public FloatHolder() {
+ value = 0;
+ }
+
+ /**
+ * Constructs a new <code>FloatHolder</code> with a
+ * specific initial value.
+ *
+ * @param f Initial float value.
+ */
+ public FloatHolder(float f) {
+ value = f;
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/IntHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/IntHolder.java
new file mode 100644
index 000000000..a94ceea1e
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/IntHolder.java
@@ -0,0 +1,54 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Wrapper class which ``holds'' an integer value,
+ * enabling methods to return integer values through
+ * arguments.
+ */
+public class IntHolder implements java.io.Serializable {
+ /**
+ *
+ */
+ private static final long serialVersionUID = -5303361328570056819L;
+ /**
+ * Value of the integer, set and examined
+ * by the application as needed.
+ */
+ public int value;
+
+ /**
+ * Constructs a new <code>IntHolder</code> with an initial
+ * value of 0.
+ */
+ public IntHolder() {
+ value = 0;
+ }
+
+ /**
+ * Constructs a new <code>IntHolder</code> with a
+ * specific initial value.
+ *
+ * @param i Initial integer value.
+ */
+ public IntHolder(int i) {
+ value = i;
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/LongHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/LongHolder.java
new file mode 100644
index 000000000..5656d8b86
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/LongHolder.java
@@ -0,0 +1,54 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Wrapper class which ``holds'' a long value,
+ * enabling methods to return long values through
+ * arguments.
+ */
+public class LongHolder implements java.io.Serializable {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1559599139421340971L;
+ /**
+ * Value of the long, set and examined
+ * by the application as needed.
+ */
+ public long value;
+
+ /**
+ * Constructs a new <code>LongHolder</code> with an initial
+ * value of 0.
+ */
+ public LongHolder() {
+ value = 0;
+ }
+
+ /**
+ * Constructs a new <code>LongHolder</code> with a
+ * specific initial value.
+ *
+ * @param l Initial long value.
+ */
+ public LongHolder(long l) {
+ value = l;
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/ObjectHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/ObjectHolder.java
new file mode 100644
index 000000000..70e050fde
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/ObjectHolder.java
@@ -0,0 +1,54 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Wrapper class which ``holds'' an Object reference,
+ * enabling methods to return Object references through
+ * arguments.
+ */
+public class ObjectHolder implements java.io.Serializable {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1825881254530066307L;
+ /**
+ * Value of the Object reference, set and examined
+ * by the application as needed.
+ */
+ public Object value;
+
+ /**
+ * Constructs a new <code>ObjectHolder</code> with an initial
+ * value of <code>null</code>.
+ */
+ public ObjectHolder() {
+ value = null;
+ }
+
+ /**
+ * Constructs a new <code>ObjectHolder</code> with a
+ * specific initial value.
+ *
+ * @param o Initial Object reference.
+ */
+ public ObjectHolder(Object o) {
+ value = o;
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/SimpleExample.java b/base/silent/src/com/netscape/pkisilent/argparser/SimpleExample.java
new file mode 100644
index 000000000..6970d318d
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/SimpleExample.java
@@ -0,0 +1,53 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Gives a very simple example of the use of {@link argparser.ArgParser ArgParser}.
+ */
+public class SimpleExample {
+ /**
+ * Run this to invoke command line parsing.
+ */
+ public static void main(String[] args) {
+ // create holder objects for storing results ...
+
+ DoubleHolder theta = new DoubleHolder();
+ StringHolder fileName = new StringHolder();
+ BooleanHolder debug = new BooleanHolder();
+
+ // create the parser and specify the allowed options ...
+
+ ArgParser parser = new ArgParser("java argparser.SimpleExample");
+ parser.addOption("-theta %f #theta value (in degrees)", theta);
+ parser.addOption("-file %s #name of the operating file", fileName);
+ parser.addOption("-debug %v #enables display of debugging info",
+ debug);
+
+ // and then match the arguments
+
+ parser.matchAllArgs(args);
+
+ // now print out the values
+
+ System.out.println("theta=" + theta.value);
+ System.out.println("fileName=" + fileName.value);
+ System.out.println("debug=" + debug.value);
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/StringHolder.java b/base/silent/src/com/netscape/pkisilent/argparser/StringHolder.java
new file mode 100644
index 000000000..937360346
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/StringHolder.java
@@ -0,0 +1,54 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Wrapper class which ``holds'' a String reference,
+ * enabling methods to return String references through
+ * arguments.
+ */
+public class StringHolder implements java.io.Serializable {
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3184348746223759310L;
+ /**
+ * Value of the String reference, set and examined
+ * by the application as needed.
+ */
+ public String value;
+
+ /**
+ * Constructs a new <code>StringHolder</code> with an
+ * initial value of <code>null</code>.
+ */
+ public StringHolder() {
+ value = null;
+ }
+
+ /**
+ * Constructs a new <code>StringHolder</code> with a
+ * specific initial value.
+ *
+ * @param s Initial String reference.
+ */
+ public StringHolder(String s) {
+ value = s;
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/StringScanException.java b/base/silent/src/com/netscape/pkisilent/argparser/StringScanException.java
new file mode 100644
index 000000000..bf3ea6dc3
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/StringScanException.java
@@ -0,0 +1,56 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.IOException;
+
+/**
+ * Exception class used by <code>StringScanner</code> when
+ * command line arguments do not parse correctly.
+ *
+ * @author John E. Lloyd, Winter 2001
+ * @see StringScanner
+ */
+class StringScanException extends IOException {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 4923445904507805754L;
+ int failIdx;
+
+ /**
+ * Creates a new StringScanException with the given message.
+ *
+ * @param msg Error message
+ * @see StringScanner
+ */
+
+ public StringScanException(String msg) {
+ super(msg);
+ }
+
+ public StringScanException(int idx, String msg) {
+ super(msg);
+ failIdx = idx;
+ }
+
+ public int getFailIndex() {
+ return failIdx;
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/argparser/StringScanner.java b/base/silent/src/com/netscape/pkisilent/argparser/StringScanner.java
new file mode 100644
index 000000000..271dd0c62
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/argparser/StringScanner.java
@@ -0,0 +1,567 @@
+package com.netscape.pkisilent.argparser;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * Copyright John E. Lloyd, 2004. All rights reserved. Permission to use,
+ * copy, modify and redistribute is granted, provided that this copyright
+ * notice is retained and the author is given credit whenever appropriate.
+ *
+ * This software is distributed "as is", without any warranty, including
+ * any implied warranty of merchantability or fitness for a particular
+ * use. The author assumes no responsibility for, and shall not be liable
+ * for, any special, indirect, or consequential damages, or any damages
+ * whatsoever, arising out of or in connection with the use of this
+ * software.
+ */
+
+class StringScanner {
+ private char[] buf;
+ private int idx;
+ private int len;
+ private String stringDelimiters = "";
+
+ public StringScanner(String s) {
+ buf = new char[s.length() + 1];
+ s.getChars(0, s.length(), buf, 0);
+ len = s.length();
+ buf[len] = 0;
+ idx = 0;
+ }
+
+ public int getIndex() {
+ return idx;
+ }
+
+ public void setIndex(int i) {
+ if (i < 0) {
+ idx = 0;
+ } else if (i > len) {
+ idx = len;
+ } else {
+ idx = i;
+ }
+ }
+
+ public void setStringDelimiters(String s) {
+ stringDelimiters = s;
+ }
+
+ public String getStringDelimiters() {
+ return stringDelimiters;
+ }
+
+ public char scanChar()
+ throws StringScanException {
+ int idxSave = idx;
+ skipWhiteSpace();
+ try {
+ if (buf[idx] == '\'') {
+ return scanQuotedChar();
+ } else {
+ return scanUnquotedChar();
+ }
+ } catch (StringScanException e) {
+ idx = idxSave;
+ throw e;
+ }
+ }
+
+ public char scanQuotedChar()
+ throws StringScanException {
+ StringScanException exception = null;
+ char retval = 0;
+ int idxSave = idx;
+
+ skipWhiteSpace();
+ if (idx == len) {
+ exception = new StringScanException(idx, "end of input");
+ } else if (buf[idx++] == '\'') {
+ try {
+ retval = scanUnquotedChar();
+ } catch (StringScanException e) {
+ exception = e;
+ }
+ if (exception == null) {
+ if (idx == len) {
+ exception = new StringScanException
+ (idx, "end of input");
+ } else if (buf[idx++] != '\'') {
+ exception = new StringScanException
+ (idx - 1, "unclosed quoted character");
+ }
+ }
+ } else {
+ exception = new StringScanException
+ (idx - 1, "uninitialized quoted character");
+ }
+ if (exception != null) {
+ idx = idxSave;
+ throw exception;
+ }
+ return retval;
+ }
+
+ public char scanUnquotedChar()
+ throws StringScanException {
+ StringScanException exception = null;
+ char c, retval = 0;
+ int idxSave = idx;
+
+ if (idx == len) {
+ exception = new StringScanException(idx, "end of input");
+ } else if ((c = buf[idx++]) == '\\') {
+ if (idx == len) {
+ exception = new StringScanException(idx, "end of input");
+ } else {
+ c = buf[idx++];
+ if (c == '"') {
+ retval = '"';
+ } else if (c == '\'') {
+ retval = '\'';
+ } else if (c == '\\') {
+ retval = '\\';
+ } else if (c == 'n') {
+ retval = '\n';
+ } else if (c == 't') {
+ retval = '\t';
+ } else if (c == 'b') {
+ retval = '\b';
+ } else if (c == 'r') {
+ retval = '\r';
+ } else if (c == 'f') {
+ retval = '\f';
+ } else if ('0' <= c && c < '8') {
+ int v = c - '0';
+ for (int j = 0; j < 2; j++) {
+ if (idx == len) {
+ break;
+ }
+ c = buf[idx];
+ if ('0' <= c && c < '8' && (v * 8 + (c - '0')) <= 255) {
+ v = v * 8 + (c - '0');
+ idx++;
+ } else {
+ break;
+ }
+ }
+ retval = (char) v;
+ } else {
+ exception = new StringScanException
+ (idx - 1, "illegal escape character '" + c + "'");
+ }
+ }
+ } else {
+ retval = c;
+ }
+ if (exception != null) {
+ idx = idxSave;
+ throw exception;
+ }
+ return retval;
+ }
+
+ public String scanQuotedString()
+ throws StringScanException {
+ StringScanException exception = null;
+ StringBuffer sbuf = new StringBuffer(len);
+ char c;
+ int idxSave = idx;
+
+ skipWhiteSpace();
+ if (idx == len) {
+ exception = new StringScanException(idx, "end of input");
+ } else if ((c = buf[idx++]) == '"') {
+ while (idx < len && (c = buf[idx]) != '"' && c != '\n') {
+ if (c == '\\') {
+ try {
+ c = scanUnquotedChar();
+ } catch (StringScanException e) {
+ exception = e;
+ break;
+ }
+ } else {
+ idx++;
+ }
+ sbuf.append(c);
+ }
+ if (exception == null && idx >= len) {
+ exception = new StringScanException(len, "end of input");
+ } else if (exception == null && c == '\n') {
+ exception = new StringScanException
+ (idx, "unclosed quoted string");
+ } else {
+ idx++;
+ }
+ } else {
+ exception = new StringScanException(idx - 1,
+ "quoted string must start with \"");
+ }
+ if (exception != null) {
+ idx = idxSave;
+ throw exception;
+ }
+ return sbuf.toString();
+ }
+
+ public String scanNonWhiteSpaceString()
+ throws StringScanException {
+ StringBuffer sbuf = new StringBuffer(len);
+ int idxSave = idx;
+ char c;
+
+ skipWhiteSpace();
+ if (idx == len) {
+ StringScanException e = new StringScanException(
+ idx, "end of input");
+ idx = idxSave;
+ throw e;
+ } else {
+ c = buf[idx++];
+ while (idx < len && !Character.isWhitespace(c)
+ && stringDelimiters.indexOf(c) == -1) {
+ sbuf.append(c);
+ c = buf[idx++];
+ }
+ if (Character.isWhitespace(c) ||
+ stringDelimiters.indexOf(c) != -1) {
+ idx--;
+ } else {
+ sbuf.append(c);
+ }
+ }
+ return sbuf.toString();
+ }
+
+ public String scanString()
+ throws StringScanException {
+ int idxSave = idx;
+ skipWhiteSpace();
+ try {
+ if (buf[idx] == '"') {
+ return scanQuotedString();
+ } else {
+ return scanNonWhiteSpaceString();
+ }
+ } catch (StringScanException e) {
+ idx = idxSave;
+ throw e;
+ }
+ }
+
+ public String getString()
+ throws StringScanException {
+ StringBuffer sbuf = new StringBuffer(len);
+ while (idx < len) {
+ sbuf.append(buf[idx++]);
+ }
+ return sbuf.toString();
+ }
+
+ public long scanInt()
+ throws StringScanException {
+ int idxSave = idx;
+ char c;
+ int sign = 1;
+
+ skipWhiteSpace();
+ if ((c = buf[idx]) == '-' || c == '+') {
+ sign = (c == '-' ? -1 : 1);
+ idx++;
+ }
+ try {
+ if (idx == len) {
+ throw new StringScanException(len, "end of input");
+ } else if ((c = buf[idx]) == '0') {
+ if ((c = buf[idx + 1]) == 'x' || c == 'X') {
+ idx += 2;
+ return sign * scanInt(16, false);
+ } else {
+ return sign * scanInt(8, false);
+ }
+ } else {
+ return sign * scanInt(10, false);
+ }
+ } catch (StringScanException e) {
+ idx = idxSave;
+ throw e;
+ }
+ }
+
+ public long scanInt(int radix)
+ throws StringScanException {
+ return scanInt(radix, /*skipWhite=*/true);
+ }
+
+ private String baseDesc(int radix) {
+ switch (radix) {
+ case 10: {
+ return "decimal";
+ }
+ case 8: {
+ return "octal";
+ }
+ case 16: {
+ return "hex";
+ }
+ default: {
+ return "base " + radix;
+ }
+ }
+ }
+
+ public long scanInt(int radix, boolean skipWhite)
+ throws StringScanException {
+ StringScanException exception = null;
+ int charval, idxSave = idx;
+ char c;
+ long val = 0;
+ boolean negate = false;
+
+ if (skipWhite) {
+ skipWhiteSpace();
+ }
+ if ((c = buf[idx]) == '-' || c == '+') {
+ negate = (c == '-');
+ idx++;
+ }
+ if (idx >= len) {
+ exception = new StringScanException(len, "end of input");
+ } else if ((charval = Character.digit(buf[idx++], radix)) == -1) {
+ exception = new StringScanException
+ (idx - 1, "malformed " + baseDesc(radix) + " integer");
+ } else {
+ val = charval;
+ while ((charval = Character.digit(buf[idx], radix)) != -1) {
+ val = val * radix + charval;
+ idx++;
+ }
+ if (Character.isLetter(c = buf[idx]) ||
+ Character.isDigit(c) || c == '_') {
+ exception = new StringScanException
+ (idx, "malformed " + baseDesc(radix) + " integer");
+ }
+ }
+ if (exception != null) {
+ idx = idxSave;
+ throw exception;
+ }
+ return negate ? -val : val;
+ }
+
+ public double scanDouble()
+ throws StringScanException {
+ StringScanException exception = null;
+ int idxSave = idx;
+ char c;
+ // parse [-][0-9]*[.][0-9]*[eE][-][0-9]*
+ boolean hasDigits = false;
+ double value = 0;
+
+ skipWhiteSpace();
+ if (idx == len) {
+ exception = new StringScanException("end of input");
+ } else {
+ if ((c = buf[idx]) == '-' || c == '+') {
+ // signed
+ idx++;
+ }
+ if (matchDigits()) {
+ hasDigits = true;
+ }
+ if (buf[idx] == '.') {
+ idx++;
+ }
+ if (!hasDigits && (buf[idx] < '0' || buf[idx] > '9')) {
+ if (idx == len) {
+ exception = new StringScanException(idx, "end of input");
+ } else {
+ exception = new StringScanException(
+ idx, "malformed floating number: no digits");
+ }
+ } else {
+ matchDigits();
+
+ if ((c = buf[idx]) == 'e' || c == 'E') {
+ idx++;
+ if ((c = buf[idx]) == '-' || c == '+') {
+ // signed
+ idx++;
+ }
+ if (buf[idx] < '0' || buf[idx] > '9') {
+ if (idx == len) {
+ exception = new StringScanException(
+ idx, "end of input");
+ } else {
+ exception = new StringScanException(idx,
+ "malformed floating number: no digits in exponent");
+ }
+ } else {
+ matchDigits();
+ }
+ }
+ }
+ }
+ if (exception == null) {
+ // if (Character.isLetterOrDigit(c=buf[idx]) || c == '_')
+ // { exception = new StringScanException (idx,
+ //"malformed floating number");
+ // }
+ // else
+ {
+ try {
+ value = Double.parseDouble(new String(buf, idxSave,
+ idx - idxSave));
+ } catch (NumberFormatException e) {
+ exception = new StringScanException(
+ idx, "malformed floating number");
+ }
+ }
+ }
+ if (exception != null) {
+ idx = idxSave;
+ throw exception;
+ }
+ return value;
+ }
+
+ public boolean scanBoolean()
+ throws StringScanException {
+ StringScanException exception = null;
+ int idxSave = idx;
+ String testStr = "false";
+ boolean testval = false;
+ char c;
+
+ skipWhiteSpace();
+ if (buf[idx] == 't') {
+ testStr = "true";
+ testval = true;
+ } else {
+ testval = false;
+ }
+ int i = 0;
+ for (i = 0; i < testStr.length(); i++) {
+ if (testStr.charAt(i) != buf[idx]) {
+ if (idx == len) {
+ exception = new StringScanException(idx, "end of input");
+ }
+ break;
+ }
+ idx++;
+ }
+ if (exception == null) {
+ if (i < testStr.length() ||
+ Character.isLetterOrDigit(c = buf[idx]) || c == '_') {
+ exception = new StringScanException(idx, "illegal boolean");
+ }
+ }
+ if (exception != null) {
+ idx = idxSave;
+ throw exception;
+ }
+ return testval;
+ }
+
+ public boolean matchString(String s) {
+ int k = idx;
+ for (int i = 0; i < s.length(); i++) {
+ if (k >= len || s.charAt(i) != buf[k++]) {
+ return false;
+ }
+ }
+ idx = k;
+ return true;
+ }
+
+ public boolean matchDigits() {
+ int k = idx;
+ char c;
+
+ while ((c = buf[k]) >= '0' && c <= '9') {
+ k++;
+ }
+ if (k > idx) {
+ idx = k;
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ public void skipWhiteSpace() {
+ while (Character.isWhitespace(buf[idx])) {
+ idx++;
+ }
+ }
+
+ public boolean atEnd() {
+ return idx == len;
+ }
+
+ public boolean atBeginning() {
+ return idx == 0;
+ }
+
+ public void ungetc() {
+ if (idx > 0) {
+ idx--;
+ }
+ }
+
+ public char getc() {
+ char c = buf[idx];
+ if (idx < len) {
+ idx++;
+ }
+ return c;
+ }
+
+ public char peekc() {
+ return buf[idx];
+ }
+
+ public String substring(int i0, int i1) {
+ if (i0 < 0) {
+ i0 = 0;
+ } else if (i0 >= len) {
+ i0 = len - 1;
+ }
+ if (i1 < 0) {
+ i1 = 0;
+ } else if (i1 > len) {
+ i1 = len;
+ }
+ if (i1 <= i0) {
+ return "";
+ }
+ return new String(buf, i0, i1 - i0);
+ }
+
+ public String substring(int i0) {
+ if (i0 < 0) {
+ i0 = 0;
+ }
+ if (i0 >= len) {
+ return "";
+ } else {
+ return new String(buf, i0, len - i0);
+ }
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/common/BaseState.java b/base/silent/src/com/netscape/pkisilent/common/BaseState.java
new file mode 100644
index 000000000..0d5e9cfc6
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/BaseState.java
@@ -0,0 +1,118 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * CMS Test framework .
+ * This class reads and sets the values for a CMS subsytems Config file (CS.cfg)
+ * Using this class you can set the server to a base state.
+ */
+
+public class BaseState {
+
+ private String CMSConfigFile;
+ private CMSConfig cmscfg = null;
+ private String ldapbase, ldaphost, ldapport, ldapdn, ldapdnpw;
+ private boolean ldapsecConn = false;
+
+ // Constructor
+
+ public BaseState() {
+ }
+
+ /**
+ * Constructor . Takes the parameter CMSConfigfilename ( with fullpath)
+ *
+ * @param CMSConfigfile.
+ */
+
+ public BaseState(String cmscfilename) {
+ CMSConfigFile = cmscfilename;
+
+ }
+
+ /**
+ * Set the publishing directory information . Takes the paramters ldaphost,ldapport,ldapDN, ldapDN password, BaseDN
+ * , Secure coonection (true/false)
+ */
+ public void setLDAPInfo(String h, String p, String dn, String pw, String base, boolean sc) {
+ ldaphost = h;
+ ldapport = p;
+ ldapdn = dn;
+ ldapdnpw = pw;
+ ldapbase = base;
+ ldapsecConn = sc;
+
+ }
+
+ /**
+ * Enable SSL Client authentication for Directory enrollment and publishing
+ */
+
+ public void EnableSSLClientAuth() {
+ ldapsecConn = true;
+ cmscfg = new CMSConfig(CMSConfigFile);
+ // Enable DirBaseEnrollment
+ cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport);
+ // Enable Publishing
+ cmscfg.EnablePublishing(ldapsecConn, ldapdn, ldapdnpw, ldaphost,
+ ldapport);
+ cmscfg.saveCMSConfig();
+
+ }
+
+ /**
+ * Set to CA 's base state . Enables Directory based enrollment , publishing and Portal enrollment
+ */
+
+ public void CABaseState() {
+ cmscfg = new CMSConfig(CMSConfigFile);
+ cmscfg.EnableAdminEnrollment();
+ // Enable DirBaseEnrollment
+ cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport);
+ // Enable Publishing
+ cmscfg.DisablePublishing(ldapsecConn, ldapdn, ldapdnpw, ldaphost,
+ ldapport, ldapbase);
+ // Enable Portalbased enrollment
+ cmscfg.EnablePortalAuth(ldapsecConn, ldapdn, ldapdnpw, ldaphost,
+ ldapport, ldapbase);
+ cmscfg.saveCMSConfig();
+
+ }
+
+ /**
+ * Set to RA 's base state . Enables Directory based enrollment and Portal enrollment
+ */
+
+ public void RABaseState() {
+ cmscfg = new CMSConfig(CMSConfigFile);
+ cmscfg.EnableAdminEnrollment();
+ // Enable DirBaseEnrollment
+ cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport);
+ // Enable Portalbased enrollment
+ cmscfg.EnablePortalAuth(ldapsecConn, ldapdn, ldapdnpw, ldaphost,
+ ldapport, ldapbase);
+ cmscfg.saveCMSConfig();
+
+ }
+
+ public static void main(String args[]) {
+ }// end of function main
+
+}
diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java b/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java
new file mode 100644
index 000000000..3e4f0bfa2
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java
@@ -0,0 +1,569 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+
+/**
+ * CMS Test framework .
+ * This class reads,modifies and saves CS.cfg file
+ */
+
+public class CMSConfig extends ServerInfo {
+
+ /**
+ * Constructor . Reads the CS.cfg file .Takes the parameter for Configfile ( Provide fullpath)
+ */
+
+ public CMSConfig(String confFile) {
+ CMSConfigFile = confFile;
+ System.out.println(CMSConfigFile);
+ readCMSConfig();
+ }
+
+ private void readCMSConfig() {
+
+ try {
+ FileInputStream fiscfg = new FileInputStream(CMSConfigFile);
+
+ CMSprops = new CMSProperties();
+ CMSprops.load(fiscfg);
+ System.out.println("Reading CMS Config file successful");
+ fiscfg.close();
+ System.out.println("Number in size " + CMSprops.size());
+ } catch (Exception e) {
+ System.out.println("exception " + e.getMessage());
+ }
+
+ }
+
+ /**
+ * Saves the config file
+ **/
+
+ public void saveCMSConfig() {
+ try {
+ // Properties s = new Properties(CMSprops);
+ FileOutputStream fos = new FileOutputStream(CMSConfigFile);
+
+ System.out.println("Number in size " + CMSprops.size());
+ // CMSprops.list(System.out);
+ CMSprops.store(fos, null);
+ System.out.println("Writing to CMS Config file successful");
+ fos.close();
+ } catch (Exception e) {
+ System.out.println("exception " + e.getMessage());
+ }
+
+ }
+
+ // AdminEnrollment
+
+ public void EnableAdminEnrollment() {
+ CMSprops.setProperty("cmsgateway.enableAdminEnroll", "true");
+
+ }
+
+ // Authentication
+
+ // Enable DirectoryBased Authentication
+ /**
+ * Takes parameters : secureConnection( true/false), basedn, ldaphostname, lapdaportnumber ( in case of secured
+ * connection give ldap secured port)
+ */
+
+ public void EnableDirEnrollment(boolean secureConn, String ldapbase, String lhost, String lport) {
+ CMSprops.setProperty("auths.instance.UserDirEnrollment.dnpattern",
+ "UID=$attr.uid,E=$attr.mail.1,CN=$attr.cn,OU=$dn.ou.2,O=$dn.o,C=US");
+ CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.basedn",
+ ldapbase);
+ CMSprops.setProperty(
+ "auths.instance.UserDirEnrollment.ldap.ldapconn.host", lhost);
+ CMSprops.setProperty(
+ "auths.instance.UserDirEnrollment.ldap.ldapconn.version", "3");
+ CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.maxConns",
+ "8");
+ CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.minConns",
+ "2");
+ // CMSprops.setProperty("auths.instance.UserDirEnrollment.ldapByteAttributes=","");
+ CMSprops.setProperty(
+ "auths.instance.UserDirEnrollment.ldapStringAttributes", "mail");
+ CMSprops.setProperty("auths.instance.UserDirEnrollment.pluginName",
+ "UidPwdDirAuth");
+ if (secureConn) {
+ CMSprops.setProperty(
+ "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn",
+ "true");
+ CMSprops.setProperty(
+ "auths.instance.UserDirEnrollment.ldap.ldapconn.port", lport);
+
+ } else {
+ CMSprops.setProperty(
+ "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn",
+ "false");
+ CMSprops.setProperty(
+ "auths.instance.UserDirEnrollment.ldap.ldapconn.port", lport);
+
+ }
+ }
+
+ public void DisableDirEnrollment() {
+ CMSprops.remove("auths.instance.UserDirEnrollment.dnpattern");
+ CMSprops.remove("auths.instance.UserDirEnrollment.ldap.basedn");
+ CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.host");
+ CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.port");
+ CMSprops.remove(
+ "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn");
+ CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.version");
+ CMSprops.remove("auths.instance.UserDirEnrollment.ldap.maxConns");
+ CMSprops.remove("auths.instance.UserDirEnrollment.ldap.minConns");
+ CMSprops.remove("auths.instance.UserDirEnrollment.ldapByteAttributes=");
+ CMSprops.remove("auths.instance.UserDirEnrollment.ldapStringAttributes");
+ CMSprops.remove("auths.instance.UserDirEnrollment.pluginName");
+
+ }
+
+ public void EnableCMCAuth() {
+
+ CMSprops.setProperty("auths.instance.testcmc.pluginName",
+ "CMCAuthentication");
+ }
+
+ /**
+ * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber (
+ * in case of secured connection give ldap secured port), basedn (e.g ou=people,o=mcom.com)
+ */
+
+ void EnablePortalAuth(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport,
+ String lbsuffix) {
+ String certnickname = null;
+
+ CMSprops.setProperty("auths.instance.PortalEnrollment.pluginName",
+ "PortalEnroll");
+ CMSprops.setProperty("auths.instance.PortalEnrollment.dnpattern",
+ "uid=$attr.uid,cn=$attr.cn,O=$dn.co,C=$dn.c");
+ CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.basedn",
+ lbsuffix);
+ CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.maxConns",
+ "3");
+ CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.minConns",
+ "2");
+ CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.objectclass",
+ "inetOrgPerson");
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapauth.bindDN",
+ ldaprootDN);
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapauth.bindPassword",
+ ldaprootDNPW);
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapauth.bindPWPrompt",
+ "Rule PortalEnrollment");
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapconn.host", lhost);
+ if (secureConn) {
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapconn.secureConn",
+ "true");
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapauth.clientCertNickname",
+ certnickname);
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapauth.authtype",
+ "SslClientAuth");
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapconn.port", lport);
+
+ } else {
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapconn.secureConn",
+ "false");
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapconn.port", lport);
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapauth.authtype",
+ "BasicAuth");
+ }
+
+ CMSprops.setProperty(
+ "auths.instance.PortalEnrollment.ldap.ldapconn.version", "3");
+
+ }
+
+ // Publishing
+ /**
+ * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber (
+ * in case of secured connection give ldap secured port)
+ */
+
+ public void EnablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport) {
+
+ CMSprops.setProperty("ca.publish.enable", "true");
+ CMSprops.setProperty("ca.publish.ldappublish.enable", "true");
+ if (secureConn) {
+ CMSprops.setProperty(
+ "ca.publish.ldappublish.ldap.ldapconn.secureConn", "true");
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port",
+ lport);
+
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype",
+ "SslClientAuth");
+ } else {
+ CMSprops.setProperty(
+ "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false");
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port",
+ lport);
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype",
+ "BasicAuth");
+ }
+
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindDN",
+ ldaprootDN);
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPassword",
+ ldaprootDNPW);
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt",
+ "CA LDAP Publishing");
+
+ // set the hostname with fully qulified name if you are using SSL
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.host", lhost);
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.version", "3");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapCaSimpleMap.class",
+ "com.netscape.cms.publish.mappers.LdapCaSimpleMap");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapDNCompsMap.class",
+ "com.netscape.cms.publish.mappers.Lda pCertCompsMap");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapDNExactMap.class",
+ "com.netscape.cms.publish.mappers.LdapCertExactMap");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapEnhancedMap.class",
+ "com.netscape.cms.publish.mappers.LdapEnhancedMap");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapSimpleMap.class",
+ "com.netscape.cms.publish.mappers.LdapSimpleMap");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapSubjAttrMap.class",
+ "com.netscape.cms.publish.mappers.LdapCertSubjMap");
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapCaCertMap.createCAEntry", "true");
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapCaCertMap.dnPattern",
+ "UID=CManager,OU=people,O=mcom.com");
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapCaCertMap.pluginName",
+ "LdapCaSimpleMap");
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapCrlMap.createCAEntry", "true");
+ CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.dnPattern",
+ "UID=CManager,OU=people,O=mcom.com");
+ CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.pluginName",
+ "LdapCaSimpleMap");
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapUserCertMap.dnPattern",
+ "UID=$subj.UID,OU=people,O=mcom.com");
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapUserCertMap.pluginName",
+ "LdapSimpleMap");
+ CMSprops.setProperty(
+ "ca.publish.publisher.impl.FileBasedPublisher.class",
+ "com.netscape.cms.publish.publishers.FileBasedPublisher");
+ CMSprops.setProperty(
+ "ca.publish.publisher.impl.LdapCaCertPublisher.class",
+ "com.netscape.cms.publish.publishers.LdapCaCertPublisher");
+ CMSprops.setProperty("ca.publish.publisher.impl.LdapCrlPublisher.class",
+ "com.netscape.cms.publish.publishers.LdapCrlPublisher");
+ CMSprops.setProperty(
+ "ca.publish.publisher.impl.LdapUserCertPublisher.class",
+ "com.netscape.cms.publish.publishers.LdapUserCertPublisher");
+ CMSprops.setProperty("ca.publish.publisher.impl.OCSPPublisher.class",
+ "com.netscape.cms.publish.publishers.OCSPPublisher");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr",
+ "caCertificate;binary");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass",
+ "certificationAuthority");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapCaCertPublisher.pluginName",
+ "LdapCaCertPublisher");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapCrlPublisher.crlAttr",
+ "certificateRevocationList;binary");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapCrlPublisher.pluginName",
+ "LdapCrlPublisher");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapUserCertPublisher.certAttr",
+ "userCertificate;binary");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapUserCertPublisher.pluginName",
+ "LdapUserCertPublisher");
+ }
+
+ public void DisablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost,
+ String lport, String base) {
+
+ CMSprops.setProperty("ca.publish.enable", "false");
+ CMSprops.setProperty("ca.publish.ldappublish.enable", "false");
+ if (secureConn) {
+ CMSprops.setProperty(
+ "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false");
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port",
+ lport);
+
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype",
+ "SslClientAuth");
+ } else {
+ CMSprops.setProperty(
+ "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false");
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port",
+ lport);
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype",
+ "BasicAuth");
+ }
+
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindDN",
+ ldaprootDN);
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPassword",
+ ldaprootDNPW);
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt",
+ "CA LDAP Publishing");
+
+ // set the hostname with fully qulified name if you are using SSL
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.host", lhost);
+ CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.version", "3");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapCaSimpleMap.class",
+ "com.netscape.cms.publish.mappers.LdapCaSimpleMap");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapDNCompsMap.class",
+ "com.netscape.cms.publish.mappers.Lda pCertCompsMap");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapDNExactMap.class",
+ "com.netscape.cms.publish.mappers.LdapCertExactMap");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapEnhancedMap.class",
+ "com.netscape.cms.publish.mappers.LdapEnhancedMap");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapSimpleMap.class",
+ "com.netscape.cms.publish.mappers.LdapSimpleMap");
+ CMSprops.setProperty("ca.publish.mapper.impl.LdapSubjAttrMap.class",
+ "com.netscape.cms.publish.mappers.LdapCertSubjMap");
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapCaCertMap.createCAEntry",
+ "false");
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapCaCertMap.dnPattern",
+ "UID=CManager,OU=people," + base);
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapCaCertMap.pluginName",
+ "LdapCaSimpleMap");
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapCrlMap.createCAEntry", "false");
+ CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.dnPattern",
+ "UID=CManager,OU=people," + base);
+ CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.pluginName",
+ "LdapCaSimpleMap");
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapUserCertMap.dnPattern",
+ "UID=$subj.UID,OU=people," + base);
+ CMSprops.setProperty(
+ "ca.publish.mapper.instance.LdapUserCertMap.pluginName",
+ "LdapSimpleMap");
+ CMSprops.setProperty(
+ "ca.publish.publisher.impl.FileBasedPublisher.class",
+ "com.netscape.cms.publish.publishers.FileBasedPublisher");
+ CMSprops.setProperty(
+ "ca.publish.publisher.impl.LdapCaCertPublisher.class",
+ "com.netscape.cms.publish.publishers.LdapCaCertPublisher");
+ CMSprops.setProperty("ca.publish.publisher.impl.LdapCrlPublisher.class",
+ "com.netscape.cms.publish.publishers.LdapCrlPublisher");
+ CMSprops.setProperty(
+ "ca.publish.publisher.impl.LdapUserCertPublisher.class",
+ "com.netscape.cms.publish.publishers.LdapUserCertPublisher");
+ CMSprops.setProperty("ca.publish.publisher.impl.OCSPPublisher.class",
+ "com.netscape.cms.publish.publishers.OCSPPublisher");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr",
+ "caCertificate;binary");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass",
+ "certificationAuthority");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapCaCertPublisher.pluginName",
+ "LdapCaCertPublisher");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapCrlPublisher.crlAttr",
+ "certificateRevocationList;binary");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapCrlPublisher.pluginName",
+ "LdapCrlPublisher");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapUserCertPublisher.certAttr",
+ "userCertificate;binary");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.LdapUserCertPublisher.pluginName",
+ "LdapUserCertPublisher");
+ }
+
+ public void CreateOCSPPublisher(String OCSPHost, String OCSPPort, String OCSPEEPort) {
+ // Set host nmae with fully qualified hostname
+ String location = "http://" + OCSPHost + ":" + OCSPEEPort + "/ocsp";
+
+ CMSprops.setProperty("ca.crl.MasterCRL.alwaysUpdate", "true");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.CAOCSPPublisher.host", OCSPHost);
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.CAOCSPPublisher.path",
+ "/ocsp/addCRL");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.CAOCSPPublisher.pluginName",
+ "OCSPPublisher");
+ CMSprops.setProperty(
+ "ca.publish.publisher.instance.CAOCSPPublisher.port", OCSPPort);
+ CMSprops.setProperty(
+ "ca.publish.rule.instance.OCSPPublishingRule.enable", "true");
+ CMSprops.setProperty(
+ "ca.publish.rule.instance.OCSPPublishingRule.mapper", "");
+ CMSprops.setProperty(
+ "ca.publish.rule.instance.OCSPPublishingRule.pluginName", "Rule");
+ CMSprops.setProperty(
+ "ca.publish.rule.instance.OCSPPublishingRule.predicate", "");
+ CMSprops.setProperty(
+ "ca.publish.rule.instance.OCSPPublishingRule.publisher",
+ "CAOCSPPublisher");
+ CMSprops.setProperty("ca.publish.rule.instance.OCSPPublishingRule.type",
+ "crl");
+ CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.ad0_location",
+ location);
+ CMSprops.setProperty(
+ "ca.Policy.rule.AuthInfoAccessExt.ad0_location_type", "URL");
+ CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.ad0_method",
+ "ocsp");
+ CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.critical",
+ "false");
+ CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.enable", "true");
+ CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.implName",
+ "AuthInfoAccessExt");
+ CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.numADs", "1");
+ CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.predicate",
+ "HTTP_PARAMS.certType == client");
+
+ }
+
+ public void EnableOCSPLDAPStore(String certInstanceID) {
+ String certNickName = "ocspSigningCert cert-" + certInstanceID;
+
+ CMSprops.setProperty("ocsp.storeId", "ldapStore");
+ CMSprops.setProperty("ocsp.store.defStore.byName", "true");
+ CMSprops.setProperty("ocsp.store.defStore.class",
+ "com.netscape.cms.ocsp.DefStore");
+ CMSprops.setProperty("ocsp.store.defStore.includeNextUpdate", "true");
+ CMSprops.setProperty("ocsp.store.defStore.notFoundAsGood", "true");
+ CMSprops.setProperty("ocsp.store.ldapStore.baseDN0", ldapBaseSuffix);
+ CMSprops.setProperty("ocsp.store.ldapStore.byName", "true");
+ CMSprops.setProperty("ocsp.store.ldapStore.caCertAttr",
+ "cACertificate;binary");
+ CMSprops.setProperty("ocsp.store.ldapStore.class",
+ "com.netscape.cms.ocsp.LDAPStore");
+ CMSprops.setProperty("ocsp.store.ldapStore.crlAttr",
+ "certificateRevocationList;binary");
+ CMSprops.setProperty("ocsp.store.ldapStore.host0", ldapHost);
+ CMSprops.setProperty("ocsp.store.ldapStore.includeNextUpdate", "true");
+ CMSprops.setProperty("ocsp.store.ldapStore.notFoundAsGood", "true");
+ CMSprops.setProperty("ocsp.store.ldapStore.numConns", "1");
+ CMSprops.setProperty("ocsp.store.ldapStore.port0", ldapPort);
+ CMSprops.setProperty("ocsp.store.ldapStore.refreshInSec0", "864");
+ CMSprops.setProperty("ocsp.signing.certnickname", certNickName);
+ CMSprops.setProperty("ocsp.signing.defaultSigningAlgorithm",
+ "MD5withRSA");
+ CMSprops.setProperty("ocsp.signing.tokenname", "internal");
+
+ }
+
+ public void SetupKRAConnectorInCA(String certInstanceID, String KRAHost, String KRAPort) {
+ String certNickName = "Server-Cert " + certInstanceID;
+
+ CMSprops.setProperty("ca.connector.KRA.enable", "true");
+ CMSprops.setProperty("ca.connector.KRA.host", KRAHost);
+ CMSprops.setProperty("ca.connector.KRA.local", "false");
+ CMSprops.setProperty("ca.connector.KRA.nickName", certNickName);
+ CMSprops.setProperty("ca.connector.KRA.port", KRAPort);
+ CMSprops.setProperty("ca.connector.KRA.timeout", "30");
+ CMSprops.setProperty("ca.connector.KRA.uri", "/kra/connector");
+
+ }
+
+ public void DisableCardCryptoValidationinTKS() {
+ CMSprops.setProperty("cardcryptogram.validate.enable", "false");
+ }
+
+ // Policies
+ public void DefaultValidityRule(String SubsystemType, String lagtime, String leadtime, String maxValidity) {
+ if (SubsystemType.equals("ca")) {
+ CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.enable",
+ "true");
+ CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.implName",
+ "ValidityConstraints");
+ CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.lagTime",
+ lagtime);
+ CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.leadTime",
+ leadtime);
+ CMSprops.setProperty(
+ "ca.Policy.rule.DefaultValidityRule.maxValidity",
+ maxValidity);
+ CMSprops.setProperty(
+ "ca.Policy.rule.DefaultValidityRule.minValidity", "1");
+ CMSprops.setProperty(
+ "ca.Policy.rule.DefaultValidityRule.notBeforeSkew", "5");
+ CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.predicate",
+ null);
+ } else {
+
+ CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.enable",
+ "true");
+ CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.implName",
+ "ValidityConstraints");
+ CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.lagTime",
+ lagtime);
+ CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.leadTime",
+ leadtime);
+ CMSprops.setProperty(
+ "ra.Policy.rule.DefaultValidityRule.maxValidity",
+ maxValidity);
+ CMSprops.setProperty(
+ "ra.Policy.rule.DefaultValidityRule.minValidity", "1");
+ CMSprops.setProperty(
+ "ra.Policy.rule.DefaultValidityRule.notBeforeSkew", "5");
+ CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.predicate",
+ null);
+ }
+
+ }
+
+ // Main Function
+ public static void main(String args[]) {
+ System.out.println(args.length);
+
+ if (args.length < 1) {
+ System.out.println("Usage : ConfigFilePath");
+ System.exit(-1);
+ }
+
+ CMSConfig s = new CMSConfig(args[0]);
+
+ // boolean secureC = false;
+ // s.EnableDirEnrollment(secureC);
+ s.saveCMSConfig();
+
+ }// end of function main
+
+} // end of class
+
diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java b/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java
new file mode 100644
index 000000000..91a273df6
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/CMSLDAP.java
@@ -0,0 +1,609 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.ByteArrayInputStream;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import netscape.ldap.LDAPAttribute;
+import netscape.ldap.LDAPAttributeSet;
+import netscape.ldap.LDAPConnection;
+import netscape.ldap.LDAPEntry;
+import netscape.ldap.LDAPException;
+import netscape.ldap.LDAPModification;
+import netscape.ldap.LDAPModificationSet;
+import netscape.ldap.LDAPSearchResults;
+import netscape.ldap.LDAPv2;
+
+/**
+ * CMS Test framework .
+ * Using this class you can add a user and user certificate to LDAP server.
+ * You can also check if a certificate / CRL is published in LDAP server
+ * USe this class to turn of SSL and turn on SSL in a LDAP server.
+ */
+
+public class CMSLDAP {
+
+ private String HOST, DN, BASEDN, PASSWORD;
+ private int PORT;
+
+ private LDAPConnection conn = new LDAPConnection();
+
+ public CMSLDAP() {
+ }
+
+ /**
+ * Constructor. Takes parametes ldaphost, ldapport
+ */
+ public CMSLDAP(String h, String p) {
+ HOST = h;
+ PORT = Integer.parseInt(p);
+ }
+
+ /**
+ * Cosntructor. Takes parameters ldaphost,ldapport,ldapbinddn, ldapbindnpassword.
+ */
+ public CMSLDAP(String h, String p, String dn, String pwd) {
+ HOST = h;
+ PORT = Integer.parseInt(p);
+ DN = dn;
+ PASSWORD = pwd;
+ }
+
+ /**
+ * Connect to ldap server
+ */
+
+ public boolean connect() {
+ try {
+ conn.connect(HOST, PORT, DN, PASSWORD);
+ return true;
+ } catch (Exception e) {
+ System.out.println("ERROR: " + e.toString());
+ return false;
+ }
+ }
+
+ /**
+ * Disconnect form ldap server
+ */
+
+ public void disconnect() {
+
+ if ((conn != null) && conn.isConnected()) {
+ try {
+ conn.disconnect();
+ } catch (Exception e) {
+ System.out.println("ERROR: " + e.toString());
+ }
+
+ }
+
+ }
+
+ /**
+ * Search for certificaterevocationList attribute. Takes basedn and filter as parameters
+ */
+
+ public boolean searchCRL(String basedn, String filter) throws LDAPException {
+ int searchScope = LDAPv2.SCOPE_SUB;
+ String getAttrs[] = { "certificateRevocationList;binary" };
+ LDAPSearchResults results = conn.search(basedn, searchScope, filter,
+ getAttrs, false);
+
+ if (results == null) {
+ System.out.println("Could not search");
+ return false;
+ }
+ while (results.hasMoreElements()) {
+ LDAPEntry entry = (LDAPEntry) results.nextElement();
+
+ System.out.println(entry.getDN());
+ LDAPAttribute anAttr = entry.getAttribute(
+ "certificateRevocationList;binary");
+
+ if (anAttr == null) {
+ System.out.println("Attribute not found ");
+ return false;
+ } else {
+ System.out.println(anAttr.getName());
+ System.out.println(anAttr.getByteValueArray());
+ return true;
+ }
+ }
+ return true;
+ }
+
+ /**
+ * Search for attriburte usercertificate. Takes parameters basedn and filter
+ */
+
+ public boolean searchUserCert(String basedn, String filter) throws LDAPException {
+ int searchScope = LDAPv2.SCOPE_SUB;
+ String getAttrs[] = { "usercertificate;binary" };
+ LDAPSearchResults results = conn.search(basedn, searchScope, filter,
+ getAttrs, false);
+
+ if (results == null) {
+ System.out.println("Could not search");
+ return false;
+ }
+ while (results.hasMoreElements()) {
+ LDAPEntry entry = (LDAPEntry) results.nextElement();
+
+ System.out.println(entry.getDN());
+ LDAPAttribute anAttr = entry.getAttribute("usercertificate;binary");
+
+ if (anAttr == null) {
+ System.out.println("Attribute not found ");
+ return false;
+ } else {
+ System.out.println(anAttr.getName());
+ System.out.println(anAttr.getByteValueArray());
+ return true;
+ }
+ }
+ return true;
+ }
+
+ /**
+ * Adds a user to direcrtory server . Takes parameters basedn, cn,sn,uid and passwd
+ */
+
+ public boolean userAdd(String basedn, String cn, String sn, String uid, String pwd) {
+ try {
+ LDAPAttributeSet attrSet = new LDAPAttributeSet();
+
+ attrSet.add(
+ new LDAPAttribute("objectclass",
+ new String[] {
+ "top", "person", "organizationalPerson",
+ "inetorgperson" }));
+ attrSet.add(new LDAPAttribute("cn", cn));
+ attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com"));
+ attrSet.add(new LDAPAttribute("userpassword", pwd));
+ attrSet.add(new LDAPAttribute("sn", sn));
+ attrSet.add(new LDAPAttribute("givenName", cn + sn));
+ String name = "uid=" + uid + "," + basedn;
+
+ System.out.println("Basedn " + name);
+ LDAPEntry entry = new LDAPEntry(name, attrSet);
+
+ conn.add(entry);
+ System.out.println("ADDED: " + name);
+ return true;
+ } catch (Exception e) {
+ System.out.println("ERROR: " + e.toString());
+ return false;
+ }
+
+ }
+
+ private X509Certificate getXCertificate(byte[] cpack) {
+
+ try {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ ByteArrayInputStream s = new ByteArrayInputStream(cpack);
+
+ System.out.println("Building certificate :" + cpack);
+ java.security.cert.X509Certificate the_cert = (
+ java.security.cert.X509Certificate) cf.generateCertificate(s);
+
+ return the_cert;
+ } catch (Exception e) {
+ System.out.println("ERROR: getXCertificate " + e.toString());
+ return null;
+ }
+
+ }
+
+ private String buildDNString(String s) {
+
+ String val = "";
+
+ for (int i = 0; i < s.length(); i++) {
+ if ((s.charAt(i) == ',') && (s.charAt(i + 1) == ' ')) {
+ val += ',';
+ i++;
+ continue;
+ } else {
+ val += s.charAt(i);
+ }
+ }
+ return val;
+ }
+
+ /**
+ * Returns the SerialNumber;issuerDN;SubjectDN string.
+ * Takes certificate as parameter
+ */
+
+ public String getCertificateString(X509Certificate cert) {
+ if (cert == null) {
+ return null;
+ }
+ String idn = ((cert.getIssuerDN()).toString()).trim();
+
+ idn = buildDNString(idn);
+ String sdn = ((cert.getSubjectDN()).toString()).trim();
+
+ sdn = buildDNString(sdn);
+
+ System.out.println("GetCertificateString : " + idn + ";" + sdn);
+
+ // note that it did not represent a certificate fully
+ // return cert.getVersion() + ";" + cert.getSerialNumber().toString() +
+ // ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
+ return "2;" + cert.getSerialNumber().toString() + ";" + idn + ";" + sdn;
+
+ }
+
+ /**
+ * Adds a user of objectclass cmsuser . Takes cn,sn,uid,password,certificate as parameters.
+ */
+ public boolean CMSuserAdd(String cn, String sn, String uid, String pwd, byte[] certpack) {
+ try {
+ X509Certificate cert = getXCertificate(certpack);
+
+ LDAPAttributeSet attrSet = new LDAPAttributeSet();
+
+ attrSet.add(
+ new LDAPAttribute("objectclass",
+ new String[] {
+ "top", "person", "organizationalPerson",
+ "inetorgperson", "cmsuser" }));
+ attrSet.add(new LDAPAttribute("cn", cn));
+ attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com"));
+ attrSet.add(new LDAPAttribute("userpassword", pwd));
+ attrSet.add(new LDAPAttribute("sn", sn));
+ attrSet.add(new LDAPAttribute("givenName", cn + sn));
+ attrSet.add(new LDAPAttribute("usertype", "sub"));
+ attrSet.add(new LDAPAttribute("userstate", "1"));
+
+ attrSet.add(
+ new LDAPAttribute("description", getCertificateString(cert)));
+ LDAPAttribute attrCertBin = new LDAPAttribute("usercertificate");
+
+ attrCertBin.addValue(cert.getEncoded());
+ attrSet.add(attrCertBin);
+
+ String name = "uid=" + uid + ","
+ + "ou=People,o=netscapecertificateServer";
+ LDAPEntry entry = new LDAPEntry(name, attrSet);
+
+ conn.add(entry);
+ System.out.println("ADDED: " + name);
+ return true;
+ } catch (Exception e) {
+ System.out.println("ERROR: " + e.toString());
+ return false;
+ }
+
+ }
+
+ /**
+ * Adds a user of objectclass cmsuser . Takes cn,sn,uid,password,certificate as parameters.
