diff options
| author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-10-04 01:17:41 +0000 |
|---|---|---|
| committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-10-04 01:17:41 +0000 |
| commit | a4682ceae6774956461edd03b2485bbacea445f4 (patch) | |
| tree | 94c475a125441da63101738220ce3972cf37db61 /pki/base/silent/src/common | |
| parent | 0c775428675d2cb1be9551f84e6b741ca813f77e (diff) | |
| download | pki-a4682ceae6774956461edd03b2485bbacea445f4.tar.gz pki-a4682ceae6774956461edd03b2485bbacea445f4.tar.xz pki-a4682ceae6774956461edd03b2485bbacea445f4.zip | |
Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1IPA_v2_RHEL_6_2_20111003
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/silent/src/common')
| -rw-r--r-- | pki/base/silent/src/common/AutoInstaller.java | 2437 | ||||
| -rw-r--r-- | pki/base/silent/src/common/BaseState.java | 122 | ||||
| -rw-r--r-- | pki/base/silent/src/common/CMSConfig.java | 626 | ||||
| -rw-r--r-- | pki/base/silent/src/common/CMSInstance.java | 304 | ||||
| -rw-r--r-- | pki/base/silent/src/common/CMSLDAP.java | 613 | ||||
| -rw-r--r-- | pki/base/silent/src/common/CMSProperties.java | 698 | ||||
| -rw-r--r-- | pki/base/silent/src/common/CMSTask.java | 185 | ||||
| -rw-r--r-- | pki/base/silent/src/common/Certificate_Record.java | 50 | ||||
| -rw-r--r-- | pki/base/silent/src/common/ComCrypto.java | 784 | ||||
| -rw-r--r-- | pki/base/silent/src/common/Con2Agent.java | 329 | ||||
| -rw-r--r-- | pki/base/silent/src/common/ParseXML.java | 165 | ||||
| -rw-r--r-- | pki/base/silent/src/common/PostQuery.java | 137 | ||||
| -rw-r--r-- | pki/base/silent/src/common/ServerInfo.java | 375 | ||||
| -rw-r--r-- | pki/base/silent/src/common/TestClient.java | 978 | ||||
| -rw-r--r-- | pki/base/silent/src/common/Utilities.java | 353 | ||||
| -rw-r--r-- | pki/base/silent/src/common/createinstance.java | 112 |
16 files changed, 8268 insertions, 0 deletions
diff --git a/pki/base/silent/src/common/AutoInstaller.java b/pki/base/silent/src/common/AutoInstaller.java new file mode 100644 index 000000000..fa2eabc53 --- /dev/null +++ b/pki/base/silent/src/common/AutoInstaller.java @@ -0,0 +1,2437 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.net.*; +import java.io.*; +import java.util.*; + + +/** + * CMS Test Framework. + * Use this class to Configure a CA, RA,DRM,OCSP and SubCA subsystem. + * This simulartes the installation wizard functions and helps to configure a CMS subsystem. + */ + + +public class AutoInstaller { + + private static Properties props = null; + + // Admin Server and InternalDB varialbes + private String adminDomain, adminID, adminPWD, adminPort, machineName, host, serverID, instanceID, serverRoot, sieURL, dbConnPort, dbConnHost, dbInstanceName, dbPassword, dbLDAPauthDN, dbmode, ldapServerDB; + + // CMS Subsystem info + + private String certAdminName, certAdminUid, certAdminPWD, kra, subsystems, ca, ra, ocsp, remoteKRA, wirelessSupport, eeHttpPort, eeHttpsPort, agentHttpsPort, radminHttpsPort, tokenName, tokenPWD, certType, keyType, keyLength, SingleSignOnPWD, subjectName, aki, isCA, ski, sslCABit, objectSigningCABit, mailCABit, hashType, caOComponent, certValidityDays, signingCert, tks; + + // CA info + private String caHostname, caPortnum, caTimeout, caEEPort, enpropfile, cdir, tokenpwd, CAadminId, CAadminPwd, CAcertnickname, caAgentPortnum, cloneInstanceId; + + // Program variables + private int i; + private String configURL, deamonURL, certInstID; + private String inputLine; + private boolean st = false; + + private String postQuery = null; + private String propFileName; + private StringBuffer spage = new StringBuffer(); + // 4.5 server String CERTtokenName="Internal Key Storage Token"; + private String CERTtokenName = "internal"; + + private String certRequestStr = null, ssl_clientcert = "true"; + + private String raSigningCert = null; + private String kraTransportCert = null; + + private boolean subca = false; + + // / Constructors + + public AutoInstaller() {} + + /** + * Constructor . Takes parameter Server Root . + */ + public AutoInstaller(String sr) { + serverRoot = sr; + } + + // Set InternalDBVInfo + /** + * Set Internal Database Information . Takes parameters internaldatabase hostname, internaldatabase port, internaldatabase name, internaldatabase binddn, internaldatabase password + */ + + public void setInternalDBInfo(String dbh, String dbp, String dbname, String dbdn, String dbpswd) { + dbConnPort = dbp; + dbConnHost = dbh; + dbInstanceName = dbname; + dbPassword = dbpswd; + dbLDAPauthDN = dbdn; + dbmode = "local"; + ldapServerDB = "userRoot"; + } + + // Create Password file + private boolean CreatePasswordFile() { + String s = "internal: " + SingleSignOnPWD; + + try { + OutputStream f0 = new FileOutputStream( + serverRoot + "/" + instanceID + "/config/password.conf"); + + f0.write(s.getBytes()); + f0.close(); + return true; + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + return false; + } + + } + + private boolean BackupConfigFile() { + try { + FileInputStream f1 = new FileInputStream( + serverRoot + "/" + instanceID + "/config/CS.cfg"); + int size = f1.available(); + byte b[] = new byte[size]; + + if (f1.read(b) != b.length) { + return false; + } + OutputStream f2 = new FileOutputStream( + serverRoot + "/" + instanceID + "/config/CS.cfg.org"); + + f2.write(b); + + f1.close(); + f2.close(); + return true; + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + return false; + } + + } + + // Get RaSigning Cert + + public String getRASigningCert() { + return raSigningCert; + } + + // Get KRATransportCert + public String getKRATransportCert() { + return kraTransportCert; + } + + // Set Admin Server Info + + /** + * Set Admin Server Information . Takes parameters : hostname, adminserver portnumber , adminId , adminPassword + */ + public void setAdminInfo(String h, String p, String adDN, String id, String adpwd) { + adminDomain = adDN; + adminID = id; + adminPWD = adpwd; + adminPort = p; + host = h; + + } + + // Set CA Server Info + /** + * Set CA server Information . Takes parametrers :CAhostname, CAEEPORT, CAAGENTPORT , CAAdminUID, CAAdminPassword + */ + + public void setCAInfo(String cah, String caeep, String caagp, String caaduid, String caadpwd) { + caHostname = cah; + caPortnum = caagp; + caTimeout = "30"; + caEEPort = caeep; + CAadminId = caaduid; + CAadminPwd = caadpwd; + caAgentPortnum = caagp; + + } + + // Set ClientDB Info; + /** + * Sets Client Database information . Takes paramters : certdbdir, certdbpasswd, certnickanme + */ + + public void setClientDBInfo(String cd, String pwd, String nickname) { + + cdir = cd; + tokenpwd = pwd; + CAcertnickname = nickname; + } + + // Is this Internal or any hardware token and its password; + /** + * Set token info . Takes paramter "Internal" and tokenpasswd + */ + public void setTokenInfo(String t, String tp) { + + tokenName = t; + tokenPWD = tp; + + } + + // Set Subsystem Information for Configuring + + /** + * Takes parameters - sID- ServerID e.x cert1, sRoot- ServerRootK kT- keyType "RSA/DSA" , kL - keylength (1024.2048) , cVD- certificate validity dates e.g 365 for 1 year, sdn - subsystems dn, sAdp - subsystem's Admin port, sAgp - subsystems's Agentport,seSP- subsystem's ee SSL port , sep- Subsystems ee port. + */ + + public void setSubSystemInfo(String sID, String sRoot, String kT, String kL, String hT, String cVD, String sdn, String sAdP, String sAgP, String seSP, String seP) { + serverID = sID; + instanceID = "cert-" + sID; + + keyType = kT; + keyLength = kL; + hashType = hT; + certValidityDays = cVD; + + eeHttpPort = seP; + eeHttpsPort = seSP; + agentHttpsPort = sAgP; + radminHttpsPort = sAdP; + subjectName = sdn; + caOComponent = "test"; + } + + // // Configure CMS Subsystems + + /** + * Confiures a CA Subsystem .Takes parameter : adminSubjectDN, adminUID, AdminPasswd, SingleSignonPasswd + */ + public boolean ConfigureCA(String adn, String aduid, String adp, String ssonpwd) { + certAdminName = adn; + certAdminUid = aduid; + certAdminPWD = adp; + SingleSignOnPWD = ssonpwd; + + signingCert = "caSigningCert"; + certType = signingCert; + subsystems = "ca"; + ca = "true"; + kra = "false"; + ra = "false"; + ocsp = "false"; + remoteKRA = "false"; + wirelessSupport = "false"; + aki = "true"; + isCA = "true"; + ski = "true"; + sslCABit = "true"; + objectSigningCABit = "true"; + mailCABit = "true"; + + if (ConfCA()) { + CreatePasswordFile(); + BackupConfigFile(); + return true; + } + + return false; + + } + + public boolean ConfigureTKS(String adn, String aduid, String adp, String ssonpwd) { + + certAdminName = adn; + certAdminUid = aduid; + certAdminPWD = adp; + SingleSignOnPWD = ssonpwd; + signingCert = "raSigningCert"; + certType = signingCert; + subsystems = "tks"; + ra = "false"; + tks = "true"; + kra = "false"; + ca = "false"; + ocsp = "false"; + remoteKRA = "false"; + wirelessSupport = "false"; + aki = "true"; + isCA = "false"; + ski = "true"; + sslCABit = "true"; + objectSigningCABit = "true"; + mailCABit = "true"; + + if (ConfTKS()) { + CreatePasswordFile(); + BackupConfigFile(); + return true; + } + + return false; + + } + + private boolean ConfTKS() { + // Start Configuring + + // Step 1. Start Deamon + + if (!startDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to start deamon"); + return false; + } + + // Sometimes it takes time to start deamon so wait for few seconds + try { + System.out.println("going to sleep for 10 seconds"); + Thread.sleep(10000); + } catch (InterruptedException ie) { + System.out.println("sleep exection"); + } + + // Step 1a: Initialize Token ( Changed in 6.0)jjj + if (!initializePWD()) { + System.out.println( + "Configuring Cert Instance: error initializing pwd token"); + return false; + } + + // Step 2. Configure Internal DB + if (!configInternalDB()) { + System.out.println( + "Configuring Cert Instance: error configuring internal db"); + return false; + } + + // Step 3. Create Admin Values + if (!createAdminValues()) { + System.out.println( + "Configuring Cert Instance: error configuring admin values "); + return false; + } + + // Step 4. SubSystems + + if (!selectSubSystem()) { + System.out.println( + "Configuring Cert Instance: error selecting subsystems"); + return false; + } + + // Step 5. Network Configuration + if (!networkConfig()) { + System.out.println( + "Configuring Cert Instance: error configuring network ports "); + return false; + } + + // Create a SSL signing cert + Date tmpdate = new Date(); + + certType = "serverCert"; + subjectName = "CN=" + host + "." + adminDomain + ",OU=ssltest" + + tmpdate.getTime() + ",O=SSL,C=US"; + keyLength = "512"; + keyType = "RSA"; + String mtokenPWD = tokenPWD; + + tokenPWD = ""; + ssl_clientcert = "false"; + signingCert = "server"; + + if (!initializeToken()) { + System.out.println( + "Configuring Cert Instance: error initializing token"); + return false; + } + + // Step 8 : keyLenth + if (!keyLength()) { + System.out.println( + "Configuring Cert Instance: error configuring KeyLength"); + return false; + } + + // Step 9 : CheckDN + if (!checkDN()) { + System.out.println( + "Configuring Cert Instance: error checking deamon"); + return false; + } + + // Step 10 : + if (!certRequest(false)) { + System.out.println( + "Configuring Cert Instance: error creating Request"); + return false; + } + + // After creating ssl cert + tokenPWD = mtokenPWD; + + // Step 11 + if (!singleSignON()) { + System.out.println( + "Configuring Cert Instance: error setting up singlesignon"); + return false; + } + + // Step 11 + if (!doMisc()) { + System.out.println( + "Configuring Cert Instance: error setting up miscell"); + return false; + } + + // Step 12 + if (!exitDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to exit deamon"); + return false; + } + + return true; + } + + /** + * Confiures a RA Subsystem .Takes parameter : adminSubjectDN, adminUID, AdminPasswd, SingleSignonPasswd + */ + + + public