diff options
author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java | |
parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java')
-rw-r--r-- | pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java | 964 |
1 files changed, 491 insertions, 473 deletions
diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java index c79ec4edd..f8df962a5 100644 --- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java +++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java @@ -1,4 +1,5 @@ package com.netscape.pkisilent; + // --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by @@ -17,7 +18,6 @@ package com.netscape.pkisilent; // All rights reserved. // --- END COPYRIGHT BLOCK --- - import java.io.BufferedInputStream; import java.io.BufferedReader; import java.io.ByteArrayInputStream; @@ -39,8 +39,7 @@ import com.netscape.pkisilent.common.ParseXML; import com.netscape.pkisilent.http.HTTPClient; import com.netscape.pkisilent.http.HTTPResponse; -public class ConfigureDRM -{ +public class ConfigureDRM { // global constants public static final String DEFAULT_KEY_TYPE = "RSA"; @@ -52,7 +51,7 @@ public class ConfigureDRM // define global variables public static HTTPClient hc = null; - + public static String login_uri = "/kra/admin/console/config/login"; public static String wizard_uri = "/kra/admin/console/config/wizard"; public static String admin_uri = "/ca/admin/ca/getBySerial"; @@ -78,7 +77,7 @@ public class ConfigureDRM public static String client_certdb_dir = null; public static String client_certdb_pwd = null; - // Login Panel + // Login Panel public static String pin = null; public static String domain_name = null; @@ -160,14 +159,13 @@ public class ConfigureDRM public static String backup_pwd = null; public static String backup_fname = null; - // cert subject names + // cert subject names public static String drm_transport_cert_subject_name = null; public static String drm_subsystem_cert_subject_name = null; public static String drm_storage_cert_subject_name = null; public static String drm_server_cert_subject_name = null; public static String drm_audit_signing_cert_subject_name = null; - public static String subsystem_name = null; // cloning @@ -176,38 +174,32 @@ public class ConfigureDRM public static String clone_p12_passwd = null; public static String clone_p12_file = null; - //for correct selection of CA to be cloned + // for correct selection of CA to be cloned public static String urls; - - public ConfigureDRM () - { + + public ConfigureDRM() { // do nothing :) } - public void sleep_time() - { - try - { + public void sleep_time() { + try { System.out.println("Sleeping for 5 secs.."); Thread.sleep(5000); - } - catch(Exception e) - { + } catch (Exception e) { System.out.println("ERROR: sleep problem"); } } - public boolean LoginPanel() - { + public boolean LoginPanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; ParseXML px = new ParseXML(); - String query_string = "pin=" + pin + "&xml=true"; - - hr = hc.sslConnect(cs_hostname,cs_port,login_uri,query_string); + String query_string = "pin=" + pin + "&xml=true"; + + hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string); System.out.println("xml returned: " + hr.getHTML()); // parse xml here - nothing to parse @@ -215,14 +207,15 @@ public class ConfigureDRM // get cookie String temp = hr.getCookieValue("JSESSIONID"); - if (temp!=null) { + if (temp != null) { int index = temp.indexOf(";"); - HTTPClient.j_session_id = temp.substring(0,index); + HTTPClient.j_session_id = temp.substring(0, index); st = true; } hr = null; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, "p=0&op=next&xml=true"); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, + "p=0&op=next&xml=true"); // parse xml here bais = new ByteArrayInputStream(hr.getHTML().getBytes()); @@ -232,8 +225,7 @@ public class ConfigureDRM return st; } - public boolean TokenChoicePanel() - { + public boolean TokenChoicePanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; @@ -243,10 +235,9 @@ public class ConfigureDRM // Software Token if (token_name.equalsIgnoreCase("internal")) { - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode("Internal Key Storage Token"); - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + query_string = "p=1" + "&op=next" + "&xml=true" + "&choice=" + + URLEncoder.encode("Internal Key Storage Token"); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); @@ -254,23 +245,20 @@ public class ConfigureDRM px.prettyprintxml(); } else { // login to hsm first - query_string = "p=2" + "&op=next" + "&xml=true" + - "&uTokName=" + - URLEncoder.encode(token_name) + - "&__uPasswd=" + - URLEncoder.encode(token_pwd); - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + query_string = "p=2" + "&op=next" + "&xml=true" + "&uTokName=" + + URLEncoder.encode(token_name) + "&__uPasswd=" + + URLEncoder.encode(token_pwd); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); px.parse(bais); px.prettyprintxml(); - + // choice with token name now - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode(token_name); - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + query_string = "p=1" + "&op=next" + "&xml=true" + "&choice=" + + URLEncoder.encode(token_name); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); @@ -281,24 +269,18 @@ public class ConfigureDRM return true; } - public boolean DomainPanel() - { + public boolean DomainPanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; ParseXML px = new ParseXML(); + String domain_url = "https://" + sd_hostname + ":" + sd_admin_port; - String domain_url = "https://" + sd_hostname + ":" + sd_admin_port ; - - String query_string = "sdomainURL=" + - URLEncoder.encode(domain_url) + - "&choice=existingdomain"+ - "&p=3" + - "&op=next" + - "&xml=true"; + String query_string = "sdomainURL=" + URLEncoder.encode(domain_url) + + "&choice=existingdomain" + "&p=3" + "&op=next" + "&xml=true"; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); @@ -309,43 +291,41 @@ public class ConfigureDRM } - public boolean DisplayChainPanel() - { + public boolean DisplayChainPanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; ParseXML