diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-24 02:27:47 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-26 11:43:54 -0500 |
commit | 621d9e5c413e561293d7484b93882d985b3fe15f (patch) | |
tree | 638f3d75761c121d9a8fb50b52a12a6686c5ac5c /base/tps/setup | |
parent | 40d3643b8d91886bf210aa27f711731c81a11e49 (diff) | |
download | pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip |
Removed unnecessary pki folder.
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
Diffstat (limited to 'base/tps/setup')
-rw-r--r-- | base/tps/setup/CMakeLists.txt | 8 | ||||
-rwxr-xr-x | base/tps/setup/create.pl | 973 | ||||
-rw-r--r-- | base/tps/setup/registry_instance | 116 |
3 files changed, 1097 insertions, 0 deletions
diff --git a/base/tps/setup/CMakeLists.txt b/base/tps/setup/CMakeLists.txt new file mode 100644 index 000000000..f5f069cdb --- /dev/null +++ b/base/tps/setup/CMakeLists.txt @@ -0,0 +1,8 @@ +set(VERSION ${APPLICATION_VERSION}) + +install( + FILES + registry_instance + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/setup +) diff --git a/base/tps/setup/create.pl b/base/tps/setup/create.pl new file mode 100755 index 000000000..e8da7d859 --- /dev/null +++ b/base/tps/setup/create.pl @@ -0,0 +1,973 @@ +############################################################## +# +# --- BEGIN COPYRIGHT BLOCK --- +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; +# version 2.1 of the License. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, +# Boston, MA 02110-1301 USA +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +# +# This script is to create a new instance of Token Processing +# Service within CS installation. +# +# To execute: +# perl create.pl +# +############################################################## + +use FindBin; + +############################################################## +# Advance Options +############################################################## + +my $hsm = ""; # hardware token label (i.e. 'nFast') +my $hsm_ca = ""; # hardware token label for CA certificate (i.e. 'nFast') +my $nickName = "Server-Cert"; # nickname + +############################################################## +# Private +############################################################## +my $hsmLabel; +my $serverRoot; +my $instanceID; +my $serverID; +my $serverName; +my $port; +my $securePort; +my $uid; +my $gid; +my $tmpDir; +my $tpsDir; +my $tusHost; +my $tusPort; +my $tusRoot; +my $tusSuffix; +my $tusAgentCert; +my $caHost; +my $caPort; +my $drmHost; +my $drmPort; +my $serverKeyGen; +my $tksHost; +my $tksPort; +my $ldapHost; +my $ldapPort; +my $ldapRoot; +my $pathSep; +my $objExt; +my $libPrefix; + +my $defaultUID = "root"; +my $defaultServerRoot = "$FindBin::Bin"; +$defaultServerRoot =~ s/\/bin\/cert\/tps\/setup//; +$defaultServerRoot =~ s/\/$//; +my $defaultServerID = "machine"; +my $defaultServerName = "machine.fedora.com"; +my $defaultInstanceID = "tps-machine"; +my $defaultSuffix = "dc=machine,dc=fedora,dc=com"; + +sub PromptUser +{ + print ("************************************************\n"); + print ("Token Processing Service (TPS) Setup\n"); + print ("************************************************\n"); + print ("This script will assist you in setting up TPS.\n"); + print ("Before running this script, you should already \n"); + print ("install a certificate authority (CA), a token key \n"); + print ("service (TKS), an authentication directory and a token \n"); + print ("database.\n"); + print ("\n"); + print ("CA is responsible for issuing certificates while TKS \n"); + print ("ensures a secure channel between the client and \n"); + print ("the backend. User requests are authenticated against \n"); + print ("the authentication directory which contains user \n"); + print ("information. The token database collects statistics \n"); + print ("on token activities.