boolean ConfigureRA(String adn, String aduid, String adp, String ssonpwd) { + certAdminName = adn; + certAdminUid = aduid; + certAdminPWD = adp; + SingleSignOnPWD = ssonpwd; + + signingCert = "raSigningCert"; + certType = signingCert; + subsystems = "ra"; + ra = "true"; + kra = "false"; + ca = "false"; + ocsp = "false"; + remoteKRA = "false"; + wirelessSupport = "false"; + aki = "true"; + isCA = "true"; + ski = "true"; + sslCABit = "true"; + objectSigningCABit = "true"; + mailCABit = "true"; + + if (ConfRA()) { + CreatePasswordFile(); + BackupConfigFile(); + return true; + } + + return false; + + } + + /** + * Confiures a OCSP Subsystem .Takes parameter : adminSubjectDN, adminUID, AdminPasswd, SingleSignonPasswd + */ + + + public boolean ConfigureOCSP(String adn, String aduid, String adp, String ssonpwd) { + certAdminName = adn; + certAdminUid = aduid; + certAdminPWD = adp; + SingleSignOnPWD = ssonpwd; + + signingCert = "ocspSigningCert"; + certType = signingCert; + subsystems = "ocsp"; + ocsp = "true"; + kra = "false"; + ra = "false"; + ca = "false"; + remoteKRA = "false"; + wirelessSupport = "false"; + aki = "true"; + isCA = "true"; + ski = "true"; + sslCABit = "true"; + objectSigningCABit = "true"; + mailCABit = "true"; + + if (ConfOCSP()) { + CreatePasswordFile(); + BackupConfigFile(); + return true; + } + + return false; + } + + /** + * Confiures a KRA Subsystem .Takes parameter : adminSubjectDN, adminUID, AdminPasswd, SingleSignonPasswd + */ + + + public boolean ConfigureKRA(String adn, String aduid, String adp, String ssonpwd) { + certAdminName = adn; + certAdminUid = aduid; + certAdminPWD = adp; + SingleSignOnPWD = ssonpwd; + + signingCert = "kraTransportCert"; + certType = signingCert; + subsystems = "kra"; + kra = "true"; + ca = "false"; + ra = "false"; + ocsp = "false"; + remoteKRA = "false"; + wirelessSupport = "false"; + aki = "true"; + isCA = "true"; + ski = "true"; + sslCABit = "true"; + objectSigningCABit = "true"; + mailCABit = "true"; + if (ConfKRA()) { + CreatePasswordFile(); + BackupConfigFile(); + return true; + } + + return false; + } + + /** + * Confiures a SubCA Subsystem .Takes parameter : adminSubjectDN, adminUID, AdminPasswd, SingleSignonPasswd + */ + + + public boolean ConfigureSubCA(String adn, String aduid, String adp, String ssonpwd) { + certAdminName = adn; + certAdminUid = aduid; + certAdminPWD = adp; + SingleSignOnPWD = ssonpwd; + subca = true; + signingCert = "caSigningCert"; + certType = signingCert; + subsystems = "ca"; + ca = "true"; + kra = "false"; + ra = "false"; + ocsp = "false"; + remoteKRA = "false"; + wirelessSupport = "false"; + aki = "true"; + isCA = "true"; + ski = "true"; + sslCABit = "true"; + objectSigningCABit = "true"; + mailCABit = "true"; + + if (ConfSubCA()) { + CreatePasswordFile(); + BackupConfigFile(); + return true; + } + + return false; + } + + // //////////////////////////////////////////////////////// + + private void getProperties(String filePath) throws Exception { + try { + FileInputStream fis = new FileInputStream(filePath); + + props = new Properties(); + props.load(fis); + System.out.println("Reading Properties file successful"); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + private void setPropFile(String fileName) { + propFileName = fileName; + } + + private void setConfigURL() { + configURL = "/" + instanceID + "/Tasks/Operation/config-cert"; + } + + private void setDeamonURL() { + deamonURL = "/" + instanceID + "/Tasks/Operation/start-daemon"; + + } + + private void setPostQueryString(String querystring) { + postQuery = querystring; + } + + private boolean Connect(String myStringUrl) { + // / This functions connects to the URL and POST HTTP Request . + // It compares with NMC_STATUS and return the status. + System.out.println(myStringUrl); + st = false; + + PostQuery sm = new PostQuery(myStringUrl, adminID, adminPWD, postQuery); + boolean st = sm.Send(); + + spage = sm.getPage(); + return st; + } + + private boolean startDeamon() { + // Set StringURL to connect , set the query string and Connect .Get the result + System.out.println("Log Info - configuring Cert Instance : Start Deamon"); + setDeamonURL(); + String myStringUrl = "http://" + host + "." + adminDomain + ":" + + adminPort + deamonURL; + + System.out.println("Log Info -" + myStringUrl); + String query = "instanceID=" + URLEncoder.encode(instanceID); + + query += "&AdminUsername=" + URLEncoder.encode(adminID); + query += "&AdminUserPassword=" + URLEncoder.encode(adminPWD); + + setPostQueryString(query); + return Connect(myStringUrl); + } + + private boolean configInternalDB() { + + System.out.println( + "Log Info - configuring Cert Instance : configureInternalDB"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "serverRoot=" + URLEncoder.encode(serverRoot); + + query += "&instanceID=" + URLEncoder.encode(instanceID); + query += "&adminUID=" + URLEncoder.encode(adminID); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("createInternalDB"); + query += "&AdminUserPassword=" + URLEncoder.encode(adminPWD); + query += "&host=" + URLEncoder.encode(host); + query += "&internaldb.ldapconn.host=" + URLEncoder.encode(dbConnHost); + query += "&internaldb.ldapconn.port=" + URLEncoder.encode(dbConnPort); + query += "&internaldb.ldapauth.bindDN=" + + URLEncoder.encode(dbLDAPauthDN); + query += "&db.instanceName=" + URLEncoder.encode(dbInstanceName); + query += "&db.password=" + URLEncoder.encode(dbPassword); + query += "&adminDomain=" + URLEncoder.encode(adminDomain); + query += "&db.mode=" + URLEncoder.encode(dbmode); + query += "&ldapServerDB=" + URLEncoder.encode(ldapServerDB); + query += "&cmsSeed=0"; + // logging + setPostQueryString(query); + return Connect(myStringUrl); + + } + + private boolean createAdminValues() { + System.out.println("configuring Cert Instance : configureAdmin"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "serverRoot=" + URLEncoder.encode(serverRoot); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&AdminUserPassword=" + URLEncoder.encode(adminPWD); + query += "&cert.admin.name=" + URLEncoder.encode(certAdminName); + query += "&cert.admin.uid=" + URLEncoder.encode(certAdminUid); + query += "&cert.admin.passwd=" + URLEncoder.encode(certAdminPWD); + query += "&db.password=" + URLEncoder.encode(dbPassword); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("setupAdmin"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + + } + + private boolean selectSubSystem() { + System.out.println("configuring Cert Instance : SubSystems"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "serverRoot=" + URLEncoder.encode(serverRoot); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&AdminUserPassword=" + URLEncoder.encode(adminPWD); + query += "&db.password=" + URLEncoder.encode(dbPassword); + query += "&internaldb.ldapauth.bindDN=" + + URLEncoder.encode(dbLDAPauthDN); + query += "&kra=" + URLEncoder.encode(kra); + query += "&subsystems=" + URLEncoder.encode(subsystems); + query += "&ca=" + URLEncoder.encode(ca); + query += "&ra=" + URLEncoder.encode(ra); + query += "&ocsp=" + URLEncoder.encode(ocsp); + query += "&remoteKRA=" + URLEncoder.encode(remoteKRA); + query += "&wirelessSupport=" + URLEncoder.encode(wirelessSupport); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("selectSubsystems"); + query += "&cmsSeed=0"; + + if (subsystems.equals("ca")) { + query += "&internaldb.ldapconn.host=" + + URLEncoder.encode(dbConnHost); + query += "&internaldb.ldapconn.port=" + + URLEncoder.encode(dbConnPort); + + } + if (subsystems.equals("ra")) { + query += "&caHostname=" + caHostname; + query += "&caPortnum=" + caPortnum; + query += "&caTimeout=" + caTimeout; + } + if (subsystems.equals("tks")) { + query += "&tks=true"; + } + + setPostQueryString(query); + return Connect(myStringUrl); + + } + + private boolean taskCloneMaster() { + System.out.println("configuring Cert Instance : taskCloneMaster"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "serverRoot=" + URLEncoder.encode(serverRoot); + + query += "&"; + query += "&claPortnumEE=" + URLEncoder.encode(caEEPort); + query += "&claPortnum=" + URLEncoder.encode(caAgentPortnum); + query += "&claHostname=" + URLEncoder.encode(caHostname); + query += "&ra=false"; + query += "&ca=true"; + query += "&kra=false"; + query += "&subsystems=ca"; + query += "&cloning=true"; + query += "&cloningInstance=" + URLEncoder.encode(cloneInstanceId); + query += "&claTimeout=" + URLEncoder.encode("60"); + query += "&internaldb.ldapauth.bindDN=" + + URLEncoder.encode(dbLDAPauthDN); + query += "&AdminUserPassword=" + URLEncoder.encode(adminPWD); + query += "&db.password=" + URLEncoder.encode(dbPassword); + query += "&instanceID=" + URLEncoder.encode(instanceID); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("taskCloneMaster"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + } + + private boolean taskCloning() { + System.out.println("configuring Cert Instance : taskCloning"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "serverRoot=" + URLEncoder.encode(serverRoot); + + query += "&"; + query += "&cloneTokenPasswd=" + URLEncoder.encode(dbPassword); + query += "&cloneTokenName=" + URLEncoder.encode("internal"); + query += "&cloningInstance=" + URLEncoder.encode(cloneInstanceId); + query += "&cloneSameMachine=true"; + query += "&AdminUserPassword=" + URLEncoder.encode(adminPWD); + query += "&certType=" + URLEncoder.encode(certType); + query += "&instanceID=" + URLEncoder.encode(instanceID); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("taskCloning"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + } + + private boolean setSerial(String start, String end) { + System.out.println("configuring Cert Instance : setCASerial"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "serverRoot=" + URLEncoder.encode(serverRoot); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&db.password=" + URLEncoder.encode(dbPassword); + query += "&caSerialNumber=" + URLEncoder.encode(start); + query += "&caEndSerialNumber=" + URLEncoder.encode(end); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("setCASerial"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + } + + private boolean setOCSP() { + System.out.println("configuring Cert Instance : setOCSP"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "serverRoot=" + URLEncoder.encode(serverRoot); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&CAOCSPService=" + URLEncoder.encode("true"); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("addOCSPService"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + } + + private boolean networkConfig() { + System.out.println("configuring Cert Instance : Network Config"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + if (subsystems.equals("kra")) { + query += "&agentGateway.https.port=" + + URLEncoder.encode(agentHttpsPort); + query += "&radm.https.port=" + URLEncoder.encode(radminHttpsPort); + query += "&eePortsEnable=" + URLEncoder.encode("false"); + } else { + query += "&eeGateway.http.port=" + URLEncoder.encode(eeHttpPort); + query += "&eeGateway.https.port=" + URLEncoder.encode(eeHttpsPort); + query += "&agentGateway.https.port=" + + URLEncoder.encode(agentHttpsPort); + query += "&radm.https.port=" + URLEncoder.encode(radminHttpsPort); + query += "&eePortsEnable=" + URLEncoder.encode("true"); + query += "&eeGateway.http.enable=" + URLEncoder.encode("true"); + } + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("configureNetwork"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + + } + + private boolean serverMigration() { + System.out.println("configuring Cert Instance : Server migration"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&migrationEnable=" + URLEncoder.encode("false"); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("migration"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + + } + + private boolean initializePWD() { + System.out.println("configuring