px = new ParseXML(); String query_string = null; - query_string = "p=4" + "&op=next" + "&xml=true"; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + query_string = "p=4" + "&op=next" + "&xml=true"; + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); return true; } - public boolean SecurityDomainLoginPanel() - { + public boolean SecurityDomainLoginPanel() { try { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; ParseXML px = new ParseXML(); - String kra_url = "https://" + cs_hostname + ":" + cs_port + - "/kra/admin/console/config/wizard" + - "?p=5&subsystem=KRA" ; + String kra_url = "https://" + cs_hostname + ":" + cs_port + + "/kra/admin/console/config/wizard" + "?p=5&subsystem=KRA"; - String query_string = "url=" + URLEncoder.encode(kra_url); + String query_string = "url=" + URLEncoder.encode(kra_url); - hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string); + hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri, + query_string); - String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + URLEncoder.encode(sd_admin_password) + - "&url=" + URLEncoder.encode(kra_url) ; + String query_string_1 = "uid=" + sd_admin_name + "&pwd=" + + URLEncoder.encode(sd_admin_password) + "&url=" + + URLEncoder.encode(kra_url); - hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri, - query_string_1); + hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri, + query_string_1); // get session id from security domain @@ -357,13 +337,10 @@ public class ConfigureDRM // use session id to connect back to KRA - String query_string_2 = "p=5" + - "&subsystem=KRA" + - "&session_id=" + kra_session_id + - "&xml=true" ; + String query_string_2 = "p=5" + "&subsystem=KRA" + "&session_id=" + + kra_session_id + "&xml=true"; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, - query_string_2); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_2); if (clone) { // parse urls @@ -372,7 +349,7 @@ public class ConfigureDRM if (indx < 0) { throw new Exception("Invalid clone_uri"); } - urls = urls.substring(urls.lastIndexOf("<option" , indx), indx); + urls = urls.substring(urls.lastIndexOf("<option", indx), indx); urls = urls.split("\"")[1]; System.out.println("urls =" + urls); @@ -380,14 +357,14 @@ public class ConfigureDRM return true; } catch (Exception e) { - System.out.println("Exception in SecurityDomainLoginPanel(): " + e.toString()); + System.out.println("Exception in SecurityDomainLoginPanel(): " + + e.toString()); e.printStackTrace(); return false; } } - - public boolean SubsystemPanel() - { + + public boolean SubsystemPanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; @@ -395,16 +372,15 @@ public class ConfigureDRM String query_string = null; if (!clone) { query_string = "p=5" + "&op=next" + "&xml=true" - + "&choice=newsubsystem" + "&subsystemName=" - + URLEncoder.encode(subsystem_name); + + "&choice=newsubsystem" + "&subsystemName=" + + URLEncoder.encode(subsystem_name); } else { query_string = "p=5" + "&op=next" + "&xml=true" - + "&choice=clonesubsystem" + "&subsystemName=" - + URLEncoder.encode(subsystem_name) - + "&urls=" + urls; + + "&choice=clonesubsystem" + "&subsystemName=" + + URLEncoder.encode(subsystem_name) + "&urls=" + urls; } - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); px.parse(bais); @@ -420,8 +396,8 @@ public class ConfigureDRM ParseXML px = new ParseXML(); String query_string = "p=6" + "&op=next" + "&xml=true" - + "&__password=" + URLEncoder.encode(clone_p12_passwd) - + "&path=" + URLEncoder.encode(clone_p12_file) + ""; + + "&__password=" + URLEncoder.encode(clone_p12_passwd) + + "&path=" + URLEncoder.encode(clone_p12_file) + ""; hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); @@ -431,33 +407,32 @@ public class ConfigureDRM px.prettyprintxml(); return true; } catch (Exception e) { - System.out.println("Exception in RestoreKeyCertPanel(): " + e.toString()); + System.out.println("Exception in RestoreKeyCertPanel(): " + + e.toString()); e.printStackTrace(); return false; } } - public boolean LdapConnectionPanel() - { + public boolean LdapConnectionPanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; ParseXML px = new ParseXML(); + String query_string = "p=7" + "&op=next" + "&xml=true" + "&host=" + + URLEncoder.encode(ldap_host) + "&port=" + + URLEncoder.encode(ldap_port) + "&binddn=" + + URLEncoder.encode(bind_dn) + "&__bindpwd=" + + URLEncoder.encode(bind_password) + "&basedn=" + + URLEncoder.encode(base_dn) + "&database=" + + URLEncoder.encode(db_name) + "&display=" + + URLEncoder.encode("$displayStr") + + (secure_conn.equals("true") ? "&secureConn=on" : "") + + (clone_start_tls.equals("true") ? "&cloneStartTLS=on" : "") + + (remove_data.equals("true") ? "&removeData=true" : ""); - String query_string = "p=7" + "&op=next" + "&xml=true" + - "&host=" + URLEncoder.encode(ldap_host) + - "&port=" + URLEncoder.encode(ldap_port) + - "&binddn=" + URLEncoder.encode(bind_dn) + - "&__bindpwd=" + URLEncoder.encode(bind_password) + - "&basedn=" + URLEncoder.encode(base_dn) + - "&database=" + URLEncoder.encode(db_name) + - "&display=" + URLEncoder.encode("$displayStr") + - (secure_conn.equals("true")? "&secureConn=on": "") + - (clone_start_tls.equals("true")? "&cloneStartTLS=on": "") + - (remove_data.equals("true")? "&removeData=true": ""); - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); @@ -467,8 +442,7 @@ public class ConfigureDRM return true; } - public boolean KeyPanel() - { + public boolean KeyPanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; @@ -478,56 +452,74 @@ public class ConfigureDRM String query_string = null; if (!clone) { - query_string = "p=8" + "&op=next" + "&xml=true" + - "&transport_custom_size=" + transport_key_size + - "&storage_custom_size=" + storage_key_size + - "&subsystem_custom_size=" + subsystem_key_size + - "&sslserver_custom_size=" + sslserver_key_size + - "&audit_signing_custom_size=" + key_size + - "&custom_size=" + key_size + - "&transport_custom_curvename=" + transport_key_curvename + - "&storage_custom_curvename=" + storage_key_curvename + - "&subsystem_custom_curvename=" + subsystem_key_curvename + - "&sslserver_custom_curvename=" + sslserver_key_curvename + - "&audit_signing_custom_curvename=" + audit_signing_key_curvename + - "&custom_curvename=" + key_curvename + - "&transport_keytype=" + transport_key_type + - "&storage_keytype=" + storage_key_type + - "&subsystem_keytype=" + subsystem_key_type + - "&sslserver_keytype=" + sslserver_key_type + - "&audit_signing_keytype=" + audit_signing_key_type + - "&keytype=" + key_type + - "&transport_choice=custom"+ - "&storage_choice=custom"+ - "&subsystem_choice=custom"+ - "&sslserver_choice=custom"+ - "&choice=custom"+ - "&audit_signing_choice=custom" + - "&signingalgorithm=" + signing_algorithm + - "&transport_signingalgorithm=" + transport_signingalgorithm; + query_string = "p=8" + "&op=next" + "&xml=true" + + "&transport_custom_size=" + + transport_key_size + + "&storage_custom_size=" + + storage_key_size + + "&subsystem_custom_size=" + + subsystem_key_size + + "&sslserver_custom_size=" + + sslserver_key_size + + "&audit_signing_custom_size=" + + key_size + + "&custom_size=" + + key_size + + "&transport_custom_curvename=" + + transport_key_curvename + + "&storage_custom_curvename=" + + storage_key_curvename + + "&subsystem_custom_curvename=" + + subsystem_key_curvename + + "&sslserver_custom_curvename=" + + sslserver_key_curvename + + "&audit_signing_custom_curvename=" + + audit_signing_key_curvename + + "&custom_curvename=" + + key_curvename + + "&transport_keytype=" + + transport_key_type + + "&storage_keytype=" + + storage_key_type + + "&subsystem_keytype=" + + subsystem_key_type + + "&sslserver_keytype=" + + sslserver_key_type + + "&audit_signing_keytype=" + + audit_signing_key_type + + "&keytype=" + + key_type + + "&transport_choice=custom" + + "&storage_choice=custom" + + "&subsystem_choice=custom" + + "&sslserver_choice=custom" + + "&choice=custom" + + "&audit_signing_choice=custom" + + "&signingalgorithm=" + + signing_algorithm + + "&transport_signingalgorithm=" + + transport_signingalgorithm; } else { - query_string = "p=8" + "&op=next" + "&xml=true" + - "&sslserver_custom_size=" + sslserver_key_size + - "&sslserver_keytype=" + sslserver_key_type + - "&sslserver_choice=custom" + - "&custom_size=" + key_size + - "&keytype=" + key_type + - "&choice=custom"; - } + query_string = "p=8" + "&op=next" + "&xml=true" + + "&sslserver_custom_size=" + sslserver_key_size + + "&sslserver_keytype=" + sslserver_key_type + + "&sslserver_choice=custom" + "&custom_size=" + key_size + + "&keytype=" + key_type + "&choice=custom"; + } - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); px.parse(bais); px.prettyprintxml(); - - al = px.constructValueList("CertReqPair","DN"); + + al = px.constructValueList("CertReqPair", "DN"); // get ca cert subject name if (al != null) { - for (int i=0; i < al.size(); i++) { - String temp = al.get(i); + for (int i = 0; i < al.size(); i++) { + String temp = al.get(i); if (temp.indexOf("DRM Transport") > 0) { drm_transport_cert_name = temp; } else if (temp.indexOf("DRM Storage") > 0) { @@ -541,23 +533,21 @@ public class ConfigureDRM } } } - - System.out.println("default: drm_transport_cert_name=" + - drm_transport_cert_name); - System.out.println("default: drm_storage_cert_name=" + - drm_storage_cert_name); - System.out.println("default: drm_subsystem_cert_name=" + - drm_subsystem_cert_name); - System.out.println("default: drm_audit_signing_cert_name=" + - drm_audit_signing_cert_name); - - System.out.println("default: server_cert_name=" + - server_cert_name); + + System.out.println("default: drm_transport_cert_name=" + + drm_transport_cert_name); + System.out.println("default: drm_storage_cert_name=" + + drm_storage_cert_name); + System.out.println("default: drm_subsystem_cert_name=" + + drm_subsystem_cert_name); + System.out.println("default: drm_audit_signing_cert_name=" + + drm_audit_signing_cert_name); + + System.out.println("default: server_cert_name=" + server_cert_name); return true; } - public boolean CertSubjectPanel() - { + public boolean CertSubjectPanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; @@ -567,69 +557,64 @@ public class ConfigureDRM ArrayList<String> dn_list = null; String query_string = null; - String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port ; + String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port; if (!clone) { - query_string = "p=9" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(drm_subsystem_cert_subject_name) + - "&transport=" + - URLEncoder.encode(drm_transport_cert_subject_name) + - "&storage=" + - URLEncoder.encode(drm_storage_cert_subject_name) + - "&sslserver=" + - URLEncoder.encode(drm_server_cert_subject_name) + - "&audit_signing=" + - URLEncoder.encode(drm_audit_signing_cert_subject_name) + - "&urls=" + - URLEncoder.encode(domain_url); + query_string = "p=9" + "&op=next" + "&xml=true" + "&subsystem=" + + URLEncoder.encode(drm_subsystem_cert_subject_name) + + "&transport=" + + URLEncoder.encode(drm_transport_cert_subject_name) + + "&storage=" + + URLEncoder.encode(drm_storage_cert_subject_name) + + "&sslserver=" + + URLEncoder.encode(drm_server_cert_subject_name) + + "&audit_signing=" + + URLEncoder.encode(drm_audit_signing_cert_subject_name) + + "&urls=" + URLEncoder.encode(domain_url); } else { - query_string = "p=9" + "&op=next" + "&xml=true" + - "&sslserver=" + - URLEncoder.encode(drm_server_cert_subject_name) + - "&urls=" + - URLEncoder.encode(domain_url); + query_string = "p=9" + "&op=next" + "&xml=true" + "&sslserver=" + + URLEncoder.encode(drm_server_cert_subject_name) + + "&urls=" + URLEncoder.encode(domain_url); } - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); px.parse(bais); px.prettyprintxml(); - - req_list = px.constructValueList("CertReqPair","Request"); - cert_list = px.constructValueList("CertReqPair","Certificate"); - dn_list = px.constructValueList("CertReqPair","Nickname"); + + req_list = px.constructValueList("CertReqPair", "Request"); + cert_list = px.constructValueList("CertReqPair", "Certificate"); + dn_list = px.constructValueList("CertReqPair", "Nickname"); if (req_list != null && cert_list != null && dn_list != null) { - for (int i=0; i < dn_list.size(); i++) { - String temp = dn_list.get(i); + for (int i = 0; i < dn_list.size(); i++) { + String temp = dn_list.get(i); if (temp.indexOf("transportCert") >= 0) { - drm_transport_cert_req = req_list.get(i); - drm_transport_cert_cert = cert_list.get(i); + drm_transport_cert_req = req_list.get(i); + drm_transport_cert_cert = cert_list.get(i); } else if (temp.indexOf("storageCert") >= 0) { - drm_storage_cert_req = req_list.get(i); - drm_storage_cert_cert = cert_list.get(i); + drm_storage_cert_req = req_list.get(i); + drm_storage_cert_cert = cert_list.get(i); } else if (temp.indexOf("subsystemCert") >= 0) { - drm_subsystem_cert_req = req_list.get(i); - drm_subsystem_cert_cert = cert_list.get(i); - } else if (temp.indexOf("auditSigningCert") >=0) { - drm_audit_signing_cert_req = req_list.get(i); - drm_audit_signing_cert_cert = cert_list.get(i); + drm_subsystem_cert_req = req_list.get(i); + drm_subsystem_cert_cert = cert_list.get(i); + } else if (temp.indexOf("auditSigningCert") >= 0) { + drm_audit_signing_cert_req = req_list.get(i); + drm_audit_signing_cert_cert = cert_list.get(i); } else { - server_cert_req = req_list.get(i); - server_cert_cert = cert_list.get(i); + server_cert_req = req_list.get(i); + server_cert_cert = cert_list.get(i); } } } - + return true; } - public boolean CertificatePanel() - { + public boolean CertificatePanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; @@ -639,68 +624,56 @@ public class ConfigureDRM ArrayList<String> dn_list = null; ArrayList<String> pp_list = null; + String query_string = "p=10" + "&op=next" + "&xml=true" + "&subsystem=" + + URLEncoder.encode(drm_subsystem_cert_cert) + "&subsystem_cc=" + + "&transport=" + URLEncoder.encode(drm_transport_cert_cert) + + "&transport_cc=" + "&storage=" + + URLEncoder.encode(drm_storage_cert_cert) + "&storage_cc=" + + "&sslserver=" + URLEncoder.encode(server_cert_cert) + + "&sslserver_cc=" + "&audit_signing=" + + URLEncoder.encode(drm_audit_signing_cert_cert) + + "&audit_signing_cc="; - String query_string = "p=10" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(drm_subsystem_cert_cert) + - "&subsystem_cc=" + - "&transport=" + - URLEncoder.encode(drm_transport_cert_cert) + - "&transport_cc=" + - "&storage=" + - URLEncoder.encode(drm_storage_cert_cert) + - "&storage_cc=" + - "&sslserver=" + - URLEncoder.encode(server_cert_cert) + - "&sslserver_cc=" + - "&audit_signing=" + - URLEncoder.encode(drm_audit_signing_cert_cert) + - "&audit_signing_cc="; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); px.parse(bais); px.prettyprintxml(); - + return true; } - public boolean BackupPanel() - { + public boolean BackupPanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; ParseXML px = new ParseXML(); + String query_string = "p=11" + "&op=next" + "&xml=true" + + "&choice=backupkey" + "&__pwd=" + + URLEncoder.encode(backup_pwd) + "&__pwdagain=" + + URLEncoder.encode(backup_pwd); - String query_string = "p=11" + "&op=next" + "&xml=true" + - "&choice=backupkey" + - "&__pwd=" + URLEncoder.encode(backup_pwd) + - "&__pwdagain=" + URLEncoder.encode(backup_pwd); - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); px.parse(bais); px.prettyprintxml(); - + return true; } - public boolean SavePKCS12Panel() - { + public boolean SavePKCS12Panel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; ParseXML px = new ParseXML(); + String query_string = ""; - String query_string = ""; - - hr = hc.sslConnect(cs_hostname,cs_port,pkcs12_uri,query_string); + hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string); // dump hr.getResponseData() to file try { @@ -709,17 +682,18 @@ public class ConfigureDRM fos.close(); // set file to permissions 600 - String rtParams[] = { "chmod","600", backup_fname}; + String rtParams[] = { "chmod", "600", backup_fname }; Process proc = Runtime.getRuntime().exec(rtParams); - BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream())); + BufferedReader br = new BufferedReader(new InputStreamReader( + proc.getErrorStream())); String line = null; - while ( (line = br.readLine()) != null) - System.out.println("Error: " + line); + while ((line = br.readLine()) != null) + System.out.println("Error: " + line); int exitVal = proc.waitFor(); - + // verify p12 file - + // Decode the P12 file FileInputStream fis = new FileInputStream(backup_fname); PFX.Template pfxt = new PFX.Template(); @@ -727,17 +701,18 @@ public class ConfigureDRM System.out.println("Decoded PFX"); // now peruse it for interesting info - System.out.println("Version: "+pfx.getVersion()); + System.out.println("Version: " + pfx.getVersion()); AuthenticatedSafes authSafes = pfx.getAuthSafes(); SEQUENCE asSeq = authSafes.getSequence(); - System.out.println("AuthSafes has "+ - asSeq.size()+" SafeContents"); + System.out.println("AuthSafes has " + asSeq.size() + + " SafeContents"); fis.close(); if (clone) { query_string = "p=12" + "&op=next" + "&xml=true"; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, + query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); @@ -752,19 +727,15 @@ public class ConfigureDRM return true; } - public boolean AdminCertReqPanel() - { + public boolean AdminCertReqPanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; ParseXML px = new ParseXML(); String admin_cert_request = null; - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - agent_cert_subject, - agent_key_size, - agent_key_type); + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd, + agent_cert_subject, agent_key_size, agent_key_type); cCrypt.setDebug(true); cCrypt.setGenerateRequest(true); cCrypt.setTransportCert(null); @@ -774,76 +745,67 @@ public class ConfigureDRM String crmf_request = cCrypt.generateCRMFrequest(); if (crmf_request == null) { - System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); - return false; + System.out + .println("ERROR: AdminCertReqPanel() cert req gen failed"); + return false; } admin_cert_request = crmf_request; - String query_string = "p=13" + "&op=next" + "&xml=true" + - "&cert_request_type=" + "crmf" + - "&uid=" + admin_user + - "&name=" + admin_user + - "&__pwd=" + URLEncoder.encode(admin_password) + - "&__admin_password_again=" + URLEncoder.encode(admin_password) + - "&profileId=" + "caAdminCert" + - "&email=" + - URLEncoder.encode(admin_email) + - "&cert_request=" + - URLEncoder.encode(admin_cert_request) + - "&subject=" + - URLEncoder.encode(agent_cert_subject) + - "&clone=new" + - "&import=true" + - "&securitydomain=" + - URLEncoder.encode(domain_name); - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + String query_string = "p=13" + "&op=next" + "&xml=true" + + "&cert_request_type=" + "crmf" + "&uid=" + admin_user + + "&name=" + admin_user + "&__pwd=" + + URLEncoder.encode(admin_password) + + "&__admin_password_again=" + + URLEncoder.encode(admin_password) + "&profileId=" + + "caAdminCert" + "&email=" + URLEncoder.encode(admin_email) + + "&cert_request=" + URLEncoder.encode(admin_cert_request) + + "&subject=" + URLEncoder.encode(agent_cert_subject) + + "&clone=new" + "&import=true" + "&securitydomain=" + + URLEncoder.encode(domain_name); + + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); px.parse(bais); px.prettyprintxml(); - - admin_serial_number = px.getvalue("serialNumber"); + + admin_serial_number = px.getvalue("serialNumber"); return true; } - public boolean AdminCertImportPanel() - { + public boolean AdminCertImportPanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; ParseXML px = new ParseXML(); - String query_string = "serialNumber=" + admin_serial_number + - "&importCert=" + "true"; + String query_string = "serialNumber=" + admin_serial_number + + "&importCert=" + "true"; + + hr = hc.sslConnect(sd_hostname, sd_admin_port, admin_uri, query_string); - hr = hc.sslConnect(sd_hostname,sd_admin_port,admin_uri,query_string); - // get response data - // String cert_to_import = - // new sun.misc.BASE64Encoder().encode(hr.getResponseData()); - String cert_to_import = - OSUtil.BtoA(hr.getResponseData()); + // String cert_to_import = + // new sun.misc.BASE64Encoder().encode(hr.getResponseData()); + String cert_to_import = OSUtil.BtoA(hr.getResponseData()); System.out.println("Imported Cert=" + cert_to_import); - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd, + null, null, null); cCrypt.setDebug(true); cCrypt.setGenerateRequest(true); cCrypt.loginDB(); - String start = "-----BEGIN CERTIFICATE-----\r\n" ; - String end = "\r\n-----END CERTIFICATE-----" ; + String start = "-----BEGIN CERTIFICATE-----\r\n"; + String end = "\r\n-----END CERTIFICATE-----"; - st = cCrypt.importCert(start+cert_to_import+end,agent_name); + st = cCrypt.importCert(start + cert_to_import + end, agent_name); if (!st) { - System.out.println("ERROR: AdminCertImportPanel() during cert import"); + System.out + .println("ERROR: AdminCertImportPanel() during cert import"); return false; } @@ -851,35 +813,30 @@ public class ConfigureDRM return true; } - public boolean UpdateDomainPanel() - { + public boolean UpdateDomainPanel() { boolean st = false; HTTPResponse hr = null; ByteArrayInputStream bais = null; ParseXML px = new ParseXML(); - String query_string = "p=14" + "&op=next" + "&xml=true" + - "&caHost=" + URLEncoder.encode(sd_hostname) + - "&caPort=" + URLEncoder.encode(sd_agent_port); + String query_string = "p=14" + "&op=next" + "&xml=true" + "&caHost=" + + URLEncoder.encode(sd_hostname) + "&caPort=" + + URLEncoder.encode(sd_agent_port); - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); // parse xml bais = new ByteArrayInputStream(hr.getHTML().getBytes()); px.parse(bais); px.prettyprintxml(); - + return true; } - public boolean ConfigureDRMInstance() - { + public boolean ConfigureDRMInstance() { // 0. login to cert db - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd, + null, null, null); cCrypt.setDebug(true); cCrypt.setGenerateRequest(true); cCrypt.loginDB(); @@ -898,7 +855,8 @@ public class ConfigureDRM // 2. Token Choice Panel boolean disp_token = TokenChoicePanel(); if (!disp_token) { - System.out.println("ERROR: ConfigureDRM: TokenChoicePanel() failure"); + System.out + .println("ERROR: ConfigureDRM: TokenChoicePanel() failure"); return false; } @@ -914,7 +872,8 @@ public class ConfigureDRM // 4. display cert chain panel boolean disp_st = DisplayChainPanel(); if (!disp_st) { - System.out.println("ERROR: ConfigureDRM: DisplayChainPanel() failure"); + System.out + .println("ERROR: ConfigureDRM: DisplayChainPanel() failure"); return false; } @@ -922,7 +881,8 @@ public class ConfigureDRM // security domain login panel boolean disp_sd = SecurityDomainLoginPanel(); if (!disp_sd) { - System.out.println("ERROR: ConfigureDRM: SecurityDomainLoginPanel() failure"); + System.out + .println("ERROR: ConfigureDRM: SecurityDomainLoginPanel() failure"); return false; } @@ -939,7 +899,8 @@ public class ConfigureDRM if (clone) { boolean restore_st = RestoreKeyCertPanel(); if (!restore_st) { - System.out.println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure"); + System.out + .println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure"); return false; } } @@ -948,7 +909,8 @@ public class ConfigureDRM // 7. ldap connection panel boolean disp_ldap = LdapConnectionPanel(); if (!disp_ldap) { - System.out.println("ERROR: ConfigureDRM: LdapConnectionPanel() failure"); + System.out + .println("ERROR: ConfigureDRM: LdapConnectionPanel() failure"); return false; } @@ -965,7 +927,8 @@ public class ConfigureDRM // 10. Cert Subject Panel boolean disp_csubj = CertSubjectPanel(); if (!disp_csubj) { - System.out.println("ERROR: ConfigureDRM: CertSubjectPanel() failure"); + System.out + .println("ERROR: ConfigureDRM: CertSubjectPanel() failure"); return false; } @@ -973,7 +936,8 @@ public class ConfigureDRM // 11. Certificate Panel boolean disp_cp = CertificatePanel(); if (!disp_cp) { - System.out.println("ERROR: ConfigureDRM: CertificatePanel() failure"); + System.out + .println("ERROR: ConfigureDRM: CertificatePanel() failure"); return false; } @@ -989,7 +953,8 @@ public class ConfigureDRM // save panel boolean disp_save = SavePKCS12Panel(); if (!disp_save) { - System.out.println("ERROR: ConfigureDRM: SavePKCS12Panel() failure"); + System.out + .println("ERROR: ConfigureDRM: SavePKCS12Panel() failure"); return