+ */
+
+ public boolean CMSuserAdd(String cn, String sn, String uid, String pwd, X509Certificate cert) {
+
+ try {
+ LDAPAttributeSet attrSet = new LDAPAttributeSet();
+
+ attrSet.add(
+ new LDAPAttribute("objectclass",
+ new String[] {
+ "top", "person", "organizationalPerson",
+ "inetorgperson", "cmsuser" }));
+ attrSet.add(new LDAPAttribute("cn", cn));
+ attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com"));
+ attrSet.add(new LDAPAttribute("userpassword", pwd));
+ attrSet.add(new LDAPAttribute("sn", sn));
+ attrSet.add(new LDAPAttribute("givenName", cn + sn));
+ attrSet.add(new LDAPAttribute("usertype", "sub"));
+ attrSet.add(new LDAPAttribute("userstate", "1"));
+
+ attrSet.add(
+ new LDAPAttribute("description", getCertificateString(cert)));
+
+ LDAPAttribute attrCertBin = new LDAPAttribute("usercertificate");
+
+ attrCertBin.addValue(cert.getEncoded());
+ attrSet.add(attrCertBin);
+
+ String name = "uid=" + uid + ","
+ + "ou=People,o=netscapecertificateServer";
+ LDAPEntry entry = new LDAPEntry(name, attrSet);
+
+ conn.add(entry);
+ System.out.println("ADDED: " + name);
+ } catch (Exception e) {
+ System.out.println("ERROR: " + e.toString());
+ return false;
+ }
+
+ return true;
+ }
+
+ /**
+ * adds a cms user to Trusted Manager Group. Takes uid as parameter.
+ */
+
+ public boolean addCMSUserToTMGroup(String uid) {
+ try {
+ LDAPAttributeSet attrSet = new LDAPAttributeSet();
+ LDAPAttribute um = new LDAPAttribute("uniquemember",
+ "uid=" + uid + ",ou=People,o=NetscapeCertificateServer");
+
+ attrSet.add(um);
+ LDAPModification gr = new LDAPModification(LDAPModification.ADD, um);
+
+ String dn = "cn=Trusted Managers,ou=groups,o=netscapeCertificateServer";
+
+ conn.modify(dn, gr);
+ return true;
+
+ } catch (Exception e) {
+ System.out.println("ERROR: " + e.toString());
+ return false;
+ }
+
+ }
+
+ /**
+ * adds a cms user to Agent Group. Takes subsytem (ca/ra/ocsp/kra) and uid as parameters .
+ */
+
+ public boolean addCMSUserToAgentGroup(String subsystem, String uid) {
+ try {
+ String dn = null;
+
+ if (subsystem.equals("ocsp")) {
+ dn = "cn=Online Certificate Status Manager Agents,ou=groups,o=netscapeCertificateServer";
+ }
+ if (subsystem.equals("kra")) {
+ dn = "cn=Data Recovery Manager Agents,ou=groups,o=netscapeCertificateServer";
+ }
+ if (subsystem.equals("ra")) {
+ dn = "cn=Registration Manager Agents,ou=groups,o=netscapeCertificateServer";
+ }
+ if (subsystem.equals("ca")) {
+ dn = "cn=Certificate Manager Agents,ou=groups,o=netscapeCertificateServer";
+ }
+ if (subsystem.equals("tks")) {
+ dn = "cn=Token Key Service Manager Agents,ou=groups,o=netscapeCertificateServer";
+ }
+
+ LDAPAttributeSet attrSet = new LDAPAttributeSet();
+ LDAPAttribute um = new LDAPAttribute("uniquemember",
+ "uid=" + uid + ",ou=People,o=NetscapeCertificateServer");
+
+ System.out.println(
+ "uid=" + uid + ",ou=People,o=NetscapeCertificateServer");
+
+ attrSet.add(um);
+ LDAPModification gr = new LDAPModification(LDAPModification.ADD, um);
+
+ conn.modify(dn, gr);
+
+ return true;
+
+ } catch (Exception e) {
+ System.out.println("ERROR: " + e.toString());
+ return false;
+ }
+
+ }
+
+ /**
+ * Will trun of SSL in LDAP server
+ **/
+
+ public boolean TurnOffSSL() {
+ try {
+
+ LDAPModificationSet mods = new LDAPModificationSet();
+ LDAPAttribute ssl3 = new LDAPAttribute("nsssl3", "off");
+ LDAPAttribute ssl3ciphers = new LDAPAttribute("nsssl3ciphers", "");
+ LDAPAttribute kfile = new LDAPAttribute("nskeyfile", "alias/");
+ LDAPAttribute cfile = new LDAPAttribute("nscertfile", "alias/");
+ LDAPAttribute cauth = new LDAPAttribute("nssslclientauth", "allowed");
+
+ // conn.delete("cn=RSA,cn=encryption,cn=config");
+
+ mods.add(LDAPModification.REPLACE, ssl3);
+ mods.add(LDAPModification.DELETE, ssl3ciphers);
+ mods.add(LDAPModification.DELETE, kfile);
+ mods.add(LDAPModification.DELETE, cfile);
+ mods.add(LDAPModification.DELETE, cauth);
+ System.out.println("going to mod");
+ // conn.modify("cn=encryption,cn=config",mods);
+ System.out.println("mod en=encryption");
+ int i = 4;
+
+ while (i >= 0) {
+ mods.removeElementAt(i);
+ i--;
+ }
+
+ LDAPAttribute sec = new LDAPAttribute("nsslapd-security", "off");
+
+ mods.add(LDAPModification.REPLACE, sec);
+ conn.modify("cn=config", mods);
+ System.out.println("mod cn=config");
+
+ return true;
+
+ } catch (Exception e) {
+ System.out.println("ERROR: " + e.toString());
+ return false;
+ }
+
+ }
+
+ /**
+ * Will Turn ON SSL in LDAP server . Takes certPrefix, certificatenickanme and sslport as parameters.
+ **/
+
+ public boolean TurnOnSSL(String certPrefix, String certName, String sslport) {
+ String CIPHERS =
+ "-rsa_null_md5,+rsa_fips_3des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_rc4_128_md5,+rsa_des_sha,+rsa_rc2_40_md5,+rsa_rc4_40_md5";
+
+ try {
+ int searchScope = LDAPv2.SCOPE_SUB;
+ String getAttrs[] = { "nssslactivation" };
+
+ LDAPModificationSet mods = new LDAPModificationSet();
+ LDAPAttribute sec = new LDAPAttribute("nsslapd-security", "on");
+ LDAPAttribute sp = new LDAPAttribute("nsslapd-securePort", sslport);
+
+ mods.add(LDAPModification.REPLACE, sec);
+ mods.add(LDAPModification.REPLACE, sp);
+ conn.modify("cn=config", mods);
+ mods.removeElementAt(1);
+ mods.removeElementAt(0);
+
+ LDAPAttribute ssl3 = new LDAPAttribute("nsssl3", "on");
+ LDAPAttribute ssl3ciphers = new LDAPAttribute("nsssl3ciphers",
+ CIPHERS);
+ LDAPAttribute kfile = new LDAPAttribute("nskeyfile",
+ "alias/" + certPrefix + "-key3.db");
+ LDAPAttribute cfile = new LDAPAttribute("nscertfile",
+ "alias/" + certPrefix + "-cert7.db");
+ LDAPAttribute cauth = new LDAPAttribute("nssslclientauth", "allowed");
+
+ mods.add(LDAPModification.REPLACE, ssl3);
+ mods.add(LDAPModification.REPLACE, ssl3ciphers);
+ mods.add(LDAPModification.REPLACE, kfile);
+ mods.add(LDAPModification.REPLACE, cfile);
+ mods.add(LDAPModification.REPLACE, cauth);
+
+ conn.modify("cn=encryption,cn=config", mods);
+ int i = 4;
+
+ while (i >= 0) {
+ mods.removeElementAt(i);
+ i--;
+ }
+
+ // conn.delete("cn=RSA,cn=encryption,cn=config");
+ try {
+ conn.search(
+ "cn=RSA,cn=encryption,cn=config", searchScope, null,
+ getAttrs, false); // check for errors
+
+ LDAPAttribute cn = new LDAPAttribute("cn", "RSA");
+ LDAPAttribute ssltoken = new LDAPAttribute("nsssltoken",
+ "internal (software)");
+ LDAPAttribute activation = new LDAPAttribute("nssslactivation",
+ "on");
+ LDAPAttribute cname = new LDAPAttribute("nssslpersonalityssl",
+ certName);
+
+ mods.add(LDAPModification.REPLACE, cn);
+ mods.add(LDAPModification.REPLACE, ssltoken);
+ mods.add(LDAPModification.REPLACE, activation);
+ mods.add(LDAPModification.REPLACE, cname);
+
+ conn.modify("cn=RSA,cn=encryption,cn=config", mods);
+
+ } catch (Exception e1) {
+ LDAPAttributeSet attrSet = new LDAPAttributeSet();
+
+ attrSet.add(
+ new LDAPAttribute("objectclass",
+ new String[] { "top", "nsEncryptionModule" }));
+ attrSet.add(new LDAPAttribute("cn", "RSA"));
+ attrSet.add(
+ new LDAPAttribute("nsssltoken", "internal (software)"));
+ attrSet.add(new LDAPAttribute("nssslactivation", "on"));
+ attrSet.add(new LDAPAttribute("nssslpersonalityssl", certName));
+ LDAPEntry entry = new LDAPEntry("cn=RSA,cn=encryption,cn=config",
+ attrSet);
+
+ conn.add(entry);
+ }
+
+ return true;
+
+ } catch (Exception e) {
+ System.out.println("ERROR: " + e.toString());
+ return false;
+ }
+
+ }
+
+ public static void main(String args[]) {
+ String HOST = args[0];
+ // int PORT = Integer.parseInt(args[1]);
+ String PORT = args[1];
+ String DN = args[2];
+ String PASSWORD = args[3];
+ String BASEDN = args[4];
+
+ String s =
+ "MIICFzCCAYCgAwIBAgIBBjANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVz\ndDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MTEyMTUx\nMzZaFw0wNDA0MTAwOTQ2NTVaMFwxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNTU0wxHTAbBgNVBAsT\nFHNzbHRlc3QxMDUwMDk3ODkzNzQ1MSAwHgYDVQQDExdqdXBpdGVyMi5uc2NwLmFvbHR3Lm5ldDBc\nMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCsCTIIQ+bJMfPHi6kwa7HF+/xSTVHcpZ5zsodXsNWjPlD\noRu/5KAO8NotfwGnYmALWdYnqXCF0q0gkaJQalQTAgMBAAGjRjBEMA4GA1UdDwEB/wQEAwIFoDAR\nBglghkgBhvhCAQEEBAMCBkAwHwYDVR0jBBgwFoAUzxZkSySZT/Y3SxGMEiNyHnLUOPAwDQYJKoZI\nhvcNAQEEBQADgYEALtpqMOtZt6j5KlghDFgdg/dvf36nWiZwC1ap6+ka22shLkA/RjmOix97btzT\nQ+8LcmdkAW5iap4YbtrCu0wdN6IbIEXoQI1QGZBoKO2o02utssXANmTnRCyH/GX2KefQlp1NSRj9\nZNZ+GRT2Qk/8G5Ds9vVjm1I5+/AkzI9jS14=";
+
+ s = "-----BEGIN CERTIFICATE-----" + "\n" + s + "\n"
+ + "-----END CERTIFICATE-----\n";
+
+ try {
+
+ System.out.println(HOST + PORT + DN + PASSWORD + BASEDN);
+ CMSLDAP caIdb = new CMSLDAP(HOST, PORT, DN, PASSWORD);
+
+ /* FileInputStream fis = new FileInputStream("t1");
+ DataInputStream dis = new DataInputStream(fis);
+
+ byte[] bytes = new byte[dis.available()];
+ dis.readFully(bytes);
+
+ // bytes=s.getBytes();
+ */
+
+ if (!caIdb.connect()) {
+ System.out.println("Could not connect to CA internal DB port");
+ }
+
+ if (!caIdb.searchCRL("o=mcom.com", "uid=CManager")) {
+ System.out.println("CRL is not published");
+ }
+
+ // if(!caIdb.searchUserCert("o=mcom.com","uid=test"))
+ // System.out.println("USer cert is not published");
+
+ // if (!caIdb.CMSuserAdd("ra-trust" ,"ra-trust","ra-trust","netscape",bytes))
+ // {System.out.println("Trusted MAnager user Could not be add ");}
+
+ // if(!caIdb.addCMSUserToTMGroup("ra-trust"))
+ // {System.out.println("CMS user Could not be added to Trusted manager group "); }
+
+ // if(!caIdb.addCMSUserToAgentGroup("ra","ra-agent"))
+ // {System.out.println("CMS user Could not be added to Trusted manager group "); }
+ /* if(!caIdb.userAdd(BASEDN,"raeetest1","raeetest1","raeetest1","netscape"))
+ {System.out.println("CMS user Could not be added to Trusted manager group "); }
+ */
+
+ } catch (Exception e) {
+ System.out.println("ERROR: " + e.toString());
+ }
+
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java b/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java
new file mode 100644
index 000000000..a4ba55d29
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/CMSProperties.java
@@ -0,0 +1,679 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/*
+ * @(#)Properties.java 1.60 00/02/02
+ *
+ * Copyright 1995-2000 Sun Microsystems, Inc. All Rights Reserved.
+ *
+ * This software is the proprietary information of Sun Microsystems, Inc.
+ * Use is subject to license terms.
+ *
+ */
+
+import java.io.BufferedReader;
+import java.io.BufferedWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.PrintStream;
+import java.io.PrintWriter;
+import java.util.Date;
+import java.util.Enumeration;
+import java.util.Hashtable;
+
+/**
+ * The <code>Properties</code> class represents a persistent set of
+ * properties. The <code>Properties</code> can be saved to a stream
+ * or loaded from a stream. Each key and its corresponding value in
+ * the property list is a string.
+ * <p>
+ * A property list can contain another property list as its "defaults"; this second property list is searched if the
+ * property key is not found in the original property list.
+ * <p>
+ * Because <code>Properties</code> inherits from <code>Hashtable</code>, the <code>put</code> and <code>putAll</code>
+ * methods can be applied to a <code>Properties</code> object. Their use is strongly discouraged as they allow the
+ * caller to insert entries whose keys or values are not <code>Strings</code>. The <code>setProperty</code> method
+ * should be used instead. If the <code>store</code> or <code>save</code> method is called on a "compromised"
+ * <code>Properties</code> object that contains a non- <code>String</code> key or value, the call will fail.
+ * <p>
+ * <a name="encoding"></a> When saving properties to a stream or loading them from a stream, the ISO 8859-1 character
+ * encoding is used. For characters that cannot be directly represented in this encoding, <a
+ * href="http://java.sun.com/docs/books/jls/html/3.doc.html#100850">Unicode escapes</a> are used; however, only a single
+ * 'u' character is allowed in an escape sequence. The native2ascii tool can be used to convert property files to and
+ * from other character encodings.
+ *
+ * @see <a href="../../../tooldocs/solaris/native2ascii.html">native2ascii tool for Solaris</a>
+ * @see <a href="../../../tooldocs/win32/native2ascii.html">native2ascii tool for Windows</a>
+ *
+ * @author Arthur van Hoff
+ * @author Michael McCloskey
+ * @version 1.60, 02/02/00
+ * @since JDK1.0
+ */
+
+class CMSProperties extends Hashtable<String, String> {
+
+ /**
+ * use serialVersionUID from JDK 1.1.X for interoperability
+ */
+ private static final long serialVersionUID = 4112578634029874840L;
+
+ /**
+ * A property list that contains default values for any keys not
+ * found in this property list.
+ *
+ * @serial
+ */
+ protected CMSProperties defaults;
+
+ /**
+ * Creates an empty property list with no default values.
+ */
+ public CMSProperties() {
+ this(null);
+ }
+
+ /**
+ * Creates an empty property list with the specified defaults.
+ *
+ * @param defaults the defaults.
+ */
+ public CMSProperties(CMSProperties defaults) {
+ this.defaults = defaults;
+ }
+
+ /**
+ * Calls the hashtable method <code>put</code>. Provided for
+ * parallelism with the <tt>getProperty</tt> method. Enforces use of
+ * strings for property keys and values.
+ *
+ * @param key the key to be placed into this property list.
+ * @param value the value corresponding to <tt>key</tt>.
+ * @see #getProperty
+ * @since 1.2
+ */
+ public synchronized Object setProperty(String key, String value) {
+ return put(key, value);
+ }
+
+ private static final String keyValueSeparators = "=: \t\r\n\f";
+
+ private static final String strictKeyValueSeparators = "=:";
+
+ private static final String specialSaveChars = " \t\r\n\f";
+
+ private static final String whiteSpaceChars = " \t\r\n\f";
+
+ /**
+ * Reads a property list (key and element pairs) from the input stream.
+ * The stream is assumed to be using the ISO 8859-1 character encoding.
+ * <p>
+ * Every property occupies one line of the input stream. Each line is terminated by a line terminator (
+ * <code>\n</code> or <code>\r</code> or <code>\r\n</code>). Lines from the input stream are processed until end of
+ * file is reached on the input stream.
+ * <p>
+ * A line that contains only whitespace or whose first non-whitespace character is an ASCII <code>#</code> or
+ * <code>!</code> is ignored (thus, <code>#</code> or <code>!</code> indicate comment lines).
+ * <p>
+ * Every line other than a blank line or a comment line describes one property to be added to the table (except that
+ * if a line ends with \, then the following line, if it exists, is treated as a continuation line, as described
+ * below). The key consists of all the characters in the line starting with the first non-whitespace character and
+ * up to, but not including, the first ASCII <code>=</code>, <code>:</code>, or whitespace character. All of the key
+ * termination characters may be included in the key by preceding them with a \. Any whitespace after the key is
+ * skipped; if the first non-whitespace character after the key is <code>=</code> or <code>:</code>, then it is
+ * ignored and any whitespace characters after it are also skipped. All remaining characters on the line become part
+ * of the associated element string. Within the element string, the ASCII escape sequences <code>\t</code>,
+ * <code>\n</code>, <code>\r</code>, <code>\\</code>, <code>\"</code>, <code>\'</code>, <code>\ &#32;</code> &#32;(a
+ * backslash and a space), and <code>&#92;u</code><i>xxxx</i> are recognized and converted to single characters.
+ * Moreover, if the last character on the line is <code>\</code>, then the next line is treated as a continuation of
+ * the current line; the <code>\</code> and line terminator are simply discarded, and any leading whitespace
+ * characters on the continuation line are also discarded and are not part of the element string.
+ * <p>
+ * As an example, each of the following four lines specifies the key <code>"Truth"</code> and the associated element
+ * value <code>"Beauty"</code>:
+ * <p>
+ *
+ * <pre>
+ * Truth = Beauty
+ * Truth:Beauty
+ * Truth :Beauty
+ * </pre>
+ *
+ * As another example, the following three lines specify a single property:
+ * <p>
+ *
+ * <pre>
+ * fruits apple, banana, pear, \
+ * cantaloupe, watermelon, \
+ * kiwi, mango
+ * </pre>
+ *
+ * The key is <code>"fruits"</code> and the associated element is:
+ * <p>
+ *
+ * <pre>
+ * &quot;apple, banana, pear, cantaloupe, watermelon,kiwi, mango&quot;
+ * </pre>
+ *
+ * Note that a space appears before each <code>\</code> so that a space will appear after each comma in the final
+ * result; the <code>\</code>, line terminator, and leading whitespace on the continuation line are merely discarded
+ * and are <i>not</i> replaced by one or more other characters.
+ * <p>
+ * As a third example, the line:
+ * <p>
+ *
+ * <pre>
+ * cheeses
+ * </pre>
+ *
+ * specifies that the key is <code>"cheeses"</code> and the associated element is the empty string.
+ * <p>
+ *
+ * @param inStream the input stream.
+ * @exception IOException if an error occurred when reading from the
+ * input stream.
+ */
+ public synchronized void load(InputStream inStream) throws IOException {
+
+ BufferedReader in = new BufferedReader(
+ new InputStreamReader(inStream, "8859_1"));
+
+ while (true) {
+ // Get next line
+ String line = in.readLine();
+
+ if (line == null) {
+ return;
+ }
+
+ if (line.length() > 0) {
+ // Continue lines that end in slashes if they are not comments
+ char firstChar = line.charAt(0);
+
+ if ((firstChar != '#') && (firstChar != '!')) {
+ while (continueLine(line)) {
+ String nextLine = in.readLine();
+
+ if (nextLine == null) {
+ nextLine = new String("");
+ }
+ String loppedLine = line.substring(0, line.length() - 1);
+ // Advance beyond whitespace on new line
+ int startIndex = 0;
+
+ for (startIndex = 0; startIndex < nextLine.length(); startIndex++) {
+ if (whiteSpaceChars.indexOf(
+ nextLine.charAt(startIndex)) == -1) {
+ break;
+ }
+ }
+ nextLine = nextLine.substring(startIndex,
+ nextLine.length());
+ line = new String(loppedLine + nextLine);
+ }
+
+ // Find start of key
+ int len = line.length();
+ int keyStart;
+
+ for (keyStart = 0; keyStart < len; keyStart++) {
+ if (whiteSpaceChars.indexOf(line.charAt(keyStart)) == -1) {
+ break;
+ }
+ }
+
+ // Blank lines are ignored
+ if (keyStart == len) {
+ continue;
+ }
+
+ // Find separation between key and value
+ int separatorIndex;
+
+ for (separatorIndex = keyStart; separatorIndex < len; separatorIndex++) {
+ char currentChar = line.charAt(separatorIndex);
+
+ if (currentChar == '\\') {
+ separatorIndex++;
+ } else if (keyValueSeparators.indexOf(currentChar) != -1) {
+ break;
+ }
+ }
+
+ // Skip over whitespace after key if any
+ int valueIndex;
+
+ for (valueIndex = separatorIndex; valueIndex < len; valueIndex++) {
+ if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) == -1) {
+ break;
+ }
+ }
+
+ // Skip over one non whitespace key value separators if any
+ if (valueIndex < len) {
+ if (strictKeyValueSeparators.indexOf(
+ line.charAt(valueIndex)) != -1) {
+ valueIndex++;
+ }
+ }
+
+ // Skip over white space after other separators if any
+ while (valueIndex < len) {
+ if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) == -1) {
+ break;
+ }
+ valueIndex++;
+ }
+ String key = line.substring(keyStart, separatorIndex);
+ String value = (separatorIndex < len)
+ ? line.substring(valueIndex, len)
+ : "";
+
+ // Convert then store key and value
+ key = loadConvert(key);
+ value = loadConvert(value);
+ put(key, value);
+ }
+ }
+ }
+ }
+
+ /*
+ * Returns true if the given line is a line that must
+ * be appended to the next line
+ */
+ private boolean continueLine(String line) {
+ int slashCount = 0;
+ int index = line.length() - 1;
+
+ while ((index >= 0) && (line.charAt(index--) == '\\')) {
+ slashCount++;
+ }
+ return (slashCount % 2 == 1);
+ }
+
+ /*
+ * Converts encoded &#92;uxxxx to unicode chars
+ * and changes special saved chars to their original forms
+ */
+ private String loadConvert(String theString) {
+ char aChar;
+ int len = theString.length();
+ StringBuffer outBuffer = new StringBuffer(len);
+
+ for (int x = 0; x < len;) {
+ aChar = theString.charAt(x++);
+ if (aChar == '\\') {
+ aChar = theString.charAt(x++);
+ if (aChar == 'u') {
+ // Read the xxxx
+ int value = 0;
+
+ for (int i = 0; i < 4; i++) {
+ aChar = theString.charAt(x++);
+ switch (aChar) {
+ case '0':
+ case '1':
+ case '2':
+ case '3':
+ case '4':
+ case '5':
+ case '6':
+ case '7':
+ case '8':
+ case '9':
+ value = (value << 4) + aChar - '0';
+ break;
+
+ case 'a':
+ case 'b':
+ case 'c':
+ case 'd':
+ case 'e':
+ case 'f':
+ value = (value << 4) + 10 + aChar - 'a';
+ break;
+
+ case 'A':
+ case 'B':
+ case 'C':
+ case 'D':
+ case 'E':
+ case 'F':
+ value = (value << 4) + 10 + aChar - 'A';
+ break;
+
+ default:
+ throw new IllegalArgumentException(
+ "Malformed \\uxxxx encoding.");
+ }
+ }
+ outBuffer.append((char) value);
+ } else {
+ if (aChar == 't') {
+ aChar = '\t';
+ } else if (aChar == 'r') {
+ aChar = '\r';
+ } else if (aChar == 'n') {
+ aChar = '\n';
+ } else if (aChar == 'f') {
+ aChar = '\f';
+ }
+ outBuffer.append(aChar);
+ }
+ } else {
+ outBuffer.append(aChar);
+ }
+ }
+ return outBuffer.toString();
+ }
+
+ /*
+ * Converts unicodes to encoded &#92;uxxxx
+ * and writes out any of the characters in specialSaveChars
+ * with a preceding slash
+ */
+ private String saveConvert(String theString, boolean escapeSpace) {
+ int len = theString.length();
+ StringBuffer outBuffer = new StringBuffer(len * 2);
+
+ for (int x = 0; x < len; x++) {
+ char aChar = theString.charAt(x);
+
+ switch (aChar) {
+ case ' ':
+ if (x == 0 || escapeSpace) {
+ outBuffer.append('\\');
+ }
+
+ outBuffer.append(' ');
+ break;
+
+ case '\\':
+ outBuffer.append('\\');
+ outBuffer.append('\\');
+ break;
+
+ case '\t':
+ outBuffer.append('\\');
+ outBuffer.append('t');
+ break;
+
+ case '\n':
+ outBuffer.append('\\');
+ outBuffer.append('n');
+ break;
+
+ case '\r':
+ outBuffer.append('\\');
+ outBuffer.append('r');
+ break;
+
+ case '\f':
+ outBuffer.append('\\');
+ outBuffer.append('f');
+ break;
+
+ default:
+ if ((aChar < 0x0020) || (aChar > 0x007e)) {
+ outBuffer.append('\\');
+ outBuffer.append('u');
+ outBuffer.append(toHex((aChar >> 12) & 0xF));
+ outBuffer.append(toHex((aChar >> 8) & 0xF));
+ outBuffer.append(toHex((aChar >> 4) & 0xF));
+ outBuffer.append(toHex(aChar & 0xF));
+ } else {
+ if (specialSaveChars.indexOf(aChar) != -1) {
+ outBuffer.append('\\');
+ }
+ outBuffer.append(aChar);
+ }
+ }
+ }
+ return outBuffer.toString();
+ }
+
+ /**
+ * Calls the <code>store(OutputStream out, String header)</code> method
+ * and suppresses IOExceptions that were thrown.
+ *
+ * @deprecated This method does not throw an IOException if an I/O error
+ * occurs while saving the property list. As of the Java 2 platform v1.2, the preferred
+ * way to save a properties list is via the <code>store(OutputStream out,
+ * String header)</code> method.
+ *
+ * @param out an output stream.
+ * @param header a description of the property list.
+ * @exception ClassCastException if this <code>Properties</code> object
+ * contains any keys or values that are not <code>Strings</code>.
+ */
+ public synchronized void save(OutputStream out, String header) {
+ try {
+ store(out, header);
+ } catch (IOException e) {
+ }
+ }
+
+ /**
+ * Writes this property list (key and element pairs) in this <code>Properties</code> table to the output stream in a
+ * format suitable
+ * for loading into a <code>Properties</code> table using the <code>load</code> method.
+ * The stream is written using the ISO 8859-1 character encoding.
+ * <p>
+ * Properties from the defaults table of this <code>Properties</code> table (if any) are <i>not</i> written out by
+ * this method.
+ * <p>
+ * If the header argument is not null, then an ASCII <code>#</code> character, the header string, and a line
+ * separator are first written to the output stream. Thus, the <code>header</code> can serve as an identifying
+ * comment.
+ * <p>
+ * Next, a comment line is always written, consisting of an ASCII <code>#</code> character, the current date and
+ * time (as if produced by the <code>toString</code> method of <code>Date</code> for the current time), and a line
+ * separator as generated by the Writer.
+ * <p>
+ * Then every entry in this <code>Properties</code> table is written out, one per line. For each entry the key
+ * string is written, then an ASCII <code>=</code>, then the associated element string. Each character of the
+ * element string is examined to see whether it should be rendered as an escape sequence. The ASCII characters
+ * <code>\</code>, tab, newline, and carriage return are written as <code>\\</code>, <code>\t</code>,
+ * <code>\n</code>, and <code>\r</code>, respectively. Characters less than <code>&#92;u0020</code> and characters
+ * greater than <code>&#92;u007E</code> are written as <code>&#92;u</code><i>xxxx</i> for the appropriate
+ * hexadecimal value <i>xxxx</i>. Leading space characters, but not embedded or trailing space characters, are
+ * written with a preceding <code>\</code>. The key and value characters <code>#</code>, <code>!</code>,
+ * <code>=</code>, and <code>:</code> are written with a preceding slash to ensure that they are properly loaded.
+ * <p>
+ * After the entries have been written, the output stream is flushed. The output stream remains open after this
+ * method returns.
+ *
+ * @param out an output stream.
+ * @param header a description of the property list.
+ * @exception IOException if writing this property list to the specified
+ * output stream throws an <tt>IOException</tt>.
+ * @exception ClassCastException if this <code>Properties</code> object
+ * contains any keys or values that are not <code>Strings</code>.
+ */
+ public synchronized void store(OutputStream out, String header)
+ throws IOException {
+ BufferedWriter awriter;
+
+ awriter = new BufferedWriter(new OutputStreamWriter(out, "8859_1"));
+ if (header != null) {
+ writeln(awriter, "#" + header);
+ }
+ writeln(awriter, "#" + new Date().toString());
+ for (Enumeration<String> e = keys(); e.hasMoreElements();) {
+ String key = e.nextElement();
+ String val = get(key);
+
+ key = saveConvert(key, true);
+
+ /* No need to escape embedded and trailing spaces for value, hence
+ * pass false to flag.
+ */
+ val = saveConvert(val, false);
+ writeln(awriter, key + "=" + val);
+ }
+ awriter.flush();
+ }
+
+ private static void writeln(BufferedWriter bw, String s) throws IOException {
+ bw.write(s);
+ bw.newLine();
+ }
+
+ /**
+ * Searches for the property with the specified key in this property list.
+ * If the key is not found in this property list, the default property list,
+ * and its defaults, recursively, are then checked. The method returns <code>null</code> if the property is not
+ * found.
+ *
+ * @param key the property key.
+ * @return the value in this property list with the specified key value.
+ * @see #setProperty
+ * @see #defaults
+ */
+ public String getProperty(String key) {
+ String oval = super.get(key);
+ String sval = (oval instanceof String) ? oval : null;
+
+ return ((sval == null) && (defaults != null))
+ ? defaults.getProperty(key)
+ : sval;
+ }
+
+ /**
+ * Searches for the property with the specified key in this property list.
+ * If the key is not found in this property list, the default property list,
+ * and its defaults, recursively, are then checked. The method returns the
+ * default value argument if the property is not found.
+ *
+ * @param key the hashtable key.
+ * @param defaultValue a default value.
+ *
+ * @return the value in this property list with the specified key value.
+ * @see #setProperty
+ * @see #defaults
+ */
+ public String getProperty(String key, String defaultValue) {
+ String val = getProperty(key);
+
+ return (val == null) ? defaultValue : val;
+ }
+
+ /**
+ * Returns an enumeration of all the keys in this property list, including
+ * the keys in the default property list.
+ *
+ * @return an enumeration of all the keys in this property list, including
+ * the keys in the default property list.
+ * @see java.util.Enumeration
+ * @see java.util.Properties#defaults
+ */
+ public Enumeration<String> propertyNames() {
+ Hashtable<String, String> h = new Hashtable<String, String>();
+
+ enumerate(h);
+ return h.keys();
+ }
+
+ /**
+ * Prints this property list out to the specified output stream.
+ * This method is useful for debugging.
+ *
+ * @param out an output stream.
+ */
+ public void list(PrintStream out) {
+ out.println("-- listing properties --");
+ Hashtable<String, String> h = new Hashtable<String, String>();
+
+ enumerate(h);
+ for (Enumeration<String> e = h.keys(); e.hasMoreElements();) {
+ String key = e.nextElement();
+ String val = h.get(key);
+
+ if (val.length() > 40) {
+ val = val.substring(0, 37) + "...";
+ }
+ out.println(key + "=" + val);
+ }
+ }
+
+ /**
+ * Prints this property list out to the specified output stream.
+ * This method is useful for debugging.
+ *
+ * @param out an output stream.
+ * @since JDK1.1
+ */
+
+ /*
+ * Rather than use an anonymous inner class to share common code, this
+ * method is duplicated in order to ensure that a non-1.1 compiler can
+ * compile this file.
+ */
+ public void list(PrintWriter out) {
+ out.println("-- listing properties --");
+ Hashtable<String, String> h = new Hashtable<String, String>();
+
+ enumerate(h);
+ for (Enumeration<String> e = h.keys(); e.hasMoreElements();) {
+ String key = e.nextElement();
+ String val = h.get(key);
+
+ if (val.length() > 40) {
+ val = val.substring(0, 37) + "...";
+ }
+ out.println(key + "=" + val);
+ }
+ }
+
+ /**
+ * Enumerates all key/value pairs in the specified hastable.
+ *
+ * @param h the hashtable
+ */
+ private synchronized void enumerate(Hashtable<String, String> h) {
+ if (defaults != null) {
+ defaults.enumerate(h);
+ }
+ for (Enumeration<String> e = keys(); e.hasMoreElements();) {
+ String key = e.nextElement();
+
+ h.put(key, get(key));
+ }
+ }
+
+ /**
+ * Convert a nibble to a hex character
+ *
+ * @param nibble the nibble to convert.
+ */
+ private static char toHex(int nibble) {
+ return hexDigit[(nibble & 0xF)];
+ }
+
+ /** A table of hex digits */
+ private static final char[] hexDigit = {
+ '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D',
+ 'E', 'F'
+ };
+}
diff --git a/base/silent/src/com/netscape/pkisilent/common/CMSTask.java b/base/silent/src/com/netscape/pkisilent/common/CMSTask.java
new file mode 100644
index 000000000..4b6c75ba3
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/CMSTask.java
@@ -0,0 +1,190 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import com.netscape.pkisilent.argparser.ArgParser;
+import com.netscape.pkisilent.argparser.StringHolder;
+
+/**
+ * CS Test framework .
+ * This class starts and stops CS server from command line
+ */
+
+public class CMSTask {
+
+ private static String operation;
+ private static String debug;
+ private static String serverRoot;
+ private Process p = null;
+
+ /**
+ * Constructor . Takes CMS server root as parameter
+ * for example (/export/qa/cert-jupiter2)
+ **/
+
+ public CMSTask() {// do nothing
+ }
+
+ public CMSTask(String sroot) {
+ serverRoot = sroot;
+ }
+
+ public boolean CMSStart() {
+
+ try {
+ System.out.println("Starting Certificate System:");
+ Runtime r = Runtime.getRuntime();
+
+ p = r.exec(serverRoot + "/start-cert");
+
+ InputStreamReader isr = new InputStreamReader(p.getInputStream());
+ BufferedReader br = new BufferedReader(isr);
+ String s = null;
+
+ try {
+ while ((s = br.readLine()) != null) {
+ if (s.indexOf("started") > 0) {
+ return true;
+ }
+ // do something
+ }
+ } catch (IOException ioe) {
+ ioe.printStackTrace();
+ }
+
+ return false;
+
+ } catch (Throwable e) {
+ e.printStackTrace();
+ }
+
+ return false;
+ }
+
+ public boolean CMSStop() {
+ try {
+ Runtime r = Runtime.getRuntime();
+
+ System.out.println("Stopping Certificate System:");
+ p = r.exec(serverRoot + "/stop-cert");
+ BufferedReader br = new BufferedReader(
+ new InputStreamReader(p.getInputStream()));
+ String line;
+
+ while ((line = br.readLine()) != null) {
+ System.out.println(" " + line);
+ if (line.indexOf("server shut down") > -1) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+ } catch (Throwable e) {
+ e.printStackTrace();
+ }
+ return false;
+ }
+
+ public boolean CMSRestart() {
+ try {
+ System.out.println("Restarting Certificate System:");
+ Runtime r = Runtime.getRuntime();
+
+ p = r.exec(serverRoot + "/restart-cert");
+ BufferedReader br = new BufferedReader(
+ new InputStreamReader(p.getInputStream()));
+ String line;
+
+ while ((line = br.readLine()) != null) {
+ System.out.println(" " + line);
+ if (line.indexOf("started") > -1) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ } catch (Throwable e) {
+ e.printStackTrace();
+ }
+ return false;
+ }
+
+ public boolean task() {
+ if (operation.equalsIgnoreCase("stop")) {
+ CMSStop();
+ return true;
+ }
+
+ if (operation.equalsIgnoreCase("start")) {
+ CMSStart();
+ return true;
+ }
+
+ if (operation.equalsIgnoreCase("restart")) {
+ CMSRestart();
+ return true;
+ }
+
+ return false;
+ }
+
+ public static void main(String args[]) {
+ CMSTask prof = new CMSTask();
+ // parse args
+ StringHolder x_instance_root = new StringHolder();
+ StringHolder x_operation = new StringHolder();
+
+ // parse the args
+ ArgParser parser = new ArgParser("CMSTask");
+
+ parser.addOption("-instance_root %s #CA Server Root", x_instance_root);
+ parser.addOption("-operation %s #CA operation [stop,start,restart]",
+ x_operation);
+
+ // and then match the arguments
+ String[] unmatched = null;
+
+ unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED);
+
+ if (unmatched != null) {
+ System.out.println("ERROR: Argument Mismatch");
+ System.exit(-1);
+ }
+
+ // set variables
+ serverRoot = x_instance_root.value;
+ operation = x_operation.value;
+
+ boolean st = prof.task();
+
+ if (!st) {
+ System.out.println("ERROR");
+ }
+
+ System.out.println("SUCCESS");
+
+ } // end of function main
+
+} // end of class
+
diff --git a/base/silent/src/com/netscape/pkisilent/common/CertificateRecord.java b/base/silent/src/com/netscape/pkisilent/common/CertificateRecord.java
new file mode 100644
index 000000000..9599eb6dd
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/CertificateRecord.java
@@ -0,0 +1,44 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+public class CertificateRecord {
+
+ public String revokedOn = null;
+ public String revokedBy = null;
+ public String revocation_info = null;
+ public String signatureAlgorithm = null;
+ public String serialNumber = null;
+ public String subjectPublicKeyLength = null;
+ public String type = null;
+ public String subject = null;
+ public String issuedOn = null;
+ public String validNotBefore = null;
+ public String validNotAfter = null;
+ public String issuedBy = null;
+ public String subjectPublicKeyAlgorithm = null;
+ public String certChainBase64 = null;
+ public String certFingerprint = null;
+ public String pkcs7ChainBase64 = null;
+ public String certPrettyPrint = null;
+
+ public CertificateRecord() {// Do nothing
+ }
+
+};
diff --git a/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java b/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java
new file mode 100644
index 000000000..d629030f2
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/ComCrypto.java
@@ -0,0 +1,767 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.ByteArrayInputStream;
+import java.security.KeyPair;
+
+import netscape.security.x509.X500Name;
+
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.asn1.ASN1Util;
+import org.mozilla.jss.asn1.BIT_STRING;
+import org.mozilla.jss.asn1.INTEGER;
+import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
+import org.mozilla.jss.asn1.OCTET_STRING;
+import org.mozilla.jss.asn1.SEQUENCE;
+import org.mozilla.jss.crypto.AlreadyInitializedException;
+import org.mozilla.jss.crypto.CryptoStore;
+import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.IVParameterSpec;
+import org.mozilla.jss.crypto.InternalCertificate;
+import org.mozilla.jss.crypto.KeyGenAlgorithm;
+import org.mozilla.jss.crypto.KeyGenerator;
+import org.mozilla.jss.crypto.KeyPairAlgorithm;
+import org.mozilla.jss.crypto.KeyPairGenerator;
+import org.mozilla.jss.crypto.KeyWrapAlgorithm;
+import org.mozilla.jss.crypto.KeyWrapper;
+import org.mozilla.jss.crypto.PrivateKey;
+import org.mozilla.jss.crypto.SymmetricKey;
+import org.mozilla.jss.crypto.X509Certificate;
+import org.mozilla.jss.pkcs11.PK11Token;
+import org.mozilla.jss.pkix.crmf.CertReqMsg;
+import org.mozilla.jss.pkix.crmf.CertRequest;
+import org.mozilla.jss.pkix.crmf.CertTemplate;
+import org.mozilla.jss.pkix.crmf.EncryptedKey;
+import org.mozilla.jss.pkix.crmf.EncryptedValue;
+import org.mozilla.jss.pkix.crmf.PKIArchiveOptions;
+import org.mozilla.jss.pkix.crmf.POPOPrivKey;
+import org.mozilla.jss.pkix.crmf.ProofOfPossession;
+import org.mozilla.jss.pkix.primitive.AVA;
+import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier;
+import org.mozilla.jss.pkix.primitive.Name;
+import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo;
+import org.mozilla.jss.util.Password;
+import com.netscape.cmsutil.util.Utils;
+
+/**
+ * CMS Test framework .
+ * Use this class to initalize,add a certificate ,generate a certificate request from certificate database.
+ */
+
+public class ComCrypto {
+
+ private String cdir, certnickname, keysize, keytype, tokenpwd;
+ private String certpackage, pkcs10request;
+ private boolean debug = true;
+ private boolean DBlogin = false;
+ private boolean generaterequest = false;
+
+ private String transportcert = null;
+ private boolean dualkey = false;
+ public String CRMF_REQUEST = null;
+ int START = 1;
+ int END = START + 1;
+ Password password = null;
+
+ public static CryptoManager manager;
+ public static CryptoToken token;
+ private CryptoStore store;
+ private Password pass1 = null, pass2 = null;
+
+ private String bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----";
+ private String blob, Blob1 = null;
+ private String Blob2 = null;
+ private String estr = "-----END NEW CERTIFICATE REQUEST-----";
+
+ private String certprefix = null;
+
+ public ComCrypto() {
+ };
+
+ /**
+ * Constructor . Takes the parameter certificatedbdirectory , passwordfor cert database,
+ * certificatenickname,keysize, keytype(RSA/DSA)
+ *
+ * @param certdbdirectory.
+ * @param certdbpassword
+ * @param certnickname
+ * @param keysize (1024/2048/4096)
+ * @param keytype (RSA/DSA)
+ */
+
+ public ComCrypto(String cd, String tpwd, String cn, String ks, String kt) {
+ cdir = cd;
+ tokenpwd = tpwd;
+ certnickname = cn;
+ keysize = ks;
+ keytype = kt;
+ }
+
+ // Set and Get functions
+
+ public void setCertDir(String cd) {
+ cdir = cd;
+ }
+
+ public void setCertnickname(String cd) {
+ certnickname = cd;
+ }
+
+ public void setKeySize(String cd) {
+ keysize = cd;
+ }
+
+ public void setKeyType(String cd) {
+ keytype = cd;
+ }
+
+ public void setTokenPWD(String cd) {
+ tokenpwd = cd;
+ }
+
+ public void setCertPackage(String cd) {
+ certpackage = cd;
+ }
+
+ public void setGenerateRequest(boolean c) {
+ generaterequest = c;
+ }
+
+ public void setDebug(boolean t) {
+ debug = t;
+ }
+
+ public void setCertPrefix(String prefix) {
+ certprefix = prefix;
+ }
+
+ /*
+ * setTransportCert() should only be called when the calling profile
+ * needs to do key archivals with the DRM and make sure the function
+ * generateCRMFtransport() is called for the CRMF request generation
+ * part.
+ */
+ public void setTransportCert(String tcert) {
+ transportcert = tcert;
+ }
+
+ public void setDualKey(boolean dkey) {
+ dualkey = dkey;
+ }
+
+ public String getPkcs10Request() {
+ return pkcs10request;
+ }
+
+ /**
+ * Parses the Certificate and returns SubjectDN . Takes certificate as parameter
+ */
+
+ public String getCertificateString(X509Certificate cert) {
+ if (cert == null) {
+ return null;
+ }
+
+ // note that it did not represent a certificate fully
+ return cert.getVersion() + ";" + cert.getSerialNumber().toString() + ";"
+ + cert.getIssuerDN() + ";" + cert.getSubjectDN();
+ }
+
+ /**
+ * Finds and returns Certificate . Takes certificatenickname as parameter.
+ */
+
+ public X509Certificate findCert(String certname) {
+ try {
+
+ X509Certificate cert2 = manager.findCertByNickname(certname);
+
+ return cert2;
+
+ } catch (Exception e) {
+ System.out.println("exception importing cert " + e.getMessage());
+ return null;
+ }
+
+ }
+
+ /**
+ * Imports a certificate to Certificate Database. Takes certificate and nickname as parameters.
+ */
+
+ public boolean importCert(X509Certificate xcert, String nickname) {
+ try {
+
+ System.out.println(
+ "importCert x509 : importing with nickname: " + nickname);
+
+ InternalCertificate cert2 = manager.importCertToPerm(xcert, nickname);
+
+ cert2.setSSLTrust(2);
+ return true;
+
+ } catch (Exception e) {
+ System.out.println("exception importing cert " + e.getMessage());
+ return false;
+ }
+
+ }
+
+ /**
+ * Imports a certificate to Certificate Database. Takes certificate and nickname as parameters.
+ */
+
+ public boolean importCert(String cpack, String cn) {
+
+ System.out.println("importCert string: importing with nickname: " + cn);
+ try {
+
+ String tmp = normalize(cpack);
+
+ if (DBlogin) {
+ System.out.println("Already logged into to DB");
+ }
+
+ if (manager == null) {
+ System.out.println("Manager object is null");
+ }
+
+ manager.importCertPackage(tmp.getBytes(), cn);
+
+ return true;
+
+ } catch (Exception e) {
+ System.out.println(
+ "ERROR:exception importing cert " + e.getMessage());
+ e.printStackTrace();
+ return false;
+ }
+
+ }
+
+ /* imports CA certificate
+ */
+
+ public boolean importCACert(String cpack) {
+
+ try {
+ String tmp = normalize(cpack);
+
+ if (DBlogin) {
+ System.out.println("Already logged into to DB");
+ }
+
+ if (manager == null) {
+ System.out.println("Manager object is null");
+ }
+
+ manager.importCACertPackage(tmp.getBytes());
+
+ return true;
+
+ } catch (Exception e) {
+ System.out.println(
+ "ERROR:exception importing cert " + e.getMessage());
+ return false;
+ }
+
+ }
+
+ /**
+ * Normalizes a given certificate string . Removes the extra \\ in the certificate returned by CMS server.
+ */
+
+ public String normalize(String s) {
+
+ String val = "";
+
+ for (int i = 0; i < s.length(); i++) {
+ if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) {
+ val += '\n';
+ i++;
+ continue;
+ } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) {
+ i++;
+ continue;
+ } else if (s.charAt(i) == '"') {
+ continue;
+ }
+ val += s.charAt(i);
+ }
+ return val;
+ }
+
+ /**
+ * Normalizes a given certificate string . Removes the extra \\ in the certificate returned by CMS server.
+ */
+
+ public String normalizeForLDAP(String s) {
+
+ String val = "";
+
+ for (int i = 0; i < s.length(); i++) {
+ if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) {
+ val += '\n' + " ";
+ i++;
+ continue;
+ } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) {
+ i++;
+ continue;
+ } else if (s.charAt(i) == '"') {
+ continue;
+ }
+ val += s.charAt(i);
+ }
+ return val;
+ }
+
+ /**
+ * Convert to pkcs7 format
+ */
+
+ public String pkcs7Convertcert(String s) {
+
+ String val = "";
+
+ int len = s.length();
+
+ for (int i = 0; i < len; i = i + 64) {
+
+ if (i + 64 < len) {
+ val = val + s.substring(i, i + 64) + "\n";
+ } else {
+ val = val + s.substring(i, len);
+ }
+
+ }
+ return val;
+ }
+
+ /**
+ * Delete all keys frim key3.db
+ **/
+
+ public void deleteKeys() {
+ try {
+ int i = 0;
+
+ store = token.getCryptoStore();
+ PrivateKey[] keys = store.getPrivateKeys();
+
+ if (debug) {
+ System.out.println("Now we shall delete all the keys!");
+ }
+
+ keys = store.getPrivateKeys();
+ for (i = 0; i < keys.length; i++) {
+ PrivateKey key = (PrivateKey) keys[i];
+
+ store.deletePrivateKey(key);
+ }
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ /**
+ * Creates a new certificate database
+ **/
+
+ public boolean CreateCertDB() {
+ return loginDB();
+
+ }
+
+ /**
+ * Login to cert database
+ **/
+
+ public boolean loginDB() {
+ Password pass1 = null;
+
+ try {
+ if (debug) {
+ System.out.println("CRYPTO INIT WITH CERTDB:" + cdir);
+ }
+
+ // this piece of code is to create db's with certain prefix
+ if (certprefix != null) {
+ CryptoManager.InitializationValues vals;
+
+ vals = new CryptoManager.InitializationValues(cdir, certprefix,
+ certprefix, "secmod.db");
+ CryptoManager.initialize(vals);
+ } else {
+ CryptoManager.initialize(cdir);
+ }
+
+ manager = CryptoManager.getInstance();
+ token = (PK11Token) manager.getInternalKeyStorageToken();
+ pass1 = new Password(tokenpwd.toCharArray());
+ if (token.isLoggedIn() && debug) {
+ System.out.println("Already Logged in ");
+ }
+
+ if (debug) {
+ System.out.println("tokenpwd:" + tokenpwd);
+ }
+
+ token.login(pass1);
+ pass1.clear();
+
+ } catch (AlreadyInitializedException e) {
+ if (debug) {
+ System.out.println("Crypto manager already initialized");
+ }
+ } catch (Exception e) {
+ try {
+ if (!token.isLoggedIn()) {
+ token.initPassword(pass1, pass1);
+ }
+ return true;
+ } catch (Exception er) {
+ System.err.println("some exception:" + e);
+ return false;
+ }
+ }
+ DBlogin = true;
+ return true;
+ }
+
+ /**
+ * Generate Certificate Request
+ **/
+
+ public synchronized boolean generateRequest() {
+
+ System.out.println("generating pkcs10 Request");
+ loginDB();
+
+ try {
+ debug = true;
+ System.out.println("Generating request : keysize :" + keysize);
+ System.out.println("Generating request : subject :" + certnickname);
+ System.out.println("Generating request : keytype :" + keytype);
+
+ Integer n = new Integer(keysize);
+
+ if (generaterequest) {
+ blob = token.generateCertRequest(certnickname, n.intValue(),
+ keytype, (byte[]) null, (byte[]) null, (byte[]) null);
+
+ System.out.println("Cert Request Generated.");
+
+ bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----";
+ Blob1 = blob.substring(bstr.length() + 1);
+ Blob2 = Blob1.substring(0, Blob1.indexOf(estr));
+
+ System.out.println(Blob2);
+ pkcs10request = Blob2;
+ }
+
+ return true;
+
+ } catch (Exception e) {
+ System.out.println("Exception: Unable to generate request: " + e);
+ }
+
+ return false;
+ }
+
+ public String generateCRMFrequest() {
+ KeyPair pair = null;
+
+ System.out.println("Debug : initialize crypto Manager");
+ try {
+
+ // Step 1. initialize crypto Manager
+ try {
+ CryptoManager.initialize(cdir);
+ } catch (Exception e) {
+ // it is ok if it is already initialized
+ System.out.println("INITIALIZATION ERROR: " + e.toString());
+ System.out.println("cdir = " + cdir);
+ }
+
+ // Step 2 log into database
+ try {
+
+ System.out.println("Debug : before getInstance");
+
+ manager = CryptoManager.getInstance();
+ String token_pwd = tokenpwd;
+
+ System.out.println("Debug : before get token");
+
+ token = manager.getInternalKeyStorageToken();
+ password = new Password(token_pwd.toCharArray());
+
+ System.out.println("Debug : before login password");
+
+ token.login(password);
+
+ System.out.println("Debug : after login password");
+ } catch (Exception e) {
+ System.out.println("INITIALIZATION ERROR: " + e.toString());
+
+ if (!token.isLoggedIn()) {
+ token.initPassword(password, password);
+ }
+ }
+
+ // Generating CRMF request
+
+ KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA);
+
+ Integer x = new Integer(keysize);
+ int key_len = x.intValue();
+
+ kg.initialize(key_len);
+
+ // 1st key pair
+ pair = kg.genKeyPair();
+
+ // create CRMF
+ CertTemplate certTemplate = new CertTemplate();
+
+ certTemplate.setVersion(new INTEGER(2));
+
+ if (certnickname != null) {
+ X500Name name = new X500Name(certnickname);
+ ByteArrayInputStream cs = new ByteArrayInputStream(name.getEncoded());
+ Name n = (Name) Name.getTemplate().decode(cs);
+ certTemplate.setSubject(n);
+ }
+
+ certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic()));
+
+ SEQUENCE seq = new SEQUENCE();
+ CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate,
+ seq);
+ byte popdata[] = { 0x0, 0x3, 0x0 };
+
+ ProofOfPossession pop = ProofOfPossession.createKeyEncipherment(
+ POPOPrivKey.createThisMessage(new BIT_STRING(popdata, 3)));
+
+ CertReqMsg crmfMsg = new CertReqMsg(certReq, pop, null);
+
+ SEQUENCE s1 = new SEQUENCE();
+
+ // 1st : Encryption key
+
+ s1.addElement(crmfMsg);
+
+ // 2nd : Signing Key
+
+ if (dualkey) {
+ System.out.println("dualkey = true");
+ SEQUENCE seq1 = new SEQUENCE();
+ CertRequest certReqSigning = new CertRequest(new INTEGER(1),
+ certTemplate, seq1);
+ CertReqMsg signingMsg = new CertReqMsg(certReqSigning, pop, null);
+
+ s1.addElement(signingMsg);
+ }
+
+ byte encoded[] = ASN1Util.encode(s1);
+
+ // BASE64Encoder encoder = new BASE64Encoder();
+ // String Req1 = encoder.encodeBuffer(encoded);
+ String Req1 = Utils.base64encode(encoded);
+
+ // Set CRMF_REQUEST variable
+ CRMF_REQUEST = Req1;
+
+ System.out.println("CRMF_REQUEST = " + CRMF_REQUEST);
+
+ } catch (Exception e) {
+ System.out.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ return null;
+ }
+
+ return CRMF_REQUEST;
+ }
+
+ /*
+ * This function is used to Generated CRMF requests wrapped with the
+ * transport cert so that we can do key archival with the drm.