Cert Instance : Initialize token"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&serverRoot=" + URLEncoder.encode(serverRoot); + query += "&tokenName=" + URLEncoder.encode(tokenName); + query += "&tokenPasswd=" + URLEncoder.encode(tokenPWD); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("initToken"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + + } + + private boolean initializeToken() { + System.out.println("configuring Cert Instance : Initialize token"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&serverRoot=" + URLEncoder.encode(serverRoot); + query += "&tokenName=" + URLEncoder.encode(tokenName); + query += "&tokenPasswd=" + URLEncoder.encode(tokenPWD); + query += "&certType=" + URLEncoder.encode(certType); + query += "&keyType=" + URLEncoder.encode(keyType); + query += "&keyLength=" + URLEncoder.encode(keyLength); + query += "&sopPasswd=" + URLEncoder.encode(SingleSignOnPWD); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("initToken"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + + } + + private boolean keyLength() { + System.out.println("configuring Cert Instance : Check Key length"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&serverRoot=" + URLEncoder.encode(serverRoot); + query += "&tokenName=" + URLEncoder.encode(tokenName); + query += "&tokenPasswd=" + URLEncoder.encode(tokenPWD); + query += "&certType=" + URLEncoder.encode(certType); + query += "&keyType=" + URLEncoder.encode(keyType); + query += "&keyLength=" + URLEncoder.encode(keyLength); + query += "&sopPasswd=" + URLEncoder.encode(SingleSignOnPWD); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("checkKeyLength"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + + } + + private boolean checkDN() { + System.out.println("configuring Cert Instance : Check DN"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&certType=" + URLEncoder.encode(certType); + query += "&subjectName=" + URLEncoder.encode(subjectName); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("checkDN"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + + } + + private String normalize(String s) { + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { + i++; + continue; + } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { + i++; + continue; + } else if (s.charAt(i) == '"') { + continue; + } + val += s.charAt(i); + } + return val; + } + + private String pkcs7Convertcert(String s) { + + String val = ""; + + int len = s.length(); + + for (int i = 0; i < len; i = i + 64) { + + if (i + 64 < len) { + val = val + s.substring(i, i + 64) + "\n"; + } else { + val = val + s.substring(i, len); + } + + } + return val; + } + + private boolean certRequest(boolean trustM) { + // This function prepares a Certificate Request. + // Submits it to the CA + // Approves the request. + // And then installs it + + System.out.println("configuring Cert Instance : cert Request"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&certType=" + URLEncoder.encode(certType); + query += "&subjectName=" + URLEncoder.encode(subjectName); + query += "&keyType=" + URLEncoder.encode(keyType); + query += "&keyLength=" + URLEncoder.encode(keyLength); + query += "&tokenName=" + URLEncoder.encode(CERTtokenName); + + if (subca) { + query += "&sslCABit=true"; + query += "&objectSigningCABit=true"; + query += "&wirelessSupport=false"; + query += "&mailCABit=true"; + query += "&isCA=true"; + query += "&ski=true"; + query += "&aki=true"; + query += "&keyUsage=true"; + query += "&caSigningCertReqFormat=PKCS10"; + } + + if (subsystems.equals("ra")) { + query += "&aki=" + URLEncoder.encode(aki); + query += "&keyUsage=" + URLEncoder.encode("true"); + query += "&signing_cert=" + signingCert; + } + + if (certType.equals("serverCert")) { + query += "&sslServerBit=" + URLEncoder.encode("true"); + query += "&sslClientBit=" + URLEncoder.encode("true"); + query += "&serverCertReqFormat=PKCS10"; + } else { + if (subsystems.equals("ra")) { + query += "&sslClientBit=" + URLEncoder.encode("true"); + query += "&raSigningCertReqFormat=PKCS10"; + } + + if (subsystems.equals("ocsp")) { + query += "&ocspSigningCertReqFormat=PKCS10"; + } + + if (subsystems.equals("kra")) { + // added keyUsage + query += "&keyUsage=" + URLEncoder.encode("true"); + // added URLEncoder + query += "&aki=" + URLEncoder.encode(aki); + query += "&kraTransportCertReqFormat=PKCS10"; + } + } + + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("certRequest"); + query += "&caHostname=" + caHostname; + query += "&caEEPort=" + caEEPort; + query += "&cmsSeed=0"; + + setPostQueryString(query); + if (!Connect(myStringUrl)) { + System.out.println("Error :certRequest"); + return false; + } + + String res = spage.toString(); + + certRequestStr = res.substring( + res.indexOf("certReq: ") + "certReq: ".length(), + res.indexOf("-----END NEW CERTIFICATE REQUEST-----")); + certRequestStr += "-----END NEW CERTIFICATE REQUEST-----"; + + int ReqId = 0; + + UserEnroll e = new UserEnroll(caHostname, caEEPort, subjectName, "test", + "test", null, "test", "test", cdir, tokenpwd, ssl_clientcert, + keyLength, keyType, null, null, signingCert); + + e.setpkcs10Request(certRequestStr); + if (e.Enroll()) { + ReqId = e.getRequestId(); + } else { + System.out.println("Request was not successful"); + return false; + } + + String trm; + + if (trustM) { + trm = "true"; + } else { + trm = "false"; + } + + Request r = new Request(caHostname, caAgentPortnum, CAadminId, + CAadminPwd, CAcertnickname, cdir, tokenpwd, getString(ReqId), + null, null, "approve", "enrollment", "showWaiting", null, trm); + + if (r.ApproveRequests(getString(ReqId)) <= -1) { + System.out.println( + "Error : Agent request approval was not successful"); + return false; + } + + System.out.println("configuring Cert Instance : req Success"); + + // Checking to see if request is approved. + + setConfigURL(); + myStringUrl = "http://" + host + ":" + adminPort + configURL; + System.out.println(myStringUrl); + + query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&certType=" + URLEncoder.encode(certType); + + if (certType.equals("serverCert")) { + query += "&serverCertReqID=" + ReqId; + } else { + query += "&raSigningCertReqID=" + ReqId; + } + + query += "&serverRoot=" + URLEncoder.encode(serverRoot); + query += "&caEEPort=" + caEEPort; + query += "&caHostname=" + host; + query += "&caEEType=https"; + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("reqSuccess"); + query += "&cmsSeed=0"; + + setPostQueryString(query); + if (Connect(myStringUrl)) { + + checkRequest cr = new checkRequest(caHostname, caEEPort, cdir, + tokenpwd, getString(ReqId), null, null); + + if (cr.checkRequestStatus()) { + String cert = cr.getpkcs7ChainCert(); + String certtmp = pkcs7Convertcert(cert); + + certtmp = normalize(certtmp); + cert = "-----BEGIN CERTIFICATE-----" + "\n" + certtmp + "\n" + + "-----END CERTIFICATE-----\n"; + + // install cert + System.out.println( + "configuring Cert Instance : install cert :" + cert); + setConfigURL(); + myStringUrl = "http://" + host + ":" + adminPort + configURL; + System.out.println(myStringUrl); + query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&certType=" + URLEncoder.encode(certType); + query += "&db.password=" + URLEncoder.encode(dbPassword); + + if (certType.equals("raSigningCert")) { + query += "&nickname=" + + URLEncoder.encode(certType + " " + instanceID); + raSigningCert = "-----BEGIN CERTIFICATE-----" + "\n" + + cr.getCert() + "\n" + + "-----END CERTIFICATE-----\n"; + + } + + if (certType.equals("kraTransportCert")) { + ComCrypto cCrypto = new ComCrypto(); + + kraTransportCert = cCrypto.normalize(cr.getCert()); + } + + if (certType.equals("serverCert")) { + query += "&nickname=" + + URLEncoder.encode("Server-Cert" + " " + instanceID); + } + + if (certType.equals("ocspSigningCert")) { + query += "&nickname=" + + URLEncoder.encode(certType + " " + instanceID); + } + + query += "&pkcs10=" + URLEncoder.encode(cert); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("installCert"); + query += "&cmsSeed=0"; + + setPostQueryString(query); + return(Connect(myStringUrl)); + } + + } else { + System.out.println("Error: Request is not approved"); + return false; + } + return true; + } + + private String getString(int m) { + Integer x = new Integer(m); + String s = x.toString(); + + return s; + } + + private boolean createCert() { + System.out.println("configuring Cert Instance : Create Cert"); + + // clauclate the validity dates for the cert. + GregorianCalendar begin = new GregorianCalendar(); + GregorianCalendar end = new GregorianCalendar(); + Integer days = new Integer(certValidityDays); + + end.add(GregorianCalendar.DATE, days.intValue()); + + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&serverRoot=" + URLEncoder.encode(serverRoot); + query += "&db.password=" + URLEncoder.encode(dbPassword); + query += "&subjectName=" + URLEncoder.encode(subjectName); + query += "&certType=" + URLEncoder.encode(certType); + + query += "&beginYear=" + + URLEncoder.encode(getString(begin.get(GregorianCalendar.YEAR))); + query += "&beginMonth=" + + URLEncoder.encode( + getString(begin.get(GregorianCalendar.MONTH))); + query += "&beginDate=" + + URLEncoder.encode(getString(begin.get(GregorianCalendar.DATE))); + query += "&beginHour=" + + URLEncoder.encode(getString(begin.get(GregorianCalendar.HOUR))); + query += "&beginMin=" + + URLEncoder.encode( + getString(begin.get(GregorianCalendar.MINUTE))); + query += "&beginSec=" + + URLEncoder.encode( + getString(begin.get(GregorianCalendar.SECOND))); + + query += "&afterYear=" + + URLEncoder.encode(getString(end.get(GregorianCalendar.YEAR))); + query += "&afterMonth=" + + URLEncoder.encode(getString(end.get(GregorianCalendar.MONTH))); + query += "&afterDate=" + + URLEncoder.encode(getString(end.get(GregorianCalendar.DATE))); + query += "&afterHour=" + + URLEncoder.encode(getString(end.get(GregorianCalendar.HOUR))); + query += "&afterMin=" + + URLEncoder.encode(getString(end.get(GregorianCalendar.MINUTE))); + query += "&afterSec=" + + URLEncoder.encode(getString(end.get(GregorianCalendar.SECOND))); + + query += "&keyType=" + URLEncoder.encode(keyType); + query += "&keyLength=" + URLEncoder.encode(keyLength); + + query += "&certLen=" + URLEncoder.encode("-1"); + query += "&tokenName=" + URLEncoder.encode(CERTtokenName); + query += "&aki=" + URLEncoder.encode(aki); + query += "&keyUsage=" + URLEncoder.encode("true"); + + if (certType.equals("serverCert")) { + query += "&sslServerBit=" + URLEncoder.encode("true"); + query += "&sslClientBit=" + URLEncoder.encode("true"); + + } else { + query += "&caOComponent=" + URLEncoder.encode(caOComponent); + query += "&caCComponent=" + URLEncoder.encode("us"); + + query += "&isCA=" + URLEncoder.encode(isCA); + query += "&ski=" + URLEncoder.encode(ski); + query += "&tokenPasswd=" + URLEncoder.encode(tokenPWD); + query += "&sslCABit=" + URLEncoder.encode(sslCABit); + query += "&mailCABit=" + URLEncoder.encode(mailCABit); + query += "&objectSigningCABit=" + + URLEncoder.encode(objectSigningCABit); + + } + query += "&hashType=" + URLEncoder.encode(hashType); + + query += "&sopPasswd=" + URLEncoder.encode(SingleSignOnPWD); + query += "&wirelessSupport=" + URLEncoder.encode("false"); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("createCert"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + + } + + private boolean singleSignON() { + System.out.println("configuring Cert Instance : Single Signon"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String PWTags = "Internal:Internal LDAP Database:singlesignon"; + + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&serverRoot=" + URLEncoder.encode(serverRoot); + // query += "&singleSignonPwd=" + URLEncoder.encode(SingleSignOnPWD); + query += "&singleSignonPWTags=" + URLEncoder.encode(PWTags); + query += "&Internal=" + URLEncoder.encode(tokenPWD); + query += "&Internal LDAP