false; } @@ -1002,7 +967,8 @@ public class ConfigureDRM // 13. Admin Cert Req Panel boolean disp_adm = AdminCertReqPanel(); if (!disp_adm) { - System.out.println("ERROR: ConfigureDRM: AdminCertReqPanel() failure"); + System.out + .println("ERROR: ConfigureDRM: AdminCertReqPanel() failure"); return false; } @@ -1010,7 +976,8 @@ public class ConfigureDRM // 14. Admin Cert import Panel boolean disp_im = AdminCertImportPanel(); if (!disp_im) { - System.out.println("ERROR: ConfigureDRM: AdminCertImportPanel() failure"); + System.out + .println("ERROR: ConfigureDRM: AdminCertImportPanel() failure"); return false; } @@ -1018,7 +985,8 @@ public class ConfigureDRM // 15. Update Domain Panel boolean disp_ud = UpdateDomainPanel(); if (!disp_ud) { - System.out.println("ERROR: ConfigureDRM: UpdateDomainPanel() failure"); + System.out + .println("ERROR: ConfigureDRM: UpdateDomainPanel() failure"); return false; } @@ -1034,8 +1002,7 @@ public class ConfigureDRM } } - public static void main(String args[]) - { + public static void main(String args[]) { ConfigureDRM ca = new ConfigureDRM(); // set variables @@ -1063,7 +1030,7 @@ public class ConfigureDRM StringHolder x_admin_email = new StringHolder(); StringHolder x_admin_password = new StringHolder(); - // ldap + // ldap StringHolder x_ldap_host = new StringHolder(); StringHolder x_ldap_port = new StringHolder(); StringHolder x_bind_dn = new StringHolder(); @@ -1127,7 +1094,7 @@ public class ConfigureDRM // subsystemName StringHolder x_subsystem_name = new StringHolder(); - //clone parameters + // clone parameters StringHolder x_clone = new StringHolder(); StringHolder x_clone_uri = new StringHolder(); StringHolder x_clone_p12_file = new StringHolder(); @@ -1136,145 +1103,187 @@ public class ConfigureDRM // parse the args ArgParser parser = new ArgParser("ConfigureDRM"); - parser.addOption ("-cs_hostname %s #CS Hostname", - x_cs_hostname); - parser.addOption ("-cs_port %s #CS SSL Admin port", - x_cs_port); - - parser.addOption ("-sd_hostname %s #Security Domain Hostname", - x_sd_hostname); - parser.addOption ("-sd_ssl_port %s #Security Domain SSL EE port", - x_sd_ssl_port); - parser.addOption ("-sd_agent_port %s #Security Domain SSL Agent port", - x_sd_agent_port); - parser.addOption ("-sd_admin_port %s #Security Domain SSL Admin port", - x_sd_admin_port); - parser.addOption ("-sd_admin_name %s #Security Domain username", - x_sd_admin_name); - parser.addOption ("-sd_admin_password %s #Security Domain password", - x_sd_admin_password); - - parser.addOption ("-ca_hostname %s #CA Hostname", - x_ca_hostname); - parser.addOption ("-ca_port %s #CA non-SSL EE port", - x_ca_port); - parser.addOption ("-ca_ssl_port %s #CA SSL EE port", - x_ca_ssl_port); - - parser.addOption ("-client_certdb_dir %s #Client CertDB dir", - x_client_certdb_dir); - parser.addOption ("-client_certdb_pwd %s #client certdb password", - x_client_certdb_pwd); - parser.addOption ("-preop_pin %s #pre op pin", - x_preop_pin); - parser.addOption ("-domain_name %s #domain name", - x_domain_name); - parser.addOption ("-admin_user %s #Admin User Name", - x_admin_user); - parser.addOption ("-admin_email %s #Admin email", - x_admin_email); - parser.addOption ("-admin_password %s #Admin password", - x_admin_password); - parser.addOption ("-agent_name %s #Agent Cert Nickname", - x_agent_name); - - parser.addOption ("-ldap_host %s #ldap host", - x_ldap_host); - parser.addOption ("-ldap_port %s #ldap port", - x_ldap_port); - parser.addOption ("-bind_dn %s #ldap bind dn", - x_bind_dn); - parser.addOption ("-bind_password %s #ldap bind password", - x_bind_password); - parser.addOption ("-base_dn %s #base dn", - x_base_dn); - parser.addOption ("-db_name %s #db name", - x_db_name); - parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn); - parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data); - parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls); + parser.addOption("-cs_hostname %s #CS Hostname", x_cs_hostname); + parser.addOption("-cs_port %s #CS SSL Admin port", x_cs_port); + + parser.addOption("-sd_hostname %s #Security Domain Hostname", + x_sd_hostname); + parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port", + x_sd_ssl_port); + parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port", + x_sd_agent_port); + parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port", + x_sd_admin_port); + parser.addOption("-sd_admin_name %s #Security Domain username", + x_sd_admin_name); + parser.addOption("-sd_admin_password %s #Security Domain password", + x_sd_admin_password); + + parser.addOption("-ca_hostname %s #CA Hostname", x_ca_hostname); + parser.addOption("-ca_port %s #CA non-SSL EE port", x_ca_port); + parser.addOption("-ca_ssl_port %s #CA SSL EE port", x_ca_ssl_port); + + parser.addOption("-client_certdb_dir %s #Client CertDB dir", + x_client_certdb_dir); + parser.addOption("-client_certdb_pwd %s #client certdb password", + x_client_certdb_pwd); + parser.addOption("-preop_pin %s #pre op pin", x_preop_pin); + parser.addOption("-domain_name %s #domain name", x_domain_name); + parser.addOption("-admin_user %s #Admin User Name", x_admin_user); + parser.addOption("-admin_email %s #Admin email", x_admin_email); + parser.addOption("-admin_password %s #Admin password", x_admin_password); + parser.addOption("-agent_name %s #Agent Cert Nickname", x_agent_name); + + parser.addOption("-ldap_host %s #ldap host", x_ldap_host); + parser.addOption("-ldap_port %s #ldap port", x_ldap_port); + parser.addOption("-bind_dn %s #ldap bind dn", x_bind_dn); + parser.addOption("-bind_password %s #ldap bind password", + x_bind_password); + parser.addOption("-base_dn %s #base dn", x_base_dn); + parser.addOption("-db_name %s #db name", x_db_name); + parser.addOption( + "-secure_conn %s #use ldaps port (optional, default is false)", + x_secure_conn); + parser.addOption( + "-remove_data %s #remove existing data under base_dn (optional, default is false) ", + x_remove_data); + parser.addOption( + "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", + x_clone_start_tls); // key and algorithm options (default) - parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); - parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); - parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); - parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_signing_algorithm); + parser.addOption( + "-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", + x_key_type); + parser.addOption( + "-key_size %s #Key Size (optional, for RSA default is 2048)", + x_key_size); + parser.addOption( + "-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", + x_key_curvename); + parser.addOption( + "-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", + x_signing_algorithm); - // key and algorithm options for transport certificate (overrides default) - parser.addOption("-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_transport_key_type); - parser.addOption("-transport_key_size %s #Key Size (optional, for RSA default is key_size)", x_transport_key_size); - parser.addOption("-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_transport_key_curvename); - parser.addOption("-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)", x_transport_signingalgorithm); + // key and algorithm options for transport certificate (overrides + // default) + parser.addOption( + "-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_transport_key_type); + parser.addOption( + "-transport_key_size %s #Key Size (optional, for RSA default is key_size)", + x_transport_key_size); + parser.addOption( + "-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_transport_key_curvename); + parser.addOption( + "-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)", + x_transport_signingalgorithm); // key and algorithm options for storage certificate (overrides default) - parser.addOption("-storage_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_storage_key_type); - parser.addOption("-storage_key_size %s #Key Size (optional, for RSA default is key_size)", x_storage_key_size); - parser.addOption("-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_storage_key_curvename); - - // key and algorithm options for audit_signing certificate (overrides default) - parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type); - parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size); - parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename); - - // key and algorithm options for subsystem certificate (overrides default) - parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type); - parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size); - parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename); - - // key and algorithm options for sslserver certificate (overrides default) - parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type); - parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size); - parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename); - - parser.addOption ("-token_name %s #HSM/Software Token name", - x_token_name); - parser.addOption ("-token_pwd %s #HSM/Software Token password (optional, required for HSM)", - x_token_pwd); - - parser.addOption ("-agent_key_size %s #Agent Cert Key Size", - x_agent_key_size); - parser.addOption ("-agent_key_type %s #Agent Cert Key type [rsa]", - x_agent_key_type); - parser.addOption ("-agent_cert_subject %s #Agent Cert Subject ", - x_agent_cert_subject); - - parser.addOption ("-backup_pwd %s #PKCS12 password", - x_backup_pwd); - - parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-kra.p12)", - x_backup_fname); - - parser.addOption ( - "-drm_transport_cert_subject_name %s #DRM transport cert subject name", - x_drm_transport_cert_subject_name); - parser.addOption ( - "-drm_subsystem_cert_subject_name %s #DRM subsystem cert subject name", - x_drm_subsystem_cert_subject_name); - parser.addOption ( - "-drm_storage_cert_subject_name %s #DRM storage cert subject name", - x_drm_storage_cert_subject_name); - parser.addOption ( - "-drm_server_cert_subject_name %s #DRM server cert subject name", - x_drm_server_cert_subject_name); - - parser.addOption ( - "-subsystem_name %s #CA subsystem name", - x_subsystem_name); + parser.addOption( + "-storage_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_storage_key_type); + parser.addOption( + "-storage_key_size %s #Key Size (optional, for RSA default is key_size)", + x_storage_key_size); + parser.addOption( + "-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_storage_key_curvename); + + // key and algorithm options for audit_signing certificate (overrides + // default) + parser.addOption( + "-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_audit_signing_key_type); + parser.addOption( + "-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", + x_audit_signing_key_size); + parser.addOption( + "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_audit_signing_key_curvename); + + // key and algorithm options for subsystem certificate (overrides + // default) + parser.addOption( + "-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_subsystem_key_type); + parser.addOption( + "-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", + x_subsystem_key_size); + parser.addOption( + "-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_subsystem_key_curvename); + + // key and algorithm options for sslserver certificate (overrides + // default) + parser.addOption( + "-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", + x_sslserver_key_type); + parser.addOption( + "-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", + x_sslserver_key_size); + parser.addOption( + "-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", + x_sslserver_key_curvename); + parser.addOption("-token_name %s #HSM/Software Token name", + x_token_name); parser.addOption( - "-drm_audit_signing_cert_subject_name %s #DRM audit signing cert subject name", - x_drm_audit_signing_cert_subject_name); + "-token_pwd %s #HSM/Software Token password (optional, required for HSM)", + x_token_pwd); - parser.addOption("-clone %s #Clone of another KRA [true, false] (optional, default