\n"); + print ("\n"); + print ("The authentication database and the token database are \n"); + print ("regular directory server instances that can be created \n"); + print ("via Console.\n"); + print ("\n"); + print ("If you need other advanced options such as hardware \n"); + print ("token support, you need to modify the advanced option \n"); + print ("section of this script manually.\n"); + print ("\n"); + print ("************************************************\n"); + print ("GENERAL SETUP SECTION \n"); + print ("\n"); + print ("This script is about to create your TPS instance in your \n"); + print ("existing CS installation.\n"); + print ("************************************************\n"); + print ("\n"); + +ASK_SERVER_ROOT: + print ("Enter the path to the server root [$defaultServerRoot]: "); + chomp ($serverRoot = <STDIN>); + if ($serverRoot eq "") { + $serverRoot = "$defaultServerRoot"; + } + if ($serverRoot =~ /\/$/) { + print ("Error: '$serverRoot' cannot end with '/'.\n"); + goto ASK_SERVER_ROOT; + } + if (!(-d $serverRoot)) { + print ("Error: '$serverRoot' directory does not exit.\n"); + goto ASK_SERVER_ROOT; + } + if (!(-f "$serverRoot/admin-serv/config/adm.conf")) { + print ("Error: '$serverRoot' directory does not contain $serverRoot/admin-serv/config/adm.conf.\n"); + goto ASK_SERVER_ROOT; + } + + # read some good parameters from adm.conf + open(F, "$serverRoot/admin-serv/config/adm.conf"); + while (<F>) { + if (/ldapHost:\s*(\S+)/) { + $defaultServerName = $1; + } + if (/ldapStart:\s*slapd-(\S+)\//) { + $defaultServerID = $1; + } + } + close(F); + + open(F, "$serverRoot/admin-serv/config/magnus.conf"); + while (<F>) { + if (/User (\S+)/) { + $defaultUID = $1; + } + } + close(F); + + $defaultSuffix = $defaultServerName; + $defaultSuffix =~ s/\./,dc=/g; + $defaultSuffix =~ s/^[^,]+,//; + +ASK_TPS_ROOT: + print ("Enter the path to the TPS release [$serverRoot/bin/cert/tps]: "); + chomp ($tpsDir = <STDIN>); + if ($tpsDir eq "") { + $tpsDir = "$serverRoot/bin/cert/tps"; + } + if (!(-d $tpsDir)) { + print ("Error: '$tpsDir' directory does not exit.\n"); + goto ASK_TPS_ROOT; + } + if (!(-d "$tpsDir/config")) { + print ("Error: '$tpsDir/config' directory does not exit.\n"); + goto ASK_TPS_ROOT; + } + + print ("Enter the hostname of this machine [$defaultServerID]: "); + chomp ($serverID = <STDIN>); + if ($serverID eq "") { + $serverID = "$defaultServerID"; + } + print ("Enter the fully-qualified hostname of this machine [$defaultServerName]: "); + chomp ($serverName = <STDIN>); + if ($serverName eq "") { + $serverName = "$defaultServerName"; + } + +ASK_INSTANCE_ID: + print ("Enter the instance ID of your new TPS instance [tps-$defaultServerID]: "); + chomp ($instanceID = <STDIN>); + if ($instanceID eq "") { + $instanceID = "tps-$defaultServerID"; + } + if (-d "$serverRoot/$instanceID") { + print ("Error: '$serverRoot/$instanceID' directory already exist.\n"); + goto ASK_INSTANCE_ID; + } + + # update nickName + $nickName = "$nickName $instanceID"; + + print ("\n"); + print ("************************************************\n"); + print ("SERVICE PORTS SECTION \n"); + print ("\n"); + print ("TPS listens on the following ports. Please make \n"); + print ("sure you specify unused ports.\n"); + print ("************************************************\n"); + print ("\n"); + + print ("Enter the UID that TPS should be running as [$defaultUID]: "); + chomp ($uid = <STDIN>); + if ($uid eq "") { + $uid = "$defaultUID"; + } + + my $defaultGID = $defaultUID; + print ("Enter the GID that TPS should be running as [$defaultGID]: "); + chomp ($gid = <STDIN>); + if ($gid eq "") { + $gid = "$defaultGID"; + } + +ASK_EE_PORT: + print ("Enter the end entity port number of your TPS [7888]: "); + chomp ($port = <STDIN>); + if ($port eq "") { + $port = "7888"; + } + if ($port eq "") { + goto ASK_EE_PORT; + } + +ASK_AGENT_PORT: + print ("Enter the agent port number of your TPS [7889]: "); + chomp ($securePort = <STDIN>); + if ($securePort eq "") { + $securePort = "7889"; + } + if ($securePort eq "") { + goto ASK_AGENT_PORT; + } + + print ("\n"); + print ("************************************************\n"); + print ("AUTHENTICATION (LDAP) DIRECTORY SECTION \n"); + print ("\n"); + print ("TPS verifies the user IDs and \n"); + print ("passwords against this LDAP database before executing \n"); + print ("requests from users.