+ * This function expects transportcert variable to be set in this class.
+ * Use setTransportCert() to do the same.
+ */
+
+ public String generateCRMFtransport() {
+
+ KeyPair pair = null;
+
+ try {
+ // Step 1. initialize crypto Manager
+ try {
+ CryptoManager.initialize(cdir);
+ } catch (Exception e) {
+ // it is ok if it is already initialized
+ System.out.println("INITIALIZATION ERROR: " + e.toString());
+ System.out.println("cdir = " + cdir);
+ }
+
+ // Step 2 log into database
+ try {
+
+ System.out.println("Debug : before getInstance");
+
+ manager = CryptoManager.getInstance();
+ String token_pwd = tokenpwd;
+
+ System.out.println("Debug : before get token");
+
+ token = manager.getInternalKeyStorageToken();
+ password = new Password(token_pwd.toCharArray());
+
+ System.out.println("Debug : before login password");
+
+ token.login(password);
+
+ System.out.println("Debug : after login password");
+ } catch (Exception e) {
+ System.out.println("INITIALIZATION ERROR: " + e.toString());
+
+ if (!token.isLoggedIn()) {
+ token.initPassword(password, password);
+ }
+ }
+
+ // Key Pair Generation
+ KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA);
+ Integer x = new Integer(keysize);
+ int key_len = x.intValue();
+
+ kg.initialize(key_len);
+
+ pair = kg.genKeyPair();
+
+ // wrap private key
+ // BASE64Decoder decoder = new BASE64Decoder();
+ // byte transport[] = decoder.decodeBuffer(transportcert);
+ byte transport[] = Utils.base64decode(transportcert);
+
+ X509Certificate tcert = manager.importCACertPackage(transport);
+
+ byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
+
+ KeyGenerator kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3);
+ SymmetricKey sk = kg1.generate();
+
+ // wrap private key using session
+ KeyWrapper wrapper1 = token.getKeyWrapper(
+ KeyWrapAlgorithm.DES3_CBC_PAD);
+
+ wrapper1.initWrap(sk, new IVParameterSpec(iv));
+
+ byte key_data[] = wrapper1.wrap((
+ org.mozilla.jss.crypto.PrivateKey) pair.getPrivate());
+
+ // wrap session using transport
+ KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
+
+ rsaWrap.initWrap(tcert.getPublicKey(), null);
+
+ byte session_data[] = rsaWrap.wrap(sk);
+
+ // create CRMF
+ CertTemplate certTemplate = new CertTemplate();
+
+ certTemplate.setVersion(new INTEGER(2));
+
+ if (certnickname != null) {
+ X500Name name = new X500Name(certnickname);
+ ByteArrayInputStream cs = new ByteArrayInputStream(name.getEncoded());
+ Name n = (Name) Name.getTemplate().decode(cs);
+ certTemplate.setSubject(n);
+ }
+
+ certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic()));
+
+ // set extension
+ AlgorithmIdentifier algS = new AlgorithmIdentifier(
+ new OBJECT_IDENTIFIER("1.2.840.113549.3.7"),
+ new OCTET_STRING(iv));
+
+ EncryptedValue encValue = new EncryptedValue(null, algS,
+ new BIT_STRING(session_data, 0), null, null,
+ new BIT_STRING(key_data, 0));
+
+ EncryptedKey key = new EncryptedKey(encValue);
+ PKIArchiveOptions opt = new PKIArchiveOptions(key);
+
+ SEQUENCE seq = new SEQUENCE();
+
+ seq.addElement(
+ new AVA(new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.5.1.4"), opt));
+
+ CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate,
+ seq);
+
+ // Adding proof of possesion data
+ byte popdata[] = { 0x0, 0x3, 0x0 };
+ ProofOfPossession pop = ProofOfPossession.createKeyEncipherment(
+ POPOPrivKey.createThisMessage(new BIT_STRING(popdata, 3)));
+
+ CertReqMsg crmfMsg = new CertReqMsg(certReq, pop, null);
+
+ SEQUENCE s1 = new SEQUENCE();
+
+ // 1st : Encryption key
+ s1.addElement(crmfMsg);
+
+ // 2nd : Signing Key
+
+ if (dualkey) {
+ System.out.println("dualkey = true");
+ SEQUENCE seq1 = new SEQUENCE();
+ CertRequest certReqSigning = new CertRequest(new INTEGER(1),
+ certTemplate, seq1);
+ CertReqMsg signingMsg = new CertReqMsg(certReqSigning, pop, null);
+
+ s1.addElement(signingMsg);
+ }
+
+ byte encoded[] = ASN1Util.encode(s1);
+
+ // BASE64Encoder encoder = new BASE64Encoder();
+
+ // CRMF_REQUEST = encoder.encodeBuffer(encoded);
+ CRMF_REQUEST = Utils.base64encode(encoded);
+
+ System.out.println("Generated crmf request: ...... ");
+ System.out.println("");
+
+ System.out.println(CRMF_REQUEST);
+ System.out.println("");
+ System.out.println("End crmf Request:");
+ } catch (Exception e) {
+ System.out.println("Exception: " + e.getMessage());
+ }
+
+ return CRMF_REQUEST;
+ }
+
+} // end of class
+
diff --git a/base/silent/src/com/netscape/pkisilent/common/Con2Agent.java b/base/silent/src/com/netscape/pkisilent/common/Con2Agent.java
new file mode 100644
index 000000000..61305305e
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/Con2Agent.java
@@ -0,0 +1,318 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedOutputStream;
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.util.Vector;
+
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.crypto.AlreadyInitializedException;
+import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.X509Certificate;
+import org.mozilla.jss.pkcs11.PK11Token;
+import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
+import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback;
+import org.mozilla.jss.ssl.SSLSocket;
+import org.mozilla.jss.util.Password;
+
+/**
+ * CMS Test framework .
+ * Submits a requests to agent port with sslclient authentication.
+ */
+
+public class Con2Agent implements SSLClientCertificateSelectionCallback,
+ SSLCertificateApprovalCallback {
+
+ private int i, port;
+ private String host, certdir, certnickname, tokenpwd, certname, query;
+ private String ACTIONURL;
+
+ private BufferedReader stdin = null;
+ private StringBuffer stdout = new StringBuffer();
+
+ public Con2Agent() {
+ }
+
+ /**
+ * Constructor. Takes hostname , portnumber , certificate nickname, token password ,client certdb directory
+ *
+ * @param hostname
+ * @param portnumber
+ * @param agent cert nickname
+ * @param token password
+ * @param certdb directory
+ */
+
+ public Con2Agent(String hs, int p, String cname, String tpwd, String cdir) {
+ host = hs;
+ port = p;
+ certnickname = cname;
+ tokenpwd = tpwd;
+ certdir = cdir;
+ }
+
+ public boolean approve(X509Certificate x509, SSLCertificateApprovalCallback.ValidityStatus status) {
+ return true;
+ }
+
+ public String select(@SuppressWarnings("rawtypes") Vector nicknames) {
+
+ System.out.println("nicknames size = " + nicknames.size());
+ int i = nicknames.size();
+
+ if (i > 0) {
+ return (String) nicknames.elementAt(0);
+ } else {
+ return null;
+ }
+
+ }
+
+ // Get and Set methods
+
+ /*
+ * Get the page returned by the server
+ */
+
+ public StringBuffer getPage() {
+ return stdout;
+ }
+
+ /*
+ * Set the query string to be submitted to the server
+ */
+
+ public void setQueryString(String qu) {
+ query = qu;
+ }
+
+ /*
+ *Set token password
+ */
+
+ public void setTokenPassword(String pwd) {
+ tokenpwd = pwd;
+ }
+
+ /*
+ * Set Client cert database
+ */
+
+ public void setCertDBDir(String cdir) {
+ certdir = cdir;
+ }
+
+ /*
+ * Set host name
+ */
+
+ public void setHost(String hs) {
+ host = hs;
+ }
+
+ /*
+ * set Agent port number
+ */
+
+ public void setPort(int p) {
+ port = p;
+ }
+
+ /*
+ * Set Agent cert nickname
+ */
+
+ public void setCertNickName(String cname) {
+ certnickname = cname;
+ }
+
+ /*
+ * Set action URL
+ */
+
+ public void setActionURL(String url) {
+ ACTIONURL = url;
+ }
+
+ // Submit requests
+
+ public boolean Send() {
+ try {
+
+ if (!loginCertDB()) {
+ return false;
+ }
+
+ SSLSocket socket = new SSLSocket(host, port, null, 0, this, null);
+
+ System.out.println("Con2Agent.java: host = " + host);
+ System.out.println("Con2Agent.java: port = " + port);
+ System.out.println("Con2Agent.java: certnickname = " + certnickname);
+
+ socket.setClientCertNickname(certnickname);
+ System.out.println("Connected to the socket");
+
+ OutputStream rawos = socket.getOutputStream();
+ BufferedOutputStream os = new BufferedOutputStream(rawos);
+ PrintStream ps = new PrintStream(os);
+
+ System.out.println(ACTIONURL);
+ System.out.println("Query :" + query);
+ ps.println("POST " + ACTIONURL + " HTTP/1.0");
+ ps.println("Connection: Keep-Alive");
+ ps.println("Content-type: application/x-www-form-urlencoded");
+ ps.println("Content-length: " + query.length());
+ ps.println("");
+ ps.println(query);
+ ps.println("\r");
+ ps.flush();
+ os.flush();
+ BufferedReader stdin1 = new BufferedReader(
+ new InputStreamReader(socket.getInputStream()));
+ String line;
+
+ while ((line = stdin1.readLine()) != null) {
+ stdout.append(line + "\n");
+ System.out.println(line);
+ }
+
+ // Send Connection: close to let the server close the connection.
+ // Else the socket on the server side continues to remain in TIME_WAIT state
+
+ ps.println("Connection: close");
+ ps.flush();
+ os.flush();
+ os.close();
+ rawos.close();
+ ps.close();
+ stdin1.close();
+ socket.close();
+
+ if (socket.isClosed()) {
+ System.out.println("Con2Agent.java : Socket is Closed");
+ } else {
+ System.out.println("Con2Agent.java : Socket not Closed");
+ }
+
+ } catch (Exception e) {
+ System.out.println("some exception: in Send routine" + e);
+ return false;
+ }
+
+ return true;
+
+ }
+
+ private boolean loginCertDB() {
+ CryptoManager manager;
+ Password pass1 = null;
+
+ try {
+ System.out.println("Step 1: Initializing CryptoManager");
+ CryptoManager.initialize(certdir);
+
+ System.out.println("Step 2: Login to Cert Database");
+ manager = CryptoManager.getInstance();
+ CryptoToken token = (PK11Token) manager.getInternalKeyStorageToken();
+
+ if (token.isLoggedIn()) {
+ System.out.println("Con2Agent: Logged in incorrect");
+ }
+
+ System.out.println("tokenpwd:" + tokenpwd);
+ char[] passchar1 = new char[tokenpwd.length()];
+
+ tokenpwd.getChars(0, tokenpwd.length(), passchar1, 0);
+
+ pass1 = new Password((char[]) passchar1.clone());
+ token.login(pass1);
+
+ X509Certificate cert2 = manager.findCertByNickname(certnickname);
+
+ certname = cert2.getNickname();
+ return true;
+
+ } catch (AlreadyInitializedException e) {
+ System.out.println("Crypto manager already initialized");
+ return true;
+ } catch (NumberFormatException e) {
+ System.err.println("Invalid key size: " + e);
+ return false;
+ } catch (java.security.InvalidParameterException e) {
+ System.err.println("Invalid key size: " + e);
+ return false;
+
+ } catch (Exception e) {
+ System.err.println("some exception:" + e);
+ e.printStackTrace();
+ return false;
+ }
+
+ }
+
+ public boolean Send_withGET() {
+
+ try {
+
+ if (!loginCertDB()) {
+ return false;
+ }
+
+ SSLSocket socket = new SSLSocket(host, port, null, 0, this, null);
+
+ socket.setClientCertNickname(certnickname);
+ System.out.println("Connected to the socket");
+
+ OutputStream rawos = socket.getOutputStream();
+ BufferedOutputStream os = new BufferedOutputStream(rawos);
+ PrintStream ps = new PrintStream(os);
+
+ System.out.println("Query in con2agent :" + query);
+ System.out.println("ACTIONURL in con2agent : " + ACTIONURL);
+
+ ps.println("GET " + ACTIONURL + query + " HTTP/1.0");
+ ps.println("");
+ ps.println("\r");
+ ps.flush();
+ os.flush();
+ BufferedReader stdin2 = new BufferedReader(
+ new InputStreamReader(socket.getInputStream()));
+ String line;
+
+ while ((line = stdin2.readLine()) != null) {
+ stdout.append(line + "\n");
+ }
+ stdin2.close();
+
+ socket.close();
+
+ } catch (Exception e) {
+ System.err.println("some exception: in Send routine" + e);
+ return false;
+ }
+
+ return true;
+
+ }
+
+} // end of class
diff --git a/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java b/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java
new file mode 100644
index 000000000..019b75825
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java
@@ -0,0 +1,470 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedOutputStream;
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.Date;
+import java.util.GregorianCalendar;
+
+import org.mozilla.jss.ssl.SSLSocket;
+
+/**
+ * CMS Test framework - Legacyenrollment forms for Directory based enrollmnet and Portal based enrollment .
+ * Certificate issuance through Legacy Directory based enrollment and Portal based enrollment form.
+ * <P>
+ */
+
+public class DirEnroll extends TestClient {
+
+ private int i;
+ private String Authenticator = "UserDir";
+ private int port;
+ private long elapsedTime;
+
+ private String importcert = "false";
+ private boolean impStatus = false;
+
+ // Constructors
+
+ /**
+ * Constructor . Takes the parameter for Properties file name
+ * <p>
+ *
+ * @param propfilename name of the parameter file
+ */
+
+ public DirEnroll(String pfile) {
+ propfileName = pfile;
+ }
+
+ /**
+ * Constructor. Takes hostname , EESSLportnumber as parameter
+ * <p>
+ *
+ * @param hostname
+ * @param portnumber
+ */
+
+ public DirEnroll(String h, String p) {
+ host = h;
+ ports = p;
+ }
+
+ /**
+ * Constructor. Takes
+ * hostname,EESSLportnumber,uid,password,certdbdirectorypath,certdbpassword,certificatenickname,keysize,teytype
+ * <p>
+ *
+ * @param hostname
+ * @param portnumber
+ * @param subjectdn
+ * @param admuserid
+ * @param adminpassword
+ */
+
+ public DirEnroll(String hs, String p, String uid, String pw, String certdir, String certtokenpwd, String nickname,
+ String ksz, String kt) {
+
+ host = hs;
+ ports = p;
+ UID = uid;
+ PWD = pw;
+ cdir = certdir;
+ tokenpwd = certtokenpwd;
+ certnickname = nickname;
+ keysize = "1024";
+ keytype = "RSA";
+ }
+
+ // Set and Get functions
+
+ /**
+ * Use this method to set User Info
+ */
+ public void setUIDInfo(String uid, String pw) {
+ UID = uid;
+ PWD = pw;
+ }
+
+ /**
+ * Returns a string "UserDir" / "Portal"
+ */
+
+ public String getAuthenticator() {
+ return Authenticator;
+ }
+
+ /**
+ * Valid values for s - UserDir for Directory based Authntication
+ * Portal for Portal based Authentication
+ */
+ public void setAuthenticator(String s) {
+ Authenticator = s;
+ }
+
+ public boolean enroll_load() throws UnsupportedEncodingException {
+ buildquery();
+ return (Send());
+ }
+
+ private boolean pkcs10() {
+ System.out.println(" In pkcs10 Keysize , key type " + keysize + keytype);
+ cCrypt.setCertDir(cdir);
+ cCrypt.setCertnickname("cn=test");
+ cCrypt.setKeySize(keysize);
+ cCrypt.setKeyType(keytype);
+ cCrypt.setTokenPWD(tokenpwd);
+
+ cCrypt.setDebug(debug);
+ cCrypt.setGenerateRequest(true);
+ if (!cCrypt.generateRequest()) {
+ System.out.println("Request could not be generated ");
+ return false;
+ }
+ pkcs10request = cCrypt.getPkcs10Request();
+
+ try {
+ buildquery();
+ System.out.println(query);
+ setStatusString("Congratulations, your certificate has been issued.");
+ return (Send());
+ } catch (Exception e) {
+ System.err.println("some exception:" + e);
+ }
+
+ return false;
+
+ }
+
+ /**
+ * Enroll for certificate . Before calling this mentod SetAuthenticator and setUIDInfo
+ */
+ public boolean enroll() {
+ return (pkcs10());
+ }
+
+ private boolean readProperties() {
+
+ // Read the properties file and assign values to variables .
+ try {
+ getProperties(propfileName);
+ } catch (Exception e) {
+ System.out.println(
+ "exception reading Properties File " + e.getMessage());
+ return false;
+ }
+
+ System.out.println("Reading");
+ host = props.getProperty("enroll.host");
+ ports = props.getProperty("enroll.port");
+ UID = props.getProperty("enroll.UID");
+ PWD = props.getProperty("enroll.pwd");
+ cdir = props.getProperty("enroll.certdir");
+ tokenpwd = props.getProperty("enroll.certtokenpwd");
+ certnickname = props.getProperty("enroll.nickname");
+ keysize = props.getProperty("enroll.keysize");
+ keytype = props.getProperty("enroll.keytype");
+ Authenticator = props.getProperty("enroll.authenticator");
+ GN = props.getProperty("enroll.GN");
+ SN = props.getProperty("enroll.SN");
+ CN = props.getProperty("enroll.CN");
+ OU = props.getProperty("enroll.OU");
+ O = props.getProperty("enroll.O");
+ MAIL = props.getProperty("enroll.mail");
+ L = props.getProperty("enroll.l");
+
+ importcert = props.getProperty("enroll.importCert");
+ if (importcert == null) {
+ importcert = "false";
+ }
+ String de = props.getProperty("enroll.debug");
+
+ if (de == null) {
+ debug = false;
+ } else if (de.equals("true")) {
+ debug = true;
+ } else {
+ debug = false;
+ }
+
+ System.out.println("Reading done");
+ // Enroll using a pkscks10 request
+ return true;
+ }
+
+ // Private functions
+
+ private boolean importCert(String certpack) {
+
+ if (importcert.equals("false")) {
+ return true;
+ }
+
+ try {
+ if (certpack == null) {
+ return false;
+ }
+
+ if (debug) {
+ System.out.println(
+ "importing cert" + certpack + "certnick" + certnickname);
+ }
+
+ cCrypt.importCert(certpack, certnickname);
+
+ return true;
+
+ } catch (Exception e) {
+ System.out.println("exception importing cert " + e.getMessage());
+ return false;
+ }
+
+ }
+
+ private void setElapsedTime(long dif) {
+ elapsedTime = dif;
+ }
+
+ private long calculateElapsedTime(GregorianCalendar b, GregorianCalendar e) {
+
+ Date d1 = b.getTime();
+ Date d2 = e.getTime();
+ long l1 = d1.getTime();
+ long l2 = d2.getTime();
+ long difference = l2 - l1;
+
+ return difference;
+
+ }
+
+ private boolean Send() {
+ boolean st = false;
+
+ try {
+ if (debug) {
+ System.out.println("Step 3 : Socket initialize");
+ }
+
+ Integer x = new Integer(ports);
+
+ port = x.intValue();
+ ErrorDetail = null;
+ GregorianCalendar begin = new GregorianCalendar();
+
+ // SSLSocket socket = new SSLSocket(host,port);
+ SSLSocket socket = new SSLSocket(host, port, null, 0, this, null);
+
+ socket.setUseClientMode(true);
+
+ OutputStream rawos = socket.getOutputStream();
+ BufferedOutputStream os = new BufferedOutputStream(rawos);
+ PrintStream ps = new PrintStream(os);
+
+ ps.println("POST /enrollment HTTP/1.0");
+ ps.println("Connection: Keep-Alive");
+ ps.println("Content-type: application/x-www-form-urlencoded");
+ ps.println("Content-length: " + query.length());
+ ps.println("");
+ ps.println(query);
+ ps.println("\r");
+ ps.flush();
+ os.flush();
+ BufferedReader stdin = new BufferedReader(
+ new InputStreamReader(socket.getInputStream()));
+
+ if (debug) {
+ System.out.println("Step 4: Received the page");
+ }
+ st = false;
+ String line;
+
+ while ((line = stdin.readLine()) != null) {
+ if (debug) {
+ System.out.println(line);
+ }
+ if (line.indexOf(STATUS) != -1) {
+ st = true;
+ }
+ if (getError(line)) {
+ st = true;
+ }
+
+ if (line.indexOf("record.base64Cert=") > -1) {
+ String baseCert = line;
+
+ System.out.println("BaseCert : " + baseCert);
+ if (importcert.equals("true")) {
+ String strbase = "record.base64Cert=";
+
+ int n = strbase.length() + 1;
+
+ baseCert = baseCert.substring(n);
+ String tmp = baseCert.substring(0, baseCert.length() - 2);
+
+ if (importCert(tmp)) {
+ impStatus = true;
+ }
+ } else {
+ impStatus = true;
+ }
+ }
+
+ }
+ stdin.close();
+ socket.close();
+ os.close();
+ rawos.close();
+ ps.close();
+ os = null;
+ rawos = null;
+ stdin = null;
+ ps = null;
+ line = null;
+
+ GregorianCalendar end = new GregorianCalendar();
+ long diff = calculateElapsedTime(begin, end);
+
+ setElapsedTime(diff);
+
+ } catch (Exception e) {
+ System.err.println("some exception: in Send routine" + e);
+ return false;
+ }
+
+ return st;
+
+ }
+
+ private void buildquery() throws UnsupportedEncodingException {
+
+ StringBuffer queryStrBuf = new StringBuffer();
+
+ queryStrBuf.append("certType=client");
+ queryStrBuf.append("&importCert=off");
+ queryStrBuf.append("&non_repudiation=true");
+ queryStrBuf.append("&submit=Submit");
+ queryStrBuf.append("&key_encipherment=true");
+ queryStrBuf.append("&digital_signature=true");
+ queryStrBuf.append("&ssl_client=true");
+
+ System.out.println("Authenticator : " + Authenticator);
+
+ if (Authenticator.equals("UserDir")) {
+ queryStrBuf.append("&authenticator=UserDirEnrollment");
+ queryStrBuf.append("&requestFormat=keygen");
+ queryStrBuf.append("&uid=");
+ queryStrBuf.append(URLEncoder.encode(UID, "UTF-8"));
+ queryStrBuf.append("&pwd=");
+ queryStrBuf.append(URLEncoder.encode(PWD, "UTF-8"));
+ queryStrBuf.append("&email=true");
+ queryStrBuf.append("&cryptprovider=1");
+
+ }
+
+ if (Authenticator.equals("Portal")) {
+ queryStrBuf.append("&authenticator=PortalEnrollment");
+ queryStrBuf.append("&requestFormat=keygen");
+ queryStrBuf.append("&uid=");
+ queryStrBuf.append(URLEncoder.encode(UID, "UTF-8"));
+ queryStrBuf.append("&userPassword=");
+ queryStrBuf.append(URLEncoder.encode(PWD, "UTF-8"));
+ GN = "test";
+ SN = "test";
+ CN = "test";
+ MAIL = "test@netscape.com";
+ OU = "aol";
+ O = "aol";
+ L = "MV";
+ queryStrBuf.append("&givenname=");
+ queryStrBuf.append(URLEncoder.encode(GN, "UTF-8"));
+
+ queryStrBuf.append("&sn=");
+ queryStrBuf.append(URLEncoder.encode(SN, "UTF-8"));
+ queryStrBuf.append("&cn=");
+ queryStrBuf.append(URLEncoder.encode(CN, "UTF-8"));
+
+ queryStrBuf.append("&mail=");
+ queryStrBuf.append(URLEncoder.encode(MAIL, "UTF-8"));
+ queryStrBuf.append("&ou=");
+ queryStrBuf.append(URLEncoder.encode(OU, "UTF-8"));
+ queryStrBuf.append("&o=");
+ queryStrBuf.append(URLEncoder.encode(O, "UTF-8"));
+ queryStrBuf.append("&l=");
+ queryStrBuf.append(URLEncoder.encode(L, "UTF-8"));
+
+ queryStrBuf.append("&email=true");
+
+ }
+
+ if (Authenticator.equals("NIS")) {
+ queryStrBuf.append("&authenticator=NISAuth");
+ queryStrBuf.append("&requestFormat=keygen");
+ queryStrBuf.append("&uid=");
+ queryStrBuf.append(URLEncoder.encode(UID, "UTF-8"));
+ queryStrBuf.append("&pwd=");
+ queryStrBuf.append(URLEncoder.encode(PWD, "UTF-8"));
+ queryStrBuf.append("&email=true");
+
+ }
+
+ queryStrBuf.append("&pkcs10Request=");
+ queryStrBuf.append(URLEncoder.encode(pkcs10request, "UTF-8"));
+ query = queryStrBuf.toString();
+
+ System.out.println(query);
+
+ }
+
+ public static void main(String args[]) {
+ // Exit Status - (0) for error/Fail
+ // - requestId Pass
+ boolean st;
+
+ System.out.println(args.length);
+ if (args.length < 1) {
+ System.out.println("Usage : propertiesfile");
+ System.exit(0);
+ }
+
+ DirEnroll t = new DirEnroll(args[0]);
+
+ t.readProperties();
+ st = t.enroll();
+ if (st) {
+ System.out.println(
+ t.getAuthenticator() + " based enrollment successfull. ");
+ System.exit(1);
+ } else {
+
+ System.out.println(
+ t.getAuthenticator()
+ + " based enrollment was not successful."
+ + "Error: " + t.getErrorDetail());
+ System.exit(0);
+ }
+ }// end of function main
+
+} // end of class
+
diff --git a/base/silent/src/com/netscape/pkisilent/common/ParseXML.java b/base/silent/src/com/netscape/pkisilent/common/ParseXML.java
new file mode 100644
index 000000000..de1b38172
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/ParseXML.java
@@ -0,0 +1,170 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedReader;
+import java.io.FileInputStream;
+import java.io.InputStreamReader;
+import java.util.ArrayList;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.serialize.OutputFormat;
+import org.apache.xml.serialize.XMLSerializer;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+public class ParseXML {
+ Document dom = null;
+
+ public ParseXML() {// nothing
+ }
+
+ public void parse(java.io.InputStream is) {
+ try {
+ // get the factory
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
+ // Using factory get an instance of document builder
+ DocumentBuilder db = dbf.newDocumentBuilder();
+
+ // parse using builder to get DOM representation of the XML file
+ dom = db.parse(is);
+ } catch (Exception se) {
+ System.out.println("ERROR: unable to parse xml");
+ se.printStackTrace();
+
+ try {
+ BufferedReader br = new BufferedReader(new InputStreamReader(is));
+ StringBuilder sb = new StringBuilder();
+ String line = null;
+
+ while ((line = br.readLine()) != null) {
+ sb.append(line + "\n");
+ }
+
+ br.close();
+ System.out.println("ERROR XML = " + sb.toString());
+ } catch (Exception se1) {
+ System.out.println("ERROR: unable to print xml");
+ se1.printStackTrace();
+ }
+ }
+ }
+
+ public String getvalue(String tag) {
+ String temp = null;
+
+ try {
+
+ // get the root elememt
+ Element docEle = dom.getDocumentElement();
+
+ // get a nodelist of <employee> elements
+ NodeList nl = docEle.getElementsByTagName(tag);
+
+ if (nl != null && nl.getLength() > 0) {
+ Element el = (Element) nl.item(0);
+
+ if (el != null) {
+ temp = el.getFirstChild().getNodeValue();
+ }
+ }
+ } catch (Exception e) {
+ System.out.println("ERROR: Tag=" + tag + "has no values");
+ return null;
+ }
+
+ return temp;
+ }
+
+ public void prettyprintxml() {
+ try {
+ // Serialize the document
+ OutputFormat format = new OutputFormat(dom);
+
+ format.setLineWidth(65);
+ format.setIndenting(true);
+ format.setIndent(2);
+ XMLSerializer serializer = new XMLSerializer(System.out, format);
+
+ serializer.serialize(dom);
+ } catch (Exception e) {
+ }
+ }
+
+ private String getTextValue(Element ele, String tagName) {
+ String textVal = null;
+ NodeList nl = ele.getElementsByTagName(tagName);
+
+ if (nl != null && nl.getLength() > 0) {
+ Element el = (Element) nl.item(0);
+
+ textVal = el.getFirstChild().getNodeValue();
+ }
+
+ return textVal;
+ }
+
+ // returns an arraylist of values for the corresponding tag
+
+ public ArrayList<String> constructValueList(String first, String second) {
+ ArrayList<String> al = new ArrayList<String>();
+
+ try {
+ // get the root elememt
+ Element docEle = dom.getDocumentElement();
+
+ // get a nodelist of <employee> elements
+ NodeList nl = docEle.getElementsByTagName(first);
+
+ if (nl != null && nl.getLength() > 0) {
+ for (int i = 0; i < nl.getLength(); i++) {
+ Element el = (Element) nl.item(i);
+ String value = getTextValue(el, second);
+
+ System.out.println("tag=" + second + " value=" + value);
+ if (value != null) {
+ al.add(value);
+ }
+ }
+ }
+ } catch (Exception e) {
+ System.out.println("ERROR: Tag=" + first + " has no values");
+ }
+
+ return al;
+ }
+
+ public static void main(String args[]) {
+ try {
+
+ ParseXML px = new ParseXML();
+ FileInputStream fiscfg = new FileInputStream("/tmp/test.xml");
+
+ px.parse(fiscfg);
+ px.prettyprintxml();
+
+ } catch (Exception e) {
+ }
+ }
+
+}; // end class
diff --git a/base/silent/src/com/netscape/pkisilent/common/PostQuery.java b/base/silent/src/com/netscape/pkisilent/common/PostQuery.java
new file mode 100644
index 000000000..31fb07b3e
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/PostQuery.java
@@ -0,0 +1,141 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedReader;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URL;
+
+import com.netscape.cmsutil.util.Utils;
+
+/**
+ * CMS Test framework .
+ * This class submits request to admin server after authenticating with UID and Password. You can get back the response
+ * by calling the method. getPage().
+ */
+
+public class PostQuery {
+
+ private boolean st;
+ private String NmcStatus = "NMC_STATUS: 0";
+ private String postQuery = null;
+ private String adminID, adminPWD, URLString;
+
+ private StringBuffer stdout = new StringBuffer();
+
+ /**
+ * Constructor . Takes the parameters urlstring("http://hostname:<portnumber> , Id for authenticating to the server,
+ * password for authentication to the server and query which needs to be submitted to the server
+ */
+
+ public PostQuery(String urlstr, String authid, String authpwd, String querystring) {
+
+ URLString = urlstr;
+ adminID = authid;
+ adminPWD = authpwd;
+ postQuery = querystring;
+
+ }
+
+ public void setNMCStatus(String m) {
+ NmcStatus = m;
+ }
+
+ public void setPostQueryString(String querystring) {
+ postQuery = querystring;
+ }
+
+ public void setAuth(String ID, String Pwd) {
+ adminID = ID;
+ adminPWD = Pwd;
+ }
+
+ public StringBuffer getPage() {
+ return stdout;
+ }
+
+ public boolean Send() {
+ // / This functions connects to the URL and POST HTTP Request .
+ // It compares with NMC_STATUS and return the status.
+ System.out.println(URLString);
+ st = false;
+
+ try {
+
+ URL myUrl = new URL(URLString);
+ String userPassword = adminID + ":" + adminPWD;
+
+ System.out.println("adminid=" + adminID);
+ System.out.println("adminpwd=" + adminPWD);
+ // String encoding = new sun.misc.BASE64Encoder().encode(
+ // userPassword.getBytes());
+ String encoding = Utils.base64encode(
+ userPassword.getBytes());
+ HttpURLConnection URLCon = (HttpURLConnection) myUrl.openConnection();
+
+ URLCon.setRequestProperty("Authorization", "Basic " + encoding);
+ URLCon.setDoOutput(true);
+ URLCon.setDoInput(true);
+ URLCon.setUseCaches(false);
+ URLCon.setRequestProperty("Content-type",
+ "application/x-www-form-urlencoded");
+ // URLCon.setRequestMethod("POST");
+ System.out.println("After post");
+
+ DataOutputStream os = new DataOutputStream(URLCon.getOutputStream());
+
+ System.out.println("Query: " + postQuery);
+
+ os.writeBytes(postQuery);
+ os.flush();
+ os.close();
+
+ InputStream Content = (InputStream) URLCon.getInputStream();
+
+ System.out.println("Configuring Cert Instance : Return Response");
+ BufferedReader in = new BufferedReader(
+ new InputStreamReader(Content));
+ String line;
+
+ while ((line = in.readLine()) != null) {
+ System.out.println(line);
+ stdout.append(line + "\n");
+ st = line.startsWith(NmcStatus);
+ if (st) {
+ break;
+ }
+ }
+ URLCon.disconnect();
+ } // try
+ catch (MalformedURLException e) {
+ System.out.println(URLString + " is not a valid URL.");
+
+ } catch (IOException e) {
+ System.out.println("exception : " + e.getMessage());
+ }
+ System.out.println(st);
+ return st;
+ }
+
+}
diff --git a/base/silent/src/com/netscape/pkisilent/common/Request.java b/base/silent/src/com/netscape/pkisilent/common/Request.java
new file mode 100644
index 000000000..3dffc929c
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/Request.java
@@ -0,0 +1,1138 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.GregorianCalendar;
+import java.util.Vector;
+
+/**
+ * CMS Test framework .
+ * Submits List,Approve,Reject,cancel requests to agent port
+ */
+
+public class Request extends TestClient {
+
+ private String validityperiod;
+ private String approveseqnum, type, reqType, reqState, agenttype;
+ private int i;
+
+ // Program variables
+ private String ACTION_PROCESS_CERT_REQUEST = null;
+ private String ACTION_LISTREQUEST = "/queryReq";
+ private int reqtype = 1;
+ private int seqNumFrom = 1;
+ private int maxCount = 50;
+ private int validperiod = 180;
+ private String cadualcert_name = null;
+
+ private String approveseqnumFrom, approveseqnumTo;
+ // Request variables
+ private Vector<String> seqNum = new Vector<String>();
+ private String AUTH_ID = null;
+
+ // Cert Detail variables
+
+ private String csrRequestorName, csrRequestorPhone, csrRequestorEmail, subject, subjectdn, reqStatus, certType;
+ private String requestType, requestID, sslclient, clientcert, servercert, emailcert, objectsigningcert, sslcacert,
+ objectsigningcacert, emailcacert, sigAlgo, totalRecord, validitylength, trustedManager;
+
+ private int totalNumApproved = 0;
+
+ // Constructors
+
+ /**
+ * Constructor . Takes the parameter for Properties file name
+ *
+ * @param propfileName name of the parameter file.
+ */
+
+ public Request(String pfile) {
+ propfileName = pfile;
+ }
+
+ /**
+ * Constructor . Takes the parameter host , port and "angent type - ca/ra"
+ *
+ * @param hostname.
+ * @param port
+ * @param agenttype Whether ca or ra agent
+ */
+
+ public Request(String h, String p, String at) {
+ host = h;
+ ports = p;
+ agenttype = at;
+ }
+
+ /**
+ * Constructor . Takes the following parmaters
+ *
+ * @param hostName .
+ * @param port
+ * @param adminuid
+ * @param adminpwd
+ * @param agentcertnickname
+ * @param certdb
+ * @param tokenpwd
+ * @param approveSequncenumber
+ * @param ApproveSequenceNumberFrom
+ * @param ApproveSequnceNumberTo
+ * @param type
+ * @param reqtype enrollment/revoked
+ * @param requestState complete/pending
+ * @param agentType ra/ca
+ * @param trustedManager true/false
+ */
+
+ public Request(String h, String p, String aid, String apwd, String cname, String cd, String ctpwd, String snum,
+ String sfrom, String sto, String ty, String rty, String rstate, String aty, String tm) {
+ host = h;
+ ports = p;
+ adminid = aid;
+ adminpwd = apwd;
+ certnickname = cname;
+ cdir = cd;
+ tokenpwd = ctpwd;
+ approveseqnum = snum;
+ approveseqnumFrom = sfrom;
+ if (approveseqnumFrom == null) {
+ approveseqnumFrom = "1";
+ }
+
+ approveseqnumTo = sto;
+ if (approveseqnumTo == null) {
+ approveseqnumTo = "100";
+ }
+
+ type = ty;
+ reqType = rty;
+ reqState = rstate;
+ agenttype = aty;
+ if (agenttype == null) {
+ agenttype = "ca";
+ }
+
+ trustedManager = tm;
+ if (trustedManager.equals("true")) {
+ trustedManager = "true";
+ } else {
+ trustedManager = "false";
+ }
+ debug = false;
+
+ }
+
+ /**
+ * Set Agent Cert nick name
+ */
+ public void setAgentCertName(String s) {
+ certnickname = s;
+ }
+
+ /**
+ * List all pending enrollment request. Takes parameters fromRequestNumber,toRequestNumber
+ *
+ * @param fromrequest number
+ * @param endrequestnumber.
+ * @throws UnsupportedEncodingException
+ */
+
+ public Vector<String> ListPendingRequests(String fromRequestNumber, String toRequestNumber) throws UnsupportedEncodingException {
+ reqState = "showWaiting";
+ reqType = "enrollment";
+ approveseqnumFrom = fromRequestNumber;
+ approveseqnumTo = toRequestNumber;
+ listRequest(approveseqnumFrom, approveseqnumTo);
+ return seqNum;
+ }
+
+ /**
+ * List all pending request. Takes parameters fromRequestNumber,toRequestNumber
+ *
+ * @param fromrequest number
+ * @param endrequestnumber.
+ * @throws UnsupportedEncodingException
+ */
+
+ public Vector<String> ListAllRequests(String fromRequestNumber, String toRequestNumber) throws UnsupportedEncodingException {
+ reqState = "showAll";
+ reqType = "enrollment";
+ approveseqnumFrom = fromRequestNumber;
+ approveseqnumTo = toRequestNumber;
+ listRequest(approveseqnumFrom, approveseqnumTo);
+ return seqNum;
+ }
+
+ /**
+ * Approve pending enrollment request. Takes parameters RequestNumber
+ *
+ * @param request number
+ * @throws UnsupportedEncodingException
+ */
+
+ public int ApproveRequests(String requestNumber) throws UnsupportedEncodingException {
+ reqState = "showWaiting";
+ reqType = "enrollment";
+ approveseqnum = requestNumber;
+ approveseqnumFrom = requestNumber;
+ approveseqnumTo = requestNumber;
+ if (approveRequest()) {
+ System.out.println("Approve Request :" + totalNumApproved);
+ return totalNumApproved;
+ } else {
+ return -1;
+ }
+
+ }
+
+ /**
+ * Approve profile based pending enrollment request. Takes parameters RequestNumber
+ *
+ * @param request number
+ * @throws UnsupportedEncodingException
+ */
+
+ public int ApproveProfileRequests(String RequestNumber) throws UnsupportedEncodingException {
+
+ approveseqnum = RequestNumber;
+ approveseqnumFrom = RequestNumber;
+ approveseqnumTo = RequestNumber;
+
+ reqtype = 4;
+ buildquery();
+ if (!Send()) {
+ System.out.println("Error: Approving request " + approveseqnum);
+ return 0;
+ }
+ return 1;
+
+ }
+
+ public boolean Approve_cadualcert_Profile_Request(String RequestNumber, String name) throws UnsupportedEncodingException {
+
+ approveseqnum = RequestNumber;
+ approveseqnumFrom = RequestNumber;
+ approveseqnumTo = RequestNumber;
+
+ cadualcert_name = name;
+
+ // reqtype = 7 means cadualcert profile request
+ // this is just a convention that we follow within this file to distinguish
+ // bet'n the different requests
+
+ reqtype = 7;
+
+ buildquery();
+
+ if (!Send()) {
+ System.out.println("Error: Approving request " + approveseqnum);
+ return false;
+ }
+
+ return true;
+
+ }
+
+ /**
+ * Reject profile based pending enrollment request. Takes parameters RequestNumber
+ *
+ * @param request number
+ * @throws UnsupportedEncodingException
+ */
+
+ public int RejectProfileRequests(String RequestNumber) throws UnsupportedEncodingException {
+
+ approveseqnum = RequestNumber;
+ approveseqnumFrom = RequestNumber;
+ approveseqnumTo = RequestNumber;
+
+ reqtype = 5;
+ buildquery();
+ if (!Send()) {
+ System.out.println("Error: Rejecting request " + approveseqnum);
+ return 0;
+ }
+ return 1;
+
+ }
+
+ /**
+ * Cancel profile based pending enrollment request. Takes parameters RequestNumber
+ *
+ * @param request number
+ * @throws UnsupportedEncodingException
+ */
+
+ public int CancelProfileRequests(String RequestNumber) throws UnsupportedEncodingException {
+
+ approveseqnum = RequestNumber;
+ approveseqnumFrom = RequestNumber;
+ approveseqnumTo = RequestNumber;
+
+ reqtype = 6;
+ buildquery();
+ if (!Send()) {
+ System.out.println("Error: canceling request " + approveseqnum);
+ return 0;
+ }
+ return 1;
+
+ }
+
+ // private methods
+ private boolean RetrieveProfileCancel(StringBuffer s) {
+ String res = s.toString();
+ int ret = 0;
+
+ ret = res.indexOf("requestStatus=");
+ String status = res.substring(ret + "requestStatus=".length() + 1,
+ res.indexOf(";", ret) - 1);
+
+ if (!status.equals("canceled")) {
+ ErrorDetail = res.substring(ret + "errorReason=".length() + 1,
+ res.indexOf(";", ret) - 1);
+ return false;
+ }
+
+ return true;
+ }
+
+ private boolean RetrieveProfileReject(StringBuffer s) {
+ String res = s.toString();
+ int ret = 0;
+
+ ret = res.indexOf("requestStatus=");
+ String status = res.substring(ret + "requestStatus=".length() + 1,
+ res.indexOf(";", ret) - 1);
+
+ if (!status.equals("rejected")) {
+ ErrorDetail = res.substring(ret + "errorReason=".length() + 1,
+ res.indexOf(";", ret) - 1);
+ return false;
+ }
+
+ return true;
+ }
+
+ private boolean RetrieveProfileApproval(StringBuffer s) {
+ String res = s.toString();
+ int ret = 0;
+
+ ret = res.indexOf("requestStatus=");
+ String status = res.substring(ret + "requestStatus=".length() + 1,
+ res.indexOf(";", ret) - 1);
+
+ if (!status.equals("complete")) {
+ ErrorDetail = res.substring(ret + "errorReason=".length() + 1,
+ res.indexOf(";", ret) - 1);
+ return false;
+ }
+
+ return true;
+
+ }
+
+ private boolean RetrieveReq(StringBuffer s) {
+ String AUTHID = "header.authorityid = ";
+ String seqnum = "record.seqNum";
+
+ String res = s.toString();
+ int ret = 0;
+
+ if ((ret = res.indexOf(AUTHID)) > -1) {
+ AUTH_ID = res.substring(ret + AUTHID.length() + 1,
+ res.indexOf(";", ret) - 1);
+ while (ret > 0) {
+ if ((ret = res.indexOf(seqnum, ret)) > -1) {
+ int bi = ret + seqnum.length() + 2;
+ int be = res.indexOf(";", ret) - 1;
+
+ seqNum.addElement(res.substring(bi, be));
+ ret++;
+ }
+
+ }
+
+ }
+
+ ret = res.indexOf("header.totalRecordCount =");
+ totalRecord = res.substring(ret + "header.totalRecordCount = ".length(),
+ res.indexOf(";", ret));
+
+ return true;
+
+ }
+
+ private boolean RetrieveCertDetails(StringBuffer s) {
+
+ // System.out.println("Debug : Retrieving cert details ");
+ String res = s.toString();
+
+ if (debug) {
+ System.out.println(res);
+ }
+ int ret = 0;
+
+ boolean st = false;
+
+ for (int t = 0; t < 25; t++) {
+ String cmp = "header.SERVER_ATTRS[" + t + "].name=";
+
+ ret = res.indexOf(cmp);
+ if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals(
+ "requestId")) {
+ ret = res.indexOf("header.SERVER_ATTRS[" + t + "].value=");
+ requestID = res.substring(
+ ret + "header.SERVER_ATTRS[t].value=".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+ if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals(
+ "requestStatus")) {
+ ret = res.indexOf("header.SERVER_ATTRS[" + t + "].value=");
+ reqStatus = res.substring(
+ ret + "header.SERVER_ATTRS[t].value=".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+
+ if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals(
+ "requestType")) {
+ ret = res.indexOf("header.SERVER_ATTRS[" + t + "].value=");
+ requestType = res.substring(
+ ret + "header.SERVER_ATTRS[t].value=".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+
+ } // end of for loop
+
+ // System.out.println("Debug : Retrieving cert details Serverattributes ");
+
+ if (requestID.equals(approveseqnum)) {
+ st = true;
+ }
+
+ if (!st) {
+ System.out.println("Error in retrieving the record " + approveseqnum);
+ return false;
+ }
+
+ // System.out.println("Debug : Retrieving cert details HTTP parmas ");
+
+ for (int t = 0; t < 25; t++) {
+ String cmp = "header.HTTP_PARAMS[" + t + "].name=";
+
+ ret = res.indexOf(cmp);
+ if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals(
+ "csrRequestorEmail")) {
+ ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value=");
+ csrRequestorEmail = res.substring(
+ ret + "header.HTTP_PARAMS[t].value=".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+ if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals(
+ "csrRequestorPhone")) {
+ ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value=");
+ csrRequestorPhone = res.substring(
+ ret + "header.HTTP_PARAMS[t].value=".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+ if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals(
+ "csrRequestorName")) {
+ ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value=");
+ csrRequestorName = res.substring(
+ ret + "header.HTTP_PARAMS[t].value=".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+
+ if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals(
+ "subject")) {
+ ret = res.indexOf("header.HTTP_PARAMS[" + t + "].value=");
+ subjectdn = res.substring(
+ ret + "header.HTTP_PARAMS[t].value=".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+
+ } // end of for loop
+
+ // System.out.println("Debug : Retrieving cert details");
+
+ ret = res.indexOf("header.subject =");
+ if (ret > 0) {
+ subject = res.substring(ret + "header.subject = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+ // System.out.println("Debug : Retrieving cert details ");
+
+ sslclient =
+ clientcert =
+ servercert =
+ emailcert = objectsigningcert = sslcacert = objectsigningcacert = emailcacert = "false";
+ ret = res.indexOf("header.sslclient =");
+ if (ret > 0) {
+ sslclient = res.substring(ret + "header.sslclient = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+ // System.out.println("Debug : Retrieving cert details ");
+
+ ret = res.indexOf("header.ext_ssl_client =");
+ if (ret > 0) {
+ clientcert = res.substring(
+ ret + "header.ext_ssl_client = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+ // System.out.println("Debug : Retrieving cert details ");
+
+ ret = res.indexOf("header.ext_email =");
+ if (ret > 0) {
+ emailcert = res.substring(ret + "header.ext_email = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+ // System.out.println("Debug : Retrieving cert details ");
+
+ ret = res.indexOf("header.ext_ssl_server =");
+ if (ret > 0) {
+ servercert = res.substring(
+ ret + "header.ext_ssl_server = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+
+ // System.out.println("Debug : Retrieving cert details ");
+
+ ret = res.indexOf("header.ext_object_signing =");
+ if (ret > 0) {
+ objectsigningcert = res.substring(
+ ret + "header.ext_object_signing = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+
+ // System.out.println("Debug : Retrieving cert details ");
+
+ ret = res.indexOf("header.ext_ssl_ca =");
+ if (ret > 0) {
+ sslcacert = res.substring(ret + "header.ext_ssl_ca = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+
+ // System.out.println("Debug : Retrieving cert details ");
+
+ if (ret > 0) {
+ ret = res.indexOf("header.ext_object_signing_ca=");
+ }
+ objectsigningcacert = res.substring(
+ ret + "header.ext_object_signing_ca = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+
+ // System.out.println("Debug : Retrieving cert details ");
+
+ ret = res.indexOf("header.ext_email_ca =");
+ if (ret > 0) {
+ emailcacert = res.substring(
+ ret + "header.ext_email_ca = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+
+ // System.out.println("Debug : Retrieving cert details ");
+
+ ret = res.indexOf("header.certType =");
+ if (ret > 0) {
+ certType = res.substring(ret + "header.certType = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+ // System.out.println("Debug : Retrieving cert details ");
+
+ ret = res.indexOf("header.signatureAlgorithmName =");
+ if (ret > 0) {
+ sigAlgo = res.substring(
+ ret + "header.signatureAlgorithmName = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+
+ ret = res.indexOf("header.validityLength =");
+ if (ret > 0) {
+ validitylength = res.substring(
+ ret + "header.validityLength = ".length() + 1,
+ res.indexOf(";", ret) - 1);
+ }
+
+ return true;
+
+ }
+
+ private boolean approveRequestStatus(StringBuffer s) {
+
+ String res = s.toString();
+
+ if (debug) {
+ System.out.println(res);
+ }
+
+ // Find th Server_ATTRS paramteter value of reqStatus
+
+ int i = 1;
+ int ret;
+
+ for (int t = 0; t < 25; t++) {
+ String cmp = "header.SERVER_ATTRS[" + t + "].name=";
+
+ ret = res.indexOf(cmp);
+ if ((res.substring(ret + cmp.length() + 1, res.indexOf(";", ret) - 1)).equals(
+ "requestStatus")) {
+ i = t;
+ break;
+ }
+
+ }
+
+ String req = "header.SERVER_ATTRS[" + i + "].value=";
+
+ ret = res.indexOf(req);
+ reqStatus = res.substring(ret + req.length() + 1,
+ res.indexOf(";", ret) - 1);
+
+ if (reqStatus != null) {
+ reqStatus.toLowerCase();
+ if (reqStatus.equals("complete")) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ return false;
+
+ }
+
+ private boolean Send() {
+ debug = true;
+ boolean st = false;
+
+ try {
+ // Covert the string port to int port
+
+ Integer x = new Integer(ports);
+
+ port = x.intValue();
+
+ Con2Agent con = new Con2Agent(host, port, certnickname, tokenpwd,
+ cdir);
+
+ con.setQueryString(query);
+ con.setActionURL(ACTION_STRING);
+ con.Send();
+ StringBuffer s = new StringBuffer();
+
+ s = con.getPage();
+
+ if (debug) {
+ System.out.println(s.toString());
+ }
+ switch (reqtype) {
+ case 1:
+ st = RetrieveReq(s);
+ break;
+
+ case 2:
+ st = RetrieveCertDetails(s);
+ break;
+
+ case 3:
+ st = approveRequestStatus(s);
+ break;
+
+ case 4:
+ st = RetrieveProfileApproval(s);
+ break;
+
+ case 5:
+ st = RetrieveProfileReject(s);
+ break;
+
+ case 6:
+ st = RetrieveProfileCancel(s);
+ break;
+
+ case 7:
+ st = RetrieveProfileApproval(s);
+ break;
+
+ default:
+ System.out.println("reqtype not recognized");
+ }
+ } catch (Exception e) {
+ System.err.println("exception: in Send routine" + e);
+ return false;
+ }
+
+ return st;
+ }
+
+ private void buildquery() throws UnsupportedEncodingException {
+
+ if (reqtype == 1) { // req type = list
+ ACTION_STRING = "/" + agenttype + ACTION_LISTREQUEST;
+ query = "seqNumFrom=" + seqNumFrom;
+ query += "&maxCount=" + maxCount;
+ query += "&reqType=" + reqType;
+ query += "&reqState=" + reqState;
+
+ }
+
+ if (reqtype == 2) { // get cert details
+ ACTION_PROCESS_CERT_REQUEST = "/" + AUTH_ID + "/processCertReq";
+ ACTION_STRING = ACTION_PROCESS_CERT_REQUEST;
+ query = "seqNum=" + approveseqnum;
+
+ }
+
+ if (reqtype == 3) { // aaprove cert
+
+ if (validityperiod != null) {
+ Integer x = new Integer(validityperiod);
+
+ validperiod = x.intValue();
+ } else {
+ validperiod = 180;
+ }
+
+ ACTION_PROCESS_CERT_REQUEST = "/" + AUTH_ID + "/processCertReq";
+ ACTION_STRING = ACTION_PROCESS_CERT_REQUEST;
+ query = "seqNum=" + approveseqnum;
+ query += "&toDo=accept";
+ if (subjectdn != null) {
+ query += "&subject=" + URLEncoder.encode(subjectdn, "UTF-8");
+ } else if (subject != null) {
+ query += "&subject=" + URLEncoder.encode(subject, "UTF-8");
+ }
+
+ if (csrRequestorName != null) {
+ query += "&csrRequestorName=" + csrRequestorName;
+ }
+ if (csrRequestorPhone != null) {
+ query += "&csrRequestorPhone=" + csrRequestorPhone;
+ }
+
+ if (csrRequestorEmail != null) {
+ query += "&csrRequestorEmail=" + csrRequestorEmail;
+ }
+ if (sigAlgo != null) {
+ query += "&signatureAlgorithm=" + sigAlgo;
+ }
+ query += "&grantUID=u" + approveseqnum;
+
+ GregorianCalendar begin = new GregorianCalendar();
+ GregorianCalendar end = new GregorianCalendar();
+
+ end.add(GregorianCalendar.DATE, validperiod);
+ Date begindate = begin.getTime();
+ Date enddate = end.getTime();
+
+ query += "&notValidBefore=" + begindate.getTime() / 1000;
+ query += "&notValidAfter=" + enddate.getTime() / 1000;
+
+ if (clientcert.equals("true")) {
+ query += "&certTypeSSLClient=" + clientcert;
+ }
+
+ if (servercert.equals("true")) {
+ query += "&certTypeSSLServer=" + servercert;
+ }
+
+ if (emailcert.equals("true")) {
+ query += "&certTypeEmail=" + emailcert;
+ }
+
+ if (objectsigningcert.equals("true")) {
+ query += "&certTypeObjSigning=" + objectsigningcert;
+ }
+
+ query += "&grantTrustedManagerPrivilege=" + trustedManager;
+
+ }
+
+ if ((reqtype == 4) || (reqtype == 5) || (reqtype == 6)) { // profile based cert request
+
+ if (validityperiod != null) {
+ Integer x = new Integer(validityperiod);
+
+ validperiod = x.intValue();
+ } else {
+ validperiod = 180;
+ }
+
+ ACTION_PROCESS_CERT_REQUEST = "/" + agenttype + "/profileProcess";
+ ACTION_STRING = ACTION_PROCESS_CERT_REQUEST;
+ query = "requestId=" + approveseqnum;
+ query += "&name="
+ + URLEncoder.encode(
+ "UID=test,E=test,CN=test,OU=netscape,O=aol", "UTF-8");
+ query += "&keyUsageCritical=true";
+ query += "&keyUsageDigitalSignature=true";
+ query += "&keyUsageNonRepudiation=true";
+ query += "&keyUsageKeyEncipherment=true";
+ query += "&keyUsageDataEncipherment=false";
+ query += "&keyUsageKeyAgreement=false";
+ query += "&keyUsageKeyCertSign=false";
+ query += "&keyUsageCrlSign=false";
+ query += "&keyUsageEncipherOnly=false";
+ query += "&keyUsageDecipherOnly=false";
+
+ query += "&nsCertCritical=false";
+ query += "&nsCertSSLClient=true";
+
+ query += "&nsCertSSLServer=false";
+ query += "&nsCertEmail=true";
+ query += "&nsCertObjectSigning=false";
+ query += "&nsCertSSLCA=false";
+ query += "&nsCertEmailCA=false";
+ query += "&nsCertObjectSigningCA=false";
+
+ query += "&subAltNameExtCritical=false";
+ query += "&subjAltNames=RFC822Name:"
+ + URLEncoder.encode(" thomasknscp@aol.com", "UTF-8");
+ query += "&signingAlg=MD5withRSA";
+
+ query += "&submit=submit";
+
+ GregorianCalendar begin = new GregorianCalendar();
+ GregorianCalendar end = new GregorianCalendar();
+
+ end.add(GregorianCalendar.DATE, validperiod);
+ // Date begindate = begin.getTime();
+ // Date enddate = end.getTime();
+ String nb = begin.get(Calendar.YEAR) + "-"
+ + begin.get(Calendar.MONTH) + "-" + begin.get(Calendar.DATE)
+ + " " + begin.get(Calendar.HOUR) + ":"
+ + begin.get(Calendar.MINUTE) + ":"
+ + begin.get(Calendar.SECOND);
+
+ String nat = end.get(Calendar.YEAR) + "-" + end.get(Calendar.MONTH)
+ + "-" + end.get(Calendar.DATE) + " "
+ + end.get(Calendar.HOUR) + ":" + end.get(Calendar.MINUTE)
+ + ":" + end.get(Calendar.SECOND);
+
+ query += "&notBefore=" + nb;
+ query += "&notAfter=" + nat;
+
+ query += "&authInfoAccessCritical=false";
+ query += "&authInfoAccessGeneralNames=";
+ query += "&exKeyUsageOIDs=" + "1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4";
+
+ }
+
+ if (reqtype == 4) {
+ query += "&op=approve";
+ }
+
+ if (reqtype == 5) {
+ query += "&op=reject";
+ }
+
+ if (reqtype == 6) {
+ query += "&op=cancel";
+ }
+
+ if (reqtype == 7) {
+ // cadualcert profile approval
+ ACTION_STRING = "/" + "ca" + "/profileProcess";
+
+ GregorianCalendar begin = new GregorianCalendar();
+ GregorianCalendar end = new GregorianCalendar();
+
+ end.add(GregorianCalendar.DATE, validperiod);
+
+ String nb = begin.get(Calendar.YEAR) + "-"
+ + begin.get(Calendar.MONTH) + "-" + begin.get(Calendar.DATE)
+ + " " + begin.get(Calendar.HOUR) + ":"
+ + begin.get(Calendar.MINUTE) + ":"
+ + begin.get(Calendar.SECOND);
+
+ String nat = end.get(Calendar.YEAR) + "-" + end.get(Calendar.MONTH)
+ + "-" + end.get(Calendar.DATE) + " "
+ + end.get(Calendar.HOUR) + ":" + end.get(Calendar.MINUTE)
+ + ":" + end.get(Calendar.SECOND);
+
+ query = "requestId=" + approveseqnum + "&name="
+ + URLEncoder.encode(cadualcert_name, "UTF-8") + "&notBefore=" + nb
+ + "&notAfter=" + nat + "&authInfoAccessCritical=false"
+ + "&authInfoAccessGeneralNames=" + "&keyUsageCritical=true"
+ + "&keyUsageDigitalSignature=false"
+ + "&keyUsageNonRepudiation=false"
+ + "&keyUsageKeyEncipherment=true"
+ + "&keyUsageDataEncipherment=false"
+ + "&keyUsageKeyAgreement=false"
+ + "&keyUsageKeyCertSign=false" + "&keyUsageCrlSign=false"
+ + "&keyUsageEncipherOnly=false"
+ + "&keyUsageDecipherOnly=false" + /* -- For Older CMS 6.x servers use these
+ "&nsCertCritical=false" +
+ "&nsCertSSLClient=true" +
+ "&nsCertSSLServer=false" +
+ "&nsCertEmail=true" +
+ "&nsCertObjectSigning=false" +
+ "&nsCertSSLCA=false" +
+ "&nsCertEmailCA=false" +
+ "&nsCertObjectSigningCA=false" +
+ "&subjAltNameExtCritical=false" +
+ "&subjAltNames=RFC822Name: null" +
+ "&signingAlg=MD5withRSA" +
+ */// For newer CS 7.x servers use these
+ "&exKeyUsageCritical=false"
+ + "&exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+ + "&subjAltNameExtCritical=false"
+ + "&subjAltNames=RFC822Name: null"
+ + "&signingAlg=SHA1withRSA" + "&requestNotes="
+ + "&op=approve" + "&submit=submit";
+
+ }
+
+ }
+
+ private void readProperties() {
+
+ // Read the properties file and assign values to variables .
