diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-10-04 01:17:41 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-10-04 01:17:41 +0000 |
commit | a4682ceae6774956461edd03b2485bbacea445f4 (patch) | |
tree | 94c475a125441da63101738220ce3972cf37db61 /pki/base/migrate/80/MigrateSecurityDomain.java | |
parent | 0c775428675d2cb1be9551f84e6b741ca813f77e (diff) | |
download | pki-IPA_v2_RHEL_6_2_20111003.tar.gz pki-IPA_v2_RHEL_6_2_20111003.tar.xz pki-IPA_v2_RHEL_6_2_20111003.zip |
Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1IPA_v2_RHEL_6_2_20111003
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/migrate/80/MigrateSecurityDomain.java')
-rw-r--r-- | pki/base/migrate/80/MigrateSecurityDomain.java | 222 |
1 files changed, 222 insertions, 0 deletions
diff --git a/pki/base/migrate/80/MigrateSecurityDomain.java b/pki/base/migrate/80/MigrateSecurityDomain.java new file mode 100644 index 000000000..33bbb72b1 --- /dev/null +++ b/pki/base/migrate/80/MigrateSecurityDomain.java @@ -0,0 +1,222 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2008 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import com.netscape.cmsutil.xml.*; +import com.netscape.cmscore.base.*; +import com.netscape.cmscore.ldapconn.*; +import com.netscape.cmsutil.ldap.*; +import netscape.ldap.*; +import java.io.*; +import java.util.*; +import org.w3c.dom.*; + +public class MigrateSecurityDomain { + + private static LDAPConnection getLDAPConn(FileConfigStore cs, String passwd) + throws IOException + { + + String host = ""; + String port = ""; + String binddn = ""; + String security = ""; + + try { + host = cs.getString("internaldb.ldapconn.host"); + port = cs.getString("internaldb.ldapconn.port"); + binddn = cs.getString("internaldb.ldapauth.bindDN"); + security = cs.getString("internaldb.ldapconn.secureConn"); + } catch (Exception e) { + System.out.println("MigrateSecurityDomain: getLDAPConnection" + e.toString()); + throw new IOException( + "Failed to retrieve LDAP information from CS.cfg."); + } + + int p = -1; + + try { + p = Integer.parseInt(port); + } catch (Exception e) { + System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString()); + throw new IOException("Port is not valid"); + } + + LDAPConnection conn = null; + if (security.equals("true")) { + System.out.println("MigrateSecurityDomain getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(new LdapJssSSLSocketFactory()); + } else { + System.out.println("MigrateSecurityDomain getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } + + System.out.println("MigrateSecurityDomain connecting to " + host + ":" + p); + try { + conn.connect(host, p, binddn, passwd); + } catch (LDAPException e) { + System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString()); + throw new IOException("Failed to connect to the internal database."); + } + + return conn; + } + + + public static void main(String args[]) throws Exception + { + if (args.length != 2) { + System.out.println("Usage: MigrateSecurityDomain <instance root path> <directory manager password>"); + System.exit(0); + } + + String instRoot = args[0]; + String dmPass = args[1]; + + XMLObject parser = null; + // get the security domain data from the domain.xml file + try { + String path = instRoot + "/conf/domain.xml"; + System.out.println("MigrateSecurityDomain: Reading domain.xml from file ..."); + parser = new XMLObject(new FileInputStream(path)); + + } + catch (Exception e) { + System.out.println("MigrateSecurityDomain: Unable to get domain info from domain.xml file"); + System.out.println(e.toString()); + System.exit(1); + } + + try { + String configFile = instRoot + "/conf/CS.cfg"; + FileConfigStore cs = new FileConfigStore(configFile); + + LDAPConnection conn = null; + conn = MigrateSecurityDomain.getLDAPConn(cs, dmPass); + if (conn == null) { + System.out.println("MigrateSecurityDomain: Failed to connect to internal database"); + System.exit(1); + } + + // add new schema elements + String importFile = "./schema-add.ldif"; + try { + LDAPUtil.importLDIF(conn, importFile); + } catch (Exception e) { + System.out.println("MigrateSecurityDomain: Error in adding new schema elements"); + System.exit(1); + } + // create the containers + String basedn = cs.getString("internaldb.basedn"); + String secdomain = parser.getValue("Name"); + + try { + String dn = "ou=Security Domain," + basedn; + System.out.println("MigrateSecurityDomain: creating ldap entry : " + dn); + + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "organizationalUnit")); + attrs.add(new LDAPAttribute("name", secdomain)); + attrs.add(new LDAPAttribute("ou", "Security Domain")); + entry = new LDAPEntry(dn, attrs); + conn.add(entry); + } catch (LDAPException e) { + if (e.getLDAPResultCode() != 68) { + System.out.println("Unable to create security domain" + e.toString()); + System.exit(1); + } + } + + // create list containers + String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"}; + for (int i=0; i< 6; i++) { + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup")); + attrs.add(new LDAPAttribute("cn", clist[i])); + entry = new LDAPEntry(dn, attrs); + try { + conn.add(entry); + } catch (LDAPException e) { + if (e.getLDAPResultCode() != 68) { + System.out.println("Unable to create security domain list entry " + dn +": "+ e.toString()); + System.exit(1); + } + } + } + + // create system entries + String tlist[] = {"CA", "OCSP", "KRA", "RA", "TKS", "TPS"}; + Document doc = parser.getDocument(); + for (int j=0; j<6; j++) { + String type = tlist[j]; + NodeList nodeList = doc.getElementsByTagName(type); + int len = nodeList.getLength(); + for (int i = 0; i < len; i++) { + Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), "Clone"); + Vector v_name = parser.getValuesFromContainer(nodeList.item(i), "SubsystemName"); + Vector v_host = parser.getValuesFromContainer(nodeList.item(i), "Host"); + Vector v_port = parser.getValuesFromContainer(nodeList.item(i), "SecurePort"); + + String cn = (String)v_host.elementAt(0) + ":" + (String)v_port.elementAt(0); + String dn = "cn=" + cn + ",cn=" + type +"List,ou=Security Domain," + basedn; + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem")); + attrs.add(new LDAPAttribute("Host", (String)v_host.elementAt(0))); + attrs.add(new LDAPAttribute("SecurePort", (String)v_port.elementAt(0))); + attrs.add(new LDAPAttribute("Clone", (String)v_clone.elementAt(0))); + attrs.add(new LDAPAttribute("SubsystemName", (String)v_name.elementAt(0))); + attrs.add(new LDAPAttribute("cn", cn)); + attrs.add(new LDAPAttribute("DomainManager", "true")); + // Since the initial port separation feature didn't occur + // until an RHCS 7.3 errata, simply store the "SecurePort" + // value for BOTH the "SecureAgentPort" and the + // "SecureAdminPort", and DON'T store any values for the + // "UnSecurePort" + attrs.add(new LDAPAttribute("SecureAgentPort", (String)v_port.elementAt(0))); + attrs.add(new LDAPAttribute("SecureAdminPort", (String)v_port.elementAt(0))); + entry = new LDAPEntry(dn, attrs); + + try { + conn.add(entry); + } + catch (LDAPException e) { + if (e.getLDAPResultCode() != 68) { + System.out.println("Unable to create entry " + dn +": "+ e.toString()); + } + } + } + } + cs.putString("securitydomain.store", "ldap"); + cs.commit(false); + System.out.println("MigrateSecurityDomain: Domain successfully migrated."); + } catch (Exception e) { + System.out.println("MigrateSecurityDomain: Migration failed. " + e.toString()); + } + System.exit(0); + } + +} |