\n"); + print ("************************************************\n"); + print ("\n"); + +ASK_AUTH_HOST: + print ("Enter the hostname of the authentication directory [$defaultServerName]: "); + chomp ($ldapHost = <STDIN>); + if ($ldapHost eq "") { + $ldapHost = "$defaultServerName"; + } + if ($ldapHost eq "") { + goto ASK_AUTH_HOST; + } + +ASK_AUTH_PORT: + print ("Enter the port number of the authentication directory [389]: "); + chomp ($ldapPort = <STDIN>); + if ($ldapPort eq "") { + $ldapPort = "389"; + } + if ($ldapPort eq "") { + goto ASK_AUTH_PORT; + } + +ASK_AUTH_ROOT: + print ("Enter the root suffix of the authentication directory [$defaultSuffix]: "); + chomp ($ldapRoot = <STDIN>); + if ($ldapRoot eq "") { + $ldapRoot = "$defaultSuffix"; + } + if ($ldapRoot eq "") { + goto ASK_AUTH_ROOT; + } + + print ("\n"); + print ("************************************************\n"); + print ("CA CONNECTION SECTION \n"); + print ("\n"); + print ("TPS submits certificate requests \n"); + print ("to CA for signing.\n"); + print ("************************************************\n"); + print ("\n"); + +ASK_CA_HOST: + print ("Enter the hostname of the CA [$defaultServerName]: "); + chomp ($caHost = <STDIN>); + if ($caHost eq "") { + $caHost = "$defaultServerName"; + } + if ($caHost eq "") { + goto ASK_CA_HOST; + } + +ASK_CA_PORT: + print ("Enter the secure end entity port number of the CA [443]: "); + chomp ($caPort = <STDIN>); + if ($caPort eq "") { + $caPort = "443"; + } + if ($caPort eq "") { + goto ASK_CA_PORT; + } + + print ("\n"); + print ("************************************************\n"); + print ("TKS CONNECTION SECTION \n"); + print ("\n"); + print ("TPS obtains session keys from TKS \n"); + print ("for establishing secure channels.\n"); + print ("************************************************\n"); + print ("\n"); + +ASK_TKS_HOST: + print ("Enter the hostname of the TKS [$defaultServerName]: "); + chomp ($tksHost = <STDIN>); + if ($tksHost eq "") { + $tksHost = "$defaultServerName"; + } + if ($tksHost eq "") { + goto ASK_TKS_HOST; + } + +ASK_TKS_PORT: + print ("Enter the secure agent port number of the TKS [8100]: "); + chomp ($tksPort = <STDIN>); + if ($tksPort eq "") { + $tksPort = "8100"; + } + if ($tksPort eq "") { + goto ASK_TKS_PORT; + } + + print ("\n"); + print ("Do you want to perform server-side key generation optionally [yes]: \n"); + chomp ($continue = <STDIN>); + print ("\n"); + + if ($continue eq "") { + $continue = "yes"; + } + if ($continue eq "yes") { + $serverKeyGen = "true"; + + print ("************************************************\n"); + print ("DRM CONNECTION SECTION \n"); + print ("\n"); + print ("TPS submits archival and recovery requests \n"); + print ("to DRM.\n"); + print ("************************************************\n"); + print ("\n"); + +ASK_DRM_HOST: + print ("Enter the hostname of the DRM [$defaultServerName]: "); + chomp ($drmHost = <STDIN>); + if ($drmHost eq "") { + $drmHost = "$defaultServerName"; + } + if ($drmHost eq "") { + goto ASK_DRM_HOST; + } + +ASK_DRM_PORT: + print ("Enter the secure agent port number of the DRM [8100]: "); + chomp ($drmPort = <STDIN>); + if ($drmPort eq "") { + $drmPort = "8100"; + } + if ($drmPort eq "") { + goto ASK_DRM_PORT; + } + print ("\n"); + } else { + $serverKeyGen = "false"; + } + + print ("************************************************\n"); + print ("TOKEN DATABASE (LDAP) CONNECTION SECTION \n"); + print ("\n"); + print ("TPS sends statistics information to the database \n"); + print ("for auditing purposes.