+ try {
+ getProperties(propfileName);
+ } catch (Exception e) {
+ System.out.println(
+ "exception reading Properties File " + e.getMessage());
+ }
+
+ // Read the properties file
+ host = props.getProperty("enroll.host");
+ ports = props.getProperty("enroll.port");
+ adminid = props.getProperty("enroll.adminid");
+ adminpwd = props.getProperty("enroll.adminpwd");
+ certnickname = props.getProperty("enroll.nickname");
+ cdir = props.getProperty("enroll.certdir");
+ tokenpwd = props.getProperty("enroll.certtokenpwd");
+ approveseqnum = props.getProperty("enroll.seqnum");
+ if (approveseqnum == null) {
+ System.out.println("Seq num is null");
+ }
+
+ approveseqnumFrom = props.getProperty("enroll.seqnumFrom");
+ if (approveseqnumFrom == null) {
+ approveseqnumFrom = "1";
+ }
+
+ approveseqnumTo = props.getProperty("enroll.seqnumTo");
+ if (approveseqnumTo == null) {
+ approveseqnumTo = "100";
+ }
+ validityperiod = props.getProperty("enroll.validperiod");
+ type = props.getProperty("enroll.type");
+ reqType = props.getProperty("enroll.reqtype");
+ reqState = props.getProperty("enroll.reqstate");
+ agenttype = props.getProperty("enroll.agenttype");
+ if (agenttype == null) {
+ agenttype = "ca";
+ }
+
+ trustedManager = props.getProperty("enroll.trust");
+ if (trustedManager.equals("true")) {
+ trustedManager = "true";
+ } else {
+ trustedManager = "false";
+ }
+
+ String de = props.getProperty("enroll.debug");
+
+ if (de == null) {
+ debug = false;
+ } else if (de.equals("true")) {
+ debug = true;
+ } else {
+ debug = false;
+ }
+
+ }
+
+ private boolean listRequest(String from, String To) throws UnsupportedEncodingException {
+
+ Integer x = new Integer(from);
+
+ seqNumFrom = x.intValue();
+
+ Integer y = new Integer(To);
+
+ if ((y.intValue() - seqNumFrom) > 50) {
+ maxCount = 50;
+ } else {
+ maxCount = y.intValue() - x.intValue();
+ }
+ if (maxCount == 0) {
+ maxCount = 1;
+ }
+
+ reqtype = 1;
+ buildquery();
+ return (Send());
+ }
+
+ private boolean approveRequest() throws UnsupportedEncodingException {
+
+ boolean st = true;
+
+ listRequest(approveseqnumFrom, approveseqnumTo);
+
+ if (seqNum.isEmpty()) {
+ System.out.println("No Requests for approval");
+ return false;
+ }
+
+ if (approveseqnum.length() > 0) {
+ if (seqNum.contains(approveseqnum)) {
+ seqNum.removeAllElements();
+ seqNum.addElement(approveseqnum);
+ } else {
+ System.out.println(
+ " Seq num " + approveseqnum + " already approved ");
+ return false;
+ }
+ } else {
+ System.out.println(
+ " Seq num not specified . Approving all pending request From : "
+ + approveseqnumFrom + " To : " + approveseqnumTo);
+ }
+
+ boolean flag = true;
+
+ Integer y = new Integer(approveseqnumTo);
+ int torequest = y.intValue();
+
+ while (flag) {
+
+ i = 0;
+ while (i < seqNum.size()) {
+
+ approveseqnum = (seqNum.elementAt(i)).toString();
+ // Get request details
+ reqtype = 2;
+ buildquery();
+ if (!Send()) {
+ System.out.println("Error : Getting Request details ");
+ i++;
+ continue;
+ }
+
+ if (debug) {
+ System.out.println(
+ csrRequestorName + " " + csrRequestorPhone + " "
+ + csrRequestorEmail + " " + requestID + " "
+ + subject);
+ }
+ // Now for pending status - approve the request
+ reqtype = 3;
+ buildquery();
+ if (!Send()) {
+ System.out.println(
+ "Error: Approving request " + approveseqnum);
+ i++;
+ continue;
+ }
+ System.out.println("Request " + approveseqnum + " is approved ");
+ totalNumApproved++;
+ i++;
+ }
+ Integer x = new Integer(approveseqnum);
+
+ if (x.intValue() >= torequest) {
+ flag = false;
+ } else {
+ listRequest(approveseqnum, approveseqnumTo);
+ }
+
+ }
+ return st;
+ }
+
+ /**
+ * Use this method when you need to use properties file.
+ * @throws UnsupportedEncodingException
+ */
+
+ public int processRequest() throws UnsupportedEncodingException {
+ if (propfileName != null) {
+ readProperties();
+ }
+
+ if (approveseqnum.length() > 0) {
+ approveseqnumFrom = approveseqnum;
+ approveseqnumTo = approveseqnum;
+ }
+
+ type = type.toLowerCase();
+ if (type.equals("approve")) {
+ if (approveRequest()) {
+ System.out.println("Approve Request :" + totalNumApproved);
+ return totalNumApproved;
+ } else {
+ return -1;
+ }
+
+ }
+
+ if (type.equals("list")) {
+
+ if (listRequest(approveseqnumFrom, approveseqnumTo)) {
+ System.out.println("List Request : " + seqNum.size());
+ if (seqNum.size() > 0) {
+ return seqNum.size();
+ } else {
+ return 0;
+ }
+ } else {
+ return -1;
+ }
+
+ }
+
+ return -1;
+ }
+
+ public static void main(String args[]) {
+ // Exit Status - (0) for error
+ // - any number > 0 Pass
+ int st = 0;
+
+ if (args.length < 1) {
+ System.out.println("Usage : propertiesfile");
+ System.exit(0);
+ }
+
+ Request t = new Request(args[0]);
+
+ try {
+ st = t.processRequest();
+ } catch (UnsupportedEncodingException e) {
+ System.out.println(e);
+ e.printStackTrace();
+ }
+ if (st == -1) {
+ System.exit(0);
+ } else {
+ System.exit(st);
+ }
+
+ }// end of function main
+
+} // end of class
+
diff --git a/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java b/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java
new file mode 100644
index 000000000..f63456b4d
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/ServerInfo.java
@@ -0,0 +1,355 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedReader;
+import java.io.FileInputStream;
+import java.io.FileReader;
+import java.net.InetAddress;
+import java.util.StringTokenizer;
+
+/**
+ * CMS Test framework .
+ * This class fetches all the necssary ServerInformation to run the test . For example AdminServer information linke
+ * port , hsotname, Config LDAP server port, CMS servers Agentport,AdminPort, EESSL port, EE port etc..
+ */
+
+public class ServerInfo {
+
+ public String serverRoot, instanceRoot, instanceID;
+ public String ldapPort, ldapHost, ldapSSLPort, ldapBaseSuffix, adminPort, admDN, admDNPW, singleSignOnPWD, domain;
+ public String caSigningCertNickName, raSigningCertNickName, ocspSigningCertNickName, kraTransportCertNickName;
+ public String ServerCertNickName, CertAuthority;
+ public String CMSAgentPort, CMSEESSLPort, CMSEEPort, CMSAdminPort, IDBPort;
+
+ public static CMSProperties props = null;
+ public static CMSProperties CMSprops = null;
+
+ // Private variables
+ private int i;
+ public String CMSConfigFile, AdminConfigFile;
+
+ public ServerInfo() {
+ }
+
+ /**
+ * Constructor. Takes Server root as parameter for example ( /export/qa). Reads and collects information about
+ * adminserver and Config LDAP server.
+ */
+ public ServerInfo(String sroot) {
+ serverRoot = sroot;
+ AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf";
+ readAdminConfig();
+ SystemInfo();
+ }
+
+ /**
+ * Constructor. Takes Serverroot ( /export/qa) and instanceRoot (/export/qa/cert-jupiter2) as parameters . Reads and
+ * collects information about Admin Server , Config LDAP server and CMS server .
+ */
+
+ public ServerInfo(String sroot, String instRoot) {
+ serverRoot = sroot;
+ instanceRoot = instRoot;
+ CMSConfigFile = instanceRoot + "/config/CS.cfg";
+ AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf";
+ instanceID = instanceRoot.substring(instanceRoot.indexOf("cert-") + 5);
+ readAdminConfig();
+ SystemInfo();
+ parseServerXML();
+ readCMSConfig();
+ }
+
+ public String GetAdminPort() {
+ return adminPort;
+ }
+
+ public String GetConfigLDAPPort() {
+ return ldapPort;
+ }
+
+ public String GetHostName() {
+ if (domain.indexOf(".") > 0) {
+ return domain.substring(0, domain.indexOf("."));
+ } else {
+ return domain;
+ }
+ }
+
+ public String GetInstanceID() {
+ return instanceID;
+ }
+
+ public String GetCMSConfigFileName() {
+ return CMSConfigFile;
+ }
+
+ public String GetDomainName() {
+ return ldapHost.substring(ldapHost.indexOf(".") + 1);
+ }
+
+ public String GetAgentPort() {
+ return CMSAgentPort;
+ }
+
+ public String GetEESSLPort() {
+ return CMSEESSLPort;
+ }
+
+ public String GetEEPort() {
+ return CMSEEPort;
+ }
+
+ public String GetCMSAdminPort() {
+ return CMSAdminPort;
+ }
+
+ public String GetInternalDBPort() {
+ return IDBPort;
+ }
+
+ public String GetCertAuthority() {
+ return CertAuthority;
+ }
+
+ public String GetCASigningCert() {
+ return caSigningCertNickName;
+ }
+
+ public String GetRASigningCert() {
+ return raSigningCertNickName;
+ }
+
+ public String GetServerCertNickName() {
+ return ServerCertNickName;
+ }
+
+ public void setInstanceRoot(String instRoot) {
+ instanceRoot = instRoot;
+ CMSConfigFile = instanceRoot + "/config/CS.cfg";
+ AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf";
+ instanceID = instanceRoot.substring(instanceRoot.indexOf("cert-") + 5);
+ SystemInfo();
+ parseServerXML();
+ readCMSConfig();
+ }
+
+ // Private functions
+ private void SystemInfo() {
+ try {
+ domain = InetAddress.getLocalHost().getHostName();
+ System.out.println("Debu:SystemInfo " + domain);
+ } catch (Exception e) {
+ System.out.println("Exception InetAddress : " + e.getMessage());
+ }
+
+ }
+
+ private void parseServerXML() {
+ int AGENT = 1;
+ int ADMIN = 2;
+ int EE_SSL = 3;
+ int EE_NON_SSL = 4;
+ int IP = 5;
+ int PORT = 6;
+ BufferedReader in = null;
+
+ try {
+ String xmlFilePath = instanceRoot + "/config/server.xml";
+
+ in = new BufferedReader(new FileReader(xmlFilePath));
+ String s = in.readLine();
+
+ while (s != null) {
+ // <LS id="agent" ip="0.0.0.0" port="8101" security="on"
+ // acceptorthreads="1" blocking="no">
+ if (s.startsWith("<LS id=")) {
+ StringTokenizer st = new StringTokenizer(s, "\"");
+ int index1 = 5, index2 = 3;
+
+ while (st.hasMoreTokens()) {
+ String token = st.nextToken();
+
+ if (token.equalsIgnoreCase("agent")) {
+ index1 = AGENT;
+ } else if (token.equalsIgnoreCase("admin")) {
+ index1 = ADMIN;
+ } else if (token.equalsIgnoreCase("eeSSL")) {
+ index1 = EE_SSL;
+ } else if (token.equalsIgnoreCase("ee_nonSSL")) {
+ index1 = EE_NON_SSL;
+ } else if (token.equals(" ip=")) {
+ index2 = IP;
+ } else if (token.equals(" port=")) {
+ index2 = PORT;
+ }
+
+ if (index1 != 5 && index2 == IP && !token.equals(" ip=")) {
+ // token contains the ip value
+ } else if (index2 == PORT && !token.equals(" port=")) {
+
+ switch (index1) {
+ case 1:
+ CMSAgentPort = token;
+ break;
+
+ case 2:
+ CMSAdminPort = token;
+ break;
+
+ case 3:
+ CMSEESSLPort = token;
+ break;
+
+ case 4:
+ CMSEEPort = token;
+ break;
+
+ default:
+ break;
+
+ }
+
+ break;
+ }
+ } // while token
+ } // if LS
+ s = in.readLine();
+ } // while file no end
+ in.close();
+ } catch (Exception e) {
+ if (in != null) {
+ try {
+ in.close();
+ } catch (Exception ex) {
+ }
+ }
+ }
+ }
+
+ private String stripSpace(String s) {
+
+ String val = "";
+
+ for (int i = 0; i < s.length(); i++) {
+ if ((s.charAt(i) == ' ')) {
+ i++;
+ continue;
+ } else {
+ val += s.charAt(i);
+ }
+ }
+ return val;
+ }
+
+ private void readAdminConfig() {
+ String ldapHostStr = "ldapHost:";
+ String ldapPortStr = "ldapPort:";
+ String adminPortStr = "port:";
+
+ try {
+ FileInputStream fis = new FileInputStream(AdminConfigFile);
+ int size = fis.available();
+ byte b[] = new byte[size];
+
+ if (fis.read(b) != b.length) {
+ System.out.println("Could not read ");
+
+ } else {
+ String tmpstr = new String(b, 0, b.length);
+ int ret;
+
+ if ((ret = tmpstr.indexOf(ldapHostStr)) > -1) {
+ ldapHost = tmpstr.substring(ret + ldapHostStr.length() + 1,
+ tmpstr.indexOf("ldapPort", ret) - 1);
+ ldapHost = stripSpace(ldapHost);
+ // System.out.println(ldapPort);
+ }
+
+ if ((ret = tmpstr.indexOf(ldapPortStr)) > -1) {
+ ldapPort = tmpstr.substring(ret + ldapPortStr.length() + 1,
+ tmpstr.indexOf("sie", ret) - 1);
+ ldapPort = stripSpace(ldapPort);
+ // System.out.println(ldapPort);
+ }
+ if ((ret = tmpstr.indexOf(adminPortStr)) > -1) {
+ adminPort = tmpstr.substring(ret + adminPortStr.length() + 1,
+ tmpstr.indexOf("ldapStart", ret) - 1);
+ adminPort = stripSpace(adminPort);
+ // System.out.println(adminPort);
+ }
+
+ }
+
+ fis.close();
+ } catch (Exception e) {
+ System.out.println("exception " + e.getMessage());
+ }
+
+ }
+
+ private void readCMSConfig() {
+
+ try {
+ FileInputStream fis = new FileInputStream(CMSConfigFile);
+
+ CMSprops = new CMSProperties();
+ CMSprops.load(fis);
+ System.out.println("Reading CMS Config file successful");
+ CertAuthority = CMSprops.getProperty("subsystem.0.id");
+ if (CertAuthority.equals("ca")) {
+ caSigningCertNickName = CMSprops.getProperty(
+ "ca.signing.cacertnickname");
+ ServerCertNickName = "Server-Cert cert-" + instanceID;
+ }
+ if (CertAuthority.equals("ra")) {
+ raSigningCertNickName = CMSprops.getProperty(
+ "ra.signing.cacertnickname");
+ ServerCertNickName = "Server-Cert cert-" + instanceID;
+ }
+ IDBPort = CMSprops.getProperty("internaldb.ldapconn.port");
+
+ fis.close();
+ } catch (Exception e) {
+ System.out.println("exception " + e.getMessage());
+ }
+
+ }
+
+ public static void main(String args[]) {
+ ServerInfo s = new ServerInfo("Test", "Test");
+
+ System.out.println(" Admin Port : " + s.GetAdminPort());
+ System.out.println(" LDAP Port : " + s.GetConfigLDAPPort());
+ System.out.println("Hostname " + s.GetHostName());
+ System.out.println("InstanceID" + s.GetInstanceID());
+ System.out.println(" doamin name : " + s.GetDomainName());
+ System.out.println("AgentPort " + s.GetAgentPort());
+ System.out.println("EESSLPort " + s.GetEESSLPort());
+ System.out.println("EEPort " + s.GetEEPort());
+ System.out.println("CMSAdminPort :" + s.GetCMSAdminPort());
+ System.out.println("CAAuthority : " + s.GetCertAuthority());
+ System.out.println("CASigningCert:" + s.GetCASigningCert());
+ System.out.println("RASigningCert:" + s.GetRASigningCert());
+ System.out.println("ServerCert" + s.GetServerCertNickName());
+
+ }// end of function main
+
+} // end of class
+
diff --git a/base/silent/src/com/netscape/pkisilent/common/TestClient.java b/base/silent/src/com/netscape/pkisilent/common/TestClient.java
new file mode 100644
index 000000000..0e4ed9cdd
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/TestClient.java
@@ -0,0 +1,941 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedReader;
+import java.io.FileInputStream;
+import java.io.InputStreamReader;
+import java.net.ServerSocket;
+import java.util.Properties;
+
+import org.mozilla.jss.crypto.X509Certificate;
+import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
+
+/**
+ * CMS Test framework .
+ * Before createing an instance of this class make sure you havae set an environment variable TEST_CONFIG_FILE.
+ */
+
+public class TestClient implements SSLCertificateApprovalCallback {
+
+ public int port;
+
+ // properties file parameters
+ public static String host, ports, adminid, adminpwd, propfileName, cdir;
+ public static String certnickname, keysize, keytype, tokenpwd;
+ public static String serverRoot, instanceRoot, ldaprootDN, ldaprootDNPW, caInstanceRoot, dataDirectory;
+
+ // Program variables
+ public String STATUS;
+ public Properties props = null;
+ public String ACTION_STRING;
+ public String query;
+ public boolean debug = false;
+ // Certificate nicknames to be used by Test Clients
+ private int i;
+ private String testConfigFile;
+
+ public String caAgentCertName = "ca-agent";
+ public String raAgentCertName = "ra-agent";
+ public String ocspAgentCertName = "ocsp-agent";
+ public String kraAgentCertName = "kra-agent";
+ public String tksAgentCertName = "tks-agent";
+ public String singleSignOnPWD = "secret12";
+ public String adminCertName = "cn=admin";
+ private String ldapBaseSuffix = "dc=netscape,dc=com";
+ private String admDN = "admin";
+ private String admDNPW = "admin";
+ private String TmpDir;
+ private String TestLogFile;
+ private String startupTests, cleanupTests;
+
+ private X509Certificate SSLServerCert = null;
+
+ // Cert Sub vart
+ public String UID, OU, O, DN, E, CN, C, GN, SN, L, MAIL;
+ // Enroll
+ protected String PWD;
+ // CRypto
+ public ComCrypto cCrypt = new ComCrypto();
+ public String pkcs10request = null;
+
+ // Error
+
+ public String ErrorDetail;
+
+ private String serverKeyType, serverKeySize, serverKeyAlgo;
+
+ private String unauth[] = {
+ "Unauthorized Access", "Server Error",
+ "Not Found", "Generic Unauthorized" };
+
+ public boolean approve(X509Certificate x509, SSLCertificateApprovalCallback.ValidityStatus status) {
+ SSLServerCert = x509;
+ return true;
+ }
+
+ // Constructor
+
+ public TestClient() {
+ keysize = "1024";
+ keytype = "RSA";
+ }
+
+ /**
+ * Constructor . Takes the parameter for keysize and keytype .
+ * Before creating a new instance of this class make sure you have set TEST_CONFIG_FILE variable in your
+ * environnemt.
+ * Reads the TEST_CONFIG_FILE . Initializes the certificate database. See engage.cfg file for example.
+ *
+ * @param keysize
+ * @param keytype
+ */
+
+ public TestClient(String ks, String kt) {
+
+ testConfigFile = ReadEnv("TEST_CONFIG_FILE");
+
+ System.out.println(testConfigFile);
+ readConfigFile();
+ keysize = ks;
+ keytype = kt;
+ cCrypt.setCertDir(cdir);
+ cCrypt.setCertnickname(adminCertName);
+ cCrypt.setKeySize(keysize);
+ cCrypt.setKeyType(keytype);
+ cCrypt.setTokenPWD(tokenpwd);
+ cCrypt.setDebug(true);
+ cCrypt.CreateCertDB();
+
+ }
+
+ /**
+ * Gets the SSLServer Certificate of the server
+ */
+
+ public X509Certificate getSSLServerCert() {
+ return SSLServerCert;
+ }
+
+ /**
+ * finds the cert with nickname cname in the clients cert database
+ */
+
+ public X509Certificate findCertByNickname(String cname) {
+
+ return cCrypt.findCert(cname);
+
+ }
+
+ /**
+ * Imports certificate to cert database.Takes parameters Certpackage and certnickname
+ */
+ boolean importCert(String cp, String nickname) {
+
+ return cCrypt.importCert(cp, nickname);
+
+ }
+
+ /**
+ * This function returns true if you choose to executeStartupTests
+ */
+
+ public boolean executeStartupTests() {
+
+ if (startupTests == null) {
+ return false;
+ } else if (startupTests.equals("y")) {
+ return true;
+ } else {
+ return false;
+ }
+
+ }
+
+ /**
+ * This function returns true if you choose to executeCleanupTests
+ */
+
+ public boolean executeCleanupTests() {
+
+ if (cleanupTests == null) {
+ return false;
+ } else if (cleanupTests.equals("y")) {
+ return true;
+ } else {
+ return false;
+ }
+
+ }
+
+ public String GetServerRoot() {
+ return serverRoot;
+ }
+
+ public String GetInstanceRoot() {
+ return instanceRoot;
+ }
+
+ public String getErrorDetail() {
+ return ErrorDetail;
+ }
+
+ public String GetAdminDN() {
+ return admDN;
+ }
+
+ public String GetAdminDNPWD() {
+ return admDNPW;
+ }
+
+ public String GetLDAPDN() {
+ return ldaprootDN;
+ }
+
+ public String GetLDAPDNPW() {
+ return ldaprootDNPW;
+ }
+
+ public String GetLDAPBASE() {
+ return ldapBaseSuffix;
+ }
+
+ public String GetAdminCertName() {
+ return adminCertName;
+ }
+
+ public String GetRAAgentCertName() {
+ return raAgentCertName;
+ }
+
+ public String GetKRAAgentCertName() {
+ return kraAgentCertName;
+ }
+
+ public String GetOCSPAgentCertName() {
+ return ocspAgentCertName;
+ }
+
+ public String GetTKSAgentCertName() {
+ return tksAgentCertName;
+ }
+
+ public String GetDataDirectory() {
+ return dataDirectory;
+ }
+
+ public String GetClientCertDB() {
+ return cdir;
+ }
+
+ public String GetClientCertDBPW() {
+ return tokenpwd;
+ }
+
+ public String GetSingleSignOnPW() {
+ return singleSignOnPWD;
+ }
+
+ public String GetCARoot() {
+ return caInstanceRoot;
+ }
+
+ public String GetTmpDir() {
+ return TmpDir;
+ }
+
+ public String GetServerKeySize() {
+ return serverKeySize;
+ }
+
+ public String GetServerKeyType() {
+ return serverKeyType;
+ }
+
+ public String GetServerKeyAlgorithm() {
+ return serverKeyAlgo;
+ }
+
+ public void setStatusString(String ststr) {
+ STATUS = ststr;
+ }
+
+ public void setDebug(boolean t) {
+ debug = t;
+ }
+
+ public void setpkcs10Request(String t) {
+ pkcs10request = t;
+ }
+
+ public void setHostName(String s) {
+ host = s;
+ }
+
+ public void setCARoot(String s) {
+ caInstanceRoot = s;
+ }
+
+ public void setTestLogFile(String s) {
+ TestLogFile = s;
+ }
+
+ /**
+ * parses a http page and returns true if any error is returned by server
+ **/
+
+ public boolean getError(String line) {
+
+ int ret;
+
+ ret = line.indexOf("fixed.errorDetails");
+
+ if (line.indexOf("fixed.errorDetails") == 0) {
+ ErrorDetail = line.substring(
+ ret + ("fixed.errorDetails = ").length());
+ return true;
+ }
+
+ if (line.indexOf("fixed.errorDetails") >= 0) {
+ ErrorDetail = line.substring(
+ ret + ("fixed.errorDetails = ").length());
+ return true;
+ }
+
+ ret = line.indexOf("fixed.unexpectedError");
+
+ if (line.indexOf("fixed.unexpectedError") == 0) {
+ System.out.println("Processing unexpectedError");
+ ErrorDetail = line.substring(
+ ret + ("fixed.unexpectedError = ").length());
+ return true;
+ }
+
+ if (line.indexOf(unauth[0]) > 0) {
+ ErrorDetail = unauth[0];
+ return true;
+ }
+ if (line.indexOf(unauth[1]) > -1) {
+ ErrorDetail = unauth[1];
+ return true;
+ }
+ if (line.indexOf(unauth[2]) > -1) {
+ ErrorDetail = unauth[2];
+ return true;
+ }
+ if (line.indexOf(unauth[3]) > -1) {
+ ErrorDetail = unauth[3];
+ return true;
+ }
+
+ if (line.indexOf("errorReason") >= 0) {
+ ErrorDetail = line.substring(ret + ("errorReason=").length());
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * Reads a properties file . Takes filename as input parameter.
+ */
+
+ public void getProperties(String fileName) throws Exception {
+ try {
+ FileInputStream fis = new FileInputStream(fileName);
+
+ props = new Properties();
+ props.load(fis);
+ } catch (Exception e) {
+ System.out.println("exception " + e.getMessage());
+ }
+
+ }
+
+ public String ReadEnv(String str) {
+ try {
+ Process p = null;
+ Runtime r = Runtime.getRuntime();
+ String OS = System.getProperty("os.name").toLowerCase();
+
+ if (OS.indexOf("windows") > 1) {
+ p = r.exec("cmd.exe /c set");
+ } else {
+ p = r.exec("env");
+ }
+
+ BufferedReader br = new BufferedReader(
+ new InputStreamReader(p.getInputStream()));
+ String line;
+
+ while ((line = br.readLine()) != null) {
+ int idx = line.indexOf('=');
+ String key = line.substring(0, idx);
+ String value = line.substring(idx + 1);
+
+ // System.out.println(key + "=" + value);
+ if (key.startsWith(str)) {
+ return value;
+ }
+ }
+ return null;
+ } catch (Throwable e) {
+ e.printStackTrace();
+ }
+ return null;
+ }
+
+ private void readConfigFile() {
+ try {
+ getProperties(testConfigFile);
+ } catch (Exception e) {
+ System.out.println(
+ "exception reading TestConfigFile " + e.getMessage());
+ }
+
+ serverRoot = props.getProperty("SROOT");
+ instanceRoot = props.getProperty("IROOT");
+ dataDirectory = props.getProperty("DATA_DIR");
+ ldapBaseSuffix = props.getProperty("LDAPBASESUFFIX");
+
+ if (ldapBaseSuffix.indexOf("\"") > -1) {
+ ldapBaseSuffix = ldapBaseSuffix.substring(1,
+ ldapBaseSuffix.length() - 1);
+ }
+
+ ldaprootDN = props.getProperty("LDAPROOTDN");
+ // Strip of th e quotes "cn=directory manager" string
+ if (ldaprootDN.indexOf("\"") > -1) {
+ ldaprootDN = ldaprootDN.substring(1, ldaprootDN.length() - 1);
+ }
+ System.out.println("ldaprootDN : " + ldaprootDN);
+
+ ldaprootDNPW = props.getProperty("LDAPROOTDNPW");
+ cdir = props.getProperty("CERTDB");
+ tokenpwd = props.getProperty("CERTDBPW");
+ caInstanceRoot = props.getProperty("CAIROOT");
+ admDN = props.getProperty("ADMINDN");
+ admDNPW = props.getProperty("ADMINDNPW");
+ singleSignOnPWD = props.getProperty("SINGLESIGNONPW");
+ serverKeySize = props.getProperty("KEYSIZE");
+ serverKeyType = props.getProperty("KEYTYPE");
+ serverKeyAlgo = props.getProperty("KEYALGORITHM");
+
+ TmpDir = props.getProperty("TMP_DIR");
+ TestLogFile = props.getProperty("TEST_LOG_FILE");
+
+ String de = props.getProperty("DEBUG");
+
+ if (de == null) {
+ debug = false;
+ } else if (de.equals("true")) {
+ debug = true;
+ } else {
+ debug = false;
+ }
+
+ }
+
+ /**
+ * returns a String representation of an interger
+ */
+ public String getString(int m) {
+ Integer x = new Integer(m);
+ String s = x.toString();
+
+ return s;
+ }
+
+ /**
+ * returns FreePort in this machine . Takes a parmater portnumber. For example getFreePort("4026").
+ */
+ public String getFreePort(String s) {
+ Integer x = new Integer(s);
+ int p = x.intValue();
+
+ // if p = 0, then the serversocket constructor get a free port by itself
+ p = 0;
+ try {
+ ServerSocket ss1 = new ServerSocket(p);
+
+ p = ss1.getLocalPort();
+ System.out.println("Obtained Free Port = " + p);
+ ss1.close();
+ return (getString(p));
+ } catch (Exception e) {
+ System.out.println("Unable to get Free Port");
+ e.printStackTrace();
+ p = 0;
+ return (getString(p));
+ }
+
+ // This following method doesn't Always get a free port.
+ // while (st) {
+ // if(isSocketUnused(host,p) )
+ // st=false;
+ // p++;
+ // }
+ // return (getString(p));
+
+ }
+
+ /**
+ * Reads a file and returns the cert request as string
+ **/
+
+ public String readRequest(String filename) {
+ try {
+ FileInputStream f1 = new FileInputStream(filename);
+ int size = f1.available();
+ byte b[] = new byte[size];
+
+ if (f1.read(b) != b.length) {
+ return null;
+ }
+
+ f1.close();
+ String s = new String(b);
+
+ return s;
+ } catch (Exception e) {
+ System.out.println("exception " + e.getMessage());
+ return null;
+ }
+ }
+
+ public static void main(String args[]) {
+ TestClient t = new TestClient("1024", "RSA");
+
+ /*
+ *******************************************************************
+ * Sample programs to initialze calsses
+ *******************************************************************
+ */
+
+ /*
+ ********************************************************************
+ * To Test AutoInstaller
+ *******************************************************************
+ */
+
+ /*
+ AutoInstaller a = new AutoInstaller(t.GetServerRoot());
+
+ ServerInfo s = new ServerInfo(t.GetServerRoot());
+ System.out.println (" Admin Port : " + s.GetAdminPort());
+ System.out.println (" LDAP Port : "+ s.GetConfigLDAPPort());
+ System.out.println( "Hostname " + s.GetHostName());
+ System.out.println(" doamin name : " + s.GetDomainName());
+
+ t.setHostName(s.GetHostName());
+ // Set adminServer Info
+ a.setAdminInfo(s.GetHostName(),s.GetAdminPort(),s.GetDomainName(),"admin","admin");
+ a.setAdminInfo(s.GetHostName(),s.GetAdminPort(),"mcom.com","admin","admin");
+
+ // setCAInfo
+ a.setCAInfo(s.GetHostName(),"1027","8100","admin","secret12");
+ //setInternalDB info
+ String dp = t.getFreePort("38900");
+ a.setInternalDBInfo(s.GetHostName(),"38907","ca-db","cn=directory manager","secret12" );
+
+ // set tokenInfo
+
+ a.setTokenInfo("Internal","secret12");
+
+ // set Subsystem info
+ String agp = t.getFreePort("8100");
+ String adp = t.getFreePort("8200");
+ String eesp = t.getFreePort("1027");
+ String eep = t.getFreePort("1100");
+
+ System.out.println(agp);
+
+ a.setSubSystemInfo("testra",t.GetServerRoot(),"RSA","1024","MD5","365","cn=certificate manager,ou=test,o=test",adp,agp,eesp,eep);
+
+ a.setClientDBInfo(t.GetClientCertDB(),"secret12",t.GetAdminCertName());
+
+ a.ConfigureCA("admin","admin","secret12","secret12");
+
+ // a.ConfigureRA("admin","admin","secret12","secret12");
+
+ */
+
+ /*
+ ******************************************************
+ * Example to Get Server Details
+ ******************************************************
+ */
+
+ ServerInfo s = new ServerInfo(t.GetServerRoot(), t.GetInstanceRoot());
+
+ t.setHostName(s.GetHostName());
+
+ System.out.println("AgentPort " + s.GetAgentPort());
+ System.out.println("EESSLPort " + s.GetEESSLPort());
+ System.out.println("EEPort " + s.GetEEPort());
+ System.out.println("CMSAdminPort :" + s.GetCMSAdminPort());
+ System.out.println("IDBPort : " + s.GetInternalDBPort());
+ System.out.println("CAAuthority : " + s.GetCertAuthority());
+ System.out.println("CASigningCert:" + s.GetCASigningCert());
+ System.out.println("RASigningCert:" + s.GetRASigningCert());
+ System.out.println("ServerCert" + s.GetServerCertNickName());
+ System.out.println("------------------------------------------");
+ System.out.println(" Internal Database Test:");
+ System.out.println(" LDAP Port : " + s.GetConfigLDAPPort());
+ System.out.println("Hostname " + s.GetHostName());
+
+ DirEnroll de = new DirEnroll(s.GetHostName(), s.GetEESSLPort());
+
+ de.setAuthenticator("Portal");
+ de.setUIDInfo("caeetest110", "secret12");
+ de.enroll();
+
+ /* ****************************************************************
+ * CMC Enroll
+ ***************************************************************
+ */
+
+ /* CMSUtils cmsutils = new CMSUtils(t.GetServerRoot());
+ String requestfile="/u/lgopal/work/tetCMS/ns/tetframework/testcases/CMS/6.0/acceptance/data/basic/cmcreq/cmctest1.req";
+ cmsutils.runCMCEnroll(t.GetClientCertDB(),"cn=admin",t.GetClientCertDBPW(),requestfile);
+ Profiles pr = new Profiles(s.GetHostName(),s.GetEESSLPort());
+ pr.setProfileType("caCMCUserCert");
+ pr.setCertAuthority("ca");
+
+ String request = t.readRequest(requestfile+".out");
+ String bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----";
+ String estr="-----END NEW CERTIFICATE REQUEST-----";
+ String Blob1 = request.substring(bstr.length() + 1);
+ String Blob2 = Blob1.substring(0,Blob1.indexOf(estr));
+ request=Blob2;
+
+
+ pr.setRequest(request);
+
+ pr.setUserInfo("UID=test1,Ou=netscape,o=aol","test","test","test","netscape","aol");
+ pr.clientCertEnroll();
+ */
+
+ /* ****************************************************************
+ * OCSP Client stuff
+ ************************************************************
+ */
+
+ /*
+ String ip= "10.169.25.26";
+ OCSPClient ocspclient= new OCSPClient(s.GetHostName(),ip,s.GetEEPort(),t.GetClientCertDB(),t.GetClientCertDBPW(),"cn=admin" ,"/tmp/ocsp.out","4");
+ ocspclient.setCert(t.findCertByNickname("ocsp-agent"));
+
+ ocspclient.SendOCSPRequest();
+ */
+
+ /*
+ *****************************************************
+ * Test CRMFcleint and KRA REcovery and Archival
+ *****************************************************
+ */
+
+ /*
+ *********************************************************
+ * OCSP Agent stuff
+ *********************************************************
+ */
+
+ /* Retrieval rtr = new Retrieval(s.GetHostName(),s.GetEESSLPort());
+ rtr.getCACert();
+ System.out.println("CA Cert chain" + rtr.getCert());
+
+ OcspAgent ocspAgent= new OcspAgent(s.GetHostName(),"8111");
+ ocspAgent.setAgentCertName(t.GetOCSPAgentCertName());
+
+ String cert = "-----BEGIN CERTIFICATE-----"+"\n"+rtr.getCert()+"\n"+"-----END CERTIFICATE-----\n";
+
+ ocspAgent.setCACert(cert);
+ ocspAgent.addCA();
+ */
+
+ /*
+ ***************************************************************
+ Submit Profile based request
+ *********************************************************
+ */
+
+ /*
+ Profiles pr = new Profiles(s.GetHostName(),s.GetEESSLPort());
+ pr.setProfileType("caUserCert");
+ // pr.setProfileType("caDirUserCert");
+
+ pr.setCertAuthority("ca");
+ pr.setUserInfo("UID=test1,Ou=netscape,o=aol","test","test","test","netscape","aol");
+ //pr.setDirUserInfo("test","netscape");
+ pr.clientCertEnroll();
+ System.out.println("Request ID is " + pr.getRequestID());
+
+
+ Request re = new Request (s.GetHostName(),s.GetAgentPort(),"ca");
+ re.setAgentCertName(t.GetAdminCertName());
+ re.ApproveProfileRequests(pr.getRequestID());
+ */
+
+ /*
+ String TransportCert="MIICJTCCAY6gAwIBAgIBBTANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVzdDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MjMyMTM3NTFaFw0wNDA0MjIwOTMzMzFaMDkxETAPBgNVBAoTCHRlc3QxMDI0MRcwFQYDVQQLEw5hY2NlcHRhbmNldGVzdDELMAkGA1UEAxMCcmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANVW81T7GatHIB25kF0jdY4h4hOF1NAlAHE2YdN/UEyXuU22CfwrIltA3x/6sKFHhbbFysn6nGJlgKipPJqJDwyYTIv07hgoXqgcUu8fSYQg4BDHYhpHJxsUt3BSfADTjxAUHize7C2F8TVhBIcWW043FSkwvAiUjJb7uqQRKn7lAgMBAAGjMzAxMA4GA1UdDwEB/wQEAwIFIDAfBgNVHSMEGDAWgBTqvc3UPGDSWq+21DZGSUABNGIUbDANBgkqhkiG9w0BAQQFAAOBgQCNLJivNDHTTmCb2vDefUwLMxXNjuHwrbjVqymHPFqUjredTq2Yp+Ed1zxj+mxRovzegd65Tbnx+MV84j8K3Qc1kWOC+kbohAY9svSPsN3o5Q5BB19+5nUPC5Gk/mxkWJWWJLOnpKJGiAHMZIr58TH7hF8KQWXWMN9ikSFkPj0a/g==";
+
+
+ CRMFClient CrmfClient = new CRMFClient(s.GetHostName(),s.GetEEPort());
+ CrmfClient.setDBInfo(t.GetClientCertDB(),t.GetClientCertDBPW());
+ CrmfClient.setTransportCert(TransportCert);
+ CrmfClient.setUserInfo("user","netscape");
+ CrmfClient.setLDAPInfo(t.GetLDAPDN(),t.GetLDAPDNPW());
+ CrmfClient.setDualKey(true);
+
+ if(!CrmfClient.Enroll())
+ {System.out.println("CRMFClient : could not submit request");}
+
+
+ checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),t.getString(CrmfClient.getRequestId()),"false");
+ cr.checkRequestStatus();
+ System.out.println("Serial num " + cr.getSerialNumber());
+ System.out.println("cert pack " + cr.getCert());
+
+ KraAgent kraAgent = new KraAgent(s.GetHostName(),"8111");
+ kraAgent.setAgentCertName("cn=admin");
+ System.out.println("KRAAgent List archival");
+
+ Vector aReq= kraAgent.ListArchivalRequests();
+ int i=0;
+ while(i < aReq.size() )
+ {
+ System.out.print(aReq.elementAt(i) + " ");
+ i++;
+ }
+
+ kraAgent.setCertificate(cr.getCert());
+ kraAgent.setLocalAgent(false);
+ kraAgent.recoverKeys();
+ */
+
+ /*
+ *************************************************************
+ * Example to Connect oto Config Directory port
+ *************************************************************
+ */
+
+ /*
+ CMSLDAP cmsldap = new CMSLDAP(s.GetHostName(),s.GetConfigLDAPPort(),t.GetLDAPDN(),t.GetLDAPDNPW());
+ if(cmsldap.connect())
+ System.out.println("LDAP Connection successful");
+ else
+ System.out.println("Error Connecting to LDAPSERVER");
+
+ // Add user to config directoory
+ if (cmsldap.userAdd("ou=people,"+t.GetLDAPBASE(),"t2","t2","t2","netscape"))
+ System.out.println("Added user to Config directory");
+
+ */
+
+ /*
+ *************************************************************
+ * Example to Submit a CRMFCleint request to CA
+ *************************************************************
+ */
+
+ /*
+ String TransportCert =
+ "MIICJTCCAY6gAwIBAgIBBTANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVzdDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MTgyMjMwMDhaFw0wNDA0MTcxMDI2MDhaMDkxETAPBgNVBAoTCHRlc3QxMDI0MRcwFQYDVQQLEw5hY2NlcHRhbmNldGVzdDELMAkGA1UEAxMCcmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN6sQ3mSU8mL6i6gTZIXDLzOZPhYOkQLpnJjit5hcPZ0JMn0CQVXo4QjKN1xvuZv8qVlZoQw9czmzp/knTa0sCDgFKd0r+u0TnLeZkJMSimgFnma9CnChlaDHnBd8Beu4vyaHmo7rJ0xA4etn7HjhmKbaQZOcv/aP0SW9JXRga7ZAgMBAAGjMzAxMA4GA1UdDwEB/wQEAwIFIDAfBgNVHSMEGDAWgBSC3fsQHb7fddr2vL0UdkM2dAmUWzANBgkqhkiG9w0BAQQFAAOBgQBkAGbgd9HIqwoLKAr+V6bj9oWesDmDH80gPPxj10qyWSQYIs8PofOs/75yGS9nxhydtgSMFoBgCPdroUI31kZQQlFzxtudGoKD+5MWSXho79XzPwpjheOBYgpX6ch+L4tMLFDpqeraB1yZESO5EEeKm20DGVBOKVWxHhddO1BenA==";
+
+ CRMFClient CrmfClient = new CRMFClient(s.GetHostName(),s.GetEEPort());
+ CrmfClient.setDBInfo(t.GetClientCertDB(),t.GetClientCertDBPW());
+ CrmfClient.setTransportCert(TransportCert);
+ CrmfClient.setUserInfo("user","netscape");
+ CrmfClient.setLDAPInfo(t.GetLDAPDN(),t.GetLDAPDNPW());
+ CrmfClient.setDualKey(true);
+
+ if(!CrmfClient.Enroll())
+ {System.out.println("CRMFClient : could not submit request");}
+ */
+
+ /* KRA Agent list archived request */
+
+ /* ServerInfo KRAsvrInfo = new ServerInfo(t.GetServerRoot());
+ String KRAinstanceRoot=t.GetServerRoot() + "/cert-" + "KRARSA1024" ;
+ KRAsvrInfo.setInstanceRoot(KRAinstanceRoot);*/
+
+ /* System.out.println("KRAAgent ");
+ KraAgent kraAgent = new KraAgent(s.GetHostName(),s.GetAgentPort());
+ kraAgent.setAgentCertName(t.GetKRAAgentCertName());
+ System.out.println("KRAAgent List archival");
+
+ Vector aReq= kraAgent.ListArchivalRequests();
+ int i=0;
+ while(i < aReq.size() )
+ {
+ System.out.print(aReq.elementAt(i) + " ");
+ i++;
+ }
+
+ */
+
+ // cmsldap.disconnect();
+
+ /*
+ *************************************************************
+ * Example to submit manual user enrollment request
+ *************************************************************
+ /*
+
+
+ /*
+ UserEnroll ue = new UserEnroll(s.GetHostName(),"1029");
+ ue.setUserInfo("E=testman,CN=testman,OU=netscape,O=aol,UID=testman1,C=US","testman", "testman", "testman1", "netscape","t");
+
+ boolean flag = ue.clientCertEnroll();
+ if(flag)
+ System.out.println("Success submitted request");
+ */
+
+ /*
+ *************************************************************
+ * Example to submit Directory based enroolemt request
+ *************************************************************
+ /*
+
+ /*
+ // Add user to config directoory
+ if (cmsldap.userAdd("dc=netscape,dc=com","t2","t2","t2","netscape"))
+ System.out.println("Success ");
+
+ if(cmsldap.TurnOnSSL("slapd-jupiter2","Server-Cert cert-jupiter2","7000"))
+ System.out.println("Turned on ssl");
+ else
+ return;
+
+ cmsldap.TurnOffSSL();
+
+ cmsldap.disconnect();
+
+ DirEnroll de = new DirEnroll(s.GetHostName(),s.GetEESSLPort());
+ de.setUIDInfo("t2","netscape");
+ de.enroll();
+
+ */
+
+ /*
+ *************************************************************
+ * Example to submit Admin Enrollment request
+ *************************************************************
+ /*
+
+ /*
+
+ AdminEnroll ade = new AdminEnroll("jupiter2","8200","cn=CMS Administrator,UID=admin,C=US","admin", "secret12");
+ flag = ade.Enroll();
+ if (flag)
+ System.out.println("adminEnrolled Successfully");
+ */
+
+ /*
+ *************************************************************
+ * Example gent List Pending request
+ *************************************************************
+ /*
+
+ /*
+
+ // Agent List and Approve Request
+ Request re = new Request (s.GetHostName(),s.GetAgentPort(),s.GetCertAuthority());
+ re.setAgentCertName(t.GetAdminCertName());
+ re.ListPendingRequests("2","70");
+ re.ApproveRequests(t.getString(ue.getRequestId()));
+ */
+
+ /*
+ *************************************************************
+ * Example for CheckRequest Status and add the certificate to internal db
+ *************************************************************
+ /*
+
+ /*
+ // check request status and Revoke cert
+ checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),t.getString(ue.getRequestId()),"false");
+ checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),"1","false");
+
+ cr.checkRequestStatus();
+ System.out.println("Serial num " + cr.getSerialNumber());
+ System.out.println("cert pack " + cr.getCert());
+
+ String st= "-----BEGIN CERTIFICATE-----"+"\n"+cr.getCert()+"\n"+"-----END CERTIFICATE-----\n";
+ System.out.println("cert pack " + st);
+
+ cmsldap.getXCertificate(st.getBytes());
+
+ */
+
+ /*
+ *************************************************************
+ * Example agent ro revoke request
+ *************************************************************
+ /*
+
+ /*
+ Revoke rr = new Revoke (s.GetHostName(),s.GetAgentPort(),s.GetCertAuthority(),t.getString(cr.getSerialNumber()));
+ rr.revokeCerts();
+ */
+
+ /*
+ *************************************************************
+ * Example Agent update CRL
+ *************************************************************
+ /*
+
+ /*
+ // Update CRLand DISPLAY it
+
+ System.out.println("Displayin CRL");
+ CRL crl = new CRL (s.GetHostName(),s.GetAgentPort(),"/tmp/crlfile");
+ crl.setAgentCertName(t.GetAdminCertName());
+ crl.updateCRL();
+ crl.displayCRL();
+ crl.getRevokedCerts();
+ */
+
+ // Update CRL in Directory
+ /* UpdateDir dcrl = new UpdateDir(s.GetHostName(),s.GetEESSLPort());
+ dcrl.updateDir();*/
+
+ /*
+ *************************************************************
+ * Example for stopping and starting servers
+ *************************************************************
+ */
+
+ /*
+ DSTask idb = new DSTask(t.GetServerRoot()+"/slapd-jupiter2-db");
+ if (idb.ldapStop()) System.out.println("IDB stopped");
+ if(idb.ldapStart()) System.out.println("IDB Started");
+
+ System.out.println("------------------------------------------");
+ System.out.println(" CMS Test:");
+ CMSTask task = new CMSTask(t.GetInstanceRoot());
+ task.CMSStop();
+ task.CMSStart();
+ */
+
+ }// end of function main
+
+}
diff --git a/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java b/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java
new file mode 100644
index 000000000..c55088bc6
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java
@@ -0,0 +1,536 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedOutputStream;
+import java.io.BufferedReader;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.util.Date;
+import java.util.GregorianCalendar;
+
+import org.mozilla.jss.ssl.SSLSocket;
+
+/**
+ * CMS Test framework .