Database=" + URLEncoder.encode(dbPassword); + query += "&pwcTokenname=" + URLEncoder.encode("internal"); + + query += "&singlesignon=" + URLEncoder.encode(tokenPWD); + + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("singleSignon"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + + } + + private boolean doMisc() { + System.out.println("configuring Cert Instance : do Miscell"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String PWTags = "Internal:Internal LDAP Database:singlesignon"; + + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&serverRoot=" + URLEncoder.encode(serverRoot); + query += "&singleSignonPwd=" + URLEncoder.encode(SingleSignOnPWD); + query += "&singleSignonPWTags=" + URLEncoder.encode(PWTags); + query += "&Internal=" + URLEncoder.encode(tokenPWD); + query += "&Internal LDAP Database=" + URLEncoder.encode(dbPassword); + query += "&singlesignon=" + URLEncoder.encode(tokenPWD); + query += "&deletePasswdConf=false"; + + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("doMiscStuffs"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + } + + private boolean exitDeamon() { + + System.out.println("configuring Cert Instance : Exit Deamon"); + setDeamonURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&serverRoot=" + URLEncoder.encode(serverRoot); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("exit"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + } + + private boolean ConfOCSP() { + + // Step 1. Start Deamon + + if (!startDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to start deamon"); + return false; + } + + // Sometimes it takes time to start deamon so wait for few seconds + try { + System.out.println("going to sleep for 10 seconds"); + Thread.sleep(10000); + } catch (InterruptedException ie) { + System.out.println("sleep exection"); + } + + // Step 1a: Initialize Token ( Changed in 6.0)jjj + if (!initializePWD()) { + System.out.println( + "Configuring Cert Instance: error initializing pwd token"); + return false; + } + + // Step 2. Configure Internal DB + if (!configInternalDB()) { + System.out.println( + "Configuring Cert Instance: error configuring internal db"); + return false; + } + + // Step 3. Create Admin Values + if (!createAdminValues()) { + System.out.println( + "Configuring Cert Instance: error configuring admin values "); + return false; + } + + // Step 4. SubSystems + + if (!selectSubSystem()) { + System.out.println( + "Configuring Cert Instance: error selecting subsystems"); + return false; + } + + // Step 5. Network Configuration + if (!networkConfig()) { + System.out.println( + "Configuring Cert Instance: error configuring network ports "); + return false; + } + + // Step 6: Initialize Token This has been moved to step 1a + if (!initializeToken()) { + System.out.println( + "Configuring Cert Instance: error initializing token"); + return false; + } + + // Step 7 : keyLenth + if (!keyLength()) { + System.out.println( + "Configuring Cert Instance: error configuring KeyLength"); + return false; + } + + // Step 8 : CheckDN + if (!checkDN()) { + System.out.println( + "Configuring Cert Instance: error checking deamon"); + return false; + } + + // Step 9 : certRequest and Install + if (!certRequest(false)) { + System.out.println("Configuring Cert Instance: error getting cert"); + return false; + } + + // Create a SSL signing cert + Date tmpdate = new Date(); + + certType = "serverCert"; + subjectName = "CN=" + host + "." + adminDomain + ",OU=ssltest" + + tmpdate.getTime() + ",O=SSL,C=US"; + keyLength = "512"; + keyType = "RSA"; + String mtokenPWD = tokenPWD; + + tokenPWD = ""; + ssl_clientcert = "false"; + signingCert = "server"; + + if (!initializeToken()) { + System.out.println( + "Configuring Cert Instance: error initializing token"); + return false; + } + + // Step 8 : keyLenth + if (!keyLength()) { + System.out.println( + "Configuring Cert Instance: error configuring KeyLength"); + return false; + } + + // Step 9 : CheckDN + if (!checkDN()) { + System.out.println( + "Configuring Cert Instance: error checking deamon"); + return false; + } + + // Step 10 : + if (!certRequest(false)) { + System.out.println( + "Configuring Cert Instance: error creating Request"); + return false; + } + + // After creating ssl cert + tokenPWD = mtokenPWD; + + // Step 11 + if (!singleSignON()) { + System.out.println( + "Configuring Cert Instance: error setting up singlesignon"); + return false; + } + + // Step 11 + if (!doMisc()) { + System.out.println( + "Configuring Cert Instance: error setting up miscell"); + return false; + } + + // Step 12 + if (!exitDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to exit deamon"); + return false; + } + + return true; + + } + + private boolean setupStorageKey() { + System.out.println("configuring Cert Instance : Storage Key"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&serverRoot=" + URLEncoder.encode(serverRoot); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("storageKey"); + query += "&tokenName=" + URLEncoder.encode("Internal"); + query += "&tokenPasswd=" + URLEncoder.encode(""); + query += "&keyLength=" + URLEncoder.encode("512"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + } + + private boolean setupKRAAgents() { + System.out.println("configuring Cert Instance : KRA Agents"); + setConfigURL(); + String myStringUrl = "http://" + host + ":" + adminPort + configURL; + + System.out.println(myStringUrl); + String query = "AdminUserPassword=" + URLEncoder.encode(adminPWD); + + query += "&"; + query += "instanceID=" + URLEncoder.encode(instanceID); + query += "&serverRoot=" + URLEncoder.encode(serverRoot); + query += "&opType=" + URLEncoder.encode("OP_MODIFY"); + query += "&taskID=" + URLEncoder.encode("agents"); + query += "&n=" + URLEncoder.encode("3"); + query += "&m=" + URLEncoder.encode("2"); + query += "&uid2=" + URLEncoder.encode("agent3"); + query += "&uid0=" + URLEncoder.encode("agent1"); + query += "&uid1=" + URLEncoder.encode("agent2"); + query += "&pwd1=" + URLEncoder.encode("netscape"); + query += "&pwd2=" + URLEncoder.encode("netscape"); + query += "&pwd0=" + URLEncoder.encode("netscape"); + query += "&cmsSeed=0"; + setPostQueryString(query); + return Connect(myStringUrl); + } + + private boolean ConfRA() { + // Start Configuring + + // Step 1. Start Deamon + + if (!startDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to start deamon"); + return false; + } + + // Sometimes it takes time to start deamon so wait for few seconds + try { + System.out.println("going to sleep for 10 seconds"); + Thread.sleep(10000); + } catch (InterruptedException ie) { + System.out.println("sleep exection"); + } + + // Step 1a: Initialize Token ( Changed in 6.0)jjj + if (!initializePWD()) { + System.out.println( + "Configuring Cert Instance: error initializing pwd token"); + return false; + } + + // Step 2. Configure Internal DB + if (!configInternalDB()) { + System.out.println( + "Configuring Cert Instance: error configuring internal db"); + return false; + } + + // Step 3. Create Admin Values + if (!createAdminValues()) { + System.out.println( + "Configuring Cert Instance: error configuring admin values "); + return false; + } + + // Step 4. SubSystems + + if (!selectSubSystem()) { + System.out.println( + "Configuring Cert Instance: error selecting subsystems"); + return false; + } + + // Step 5. Network Configuration + if (!networkConfig()) { + System.out.println( + "Configuring Cert Instance: error configuring network ports "); + return false; + } + + // Step 6: Initialize Token This has been moved to step 1a + if (!initializeToken()) { + System.out.println( + "Configuring Cert Instance: error initializing token"); + return false; + } + + // Step 7 : keyLenth + if (!keyLength()) { + System.out.println( + "Configuring Cert Instance: error configuring KeyLength"); + return false; + } + + // Step 8 : CheckDN + if (!checkDN()) { + System.out.println( + "Configuring Cert Instance: error checking deamon"); + return false; + } + + // Step 9 : certRequest and Install i.e approve the request as a trusted manager + if (!certRequest(true)) { + System.out.println("Configuring Cert Instance: error getting cert"); + return false; + } + + // Create a SSL signing cert + Date tmpdate = new Date(); + + certType = "serverCert"; + subjectName = "CN=" + host + "." + adminDomain + ",OU=ssltest" + + tmpdate.getTime() + ",O=SSL,C=US"; + keyLength = "512"; + keyType = "RSA"; + String mtokenPWD = tokenPWD; + + tokenPWD = ""; + ssl_clientcert = "false"; + signingCert = "server"; + + if (!initializeToken()) { + System.out.println( + "Configuring Cert Instance: error initializing token"); + return false; + } + + // Step 8 : keyLenth + if (!keyLength()) { + System.out.println( + "Configuring Cert Instance: error configuring KeyLength"); + return false; + } + + // Step 9 : CheckDN + if (!checkDN()) { + System.out.println( + "Configuring Cert Instance: error checking deamon"); + return false; + } + + // Step 10 : + if (!certRequest(false)) { + System.out.println( + "Configuring Cert Instance: error creating Request"); + return false; + } + + // After creating ssl cert + tokenPWD = mtokenPWD; + + // Step 11 + if (!singleSignON()) { + System.out.println( + "Configuring Cert Instance: error setting up singlesignon"); + return false; + } + + // Step 11 + if (!doMisc()) { + System.out.println( + "Configuring Cert Instance: error setting up miscell"); + return false; + } + + // Step 12 + if (!exitDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to exit deamon"); + return false; + } + + return true; + } + + private boolean ConfKRA() { + // Start Configuring + + // Step 1. Start Deamon + + if (!startDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to start deamon"); + return false; + } + + // Sometimes it takes time to start deamon so wait for few seconds + try { + System.out.println("going to sleep for 10 seconds"); + Thread.sleep(10000); + } catch (InterruptedException ie) { + System.out.println("sleep exection"); + } + + // Step 1a: Initialize Token ( Changed in 6.0)jjj + if (!initializePWD()) { + System.out.println( + "Configuring Cert Instance: error initializing pwd token"); + return false; + } + + // Step 2. Configure Internal DB + if (!configInternalDB()) { + System.out.println( + "Configuring Cert Instance: error configuring internal db"); + return false; + } + + // Step 3. Create Admin Values + if (!createAdminValues()) { + System.out.println( + "Configuring Cert Instance: error configuring admin values "); + return false; + } + + // Step 4. SubSystems + + if (!selectSubSystem()) { + System.out.println( + "Configuring Cert Instance: error selecting subsystems"); + return false; + } + + // Step 5. Network Configuration + if (!networkConfig()) { + System.out.println( + "Configuring Cert Instance: error configuring network ports "); + return false; + } + + // Step 6: Initialize Token This has been moved to step 1a + if (!initializeToken()) { + System.out.println( + "Configuring Cert Instance: error initializing token"); + return false; + } + + // Step 7 : keyLenth + if (!keyLength()) { + System.out.println( + "Configuring Cert Instance: error configuring KeyLength"); + return false; + } + + // Step 8 : CheckDN + if (!checkDN()) { + System.out.println( + "Configuring Cert Instance: error checking deamon"); + return false; + } + + // Step 9 : certRequest and Install i.e approve the request as a trusted manager + if (!certRequest(true)) { + System.out.println("Configuring Cert Instance: error getting cert"); + return false; + } + + if (!setupStorageKey()) { + System.out.println( + "Configuring Cert Instance: error configuring storage key"); + return false; + } + + // no need to do this from 7.1 due to new acl based key recovery + /* + if (!setupKRAAgents()) + { System.out.println("Configuring Cert Instance: error configuring storage key"); return false;} + */ + + // Create a SSL signing cert + Date