\n"); + print ("************************************************\n"); + print ("\n"); + +ASK_TUS_HOST: + print ("Enter the hostname of the token database [$defaultServerName]: "); + chomp ($tusHost = <STDIN>); + if ($tusHost eq "") { + $tusHost = "$defaultServerName"; + } + if ($tusHost eq "") { + goto ASK_TUS_HOST; + } + +ASK_TUS_PORT: + print ("Enter the port number of the token database [3890]: "); + chomp ($tusPort = <STDIN>); + if ($tusPort eq "") { + $tusPort = "3890"; + } + if ($tusPort eq "") { + goto ASK_TUS_PORT; + } + +ASK_TUS_ROOT: + print ("Enter the root suffix of the token database [$defaultSuffix]: "); + chomp ($tusRoot = <STDIN>); + if ($tusRoot eq "") { + $tusRoot = "$defaultSuffix"; + } + if ($tusRoot eq "") { + goto ASK_TUS_ROOT; + } + +ASK_TUS_PWD: + print ("Enter the password of the directory manager: "); + if (!&IsWindows()) { + system("stty -echo"); + } + chomp ($tusPass = <STDIN>); + if (!&IsWindows()) { + system("stty echo"); + } + if ($tusPass eq "") { + goto ASK_TUS_PWD; + } + + if (&IsWindows()) { + $tmpDir = "c:\\temp"; + } else { + $tmpDir = "/tmp"; + } + print ("\n"); +} + +sub ToContinue +{ + do { + print ("Please enter 'proceed' to continue.\n"); + chomp ($continue = <STDIN>); + } while ($continue ne "proceed"); +} + +sub CreateSecurityDatabase +{ + print ("This program is about to create the NSS certificate DB.\n"); + &ToContinue(); + print ("\n"); + + &CertUtil_CreateDatabase($serverRoot, "$instanceID-$serverID-"); + print ("\n"); + + print ("This program is about to generate the certificate request.\n"); + &ToContinue(); + print ("\n"); + +ASK_SERVER_CERT: + &CertUtil_GenerateCSR($serverRoot, "$instanceID-$serverID-", + $hsm, "CN=" . $serverName); + print ("\n"); + + print ("Please submit the certificate request to the CA's Manual TPS Server Certificate Enrollment profile for signing.\n"); + print ("Note that correct OIDs (i.e. 1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2 and 1.3.6.1.5.5.7.3.4) must be populated in the\n"); + print ("extended key usage extension of the certificate.\n"); + print ("In addition, this certificate must be added to \n"); + print ("CA and TKS as trusted agent.\n"); + print ("\n"); + print ("This program is about to import the TPS system certificate.\n"); + print ("Please paste in your certificate (including header and footer).\n"); + print ("\n"); + my $serverCert = &PromptCertificate(); + &CertUtil_ImportServerCert($serverRoot, "$instanceID-$serverID-", + $hsm, $nickName, $serverCert); + print ("\n"); + + &CertUtil_Print($serverRoot, "$instanceID-$serverID-", $hsm, $nickName); + print ("\n"); + print ("Is the server certificate correct [yes]: \n"); + chomp ($continue = <STDIN>); + print ("\n"); + if ($continue eq "") { + $continue = "yes"; + } + if ($continue eq "no") { + goto ASK_SERVER_CERT; + } + + $i = 0; + print ("This program is about to import one or more CA certificates.\n"); + while (1) { +ASK_AGAIN: + print ("Do you have CA certificate to import [yes]: \n"); + chomp ($continue = <STDIN>); + print ("\n"); + if ($continue eq "") { + $continue = "yes"; + } + if ($continue eq "no") { + goto DONE; + } + print ("Please paste in your CA certificate (including header and footer).\n"); + print ("\n"); + my $caCert = &PromptCertificate(); + &CertUtil_ImportCACert($serverRoot, "$instanceID-$serverID-", + $hsm_ca, "caCert$i $instanceID", "$caCert"); + print ("\n"); + + &CertUtil_Print($serverRoot, "$instanceID-$serverID-", $hsm_ca, "caCert$i $instanceID"); + print ("\n"); + print ("Is the CA certificate correct [yes]: \n"); + chomp ($continue = <STDIN>); + print ("\n"); + if ($continue eq "") { + $continue = "yes"; + } + if ($continue eq "no") { + &CertUtil_Delete($serverRoot, "$instanceID-$serverID-", $hsm, "caCert$i $instanceID"); + goto ASK_AGAIN; + } + $i++; + } + +DONE: + + print ("The following shows all imported certificates.