+ * Submits Legacy Manual User Enrollment request from EESSL port. Parses the response from server and return RequestID.
+ * <P>
+ */
+
+public class UserEnroll extends TestClient {
+
+ private int i;
+ private String requestorName, requestorEmail, requestorPhone, requestorComments, requestId, certType, ssl_client;
+ private int port;
+ private long elapsedTime;
+
+ // Constructor
+ public UserEnroll() {
+ }
+
+ /**
+ * Constructor . Takes the parameter hostname and EESSLport
+ * <p>
+ */
+
+ public UserEnroll(String h, String p) {
+ host = h;
+ ports = p;
+ }
+
+ /**
+ * Constructor . Takes the parameter for Properties file name
+ * <p>
+ *
+ * @param propfilename name of the parameter file
+ */
+
+ public UserEnroll(String pfile) {
+ propfileName = pfile;
+ }
+
+ /**
+ * Constructor . Takes the parameter for hostname, EESSLportnumber, subjectdn, E, CN,UID,OU,O,
+ * CertdbDirecrory(fullpath) , certdbPassword, keysize, keytype, requestorName,requestorEmail and Certtype.
+ * valid values for Certtype - "ca","ra","ocsp"
+ * <p>
+ *
+ * @param propfilename name of the parameter file
+ */
+
+ public UserEnroll(String h, String p, String dn, String e, String cn, String uid, String ou, String o, String cd,
+ String tpwd, String sslcl, String ksize, String keyty, String reqname, String reqemail, String ctype) {
+
+ host = h;
+ ports = p;
+ DN = dn;
+ E = e;
+ CN = cn;
+ UID = uid;
+ OU = ou;
+ O = o;
+ C = "US";
+ cdir = cd;
+ tokenpwd = tpwd;
+ ssl_client = sslcl;
+ keysize = ksize;
+ keytype = keyty;
+ requestorName = reqname;
+ requestorPhone = "650";
+ requestorEmail = "lg";
+ requestorComments = "load Test";
+ certnickname = "cn=test";
+ keytype = "RSA";
+ keysize = "1024";
+ certType = ctype;
+ if (certType.equals("caSigningCert")) {
+ certType = "ca";
+ }
+ if (certType.equals("raSigningCert")) {
+ certType = "ra";
+ }
+ if (certType.equals("ocspSigningCert")) {
+ certType = "ocsp";
+ }
+ }
+
+ /**
+ * Set Certificate Request information. Takes parameters - subjectdn,E,CN,UID,OU,O
+ */
+
+ public void setUserInfo(String dn, String e, String cn, String uid, String ou, String o) {
+ DN = dn;
+ E = e;
+ CN = cn;
+ UID = uid;
+ OU = ou;
+ O = o;
+ requestorName = "test";
+ requestorPhone = "650";
+ requestorEmail = "lg";
+ requestorComments = "Test";
+ certnickname = "cn=test";
+
+ }
+
+ public void setUserInfo(String dn, String e, String cn, String uid, String ou, String o, String nickname) {
+ DN = dn;
+ E = e;
+ CN = cn;
+ UID = uid;
+ OU = ou;
+ O = o;
+ requestorName = "test";
+ requestorPhone = "650";
+ requestorEmail = "lg";
+ requestorComments = "Test";
+ certnickname = nickname;
+
+ }
+
+ /**
+ * Set Certificat Type for which you want to submit a request . Valid values - "ca"/"ra"/"ocsp"
+ */
+ public void setCertType(String ct) {
+ certType = ct;
+ }
+
+ public boolean enroll_load() throws UnsupportedEncodingException {
+ buildquery();
+ setStatusString("");
+ return (Send());
+ }
+
+ private boolean pkcs10() {
+
+ System.out.println(" In pkcs10 Keysize , key type " + keysize + keytype);
+ // ComCrypto cCrypt = new ComCrypto(cdir,tokenpwd,certnickname,keysize,keytype);
+ cCrypt.setCertDir(cdir);
+ cCrypt.setCertnickname(adminCertName);
+ cCrypt.setKeySize(keysize);
+ cCrypt.setKeyType(keytype);
+ cCrypt.setTokenPWD(tokenpwd);
+ cCrypt.setDebug(true);
+ if (pkcs10request != null) {
+ cCrypt.setGenerateRequest(false);
+ cCrypt.loginDB();
+ } else {
+ cCrypt.setGenerateRequest(true);
+ if (!cCrypt.generateRequest()) {
+ System.out.println("Request could not be generated ");
+ return false;
+ }
+ pkcs10request = cCrypt.getPkcs10Request();
+ }
+
+ try {
+ System.out.println("Debug: building query ");
+ buildquery();
+ if (debug) {
+ System.out.println(query);
+ }
+ setStatusString("");
+ return (Send());
+ } catch (Exception e) {
+ System.err.println("some exception:" + e);
+ }
+
+ return (false);
+
+ }
+
+ // Private methods
+
+ private void setElapsedTime(long dif) {
+ elapsedTime = dif;
+ }
+
+ private long calculateElapsedTime(GregorianCalendar b, GregorianCalendar e) {
+
+ Date d1 = b.getTime();
+ Date d2 = e.getTime();
+ long l1 = d1.getTime();
+ long l2 = d2.getTime();
+ long difference = l2 - l1;
+
+ return difference;
+
+ }
+
+ private boolean Send() {
+ boolean st = false;
+
+ try {
+
+ if (debug) {
+ System.out.println("Step 3 : Socket initialize");
+ }
+
+ Integer x = new Integer(ports);
+
+ port = x.intValue();
+
+ GregorianCalendar begin = new GregorianCalendar();
+
+ // SSLSocket socket = new SSLSocket(host,port);
+ SSLSocket socket = new SSLSocket(host, port, null, 0, this, null);
+
+ socket.setUseClientMode(true);
+ OutputStream rawos = socket.getOutputStream();
+ BufferedOutputStream os = new BufferedOutputStream(rawos);
+ PrintStream ps = new PrintStream(os);
+
+ ps.println("POST /enrollment HTTP/1.0");
+ ps.println("Connection: Keep-Alive");
+ ps.println("Content-type: application/x-www-form-urlencoded");
+ ps.println("Content-length: " + query.length());
+ ps.println("");
+ ps.println(query);
+ ps.println("\r");
+ ps.flush();
+ os.flush();
+ BufferedReader stdin = new BufferedReader(
+ new InputStreamReader(socket.getInputStream()));
+
+ if (debug) {
+ System.out.println("Step 4: Received the page");
+ }
+ st = false;
+ String line;
+
+ while ((line = stdin.readLine()) != null) {
+ if (debug) {
+ System.out.println(line);
+ }
+ if (line.indexOf(STATUS) != -1) {
+ st = true;
+ }
+ if (line.indexOf("fixed.requestId = ") != -1) {
+ requestId = line.substring("fixed.requestId = ".length() + 1,
+ line.indexOf(";") - 1);
+ }
+
+ if (getError(line)) {
+ st = false;
+ }
+
+ }
+ stdin.close();
+ socket.close();
+ os.close();
+ rawos.close();
+ ps.close();
+ os = null;
+ rawos = null;
+ stdin = null;
+ ps = null;
+ line = null;
+ GregorianCalendar end = new GregorianCalendar();
+ long diff = calculateElapsedTime(begin, end);
+
+ setElapsedTime(diff);
+
+ } catch (Exception e) {
+ System.err.println("some exception: in Send routine" + e);
+ return false;
+ }
+
+ return st;
+
+ }
+
+ private void buildquery() throws UnsupportedEncodingException {
+
+ StringBuffer queryStrBuf = new StringBuffer();
+
+ if (certType.equals("client")) {
+ queryStrBuf.append("certType=");
+ queryStrBuf.append(certType);
+ queryStrBuf.append("&Send=submit");
+
+ queryStrBuf.append("&key_encipherment=true");
+
+ queryStrBuf.append("&digital_signature=true");
+
+ queryStrBuf.append("&requestFormat=keygen");
+
+ queryStrBuf.append("&cryptprovider=1");
+ if (ssl_client.equals("true")) {
+ queryStrBuf.append("&ssl_client=true");
+ } else {
+ queryStrBuf.append("&ssl_server=true");
+ }
+
+ queryStrBuf.append("&non_repudiation=true");
+
+ if (requestorName.length() > 0) {
+ queryStrBuf.append("&csrRequestorName=");
+ }
+ queryStrBuf.append(URLEncoder.encode(requestorName, "UTF-8"));
+ if (requestorEmail.length() > 0) {
+ queryStrBuf.append("&csrRequestorEmail=");
+ queryStrBuf.append(URLEncoder.encode(requestorEmail, "UTF-8"));
+ queryStrBuf.append("&email=true");
+
+ } else {
+ queryStrBuf.append("&email=false");
+ }
+
+ if (requestorPhone.length() > 0) {
+ queryStrBuf.append("&csrRequestorPhone=");
+ queryStrBuf.append(URLEncoder.encode(requestorPhone, "UTF-8"));
+ }
+ if (requestorComments.length() > 0) {
+ queryStrBuf.append("&csrRequestorComments=");
+ queryStrBuf.append(URLEncoder.encode(requestorComments, "UTF-8"));
+ }
+ System.out.println("buidlquery client E ");
+ if (E.length() > 0) {
+ queryStrBuf.append("&E=");
+ queryStrBuf.append(E);
+ }
+ if (CN.length() > 0) {
+ queryStrBuf.append("&CN=");
+ queryStrBuf.append(CN);
+ }
+
+ if (UID.length() > 0) {
+ queryStrBuf.append("&UID=");
+ queryStrBuf.append(UID);
+ }
+ if (OU.length() > 0) {
+ queryStrBuf.append("&OU=");
+ queryStrBuf.append(OU);
+ }
+ // if(O.length() > 0) { queryStrBuf.append("&O=");queryStrBuf.append(O);}
+ // if(C.length() >0) { queryStrBuf.append("&C=");queryStrBuf.append(C);}
+ System.out.println("buidlquery client dn ");
+ queryStrBuf.append("&subject=");
+ queryStrBuf.append(URLEncoder.encode(DN, "UTF-8"));
+ }
+
+ if (certType.equals("ra")) {
+ queryStrBuf.append("certType=" + certType);
+ queryStrBuf.append("&digital_signature=true");
+ queryStrBuf.append("&non_repudiation=true");
+ queryStrBuf.append("&ssl_client=true");
+ }
+
+ if (certType.equals("server")) {
+ queryStrBuf.append("certType=" + certType);
+ queryStrBuf.append("&digital_signature=true");
+ queryStrBuf.append("&non_repudiation=true");
+ queryStrBuf.append("&ssl_server=true");
+ queryStrBuf.append("&key_encipherment=true");
+ queryStrBuf.append("&data_encipherment=true");
+
+ }
+
+ if (certType.equals("ocsp")) {
+ queryStrBuf.append("certType=ocspResponder");
+ queryStrBuf.append("&digital_signature=true");
+ queryStrBuf.append("&non_repudiation=true");
+ queryStrBuf.append("&ssl_client=true");
+ }
+
+ if (certType.equals("ca")) {
+ queryStrBuf.append("certType=" + certType);
+ queryStrBuf.append("&digital_signature=true");
+ queryStrBuf.append("&non_repudiation=true");
+ queryStrBuf.append("&ssl_client=true");
+ queryStrBuf.append("&object_signing_ca=true");
+ queryStrBuf.append("&crl_sign=true");
+ queryStrBuf.append("&ssl_ca=true");
+ queryStrBuf.append("&key_certsign=true");
+ queryStrBuf.append("&email_ca=true");
+
+ }
+
+ queryStrBuf.append("&pkcs10Request=");
+ queryStrBuf.append(URLEncoder.encode(pkcs10request, "UTF-8"));
+ System.out.println("before converting bug to string ");
+ query = queryStrBuf.toString();
+
+ System.out.println(query);
+ queryStrBuf = null;
+ }
+
+ public int getRequestId() {
+ Integer m = new Integer(requestId);
+
+ return m.intValue();
+
+ }
+
+ /**
+ * Submit enrollment request
+ */
+
+ public boolean clientCertEnroll() {
+ certType = "client";
+ ssl_client = "true";
+ debug = true;
+ return (pkcs10());
+ }
+
+ public boolean Enroll() {
+ debug = true;
+ return (pkcs10());
+ }
+
+ /**
+ * Read the properties file
+ **/
+
+ public boolean readProperties() {
+
+ // Read the properties file and assign values to variables .
+ try {
+ getProperties(propfileName);
+ } catch (Exception e) {
+ System.out.println(
+ "exception reading Properties File " + e.getMessage());
+ return false;
+ }
+
+ host = props.getProperty("enroll.host");
+ ports = props.getProperty("enroll.port");
+ DN = props.getProperty("enroll.DN");
+ requestorName = props.getProperty("enroll.name");
+ requestorEmail = props.getProperty("enroll.email");
+ requestorPhone = props.getProperty("enroll.phone");
+ requestorComments = props.getProperty("enroll.comments");
+ E = props.getProperty("enroll.E");
+ CN = props.getProperty("enroll.CN");
+ UID = props.getProperty("enroll.UID");
+ OU = props.getProperty("enroll.OU");
+ O = props.getProperty("enroll.O");
+ C = props.getProperty("enroll.C");
+ cdir = props.getProperty("enroll.certdir");
+ tokenpwd = props.getProperty("enroll.certtokenpwd");
+ certnickname = props.getProperty("enroll.nickname");
+ keysize = props.getProperty("enroll.keysize");
+ keytype = props.getProperty("enroll.keytype");
+ certType = props.getProperty("enroll.certtype");
+ if (certType == null) {
+ certType = "client";
+ }
+ if (certType.equals("raSigningCert")) {
+ certType = "ra";
+ }
+ if (certType.equals("ocspSigningCert")) {
+ certType = "ocsp";
+ }
+ pkcs10request = props.getProperty("enroll.pkcs10");
+ ssl_client = props.getProperty("enroll.sslclient");
+ if (ssl_client == null) {
+ ssl_client = "true";
+ }
+
+ String de = props.getProperty("enroll.debug");
+
+ if (de == null) {
+ debug = false;
+ } else if (de.equals("true")) {
+ debug = true;
+ } else {
+ debug = false;
+ }
+
+ // Enroll using a pkscks10 request
+ return (pkcs10());
+ }
+
+ public static void main(String args[]) {
+ // Exit Status - (0) for error/Fail
+ // - requestId Pass
+
+ UserEnroll e = new UserEnroll("jupiter2", "1027",
+ "E=test,cn=test,uid=test", "test", "test", "test", "t1", "t",
+ "/u/lgopal/work/tetCMS/ns/tetframework/testcases/CMS/6.0/acceptanceJava/data/certdb",
+ "secret12", "true", "1024", "RSA", "rn", "re", "client");
+
+ e.clientCertEnroll();
+
+ /* if ( args.length < 1)
+ {
+ System.out.println("Usage : propertiesfile");
+ System.exit(0);
+ }
+
+
+ UserEnroll t = new UserEnroll(args[0]);
+ st=t.enroll();
+ if (st){
+ System.out.println("User Enrolled successfully . RequestId is "+t.getrequestId());
+ System.exit(t.getRequestId());
+ }
+ else{
+
+ System.out.println("Error: " + t.getErrorDetail());
+ System.exit(0);
+ }
+ */
+ }// end of function main
+
+} // end of class
+
diff --git a/base/silent/src/com/netscape/pkisilent/common/Utilities.java b/base/silent/src/com/netscape/pkisilent/common/Utilities.java
new file mode 100644
index 000000000..3e5d6fb4c
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/Utilities.java
@@ -0,0 +1,347 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.DataInputStream;
+import java.io.FileInputStream;
+
+import netscape.security.x509.CertificateSerialNumber;
+import netscape.security.x509.CertificateSubjectName;
+import netscape.security.x509.RDN;
+import netscape.security.x509.SerialNumber;
+import netscape.security.x509.X500Name;
+import netscape.security.x509.X509CertImpl;
+import netscape.security.x509.X509CertInfo;
+
+import com.netscape.cmsutil.util.Utils;
+
+public class Utilities {
+
+ public Utilities() {// Do nothing
+ }
+
+ public String cleanupQuotes(String token) {
+
+ StringBuffer buf = new StringBuffer();
+ int length = token.length();
+ int curIndex = 0;
+
+ if (token.startsWith("\"") && token.endsWith("\"")) {
+ curIndex = 1;
+ length--;
+ }
+
+ boolean oneQuoteFound = false;
+ boolean twoQuotesFound = false;
+
+ while (curIndex < length) {
+ char curChar = token.charAt(curIndex);
+
+ if (curChar == '"') {
+ twoQuotesFound = (oneQuoteFound) ? true : false;
+ oneQuoteFound = true;
+ } else {
+ oneQuoteFound = false;
+ twoQuotesFound = false;
+ }
+
+ if (twoQuotesFound) {
+ twoQuotesFound = false;
+ oneQuoteFound = false;
+ curIndex++;
+ continue;
+ }
+
+ buf.append(curChar);
+ curIndex++;
+ }
+
+ return buf.toString();
+ }
+
+ public String removechar(String token) {
+
+ StringBuffer buf = new StringBuffer();
+ int end = token.length();
+ int begin = 0;
+
+ if (token.endsWith(";")) {
+ end--;
+ }
+
+ while (begin < end) {
+ char curChar = token.charAt(begin);
+
+ buf.append(curChar);
+ begin++;
+ }
+ return buf.toString();
+
+ }
+
+ public String parse_httpresponse(String line) {
+ // look for name=value pair
+ // remove trailing white spaces
+ // remove trailing ;
+ // remove double quotes
+
+ String temp = line.substring(line.indexOf("=") + 1);
+
+ return cleanupQuotes(removechar(temp.trim()));
+
+ }
+
+ public String remove_newline(String s) {
+ if (s == null) {
+ return null;
+ }
+
+ String val = "";
+
+ for (int i = 0; i < s.length(); i++) {
+ if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) {
+ i++;
+ continue;
+ } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) {
+ i++;
+ continue;
+ } else if (s.charAt(i) == '"') {
+ continue;
+ }
+ val += s.charAt(i);
+ }
+ return val;
+
+ }
+
+ public String normalize(String s) {
+
+ if (s == null) {
+ return null;
+ }
+
+ String val = "";
+
+ for (int i = 0; i < s.length(); i++) {
+ if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) {
+ val += '\n';
+ i++;
+ continue;
+ } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) {
+ i++;
+ continue;
+ } else if (s.charAt(i) == '"') {
+ continue;
+ }
+ val += s.charAt(i);
+ }
+ return val;
+ }
+
+ /*
+ * format of the file should be like this:
+ * -----BEGIN CERTIFICATE-----
+ * base64 encoded certificate
+ * -----END CERTIFICATE-----
+ */
+ public String getcertfromfile(String filename) {
+ StringBuffer tempBuffer = new StringBuffer();
+
+ try {
+ FileInputStream fis = new FileInputStream(filename);
+ DataInputStream in = new DataInputStream(fis);
+
+ while (in.available() != 0) {
+ String temp = in.readLine();
+
+ if (temp.equalsIgnoreCase("-----BEGIN CERTIFICATE-----")
+ || temp.equalsIgnoreCase("-----END CERTIFICATE-----")) {
+ continue;
+ }
+ tempBuffer.append(temp);
+ }
+
+ return tempBuffer.toString();
+ } catch (Exception e) {
+ System.out.println("ERROR: getcertfromfile" + e.toString());
+ return null;
+ }
+
+ }
+
+ public String getcertfromfile_withheaders(String filename) {
+ StringBuffer tempBuffer = new StringBuffer();
+
+ try {
+ FileInputStream fis = new FileInputStream(filename);
+ DataInputStream in = new DataInputStream(fis);
+
+ while (in.available() != 0) {
+ String temp = in.readLine();
+
+ tempBuffer.append(temp);
+ }
+ return tempBuffer.toString();
+ } catch (Exception e) {
+ System.out.println(
+ "ERROR: getcertfromfile_withheaders" + e.toString());
+ return null;
+ }
+ }
+
+ /*
+ * format of the file should be like this:
+ * -----BEGIN CERTIFICATE REVOCATION LIST-----
+ * base64 encoded CRL
+ * -----END CERTIFICATE REVOCATION LIST-----
+ */
+ public String getcrlfromfile(String filename) {
+ StringBuffer tempBuffer = new StringBuffer();
+
+ try {
+ FileInputStream fis = new FileInputStream(filename);
+ DataInputStream in = new DataInputStream(fis);
+
+ while (in.available() != 0) {
+ String temp = in.readLine();
+
+ tempBuffer.append(temp);
+ }
+
+ return tempBuffer.toString();
+ } catch (Exception e) {
+ System.out.println("ERROR: getcrlfromfile" + e.toString());
+ return null;
+ }
+
+ }
+
+ /*
+ * format of the file should be like this:
+ * -----BEGIN CERTIFICATE-----
+ * base64 encoded certificate
+ * -----END CERTIFICATE-----
+ */
+ public String getcafromfile(String filename) {
+ StringBuffer tempBuffer = new StringBuffer();
+
+ try {
+ FileInputStream fis = new FileInputStream(filename);
+ DataInputStream in = new DataInputStream(fis);
+
+ while (in.available() != 0) {
+ String temp = in.readLine();
+
+ tempBuffer.append(temp);
+ }
+
+ return tempBuffer.toString();
+ } catch (Exception e) {
+ System.out.println("ERROR: getcafromfile" + e.toString());
+ return null;
+ }
+
+ }
+
+ /*
+ * function for RFC 2254. converts a x509 certificate given as
+ * a binary array[] to a Ldap filter string
+ */
+ public static String escapeBinaryData(byte data[]) {
+ String result = "";
+
+ for (int i = 0; i < data.length; i++) {
+ String s = Integer.toHexString((int) (0xff & data[i]));
+
+ if (s.length() == 1) {
+ s = "0" + s;
+ }
+ result = result + "\\" + s;
+ }
+
+ System.out.println("LDAP_FILTER=" + result);
+ return result;
+ }
+
+ /*
+ * function to decode base64 encoded certificate
+ */
+ public CertificateRecord decode_cert(String cert) {
+
+ String head = "-----BEGIN CERTIFICATE-----";
+ String tail = "-----END CERTIFICATE-----";
+
+ CertificateRecord cr = new CertificateRecord();
+
+ int head_pos = cert.indexOf(head);
+ int tail_pos = cert.indexOf(tail);
+
+ // String not found
+ if (head_pos == -1 || tail_pos == -1) {
+ return null;
+ }
+
+ String temp = cert.substring(head_pos + head.length(), tail_pos);
+
+ temp = temp.replaceAll("\\r", "");
+ temp = temp.replaceAll("\\n", "");
+
+ try {
+ // BASE64Decoder base64 = new BASE64Decoder();
+ // byte decodedBASE64Cert[] = base64.decodeBuffer(temp);
+ byte decodedBASE64Cert[] = Utils.base64decode(temp);
+ X509CertImpl x509_cert = new X509CertImpl(decodedBASE64Cert);
+ X509CertInfo certinfo = (X509CertInfo) x509_cert.get("x509.INFO");
+
+ /* Get Serial Number */
+ CertificateSerialNumber csn = (CertificateSerialNumber)
+ certinfo.get(X509CertInfo.SERIAL_NUMBER);
+ SerialNumber sn = (SerialNumber) csn.get("NUMBER");
+
+ // just adding serialnumber for add.
+ // we can add mode here like subject name, extensions,issuer to this record.
+ cr.serialNumber = sn.getNumber().toString().trim();
+
+ /* Get Subject Name */
+
+ CertificateSubjectName csn1 = (CertificateSubjectName)
+ certinfo.get(X509CertInfo.SUBJECT);
+
+ X500Name dname = (X500Name) csn1.get(CertificateSubjectName.DN_NAME);
+
+ String pp = "";
+ RDN[] rdns = dname.getNames();
+
+ for (int i = rdns.length - 1; i >= 0; i--) {
+ pp = pp + rdns[i] + "\n";
+ }
+
+ cr.subject = pp;
+
+ } catch (Exception e) {
+ System.out.println("ERROR: Exception when decoding certificate=" + e);
+ e.printStackTrace();
+ return null;
+ }
+
+ return cr;
+
+ }
+
+}; // end class
diff --git a/base/silent/src/com/netscape/pkisilent/common/checkRequest.java b/base/silent/src/com/netscape/pkisilent/common/checkRequest.java
new file mode 100644
index 000000000..c4599ffde
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/common/checkRequest.java
@@ -0,0 +1,617 @@
+package com.netscape.pkisilent.common;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedOutputStream;
+import java.io.BufferedReader;
+import java.io.FileOutputStream;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.util.Date;
+import java.util.GregorianCalendar;
+
+import org.mozilla.jss.ssl.SSLSocket;
+
+/**
+ * CMS Test framework .
+ * Submits a checkRequestStatus request to the server. parses the response from server and can import cert to the
+ * specified client database.
+ * <P>
+ */
+
+public class checkRequest extends TestClient {
+
+ private int i;
+ private String certfile, importcert = "false", certnickname, serialNumber, ldapformat;
+
+ private String requestId;
+ private String reqStatus = "false";
+ private String pkcsCert, baseCert, ACTION_STRING, issuer, subject, AUTH = "ca";
+ private int port;
+ private boolean impStatus = false;
+ private int type = 1;
+
+ private long elapsedTime;
+
+ private String host;
+ private String ports;
+ private String tokenpwd;
+ private String cdir;
+
+ // public methods
+
+ /**
+ * Constructor . Takes the parameter for Properties file name
+ * <p>
+ *
+ * @param propfilename name of the parameter file
+ */
+
+ public checkRequest(String pfile) {
+ propfileName = pfile;
+ }
+
+ /**
+ * Constructor . Takes the parameter for hostname and EESSLportnumber
+ * <p>
+ */
+
+ public checkRequest(String h, String p) {
+ host = h;
+ ports = p;
+ };
+
+ /**
+ * Constructor . Takes the parameter for hostname , EESSLportnumber , Requestnumber and ImportCert ( true/false)
+ * <p>
+ */
+
+ public checkRequest(String h, String p, String snum, String impc) {
+ host = h;
+ ports = p;
+ requestId = snum;
+ importcert = impc;
+ }
+
+ /**
+ * Constructor . Takes the parameter for hostname , EESSLportnumber , certdbdir, certdbpassword, Requestnumber
+ * ,certnickname and ImportCert ( true/false)
+ * <p>
+ */
+
+ public checkRequest(String hs, String pt, String certdir, String certtokenpwd, String seqnum, String nickname,
+ String impc) {
+ host = hs;
+ ports = pt;
+ cdir = certdir;
+ tokenpwd = certtokenpwd;
+ requestId = seqnum;
+ if (impc == null) {
+ importcert = "false";
+ } else {
+ importcert = impc;
+ }
+ certnickname = nickname;
+
+ }
+
+ public void setDebug(boolean t) {
+ debug = t;
+ }
+
+ public void setreqId(String seqnum) {
+ requestId = seqnum;
+ }
+
+ public void setCertNickname(String cname) {
+ certnickname = cname;
+ }
+
+ /**
+ * takes values - true/false
+ **/
+ public void setImportCert(String impc) {
+ importcert = impc;
+ }
+
+ public String getpkcs7ChainCert() {
+ return pkcsCert;
+ }
+
+ /**
+ * returns Certificate
+ **/
+
+ public String getCert() {
+ return cCrypt.normalize(baseCert);
+ }
+
+ /**
+ * returns Request status - "complete","pending"
+ **/
+
+ public String getRequestStatus() {
+ return reqStatus;
+ }
+
+ /**
+ * returns the hex serial number of the certificate
+ **/
+
+ public String getSerialNumberHex() {
+ return serialNumber;
+ }
+
+ /**
+ * returns the serial number as interger
+ **/
+
+ public int getSerialNumber() {
+ if (serialNumber != null) {
+ Integer y = new Integer(Integer.parseInt(serialNumber, 16));
+
+ return y.intValue();
+ }
+ return 0;
+ }
+
+ /**
+ * Submits a checkRequestStatus request to the server
+ **/
+
+ public boolean checkRequestStatus() {
+
+ // Login to dB and genertae request
+ cCrypt.setCertDir(cdir);
+ cCrypt.setCertnickname(certnickname);
+ cCrypt.setKeySize(keysize);
+ cCrypt.setKeyType(keytype);
+ cCrypt.setTokenPWD(tokenpwd);
+ cCrypt.setDebug(debug);
+
+ if (!cCrypt.loginDB()) {
+ System.out.println("Error : Login certdb failed ");
+ System.err.println("FAIL : Login certdb failed ");
+ return false;
+ }
+
+ try {
+
+ type = 1;
+ buildquery();
+ if (debug) {
+ System.out.println(query);
+ }
+ setStatusString("Congratulations, your certificate has been issued.");
+ if (Send()) {
+ if (debug) {
+ System.out.println("Request Status :" + reqStatus);
+ }
+ if (reqStatus.equals("complete")) {
+ type = 2;
+ buildquery();
+ if (debug) {
+ System.out.println(query);
+ }
+ if (Send()) {
+ return true;
+ }
+ } else {
+ return true;
+ }
+
+ }
+ if (debug) {
+ System.out.println("Request Status :" + reqStatus);
+ }
+
+ System.err.println("FAIL: reached end of checkRequestStatus()");
+
+ return false;
+ } catch (Exception e) {
+ System.err.println("some exception:" + e);
+ }
+
+ return false;
+ }
+
+ // Private functions
+
+ private void setElapsedTime(long dif) {
+ elapsedTime = dif;
+ }
+
+ private long calculateElapsedTime(GregorianCalendar b, GregorianCalendar e) {
+
+ Date d1 = b.getTime();
+ Date d2 = e.getTime();
+ long l1 = d1.getTime();
+ long l2 = d2.getTime();
+ long difference = l2 - l1;
+
+ return difference;
+
+ }
+
+ private boolean writeCert2File() {
+ if (serialNumber != null) {
+
+ try {
+ FileOutputStream fos = new FileOutputStream(certfile);
+
+ if (ldapformat.equals("true")) {
+ String tmp = "description: 2;"
+ + Integer.parseInt(serialNumber, 16) + ";" + issuer
+ + ";" + subject + "\n";
+
+ fos.write(tmp.getBytes());
+ tmp = cCrypt.normalizeForLDAP(getCert());
+ if (debug) {
+ System.out.println(tmp);
+ }
+ fos.write(("usercertificate:: ").getBytes());
+ fos.write(tmp.getBytes());
+ fos.close();
+ } else {
+ String tmp = cCrypt.normalize(getCert());
+
+ if (debug) {
+ System.out.println(tmp);
+ }
+ fos.write(tmp.getBytes());
+ fos.close();
+
+ }
+
+ } catch (Exception e) {
+ System.out.println(
+ "exception in writeCert2File: " + e.getMessage());
+ return false;
+ }
+
+ }
+
+ return true;
+ }
+
+ private boolean importCert(String certpack) {
+
+ if (importcert.equals("false")) {
+ return true;
+ }
+
+ try {
+ if (certpack == null) {
+ return false;
+ }
+
+ String s = cCrypt.normalize(certpack);
+
+ if (AUTH.equals("ca")) {
+ String tmp = "-----BEGIN CERTIFICATE-----\n" + s + "\n"
+ + "-----END CERTIFICATE-----";
+
+ if (debug) {
+ System.out.println(
+ "importing cert" + tmp + "certnick" + certnickname);
+ }
+ s = tmp;
+ }
+
+ if (cCrypt.importCert(s, certnickname)) {
+ System.out.println("successfully imported cert");
+ return true;
+ }
+
+ return false;
+
+ } catch (Exception e) {
+ System.out.println(
+ "exception importing cert crequest" + e.getMessage());
+ return false;
+ }
+
+ }
+
+ private boolean RetrieveRequestDetail(String line) {
+ String stat = "header.status = ";
+ boolean st = true;
+
+ if (debug) {
+ System.out.println(line);
+ }
+
+ if (line.indexOf(stat) != -1) {
+ String tm = line.substring(stat.length() + 1,
+ line.indexOf(";", 10) - 1);
+
+ reqStatus = tm;
+ }
+ if (line.indexOf("header.pkcs7ChainBase64 = ") != -1) {
+ // if status is complete retrieve cert
+ pkcsCert = line.substring("header.pkcs7ChainBase64 = ".length() + 1,
+ line.indexOf(";", 10) - 1);
+ }
+ if (line.indexOf("record.serialNumber=") != -1) {
+ serialNumber = line.substring("record.serialNumber=".length() + 1,
+ line.indexOf(";", 1) - 1);
+ }
+ if (line.indexOf("header.authority =") == 0) {
+ AUTH = line.substring("header.authority =".length() + 2,
+ line.indexOf(";", 1) - 1);
+ }
+
+ if (getError(line)) {
+ st = false;
+ }
+
+ return st;
+
+ }
+
+ private boolean RetrieveCertDetails(String line) {
+ if (debug) {
+ System.out.println(line);
+ }
+
+ boolean st = true;
+
+ String retriveStr[] = {
+ "record.base64Cert=", "record.certPrettyPrint=",
+ "header.certChainBase64 = ", "header.certPrettyPrint = " };
+ String baseCertStr, certPrettyprintStr;
+
+ if (AUTH.equals("ra")) {
+ baseCertStr = retriveStr[0];
+ certPrettyprintStr = retriveStr[1];
+ } else {
+ baseCertStr = retriveStr[2];
+ certPrettyprintStr = retriveStr[3];
+ }
+
+ if (line.indexOf(baseCertStr) != -1) {
+
+ // if status is complete retrieve cert
+ baseCert = line.substring(baseCertStr.length() + 1,
+ line.indexOf(";", 10) - 1);
+ if (importcert.equals("true")) {
+ if (importCert(baseCert)) {
+ st = true;
+ }
+ } else {
+ st = true;
+ }
+ }
+
+ if (line.indexOf(certPrettyprintStr) != -1) {
+
+ System.out.println("Found certPrettyPrint");
+ int ret = line.indexOf("Issuer: ");
+
+ issuer = line.substring(("Issuer: ").length() + ret,
+ line.indexOf("Validi", ret) - 14);
+ ret = line.indexOf("Subject:");
+ subject = line.substring(("Subject: ").length() + ret,
+ line.indexOf("Subject Public", ret) - 14);
+
+ System.out.println(" HEADER : " + issuer);
+
+ }
+
+ // System.out.println("Debug :get Error detail " + line);
+ if (getError(line)) {
+ st = false;
+ }
+
+ return st;
+
+ }
+
+ private synchronized boolean Send() {
+ boolean st = false;
+
+ try {
+ if (debug) {
+ System.out.println("Step 3 : Socket initialize");
+ }
+
+ Integer x = new Integer(ports);
+
+ port = x.intValue();
+
+ GregorianCalendar begin = new GregorianCalendar();
+
+ impStatus = false;
+
+ // SSLSocket socket = new SSLSocket(host,port);
+ SSLSocket socket = new SSLSocket(host, port, null, 0, this, null);
+
+ socket.setUseClientMode(true);
+
+ OutputStream rawos = socket.getOutputStream();
+ BufferedOutputStream os = new BufferedOutputStream(rawos);
+ PrintStream ps = new PrintStream(os);
+
+ ps.println("POST " + ACTION_STRING + " HTTP/1.0");
+ ps.println("Connection: Keep-Alive");
+ ps.println("Content-type: application/x-www-form-urlencoded");
+ ps.println("Content-length: " + query.length());
+ ps.println("");
+ ps.println(query);
+ ps.println("\r");
+ ps.flush();
+ os.flush();
+ BufferedReader stdin = new BufferedReader(
+ new InputStreamReader(socket.getInputStream()));
+
+ if (debug) {
+ System.out.println("Step 4: Received the page");
+ }
+ st = false;
+ String line;
+
+ while ((line = stdin.readLine()) != null) {
+ switch (type) {
+ case 1:
+ RetrieveRequestDetail(line);
+ st = true;
+ break;
+
+ case 2:
+ st = RetrieveCertDetails(line);
+ break;
+
+ default:
+ System.out.println("invalid format");
+
+ }
+
+ }
+ stdin.close();
+ socket.close();
+ os.close();
+ rawos.close();
+ ps.close();
+ os = null;
+ rawos = null;
+ stdin = null;
+ ps = null;
+ line = null;
+
+ GregorianCalendar end = new GregorianCalendar();
+ long diff = calculateElapsedTime(begin, end);
+
+ setElapsedTime(diff);
+
+ } catch (Exception e) {
+ System.err.println("some exception: in Send routine" + e);
+ return false;
+ }
+ if ((certfile != null) && (type == 2)) {
+ st = writeCert2File();
+ }
+
+ if (debug) {
+ System.out.println(serialNumber);
+ }
+
+ return st;
+
+ }
+
+ private void buildquery() {
+
+ StringBuffer queryStrBuf = new StringBuffer();
+
+ if (type == 1) {
+ ACTION_STRING = "/checkRequest";
+ queryStrBuf.append("requestId=");
+ queryStrBuf.append(requestId);
+ queryStrBuf.append("&importCert=true");
+ }
+
+ if (type == 2) {
+ ACTION_STRING = "/" + AUTH + "/displayBySerial";
+ if (AUTH.equals("ra")) {
+ ACTION_STRING = "/displayCertFromRequest";
+ queryStrBuf.append("requestId=");
+ queryStrBuf.append(requestId);
+
+ } else {
+ ACTION_STRING = "/displayBySerial";
+ queryStrBuf.append("op=displayBySerial");
+ queryStrBuf.append("&serialNumber=0x");
+ queryStrBuf.append(serialNumber);
+ }
+ }
+
+ query = queryStrBuf.toString();
+
+ queryStrBuf = null;
+
+ }
+
+ private boolean readProperties() {
+
+ // Read the properties file and assign values to variables .
+ try {
+ getProperties(propfileName);
+ } catch (Exception e) {
+ System.out.println(
+ "exception reading Properties File " + e.getMessage());
+ return false;
+ }
+
+ host = props.getProperty("enroll.host");
+ ports = props.getProperty("enroll.port");
+ cdir = props.getProperty("enroll.certdir");
+ tokenpwd = props.getProperty("enroll.certtokenpwd");
+ requestId = props.getProperty("enroll.seqnum");
+ certfile = props.getProperty("enroll.certfile");
+ importcert = props.getProperty("enroll.importCert");
+ if (importcert == null) {
+ importcert = "false";
+ }
+ ldapformat = props.getProperty("enroll.ldapformat");
+ if (ldapformat == null) {
+ ldapformat = "true";
+ }
+ System.out.println(ldapformat);
+ certnickname = props.getProperty("enroll.nickname");
+ String de = props.getProperty("enroll.debug");
+
+ if (de == null) {
+ debug = false;
+ } else if (de.equals("true")) {
+ debug = true;
+ } else {
+ debug = false;
+ }
+
+ // Enroll using a pkscks10 request
+ return (checkRequestStatus());
+ }
+
+ public static void main(String args[]) {
+ // Exit Status - (0) for error/Fail
+ // - requestId Pass
+ boolean st;
+
+ if (args.length < 1) {
+ System.out.println("Usage : propertiesfile");
+ System.exit(0);
+ }
+
+ checkRequest t = new checkRequest(args[0]);
+
+ st = t.readProperties();
+ if (st) {
+ System.exit(t.getSerialNumber());
+ } else {
+
+ System.out.println("Request Status :" + t.getRequestStatus());
+ System.out.println("Error: " + t.getErrorDetail());
+
+ System.exit(0);
+ }
+ }// end of function main
+
+} // end of class
+
diff --git a/base/silent/src/com/netscape/pkisilent/http/CertSelection.java b/base/silent/src/com/netscape/pkisilent/http/CertSelection.java
new file mode 100644
index 000000000..ff541b6c6
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/http/CertSelection.java
@@ -0,0 +1,45 @@
+package com.netscape.pkisilent.http;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.util.Vector;
+
+import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback;
+
+public class CertSelection implements SSLClientCertificateSelectionCallback {
+
+ // make the select() call to use this client cert
+ public static String client_cert = null;
+
+ public void setClientCert(String nickname) {
+ client_cert = nickname;
+ }
+
+ public String select(@SuppressWarnings("rawtypes") Vector nicknames) {
+
+ // when this method is called by SSLSocket we get a vector
+ // of nicknames to select similar to the way the browser presents
+ // the list.
+
+ // We will just use the one thats set by setClientCert()
+
+ return client_cert;
+ }
+
+}; // end class
diff --git a/base/silent/src/com/netscape/pkisilent/http/HTMLDocument.java b/base/silent/src/com/netscape/pkisilent/http/HTMLDocument.java
new file mode 100644
index 000000000..e8de29081
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/http/HTMLDocument.java
@@ -0,0 +1,595 @@
+package com.netscape.pkisilent.http;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.File;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.LinkedHashSet;
+import java.util.StringTokenizer;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+public class HTMLDocument {
+ // Indicates whether this HTML document has been parsed.
+ boolean parsed;
+
+ // A list of URLs of files that should be retrieved along with the main
+ // contents of the document. This may include any images contained in the
+ // document, and possibly any external stylesheets.
+ LinkedHashSet<String> associatedFiles;
+
+ // A list of URLs of frames that are contained in the document.
+ LinkedHashSet<String> documentFrames;
+
+ // A list of URLs of links that are contained in the document.
+ LinkedHashSet<String> documentLinks;
+
+ // A list of URLs of images that are contained in the document.
+ LinkedHashSet<String> documentImages;
+
+ // A regular expression pattern that can be used to extract a URI from an HREF
+ // tag.
+ Pattern hrefPattern;
+
+ // A regular expression pattern that can be used to extract a URI from a SRC
+ // tag.
+ Pattern srcPattern;
+
+ // The base URL for relative links in this document.
+ String baseURL;
+
+ // The URL that may be used to access this document.
+ String documentURL;
+
+ // The actual contents of the page.
+ String htmlData;
+
+ // The contents of the page converted to lowercase for easier matching.
+ String lowerData;
+
+ // The URL for this document with only protocol, host, and port (i.e., no
+ // file).
+ String protocolHostPort;
+
+ // A string buffer containing the contents of the page with tags removed.
+ StringBuffer textData;
+
+ // A set of private variables used for internal processing.
+ private boolean lastElementIsAssociatedFile;
+ private boolean lastElementIsChunk;
+ private boolean lastElementIsComment;
+ private boolean lastElementIsFrame;
+ private boolean lastElementIsImage;
+ private boolean lastElementIsLink;
+ private boolean lastElementIsText;
+ private int lastElementEndPos;
+ private int lastElementStartPos;
+ private String lastURL;
+
+ // constructor that helps to parse without url stuff
+ public HTMLDocument(String htmlData) {
+ this.documentURL = null;
+ this.htmlData = htmlData;
+ lowerData = htmlData.toLowerCase();
+ associatedFiles = null;
+ documentLinks = null;
+ documentImages = null;
+ textData = null;
+ parsed = false;
+
+ // Create the regex patterns that we will use for extracting URIs from tags.
+ hrefPattern = Pattern.compile(".*?[hH][rR][eE][fF][\\s=\\\"\\']+" +
+ "([^\\s\\\"\\'\\>]+).*", Pattern.DOTALL);
+ srcPattern = Pattern.compile(".*?[sS][rR][cC][\\s=\\\"\\']+" +
+ "([^\\s\\\"\\'\\>]+).*", Pattern.DOTALL);
+ }
+
+ /**
+ * Creates a new HTML document using the provided data.
+ *
+ * @param documentURL The URL for this document.
+ * @param htmlData The actual data contained in the HTML document.
+ */
+ public HTMLDocument(String documentURL, String htmlData)
+ throws MalformedURLException {
+ this.documentURL = documentURL;
+ this.htmlData = htmlData;
+ lowerData = htmlData.toLowerCase();
+ associatedFiles = null;
+ documentLinks = null;
+ documentImages = null;
+ textData = null;
+ parsed = false;
+
+ // Create the regex patterns that we will use for extracting URIs from tags.