false)", x_clone); - parser.addOption("-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", x_clone_uri); - parser.addOption("-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)", x_clone_p12_file); - parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", x_clone_p12_passwd); + parser.addOption("-agent_key_size %s #Agent Cert Key Size", + x_agent_key_size); + parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]", + x_agent_key_type); + parser.addOption("-agent_cert_subject %s #Agent Cert Subject ", + x_agent_cert_subject); + + parser.addOption("-backup_pwd %s #PKCS12 password", x_backup_pwd); + + parser.addOption( + "-backup_fname %s #Backup File for p12, (optional, default /root/tmp-kra.p12)", + x_backup_fname); + + parser.addOption( + "-drm_transport_cert_subject_name %s #DRM transport cert subject name", + x_drm_transport_cert_subject_name); + parser.addOption( + "-drm_subsystem_cert_subject_name %s #DRM subsystem cert subject name", + x_drm_subsystem_cert_subject_name); + parser.addOption( + "-drm_storage_cert_subject_name %s #DRM storage cert subject name", + x_drm_storage_cert_subject_name); + parser.addOption( + "-drm_server_cert_subject_name %s #DRM server cert subject name", + x_drm_server_cert_subject_name); + + parser.addOption("-subsystem_name %s #CA subsystem name", + x_subsystem_name); + + parser.addOption( + "-drm_audit_signing_cert_subject_name %s #DRM audit signing cert subject name", + x_drm_audit_signing_cert_subject_name); + + parser.addOption( + "-clone %s #Clone of another KRA [true, false] (optional, default false)", + x_clone); + parser.addOption( + "-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", + x_clone_uri); + parser.addOption( + "-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)", + x_clone_p12_file); + parser.addOption( + "-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", + x_clone_p12_passwd); // and then match the arguments - String [] unmatched = null; - unmatched = parser.matchAllArgs (args,0,ArgParser.EXIT_ON_UNMATCHED); + String[] unmatched = null; + unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED); - if (unmatched!=null) { + if (unmatched != null) { System.out.println("ERROR: Argument Mismatch"); System.exit(-1); } @@ -1319,31 +1328,42 @@ public class ConfigureDRM key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); transport_key_type = set_default(x_transport_key_type.value, key_type); storage_key_type = set_default(x_storage_key_type.value, key_type); - audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); + audit_signing_key_type = set_default(x_audit_signing_key_type.value, + key_type); subsystem_key_type = set_default(x_subsystem_key_type.value, key_type); sslserver_key_type = set_default(x_sslserver_key_type.value, key_type); key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE); transport_key_size = set_default(x_transport_key_size.value, key_size); storage_key_size = set_default(x_storage_key_size.value, key_size); - audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size); + audit_signing_key_size = set_default(x_audit_signing_key_size.value, + key_size); subsystem_key_size = set_default(x_subsystem_key_size.value, key_size); sslserver_key_size = set_default(x_sslserver_key_size.value, key_size); - key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME); - transport_key_curvename = set_default(x_transport_key_curvename.value, key_curvename); - storage_key_curvename = set_default(x_storage_key_curvename.value, key_curvename); - audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename); - subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename); - sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename); + key_curvename = set_default(x_key_curvename.value, + DEFAULT_KEY_CURVENAME); + transport_key_curvename = set_default(x_transport_key_curvename.value, + key_curvename); + storage_key_curvename = set_default(x_storage_key_curvename.value, + key_curvename); + audit_signing_key_curvename = set_default( + x_audit_signing_key_curvename.value, key_curvename); + subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, + key_curvename); + sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, + key_curvename); if (transport_key_type.equalsIgnoreCase("RSA")) { - signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA); + signing_algorithm = set_default(x_signing_algorithm.value, + DEFAULT_KEY_ALGORITHM_RSA); } else { - signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC); + signing_algorithm = set_default(x_signing_algorithm.value, + DEFAULT_KEY_ALGORITHM_ECC); } - transport_signingalgorithm = set_default(x_transport_signingalgorithm.value, signing_algorithm); + transport_signingalgorithm = set_default( + x_transport_signingalgorithm.value, signing_algorithm); token_name = x_token_name.value; token_pwd = x_token_pwd.value; @@ -1354,15 +1374,13 @@ public class ConfigureDRM backup_pwd = x_backup_pwd.value; backup_fname = set_default(x_backup_fname.value, "/root/tmp-kra.p12"); - - drm_transport_cert_subject_name = - x_drm_transport_cert_subject_name.value ; - drm_subsystem_cert_subject_name = - x_drm_subsystem_cert_subject_name.value; - drm_storage_cert_subject_name = x_drm_storage_cert_subject_name.value ; - drm_server_cert_subject_name = x_drm_server_cert_subject_name.value ; - drm_audit_signing_cert_subject_name = x_drm_audit_signing_cert_subject_name.value; - + + drm_transport_cert_subject_name = x_drm_transport_cert_subject_name.value; + drm_subsystem_cert_subject_name = x_drm_subsystem_cert_subject_name.value; + drm_storage_cert_subject_name = x_drm_storage_cert_subject_name.value; + drm_server_cert_subject_name = x_drm_server_cert_subject_name.value; + drm_audit_signing_cert_subject_name = x_drm_audit_signing_cert_subject_name.value; + subsystem_name = x_subsystem_name.value; if ((x_clone.value != null) && (x_clone.value.equalsIgnoreCase("true"))) { @@ -1375,12 +1393,12 @@ public class ConfigureDRM clone_p12_passwd = x_clone_p12_passwd.value; boolean st = ca.ConfigureDRMInstance(); - + if (!st) { System.out.println("ERROR: unable to create DRM"); System.exit(-1); } - + System.out.println("Certificate System - DRM Instance Configured"); System.exit(0); } |