\n"); + &CertUtil_List($serverRoot, "$instanceID-$serverID-", $hsm); + print ("\n"); + &ToContinue(); +} + +sub PromptCertificate +{ + my $startCert = 0; + my $cert; + while (1) { + chomp ($continue = <STDIN>); + if ($continue eq "-----END CERTIFICATE-----") { + $cert .= $continue . "\n"; + goto DONE; + } + if ($startCert == 1) { + $cert .= $continue . "\n"; + } + if ($continue eq "-----BEGIN CERTIFICATE-----") { + $startCert = 1; + $cert .= $continue . "\n"; + } + } +DONE: + return $cert; +} + +sub Main +{ + if (&IsWindows()) { + $pathSep = ";"; + $objExt = ".dll"; + $libPrefix = ""; + } else { + $pathSep = ":"; + $objExt = ".so"; + $libPrefix = "lib"; + } + + if ($hsm eq "") { + $hsmLabel = ""; + } else { + $hsmLabel = $hsm . ":"; + } + + &PromptUser(); + + print ("************************************************\n"); + print ("TPS INSTANCE CREATION \n"); + print ("************************************************\n"); + print ("This program is about to create the TPS instance.\n"); + print ("If there is any error, please ctrl-C to exit and "); + print ("restart the process.\n"); + print ("\n"); + &ToContinue(); + print ("\n"); + + &CreateInstanceDir(); + &CopyTemplates(); + &PopulateTPSTemplates(); + print ("\n"); + + print ("************************************************\n"); + print ("SECURITY DATABASE CREATION (OPTIONAL) \n"); + print ("\n"); + print ("Keys and certificates will be stored in the security\n"); + print ("databases.\n"); + print ("************************************************\n"); + + print ("This program is about to create the security databases.\n"); + +ASK_AGAIN: + print ("Do you want to create the security databases automatically [yes]: \n"); + chomp ($continue = <STDIN>); + print ("\n"); + + if ($continue eq "") { + $continue = "yes"; + } + if ($continue eq "no") { + print ("Please place your own security databases "); + print ("in $serverRoot/alias/$instanceID-$serverID-*.db\n"); + print ("\n"); + } elsif ($continue eq "yes") { + &CreateSecurityDatabase(); + } else { + goto ASK_AGAIN; + } + + print ("************************************************\n"); + print ("TOKEN DATABASE POPULATION (OPTIONAL) \n"); + print ("\n"); + print ("Token database's Schema and default structure will be setup.\n"); + print ("Your first authorized agent certificate will be \n"); + print ("imported into the database. TPS agent port can \n"); + print ("be accessed by browser that contain the authorized \n"); + print ("agent certificate.\n"); + print ("************************************************\n"); + print ("This program is about to populate the token database.\n"); + +ASK_AGAIN2: + print ("Do you want to populate the token database automatically [yes]: \n"); + chomp ($continue = <STDIN>); + print ("\n"); + if ($continue eq "") { + $continue = "yes"; + } + if ($continue eq "no") { + print ("Please populate the token database manually.\n"); + } elsif ($continue eq "yes") { + &PopulateTUS(); + } else { + goto ASK_AGAIN2; + } + + print ("\n"); + print ("************************************************\n"); + print ("SETUP IS DONE \n"); + print ("************************************************\n"); + print ("You should manually start your TPS by \n"); + print ("running the start script in the TPS instance.\n"); + print ("\n"); + print (" $serverRoot/$instanceID/start\n"); + print ("\n"); + print ("You can use your ESC client to access TPS's \n"); + print ("end entity port.\n"); + print ("\n"); + print (" http://$serverName:$port/nk_service\n"); + print ("\n"); + print ("You can use your browser to access TPS's \n"); + print ("agent port for agent/administrator operations.\n"); + print ("\n"); + print (" https://$serverName:$securePort/tus\n"); + print ("\n"); + print ("\n"); +} + +sub CopyTemplate +{ + my ($from, $to) = @_; + + print "Copying $from to $to ...