+ hrefPattern = Pattern.compile(".*?[hH][rR][eE][fF][\\s=\\\"\\']+" +
+ "([^\\s\\\"\\'\\>]+).*", Pattern.DOTALL);
+ srcPattern = Pattern.compile(".*?[sS][rR][cC][\\s=\\\"\\']+" +
+ "([^\\s\\\"\\'\\>]+).*", Pattern.DOTALL);
+
+ URL url = new URL(documentURL);
+ String urlPath = url.getPath();
+ if ((urlPath == null) || (urlPath.length() == 0)) {
+ baseURL = documentURL;
+ protocolHostPort = documentURL;
+ } else if (urlPath.equals("/")) {
+ baseURL = documentURL;
+ protocolHostPort = documentURL.substring(0, documentURL.length() - 1);
+ } else if (urlPath.endsWith("/")) {
+ baseURL = documentURL;
+
+ int port = url.getPort();
+ if (port > 0) {
+ protocolHostPort = url.getProtocol() + "://" + url.getHost() + ":" +
+ port;
+ } else {
+ protocolHostPort = url.getProtocol() + "://" + url.getHost();
+ }
+ } else {
+ int port = url.getPort();
+ if (port > 0) {
+ protocolHostPort = url.getProtocol() + "://" + url.getHost() + ":" +
+ port;
+ } else {
+ protocolHostPort = url.getProtocol() + "://" + url.getHost();
+ }
+
+ File urlFile = new File(urlPath);
+ String parentDirectory = urlFile.getParent();
+ if ((parentDirectory == null) || (parentDirectory.length() == 0)) {
+ parentDirectory = "/";
+ } else if (!parentDirectory.startsWith("/")) {
+ parentDirectory = "/" + parentDirectory;
+ }
+
+ baseURL = protocolHostPort + parentDirectory;
+ }
+
+ if (!baseURL.endsWith("/")) {
+ baseURL = baseURL + "/";
+ }
+ }
+
+ /**
+ * Actually parses the HTML document and extracts useful elements from it.
+ *
+ * @return <CODE>true</CODE> if the page could be parsed successfully, or <CODE>false</CODE> if not.
+ */
+ public boolean parse() {
+ if (parsed) {
+ return true;
+ }
+
+ try {
+ associatedFiles = new LinkedHashSet<String>();
+ documentFrames = new LinkedHashSet<String>();
+ documentLinks = new LinkedHashSet<String>();
+ documentImages = new LinkedHashSet<String>();
+ textData = new StringBuffer();
+
+ lastElementStartPos = 0;
+ lastElementEndPos = -1;
+ String element;
+ while ((element = nextDocumentElement()) != null) {
+ if (element.length() == 0) {
+ continue;
+ }
+
+ if (lastElementIsText) {
+ char lastChar;
+ if (textData.length() == 0) {
+ lastChar = ' ';
+ } else {
+ lastChar = textData.charAt(textData.length() - 1);
+ }
+ char firstChar = element.charAt(0);
+ if (!((lastChar == ' ') || (lastChar == '\t') ||
+ (lastChar == '\r') || (lastChar == '\n')) ||
+ (firstChar == ' ') || (firstChar == '\t') ||
+ (firstChar == '\r') || (firstChar == '\n')) {
+ textData.append(" ");
+ }
+
+ textData.append(element);
+ } else if (lastElementIsImage) {
+ if (lastURL != null) {
+ documentImages.add(lastURL);
+ associatedFiles.add(lastURL);
+ }
+ } else if (lastElementIsFrame) {
+ if (lastURL != null) {
+ documentFrames.add(lastURL);
+ associatedFiles.add(lastURL);
+ }
+ } else if (lastElementIsLink) {
+ if (lastURL != null) {
+ documentLinks.add(lastURL);
+ }
+ } else if (lastElementIsAssociatedFile) {
+ if (lastURL != null) {
+ associatedFiles.add(lastURL);
+ }
+ } else if (lastElementIsChunk || lastElementIsComment) {
+ // Don't need to do anything with this.
+ } else {
+ // Also don't need anything here.
+ }
+ }
+
+ parsed = true;
+ } catch (Exception e) {
+ associatedFiles = null;
+ documentLinks = null;
+ documentImages = null;
+ textData = null;
+ parsed = false;
+ }
+
+ return parsed;
+ }
+
+ /**
+ * Retrieves the next element from the HTML document. An HTML element can
+ * include a string of plain text, a single HTML tag, or a larger chunk of
+ * HTML including a start and end tag, all of which should be considered a
+ * single element.
+ */
+ private String nextDocumentElement() {
+ // If we're at the end of the HTML, then return null.
+ if (lastElementEndPos >= htmlData.length()) {
+ return null;
+ }
+
+ // Initialize the variables we will use for the search.
+ lastElementStartPos = lastElementEndPos + 1;
+ lastElementIsAssociatedFile = false;
+ lastElementIsChunk = false;
+ lastElementIsComment = false;
+ lastElementIsFrame = false;
+ lastElementIsImage = false;
+ lastElementIsLink = false;
+ lastElementIsText = false;
+ lastURL = null;
+
+ // Find the location of the next open angle bracket. If there is none, then
+ // the rest of the document must be plain text.
+ int openPos = lowerData.indexOf('<', lastElementStartPos);
+ if (openPos < 0) {
+ lastElementEndPos = htmlData.length();
+ lastElementIsText = true;
+ return htmlData.substring(lastElementStartPos);
+ }
+
+ // If the location of the next open tag is not we started looking, then read
+ // everything up to that tag as text.
+ if (openPos > lastElementStartPos) {
+ lastElementEndPos = openPos - 1;
+ lastElementIsText = true;
+ return htmlData.substring(lastElementStartPos, openPos);
+ }
+
+ // The start position is an open tag. See if the tag is actually "<!--",
+ // which indicates an HTML comment. If that's the case, then find the
+ // closing "-->".
+ if (openPos == lowerData.indexOf("<!--", lastElementStartPos)) {
+ int closePos = lowerData.indexOf("-->", openPos + 1);
+ if (closePos < 0) {
+ // This looks like an unterminated comment. We can't do much else
+ // here, so just stop parsing.
+ return null;
+ } else {
+ lastElementEndPos = closePos + 2;
+ lastElementIsComment = true;
+ return htmlData.substring(lastElementStartPos, lastElementEndPos + 1);
+ }
+ }
+
+ // Find the location of the next close angle bracket. If there is none,
+ // then we have an unmatched open tag. What to do here? I guess just treat
+ // the rest of the document as text.
+ int closePos = lowerData.indexOf('>', openPos + 1);
+ if (closePos < 0) {
+ lastElementEndPos = htmlData.length();
+ lastElementIsText = true;
+ return htmlData.substring(lastElementStartPos);
+ }
+
+ // Grab the contents of the tag in both normal and lowercase.
+ String tag = htmlData.substring(openPos, closePos + 1);
+ String strippedTag = htmlData.substring(openPos + 1, closePos).trim();
+ StringTokenizer tokenizer = new StringTokenizer(strippedTag, " \t\r\n=\"'");
+ lastElementEndPos = closePos;
+
+ if (!tokenizer.hasMoreTokens()) {
+ return tag;
+ }
+
+ String token = tokenizer.nextToken();
+ String lowerToken = token.toLowerCase();
+
+ if (lowerToken.equals("a") || lowerToken.equals("area")) {
+ while (tokenizer.hasMoreTokens()) {
+ token = tokenizer.nextToken();
+ if (token.equalsIgnoreCase("href")) {
+ try {
+ Matcher matcher = hrefPattern.matcher(tag);
+ lastURL = uriToURL(matcher.replaceAll("$1"));
+ if (lastURL != null) {
+ lastElementIsLink = true;
+ }
+ } catch (Exception e) {
+ }
+ break;
+ }
+ }
+ } else if (lowerToken.equals("base")) {
+ while (tokenizer.hasMoreTokens()) {
+ token = tokenizer.nextToken();
+ if (token.equalsIgnoreCase("href")) {
+ try {
+ Matcher matcher = hrefPattern.matcher(tag);
+ String uri = matcher.replaceAll("$1");
+ if (!uri.endsWith("/")) {
+ uri = uri + "/";
+ }
+
+ baseURL = uri;
+ } catch (Exception e) {
+ }
+ break;
+ }
+ }
+ } else if (lowerToken.equals("frame") || lowerToken.equals("iframe") ||
+ lowerToken.equals("input")) {
+ while (tokenizer.hasMoreTokens()) {
+ token = tokenizer.nextToken();
+ if (token.equalsIgnoreCase("src")) {
+ try {
+ Matcher matcher = srcPattern.matcher(tag);
+ String uri = matcher.replaceAll("$1");
+ lastURL = uriToURL(uri);
+ if (lastURL != null) {
+ lastElementIsFrame = true;
+ lastElementIsAssociatedFile = true;
+ }
+ } catch (Exception e) {
+ }
+ break;
+ }
+ }
+ } else if (lowerToken.equals("img")) {
+ while (tokenizer.hasMoreTokens()) {
+ token = tokenizer.nextToken();
+ if (token.equalsIgnoreCase("src")) {
+ try {
+ Matcher matcher = srcPattern.matcher(tag);
+ String uri = matcher.replaceAll("$1");
+ lastURL = uriToURL(uri);
+ if (lastURL != null) {
+ lastElementIsImage = true;
+ }
+ } catch (Exception e) {
+ }
+ break;
+ }
+ }
+ } else if (lowerToken.equals("link")) {
+ boolean isStyleSheet = false;
+
+ while (tokenizer.hasMoreTokens()) {
+ token = tokenizer.nextToken();
+ if (token.equalsIgnoreCase("href")) {
+ try {
+ Matcher matcher = hrefPattern.matcher(tag);
+ String uri = matcher.replaceAll("$1");
+ lastURL = uriToURL(uri);
+ if (lastURL != null) {
+ lastElementIsLink = true;
+ }
+ } catch (Exception e) {
+ }
+ break;
+ } else if (token.equalsIgnoreCase("rel")) {
+ if (tokenizer.hasMoreTokens()) {
+ String relType = tokenizer.nextToken();
+ if (relType.equalsIgnoreCase("stylesheet")) {
+ isStyleSheet = true;
+ }
+ }
+ }
+ }
+
+ if (lastURL != null) {
+ if (isStyleSheet) {
+ lastElementIsAssociatedFile = true;
+ } else {
+ lastElementIsLink = true;
+ }
+ }
+ } else if (lowerToken.equals("script")) {
+ while (tokenizer.hasMoreTokens()) {
+ token = tokenizer.nextToken();
+ if (token.equalsIgnoreCase("src")) {
+ try {
+ Matcher matcher = srcPattern.matcher(tag);
+ String uri = matcher.replaceAll("$1");
+ lastURL = uriToURL(uri);
+ } catch (Exception e) {
+ }
+ break;
+ }
+ }
+
+ if (lastURL == null) {
+ int endScriptPos = lowerData.indexOf("</script>", lastElementEndPos + 1);
+ if (endScriptPos > 0) {
+ lastElementEndPos = endScriptPos + 8;
+ tag = htmlData.substring(lastElementStartPos, lastElementEndPos + 1);
+ lastElementIsChunk = true;
+ }
+ } else {
+ lastElementIsAssociatedFile = true;
+ }
+ }
+
+ return tag;
+ }
+
+ /**
+ * Converts the provided URI to a URL. The provided URI may be a URL already,
+ * or it may also be an absolute path on the server or a path relative to the
+ * base URL.
+ *
+ * @param uri The URI to convert to a URL.
+ *
+ * @return The URL based on the provided URI.
+ */
+ private String uriToURL(String uri) {
+ String url = null;
+
+ if (uri.indexOf("://") > 0) {
+ if (uri.startsWith("http")) {
+ url = uri;
+ }
+ } else if (uri.startsWith("/")) {
+ url = protocolHostPort + uri;
+ } else {
+ url = baseURL + uri;
+ }
+
+ return url;
+ }
+
+ /**
+ * Retrieves the URL of this HTML document.
+ *
+ * @return The URL of this HTML document.
+ */
+ public String getDocumentURL() {
+ return documentURL;
+ }
+
+ /**
+ * Retrieves the original HTML data used to create this document.
+ *
+ * @return The orginal HTML data used to create this document.
+ */
+ public String getHTMLData() {
+ return htmlData;
+ }
+
+ /**
+ * Retrieves the contents of the HTML document with all tags removed.
+ *
+ * @return The contents of the HTML document with all tags removed, or <CODE>null</CODE> if a problem occurs while
+ * trying to parse the
+ * HTML.
+ */
+ public String getTextData() {
+ if (!parsed) {
+ if (!parse()) {
+ return null;
+ }
+ }
+
+ return textData.toString();
+ }
+
+ /**
+ * Retrieves an array containing a set of URLs parsed from the HTML document
+ * that reference files that would normally be downloaded as part of
+ * retrieving a page in a browser. This includes images and external style
+ * sheets.
+ *
+ * @return An array containing a set of URLs to files associated with the
+ * HTML document, or <CODE>null</CODE> if a problem occurs while
+ * trying to parse the HTML.
+ */
+ public String[] getAssociatedFiles() {
+ if (!parsed) {
+ if (!parse()) {
+ return null;
+ }
+ }
+
+ String[] urlArray = new String[associatedFiles.size()];
+ associatedFiles.toArray(urlArray);
+ return urlArray;
+ }
+
+ /**
+ * Retrieves an array containing a set of URLs parsed from the HTML document
+ * that are in the form of links to other content.
+ *
+ * @return An array containing a set of URLs parsed from the HTML document
+ * that are in the form of links to other content, or <CODE>null</CODE> if a problem occurs while trying to
+ * parse the
+ * HTML.
+ */
+ public String[] getDocumentLinks() {
+ if (!parsed) {
+ if (!parse()) {
+ return null;
+ }
+ }
+
+ String[] urlArray = new String[documentLinks.size()];
+ documentLinks.toArray(urlArray);
+ return urlArray;
+ }
+
+ /**
+ * Retrieves an array containing a set of URLs parsed from the HTML document
+ * that reference images used in the document.
+ *
+ * @return An array containing a set of URLs parsed from the HTML document
+ * that reference images used in the document.
+ */
+ public String[] getDocumentImages() {
+ if (!parsed) {
+ if (!parse()) {
+ return null;
+ }
+ }
+
+ String[] urlArray = new String[documentImages.size()];
+ documentImages.toArray(urlArray);
+ return urlArray;
+ }
+
+ /**
+ * Retrieves an array containing a set of URLs parsed from the HTML document
+ * that reference frames used in the document.
+ *
+ * @return An array containing a set of URLs parsed from the HTML document
+ * that reference frames used in the document.
+ */
+ public String[] getDocumentFrames() {
+ if (!parsed) {
+ if (!parse()) {
+ return null;
+ }
+ }
+
+ String[] urlArray = new String[documentFrames.size()];
+ documentFrames.toArray(urlArray);
+ return urlArray;
+ }
+}
diff --git a/base/silent/src/com/netscape/pkisilent/http/HTTPClient.java b/base/silent/src/com/netscape/pkisilent/http/HTTPClient.java
new file mode 100644
index 000000000..f3980c0ed
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/http/HTTPClient.java
@@ -0,0 +1,1231 @@
+package com.netscape.pkisilent.http;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.io.BufferedOutputStream;
+import java.io.DataOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.io.UnsupportedEncodingException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.URLDecoder;
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.StringTokenizer;
+
+import org.mozilla.jss.crypto.X509Certificate;
+import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
+import org.mozilla.jss.ssl.SSLClientCertificateSelectionCallback;
+import org.mozilla.jss.ssl.SSLSocket;
+import org.mozilla.jss.ssl.TestCertApprovalCallback;
+import org.mozilla.jss.ssl.TestClientCertificateSelectionCallback;
+
+import com.netscape.pkisilent.argparser.ArgParser;
+import com.netscape.pkisilent.argparser.StringHolder;
+import com.netscape.pkisilent.common.ComCrypto;
+import com.netscape.cmsutil.util.Utils;
+
+public class HTTPClient implements SSLCertificateApprovalCallback {
+
+ public static final int BUFFER_SIZE = 4096;
+ public boolean debugMode = true;
+
+ public static String basic_auth_header_value = null;
+
+ public static String cs_hostname = null;
+ public static String cs_port = null;
+ public static String ssl = null;
+ public static String client_certdb_dir = null;
+ public static String client_certdb_pwd = null;
+ public static String client_cert_nickname = null;
+ public static String uri = null;
+ public static String query = null;
+ public static String request_type = null;
+ public static String user_id = null;
+ public static String user_password = null;
+ public static String auth_type = null;
+ public static String debug = null;
+
+ public static boolean parse_xml = false;
+
+ public static X509Certificate server_cert = null;
+
+ // cookie variable for CS install UI
+ public static String j_session_id = null;
+ public static boolean ecc_support = false;
+
+ public HTTPClient() {
+ // constructor
+ // turn off ecc by default
+ ecc_support = true;
+ }
+
+ public HTTPClient(boolean ecc) {
+ ecc_support = ecc;
+ }
+
+ public boolean setCipherPref(SSLSocket socket) {
+
+ if (ecc_support) {
+ int ecc_Ciphers[] = {
+ SSLSocket.TLS_ECDH_ECDSA_WITH_NULL_SHA, SSLSocket.TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
+ SSLSocket.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSLSocket.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
+ SSLSocket.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSLSocket.TLS_ECDHE_ECDSA_WITH_NULL_SHA,
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSLSocket.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
+ SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSLSocket.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+ SSLSocket.TLS_ECDH_RSA_WITH_NULL_SHA, SSLSocket.TLS_ECDH_RSA_WITH_RC4_128_SHA,
+ SSLSocket.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, SSLSocket.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
+ SSLSocket.TLS_ECDHE_RSA_WITH_NULL_SHA, SSLSocket.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
+ SSLSocket.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSLSocket.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ SSLSocket.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+ 0 };
+
+ try {
+ for (int i = 0; i < ecc_Ciphers.length; i++) {
+ if (ecc_Ciphers[i] > 0)
+ socket.setCipherPreference(
+ ecc_Ciphers[i], true);
+ }
+ } catch (Exception e) {
+ System.out.println("ERROR: unable to set ECC Cipher List");
+ System.out.println("ERROR: Exception = " + e.getMessage());
+ }
+
+ }
+ return true;
+ }
+
+ public boolean disableSSL2(SSLSocket socket) {
+ try {
+ SSLSocket.enableSSL3Default(true);
+ socket.enableSSL3(true);
+ socket.enableSSL2(false);
+ SSLSocket.enableSSL2Default(false);
+ socket.enableV2CompatibleHello(false);
+ } catch (Exception e) {
+ System.out.println("ERROR: Exception = " + e.getMessage());
+ }
+ return true;
+ }
+
+ public X509Certificate getServerCert() {
+ return server_cert;
+ }
+
+ public void set_parse_xml(boolean b) {
+ parse_xml = b;
+ }
+
+ public boolean approve(X509Certificate cert,
+ SSLCertificateApprovalCallback.ValidityStatus status) {
+
+ // when this method is called by SSLSocket we get the server cert
+ // we can capture this for future use.
+ server_cert = cert;
+ return true;
+ }
+
+ public boolean testsslConnect(String hostname, String portnumber) {
+ boolean st = true;
+
+ try {
+
+ System.out.println("#############################################");
+ System.out.println("Attempting to connect to: " + hostname + ":" +
+ portnumber);
+
+ Integer x = new Integer(portnumber);
+ int port = x.intValue();
+
+ SSLClientCertificateSelectionCallback certSelectionCallback =
+ new TestClientCertificateSelectionCallback();
+
+ Socket js = new Socket(InetAddress.getByName(hostname), port);
+ SSLSocket socket = new SSLSocket(js, hostname, this,
+ certSelectionCallback);
+ setCipherPref(socket);
+ disableSSL2(socket);
+ socket.forceHandshake();
+ System.out.println("Connected.");
+ socket.setUseClientMode(true);
+
+ // test connection to obtain server cert. close it.
+ socket.close();
+
+ }
+
+ catch (Exception e) {
+ System.err.println("Exception: Unable to Send Request:" + e);
+ e.printStackTrace();
+ st = false;
+ }
+
+ if (!st)
+ return false;
+ else
+ return true;
+ }
+
+ // performs ssl connect to given host/port requiring client auth
+ // posts the given query data
+ // returns HTTPResponse
+ public HTTPResponse sslConnectClientAuth(String hostname, String portnumber,
+ String client_cert, String url, String query) {
+
+ boolean st = true;
+ HTTPResponse hr = null;
+
+ try {
+
+ System.out.println("#############################################");
+ System.out.println("Attempting to connect to: " + hostname + ":" +
+ portnumber);
+
+ Integer x = new Integer(portnumber);
+ int port = x.intValue();
+
+ SSLCertificateApprovalCallback approvalCallback =
+ new TestCertApprovalCallback();
+ CertSelection certSelectionCallback =
+ new CertSelection();
+
+ // Client Cert for Auth is set here
+ certSelectionCallback.setClientCert(client_cert);
+
+ Socket js = new Socket(InetAddress.getByName(hostname), port);
+ SSLSocket socket = new SSLSocket(js, hostname, approvalCallback,
+ certSelectionCallback);
+ disableSSL2(socket);
+ setCipherPref(socket);
+ socket.forceHandshake();
+ System.out.println("Connected.");
+ socket.setUseClientMode(true);
+
+ System.out.println("Posting Query = " +
+ "https://" + hostname +
+ ":" + portnumber +
+ "/" + url +
+ "?" + query);
+
+ OutputStream rawos = socket.getOutputStream();
+ BufferedOutputStream os = new BufferedOutputStream(rawos);
+ PrintStream ps = new PrintStream(os);
+
+ ps.println("POST " + url + " HTTP/1.0");
+ ps.println("Connection: Keep-Alive");
+ ps.println("Content-type: application/x-www-form-urlencoded");
+ ps.println("Content-length: " + query.length());
+ ps.println("");
+ ps.print(query);
+ ps.flush();
+ os.flush();
+
+ try {
+ hr = readResponse(socket.getInputStream());
+ hr.parseContent();
+
+ } catch (Exception e) {
+ System.out.println("Exception");
+ e.printStackTrace();
+ st = false;
+ }
+
+ socket.close();
+ os.close();
+ rawos.close();
+ ps.close();
+
+ os = null;
+ rawos = null;
+ ps = null;
+
+ }
+
+ catch (Exception e) {
+ System.err.println("Exception: Unable to Send Request:" + e);
+ e.printStackTrace();
+ st = false;
+ }
+
+ if (!st)
+ return null;
+ else
+ return hr;
+ }
+
+ // performs ssl connect to given host/port
+ // posts the given query data
+ // returns HTTPResponse
+ public HTTPResponse sslConnect(String hostname, String portnumber,
+ String url, String query) {
+
+ boolean st = true;
+ HTTPResponse hr = null;
+
+ try {
+
+ System.out.println("#############################################");
+ System.out.println("Attempting to connect to: " + hostname + ":" +
+ portnumber);
+
+ Integer x = new Integer(portnumber);
+ int port = x.intValue();
+
+ SSLCertificateApprovalCallback approvalCallback =
+ new TestCertApprovalCallback();
+ SSLClientCertificateSelectionCallback certSelectionCallback =
+ new TestClientCertificateSelectionCallback();
+
+ Socket js = new Socket(InetAddress.getByName(hostname), port);
+ SSLSocket socket = new SSLSocket(js, hostname, approvalCallback,
+ certSelectionCallback);
+ setCipherPref(socket);
+ disableSSL2(socket);
+ socket.forceHandshake();
+ System.out.println("Connected.");
+ socket.setUseClientMode(true);
+
+ System.out.println("Posting Query = " +
+ "https://" + hostname +
+ ":" + portnumber +
+ "/" + url +
+ "?" + query);
+
+ OutputStream rawos = socket.getOutputStream();
+ BufferedOutputStream os = new BufferedOutputStream(rawos);
+ PrintStream ps = new PrintStream(os);
+
+ ps.println("POST " + url + " HTTP/1.0");
+
+ // check to see if we have a cookie to send
+ if (j_session_id != null)
+ ps.println("Cookie: " + j_session_id);
+
+ ps.println("Content-type: application/x-www-form-urlencoded");
+ ps.println("Content-length: " + query.length());
+ ps.println("Connection: Keep-Alive");
+
+ // special header posting if available
+ if (basic_auth_header_value != null) {
+ System.out.println("basic_auth = " + basic_auth_header_value);
+ ps.println("Authorization: Basic " + basic_auth_header_value);
+ }
+
+ ps.println("");
+ ps.println(query);
+ ps.println("\r");
+ ps.flush();
+ os.flush();
+
+ try {
+ hr = readResponse(socket.getInputStream());
+ hr.parseContent();
+
+ } catch (Exception e) {
+ System.out.println("Exception");
+ e.printStackTrace();
+ st = false;
+ }
+
+ socket.close();
+ os.close();
+ rawos.close();
+ ps.close();
+
+ os = null;
+ rawos = null;
+ ps = null;
+
+ }
+
+ catch (Exception e) {
+ System.err.println("Exception: Unable to Send Request:" + e);
+ e.printStackTrace();
+ st = false;
+ }
+
+ if (!st)
+ return null;
+ else
+ return hr;
+ }
+
+ // performs non ssl connect to given host/port
+ // posts the given query data
+ // returns HTTPResponse
+ public HTTPResponse nonsslConnect(String hostname, String portnumber,
+ String url, String query) {
+
+ boolean st = true;
+ HTTPResponse hr = null;
+
+ try {
+
+ System.out.println("#############################################");
+ System.out.println("Attempting to connect to: " + hostname + ":" +
+ portnumber);
+
+ Integer x = new Integer(portnumber);
+ int port = x.intValue();
+
+ Socket socket = new Socket(hostname, port);
+
+ System.out.println("Posting Query = " +
+ "http://" + hostname +
+ ":" + portnumber +
+ "/" + url +
+ "?" + query);
+
+ OutputStream rawos = socket.getOutputStream();
+ BufferedOutputStream os = new BufferedOutputStream(rawos);
+ PrintStream ps = new PrintStream(os);
+
+ System.out.println("Connected.");
+
+ ps.println("POST " + url + " HTTP/1.0");
+
+ // check to see if we have a cookie to send
+ if (j_session_id != null)
+ ps.println("Cookie: " + j_session_id);
+
+ ps.println("Content-type: application/x-www-form-urlencoded");
+ ps.println("Content-length: " + query.length());
+ ps.println("Connection: Keep-Alive");
+
+ // special header posting if available
+ if (basic_auth_header_value != null) {
+ System.out.println("basic_auth = " + basic_auth_header_value);
+ ps.println("Authorization: Basic " + basic_auth_header_value);
+ }
+
+ ps.println("");
+ ps.println(query);
+ ps.println("\r");
+ ps.flush();
+ os.flush();
+
+ try {
+ hr = readResponse(socket.getInputStream());
+ hr.parseContent();
+
+ } catch (Exception e) {
+ System.out.println("Exception");
+ e.printStackTrace();
+ st = false;
+ }
+
+ socket.close();
+ os.close();
+ rawos.close();
+ ps.close();
+
+ os = null;
+ rawos = null;
+ ps = null;
+
+ }
+
+ catch (Exception e) {
+ System.err.println("Exception: Unable to Send Request:" + e);
+ e.printStackTrace();
+ st = false;
+ }
+
+ if (!st)
+ return null;
+ else
+ return hr;
+ }
+
+ public HTTPResponse readResponse(InputStream inputStream)
+ throws Exception {
+ // read response from http input stream and return HTTPResponse
+ byte[] buffer = new byte[BUFFER_SIZE];
+ HTTPResponse response = null;
+ int statusCode = 0;
+
+ // Read an initial chunk of the response from the server.
+ int bytesRead = inputStream.read(buffer);
+ if (bytesRead < 0) {
+ throw new IOException("Unexpected end of input stream from server");
+ }
+
+ // Hopefully, this initial chunk will contain the entire header, so look for
+ // it. Technically, HTTP is supposed to use CRLF as the end-of-line
+ // character, so look for that first, but also check for LF by itself just
+ // in case.
+ int headerEndPos = -1;
+ int dataStartPos = -1;
+ for (int i = 0; i < (bytesRead - 3); i++) {
+ if ((buffer[i] == '\r') && (buffer[i + 1] == '\n') &&
+ (buffer[i + 2] == '\r') && (buffer[i + 3] == '\n')) {
+ headerEndPos = i;
+ dataStartPos = i + 4;
+ break;
+ }
+ }
+
+ if (headerEndPos < 0) {
+ for (int i = 0; i < (bytesRead - 1); i++) {
+ if ((buffer[i] == '\n') && (buffer[i + 1] == '\n')) {
+ headerEndPos = i;
+ dataStartPos = i + 2;
+ break;
+ }
+ }
+ }
+
+ // In the event that we didn't get the entire header in the first pass, keep
+ // reading until we do have enough.
+ if (headerEndPos < 0) {
+ byte[] buffer2 = new byte[BUFFER_SIZE];
+ while (headerEndPos < 0) {
+ int startPos = bytesRead;
+ int moreBytesRead = inputStream.read(buffer2);
+ if (moreBytesRead < 0) {
+ throw new IOException("Unexpected end of input stream from server " +
+ "when reading more data from response");
+ }
+
+ byte[] newBuffer = new byte[bytesRead + moreBytesRead];
+ System.arraycopy(buffer, 0, newBuffer, 0, bytesRead);
+ System.arraycopy(buffer2, 0, newBuffer, bytesRead, moreBytesRead);
+ buffer = newBuffer;
+ bytesRead += moreBytesRead;
+
+ for (int i = startPos; i < (bytesRead - 3); i++) {
+ if ((buffer[i] == '\r') && (buffer[i + 1] == '\n') &&
+ (buffer[i + 2] == '\r') && (buffer[i + 3] == '\n')) {
+ headerEndPos = i;
+ dataStartPos = i + 4;
+ break;
+ }
+ }
+
+ if (headerEndPos < 0) {
+ for (int i = startPos; i < (bytesRead - 1); i++) {
+ if ((buffer[i] == '\n') && (buffer[i + 1] == '\n')) {
+ headerEndPos = i;
+ dataStartPos = i + 2;
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ // At this point, we should have the entire header, so read and analyze it.
+ String headerStr = new String(buffer, 0, headerEndPos);
+ StringTokenizer tokenizer = new StringTokenizer(headerStr, "\r\n");
+ if (tokenizer.hasMoreTokens()) {
+ String statusLine = tokenizer.nextToken();
+ if (debugMode) {
+ System.out.println("RESPONSE STATUS: " + statusLine);
+ }
+
+ int spacePos = statusLine.indexOf(' ');
+ if (spacePos < 0) {
+ System.out.println("ERROR: Unable to parse response header -- could " +
+ "not find protocol/version delimiter");
+ return null;
+
+ }
+
+ String protocolVersion = statusLine.substring(0, spacePos);
+ int spacePos2 = statusLine.indexOf(' ', spacePos + 1);
+ if (spacePos2 < 0) {
+ System.out.println("ERROR: Unable to parse response header -- could " +
+ "not find response code delimiter");
+ return null;
+ }
+
+ try {
+ statusCode = Integer.parseInt(statusLine.substring(spacePos + 1,
+ spacePos2));
+ } catch (NumberFormatException nfe) {
+ System.out.println("Unable to parse response header -- could " +
+ "not interpret status code as an integer");
+ return null;
+ }
+
+ String responseMessage = statusLine.substring(spacePos2 + 1);
+ response = new HTTPResponse(statusCode, protocolVersion,
+ responseMessage);
+
+ while (tokenizer.hasMoreTokens()) {
+ String headerLine = tokenizer.nextToken();
+ if (debugMode) {
+ System.out.println("RESPONSE HEADER: " + headerLine);
+ }
+
+ int colonPos = headerLine.indexOf(':');
+ if (colonPos < 0) {
+ if (headerLine.toLowerCase().startsWith("http/")) {
+ // This is a direct violation of RFC 2616, but certain HTTP servers
+ // seem to immediately follow a 100 continue with a 200 ok without
+ // the required CRLF in between.
+ System.out.println("ERROR: Found illegal status line '" + headerLine +
+ "'in the middle of a response -- attempting " +
+ "to deal with it as the start of a new " +
+ "response.");
+ statusLine = headerLine;
+ spacePos = statusLine.indexOf(' ');
+ if (spacePos < 0) {
+ System.out.println("ERROR: Unable to parse response header -- " +
+ "could not find protocol/version " +
+ "delimiter");
+ return null;
+ }
+
+ protocolVersion = statusLine.substring(0, spacePos);
+ spacePos2 = statusLine.indexOf(' ', spacePos + 1);
+ if (spacePos2 < 0) {
+ System.out.println("ERROR: Unable to parse response header -- " +
+ "could not find response code delimiter");
+ return null;
+ }
+
+ try {
+ statusCode = Integer.parseInt(statusLine.substring(spacePos + 1,
+ spacePos2));
+ } catch (NumberFormatException nfe) {
+ System.out.println("ERROR: Unable to parse response header -- " +
+ "could not interpret status code as an " +
+ "integer");
+ return null;
+ }
+
+ responseMessage = statusLine.substring(spacePos2 + 1);
+ response = new HTTPResponse(statusCode, protocolVersion,
+ responseMessage);
+ continue;
+ } else {
+ System.out.println("ERROR: Unable to parse response header -- no " +
+ "colon found on header line \"" +
+ headerLine + "\"");
+ }
+ }
+
+ String headerName = headerLine.substring(0, colonPos);
+ String headerValue = headerLine.substring(colonPos + 1).trim();
+ response.addHeader(headerName, headerValue);
+ }
+ } else {
+ // This should never happen -- an empty response
+ System.out.println("Unable to parse response header -- empty " +
+ "header");
+ }
+
+ // If the status code was 100 (continue), then it was an intermediate header
+ // and we need to keep reading until we get the real response header.
+ while (response.getStatusCode() == 100) {
+ if (dataStartPos < bytesRead) {
+ byte[] newBuffer = new byte[bytesRead - dataStartPos];
+ System.arraycopy(buffer, dataStartPos, newBuffer, 0, newBuffer.length);
+ buffer = newBuffer;
+ bytesRead = buffer.length;
+
+ headerEndPos = -1;
+ for (int i = 0; i < (bytesRead - 3); i++) {
+ if ((buffer[i] == '\r') && (buffer[i + 1] == '\n') &&
+ (buffer[i + 2] == '\r') && (buffer[i + 3] == '\n')) {
+ headerEndPos = i;
+ dataStartPos = i + 4;
+ break;
+ }
+ }
+
+ if (headerEndPos < 0) {
+ for (int i = 0; i < (bytesRead - 1); i++) {
+ if ((buffer[i] == '\n') && (buffer[i + 1] == '\n')) {
+ headerEndPos = i;
+ dataStartPos = i + 2;
+ break;
+ }
+ }
+ }
+ } else {
+ buffer = new byte[0];
+ bytesRead = 0;
+ headerEndPos = -1;
+ }
+
+ byte[] buffer2 = new byte[BUFFER_SIZE];
+ while (headerEndPos < 0) {
+ int startPos = bytesRead;
+ int moreBytesRead = inputStream.read(buffer2);
+
+ if (moreBytesRead < 0) {
+ throw new IOException("Unexpected end of input stream from server " +
+ "when reading more data from response");
+ }
+
+ byte[] newBuffer = new byte[bytesRead + moreBytesRead];
+ System.arraycopy(buffer, 0, newBuffer, 0, bytesRead);
+ System.arraycopy(buffer2, 0, newBuffer, bytesRead, moreBytesRead);
+ buffer = newBuffer;
+ bytesRead += moreBytesRead;
+
+ for (int i = startPos; i < (bytesRead - 3); i++) {
+ if ((buffer[i] == '\r') && (buffer[i + 1] == '\n') &&
+ (buffer[i + 2] == '\r') && (buffer[i + 3] == '\n')) {
+ headerEndPos = i;
+ dataStartPos = i + 4;
+ break;
+ }
+ }
+
+ if (headerEndPos < 0) {
+ for (int i = startPos; i < (bytesRead - 1); i++) {
+ if ((buffer[i] == '\n') && (buffer[i + 1] == '\n')) {
+ headerEndPos = i;
+ dataStartPos = i + 2;
+ break;
+ }
+ }
+ }
+ }
+
+ // We should now have the next header, so examine it.
+ headerStr = new String(buffer, 0, headerEndPos);
+ tokenizer = new StringTokenizer(headerStr, "\r\n");
+ if (tokenizer.hasMoreTokens()) {
+ String statusLine = tokenizer.nextToken();
+ if (debugMode) {
+ System.out.println("RESPONSE STATUS: " + statusLine);
+ }
+
+ int spacePos = statusLine.indexOf(' ');
+ if (spacePos < 0) {
+ System.out.println("Unable to parse response header -- could " +
+ "not find protocol/version delimiter");
+ }
+
+ String protocolVersion = statusLine.substring(0, spacePos);
+ int spacePos2 = statusLine.indexOf(' ', spacePos + 1);
+ if (spacePos2 < 0) {
+ System.out.println("Unable to parse response header -- could " +
+ "not find response code delimiter");
+ }
+
+ try {
+ statusCode = Integer.parseInt(statusLine.substring(spacePos + 1,
+ spacePos2));
+ } catch (NumberFormatException nfe) {
+ System.out.println("Unable to parse response header -- could " +
+ "not interpret status code as an integer");
+ }
+
+ String responseMessage = statusLine.substring(spacePos2 + 1);
+ response = new HTTPResponse(statusCode, protocolVersion,
+ responseMessage);
+
+ while (tokenizer.hasMoreTokens()) {
+ String headerLine = tokenizer.nextToken();
+ if (debugMode) {
+ System.out.println("RESPONSE HEADER: " + headerLine);
+ }
+
+ int colonPos = headerLine.indexOf(':');
+ if (colonPos < 0) {
+ System.out.println("Unable to parse response header -- no " +
+ "colon found on header line \"" +
+ headerLine + "\"");
+ }
+
+ String headerName = headerLine.substring(0, colonPos);
+ String headerValue = headerLine.substring(colonPos + 1).trim();
+ response.addHeader(headerName, headerValue);
+ }
+ } else {
+ // This should never happen -- an empty response
+ System.out.println("Unable to parse response header -- empty " +
+ "header");
+ }
+ }
+
+ // Now that we have parsed the header, use it to determine how much data
+ // there is. If we're lucky, the server will have told us using the
+ // "Content-Length" header.
+ int contentLength = response.getContentLength();
+
+ if (contentLength >= 0) {
+ readContentDataUsingLength(response, inputStream, contentLength, buffer,
+ dataStartPos, bytesRead);
+ } else {
+ // It's not chunked encoding, so our last hope is that the connection
+ // will be closed when all the data has been sent.
+ String connectionStr = response.getHeader("connection");
+ if ((connectionStr != null) &&
+ (!connectionStr.equalsIgnoreCase("close"))) {
+ System.out.println("ERROR:Unable to determine how to find when the " +
+ "end of the data has been reached (no " +
+ "content length, not chunked encoding, " +
+ "connection string is \"" + connectionStr +
+ "\" rather than \"close\")");
+ } else {
+ readContentDataUsingConnectionClose(response, inputStream, buffer,
+ dataStartPos, bytesRead);
+ }
+ }
+ // Finally, return the response to the caller.
+ return response;
+ }
+
+ /**
+ * Reads the actual data of the response based on the content length provided
+ * by the server in the response header.
+ *
+ * @param response The response with which the data is associated.
+ * @param inputStream The input stream from which to read the response.
+ * @param contentLength The number of bytes that the server said are in the
+ * response.
+ * @param dataRead The data that we have already read. This includes
+ * the header data, but may also include some or all of
+ * the content data as well.
+ * @param dataStartPos The position in the provided array at which the
+ * content data starts.
+ * @param dataBytesRead The total number of valid bytes in the provided
+ * array that should be considered part of the
+ * response (the number of header bytes is included in
+ * this count).
+ *
+ * @throws IOException If a problem occurs while reading data from the
+ * server.
+ */
+ private void readContentDataUsingLength(HTTPResponse response,
+ InputStream inputStream,
+ int contentLength, byte[] dataRead,
+ int dataStartPos, int dataBytesRead)
+ throws IOException {
+ if (contentLength <= 0) {
+ response.setResponseData(new byte[0]);
+ return;
+ }
+
+ byte[] contentBytes = new byte[contentLength];
+ int startPos = 0;
+ if (dataBytesRead > dataStartPos) {
+ // We've already got some data to include in the header, so copy that into
+ // the content array. Make sure the server didn't do something stupid
+ // like return more data than it told us was in the response.
+ int bytesToCopy = Math.min(contentBytes.length,
+ (dataBytesRead - dataStartPos));
+ System.arraycopy(dataRead, dataStartPos, contentBytes, 0, bytesToCopy);
+ startPos = bytesToCopy;
+ }
+
+ byte[] buffer = new byte[BUFFER_SIZE];
+ while (startPos < contentBytes.length) {
+ int bytesRead = inputStream.read(buffer);
+ if (bytesRead < 0) {
+ throw new IOException("Unexpected end of input stream reached when " +
+ "reading data from the server");
+ }
+
+ System.arraycopy(buffer, 0, contentBytes, startPos, bytesRead);
+ startPos += bytesRead;
+ }
+
+ response.setResponseData(contentBytes);
+ }
+
+ /**
+ * Reads the actual data of the response using chunked encoding, which is a
+ * way for the server to provide the data in several chunks rather than all at
+ * once.
+ *
+ * @param response The response with which the data is associated.
+ * @param inputStream The input stream from which to read the response.
+ * @param dataRead The data that we have already read. This includes
+ * the header data, but may also include some or all of
+ * the content data as well.
+ * @param dataStartPos The position in the provided array at which the
+ * content data starts.
+ * @param dataBytesRead The total number of valid bytes in the provided
+ * array that should be considered part of the
+ * response (the number of header bytes is included in
+ * this count).
+ *
+ * @throws IOException If a problem occurs while reading data from the
+ * server.
+ */
+ private void readContentDataUsingConnectionClose(HTTPResponse response,
+ InputStream inputStream,
+ byte[] dataRead,
+ int dataStartPos,
+ int dataBytesRead)
+ throws IOException {
+ // Create an array list that we will use to hold the chunks of information
+ // read from the server.
+ ArrayList<ByteBuffer> bufferList = new ArrayList<ByteBuffer>();
+
+ // Create a variable to hold the total number of bytes in the data.
+ int totalBytes = 0;
+
+ // See if we have unread data in the array already provided.
+ int existingBytes = dataBytesRead - dataStartPos;
+ if (existingBytes > 0) {
+ ByteBuffer byteBuffer = ByteBuffer.allocate(existingBytes);
+ byteBuffer.put(dataRead, dataStartPos, existingBytes);
+ bufferList.add(byteBuffer);
+ totalBytes += existingBytes;
+ }
+
+ // Keep reading until we hit the end of the input stream.
+ byte[] buffer = new byte[BUFFER_SIZE];
+ while (true) {
+ try {
+ int bytesRead = inputStream.read(buffer);
+ if (bytesRead < 0) {
+ // We've hit the end of the stream and therefore the end of the
+ // document.
+ break;
+ } else if (bytesRead > 0) {
+ ByteBuffer byteBuffer = ByteBuffer.allocate(bytesRead);
+ byteBuffer.put(buffer, 0, bytesRead);
+ bufferList.add(byteBuffer);
+ totalBytes += bytesRead;
+ }
+ } catch (IOException ioe) {
+ // In this case we'll assume that the end of the stream has been
+ // reached. It's possible that there was some other error, but we can't
+ // do anything about it so try to process what we've got so far.
+ System.out.println("ERROR: unable to read until end of stream");
+ System.out.println("ERROR: " + ioe.getMessage());
+ break;
+ }
+ }
+
+ // Assemble the contents of all the buffers into a big array and store that
+ // array in the response.
+ int startPos = 0;
+ byte[] contentData = new byte[totalBytes];
+ for (int i = 0; i < bufferList.size(); i++) {
+ ByteBuffer byteBuffer = (ByteBuffer) bufferList.get(i);
+ byteBuffer.flip();
+ byteBuffer.get(contentData, startPos, byteBuffer.limit());
+ startPos += byteBuffer.limit();
+ }
+ response.setResponseData(contentData);
+ }
+
+ // performs ssl connect to given host/port
+ // posts the given query data - format - a byte array
+ // returns HTTPResponse
+
+ public HTTPResponse sslConnect(String hostname, String portnumber,
+ String url, byte[] data) {
+
+ boolean st = true;
+ HTTPResponse hr = null;
+
+ try {
+
+ System.out.println("#############################################");
+ System.out.println("Attempting to connect to: " + hostname + ":" +
+ portnumber);
+
+ Integer x = new Integer(portnumber);
+ int port = x.intValue();
+
+ SSLCertificateApprovalCallback approvalCallback =
+ new TestCertApprovalCallback();
+ SSLClientCertificateSelectionCallback certSelectionCallback =
+ new TestClientCertificateSelectionCallback();
+
+ Socket js = new Socket(InetAddress.getByName(hostname), port);
+ SSLSocket socket = new SSLSocket(js, hostname, approvalCallback,
+ certSelectionCallback);
+ setCipherPref(socket);
+ disableSSL2(socket);
+ socket.forceHandshake();
+ System.out.println("Connected.");
+ socket.setUseClientMode(true);
+
+ DataOutputStream dos =
+ new DataOutputStream(socket.getOutputStream());
+ dos.writeBytes("POST /ocsp HTTP/1.0\r\n");
+ dos.writeBytes("Content-length: " + data.length + "\r\n");
+ dos.writeBytes("\r\n");
+ dos.write(data);
+ dos.writeBytes("\r\n");
+ dos.flush();
+
+ try {
+ hr = readResponse(socket.getInputStream());
+ hr.parseContent();
+ } catch (Exception e) {
+ System.out.println("Exception");
+ e.printStackTrace();
+ st = false;
+ }
+
+ socket.close();
+ dos.close();
+
+ }
+
+ catch (Exception e) {
+ System.err.println("Exception: Unable to Send Request:" + e);
+ e.printStackTrace();
+ st = false;
+ }
+
+ if (!st)
+ return null;
+ else
+ return hr;
+ }
+
+ // performs non ssl connect to given host/port
+ // posts the given query data
+ // returns HTTPResponse
+ public HTTPResponse nonsslConnect(String hostname, String portnumber,
+ String url, byte[] data) {
+
+ boolean st = true;
+ HTTPResponse hr = null;
+
+ try {
+
+ System.out.println("#############################################");
+ System.out.println("Attempting to connect to: " + hostname + ":" +
+ portnumber);
+
+ Integer x = new Integer(portnumber);
+ int port = x.intValue();
+
+ Socket socket = new Socket(hostname, port);
+
+ System.out.println("Posting Query = " +
+ "http://" + hostname +
+ ":" + portnumber +
+ "/" + url);
+
+ System.out.println("Connected.");
+
+ DataOutputStream dos =
+ new DataOutputStream(socket.getOutputStream());
+ dos.writeBytes("POST " + url + " HTTP/1.0\r\n");
+ dos.writeBytes("Content-length: " + data.length + "\r\n");
+ dos.writeBytes("\r\n");
+ dos.write(data);
+ dos.writeBytes("\r\n");
+ dos.flush();
+
+ try {
+ hr = readResponse(socket.getInputStream());
+ hr.parseContent();
+ } catch (Exception e) {
+ System.out.println("Exception");
+ e.printStackTrace();
+ st = false;
+ }
+
+ socket.close();
+ dos.close();
+
+ }
+
+ catch (Exception e) {
+ System.err.println("Exception: Unable to Send Request:" + e);
+ e.printStackTrace();
+ st = false;
+ }
+
+ if (!st)
+ return null;
+ else
+ return hr;
+ }
+
+ public static boolean init_nss() {
+ try {
+
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
+ cCrypt.setDebug(true);
+ cCrypt.setGenerateRequest(false);
+ cCrypt.loginDB();
+ } catch (Exception e) {
+ System.out.println("ERROR: unable to login to : " +
+ client_certdb_dir);
+ return false;
+ }
+
+ return true;
+ }
+
+ public static void main(String args[]) throws UnsupportedEncodingException {
+ HTTPClient hc = new HTTPClient();
+ HTTPResponse hr = null;
+
+ // parse args
+ StringHolder x_hostname = new StringHolder();
+ StringHolder x_port = new StringHolder();
+ StringHolder x_ssl = new StringHolder();
+ StringHolder x_client_certdb_dir = new StringHolder();
+ StringHolder x_client_certdb_pwd = new StringHolder();
+ StringHolder x_client_cert_nickname = new StringHolder();
+ StringHolder x_uri = new StringHolder();
+ StringHolder x_query = new StringHolder();
+ StringHolder x_request_type = new StringHolder();
+ StringHolder x_auth_type = new StringHolder();
+ StringHolder x_user_id = new StringHolder();
+ StringHolder x_user_password = new StringHolder();
+ StringHolder x_debug = new StringHolder();
+ StringHolder x_decode = new StringHolder();
+
+ // parse the args
+ ArgParser parser = new ArgParser("HTTPClient");
+
+ parser.addOption("-hostname %s #Hostname",
+ x_hostname);
+ parser.addOption("-port %s #port number",
+ x_port);
+ parser.addOption("-ssl %s #HTTP or HTTPS[true or false]",
+ x_ssl);
+ parser.addOption("-client_certdb_dir %s #CertDB dir",
+ x_client_certdb_dir);
+ parser.addOption("-client_certdb_pwd %s #CertDB password",
+ x_client_certdb_pwd);
+ parser.addOption("-client_cert_nickname %s #client cert nickname",
+ x_client_cert_nickname);
+ parser.addOption("-uri %s #URI",
+ x_uri);
+ parser.addOption("-query %s #URL encoded query string[note: url encode value part only for CS operations]",
+ x_query);
+ parser.addOption("-request_type %s #Request Type [ post ]",
+ x_request_type);
+ parser.addOption("-user_id %s #user id for authorization",
+ x_user_id);
+ parser.addOption("-user_password %s #password for authorization",
+ x_user_password);
+ parser.addOption("-auth_type %s #type of authorization [ BASIC ]",
+ x_auth_type);
+ parser.addOption("-debug %s #enables display of debugging info",
+ x_debug);
+ parser.addOption("-decode %s #URL Decode the resulting output",
+ x_decode);
+
+ // and then match the arguments
+ String[] unmatched = null;
+ unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED);
+
+ if (unmatched != null) {
+ System.out.println("ERROR: Argument Mismatch");
+ System.exit(-1);
+ }
+
+ // set variables
+ cs_hostname = x_hostname.value;
+ cs_port = x_port.value;
+ ssl = x_ssl.value;
+ client_certdb_dir = x_client_certdb_dir.value;
+ client_certdb_pwd = x_client_certdb_pwd.value;
+ client_cert_nickname = x_client_cert_nickname.value;
+ uri = x_uri.value;
+ query = x_query.value;
+ request_type = x_request_type.value;
+ user_id = x_user_id.value;
+ user_password = x_user_password.value;
+ auth_type = x_auth_type.value;
+ debug = x_debug.value;
+
+ String decode = x_decode.value;
+
+ // init_nss if needed
+ boolean st = init_nss();
+ if (!st)
+ System.exit(-1);
+
+ // set basic auth if needed
+ if (auth_type != null && auth_type.equalsIgnoreCase("BASIC")) {
+ // BASE64Encoder encoder = new BASE64Encoder();
+
+ // String temp = encoder.encodeBuffer((user_id +
+ // ":" + user_password).getBytes());
+ String temp = Utils.base64encode((user_id +
+ ":" + user_password).getBytes());
+
+ // note: temp already contains \r and \n.
+ // remove \r and \n from the base64 encoded string.