tmpdate = new Date(); + + certType = "serverCert"; + subjectName = "CN=" + host + "." + adminDomain + ",OU=ssltest" + + tmpdate.getTime() + ",O=SSL,C=US"; + keyLength = "512"; + keyType = "RSA"; + String mtokenPWD = tokenPWD; + + tokenPWD = ""; + ssl_clientcert = "false"; + signingCert = "server"; + + if (!initializeToken()) { + System.out.println( + "Configuring Cert Instance: error initializing token"); + return false; + } + + // Step 8 : keyLenth + if (!keyLength()) { + System.out.println( + "Configuring Cert Instance: error configuring KeyLength"); + return false; + } + + // Step 9 : CheckDN + if (!checkDN()) { + System.out.println( + "Configuring Cert Instance: error checking deamon"); + return false; + } + + // Step 10 : + if (!certRequest(false)) { + System.out.println( + "Configuring Cert Instance: error creating Request"); + return false; + } + + // After creating ssl cert + tokenPWD = mtokenPWD; + + // Step 11 + if (!singleSignON()) { + System.out.println( + "Configuring Cert Instance: error setting up singlesignon"); + return false; + } + + // Step 11 + if (!doMisc()) { + System.out.println( + "Configuring Cert Instance: error setting up miscell"); + return false; + } + + // Step 12 + if (!exitDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to exit deamon"); + return false; + } + + return true; + } + + // /// Sub CA configuration + + private boolean ConfSubCA() { + // Start Configuring + + // Step 1. Start Deamon + + if (!startDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to start deamon"); + return false; + } + + // Sometimes it takes time to start deamon so wait for few seconds + try { + System.out.println("going to sleep for 10 seconds"); + Thread.sleep(10000); + } catch (InterruptedException ie) { + System.out.println("sleep exection"); + } + + // Step 1a: Initialize Token ( Changed in 6.0)jjj + if (!initializePWD()) { + System.out.println( + "Configuring Cert Instance: error initializing pwd token"); + return false; + } + + // Step 2. Configure Internal DB + if (!configInternalDB()) { + System.out.println( + "Configuring Cert Instance: error configuring internal db"); + return false; + } + + // Step 3. Create Admin Values + if (!createAdminValues()) { + System.out.println( + "Configuring Cert Instance: error configuring admin values "); + return false; + } + + // Step 4. SubSystems + + if (!selectSubSystem()) { + System.out.println( + "Configuring Cert Instance: error selecting subsystems"); + return false; + } + + // Step 5. Network Configuration + if (!networkConfig()) { + System.out.println( + "Configuring Cert Instance: error configuring network ports "); + return false; + } + + // Step 6: Initialize Token This has been moved to step 1a + if (!initializeToken()) { + System.out.println( + "Configuring Cert Instance: error initializing token"); + return false; + } + + // Step 7 : keyLenth + if (!keyLength()) { + System.out.println( + "Configuring Cert Instance: error configuring KeyLength"); + return false; + } + + // Step 8 : CheckDN + if (!checkDN()) { + System.out.println( + "Configuring Cert Instance: error checking deamon"); + return false; + } + + // Step 9 : certRequest and Install i.e approve the request as a trusted manager + if (!certRequest(false)) { + System.out.println("Configuring Cert Instance: error getting cert"); + return false; + } + + // Create a SSL signing cert + Date tmpdate = new Date(); + + certType = "serverCert"; + subjectName = "CN=" + host + "." + adminDomain + ",OU=ssltest" + + tmpdate.getTime() + ",O=SSL,C=US"; + keyLength = "512"; + keyType = "RSA"; + String mtokenPWD = tokenPWD; + + tokenPWD = ""; + ssl_clientcert = "false"; + signingCert = "server"; + + if (!initializeToken()) { + System.out.println( + "Configuring Cert Instance: error initializing token"); + return false; + } + + // Step 8 : keyLenth + if (!keyLength()) { + System.out.println( + "Configuring Cert Instance: error configuring KeyLength"); + return false; + } + + // Step 9 : CheckDN + if (!checkDN()) { + System.out.println( + "Configuring Cert Instance: error checking deamon"); + return false; + } + + // Step 10 : + if (!certRequest(false)) { + System.out.println( + "Configuring Cert Instance: error creating Request"); + return false; + } + + // After creating ssl cert + tokenPWD = mtokenPWD; + + // Step 11 + if (!singleSignON()) { + System.out.println( + "Configuring Cert Instance: error setting up singlesignon"); + return false; + } + + // Step 11 + if (!doMisc()) { + System.out.println( + "Configuring Cert Instance: error setting up miscell"); + return false; + } + + // Step 12 + if (!exitDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to exit deamon"); + return false; + } + + return true; + } + + // / CA + + // org + private boolean ConfCA() { + // Start Configuring + + // Step 1. Start Deamon + + if (!startDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to start deamon"); + return false; + } + + // Sometimes it takes time to start deamon so wait for few seconds + try { + System.out.println("going to sleep for 10 seconds"); + Thread.sleep(10000); + } catch (InterruptedException ie) { + System.out.println("sleep exection"); + } + + // Step 1a: Initialize Token ( Changed in 6.0)jjj + if (!initializePWD()) { + System.out.println( + "Configuring Cert Instance: error initializing pwd token"); + return false; + } + + // Step 2. Configure Internal DB + if (!configInternalDB()) { + System.out.println( + "Configuring Cert Instance: error configuring internal db"); + return false; + } + + // Step 3. Create Admin Values + if (!createAdminValues()) { + System.out.println( + "Configuring Cert Instance: error configuring admin values "); + return false; + } + + // Step 4. SubSystems + + if (!selectSubSystem()) { + System.out.println( + "Configuring Cert Instance: error selecting subsystems"); + return false; + } + + // SetSerial Number + if (!setSerial("1", "1000000")) { + System.out.println( + "Configuring Cert Instance: error setting serial number"); + return false; + } + + if (!setOCSP()) { + System.out.println( + "Configuring Cert Instance: error selecting subsystems"); + return false; + } + + // Step 5. Network Configuration + if (!networkConfig()) { + System.out.println( + "Configuring Cert Instance: error configuring network ports "); + return false; + } + + // Step 6. setting up Server Migration + + // if (!serverMigration()) + // { System.out.println("Configuring Cert Instance: error configuring server migration"); return false;} + + // Step 7: Initialize Token + if (!initializeToken()) { + System.out.println( + "Configuring Cert Instance: error initializing token"); + return false; + } + + // Step 8 : keyLenth + if (!keyLength()) { + System.out.println( + "Configuring Cert Instance: error configuring KeyLength"); + return false; + } + + // Step 9 : CheckDN + if (!checkDN()) { + System.out.println( + "Configuring Cert Instance: error checking deamon"); + return false; + } + + // Step 10 : + if (!createCert()) { + System.out.println("Configuring Cert Instance: error creating cert"); + return false; + } + + // Create a SSL signing cert + Date tmpdate = new Date(); + + certType = "serverCert"; + subjectName = "CN=" + host + "." + adminDomain + ",OU=ssltest" + + tmpdate.getTime() + ",O=SSL,C=US"; + keyType = "RSA"; + keyLength = "512"; + String mtokenPWD = tokenPWD; + + tokenPWD = ""; + + if (!initializeToken()) { + System.out.println( + "Configuring Cert Instance: error initializing token"); + return false; + } + + // Step 8 : keyLenth + if (!keyLength()) { + System.out.println( + "Configuring Cert Instance: error configuring KeyLength"); + return false; + } + + // Step 9 : CheckDN + if (!checkDN()) { + System.out.println( + "Configuring Cert Instance: error checking deamon"); + return false; + } + + // Step 10 : + if (!createCert()) { + System.out.println("Configuring Cert Instance: error creating cert"); + return false; + } + + // After creating ssl cert + tokenPWD = mtokenPWD; + + // Step 11 + if (!singleSignON()) { + System.out.println( + "Configuring Cert Instance: error setting up singlesignon"); + return false; + } + + // Step 11 + if (!doMisc()) { + System.out.println( + "Configuring Cert Instance: error setting up miscell"); + return false; + } + + // Step 12 + if (!exitDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to exit deamon"); + return false; + } + + return true; + } + + // Configure Clone + + private boolean ConfClone() { + // Start Configuring + + // Step 1. Start Deamon + + if (!startDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to start deamon"); + return false; + } + + // Sometimes it takes time to start deamon so wait for few seconds + try { + System.out.println("going to sleep for 10 seconds"); + Thread.sleep(10000); + } catch (InterruptedException ie) { + System.out.println("sleep exection"); + } + + // Step 1a: Initialize Token ( Changed in 6.0)jjj + if (!initializePWD()) { + System.out.println( + "Configuring Cert Instance: error initializing pwd token"); + return false; + } + + // Step 2. Configure Internal DB + if (!configInternalDB()) { + System.out.println( + "Configuring Cert Instance: error configuring internal db"); + return false; + } + + // Step 3. Create Admin Values + if (!createAdminValues()) { + System.out.println( + "Configuring Cert Instance: error configuring admin values "); + return false; + } + + // Step 4. SubSystems + + if (!selectSubSystem()) { + System.out.println( + "Configuring Cert Instance: error selecting subsystems"); + return false; + } + + // Step 5. SetCASerial + if (!setSerial("1000000", "2000000")) { + System.out.println("Configuring Cert Instance: error setSerial"); + return false; + } + + if (!setOCSP()) { + System.out.println("Configuring Cert Instance: error setOCSP"); + return false; + } + + // Step 5. Network Configuration + if (!networkConfig()) { + System.out.println( + "Configuring Cert Instance: error configuring network ports "); + return false; + } + + if (!taskCloning()) { + System.out.println("Configuring Cert Instance: error Task Cloning "); + return false; + } + + if (!taskCloneMaster()) { + System.out.println( + "Configuring Cert Instance: error configuring network ports "); + return false; + } + + // Create a SSL signing cert + certType = "serverCert"; + + if (!taskCloning()) { + System.out.println("Configuring Cert Instance: error Task Cloning "); + return false; + } + + // Step 11 + if (!singleSignON()) { + System.out.println( + "Configuring Cert Instance: error setting up singlesignon"); + return false; + } + + // Step 11 + if (!doMisc()) { + System.out.println( + "Configuring Cert Instance: error setting up miscell"); + return false; + } + + // Step 12 + if (!exitDeamon()) { + System.out.println( + "Configuring Cert Instance: Unable to exit deamon"); + return false; + } + + return true; + + } + + public boolean readProperties() { + // Read the properties file and assign values to variables . + try { + getProperties(propFileName); + } catch (Exception e) { + System.out.println( + "exception reading Properties File " + e.getMessage()); + } + + // read all properties + + adminDomain = props.getProperty("inst.admin.domain"); + adminID = props.getProperty("inst.admin.uid"); + adminPWD = props.getProperty("inst.admin.pwd"); + adminPort = props.getProperty("inst.admin.port"); + machineName = props.getProperty("inst.machineName"); + host = props.getProperty("inst.host"); + serverID = props.getProperty("inst.serverIdentifier"); + instanceID = "cert-" + serverID; + serverRoot = props.getProperty("inst.serverRoot"); + // Just for debugging" + sieURL = props.getProperty("inst.sie.url"); + dbConnPort = props.getProperty("inst.dbConnPort"); + dbConnHost = props.getProperty("inst.dbConnHost"); + dbInstanceName = props.getProperty("inst.dbInstanceName"); + dbPassword = props.getProperty("inst.dbPassword"); + dbLDAPauthDN = props.getProperty("inst.ldap.auth.dn"); + dbmode = props.getProperty("inst.dbmode"); + ldapServerDB = props.getProperty("inst.ldapServerDB"); + certAdminName = props.getProperty("inst.cert.admin.name"); + certAdminUid = props.getProperty("inst.cert.admin.uid"); + certAdminPWD = props.getProperty("inst.cert.admin.pwd"); + kra = props.getProperty("inst.subsystem.kra"); + subsystems = props.getProperty("inst.subsystem"); + ca = props.getProperty("inst.subsystem.ca"); + ra = props.getProperty("inst.subsystem.ra"); + ocsp = props.getProperty("inst.subsystem.ocsp"); + remoteKRA = props.getProperty("inst.subsystem.remoteKRA"); + wirelessSupport = props.getProperty("inst.subsystem.wireless"); + eeHttpPort = props.getProperty("inst.ee.http.port"); + eeHttpsPort = props.getProperty("inst.ee.https.port"); + agentHttpsPort = props.getProperty("inst.agent.https.port"); + radminHttpsPort = props.getProperty("inst.admin.https.port"); + tokenName = props.getProperty("inst.tokenName"); + tokenPWD = props.getProperty("inst.token.pwd"); + signingCert = props.getProperty("inst.cert.Type"); + certType = signingCert; + keyType = props.getProperty("inst.key.type"); + keyLength = props.getProperty("inst.key.length"); + SingleSignOnPWD = props.getProperty("inst.singlesignon.pwd"); + subjectName = props.getProperty("inst.ca.dn"); + isCA = props.getProperty("inst.isca"); + aki = props.getProperty("inst.aki"); + ski = props.getProperty("inst.ski"); + sslCABit = props.getProperty("inst.sslCABit"); + objectSigningCABit = props.getProperty("inst.objectSigningCABit"); + mailCABit = props.getProperty("inst.mailCABit"); + hashType = props.getProperty("inst.hash.Type"); + caOComponent = props.getProperty("inst.ca.component"); + certValidityDays = props.getProperty("inst.cert.validity"); + caHostname = props.getProperty("inst.cahostname"); + caPortnum = props.getProperty("inst.caportnum"); + caAgentPortnum = props.getProperty("inst.caASport"); + caTimeout = props.getProperty("inst.catimeout"); + caEEPort = props.getProperty("inst.caEEport"); + cloneInstanceId = props.getProperty("inst.cloneid"); + CAadminId = props.getProperty("inst.caAdminId"); + CAadminPwd = props.getProperty("inst.caAdminPwd"); + CAcertnickname = props.getProperty("inst.caCertnickname"); + enpropfile = props.getProperty("inst.propfile"); + cdir = props.getProperty("inst.certdir"); + tokenpwd = props.getProperty("inst.certtokenpwd"); + + if (subsystems.equals("ca")) { + return ConfCA(); + } + if (subsystems.equals("ra")) { + return ConfRA(); + } + if (subsystems.equals("ocsp")) { + return ConfOCSP(); + } + if (subsystems.equals("kra")) { + return ConfKRA(); + } + if (subsystems.equals("subca")) { + subca = true; + subsystems = "ca"; + return ConfSubCA(); + } + + return true; + } // end of r + + public static void main(String args[]) { + // Exit Status - (-1) for error + // - 1 Configured and server Alive + // - 0 Configured bur could not sart server + + + AutoInstaller t = new AutoInstaller(); + + System.out.println(args.length); + t.setPropFile(args[0]); + + if (args.length < 1) { + System.out.println("Usage : PropertiesFilePath"); + System.exit(-1); + } + + System.out.println("configuring Cert Instance : Start"); + + boolean st = t.readProperties(); + + if (st) { + System.out.println("Configuring Cert Instance : Successful"); + System.exit(1); + } else { + + System.out.println("Configuring Cert Instance : Error "); + System.exit(0); + } + } + +} // end of class + diff --git a/pki/base/silent/src/common/BaseState.java b/pki/base/silent/src/common/BaseState.java new file mode 100644 index 000000000..e4347c749 --- /dev/null +++ b/pki/base/silent/src/common/BaseState.java @@ -0,0 +1,122 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.net.*; +import java.io.*; +import java.util.*; +import java.math.*; + + +/** + * CMS Test framework . + * This class reads and sets the values for a CMS subsytems Config file (CS.cfg) + * Using this class you can set the server to a base state. + */ + + + +public class BaseState { + + private String CMSConfigFile; + private CMSConfig cmscfg = null; + private String ldapbase, ldaphost, ldapport, ldapdn, ldapdnpw; + private boolean ldapsecConn = false; + // Constructor + + + + public BaseState() {} + + /** + * Constructor . Takes the parameter CMSConfigfilename ( with fullpath) + * @param CMSConfigfile. + */ + + public BaseState(String cmscfilename) { + CMSConfigFile = cmscfilename; + + } + + /** + * Set the publishing directory information . Takes the paramters ldaphost,ldapport,ldapDN, ldapDN password, BaseDN , Secure coonection (true/false) + */ + public void setLDAPInfo(String h, String p, String dn, String pw, String base, boolean sc) { + ldaphost = h; + ldapport = p; + ldapdn = dn; + ldapdnpw = pw; + ldapbase = base; + ldapsecConn = sc; + + } + + /** + * Enable SSL Client authentication for Directory enrollment and publishing + */ + + public void EnableSSLClientAuth() { + ldapsecConn = true; + cmscfg = new CMSConfig(CMSConfigFile); + // Enable DirBaseEnrollment + cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport); + // Enable Publishing + cmscfg.EnablePublishing(ldapsecConn, ldapdn, ldapdnpw, ldaphost, + ldapport); + cmscfg.saveCMSConfig(); + + } + + /** + * Set to CA 's base state . Enables Directory based enrollment , publishing and Portal enrollment + */ + + public void CABaseState() { + cmscfg = new CMSConfig(CMSConfigFile); + cmscfg.EnableAdminEnrollment(); + // Enable DirBaseEnrollment + cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport); + // Enable Publishing + cmscfg.DisablePublishing(ldapsecConn, ldapdn, ldapdnpw, ldaphost, + ldapport, ldapbase); + // Enable Portalbased enrollment + cmscfg.EnablePortalAuth(ldapsecConn, ldapdn, ldapdnpw, ldaphost, + ldapport, ldapbase); + cmscfg.saveCMSConfig(); + + } + + /** + * Set to RA 's base state . Enables Directory based enrollment and Portal enrollment + */ + + + public void RABaseState() { + cmscfg = new CMSConfig(CMSConfigFile); + cmscfg.EnableAdminEnrollment(); + // Enable DirBaseEnrollment + cmscfg.EnableDirEnrollment(ldapsecConn, ldapbase, ldaphost, ldapport); + // Enable Portalbased enrollment + cmscfg.EnablePortalAuth(ldapsecConn, ldapdn, ldapdnpw, ldaphost, + ldapport, ldapbase); + cmscfg.saveCMSConfig(); + + } + + public static void main(String args[]) {}// end of function main + +} diff --git a/pki/base/silent/src/common/CMSConfig.java b/pki/base/silent/src/common/CMSConfig.java new file mode 100644 index 000000000..7f219dfdf --- /dev/null +++ b/pki/base/silent/src/common/CMSConfig.java @@ -0,0 +1,626 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.net.*; +import java.io.*; +import java.util.*; + + +/** + * CMS Test framework . + * This class reads,modifies and saves CS.cfg file + */ + + +public class CMSConfig extends ServerInfo { + + /** + * Constructor . Reads the CS.cfg file .Takes the parameter for Configfile ( Provide fullpath) + */ + + + public CMSConfig(String confFile) { + CMSConfigFile = confFile; + System.out.println(CMSConfigFile); + readCMSConfig(); + } + + private void getProperties(String filePath) throws Exception { + try { + FileInputStream fis = new FileInputStream(filePath); + + props = new CMSProperties(); + props.load(fis); + System.out.println("Reading Properties file successful"); + fis.close(); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + private void readCMSConfig() { + + try { + FileInputStream fiscfg = new FileInputStream(CMSConfigFile); + + CMSprops = new CMSProperties(); + CMSprops.load(fiscfg); + System.out.println("Reading CMS Config file successful"); + fiscfg.close(); + System.out.println("Number in size " + CMSprops.size()); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + /** + * Saves the config file + **/ + + public void saveCMSConfig() { + try { + // Properties s = new Properties(CMSprops); + FileOutputStream fos = new FileOutputStream(CMSConfigFile); + + System.out.println("Number in size " + CMSprops.size()); + // CMSprops.list(System.out); + CMSprops.store(fos, null); + System.out.println("Writing to CMS Config file successful"); + fos.close(); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + // AdminEnrollment + + public void EnableAdminEnrollment() { + CMSprops.setProperty("cmsgateway.enableAdminEnroll", "true"); + + } + + // Authentication + + + // Enable DirectoryBased Authentication + /** + * Takes parameters : secureConnection( true/false), basedn, ldaphostname, lapdaportnumber ( in case of secured connection give ldap secured port) + */ + + public void EnableDirEnrollment(boolean secureConn, String ldapbase, String lhost, String lport) { + CMSprops.setProperty("auths.instance.UserDirEnrollment.dnpattern", + "UID=$attr.uid,E=$attr.mail.1,CN=$attr.cn,OU=$dn.ou.2,O=$dn.o,C=US"); + CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.basedn", + ldapbase); + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.host", lhost); + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.version", "3"); + CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.maxConns", + "8"); + CMSprops.setProperty("auths.instance.UserDirEnrollment.ldap.minConns", + "2"); + // CMSprops.setProperty("auths.instance.UserDirEnrollment.ldapByteAttributes=",""); + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldapStringAttributes", "mail"); + CMSprops.setProperty("auths.instance.UserDirEnrollment.pluginName", + "UidPwdDirAuth"); + if (secureConn) { + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn", + "true"); + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.port", lport); + + } else { + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn", + "false"); + CMSprops.setProperty( + "auths.instance.UserDirEnrollment.ldap.ldapconn.port", lport); + + } + } + + public void DisableDirEnrollment() { + CMSprops.remove("auths.instance.UserDirEnrollment.dnpattern"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.basedn"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.host"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.port"); + CMSprops.remove( + "auths.instance.UserDirEnrollment.ldap.ldapconn.secureConn"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.ldapconn.version"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.maxConns"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldap.minConns"); + CMSprops.remove("auths.instance.UserDirEnrollment.ldapByteAttributes="); + CMSprops.remove("auths.instance.UserDirEnrollment.ldapStringAttributes"); + CMSprops.remove("auths.instance.UserDirEnrollment.pluginName"); + + } + + public void EnableCMCAuth() { + + CMSprops.setProperty("auths.instance.testcmc.pluginName", + "CMCAuthentication"); + } + + /** + * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber ( in case of secured connection give ldap secured port), basedn (e.g ou=people,o=mcom.com) + */ + + void EnablePortalAuth(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport, String lbsuffix) { + String certnickname = null; + + CMSprops.setProperty("auths.instance.PortalEnrollment.pluginName", + "PortalEnroll"); + CMSprops.setProperty("auths.instance.PortalEnrollment.dnpattern", + "uid=$attr.uid,cn=$attr.cn,O=$dn.co,C=$dn.c"); + CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.basedn", + lbsuffix); + CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.maxConns", + "3"); + CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.minConns", + "2"); + CMSprops.setProperty("auths.instance.PortalEnrollment.ldap.objectclass", + "inetOrgPerson"); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.bindDN", + ldaprootDN); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.bindPassword", + ldaprootDNPW); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.bindPWPrompt", + "Rule PortalEnrollment"); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.host", lhost); + if (secureConn) { + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.secureConn", + "true"); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.clientCertNickname", + certnickname); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.authtype", + "SslClientAuth"); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.port", lport); + + } else { + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.secureConn", + "false"); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.port", lport); + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapauth.authtype", + "BasicAuth"); + } + + CMSprops.setProperty( + "auths.instance.PortalEnrollment.ldap.ldapconn.version", "3"); + + } + + // Publishing + /** + * Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber ( in case of secured connection give ldap secured port) + */ + + public void EnablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport) { + + CMSprops.setProperty("ca.publish.enable", "true"); + CMSprops.setProperty("ca.publish.ldappublish.enable", "true"); + if (secureConn) { + CMSprops.setProperty( + "ca.publish.ldappublish.ldap.ldapconn.secureConn", "true"); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", + lport); + + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", + "SslClientAuth"); + } else { + CMSprops.setProperty( + "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false"); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", + lport); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", + "BasicAuth"); + } + + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindDN", + ldaprootDN); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPassword", + ldaprootDNPW); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt", + "CA LDAP Publishing"); + + // set the hostname with fully qulified name if you are using SSL + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.host", lhost); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.version", "3"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapCaSimpleMap.class", + "com.netscape.cms.publish.mappers.LdapCaSimpleMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapDNCompsMap.class", + "com.netscape.cms.publish.mappers.Lda pCertCompsMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapDNExactMap.class", + "com.netscape.cms.publish.mappers.LdapCertExactMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapEnhancedMap.class", + "com.netscape.cms.publish.mappers.LdapEnhancedMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapSimpleMap.class", + "com.netscape.cms.publish.mappers.LdapSimpleMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapSubjAttrMap.class", + "com.netscape.cms.publish.mappers.LdapCertSubjMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.createCAEntry", "true"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.dnPattern", + "UID=CManager,OU=people,O=mcom.com"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.pluginName", + "LdapCaSimpleMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCrlMap.createCAEntry", "true"); + CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.dnPattern", + "UID=CManager,OU=people,O=mcom.com"); + CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.pluginName", + "LdapCaSimpleMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapUserCertMap.dnPattern", + "UID=$subj.UID,OU=people,O=mcom.com"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapUserCertMap.pluginName", + "LdapSimpleMap"); + CMSprops.setProperty( + "ca.publish.publisher.impl.FileBasedPublisher.class", + "com.netscape.cms.publish.publishers.FileBasedPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.impl.LdapCaCertPublisher.class", + "com.netscape.cms.publish.publishers.LdapCaCertPublisher"); + CMSprops.setProperty("ca.publish.publisher.impl.LdapCrlPublisher.class", + "com.netscape.cms.publish.publishers.LdapCrlPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.impl.LdapUserCertPublisher.class", + "com.netscape.cms.publish.publishers.LdapUserCertPublisher"); + CMSprops.setProperty("ca.publish.publisher.impl.OCSPPublisher.class", + "com.netscape.cms.publish.publishers.OCSPPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr", + "caCertificate;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass", + "certificationAuthority"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.pluginName", + "LdapCaCertPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCrlPublisher.crlAttr", + "certificateRevocationList;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCrlPublisher.pluginName", + "LdapCrlPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapUserCertPublisher.certAttr", + "userCertificate;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapUserCertPublisher.pluginName", + "LdapUserCertPublisher"); + } + + public void DisablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport, String base) { + + CMSprops.setProperty("ca.publish.enable", "false"); + CMSprops.setProperty("ca.publish.ldappublish.enable", "false"); + if (secureConn) { + CMSprops.setProperty( + "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false"); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", + lport); + + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", + "SslClientAuth"); + } else { + CMSprops.setProperty( + "ca.publish.ldappublish.ldap.ldapconn.secureConn", "false"); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.port", + lport); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.authtype", + "BasicAuth"); + } + + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindDN", + ldaprootDN); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPassword", + ldaprootDNPW); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt", + "CA LDAP Publishing"); + + // set the hostname with fully qulified name if you are using SSL + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.host", lhost); + CMSprops.setProperty("ca.publish.ldappublish.ldap.ldapconn.version", "3"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapCaSimpleMap.class", + "com.netscape.cms.publish.mappers.LdapCaSimpleMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapDNCompsMap.class", + "com.netscape.cms.publish.mappers.Lda pCertCompsMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapDNExactMap.class", + "com.netscape.cms.publish.mappers.LdapCertExactMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapEnhancedMap.class", + "com.netscape.cms.publish.mappers.LdapEnhancedMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapSimpleMap.class", + "com.netscape.cms.publish.mappers.LdapSimpleMap"); + CMSprops.setProperty("ca.publish.mapper.impl.LdapSubjAttrMap.class", + "com.netscape.cms.publish.mappers.LdapCertSubjMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.createCAEntry", + "false"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.dnPattern", + "UID=CManager,OU=people," + base); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCaCertMap.pluginName", + "LdapCaSimpleMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapCrlMap.createCAEntry", "false"); + CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.dnPattern", + "UID=CManager,OU=people," + base); + CMSprops.setProperty("ca.publish.mapper.instance.LdapCrlMap.pluginName", + "LdapCaSimpleMap"); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapUserCertMap.dnPattern", + "UID=$subj.UID,OU=people," + base); + CMSprops.setProperty( + "ca.publish.mapper.instance.LdapUserCertMap.pluginName", + "LdapSimpleMap"); + CMSprops.setProperty( + "ca.publish.publisher.impl.FileBasedPublisher.class", + "com.netscape.cms.publish.publishers.FileBasedPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.impl.LdapCaCertPublisher.class", + "com.netscape.cms.publish.publishers.LdapCaCertPublisher"); + CMSprops.setProperty("ca.publish.publisher.impl.LdapCrlPublisher.class", + "com.netscape.cms.publish.publishers.LdapCrlPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.impl.LdapUserCertPublisher.class", + "com.netscape.cms.publish.publishers.LdapUserCertPublisher"); + CMSprops.setProperty("ca.publish.publisher.impl.OCSPPublisher.class", + "com.netscape.cms.publish.publishers.OCSPPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr", + "caCertificate;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.caObjectClass", + "certificationAuthority"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCaCertPublisher.pluginName", + "LdapCaCertPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCrlPublisher.crlAttr", + "certificateRevocationList;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapCrlPublisher.pluginName", + "LdapCrlPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapUserCertPublisher.certAttr", + "userCertificate;binary"); + CMSprops.setProperty( + "ca.publish.publisher.instance.LdapUserCertPublisher.pluginName", + "LdapUserCertPublisher"); + } + + public void CreateOCSPPublisher(String OCSPHost, String OCSPPort, String OCSPEEPort) { + // Set host nmae with fully qualified hostname + String location = "http://" + OCSPHost + ":" + OCSPEEPort + "/ocsp"; + + CMSprops.setProperty("ca.crl.MasterCRL.alwaysUpdate", "true"); + CMSprops.setProperty( + "ca.publish.publisher.instance.CAOCSPPublisher.host", OCSPHost); + CMSprops.setProperty( + "ca.publish.publisher.instance.CAOCSPPublisher.path", + "/ocsp/addCRL"); + CMSprops.setProperty( + "ca.publish.publisher.instance.CAOCSPPublisher.pluginName", + "OCSPPublisher"); + CMSprops.setProperty( + "ca.publish.publisher.instance.CAOCSPPublisher.port", OCSPPort); + CMSprops.setProperty( + "ca.publish.rule.instance.OCSPPublishingRule.enable", "true"); + CMSprops.setProperty( + "ca.publish.rule.instance.OCSPPublishingRule.mapper", ""); + CMSprops.setProperty( + "ca.publish.rule.instance.OCSPPublishingRule.pluginName", "Rule"); + CMSprops.setProperty( + "ca.publish.rule.instance.OCSPPublishingRule.predicate", ""); + CMSprops.setProperty( + "ca.publish.rule.instance.OCSPPublishingRule.publisher", + "CAOCSPPublisher"); + CMSprops.setProperty("ca.publish.rule.instance.OCSPPublishingRule.type", + "crl"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.ad0_location", + location); + CMSprops.setProperty( + "ca.Policy.rule.AuthInfoAccessExt.ad0_location_type", "URL"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.ad0_method", + "ocsp"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.critical", + "false"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.enable", "true"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.implName", + "AuthInfoAccessExt"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.numADs", "1"); + CMSprops.setProperty("ca.Policy.rule.AuthInfoAccessExt.predicate", + "HTTP_PARAMS.certType == client"); + + } + + public void EnableOCSPLDAPStore(String certInstanceID) { + String certNickName = "ocspSigningCert cert-" + certInstanceID; + + CMSprops.setProperty("ocsp.storeId", "ldapStore"); + CMSprops.setProperty("ocsp.store.defStore.byName", "true"); + CMSprops.setProperty("ocsp.store.defStore.class", + "com.netscape.cms.ocsp.DefStore"); + CMSprops.setProperty("ocsp.store.defStore.includeNextUpdate", "true"); + CMSprops.setProperty("ocsp.store.defStore.notFoundAsGood", "true"); + CMSprops.setProperty("ocsp.store.ldapStore.baseDN0", ldapBaseSuffix); + CMSprops.setProperty("ocsp.store.ldapStore.byName", "true"); + CMSprops.setProperty("ocsp.store.ldapStore.caCertAttr", + "cACertificate;binary"); + CMSprops.setProperty("ocsp.store.ldapStore.class", + "com.netscape.cms.ocsp.LDAPStore"); + CMSprops.setProperty("ocsp.store.ldapStore.crlAttr", + "certificateRevocationList;binary"); + CMSprops.setProperty("ocsp.store.ldapStore.host0", ldapHost); + CMSprops.setProperty("ocsp.store.ldapStore.includeNextUpdate", "true"); + CMSprops.setProperty("ocsp.store.ldapStore.notFoundAsGood", "true"); + CMSprops.setProperty("ocsp.store.ldapStore.numConns", "1"); + CMSprops.setProperty("ocsp.store.ldapStore.port0", ldapPort); + CMSprops.setProperty("ocsp.store.ldapStore.refreshInSec0", "864"); + CMSprops.setProperty("ocsp.signing.certnickname", certNickName); + CMSprops.setProperty("ocsp.signing.defaultSigningAlgorithm", + "MD5withRSA"); + CMSprops.setProperty("ocsp.signing.tokenname", "internal"); + + } + + public