\n"; + open(IN, "<$from"); + open(OUT, ">$to"); + while (<IN>) { + s/\[SERVER_ROOT\]/$serverRoot/g; + s/\[INSTANCE_ID\]/$instanceID/g; + s/\[SERVER_NAME\]/$serverName/g; + s/\[PORT\]/$port/g; + s/\[SECURE_PORT\]/$securePort/g; + s/\[NICKNAME\]/$nickName/g; + s/\[USERID\]/$uid/g; + s/\[GROUPID\]/$gid/g; + s/\[TMP_DIR\]/$tmpDir/g; + s/\[TPS_DIR\]/$tpsDir/g; + s/\[LIB_PREFIX\]/$libPrefix/g; + s/\[OBJ_EXT\]/$objExt/g; + s/\[HSM_LABEL\]/$hsmLabel/g; + s/\[TUS_AGENT_CERT\]/$tusAgentCert/g; + s/\[TUS_HOST\]/$tusHost/g; + s/\[TUS_PORT\]/$tusPort/g; + s/\[TUS_ROOT\]/$tusRoot/g; + s/\[TUS_PASS\]/$tusPass/g; + s/\[CA_HOST\]/$caHost/g; + s/\[CA_PORT\]/$caPort/g; + s/\[DRM_HOST\]/$drmHost/g; + s/\[DRM_PORT\]/$drmPort/g; + s/\[SERVER_KEYGEN\]/$serverKeyGen/g; + s/\[TKS_HOST\]/$tksHost/g; + s/\[TKS_PORT\]/$tksPort/g; + s/\[LDAP_HOST\]/$ldapHost/g; + s/\[LDAP_PORT\]/$ldapPort/g; + s/\[LDAP_ROOT\]/$ldapRoot/g; + s/\[PROCESS_ID\]/$$/g; + print OUT $_; + } + close(OUT); + close(IN); +} + +sub IsWindows +{ + if ($^O eq "MSWin32") { + return 1; + } else { + return 0; + } +} + +sub CopyFiles +{ + my ($from, $to) = @_; + + print("Copying files from $from to $to ...\n"); + if (&IsWindows()) { + system("xcopy /E /I /Q $from $to"); + } else { + system("cp -R $from $to"); + } +} + +sub PopulateTPSTemplates +{ + &CopyTemplate("$tpsDir/config/CS.cfg", + "$serverRoot/$instanceID/config/CS.cfg"); + chmod(00660, "$serverRoot/$instanceID/config/CS.cfg"); + + print "Creating $serverRoot/cgi-bin ...\n"; + mkdir ("$serverRoot/cgi-bin", 0755); + + &CopyFiles("$tpsDir/forms/esc", "$serverRoot/cgi-bin"); + &CopyFiles("$tpsDir/forms/tus", "$serverRoot/cgi-bin"); +} + +sub PopulateTUS +{ + print ("Please paste in your TPS Agent certificate (including header and footer).\n"); + print ("\n"); + my $cert = &PromptCertificate(); + $cert =~ s/-----BEGIN CERTIFICATE-----\s*//g; + $cert =~ s/-----END CERTIFICATE-----\s*//g; + $cert =~ s/\s*//g; + + $tusAgentCert = $cert; + + print ("\n"); + &ToContinue(); + print ("\n"); + + open(F1, "$tpsDir/scripts/addVLVIndexes.ldif"); + open(F2, ">$serverRoot/$instanceID/config/addVLVIndexes.ldif"); + while (<F1>) { + s/{rootSuffix}/$tusRoot/; + print F2 $_; + } + + close(F1); + close(F2); + &LDAPAdd("$serverRoot/$instanceID/config/addVLVIndexes.ldif"); + + &CopyTemplate("$tpsDir/scripts/schemaMods.ldif", + "$serverRoot/$instanceID/config/schemaMods.ldif"); + &CopyTemplate("$tpsDir/scripts/addTokens.ldif", + "$serverRoot/$instanceID/config/addTokens.ldif"); + &CopyTemplate("$tpsDir/scripts/addIndexes.ldif", + "$serverRoot/$instanceID/config/addIndexes.ldif"); + &CopyTemplate("$tpsDir/scripts/addAgents.ldif", + "$serverRoot/$instanceID/config/addAgents.ldif"); + + &LDAPModify("$serverRoot/$instanceID/config/schemaMods.ldif"); + &LDAPAdd("$serverRoot/$instanceID/config/addIndexes.ldif"); + &LDAPAdd("$serverRoot/$instanceID/config/addTokens.ldif"); + &LDAPAdd("$serverRoot/$instanceID/config/addAgents.ldif"); +} + +sub CopyTemplates +{ + &CopyTemplate("./templates/start", "$serverRoot/$instanceID/start"); + chmod(0755, "$serverRoot/$instanceID/start"); + &CopyTemplate("./templates/stop", "$serverRoot/$instanceID/stop"); + chmod(0755, "$serverRoot/$instanceID/stop"); + &CopyTemplate("./templates/config/contexts.properties", + "$serverRoot/$instanceID/config/contexts.properties"); + &CopyTemplate("./templates/config/jvm12.conf", + "$serverRoot/$instanceID/config/jvm12.conf"); + &CopyTemplate("./templates/config/magnus.conf", + "$serverRoot/$instanceID/config/magnus.conf"); + &CopyTemplate("./templates/config/magnus.conf.clfilter", + "$serverRoot/$instanceID/config/magnus.conf.clfilter"); + &CopyTemplate("./templates/config/mime.types", + "$serverRoot/$instanceID/config/mime.types"); + &CopyTemplate("./templates/config/obj.conf", + "$serverRoot/$instanceID/config/obj.conf"); + &CopyTemplate("./templates/config/obj.conf.clfilter", + "$serverRoot/$instanceID/config/obj.conf.clfilter"); + &CopyTemplate("./templates/config/rules.properties", + "$serverRoot/$instanceID/config/rules.properties"); + &CopyTemplate("./templates/config/server