+ // causes problems when sending http post requests
+ // using PrintStream.println()
+
+ temp = temp.replaceAll("\\r", "");
+ temp = temp.replaceAll("\\n", "");
+
+ basic_auth_header_value = temp;
+ }
+
+ // route to proper function
+
+ if (ssl != null && ssl.equalsIgnoreCase("true")) {
+ if (client_cert_nickname != null &&
+ !client_cert_nickname.equalsIgnoreCase("null")) {
+ // ssl client auth call
+
+ hr = hc.sslConnectClientAuth(cs_hostname, cs_port,
+ client_cert_nickname,
+ uri, query);
+ }
+
+ else {
+ // ssl client call
+ hr = hc.sslConnect(cs_hostname, cs_port, uri, query);
+ }
+ } else if (ssl != null && ssl.equalsIgnoreCase("false")) {
+ // non ssl connect
+ hr = hc.nonsslConnect(cs_hostname, cs_port, uri, query);
+ } else {
+ System.out.println("ERROR: ssl parameter is null");
+ System.exit(-1);
+ }
+
+ // collect and print response
+
+ if (hr.getStatusCode() == 200)
+ System.out.println("Response from Host:" + cs_hostname + " OK");
+ else {
+ System.out.println("ERROR: unable to get response from host:" +
+ cs_hostname);
+ System.exit(-1);
+ }
+
+ String responseValue = null;
+ if (decode.equalsIgnoreCase("true"))
+ responseValue = URLDecoder.decode(hr.getHTML(), "UTF-8");
+ else
+ responseValue = hr.getHTML();
+
+ System.out.println("###############################");
+ System.out.println("RESULT=" + responseValue);
+ System.out.println("###############################");
+
+ }
+
+};
diff --git a/base/silent/src/com/netscape/pkisilent/http/HTTPResponse.java b/base/silent/src/com/netscape/pkisilent/http/HTTPResponse.java
new file mode 100644
index 000000000..9ade1c133
--- /dev/null
+++ b/base/silent/src/com/netscape/pkisilent/http/HTTPResponse.java
@@ -0,0 +1,314 @@
+package com.netscape.pkisilent.http;
+
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import java.util.ArrayList;
+import java.util.StringTokenizer;
+
+import com.netscape.pkisilent.common.Utilities;
+
+public class HTTPResponse {
+ // The set of cookie values included in this response.
+ ArrayList<String> cookieValueList;
+
+ // The names of the headers included in this response.
+ ArrayList<String> headerNameList;
+
+ // The values of the headers included in this response.
+ ArrayList<String> headerValueList;
+
+ // The actual data associated with this response.
+ byte[] responseData;
+
+ // The HTML document included in the response, if appropriate.
+ HTMLDocument htmlDocument;
+
+ // The number of bytes contained in the content of the response.
+ int contentLength;
+
+ // The HTTP status code for the response.
+ int statusCode;
+
+ // The MIME type of the response.
+ String contentType;
+
+ // The protocol version string for this response.
+ String protolVersion;
+
+ // The response message for this response.
+ String responseMessage;
+
+ // Parsed Content Name/Value pair info
+ ArrayList<String> contentName;
+ ArrayList<String> contentValue;
+
+ /**
+ * Creates a new HTTP response with the provided status code.
+ *
+ * @param statusCode The HTTP status code for this response.
+ * @param protocolVersion The protocol and version for this response.
+ * @param responseMessage The message associated with this response.
+ */
+ public HTTPResponse(int statusCode, String protocolVersion,
+ String responseMessage) {
+ this.statusCode = statusCode;
+ this.protolVersion = protocolVersion;
+ this.responseMessage = responseMessage;
+
+ htmlDocument = null;
+ contentType = null;
+ contentLength = -1;
+ responseData = new byte[0];
+ cookieValueList = new ArrayList<String>();
+ headerNameList = new ArrayList<String>();
+ headerValueList = new ArrayList<String>();
+ contentName = new ArrayList<String>();
+ contentValue = new ArrayList<String>();
+ }
+
+ /**
+ * Retrieves the status code for this HTTP response.
+ *
+ * @return The status code for this HTTP response.
+ */
+ public int getStatusCode() {
+ return statusCode;
+ }
+
+ /**
+ * Retrieves the protocol version for this HTTP response.
+ *
+ * @return The protocol version for this HTTP response.
+ */
+ public String getProtocolVersion() {
+ return protolVersion;
+ }
+
+ /**
+ * Retrieves the response message for this HTTP response.
+ *
+ * @return The response message for this HTTP response.
+ */
+ public String getResponseMessage() {
+ return responseMessage;
+ }
+
+ /**
+ * Retrieves the value of the header with the specified name. If the
+ * specified header has more than one value, then only the first will be
+ * retrieved.
+ *
+ * @return The value of the header with the specified name, or <CODE>null</CODE> if no such header is available.
+ */
+ public String getHeader(String headerName) {
+ String lowerName = headerName.toLowerCase();
+
+ for (int i = 0; i < headerNameList.size(); i++) {
+ if (lowerName.equals(headerNameList.get(i))) {
+ return headerValueList.get(i);
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Retrieves the set of values for the specified header.
+ *
+ * @return The set of values for the specified header.
+ */
+ public String[] getHeaderValues(String headerName) {
+ ArrayList<String> valueList = new ArrayList<String>();
+ String lowerName = headerName.toLowerCase();
+
+ for (int i = 0; i < headerNameList.size(); i++) {
+ if (lowerName.equals(headerNameList.get(i))) {
+ valueList.add(headerValueList.get(i));
+ }
+ }
+
+ String[] values = new String[valueList.size()];
+ valueList.toArray(values);
+ return values;
+ }
+
+ /**
+ * Adds a header with the given name and value to this response.
+ *
+ * @param headerName The name of the header to add to this response.
+ * @param headerValue The value of the header to add to this response.
+ */
+ public void addHeader(String headerName, String headerValue) {
+ String lowerName = headerName.toLowerCase();
+ headerNameList.add(lowerName);
+ headerValueList.add(headerValue);
+
+ if (lowerName.equals("content-length")) {
+ try {
+ contentLength = Integer.parseInt(headerValue);
+ } catch (NumberFormatException nfe) {
+ }
+ } else if (lowerName.equals("content-type")) {
+ contentType = headerValue;
+ } else if (lowerName.equals("set-cookie")) {
+ cookieValueList.add(headerValue);
+ }
+ }
+
+ /**
+ * Retrieves a two-dimensional array containing the header data for this
+ * response, with each element being an array containing a name/value pair.
+ *
+ * @return A two-dimensional array containing the header data for this
+ * response.
+ */
+ public String[][] getHeaderElements() {
+ String[][] headerElements = new String[headerNameList.size()][2];
+ for (int i = 0; i < headerNameList.size(); i++) {
+ headerElements[i][0] = headerNameList.get(i);
+ headerElements[i][1] = headerValueList.get(i);
+ }
+
+ return headerElements;
+ }
+
+ /**
+ * Retrieves the raw data included in this HTTP response. If the response did
+ * not include any data, an empty array will be returned.
+ *
+ * @return The raw data included in this HTTP response.
+ */
+ public byte[] getResponseData() {
+ return responseData;
+ }
+
+ public String getHTML() {
+ String htmlString = new String(responseData);
+ return htmlString;
+ }
+
+ public String getHTMLwithoutTags() {
+ String htmlString = new String(responseData);
+ HTMLDocument htmldocument = new HTMLDocument(htmlString);
+ return htmldocument.getTextData();
+ }
+
+ public void parseContent() {
+ // parse the responseData byte[] buffer and split content into name
+ // value pair
+ String htmlString = new String(responseData);
+ StringTokenizer st = new StringTokenizer(htmlString, "\n");
+ Utilities ut = new Utilities();
+
+ while (st.hasMoreTokens()) {
+ String line = st.nextToken();
+ // format for line assumed to be name="value"; format
+
+ int eqPos = line.indexOf('=');
+ if (eqPos != -1) {
+ String name = line.substring(0, eqPos);
+ String tempval = line.substring(eqPos + 1).trim();
+ String value = ut.cleanupQuotes(ut.removechar(tempval));
+
+ // add to array
+ this.contentName.add(name.trim());
+ this.contentValue.add(value);
+ }
+
+ }
+
+ }
+
+ public String getContentValue(String headerName) {
+ for (int i = 0; i < contentName.size(); i++) {
+ if (headerName.equals(contentName.get(i))) {
+ return contentValue.get(i);
+ }
+ }
+
+ return null;
+ }
+
+ public ArrayList<String> getContentNames() {
+ return contentName;
+ }
+
+ public ArrayList<String> getContentValues() {
+ return contentValue;
+ }
+
+ /**
+ * Sets the actual data associated with this response.
+ *
+ * @param responseData The actual data associated with this response.
+ */
+ public void setResponseData(byte[] responseData) {
+ if (responseData == null) {
+ this.responseData = new byte[0];
+ } else {
+ this.responseData = responseData;
+ }
+ }
+
+ /**
+ * Retrieves the content length associated with this response.
+ *
+ * @return The content length associated with this response, or -1 if no
+ * content length is available.
+ */
+ public int getContentLength() {
+ return contentLength;
+ }
+
+ /**
+ * Retrieves the content type associated with this response.
+ *
+ * @return The content type associated with this response, or <CODE>null</CODE> if no content type is available.
+ */
+ public String getContentType() {
+ return contentType;
+ }
+
+ /**
+ * Retrieves an array containing the values of the cookies that should be set
+ * based on the information in this response.
+ *
+ * @return An array containing the values of the cookies that should be set
+ * based on the information in this response.
+ */
+ public String[] getCookieValues() {
+ String[] cookieValues = new String[cookieValueList.size()];
+ cookieValueList.toArray(cookieValues);
+ return cookieValues;
+ }
+
+ public String getCookieValue(String headerName) {
+ for (int i = 0; i < cookieValueList.size(); i++) {
+ System.out.println("cookie list: " + cookieValueList.get(i));
+
+ String temp = cookieValueList.get(i);
+ if (temp.startsWith(headerName)) {
+ return cookieValueList.get(i);
+ }
+ }
+
+ return null;
+ }
+
+}
diff --git a/base/silent/templates/pki_silent.template b/base/silent/templates/pki_silent.template
new file mode 100755
index 000000000..93ff5849a
--- /dev/null
+++ b/base/silent/templates/pki_silent.template
@@ -0,0 +1,1732 @@
+#!/bin/bash
+## BEGIN COPYRIGHT BLOCK
+## (C) 2009 Red Hat, Inc.
+## All rights reserved.
+## END COPYRIGHT BLOCK
+
+
+## Always switch into this base directory
+## prior to script execution so that all
+## of its output is written to this directory
+
+cd `dirname $0`
+
+
+## Disallow script to be run as the name of this template
+pki_silent_script=`basename $0`
+if [ "${pki_silent_script}" = "pki_silent.template" ] ; then
+ printf "\n"
+ printf "Usage: (1) Install AND configure a directory server instance.\n\n"
+ printf " (2) Install, but do NOT configure ALL six\n"
+ printf " 'default' PKI subsystem instances.\n\n"
+ printf " (3) Install the 'pki-silent' package.\n\n"
+ printf " (4) Copy '$0' to a new script name\n"
+ printf " without the '.template' extension.\n"
+ printf " (e .g. - 'configure_default_pki_instances')\n\n"
+ printf " (5) Fill in all MANDATORY user-defined variables\n"
+ printf " in the new script.\n\n"
+ printf " (6) Change any OPTIONAL user-defined variables\n"
+ printf " in the new script as desired.\n\n"
+ printf " (7) Become the 'root' user, and execute the new script to\n"
+ printf " configure ALL six 'default' PKI subsystem instances.\n\n"
+ exit 255
+fi
+
+
+##
+## This script MUST be run as root!
+##
+
+ROOTUID=0
+
+OS=`uname`
+if [ "${OS}" = "Linux" ] ; then
+ MY_EUID=`/usr/bin/id -u`
+ MY_UID=`/usr/bin/id -ur`
+ USERNAME=`/usr/bin/id -un`
+else
+ printf "ERROR: Unsupported operating system '${OS}'!\n"
+ exit 255
+fi
+
+if [ "${MY_UID}" != "${ROOTUID}" ] &&
+ [ "${MY_EUID}" != "${ROOTUID}" ] ; then
+ printf "ERROR: The '$0' script must be run as root!\n"
+ exit 255
+fi
+
+
+
+##############################################################################
+##############################################################################
+## ##
+## P K I S I L E N T - V A R I A B L E D E C L A R A T I O N ##
+## ##
+##############################################################################
+##############################################################################
+
+##############################################################################
+## U S E R - D E F I N E D V A R I A B L E S ( M A N D A T O R Y ) ##
+##############################################################################
+
+##
+## IMPORTANT: 'Escape' ALL spaces in EACH variable specified below!
+##
+## For Example:
+##
+## pki_security_domain_name="My\ Security\ Domain"
+##
+
+## PKI Silent Security Database Variables
+## (e. g. - PKI Silent "browser" database)
+pki_silent_security_database_repository="/tmp"
+pki_silent_security_database_password=
+
+## PKI Security Domain Variables
+## (e. g. - Security Domain Login Panel)
+pki_security_domain_name=
+pki_security_domain_host=`hostname`
+pki_security_domain_admin_name=admin
+pki_security_domain_admin_password=
+
+## PKI Internal LDAP Database Variables
+## (e. g. - Database Panel)
+pki_ldap_host=localhost
+pki_ldap_port=389
+pki_bind_dn="cn=Directory\ Manager"
+pki_bind_password=
+
+## PKI Instance-Specific Token Variables
+## (e. g. - Module Panel)
+ca_token_name=internal
+ca_token_password=
+
+kra_token_name=internal
+kra_token_password=
+
+ocsp_token_name=internal
+ocsp_token_password=
+
+tks_token_name=internal
+tks_token_password=
+
+ra_token_name=internal
+ra_token_password=
+
+tps_token_name=internal
+tps_token_password=
+
+## PKI Instance-Specific Backup Variables
+## (e. g. - Backup Key and Certificates Panel)
+ca_backup_password=
+kra_backup_password=
+ocsp_backup_password=
+tks_backup_password=
+
+## PKI Email Variables
+##
+## For example, to specify 'pkitest@example.com':
+##
+## pki_email_name=pkitest
+## pki_email_company=example
+## pki_email_domain=com
+##
+pki_email_name=
+pki_email_company=
+pki_email_domain=
+
+## PKI Silent Admin Variables
+## (e. g. - Import Admin Certificate into PKI Silent "browser" database)
+pki_silent_admin_user=admin
+pki_silent_admin_password=
+pki_silent_admin_email="${pki_email_name}\@${pki_email_company}\.${pki_email_domain}"
+
+
+
+##############################################################################
+## P R E - D E F I N E D " D E F A U L T " V A R I A B L E S ##
+##############################################################################
+
+## PKI Subsystem Host (computed by default)
+pki_host=`hostname`
+
+## PKI Subsystem Names
+ca_subsystem_name="Certificate\ Authority"
+kra_subsystem_name="Data\ Recovery\ Manager"
+ocsp_subsystem_name="OCSP\ Responder"
+tks_subsystem_name="Token\ Key\ Service"
+ra_subsystem_name="Registration\ Authority"
+tps_subsystem_name="Token\ Processing\ System"
+
+## PKI Subsystem Instance Names
+ca_instance_name="pki-ca"
+kra_instance_name="pki-kra"
+ocsp_instance_name="pki-ocsp"
+tks_instance_name="pki-tks"
+ra_instance_name="pki-ra"
+tps_instance_name="pki-tps"
+
+## PKI Subsystem Init Script Names
+ca_init_script="pki-cad"
+kra_init_script="pki-krad"
+ocsp_init_script="pki-ocspd"
+tks_init_script="pki-tksd"
+ra_init_script="pki-rad"
+tps_init_script="pki-tpsd"
+
+##
+## NOTE: Default PKI Instance Ports
+##
+## CA, DRM, OCSP, TKS:
+##
+## *180 - non-secure port (not role specific)
+## *701 - non-secure Tomcat port
+## *443 - secure EE port
+## *444 - secure Agent port
+## *445 - secure Admin port
+##
+## RA, TPS:
+##
+## *888 - non-secure port
+## *889 - secure port (clientauth)
+## *890 - secure port (non-clientauth)
+##
+##
+## For Example:
+##
+## semanage port -l | grep pki
+##
+## pki_ca_port_t tcp 9180, 9701, 9443, 9444, 9445
+## pki_kra_port_t tcp 10180, 10701, 10443, 10444, 10445
+## pki_ocsp_port_t tcp 11180, 11701, 11443, 11444, 11445
+## pki_ra_port_t tcp 12890, 12888, 12889
+## pki_tks_port_t tcp 13180, 13701, 13443, 13444, 13445
+## pki_tps_port_t tcp 7890, 7888, 7889
+##
+
+## CA ports
+ca_nonssl_port=9180
+ca_agent_port=9443
+ca_ee_port=9444
+ca_admin_port=9445
+
+## DRM ports
+kra_nonssl_port=10180
+kra_agent_port=10443
+kra_ee_port=10444
+kra_admin_port=10445
+
+## OCSP ports
+ocsp_nonssl_port=11180
+ocsp_agent_port=11443
+ocsp_ee_port=11444
+ocsp_admin_port=11445
+
+## TKS ports
+tks_nonssl_port=13180
+tks_agent_port=13443
+tks_ee_port=13444
+tks_admin_port=13445
+
+## RA ports
+ra_nonssl_port=12888
+ra_clientauth_port=12889
+ra_nonclientauth_port=12890
+
+## TPS ports
+tps_nonssl_port=7888
+tps_clientauth_port=7889
+tps_nonclientauth_port=7890
+
+
+
+##############################################################################
+## U S E R - D E F I N E D V A R I A B L E S ( O P T I O N A L ) ##
+##############################################################################
+
+## PKI Silent Log Files
+pki_silent_ca_log=/tmp/ca.log
+pki_silent_kra_log=/tmp/kra.log
+pki_silent_ocsp_log=/tmp/ocsp.log
+pki_silent_ra_log=/tmp/ra.log
+pki_silent_tks_log=/tmp/tks.log
+pki_silent_tps_log=/tmp/tps.log
+
+
+##
+## NOTE: For comparison's sake, if the default instances were manually
+## configured using a Firefox browser, the content of the corresponding
+## Firefox browser's security libraries would be something similar
+## to this:
+##
+## Certificate Nickname Trust Attributes
+## SSL,S/MIME,JAR/XPI
+##
+## Certificate Authority - ${pki_security_domain_name} CT,C,C
+## CA Administrator of Instance ${ca_instance_name}'s
+## ${pki_security_domain_name} ID u,u,u
+## KRA Administrator of Instance ${kra_instance_name}'s
+## ${pki_security_domain_name} ID u,u,u
+## OCSP Administrator of Instance ${ocsp_instance_name}'s
+## ${pki_security_domain_name} ID u,u,u
+## TKS Administrator of Instance ${tks_instance_name}'s
+## ${pki_security_domain_name} ID u,u,u
+## RA Administrator's ${pki_security_domain_name} ID u,u,u
+## TPS Administrator's ${pki_security_domain_name} ID u,u,u
+##
+## where:
+##
+## Nickname: "Certificate Authority - "
+## + "${pki_security_domain_name}"
+## Subject Name: "cn=Certificate Authority,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "CA Administrator of Instance "
+## + "${ca_instance_name}'s "
+## + "${pki_security_domain_name} ID"
+## Subject Name: "cn=CA Administrator of Instance "
+## + "${ca_instance_name},"
+## + "uid=admin,"
+## + "e=${pki_silent_admin_email},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "KRA Administrator of Instance "
+## + "${kra_instance_name}'s "
+## + "${pki_security_domain_name} ID"
+## Subject Name: "cn=KRA Administrator of Instance "
+## + "${kra_instance_name},"
+## + "uid=admin,"
+## + "e=${pki_silent_admin_email},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "OCSP Administrator of Instance "
+## + "${ocsp_instance_name}'s "
+## + "${pki_security_domain_name} ID"
+## Subject Name: "cn=OCSP Administrator of Instance "
+## + "${ocsp_instance_name},"
+## + "uid=admin,"
+## + "e=${pki_silent_admin_email},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "TKS Administrator of Instance "
+## + "${tks_instance_name}'s "
+## + "${pki_security_domain_name} ID"
+## Subject Name: "cn=TKS Administrator of Instance "
+## + "${tks_instance_name},"
+## + "uid=admin,"
+## + "e=${pki_silent_admin_email},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "RA Administrator's "
+## + "${pki_security_domain_name} ID"
+## Subject Name: "cn=RA Administrator,"
+## + "uid=admin,"
+## + "e=${pki_silent_admin_email},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "TPS Administrator's "
+## + "${pki_security_domain_name} ID"
+## Subject Name: "cn=TPS Administrator,"
+## + "uid=admin,"
+## + "e=${pki_silent_admin_email},"
+## + "o=${pki_security_domain_name}"
+##
+
+
+## Miscellaneous CA Variables
+##
+## REMINDER: 'Escape' ALL spaces in EACH variable specified below!
+##
+## NOTE: For comparison's sake, if the default instances were manually
+## configured using a Firefox browser, the content of the corresponding
+## "/var/lib/${ca_instance_name}/alias/" security libraries would be
+## something similar to this:
+##
+## Certificate Nickname Trust Attributes
+## SSL,S/MIME,JAR/XPI
+##
+## ocspSigningCert cert-${ca_instance_name} u,u,u
+## subsystemCert cert-${ca_instance_name} u,u,u
+## caSigningCert cert-${ca_instance_name} CTu,Cu,Cu
+## Server-Cert cert-${ca_instance_name} u,u,u
+## auditSigningCert cert-${ca_instance_name} u,u,u
+##
+## where:
+##
+## Nickname: "caSigningCert cert-${ca_instance_name}"
+## Subject Name: "cn=Certificate Authority,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "subsystemCert cert-${ca_instance_name}"
+## Subject Name: "cn=CA Subsystem Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "ocspSigningCert cert-${ca_instance_name}"
+## Subject Name: "cn=OCSP Signing Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Server-Cert cert-${ca_instance_name}"
+## Subject Name: "cn=${pki_host},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "auditSigningCert cert-${ca_instance_name}"
+## Subject Name: "cn=CA Audit Signing Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+## NOTE: The parameters for the signing and key algorithms have the following meaning:
+## ca_key_algorithm - signature algorithm used to sign the CA certificate
+## ca_signing_algorithm - signature algorithm used by the CA and OCSP signing certs to sign objects.
+## ca_signing_signingalgorithm - optionally specify the algorithm used by the CA signing cert to sign objects
+## ca_ocsp_signing_signingalgorithm - optionally specify the algorithm used by the CA ocsp signing cert to sign objects
+##
+## NOTE: Additional variables to specify the LDAP connection are as follows:
+## remove_data - set to true/false. Remove any existing data found under the baseDN
+## secure_conn - use the ldaps port
+ca_agent_name="CA\ Administrator\ of\ Instance\ ${ca_instance_name}\'s\ ${pki_security_domain_name}\ ID"
+ca_agent_key_size=2048
+ca_agent_key_type=rsa
+ca_agent_cert_subject="cn=CA\ Administrator\ of\ Instance\ ${ca_instance_name},uid=admin,e=${pki_silent_admin_email},o=${pki_security_domain_name}"
+ca_base_dn="dc=${pki_host}-${ca_instance_name}"
+ca_db_name="${pki_host}-${ca_instance_name}"
+ca_key_size=2048
+ca_key_type=rsa
+ca_key_algorithm=SHA256withRSA
+ca_signing_algorithm=SHA256withRSA
+ca_signing_signingalgorithm=SHA256withRSA
+ca_ocsp_signing_signingalgorithm=SHA256withRSA
+ca_save_p12=false
+ca_sign_cert_subject_name="cn=Certificate\ Authority,o=${pki_security_domain_name}"
+ca_subsystem_cert_subject_name="cn=CA\ Subsystem\ Certificate,o=${pki_security_domain_name}"
+ca_ocsp_cert_subject_name="cn=OCSP\ Signing\ Certificate,o=${pki_security_domain_name}"
+ca_server_cert_subject_name="cn=${pki_host},o=${pki_security_domain_name}"
+ca_audit_signing_cert_subject_name="cn=CA\ Audit\ Signing\ Certificate,o=${pki_security_domain_name}"
+
+## Optional CA Variables for creating a clone CA
+##
+## It is possible for pkisilent to create a CA that is a clone of a previously
+## installed CA (the master CA). To do so, the keys of the master CA must
+## first be backed up in a pk12 file, and this file should be copied to the
+## alias directory of the clone CA. This file should have read permission for
+## the PKI user (pkisuer).
+##
+## An example file would be /var/lib/ca-clone/alias/ca-master.p12.
+##
+## The following variables should then be uncommented and defined for the clone CA.
+## ca_clone=true
+## ca_clone_p12_file=
+## ca_clone_p12_password=
+## clone_uri=
+## sd_hostname=
+## sd_admin_port=
+## sd_admin_name=
+## sd_admin_password=
+## clone_start_tls=false
+##
+## NOTES:
+## 1. ca_clone_p12_file must be just the filename relative to the alias directory.
+## So in the example above, ca_clone_p12_file="ca-master.p12"
+## 2. sd_* refer to the CA where the security domain is hosted.
+## 3. clone_uri has the following format: https://<hostname>:<EE port> fo the CA to be cloned
+## 4. clone_start_tls can be set to true if we require replication between the master and clone databases
+## to be encrypted using startTLS on the standard (non-ldaps) port. The databases must
+## be ssl enabled first or the replication will fail.
+##
+## ADDITIONAL NOTES:
+## 1. The clone CA and master CA cannot share the same database instance. A new
+## instance should be created for the clone CA.
+## 2. The variables ca_base_dn and ca_db_name defined above MUST be identical to the
+## ca_base_dn and ca_db_name of the master CA. The following assignments attempt
+## to ensure this is correct.
+##
+## ca_master_instance_name=
+## ca_base_dn="dc=${pki_host}-${ca_master_instance_name}"
+## ca_db_name="${pki_host}-${ca_master_instance_name}"
+
+## Optional CA variables for creating a CA using an external CA
+##
+## It is possible to configure a CA that has its certificates signed by an external CA.
+## This is a two step process.
+##
+## In the first step, pkisilent will create a CSR to be signed by the external CA
+## and write it to the file specified. If this file is not specified, the default
+## location /tmp/ext_ca.csr is used.
+##
+## The following parameters are required:
+## ca_external=true
+## ca_ext_csr_file=
+##
+## Once the CSR is approved by the external CA, the resulting certificate and CA
+## cert chain are copied into files on the system.
+##
+## pkisilent is then rerun for the second step, providing the cert and cert chain files as
+## parameters. For the second step, the following parameters are then required:
+##
+## ca_external=true
+## ca_ext_cert_file=
+## ca_ext_cert_chain_file=
+
+## Miscellaneous DRM Variables
+##
+## REMINDER: 'Escape' ALL spaces in EACH variable specified below!
+##
+## NOTE: For comparison's sake, if the default instances were manually
+## configured using a Firefox browser, the content of the corresponding
+## "/var/lib/${kra_instance_name}/alias/" security libraries would be
+## something similar to this:
+##
+## Certificate Nickname Trust Attributes
+## SSL,S/MIME,JAR/XPI
+##
+## transportCert cert-${kra_instance_name} u,u,u
+## Server-Cert cert-${kra_instance_name} u,u,u
+## auditSigningCert cert-${kra_instance_name} u,u,u
+## Certificate Authority - ${pki_security_domain_name} CT,c,
+## storageCert cert-${kra_instance_name} u,u,u
+## subsystemCert cert-${kra_instance_name} u,u,u
+##
+## where:
+##
+## Nickname: "transportCert cert-${kra_instance_name}"
+## Subject Name: "cn=DRM Transport Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Server-Cert cert-${kra_instance_name}"
+## Subject Name: "cn=${pki_host},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "auditSigningCert cert-${kra_instance_name}"
+## Subject Name: "cn=DRM Audit Signing Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Certificate Authority - "
+## + "${pki_security_domain_name}"
+## Subject Name: "cn=Certificate Authority,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "storageCert cert-${kra_instance_name}"
+## Subject Name: "cn=DRM Storage Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "subsystemCert cert-${kra_instance_name}"
+## Subject Name: "cn=DRM Subsystem Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+
+## Optional CA Variables for creating a clone DRM
+##
+## It is possible for pkisilent to create a DRM that is a clone of a previously
+## installed DRM (the master DRM). To do so, the keys of the master DRM must
+## first be backed up in a pk12 file, and this file should be copied to the
+## alias directory of the clone DRM. This file should have read permission for
+## the PKI user (pkiuser).
+##
+## An example file would be /var/lib/drm-clone/alias/drm-master.p12.
+##
+## The following variables should then be uncommented and defined for the clone CA.
+## kra_clone=true
+## kra_clone_p12_file=
+## kra_clone_p12_password=
+## kra_clone_uri=
+## clone_start_tls=false
+##
+## NOTES:
+## 1. drm_clone_p12_file must be just the filename relative to the alias directory.
+## So in the example above, drm_clone_p12_file="drm-master.p12"
+## 2. drm_clone_uri has the following format: https://<hostname>:<EE port> of the DRM to be cloned
+## 3. clone_start_tls can be set to true if we require replication between the master and clone databases
+## to be encrypted using startTLS on the standard (non-ldaps) port. The databases must
+## be ssl enabled first or the replication will fail.
+##
+## ADDITIONAL NOTES:
+## 1. The clone DRM and master DRM cannot share the same database instance. A new
+## instance should be created for the clone DRM.
+## 2. The variables kra_base_dn and kra_db_name defined above MUST be identical to the
+## kra_base_dn and kra_name of the master CA. The following assignments attempt
+## to ensure this is correct.
+##
+## kra_master_instance_name=
+## kra_base_dn="dc=${pki_host}-${kra_master_instance_name}"
+## kra_db_name="${pki_host}-${kra_master_instance_name}"
+
+kra_agent_name="KRA\ Administrator\ of\ Instance\ ${kra_instance_name}\'s\ ${pki_security_domain_name}\ ID"
+kra_agent_key_size=2048
+kra_agent_key_type=rsa
+kra_agent_cert_subject="cn=KRA\ Administrator\ of\ Instance\ ${kra_instance_name},uid=admin,e=${pki_silent_admin_email},o=${pki_security_domain_name}"
+kra_base_dn="dc=${pki_host}-${kra_instance_name}"
+kra_db_name="${pki_host}-${kra_instance_name}"
+kra_key_size=2048
+kra_key_type=rsa
+kra_transport_cert_subject_name="cn=DRM\ Transport\ Certificate,o=${pki_security_domain_name}"
+kra_subsystem_cert_subject_name="cn=DRM\ Subsystem\ Certificate,o=${pki_security_domain_name}"
+kra_storage_cert_subject_name="cn=DRM\ Storage\ Certificate,o=${pki_security_domain_name}"
+kra_server_cert_subject_name="cn=${pki_host},o=${pki_security_domain_name}"
+kra_audit_signing_cert_subject_name="cn=DRM\ Audit\ Signing\ Certificate,o=${pki_security_domain_name}"
+
+
+## Miscellaneous OCSP Variables
+##
+## REMINDER: 'Escape' ALL spaces in EACH variable specified below!
+##
+## NOTE: For comparison's sake, if the default instances were manually
+## configured using a Firefox browser, the content of the corresponding
+## "/var/lib/${ocsp_instance_name}/alias/" security libraries would be
+## something similar to this:
+##
+## Certificate Nickname Trust Attributes
+## SSL,S/MIME,JAR/XPI
+##
+## ocspSigningCert cert-${ocsp_instance_name} CTu,Cu,Cu
+## subsystemCert cert-${ocsp_instance_name} u,u,u
+## Certificate Authority - ${pki_security_domain_name} CT,c,
+## Server-Cert cert-${ocsp_instance_name} u,u,u
+## auditSigningCert cert-${ocsp_instance_name} u,u,u
+##
+## where:
+##
+## Nickname: "ocspSigningCert cert-${ocsp_instance_name}"
+## Subject Name: "cn=OCSP Signing Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "subsystemCert cert-${ocsp_instance_name}"
+## Subject Name: "cn=OCSP Subsystem Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Certificate Authority - "
+## + "${pki_security_domain_name}"
+## Subject Name: "cn=Certificate Authority,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Server-Cert cert-${ocsp_instance_name}"
+## Subject Name: "cn=${pki_host},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "auditSigningCert cert-${ocsp_instance_name}"
+## Subject Name: "cn=OCSP Audit Signing Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+
+ocsp_agent_name="OCSP\ Administrator\ of\ Instance\ ${ocsp_instance_name}\'s\ ${pki_security_domain_name}\ ID"
+ocsp_agent_key_size=2048
+ocsp_agent_key_type=rsa
+ocsp_agent_cert_subject="cn=OCSP\ Administrator\ of\ Instance\ ${ocsp_instance_name},uid=admin,e=${pki_silent_admin_email},o=${pki_security_domain_name}"
+ocsp_base_dn="dc=${pki_host}-${ocsp_instance_name}"
+ocsp_db_name="${pki_host}-${ocsp_instance_name}"
+ocsp_key_size=2048
+ocsp_key_type=rsa
+ocsp_sign_cert_subject_name="cn=OCSP\ Signing\ Certificate,o=${pki_security_domain_name}"
+ocsp_subsystem_cert_subject_name="cn=OCSP\ Subsystem\ Certificate,o=${pki_security_domain_name}"
+ocsp_server_cert_subject_name="cn=${pki_host},o=${pki_security_domain_name}"
+ocsp_audit_signing_cert_subject_name="cn=OCSP\ Audit\ Signing\ Certificate,o=${pki_security_domain_name}"
+
+
+## Miscellaneous TKS Variables
+##
+## REMINDER: 'Escape' ALL spaces in EACH variable specified below!
+##
+## NOTE: For comparison's sake, if the default instances were manually
+## configured using a Firefox browser, the content of the corresponding
+## "/var/lib/${tks_instance_name}/alias/" security libraries would be
+## something similar to this:
+##
+## Certificate Nickname Trust Attributes
+## SSL,S/MIME,JAR/XPI
+##
+## subsystemCert cert-${tks_instance_name} u,u,u
+## DRM Transport Certificate - ${pki_security_domain_name} c,c,c
+## Certificate Authority - ${pki_security_domain_name} CT,c,
+## Server-Cert cert-${tks_instance_name} u,u,u
+## auditSigningCert cert-${tks_instance_name} u,u,u
+##
+## where:
+##
+## Nickname: "subsystemCert cert-${tks_instance_name}"
+## Subject Name: "cn=TKS Subsystem Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "DRM Transport Certificate - "
+## + "${pki_security_domain_name}"
+## Subject Name: "cn=DRM Transport Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Certificate Authority - "
+## + "${pki_security_domain_name}"
+## Subject Name: "cn=Certificate Authority,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Server-Cert cert-${tks_instance_name}"
+## Subject Name: "cn=${pki_host},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "auditSigningCert cert-${tks_instance_name}"
+## Subject Name: "cn=TKS Audit Signing Certificate,"
+## + "o=${pki_security_domain_name}"
+##
+
+tks_agent_name="TKS\ Administrator\ of\ Instance\ ${tks_instance_name}\'s\ ${pki_security_domain_name}\ ID"
+tks_agent_key_size=2048
+tks_agent_key_type=rsa
+tks_agent_cert_subject="cn=TKS\ Administrator\ of\ Instance\ ${tks_instance_name},uid=admin,e=${pki_silent_admin_email},o=${pki_security_domain_name}"
+tks_base_dn="dc=${pki_host}-${tks_instance_name}"
+tks_db_name="${pki_host}-${tks_instance_name}"
+tks_key_size=2048
+tks_key_type=rsa
+tks_subsystem_cert_subject_name="cn=TKS\ Subsystem\ Certificate,o=${pki_security_domain_name}"
+tks_server_cert_subject_name="cn=${pki_host},o=${pki_security_domain_name}"
+tks_audit_signing_cert_subject_name="cn=TKS\ Audit\ Signing\ Certificate,o=${pki_security_domain_name}"
+
+
+## Miscellaneous RA Variables
+##
+## REMINDER: 'Escape' ALL spaces in EACH variable specified below!
+##
+## NOTE: For comparison's sake, if the default instances were manually
+## configured using a Firefox browser, the content of the corresponding
+## "/var/lib/${ra_instance_name}/alias/" security libraries would be
+## something similar to this:
+##
+## Certificate Nickname Trust Attributes
+## SSL,S/MIME,JAR/XPI
+##
+## subsystemCert cert-${ra_instance_name} u,u,u
+## caCert CT,C,C
+## Server-Cert cert-${ra_instance_name} u,u,u
+##
+## where:
+##
+## Nickname: "subsystemCert cert-${ra_instance_name}"
+## Subject Name: "cn=RA Subsystem Certificate,"
+## + "ou=${ra_instance_name},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "caCert"
+## Subject Name: "cn=Certificate Authority,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Server-Cert cert-${ra_instance_name}"
+## Subject Name: "cn=${pki_host},"
+## + "ou=${ra_instance_name},"
+## + "o=${pki_security_domain_name}"
+##
+
+ra_chosen_ca_hostname=${pki_security_domain_host}
+ra_chosen_ca_nonssl_port=${ca_nonssl_port}
+ra_chosen_ca_ssl_port=${ca_ee_port}
+ra_chosen_ca_admin_port=${ca_admin_port}
+ra_agent_name="RA\ Administrator\'s\ ${pki_security_domain_name}\ ID"
+ra_agent_key_size=2048
+ra_agent_key_type=rsa
+ra_agent_cert_subject="cn=RA\ Administrator,uid=admin,e=${pki_silent_admin_email},o=${pki_security_domain_name}"
+ra_key_size=2048
+ra_key_type=rsa
+ra_server_cert_nickname="Server-Cert\ cert-${ra_instance_name}"
+ra_server_cert_subject_name="cn=${pki_host},ou=${ra_instance_name},o=${pki_security_domain_name}"
+ra_subsystem_cert_nickname="subsystemCert\ cert-${ra_instance_name}"
+ra_subsystem_cert_subject_name="cn=RA\ Subsystem\ Certificate,ou=${ra_instance_name},o=${pki_security_domain_name}"
+
+
+## Miscellaneous TPS Variables
+##
+## REMINDER: 'Escape' ALL spaces in EACH variable specified below!
+##
+## NOTE: For comparison's sake, if the default instances were manually
+## configured using a Firefox browser, the content of the corresponding
+## "/var/lib/${tps_instance_name}/alias/" security libraries would be
+## something similar to this:
+##
+## Certificate Nickname Trust Attributes
+## SSL,S/MIME,JAR/XPI
+##
+## subsystemCert cert-${tps_instance_name} u,u,u
+## caCert CT,C,C
+## Server-Cert cert-${tps_instance_name} u,u,u
+## auditSigningCert cert-${tps_instance_name} u,u,u
+##
+## where:
+##
+## Nickname: "subsystemCert cert-${tps_instance_name}"
+## Subject Name: "cn=TPS Subsystem Certificate,"
+## + "ou=${tps_instance_name},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "caCert"
+## Subject Name: "cn=Certificate Authority,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Server-Cert cert-${tps_instance_name}"
+## Subject Name: "cn=${pki_host},"
+## + "ou=${tps_instance_name},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "auditSigningCert cert-${tps_instance_name}"
+## Subject Name: "cn=TPS Audit Signing Certificate,"
+## + "ou=${tps_instance_name},"
+## + "o=${pki_security_domain_name}"
+##
+
+tps_chosen_ca_hostname=${pki_security_domain_host}
+tps_chosen_ca_nonssl_port=${ca_nonssl_port}
+tps_chosen_ca_ssl_port=${ca_ee_port}
+tps_chosen_ca_admin_port=${ca_admin_port}
+tps_chosen_tks_hostname=${pki_host}
+tps_chosen_tks_ssl_port=${tks_ee_port}
+tps_chosen_drm_hostname=${pki_host}
+tps_chosen_drm_ssl_port=${kra_ee_port}
+tps_agent_name="TPS\ Administrator\'s\ ${pki_security_domain_name}\ ID"
+tps_agent_key_size=2048
+tps_agent_key_type=rsa
+tps_agent_cert_subject="cn=TPS\ Administrator,uid=admin,e=${pki_silent_admin_email},o=${pki_security_domain_name}"
+tps_ldap_auth_host=localhost
+tps_ldap_auth_port=389
+tps_ldap_auth_base_dn="dc=${pki_email_company},dc=${pki_email_domain}"
+tps_base_dn="dc=${pki_host}-${tps_instance_name}"
+tps_db_name="${pki_host}-${tps_instance_name}"
+tps_key_size=2048
+tps_key_type=rsa
+tps_ss_keygen=true
+tps_server_cert_subject_name="cn=${pki_host},ou=${tps_instance_name},o=${pki_security_domain_name}"
+tps_server_cert_nickname="Server-Cert\ cert-${tps_instance_name}"
+tps_subsystem_cert_subject_name="cn=TPS\ Subsystem\ Certificate,ou=${tps_instance_name},o=${pki_security_domain_name}"
+tps_subsystem_cert_nickname="subsystemCert\ cert-${tps_instance_name}"
+tps_audit_signing_cert_subject_name="cn=TPS\ Audit\ Signing\ Certificate,ou=${tps_instance_name},o=${pki_security_domain_name}"
+tps_audit_signing_cert_nickname="auditSigningCert\ cert-${tps_instance_name}"
+
+
+
+##############################################################################
+##############################################################################
+## ##
+## P K I S I L E N T - S U B S Y S T E M C O N F I G U R A T I O N ##
+## ##
+##############################################################################
+##############################################################################
+
+##############################################################################
+## P K I S I L E N T I N I T I A L I Z A T I O N ##
+##############################################################################
+
+## (1) Make certain that user has defined all MANDATORY user-defined variables!
+usage_errors=0
+usage_error_preamble="ERROR: User MUST define a value for"
+
+if [ "${pki_silent_security_database_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_silent_security_database_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_security_domain_name}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_security_domain_name'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_security_domain_admin_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_security_domain_admin_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_bind_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_bind_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${ca_token_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'ca_token_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${kra_token_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'kra_token_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${ocsp_token_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'ocsp_token_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${tks_token_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'tks_token_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${ra_token_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'ra_token_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${tps_token_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'tps_token_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${ca_backup_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'ca_backup_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${kra_backup_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'kra_backup_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${ocsp_backup_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'ocsp_backup_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${tks_backup_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'tks_backup_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_email_name}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_email_name'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_email_company}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_email_company'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_email_domain}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_email_domain'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_silent_admin_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_silent_admin_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+
+
+## (2) Make certain that a PKI instance of the specified name EXISTS,
+## but has NOT been previously CONFIGURED!
+existence_errors=0
+existence_error_preamble="ERROR: No PKI Instance named"
+configuration_errors=0
+configuration_error_preamble="ERROR: A PKI Instance named"
+configuration_error_postamble="EXISTS,\n but has PREVIOUSLY been CONFIGURED!"
+
+if [ ! -f "/var/lib/${ca_instance_name}/conf/CS.cfg" ] ; then
+ printf "${existence_error_preamble} '${ca_instance_name}' EXISTS!\n"
+ existence_errors=`expr ${existence_errors} + 1`
+else
+ ca_configuration_check=`grep -c preop /var/lib/${ca_instance_name}/conf/CS.cfg`
+ if [ ${ca_configuration_check} -eq 0 ] ; then
+ printf "${configuration_error_preamble} '${ca_instance_name}' "
+ printf "${configuration_error_postamble}\n"
+ configuration_errors=`expr ${configuration_errors} + 1`
+ fi
+fi
+if [ ! -f "/var/lib/${kra_instance_name}/conf/CS.cfg" ] ; then
+ printf "${existence_error_preamble} '${kra_instance_name}' EXISTS!\n"
+ existence_errors=`expr ${existence_errors} + 1`
+else
+ kra_configuration_check=`grep -c preop /var/lib/${kra_instance_name}/conf/CS.cfg`
+ if [ ${kra_configuration_check} -eq 0 ] ; then
+ printf "${configuration_error_preamble} '${kra_instance_name}' "
+ printf "${configuration_error_postamble}\n"
+ configuration_errors=`expr ${configuration_errors} + 1`
+ fi
+fi
+if [ ! -f "/var/lib/${ocsp_instance_name}/conf/CS.cfg" ] ; then
+ printf "${existence_error_preamble} '${ocsp_instance_name}' EXISTS!\n"
+ existence_errors=`expr ${existence_errors} + 1`
+else
+ ocsp_configuration_check=`grep -c preop /var/lib/${ocsp_instance_name}/conf/CS.cfg`
+ if [ ${ocsp_configuration_check} -eq 0 ] ; then
+ printf "${configuration_error_preamble} '${ocsp_instance_name}' "
+ printf "${configuration_error_postamble}\n"
+ configuration_errors=`expr ${configuration_errors} + 1`
+ fi
+fi
+if [ ! -f "/var/lib/${tks_instance_name}/conf/CS.cfg" ] ; then
+ printf "${existence_error_preamble} '${tks_instance_name}' EXISTS!\n"
+ existence_errors=`expr ${existence_errors} + 1`
+else
+ tks_configuration_check=`grep -c preop /var/lib/${tks_instance_name}/conf/CS.cfg`
+ if [ ${tks_configuration_check} -eq 0 ] ; then
+ printf "${configuration_error_preamble} '${tks_instance_name}' "
+ printf "${configuration_error_postamble}\n"
+ configuration_errors=`expr ${configuration_errors} + 1`
+ fi
+fi
+if [ ! -f "/var/lib/${ra_instance_name}/conf/CS.cfg" ] ; then
+ printf "${existence_error_preamble} '${ra_instance_name}' EXISTS!\n"
+ existence_errors=`expr ${existence_errors} + 1`
+else
+ ra_configuration_check=`grep -c preop /var/lib/${ra_instance_name}/conf/CS.cfg`
+ if [ ${ra_configuration_check} -eq 0 ] ; then
+ printf "${configuration_error_preamble} '${ra_instance_name}' "
+ printf "${configuration_error_postamble}\n"
+ configuration_errors=`expr ${configuration_errors} + 1`
+ fi
+fi
+if [ ! -f "/var/lib/${tps_instance_name}/conf/CS.cfg" ] ; then
+ printf "${existence_error_preamble} '${tps_instance_name}' EXISTS!\n"
+ existence_errors=`expr ${existence_errors} + 1`
+else
+ tps_configuration_check=`grep -c preop /var/lib/${tps_instance_name}/conf/CS.cfg`
+ if [ ${tps_configuration_check} -eq 0 ] ; then
+ printf "${configuration_error_preamble} '${tps_instance_name}' "
+ printf "${configuration_error_postamble}\n"
+ configuration_errors=`expr ${configuration_errors} + 1`
+ fi
+fi
+
+
+if [ ${usage_errors} -ne 0 ] ||
+ [ ${existence_errors} -ne 0 ] ||
+ [ ${configuration_errors} -ne 0 ] ; then
+ printf "\n"
+ printf "Please correct ALL errors listed above and re-run\n"
+ printf "the '$0' script!\n\n"
+ exit 255
+fi
+
+
+## (3) Make certain that 'pkisilent' exists and is executable on this system.
+if [ ! -x "/usr/bin/pkisilent" ] ; then
+ printf "\n"
+ printf "ERROR: Please install the 'pki-silent' package and re-run\n"
+ printf "the '$0' script!\n\n"
+ exit 255
+fi
+
+
+## (4) Check for old PKI Silent Security Databases, but DO NOT remove them!
+## Instead, inform the user and exit this script.
+if [ -f "${pki_silent_security_database_repository}/cert8.db" ] ||
+ [ -f "${pki_silent_security_database_repository}/key3.db" ] ||
+ [ -f "${pki_silent_security_database_repository}/secmod.db" ] ; then
+ printf "\n"
+ printf "WARNING: At least one of the security databases\n"
+ printf " (i. e. - 'cert8.db', 'key3.db', and/or 'secmod.db')\n"
+ printf " required by '${pki_silent_script}' exists at the\n"
+ printf " specified location '${pki_silent_security_database_repository}'.\n"
+ printf "\n"
+ printf " Please MANUALLY move or erase these security database(s),\n"
+ printf " or specify a different location before re-running this script.\n\n"
+ exit 255
+fi
+
+
+## (5) Remove ALL old PKI Silent log files
+printf "Removing old PKI Silent log files:\n"
+if [ -f ${pki_silent_ca_log} ] ; then
+ printf " Removing old '${pki_silent_ca_log}' . . . "
+ rm ${pki_silent_ca_log}
+ printf "done.\n"
+fi
+if [ -f ${pki_silent_kra_log} ] ; then
+ printf " Removing old '${pki_silent_kra_log}' . . . "
+ rm ${pki_silent_kra_log}
+ printf "done.\n"
+fi
+if [ -f ${pki_silent_ocsp_log} ] ; then
+ printf " Removing old '${pki_silent_ocsp_log}' . . . "
+ rm ${pki_silent_ocsp_log}
+ printf "done.\n"
+fi
+if [ -f ${pki_silent_tks_log} ] ; then
+ printf " Removing old '${pki_silent_tks_log}' . . . "
+ rm ${pki_silent_tks_log}
+ printf "done.\n"
+fi
+if [ -f ${pki_silent_ra_log} ] ; then
+ printf " Removing old '${pki_silent_ra_log}' . . . "
+ rm ${pki_silent_ra_log}
+ printf "done.\n"
+fi
+if [ -f ${pki_silent_tps_log} ] ; then
+ printf " Removing old '${pki_silent_tps_log}' . . . "
+ rm ${pki_silent_tps_log}
+ printf "done.\n"
+fi
+printf "Done.\n\n"
+
+
+
+##############################################################################
+## C A L C U L A T E P K I I N S T A N C E P I N S ##
+##############################################################################
+
+## PKI Subsystem Instance PINS
+ca_preop_pin=`cat /var/lib/${ca_instance_name}/conf/CS.cfg \
+ | grep preop.pin | grep -v grep | awk -F= '{print $2}'`
+kra_preop_pin=`cat /var/lib/${kra_instance_name}/conf/CS.cfg \
+ | grep preop.pin | grep -v grep | awk -F= '{print $2}'`
+ocsp_preop_pin=`cat /var/lib/${ocsp_instance_name}/conf/CS.cfg \
+ | grep preop.pin | grep -v grep | awk -F= '{print $2}'`
+tks_preop_pin=`cat /var/lib/${tks_instance_name}/conf/CS.cfg \
+ | grep preop.pin | grep -v grep | awk -F= '{print $2}'`
+ra_preop_pin=`cat /var/lib/${ra_instance_name}/conf/CS.cfg \
+ | grep preop.pin | grep -v grep | awk -F= '{print $2}'`
+tps_preop_pin=`cat /var/lib/${tps_instance_name}/conf/CS.cfg \
+ | grep preop.pin | grep -v grep | awk -F= '{print $2}'`
+
+
+
+##############################################################################
+## C E R T I F I C A T E A U T H O R I T Y ##
+##############################################################################
+##
+## For example, upon completion,
+## execute '/sbin/service ${ca_init_script} status ${ca_instance_name}':
+##
+## ${ca_instance_name} (pid 7843) is running ...