.dtd", + "$serverRoot/$instanceID/config/server.dtd"); + &CopyTemplate("./templates/config/server.xml", + "$serverRoot/$instanceID/config/server.xml"); + &CopyTemplate("./templates/config/server.xml.clfilter", + "$serverRoot/$instanceID/config/server.xml.clfilter"); + &CopyTemplate("./templates/config/servlets.properties", + "$serverRoot/$instanceID/config/servlets.properties"); + &CopyTemplate("./templates/config/web-apps.xml", + "$serverRoot/$instanceID/config/web-apps.xml"); + &CopyTemplate("./templates/config/web-apps.xml.clfilter", + "$serverRoot/$instanceID/config/web-apps.xml.clfilter"); +} + +sub CreateInstanceDir +{ + print "Creating $serverRoot/$instanceID ...\n"; + mkdir ("$serverRoot/$instanceID", 0755); + + print "Creating $serverRoot/$instanceID/config ...\n"; + mkdir ("$serverRoot/$instanceID/config", 0755); + + print "Creating $serverRoot/$instanceID/logs ...\n"; + mkdir ("$serverRoot/$instanceID/logs", 0755); +} + +sub getPath +{ + if (&IsWindows()) { + return $ENV{PATH}; + } else { + return $ENV{LD_LIBRARY_PATH}; + } +} + +sub setPath +{ + my ($path) = @_; + + if (&IsWindows()) { + $ENV{PATH} = $path; + } else { + $ENV{LD_LIBRARY_PATH} = $path; + } +} + +sub CertUtil_CreateDatabase +{ + my ($serverRoot, $prefix) = @_; + + $OrgPath = &getPath(); + &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath); + + system("$serverRoot/bin/cert/tools/certutil -N -d $serverRoot/alias -P $prefix"); + + &setPath($OrgPath); +} + +sub CertUtil_GenerateCSR +{ + my ($serverRoot, $prefix, $token, $subject) = @_; + + $OrgPath = &getPath(); + &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath); + + system("$serverRoot/bin/cert/tools/certutil -R -d $serverRoot/alias -P $prefix -h '$token' -s '$subject' -a"); + + &setPath($OrgPath); +} + +sub CertUtil_List +{ + my ($serverRoot, $prefix, $token) = @_; + + $OrgPath = &getPath(); + &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath); + + system("$serverRoot/bin/cert/tools/certutil -L -d $serverRoot/alias -P $prefix -h '$token'"); + + &setPath($OrgPath); +} + +sub CertUtil_Print +{ + my ($serverRoot, $prefix, $token, $nickName) = @_; + + $OrgPath = &getPath(); + &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath); + + if ($token ne "") { + #57616 - certutil is not being consistent, nickname + # requires token name for no reason. + system("$serverRoot/bin/cert/tools/certutil -L -d $serverRoot/alias -P $prefix -h '$token' -n '$token:$nickName'"); + } else { + system("$serverRoot/bin/cert/tools/certutil -L -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName'"); + } + + &setPath($OrgPath); +} + +sub CertUtil_Delete +{ + my ($serverRoot, $prefix, $token, $nickName) = @_; + + $OrgPath = &getPath(); + &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath); + + system("$serverRoot/bin/cert/tools/certutil -D -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName'"); + + &setPath($OrgPath); +} + +sub CertUtil_ImportServerCert +{ + my ($serverRoot, $prefix, $token, $nickName, $cert) = @_; + + $OrgPath = &getPath(); + &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath); + + open(F, "|$serverRoot/bin/cert/tools/certutil -A -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName' -t 'u,u,u' -a"); + print F $cert; + close(F); + + &setPath($OrgPath); +} + +sub CertUtil_ImportCACert +{ + my ($serverRoot, $prefix, $token, $nickName, $cert) = @_; + + $OrgPath = &getPath(); + &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath); + + open(F, "|$serverRoot/bin/cert/tools/certutil -A -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName' -t 'CT,CT,CT' -a"); + print F $cert; + close(F); + + &setPath($OrgPath); +} + +sub LDAPModify +{ + my ($file) = @_; + + $OrgPath = &getPath(); + &setPath($serverRoot . "/shared/lib" . $pathSep . $OrgPath); + + system("$serverRoot/shared/bin/ldapmodify -x -h '$tusHost' -p '$tusPort' -D 'cn=directory manager' -w '$tusPass' -f '$file'"); + + &setPath($OrgPath); +} + +sub LDAPAdd +{ + my ($file) = @_; + + $OrgPath = &getPath(); + &setPath($serverRoot . "/shared/lib" . $pathSep . $OrgPath); + + system("$serverRoot/shared/bin/ldapmodify -x -h '$tusHost' -p '$tusPort' -D 'cn=directory manager' -w '$tusPass' -a -f '$file'"); + + &setPath($OrgPath); +} + +&Main(); diff --git a/base/tps/setup/registry_instance b/base/tps/setup/registry_instance new file mode 100644 index 000000000..cb1c4b344 --- /dev/null +++ b/base/tps/setup/registry_instance @@ -0,0 +1,116 @@ +# Establish PKI Variable "Slot" Substitutions + +PKI_FLAVOR=[PKI_FLAVOR] +export PKI_FLAVOR + +PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE] +export PKI_SUBSYSTEM_TYPE + +PKI_USER=[PKI_USER] +export PKI_USER + +PKI_GROUP=[PKI_GROUP] +export PKI_GROUP + +PKI_INSTANCE_ID=[PKI_INSTANCE_ID] +export PKI_INSTANCE_ID + +PKI_INSTANCE_INITSCRIPT=[PKI_INSTANCE_INITSCRIPT] +export PKI_INSTANCE_INITSCRIPT + +PKI_HTTPD_CONF=[HTTPD_CONF] +export PKI_HTTPD_CONF + +PKI_SERVER_ROOT=[SERVER_ROOT] +export PKI_SERVER_ROOT + +PKI_SYSTEM_USER_LIBRARIES=[SYSTEM_USER_LIBRARIES] +export PKI_SYSTEM_USER_LIBRARIES + +PKI_FORTITUDE_DIR=[FORTITUDE_DIR] +export PKI_FORTITUDE_DIR + +PKI_NSS_CONF=[NSS_CONF] +export PKI_NSS_CONF + +PKI_SERVER_NAME=[SERVER_NAME] +export PKI_SERVER_NAME + +PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_ID}.pid" +export PKI_LOCK_FILE + +PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_ID}.pid" +export PKI_PID_FILE + +PKI_SELINUX_TYPE="pki_tps_t" +export PKI_SELINUX_TYPE + +pki_instance_configuration_file=${PKI_SERVER_ROOT}/conf/CS.cfg +export pki_instance_configuration_file + +RESTART_SERVER=${PKI_SERVER_ROOT}/conf/restart_server_after_configuration +export RESTART_SERVER + +######################################################################## +# This section contains modified content of "/etc/sysconfig/httpd" # +######################################################################## +# Configuration file for the ${PKI_INSTANCE_ID} service. + +# +# The default processing model (MPM) is the process-based +# 'prefork' model. A thread-based model, 'worker', is also +# available, but does not work with some modules (such as PHP). +# The service must be stopped before changing this variable. +# +PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker +export PKI_HTTPD + +# +# To pass additional options (for instance, -D definitions) to the +# httpd binary at startup, set PKI_OPTIONS here. +# +PKI_OPTIONS="-f ${PKI_HTTPD_CONF}" +export PKI_OPTIONS + +# +# By default, the httpd process is started in the C locale; to +# change the locale in which the server runs, the PKI_HTTPD_LANG +# variable can be set. +# +PKI_HTTPD_LANG=C +export PKI_HTTPD_LANG +######################################################################## +# # +######################################################################## + +# This will prevent initlog from swallowing up a pass-phrase prompt if +# mod_ssl needs a pass-phrase from the user. +PKI_INITLOG_ARGS="" +export PKI_INITLOG_ARGS + +# Set PKI_HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server +# with the thread-based "worker" MPM; BE WARNED that some modules may not +# work correctly with a thread-based MPM; notably PHP will refuse to start. + +# Path to the server binary and short-form for messages. +httpd=${PKI_HTTPD} +export httpd + +pki_logs_directory=${PKI_SERVER_ROOT}/logs +export pki_logs_directory + +# see if httpd is linked with the openldap libraries - we need to override +# their use of OpenSSL +if [ ${OS} = "Linux" ]; then + hasopenldap=0 + + /usr/bin/ldd ${httpd} 2>&1 | grep libldap- > /dev/null 2>&1 && hasopenldap=1 + + if [ ${hasopenldap} -eq 1 ] ; then + LD_PRELOAD="${PKI_SYSTEM_USER_LIBRARIES}/libssl3.so:${LD_PRELOAD}" + export LD_PRELOAD + fi +elif [ ${OS} = "SunOS" ]; then + LD_PRELOAD_64="${PKI_SYSTEM_USER_LIBRARIES}/dirsec/libssl3.so:${LD_PRELOAD_64}" + export LD_PRELOAD_64 +fi |