+##
+## Unsecure Port = http://${pki_host}:9180/ca/ee/ca
+## Secure Agent Port = https://${pki_host}:9443/ca/agent/ca
+## Secure EE Port = https://${pki_host}:9444/ca/ee/ca
+## Secure Admin Port = https://${pki_host}:9445/ca/services
+## PKI Console Port = pkiconsole https://${pki_host}:9445/ca
+## Tomcat Port = 9701 (for shutdown)
+##
+##
+## Security Domain URL:
+## ==================================================================
+## https://${pki_host}:9445
+## ==================================================================
+##
+
+## Configure CA
+printf "'${pki_silent_script}': Configuring '${ca_instance_name}' . . .\n"
+pkisilent ConfigureCA \
+ -cs_hostname "${pki_host}" \
+ -cs_port ${ca_admin_port} \
+ -client_certdb_dir ${pki_silent_security_database_repository} \
+ -client_certdb_pwd ${pki_silent_security_database_password} \
+ -preop_pin ${ca_preop_pin} \
+ -domain_name "${pki_security_domain_name}" \
+ -admin_user ${pki_silent_admin_user} \
+ -admin_password ${pki_silent_admin_password} \
+ -admin_email "${pki_silent_admin_email}" \
+ -agent_name ${ca_agent_name} \
+ -agent_key_size ${ca_agent_key_size} \
+ -agent_key_type ${ca_agent_key_type} \
+ -agent_cert_subject "${ca_agent_cert_subject}" \
+ -ldap_host ${pki_ldap_host} \
+ -ldap_port ${pki_ldap_port} \
+ -bind_dn "${pki_bind_dn}" \
+ -bind_password ${pki_bind_password} \
+ -base_dn "${ca_base_dn}" \
+ -db_name "${ca_db_name}" \
+ -key_size ${ca_key_size} \
+ -key_type ${ca_key_type} \
+ -key_algorithm ${ca_key_algorithm} \
+ -signing_algorithm ${ca_signing_algorithm} \
+ -signing_signingalgorithm ${ca_signing_signingalgorithm} \
+ -ocsp_signing_signingalgorithm ${ca_ocsp_signing_signingalgorithm} \
+ -save_p12 ${ca_save_p12} \
+ -subsystem_name ${ca_subsystem_name} \
+ -token_name ${ca_token_name} \
+ -token_pwd ${ca_token_password} \
+ -ca_sign_cert_subject_name "${ca_sign_cert_subject_name}" \
+ -ca_subsystem_cert_subject_name "${ca_subsystem_cert_subject_name}" \
+ -ca_ocsp_cert_subject_name "${ca_ocsp_cert_subject_name}" \
+ -ca_server_cert_subject_name "${ca_server_cert_subject_name}" \
+ -ca_audit_signing_cert_subject_name \
+ "${ca_audit_signing_cert_subject_name}" \
+ | tee ${pki_silent_ca_log}
+
+## Restart CA
+/sbin/service ${ca_init_script} restart ${ca_instance_name}
+
+
+##############################################################################
+## C E R T I F I C A T E A U T H O R I T Y (Clone) ##
+##############################################################################
+##
+## Use this to create a clone CA ..
+##
+## For example, upon completion,
+## execute '/sbin/service ${ca_init_script} status ${ca_instance_name}':
+##
+## ${ca_instance_name} (pid 7843) is running ...
+##
+## Unsecure Port = http://${pki_host}:9180/ca/ee/ca
+## Secure Agent Port = https://${pki_host}:9443/ca/agent/ca
+## Secure EE Port = https://${pki_host}:9444/ca/ee/ca
+## Secure Admin Port = https://${pki_host}:9445/ca/services
+## PKI Console Port = pkiconsole https://${pki_host}:9445/ca
+## Tomcat Port = 9701 (for shutdown)
+##
+##
+## Security Domain URL:
+## ==================================================================
+## https://${pki_host}:9445
+## ==================================================================
+##
+
+## Configure clone CA
+# printf "'${pki_silent_script}': Configuring '${ca_instance_name}' . . .\n"
+# pkisilent ConfigureCA \
+# -cs_hostname "${pki_host}" \
+# -cs_port ${ca_admin_port} \
+# -client_certdb_dir ${pki_silent_security_database_repository} \
+# -client_certdb_pwd ${pki_silent_security_database_password} \
+# -preop_pin ${ca_preop_pin} \
+# -domain_name "${pki_security_domain_name}" \
+# -admin_user ${pki_silent_admin_user} \
+# -admin_password ${pki_silent_admin_password} \
+# -admin_email "${pki_silent_admin_email}" \
+# -agent_name ${ca_agent_name} \
+# -agent_key_size ${ca_agent_key_size} \
+# -agent_key_type ${ca_agent_key_type} \
+# -agent_cert_subject "${ca_agent_cert_subject}" \
+# -ldap_host ${pki_ldap_host} \
+# -ldap_port ${pki_ldap_port} \
+# -bind_dn "${pki_bind_dn}" \
+# -bind_password ${pki_bind_password} \
+# -base_dn "${ca_base_dn}" \
+# -db_name "${ca_db_name}" \
+# -key_size ${ca_key_size} \
+# -key_type ${ca_key_type} \
+# -key_algorithm ${ca_key_algorithm} \
+# -save_p12 ${ca_save_p12} \
+# -subsystem_name ${ca_subsystem_name} \
+# -token_name ${ca_token_name} \
+# -token_pwd ${ca_token_password} \
+# -ca_sign_cert_subject_name "${ca_sign_cert_subject_name}" \
+# -ca_subsystem_cert_subject_name "${ca_subsystem_cert_subject_name}" \
+# -ca_ocsp_cert_subject_name "${ca_ocsp_cert_subject_name}" \
+# -ca_server_cert_subject_name "${ca_server_cert_subject_name}" \
+# -ca_audit_signing_cert_subject_name \
+# "${ca_audit_signing_cert_subject_name}" \
+# -clone ${ca_clone} \
+# -clone_p12_file ${ca_clone_p12_file} \
+# -clone_p12_password ${ca_clone_p12_password} \
+# -clone_uri ${clone_uri} \
+# -sd_hostname ${sd_hostname} \
+# -sd_admin_port ${sd_admin_port} \
+# -sd_admin_name ${sd_admin_name} \
+# -sd_admin_password ${sd_admin_password} \
+# -clone_start_tls ${clone_start_tls} \
+# | tee ${pki_silent_ca_log}
+
+## Restart CA
+#/sbin/service ${ca_init_script} restart ${ca_instance_name}
+
+##############################################################################
+## C E R T I F I C A T E A U T H O R I T Y (External CA - step 1) ##
+##############################################################################
+##
+## Use this invocation for the first step in creating a CA signed by
+## and external CA ..
+##
+## For example, upon completion,
+##
+## A Certificate Request has been generated and stored in /tmp/ext_ca_csr.csr
+## Please submit this CSR to your external CA and obtain the CA Cert and CA Cert Chain"
+
+## Configure CA signed by external CA (step 1)
+# printf "'${pki_silent_script}': First step in configuring '${ca_instance_name}' . . .\n"
+# pkisilent ConfigureCA \
+# -cs_hostname "${pki_host}" \
+# -cs_port ${ca_admin_port} \
+# -client_certdb_dir ${pki_silent_security_database_repository} \
+# -client_certdb_pwd ${pki_silent_security_database_password} \
+# -preop_pin ${ca_preop_pin} \
+# -domain_name "${pki_security_domain_name}" \
+# -admin_user ${pki_silent_admin_user} \
+# -admin_password ${pki_silent_admin_password} \
+# -admin_email "${pki_silent_admin_email}" \
+# -agent_name ${ca_agent_name} \
+# -agent_key_size ${ca_agent_key_size} \
+# -agent_key_type ${ca_agent_key_type} \
+# -agent_cert_subject "${ca_agent_cert_subject}" \
+# -ldap_host ${pki_ldap_host} \
+# -ldap_port ${pki_ldap_port} \
+# -bind_dn "${pki_bind_dn}" \
+# -bind_password ${pki_bind_password} \
+# -base_dn "${ca_base_dn}" \
+# -db_name "${ca_db_name}" \
+# -key_size ${ca_key_size} \
+# -key_type ${ca_key_type} \
+# -key_algorithm ${ca_key_algorithm} \
+# -signing_algorithm ${ca_signing_algorithm} \
+# -signing_signingalgorithm ${ca_signing_signingalgorithm} \
+# -ocsp_signing_signingalgorithm ${ca_ocsp_signing_signingalgorithm} \
+# -save_p12 ${ca_save_p12} \
+# -subsystem_name ${ca_subsystem_name} \
+# -token_name ${ca_token_name} \
+# -token_pwd ${ca_token_password} \
+# -ca_sign_cert_subject_name "${ca_sign_cert_subject_name}" \
+# -ca_subsystem_cert_subject_name "${ca_subsystem_cert_subject_name}" \
+# -ca_ocsp_cert_subject_name "${ca_ocsp_cert_subject_name}" \
+# -ca_server_cert_subject_name "${ca_server_cert_subject_name}" \
+# -ca_audit_signing_cert_subject_name \
+# "${ca_audit_signing_cert_subject_name}" \
+# -external ${ca_external} \
+# -ext_csr_file ${ca_ext_csr_file} \
+# | tee ${pki_silent_ca_log}
+
+## Restart CA
+#/sbin/service ${ca_init_script} restart ${ca_instance_name}
+
+##############################################################################
+## C E R T I F I C A T E A U T H O R I T Y (External CA step 2) ##
+##############################################################################
+##
+## Use this to create a CA signed by an external CA (step 2)
+##
+## For example, upon completion,
+## execute '/sbin/service ${ca_init_script} status ${ca_instance_name}':
+##
+## ${ca_instance_name} (pid 7843) is running ...
+##
+## Unsecure Port = http://${pki_host}:9180/ca/ee/ca
+## Secure Agent Port = https://${pki_host}:9443/ca/agent/ca
+## Secure EE Port = https://${pki_host}:9444/ca/ee/ca
+## Secure Admin Port = https://${pki_host}:9445/ca/services
+## PKI Console Port = pkiconsole https://${pki_host}:9445/ca
+## Tomcat Port = 9701 (for shutdown)
+##
+##
+## Security Domain URL:
+## ==================================================================
+## https://${pki_host}:9445
+## ==================================================================
+##
+
+## Configure an externally signed CA (step 2)
+# printf "'${pki_silent_script}': Step 2 in configuring external signed '${ca_instance_name}' . . .\n"
+# pkisilent ConfigureCA \
+# -cs_hostname "${pki_host}" \
+# -cs_port ${ca_admin_port} \
+# -client_certdb_dir ${pki_silent_security_database_repository} \
+# -client_certdb_pwd ${pki_silent_security_database_password} \
+# -preop_pin ${ca_preop_pin} \
+# -domain_name "${pki_security_domain_name}" \
+# -admin_user ${pki_silent_admin_user} \
+# -admin_password ${pki_silent_admin_password} \
+# -admin_email "${pki_silent_admin_email}" \
+# -agent_name ${ca_agent_name} \
+# -agent_key_size ${ca_agent_key_size} \
+# -agent_key_type ${ca_agent_key_type} \
+# -agent_cert_subject "${ca_agent_cert_subject}" \
+# -ldap_host ${pki_ldap_host} \
+# -ldap_port ${pki_ldap_port} \
+# -bind_dn "${pki_bind_dn}" \
+# -bind_password ${pki_bind_password} \
+# -base_dn "${ca_base_dn}" \
+# -db_name "${ca_db_name}" \
+# -key_size ${ca_key_size} \
+# -key_type ${ca_key_type} \
+# -key_algorithm ${ca_key_algorithm} \
+# -signing_algorithm ${ca_signing_algorithm} \
+# -signing_signingalgorithm ${ca_signing_signingalgorithm} \
+# -ocsp_signing_signingalgorithm ${ca_ocsp_signing_signingalgorithm} \
+# -save_p12 ${ca_save_p12} \
+# -subsystem_name ${ca_subsystem_name} \
+# -token_name ${ca_token_name} \
+# -token_pwd ${ca_token_password} \
+# -ca_sign_cert_subject_name "${ca_sign_cert_subject_name}" \
+# -ca_subsystem_cert_subject_name "${ca_subsystem_cert_subject_name}" \
+# -ca_ocsp_cert_subject_name "${ca_ocsp_cert_subject_name}" \
+# -ca_server_cert_subject_name "${ca_server_cert_subject_name}" \
+# -ca_audit_signing_cert_subject_name \
+# "${ca_audit_signing_cert_subject_name}" \
+# -external ${ca_external} \
+# -ext_ca_cert_file ${ca_ext_cert_file} \
+# -ext_ca_cert_chain_file ${ca_ext_cert_chain_file} \
+# | tee ${pki_silent_ca_log}
+
+## Restart CA
+#/sbin/service ${ca_init_script} restart ${ca_instance_name}
+
+##############################################################################
+## D A T A R E C O V E R Y M A N A G E R ##
+##############################################################################
+##
+## For example, upon completion,
+## execute '/sbin/service ${kra_init_script} status ${kra_instance_name}':
+##
+## ${kra_instance_name} (pid 11723) is running ...
+##
+## Unsecure Port = http://${pki_host}:10180/kra/ee/kra
+## Secure Agent Port = https://${pki_host}:10443/kra/agent/kra
+## Secure EE Port = https://${pki_host}:10444/kra/ee/kra
+## Secure Admin Port = https://${pki_host}:10445/kra/services
+## PKI Console Port = pkiconsole https://${pki_host}:10445/kra
+## Tomcat Port = 10701 (for shutdown)
+##
+
+## Configure DRM
+printf "'${pki_silent_script}': Configuring '${kra_instance_name}' . . .\n"
+pkisilent ConfigureDRM \
+ -cs_hostname "${pki_host}" \
+ -cs_port ${kra_admin_port} \
+ -sd_hostname "${pki_security_domain_host}" \
+ -sd_ssl_port ${ca_ee_port} \
+ -sd_agent_port ${ca_agent_port} \
+ -sd_admin_port ${ca_admin_port} \
+ -sd_admin_name "${pki_security_domain_admin_name}" \
+ -sd_admin_password ${pki_security_domain_admin_password} \
+ -ca_hostname ${pki_security_domain_host} \
+ -ca_port ${ca_nonssl_port} \
+ -ca_ssl_port ${ca_ee_port} \
+ -client_certdb_dir ${pki_silent_security_database_repository} \
+ -client_certdb_pwd ${pki_silent_security_database_password} \
+ -preop_pin ${kra_preop_pin} \
+ -domain_name "${pki_security_domain_name}" \
+ -admin_user ${pki_silent_admin_user} \
+ -admin_password ${pki_silent_admin_password} \
+ -admin_email "${pki_silent_admin_email}" \
+ -agent_name ${kra_agent_name} \
+ -ldap_host ${pki_ldap_host} \
+ -ldap_port ${pki_ldap_port} \
+ -bind_dn "${pki_bind_dn}" \
+ -bind_password ${pki_bind_password} \
+ -base_dn "${kra_base_dn}" \
+ -db_name "${kra_db_name}" \
+ -key_size ${kra_key_size} \
+ -key_type ${kra_key_type} \
+ -token_name ${kra_token_name} \
+ -token_pwd ${kra_token_password} \
+ -agent_key_size ${kra_agent_key_size} \
+ -agent_key_type ${kra_agent_key_type} \
+ -agent_cert_subject "${kra_agent_cert_subject}" \
+ -subsystem_name ${kra_subsystem_name} \
+ -backup_pwd ${kra_backup_password} \
+ -drm_transport_cert_subject_name "${kra_transport_cert_subject_name}" \
+ -drm_subsystem_cert_subject_name "${kra_subsystem_cert_subject_name}" \
+ -drm_storage_cert_subject_name "${kra_storage_cert_subject_name}" \
+ -drm_server_cert_subject_name "${kra_server_cert_subject_name}" \
+ -drm_audit_signing_cert_subject_name \
+ "${kra_audit_signing_cert_subject_name}" \
+ | tee ${pki_silent_kra_log}
+
+## Restart drm
+/sbin/service ${kra_init_script} restart ${kra_instance_name}
+
+
+##############################################################################
+## D A T A R E C O V E R Y M A N A G E R (clone) ##
+##############################################################################
+##
+## Use this to configure a DRM clone.
+##
+## For example, upon completion,
+## execute '/sbin/service ${kra_init_script} status ${kra_instance_name}':
+##
+## ${kra_instance_name} (pid 11723) is running ...
+##
+## Unsecure Port = http://${pki_host}:10180/kra/ee/kra
+## Secure Agent Port = https://${pki_host}:10443/kra/agent/kra
+## Secure EE Port = https://${pki_host}:10444/kra/ee/kra
+## Secure Admin Port = https://${pki_host}:10445/kra/services
+## PKI Console Port = pkiconsole https://${pki_host}:10445/kra
+## Tomcat Port = 10701 (for shutdown)
+##
+
+## Configure DRM
+# printf "'${pki_silent_script}': Configuring '${kra_instance_name}' . . .\n"
+# pkisilent ConfigureDRM \
+# -cs_hostname "${pki_host}" \
+# -cs_port ${kra_admin_port} \
+# -sd_hostname "${pki_security_domain_host}" \
+# -sd_ssl_port ${ca_ee_port} \
+# -sd_agent_port ${ca_agent_port} \
+# -sd_admin_port ${ca_admin_port} \
+# -sd_admin_name "${pki_security_domain_admin_name}" \
+# -sd_admin_password ${pki_security_domain_admin_password} \
+# -ca_hostname ${pki_security_domain_host} \
+# -ca_port ${ca_nonssl_port} \
+# -ca_ssl_port ${ca_ee_port} \
+# -client_certdb_dir ${pki_silent_security_database_repository} \
+# -client_certdb_pwd ${pki_silent_security_database_password} \
+# -preop_pin ${kra_preop_pin} \
+# -domain_name "${pki_security_domain_name}" \
+# -admin_user ${pki_silent_admin_user} \
+# -admin_password ${pki_silent_admin_password} \
+# -admin_email "${pki_silent_admin_email}" \
+# -agent_name ${kra_agent_name} \
+# -ldap_host ${pki_ldap_host} \
+# -ldap_port ${pki_ldap_port} \
+# -bind_dn "${pki_bind_dn}" \
+# -bind_password ${pki_bind_password} \
+# -base_dn "${kra_base_dn}" \
+# -db_name "${kra_db_name}" \
+# -key_size ${kra_key_size} \
+# -key_type ${kra_key_type} \
+# -token_name ${kra_token_name} \
+# -token_pwd ${kra_token_password} \
+# -agent_key_size ${kra_agent_key_size} \
+# -agent_key_type ${kra_agent_key_type} \
+# -agent_cert_subject "${kra_agent_cert_subject}" \
+# -subsystem_name ${kra_subsystem_name} \
+# -backup_pwd ${kra_backup_password} \
+# -drm_transport_cert_subject_name "${kra_transport_cert_subject_name}" \
+# -drm_subsystem_cert_subject_name "${kra_subsystem_cert_subject_name}" \
+# -drm_storage_cert_subject_name "${kra_storage_cert_subject_name}" \
+# -drm_server_cert_subject_name "${kra_server_cert_subject_name}" \
+# -drm_audit_signing_cert_subject_name \
+# "${kra_audit_signing_cert_subject_name}" \
+# -clone ${kra_clone} \
+# -clone_p12_file ${kra_clone_p12_file} \
+# -clone_p12_password ${kra_clone_p12_password} \
+# -clone_uri ${kra_uri} \
+# -clone_start_tls ${clone_start_tls} \
+# | tee ${pki_silent_kra_log}
+
+## Restart drm
+#/sbin/service ${kra_init_script} restart ${kra_instance_name}
+
+
+##############################################################################
+## O N L I N E S T A T U S C E R T I F I C A T E P R O T O C O L ##
+###############################################################################
+##
+## For example, upon completion,
+## execute '/sbin/service ${ocsp_init_script} status ${ocsp_instance_name}':
+##
+## ${ocsp_instance_name} (pid 13058) is running ...
+##
+## Unsecure Port = http://${pki_host}:11180/ocsp/ee/ocsp
+## Secure Agent Port = https://${pki_host}:11443/ocsp/agent/ocsp
+## Secure EE Port = https://${pki_host}:11444/ocsp/ee/ocsp
+## Secure Admin Port = https://${pki_host}:11445/ocsp/services
+## PKI Console Port = pkiconsole https://${pki_host}:11445/ocsp
+## Tomcat Port = 11701 (for shutdown)
+##
+
+## Configure OCSP
+printf "'${pki_silent_script}': Configuring '${ocsp_instance_name}' . . .\n"
+pkisilent ConfigureOCSP \
+ -cs_hostname "${pki_host}" \
+ -cs_port ${ocsp_admin_port} \
+ -sd_hostname "${pki_security_domain_host}" \
+ -sd_ssl_port ${ca_ee_port} \
+ -sd_agent_port ${ca_agent_port} \
+ -sd_admin_port ${ca_admin_port} \
+ -sd_admin_name "${pki_security_domain_admin_name}" \
+ -sd_admin_password ${pki_security_domain_admin_password} \
+ -ca_hostname ${pki_security_domain_host} \
+ -ca_port ${ca_nonssl_port} \
+ -ca_ssl_port ${ca_ee_port} \
+ -client_certdb_dir ${pki_silent_security_database_repository} \
+ -client_certdb_pwd ${pki_silent_security_database_password} \
+ -preop_pin ${ocsp_preop_pin} \
+ -domain_name "${pki_security_domain_name}" \
+ -admin_user ${pki_silent_admin_user} \
+ -admin_password ${pki_silent_admin_password} \
+ -admin_email "${pki_silent_admin_email}" \
+ -agent_name ${ocsp_agent_name} \
+ -ldap_host ${pki_ldap_host} \
+ -ldap_port ${pki_ldap_port} \
+ -bind_dn "${pki_bind_dn}" \
+ -bind_password ${pki_bind_password} \
+ -base_dn "${ocsp_base_dn}" \
+ -db_name "${ocsp_db_name}" \
+ -key_size ${ocsp_key_size} \
+ -key_type ${ocsp_key_type} \
+ -token_name ${ocsp_token_name} \
+ -token_pwd ${ocsp_token_password} \
+ -agent_key_size ${ocsp_agent_key_size} \
+ -agent_key_type ${ocsp_agent_key_type} \
+ -agent_cert_subject "${ocsp_agent_cert_subject}" \
+ -subsystem_name ${ocsp_subsystem_name} \
+ -backup_pwd ${ocsp_backup_password} \
+ -ocsp_sign_cert_subject_name "${ocsp_sign_cert_subject_name}" \
+ -ocsp_subsystem_cert_subject_name "${ocsp_subsystem_cert_subject_name}" \
+ -ocsp_server_cert_subject_name "${ocsp_server_cert_subject_name}" \
+ -ocsp_audit_signing_cert_subject_name \
+ "${ocsp_audit_signing_cert_subject_name}" \
+ | tee ${pki_silent_ocsp_log}
+
+## Restart OCSP
+/sbin/service ${ocsp_init_script} restart ${ocsp_instance_name}
+
+
+
+##############################################################################
+## T O K E N K E Y S E R V I C E ##
+##############################################################################
+##
+## For example, upon completion,
+## execute '/sbin/service ${tks_init_script} status ${tks_instance_name}':
+##
+## ${tks_instance_name} (pid 14129) is running ...
+##
+## Unsecure Port = http://${pki_host}:13180/tks/ee/tks
+## Secure Agent Port = https://${pki_host}:13443/tks/agent/tks
+## Secure EE Port = https://${pki_host}:13444/tks/ee/tks
+## Secure Admin Port = https://${pki_host}:13445/tks/services
+## PKI Console Port = pkiconsole https://${pki_host}:13445/tks
+## Tomcat Port = 13701 (for shutdown)
+##
+
+## Configure TKS
+printf "'${pki_silent_script}': Configuring '${tks_instance_name}' . . .\n"
+pkisilent ConfigureTKS \
+ -cs_hostname "${pki_host}" \
+ -cs_port ${tks_admin_port} \
+ -sd_hostname "${pki_security_domain_host}" \
+ -sd_ssl_port ${ca_ee_port} \
+ -sd_agent_port ${ca_agent_port} \
+ -sd_admin_port ${ca_admin_port} \
+ -sd_admin_name "${pki_security_domain_admin_name}" \
+ -sd_admin_password ${pki_security_domain_admin_password} \
+ -ca_hostname ${pki_security_domain_host} \
+ -ca_port ${ca_nonssl_port} \
+ -ca_ssl_port ${ca_ee_port} \
+ -client_certdb_dir ${pki_silent_security_database_repository} \
+ -client_certdb_pwd ${pki_silent_security_database_password} \
+ -preop_pin ${tks_preop_pin} \
+ -domain_name "${pki_security_domain_name}" \
+ -admin_user ${pki_silent_admin_user} \
+ -admin_password ${pki_silent_admin_password} \
+ -admin_email "${pki_silent_admin_email}" \
+ -agent_name ${tks_agent_name} \
+ -ldap_host ${pki_ldap_host} \
+ -ldap_port ${pki_ldap_port} \
+ -bind_dn "${pki_bind_dn}" \
+ -bind_password ${pki_bind_password} \
+ -base_dn "${tks_base_dn}" \
+ -db_name "${tks_db_name}" \
+ -key_size ${tks_key_size} \
+ -key_type ${tks_key_type} \
+ -token_name ${tks_token_name} \
+ -token_pwd ${tks_token_password} \
+ -agent_key_size ${tks_agent_key_size} \
+ -agent_key_type ${tks_agent_key_type} \
+ -agent_cert_subject "${tks_agent_cert_subject}" \
+ -subsystem_name ${tks_subsystem_name} \
+ -backup_pwd ${tks_backup_password} \
+ -tks_subsystem_cert_subject_name "${tks_subsystem_cert_subject_name}" \
+ -tks_server_cert_subject_name "${tks_server_cert_subject_name}" \
+ -tks_audit_signing_cert_subject_name \
+ "${tks_audit_signing_cert_subject_name}" \
+ | tee ${pki_silent_tks_log}
+
+## restart tks
+/sbin/service ${tks_init_script} restart ${tks_instance_name}
+
+
+
+##############################################################################
+## R E G I S T R A T I O N A U T H O R I T Y ##
+##############################################################################
+##
+## For example, upon completion,
+## execute '/sbin/service ${ra_init_script} status ${ra_instance_name}':
+##
+## ${ra_instance_name} (pid 15769) is running ...
+##
+## Unsecure Port = http://${pki_host}:12888
+## Secure Clientauth Port = https://${pki_host}:12889
+## Secure Non-Clientauth Port = https://${pki_host}:12890
+##
+
+## Configure RA
+printf "'${pki_silent_script}': Configuring '${ra_instance_name}' . . .\n"
+pkisilent ConfigureRA \
+ -cs_hostname "${pki_host}" \
+ -cs_port ${ra_nonclientauth_port} \
+ -cs_clientauth_port ${ra_clientauth_port} \
+ -sd_hostname "${pki_security_domain_host}" \
+ -sd_ssl_port ${ca_ee_port} \
+ -sd_agent_port ${ca_agent_port} \
+ -sd_admin_port ${ca_admin_port} \
+ -sd_admin_name "${pki_security_domain_admin_name}" \
+ -sd_admin_password ${pki_security_domain_admin_password} \
+ -ca_hostname ${ra_chosen_ca_hostname} \
+ -ca_port ${ra_chosen_ca_nonssl_port} \
+ -ca_ssl_port ${ra_chosen_ca_ssl_port} \
+ -ca_admin_port ${ra_chosen_ca_admin_port} \
+ -client_certdb_dir ${pki_silent_security_database_repository} \
+ -client_certdb_pwd ${pki_silent_security_database_password} \
+ -preop_pin ${ra_preop_pin} \
+ -domain_name "${pki_security_domain_name}" \
+ -admin_user ${pki_silent_admin_user} \
+ -admin_password ${pki_silent_admin_password} \
+ -admin_email "${pki_silent_admin_email}" \
+ -agent_name ${ra_agent_name} \
+ -key_size ${ra_key_size} \
+ -key_type ${ra_key_type} \
+ -token_name ${ra_token_name} \
+ -token_pwd ${ra_token_password} \
+ -agent_key_size ${ra_agent_key_size} \
+ -agent_key_type ${ra_agent_key_type} \
+ -agent_cert_subject "${ra_agent_cert_subject}" \
+ -subsystem_name ${ra_subsystem_name} \
+ -ra_server_cert_nickname "${ra_server_cert_nickname}" \
+ -ra_server_cert_subject_name "${ra_server_cert_subject_name}" \
+ -ra_subsystem_cert_nickname "${ra_subsystem_cert_nickname}" \
+ -ra_subsystem_cert_subject_name "${ra_subsystem_cert_subject_name}" \
+ | tee ${pki_silent_ra_log}
+
+## Restart RA
+/sbin/service ${ra_init_script} restart ${ra_instance_name}
+
+
+##############################################################################
+## T O K E N P R O C E S S I N G S Y S T E M ##
+##############################################################################
+##
+## For example, upon completion,
+## execute '/sbin/service ${tps_init_script} status ${tps_instance_name}':
+##
+##
+## ${tps_instance_name} (pid 16241) is running ...
+##
+## Unsecure Port = http://${pki_host}:7888/cgi-bin/so/enroll.cgi
+## (ESC Security Officer Enrollment)
+## Unsecure Port = http://${pki_host}:7888/cgi-bin/home/index.cgi
+## (ESC Phone Home)
+## Secure Clientauth Port = https://${pki_host}:7889/cgi-bin/sow/welcome.cgi
+## (ESC Security Officer Workstation)
+## Secure Clientauth Port = https://${pki_host}:7889/tus
+## (TPS Roles - Operator/Administrator/Agent)
+## Secure Non-Clientauth Port = https://${pki_host}:7890/cgi-bin/so/enroll.cgi
+## (ESC Security Officer Enrollment)
+## Secure Non-Clientauth Port = https://${pki_host}:7890/cgi-bin/home/index.cgi
+## (ESC Phone Home)
+##
+
+## Configure TPS
+printf "'${pki_silent_script}': Configuring '${tps_instance_name}' . . .\n"
+pkisilent ConfigureTPS \
+ -cs_hostname "${pki_host}" \
+ -cs_port ${tps_nonclientauth_port} \
+ -cs_clientauth_port ${tps_clientauth_port} \
+ -sd_hostname "${pki_security_domain_host}" \
+ -sd_ssl_port ${ca_ee_port} \
+ -sd_agent_port ${ca_agent_port} \
+ -sd_admin_port ${ca_admin_port} \
+ -sd_admin_name "${pki_security_domain_admin_name}" \
+ -sd_admin_password ${pki_security_domain_admin_password} \
+ -ca_hostname ${tps_chosen_ca_hostname} \
+ -ca_port ${tps_chosen_ca_nonssl_port} \
+ -ca_ssl_port ${tps_chosen_ca_ssl_port} \
+ -ca_admin_port ${tps_chosen_ca_admin_port} \
+ -drm_hostname ${tps_chosen_drm_hostname} \
+ -drm_ssl_port ${tps_chosen_drm_ssl_port} \
+ -ss_keygen ${tps_ss_keygen} \
+ -tks_hostname ${tps_chosen_tks_hostname} \
+ -tks_ssl_port ${tps_chosen_tks_ssl_port} \
+ -client_certdb_dir ${pki_silent_security_database_repository} \
+ -client_certdb_pwd ${pki_silent_security_database_password} \
+ -preop_pin ${tps_preop_pin} \
+ -domain_name "${pki_security_domain_name}" \
+ -admin_user ${pki_silent_admin_user} \
+ -admin_password ${pki_silent_admin_password} \
+ -admin_email "${pki_silent_admin_email}" \
+ -agent_name ${tps_agent_name} \
+ -ldap_host ${pki_ldap_host} \
+ -ldap_port ${pki_ldap_port} \
+ -bind_dn "${pki_bind_dn}" \
+ -bind_password ${pki_bind_password} \
+ -base_dn "${tps_base_dn}" \
+ -db_name "${tps_db_name}" \
+ -key_size ${tps_key_size} \
+ -key_type ${tps_key_type} \
+ -token_name ${tps_token_name} \
+ -token_pwd ${tps_token_password} \
+ -agent_key_size ${tps_agent_key_size} \
+ -agent_key_type ${tps_agent_key_type} \
+ -agent_cert_subject "${tps_agent_cert_subject}" \
+ -subsystem_name ${tps_subsystem_name} \
+ -ldap_auth_host ${tps_ldap_auth_host} \
+ -ldap_auth_port ${tps_ldap_auth_port} \
+ -ldap_auth_base_dn ${tps_ldap_auth_base_dn} \
+ -tps_server_cert_subject_name "${tps_server_cert_subject_name}" \
+ -tps_server_cert_nickname "${tps_server_cert_nickname}" \
+ -tps_subsystem_cert_subject_name "${tps_subsystem_cert_subject_name}" \
+ -tps_subsystem_cert_nickname "${tps_subsystem_cert_nickname}" \
+ -tps_audit_signing_cert_subject_name \
+ "${tps_audit_signing_cert_subject_name}" \
+ -tps_audit_signing_cert_nickname \
+ "${tps_audit_signing_cert_nickname}" \
+ | tee ${pki_silent_tps_log}
+
+## Restart TPS
+/sbin/service ${tps_init_script} restart ${tps_instance_name}
+
+exit 0
+
diff --git a/base/silent/templates/subca_silent.template b/base/silent/templates/subca_silent.template
new file mode 100755
index 000000000..1475996d1
--- /dev/null
+++ b/base/silent/templates/subca_silent.template
@@ -0,0 +1,513 @@
+#!/bin/bash
+## BEGIN COPYRIGHT BLOCK
+## (C) 2009 Red Hat, Inc.
+## All rights reserved.
+## END COPYRIGHT BLOCK
+
+
+## Always switch into this base directory
+## prior to script execution so that all
+## of its output is written to this directory
+
+cd `dirname $0`
+
+
+## Disallow script to be run as the name of this template
+subca_silent_script=`basename $0`
+if [ "${subca_silent_script}" = "subca_silent.template" ] ; then
+ printf "\n"
+ printf "Usage: (1) Install AND configure a directory server instance.\n\n"
+ printf " (2) Install AND configure a Root CA subsystem instance\n"
+ printf " that is its own security domain.\n\n"
+ printf " (3) Use 'pkicreate' to install a second CA subsystem\n"
+ printf " instance (this will become a Subordinate CA).\n"
+ printf " [Do NOT configure this CA subsystem instance!]\n\n"
+ printf " (4) Install the 'pki-silent' package.\n\n"
+ printf " (5) Copy '$0' to a new script name\n"
+ printf " without the '.template' extension.\n"
+ printf " (e .g. - 'configure_subca_instance')\n\n"
+ printf " (6) Fill in all MANDATORY user-defined variables\n"
+ printf " in the new script.\n\n"
+ printf " (7) Change any OPTIONAL user-defined variables\n"
+ printf " in the new script as desired.\n\n"
+ printf " (8) Become the 'root' user, and execute the new script to\n"
+ printf " configure a Subordinate CA subsystem instance.\n\n"
+ exit 255
+fi
+
+
+##
+## This script MUST be run as root!
+##
+
+ROOTUID=0
+
+OS=`uname`
+if [ "${OS}" = "Linux" ] ; then
+ MY_EUID=`/usr/bin/id -u`
+ MY_UID=`/usr/bin/id -ur`
+ USERNAME=`/usr/bin/id -un`
+else
+ printf "ERROR: Unsupported operating system '${OS}'!\n"
+ exit 255
+fi
+
+if [ "${MY_UID}" != "${ROOTUID}" ] &&
+ [ "${MY_EUID}" != "${ROOTUID}" ] ; then
+ printf "ERROR: The '$0' script must be run as root!\n"
+ exit 255
+fi
+
+
+
+##############################################################################
+##############################################################################
+## ##
+## P K I S I L E N T - V A R I A B L E D E C L A R A T I O N ##
+## ##
+##############################################################################
+##############################################################################
+
+##############################################################################
+## U S E R - D E F I N E D V A R I A B L E S ( M A N D A T O R Y ) ##
+##############################################################################
+
+##
+## IMPORTANT: 'Escape' ALL spaces in EACH variable specified below!
+##
+## For Example:
+##
+## pki_security_domain_name="My\ Security\ Domain"
+##
+
+## PKI Silent Security Database Variables
+## (e. g. - PKI Silent "browser" database)
+pki_silent_security_database_repository="/tmp"
+pki_silent_security_database_password=
+
+## PKI Security Domain Variables
+## (e. g. - Security Domain Login Panel)
+pki_security_domain_name=
+pki_security_domain_host=`hostname`
+pki_security_domain_admin_name=admin
+pki_security_domain_admin_password=
+
+## PKI Internal LDAP Database Variables
+## (e. g. - Database Panel)
+pki_ldap_host=localhost
+pki_ldap_port=389
+pki_bind_dn="cn=Directory\ Manager"
+pki_bind_password=
+
+## PKI Instance-Specific Token Variables
+## (e. g. - Module Panel)
+subca_token_name=internal
+subca_token_password=
+
+## PKI Instance-Specific Backup Variables
+## (e. g. - Backup Key and Certificates Panel)
+subca_backup_password=
+
+## PKI Email Variables
+##
+## For example, to specify 'pkitest@example.com':
+##
+## pki_email_name=pkitest
+## pki_email_company=example
+## pki_email_domain=com
+##
+pki_email_name=
+pki_email_company=
+pki_email_domain=
+
+## PKI Silent Admin Variables
+## (e. g. - Import Admin Certificate into PKI Silent "browser" database)
+pki_silent_admin_user=admin
+pki_silent_admin_password=
+pki_silent_admin_email="${pki_email_name}\@${pki_email_company}\.${pki_email_domain}"
+
+
+
+##############################################################################
+## P R E - D E F I N E D " D E F A U L T " V A R I A B L E S ##
+##############################################################################
+
+## PKI Subsystem Host (computed by default)
+pki_host=`hostname`
+
+## PKI Subsystem Names
+ca_subsystem_name="Certificate\ Authority"
+
+## PKI Subsystem Instance Names
+subca_instance_name="pki-subca"
+
+## PKI Subsystem Init Script Names
+subca_init_script="pki-cad"
+
+##
+## NOTE: Default PKI Instance Ports
+##
+## CA:
+##
+## *180 - non-secure port (not role specific)
+## *701 - non-secure Tomcat port
+## *443 - secure EE port
+## *444 - secure Agent port
+## *445 - secure Admin port
+##
+##
+## For Example:
+##
+## semanage port -l | grep pki
+##
+## pki_ca_port_t tcp 9180, 9701, 9443, 9444, 9445
+## pki_subca_port_t tcp 9580, 9801, 9543, 9544, 9545
+##
+
+## CA ports
+ca_nonssl_port=9180
+ca_agent_port=9443
+ca_ee_port=9444
+ca_admin_port=9445
+
+## Subordinate CA ports
+subca_nonssl_port=9580
+subca_agent_port=9543
+subca_ee_port=9544
+subca_admin_port=9545
+
+
+
+##############################################################################
+## U S E R - D E F I N E D V A R I A B L E S ( O P T I O N A L ) ##
+##############################################################################
+
+## PKI Silent Log Files
+pki_silent_subca_log=/tmp/subca.log
+
+
+##
+## NOTE: For comparison's sake, if the default instances were manually
+## configured using a Firefox browser, the content of the corresponding
+## Firefox browser's security libraries would be something similar
+## to this:
+##
+## Certificate Nickname Trust Attributes
+## SSL,S/MIME,JAR/XPI
+##
+## Certificate Authority 2 - ${pki_security_domain_name} ,,
+## CA Administrator of Instance ${subca_instance_name}'s
+## ${pki_security_domain_name} ID u,u,u
+## ${pki_host} P,,
+## Certificate Authority - ${pki_security_domain_name} CT,C,C
+##
+## where:
+##
+## Nickname: "Certificate Authority 2 - "
+## + "${pki_security_domain_name}"
+## Subject Name: "cn=Certificate Authority 2,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "CA Administrator of Instance "
+## + "${subca_instance_name}'s "
+## + "${pki_security_domain_name} ID"
+## Subject Name: "cn=CA Administrator of Instance "
+## + "${subca_instance_name},"
+## + "uid=admin,"
+## + "e=${pki_silent_admin_email},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "${pki_host}"
+## Subject Name: "cn=${pki_host},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Certificate Authority - "
+## + "${pki_security_domain_name}"
+## Subject Name: "cn=Certificate Authority,"
+## + "o=${pki_security_domain_name}"
+##
+
+
+## Miscellaneous CA Variables
+##
+## REMINDER: 'Escape' ALL spaces in EACH variable specified below!
+##
+## NOTE: For comparison's sake, if the default instances were manually
+## configured using a Firefox browser, the content of the corresponding
+## "/var/lib/${subca_instance_name}/alias/" security libraries would be
+## something similar to this:
+##
+## Certificate Nickname Trust Attributes
+## SSL,S/MIME,JAR/XPI
+##
+## caSigningCert cert-${subca_instance_name} CTu,Cu,Cu
+## Server-Cert cert-${subca_instance_name} u,u,u
+## Certificate Authority - ${pki_security_domain_name} CT,c,
+## ocspSigningCert cert-${subca_instance_name} u,u,u
+## auditSigningCert cert-${subca_instance_name} u,u,u
+## subsystemCert cert-${subca_instance_name} u,u,u
+##
+## where:
+##
+## Nickname: "caSigningCert cert-${subca_instance_name}"
+## Subject Name: "cn=Certificate Authority 2,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Server-Cert cert-${subca_instance_name}"
+## Subject Name: "cn=${pki_host},"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "Certificate Authority - "
+## + "${pki_security_domain_name}"
+## Subject Name: "cn=Certificate Authority,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "ocspSigningCert cert-${subca_instance_name}"
+## Subject Name: "cn=OCSP Signing Certificate 2,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "auditSigningCert cert-${subca_instance_name}"
+## Subject Name: "cn=CA Audit Signing Certificate 2,"
+## + "o=${pki_security_domain_name}"
+##
+## Nickname: "subsystemCert cert-${subca_instance_name}"
+## Subject Name: "cn=CA Subsystem Certificate 2,"
+## + "o=${pki_security_domain_name}"
+##
+## NOTE: The parameters for the signing algorithms have the following meaning:
+## subca_signing_algorithm - signature algorithm used by the CA and OCSP signing certs to sign objects.
+## subca_signing_signingalgorithm - optionally specify the algorithm used by the CA signing cert to sign objects
+## subca_ocsp_signing_signingalgorithm - optionally specify the algorithm used by the CA ocsp signing cert to sign objects
+##
+
+subca_agent_name="CA\ Administrator\ of\ Instance\ ${subca_instance_name}\'s\ ${pki_security_domain_name}\ ID"
+subca_agent_key_size=2048
+subca_agent_key_type=rsa
+subca_agent_cert_subject="cn=CA\ Administrator\ of\ Instance\ ${subca_instance_name},uid=admin,e=${pki_silent_admin_email},o=${pki_security_domain_name}"
+subca_base_dn="dc=${pki_host}-${subca_instance_name}"
+subca_db_name="${pki_host}-${subca_instance_name}"
+subca_key_size=2048
+subca_key_type=rsa
+subca_signing_algorithm=SHA256withRSA
+subca_signing_signingalgorithm=SHA256withRSA
+subca_ocsp_signing_signingalgorithm=SHA256withRSA
+subca_sign_cert_subject_name="cn=Certificate\ Authority\ 2,o=${pki_security_domain_name}"
+subca_subsystem_cert_subject_name="cn=CA\ Subsystem\ Certificate\ 2,o=${pki_security_domain_name}"
+subca_ocsp_cert_subject_name="cn=OCSP\ Signing\ Certificate\ 2,o=${pki_security_domain_name}"
+subca_server_cert_subject_name="cn=${pki_host},o=${pki_security_domain_name}"
+subca_audit_signing_cert_subject_name="cn=CA\ Audit\ Signing\ Certificate\ 2,o=${pki_security_domain_name}"
+
+
+
+##############################################################################
+##############################################################################
+## ##
+## P K I S I L E N T - S U B S Y S T E M C O N F I G U R A T I O N ##
+## ##
+##############################################################################
+##############################################################################
+
+##############################################################################
+## P K I S I L E N T I N I T I A L I Z A T I O N ##
+##############################################################################
+
+## (1) Make certain that user has defined all MANDATORY user-defined variables!
+usage_errors=0
+usage_error_preamble="ERROR: User MUST define a value for"
+
+if [ "${pki_silent_security_database_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_silent_security_database_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_security_domain_name}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_security_domain_name'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_security_domain_admin_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_security_domain_admin_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_bind_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_bind_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${subca_token_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'subca_token_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${subca_backup_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'subca_backup_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_email_name}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_email_name'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_email_company}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_email_company'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_email_domain}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_email_domain'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+if [ "${pki_silent_admin_password}" = "" ] ; then
+ printf "${usage_error_preamble} 'pki_silent_admin_password'!\n"
+ usage_errors=`expr ${usage_errors} + 1`
+fi
+
+
+## (2) Make certain that a PKI instance of the specified name EXISTS,
+## but has NOT been previously CONFIGURED!
+existence_errors=0
+existence_error_preamble="ERROR: No PKI Instance named"
+configuration_errors=0
+configuration_error_preamble="ERROR: A PKI Instance named"
+configuration_error_postamble="EXISTS,\n but has PREVIOUSLY been CONFIGURED!"
+
+if [ ! -f "/var/lib/${subca_instance_name}/conf/CS.cfg" ] ; then
+ printf "${existence_error_preamble} '${subca_instance_name}' EXISTS!\n"
+ existence_errors=`expr ${existence_errors} + 1`
+else
+ subca_configuration_check=`grep -c preop /var/lib/${subca_instance_name}/conf/CS.cfg`
+ if [ ${subca_configuration_check} -eq 0 ] ; then
+ printf "${configuration_error_preamble} '${subca_instance_name}' "
+ printf "${configuration_error_postamble}\n"
+ configuration_errors=`expr ${configuration_errors} + 1`
+ fi
+fi
+
+
+if [ ${usage_errors} -ne 0 ] ||
+ [ ${existence_errors} -ne 0 ] ||
+ [ ${configuration_errors} -ne 0 ] ; then
+ printf "\n"
+ printf "Please correct ALL errors listed above and re-run\n"
+ printf "the '$0' script!\n\n"
+ exit 255
+fi
+
+
+## (3) Make certain that 'pkisilent' exists and is executable on this system.
+if [ ! -x "/usr/bin/pkisilent" ] ; then
+ printf "\n"
+ printf "ERROR: Please install the 'pki-silent' package and re-run\n"
+ printf "the '$0' script!\n\n"
+ exit 255
+fi
+
+
+## (4) Check for old PKI Silent Security Databases, but DO NOT remove them!
+## Instead, inform the user and exit this script.
+if [ -f "${pki_silent_security_database_repository}/cert8.db" ] ||
+ [ -f "${pki_silent_security_database_repository}/key3.db" ] ||
+ [ -f "${pki_silent_security_database_repository}/secmod.db" ] ; then
+ printf "\n"
+ printf "WARNING: At least one of the security databases\n"
+ printf " (i. e. - 'cert8.db', 'key3.db', and/or 'secmod.db')\n"
+ printf " required by '${subca_silent_script}' exists at the\n"
+ printf " specified location '${pki_silent_security_database_repository}'.\n"
+ printf "\n"
+ printf " Please MANUALLY move or erase these security database(s),\n"
+ printf " or specify a different location before re-running this script.\n\n"
+ exit 255
+fi
+
+
+## (5) Remove ALL old PKI Silent log files
+printf "Removing old PKI Silent log files:\n"
+if [ -f ${pki_silent_subca_log} ] ; then
+ printf " Removing old '${pki_silent_subca_log}' . . . "
+ rm ${pki_silent_subca_log}
+ printf "done.\n"
+fi
+printf "Done.\n\n"
+
+
+
+##############################################################################
+## C A L C U L A T E P K I I N S T A N C E P I N S ##
+##############################################################################
+
+## PKI Subsystem Instance PINS
+subca_preop_pin=`cat /var/lib/${subca_instance_name}/conf/CS.cfg \
+ | grep preop.pin | grep -v grep | awk -F= '{print $2}'`
+
+
+
+##############################################################################
+## C E R T I F I C A T E A U T H O R I T Y ##
+##############################################################################
+##
+## For example, upon completion,
+## execute '/sbin/service ${subca_init_script} status ${subca_instance_name}':
+##
+## ${subca_instance_name} (pid 7843) is running ...
+##
+## Unsecure Port = http://${pki_host}:9180/ca/ee/ca
+## Secure Agent Port = https://${pki_host}:9443/ca/agent/ca
+## Secure EE Port = https://${pki_host}:9444/ca/ee/ca
+## Secure Admin Port = https://${pki_host}:9445/ca/services
+## PKI Console Port = pkiconsole https://${pki_host}:9445/ca
+## Tomcat Port = 9701 (for shutdown)
+##
+##
+## Security Domain URL:
+## ==================================================================
+## https://${pki_host}:9445
+## ==================================================================
+##
+
+## Configure Subordinate CA
+printf "'${subca_silent_script}': Configuring '${subca_instance_name}' . . .\n"
+pkisilent ConfigureSubCA \
+ -cs_hostname "${pki_host}" \
+ -cs_port ${subca_admin_port} \
+ -sd_hostname "${pki_security_domain_host}" \
+ -sd_ssl_port ${ca_ee_port} \
+ -sd_agent_port ${ca_agent_port} \
+ -sd_admin_port ${ca_admin_port} \
+ -sd_admin_name "${pki_security_domain_admin_name}" \
+ -sd_admin_password ${pki_security_domain_admin_password} \
+ -ca_hostname ${pki_security_domain_host} \
+ -ca_port ${ca_nonssl_port} \
+ -ca_ssl_port ${ca_ee_port} \
+ -client_certdb_dir ${pki_silent_security_database_repository} \
+ -client_certdb_pwd ${pki_silent_security_database_password} \
+ -preop_pin ${subca_preop_pin} \
+ -domain_name "${pki_security_domain_name}" \
+ -admin_user ${pki_silent_admin_user} \
+ -admin_email "${pki_silent_admin_email}" \
+ -admin_password ${pki_silent_admin_password} \
+ -agent_name ${subca_agent_name} \
+ -ldap_host ${pki_ldap_host} \
+ -ldap_port ${pki_ldap_port} \
+ -bind_dn "${pki_bind_dn}" \
+ -bind_password ${pki_bind_password} \
+ -base_dn "${subca_base_dn}" \
+ -db_name "${subca_db_name}" \
+ -key_size ${subca_key_size} \
+ -key_type ${subca_key_type} \
+ -signing_algorithm ${subca_signing_algorithm} \
+ -signing_signingalgorithm ${subca_signing_signingalgorithm} \
+ -ocsp_signing_signingalgorithm ${subca_ocsp_signing_signingalgorithm} \
+ -token_name ${subca_token_name} \
+ -token_pwd ${subca_token_password} \
+ -agent_key_size ${subca_agent_key_size} \
+ -agent_key_type ${subca_agent_key_type} \
+ -agent_cert_subject "${subca_agent_cert_subject}" \
+ -backup_pwd ${subca_backup_password} \
+ -subsystem_name "${ca_subsystem_name}" \
+ -subca_sign_cert_subject_name "${subca_sign_cert_subject_name}" \
+ -subca_subsystem_cert_subject_name "${subca_subsystem_cert_subject_name}" \
+ -subca_ocsp_cert_subject_name "${subca_ocsp_cert_subject_name}" \
+ -subca_server_cert_subject_name "${subca_server_cert_subject_name}" \
+ -subca_audit_signing_cert_subject_name \
+ "${subca_audit_signing_cert_subject_name}" \
+ | tee ${pki_silent_subca_log}
+
+## Restart Subordinate CA
+/sbin/service ${subca_init_script} restart ${subca_instance_name}
+
+exit 0
+