void SetupKRAConnectorInCA(String certInstanceID, String KRAHost, String KRAPort) { + String certNickName = "Server-Cert " + certInstanceID; + + CMSprops.setProperty("ca.connector.KRA.enable", "true"); + CMSprops.setProperty("ca.connector.KRA.host", KRAHost); + CMSprops.setProperty("ca.connector.KRA.local", "false"); + CMSprops.setProperty("ca.connector.KRA.nickName", certNickName); + CMSprops.setProperty("ca.connector.KRA.port", KRAPort); + CMSprops.setProperty("ca.connector.KRA.timeout", "30"); + CMSprops.setProperty("ca.connector.KRA.uri", "/kra/connector"); + + } + + public void DisableCardCryptoValidationinTKS() { + CMSprops.setProperty("cardcryptogram.validate.enable", "false"); + } + + private void ARLOn() { + CMSprops.setProperty( + "ca.crl.MasterCRL.extension.IssuingDistributionPoint.critical", + "true"); + CMSprops.setProperty( + "ca.crl.MasterCRL.extension.IssuingDistributionPoint.enable", + "true"); + CMSprops.setProperty( + "ca.crl.MasterCRL.extension.IssuingDistributionPoint.indirectCRL", + "false"); + CMSprops.setProperty( + "ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsCACerts", + "true"); + CMSprops.setProperty( + "ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsUserCerts", + "false"); + CMSprops.setProperty( + "ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlySomeReasons", + null); + CMSprops.setProperty( + "ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointName", + null); + CMSprops.setProperty( + "ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointType", + "DirectoryName"); + CMSprops.setProperty( + "ca.crl.MasterCRL.extension.IssuingDistributionPoint.type", + "CRLExtension"); + CMSprops.setProperty("ca.crl.MasterCRL.allowExtensions", "true"); + CMSprops.setProperty("ca.crl.MasterCRL.alwaysUpdate", "true"); + CMSprops.setProperty("ca.crl.MasterCRL.autoUpdateInterval", "5"); + CMSprops.setProperty("ca.crl.MasterCRL.caCertsOnly", "true"); + CMSprops.setProperty("ca.crl.MasterCRL.cacheUpdateInterval", "5"); + CMSprops.setProperty("ca.crl.MasterCRL.class", + "com.netscape.cmscore.ca.CRLIssuingPoint"); + + CMSprops.setProperty("ca.crl.MasterCRL.description", + "CA's complete Certificate Revocation List"); + CMSprops.setProperty("ca.crl.MasterCRL.enableCRLCache", "true"); + CMSprops.setProperty("ca.crl.MasterCRL.includeExpiredCerts", "true"); + CMSprops.setProperty("ca.crl.MasterCRL.nextUpdateSkew", "5"); + CMSprops.setProperty("ca.crl.MasterCRL.signingAlgorithm", "SHA1withRSA"); + + } + + // Policies + public void DefaultValidityRule(String SubsystemType, String lagtime, String leadtime, String maxValidity) { + if (SubsystemType.equals("ca")) { + CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.enable", + "true"); + CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.implName", + "ValidityConstraints"); + CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.lagTime", + lagtime); + CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.leadTime", + leadtime); + CMSprops.setProperty( + "ca.Policy.rule.DefaultValidityRule.maxValidity", + maxValidity); + CMSprops.setProperty( + "ca.Policy.rule.DefaultValidityRule.minValidity", "1"); + CMSprops.setProperty( + "ca.Policy.rule.DefaultValidityRule.notBeforeSkew", "5"); + CMSprops.setProperty("ca.Policy.rule.DefaultValidityRule.predicate", + null); + } else { + + CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.enable", + "true"); + CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.implName", + "ValidityConstraints"); + CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.lagTime", + lagtime); + CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.leadTime", + leadtime); + CMSprops.setProperty( + "ra.Policy.rule.DefaultValidityRule.maxValidity", + maxValidity); + CMSprops.setProperty( + "ra.Policy.rule.DefaultValidityRule.minValidity", "1"); + CMSprops.setProperty( + "ra.Policy.rule.DefaultValidityRule.notBeforeSkew", "5"); + CMSprops.setProperty("ra.Policy.rule.DefaultValidityRule.predicate", + null); + } + + } + + // Main Function + public static void main(String args[]) { + System.out.println(args.length); + + if (args.length < 1) { + System.out.println("Usage : ConfigFilePath"); + System.exit(-1); + } + + CMSConfig s = new CMSConfig(args[0]); + boolean secureC = false; + + // s.EnableDirEnrollment(secureC); + s.saveCMSConfig(); + + }// end of function main + +} // end of class + diff --git a/pki/base/silent/src/common/CMSInstance.java b/pki/base/silent/src/common/CMSInstance.java new file mode 100644 index 000000000..d8fccb284 --- /dev/null +++ b/pki/base/silent/src/common/CMSInstance.java @@ -0,0 +1,304 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.net.*; +import java.io.*; + + +public class CMSInstance { + + private int i; + private boolean st; + private String host, port, AdminDN, AdminDNPW, serverRoot, instanceID, sieurl, adminDomain, machineName; + + /** + * CMS Test framework . + * This class Creates and Removes a CMS server instance + */ + + + /** + * Constructor. Takes parameters hostname, adminserverport, adminDN, adminDNpassword, Dominanname, ServerRoot( full path) , instanceID, mnameand sieURL. mname is the fully qualified name of the server ( jupiter2.nscp.aoltw.net) sieURL is ("ldap://jupiter2.nscp.aoltw.net:(ConfigLADPPort)/o=NetscapeRoot" + */ + + private String cs_server_root, cs_tps_root, tps_hostname, tps_fqdn, tps_instanceid, tps_ee_port, tps_agent_port, tps_auth_ldap_host, tps_auth_ldap_port, tps_auth_ldap_suffix, ca_hostname, ca_ee_port, tks_hostname, tks_agent_port, token_db_hostname, token_db_port, token_db_suffix, token_db_passwd; + + public CMSInstance(String h, String p, String AdDN, String pwd, String domain, String sroot, String insID, String mname, String sieURL) { + + host = h; + port = p; + AdminDN = AdDN; + AdminDNPW = pwd; + adminDomain = domain; + serverRoot = sroot; + machineName = mname; + instanceID = insID; + sieurl = sieURL; + } + + public CMSInstance(String croot, + String troot, + String th, + String tfqdn, + String tid, + String tep, + String tagp, + String tldaphost, + String tldapport, + String tldapsuffix, + String ch, + String ceep, + String tkh, + String tkagp, + String toh, + String toagp, + String tosuffix, + String topasswd) { + + cs_server_root = croot; + cs_tps_root = troot; + tps_hostname = th; + tps_fqdn = tfqdn; + tps_instanceid = tid; + tps_ee_port = tep; + tps_agent_port = tagp; + tps_auth_ldap_host = tldaphost; + tps_auth_ldap_port = tldapport; + tps_auth_ldap_suffix = tldapsuffix; + ca_hostname = ch; + ca_ee_port = ceep; + tks_hostname = tkh; + tks_agent_port = tkagp; + token_db_hostname = toh; + token_db_port = toagp; + token_db_suffix = tosuffix; + token_db_passwd = topasswd; + + } + + public boolean CreateTPSInstance() throws IOException { + // steps + // 1. create .cfg file + // 2. run create.pl with that .cfg file + + FileOutputStream out = new FileOutputStream( + cs_server_root + "/tps_auto_config.cfg"); + BufferedWriter awriter; + + awriter = new BufferedWriter(new OutputStreamWriter(out, "8859_1")); + awriter.write("CS_SERVER_ROOT=" + cs_server_root); + awriter.newLine(); + awriter.write("CS_TPS_ROOT=" + cs_tps_root); + awriter.newLine(); + awriter.write("TPS_HOSTNAME=" + tps_hostname); + awriter.newLine(); + awriter.write("TPS_FQDN=" + tps_fqdn); + awriter.newLine(); + awriter.write("TPS_INSTANCEID=" + tps_instanceid); + awriter.newLine(); + awriter.write("TPS_EE_PORT=" + tps_ee_port); + awriter.newLine(); + awriter.write("TPS_AGENT_PORT=" + tps_agent_port); + awriter.newLine(); + awriter.write("TPS_AUTH_LDAP_HOST=" + tps_auth_ldap_host); + awriter.newLine(); + awriter.write("TPS_AUTH_LDAP_PORT=" + tps_auth_ldap_port); + awriter.newLine(); + awriter.write("TPS_AUTH_LDAP_SUFFIX=" + tps_auth_ldap_suffix); + awriter.newLine(); + awriter.write("CA_HOSTNAME=" + ca_hostname); + awriter.newLine(); + awriter.write("CA_EE_PORT=" + ca_ee_port); + awriter.newLine(); + awriter.write("TKS_HOSTNAME=" + tks_hostname); + awriter.newLine(); + awriter.write("TKS_AGENT_PORT=" + tks_agent_port); + awriter.newLine(); + awriter.write("TOKEN_DB_HOSTNAME=" + token_db_hostname); + awriter.newLine(); + awriter.write("TOKEN_DB_PORT=" + token_db_port); + awriter.newLine(); + awriter.write("TOKEN_DB_SUFFIX=" + token_db_suffix); + awriter.newLine(); + awriter.write("TOKEN_DB_PASSWD=" + token_db_passwd); + awriter.newLine(); + + awriter.flush(); + out.close(); + + try { + Process p = null; + Runtime r = Runtime.getRuntime(); + // String[] se = {"perl", cs_server_root+"/bin/cert/tps/setup/create.pl" , "-i", cs_server_root+"/tps_auto_config.cfg" }; + String[] se = { + "perl", + "/home/ckannan/cms/src/ns/netkeyra/setup/create.pl", "-i", + cs_server_root + "/tps_auto_config.cfg" }; + + System.out.println(se); + p = r.exec(se); + p.waitFor(); + String line; + + if (p.exitValue() == 0) { + BufferedReader br = new BufferedReader( + new InputStreamReader(p.getInputStream())); + + while ((line = br.readLine()) != null) { + System.out.println(line); + } + } else { + BufferedReader br = new BufferedReader( + new InputStreamReader(p.getErrorStream())); + + while ((line = br.readLine()) != null) { + System.out.println(line); + } + } + } catch (Throwable e) { + System.out.println(e.getMessage()); + e.printStackTrace(); + return false; + } + + return true; + } + + public boolean CreateInstance() { + + String startURL = "/cert/Tasks/Operation/Create"; + String myStringUrl = "http://" + host + "." + adminDomain + ":" + port + + startURL; + + System.out.println(myStringUrl); + + String query = "serverRoot=" + URLEncoder.encode(serverRoot); + + query += "&instanceID=" + URLEncoder.encode(instanceID); + query += "&adminDomain=" + URLEncoder.encode(adminDomain); + query += "&sieURL=" + URLEncoder.encode(sieurl); + query += "&adminUID=" + URLEncoder.encode(AdminDN); + query += "&adminPWD=" + URLEncoder.encode(AdminDNPW); + query += "&machineName=" + URLEncoder.encode(machineName); + + PostQuery sm = new PostQuery(myStringUrl, AdminDN, AdminDNPW, query); + + return (sm.Send()); + + } + + public boolean RemoveInstance() { + + String startURL = "/cert-" + instanceID + "/Tasks/Operation/Remove"; + String myStringUrl = "http://" + host + ":" + port + startURL; + + System.out.println(myStringUrl); + + String query = "serverRoot=" + URLEncoder.encode(serverRoot); + + query += "&instanceID=" + URLEncoder.encode(instanceID); + + PostQuery sm = new PostQuery(myStringUrl, AdminDN, AdminDNPW, query); + + st = sm.Send(); + + if (st) { + System.out.println("Removed the cert instance"); + } else { + System.out.println("Could not remove the cert instance"); + } + + startURL = "/slapd-" + instanceID + "-db" + "/Tasks/Operation/Remove"; + myStringUrl = "http://" + host + ":" + port + startURL; + + System.out.println(myStringUrl); + + query = "serverRoot=" + URLEncoder.encode(serverRoot); + query += "&InstanceName=" + URLEncoder.encode(instanceID + "-db"); + + PostQuery rmdb = new PostQuery(myStringUrl, AdminDN, AdminDNPW, query); + + rmdb.setNMCStatus("NMC_Status: 0"); + return (rmdb.Send()); + + } + + public static void main(String args[]) { + // Exit Status - (-1) for error + + // Exit Status - (-1) for error + // - 0 FAIL + // - 1 PASS + + boolean st; + + System.out.println(args.length); + if (args.length < 10) { + System.out.println( + "Usage : <task:Create/REmove> host port AdminDN AdminDNPW adminDomain serverRoot instanceID machineName sieURL"); + System.exit(-1); + } + + int task = 0; + + args[0] = args[0].toLowerCase(); + if (args[0].equals("create")) { + task = 0; + } + if (args[0].equals("remove")) { + task = 1; + } + + CMSInstance t = new CMSInstance(args[1], args[2], args[3], args[4], + args[5], args[6], args[7], args[8], args[9]); + + switch (task) { + + case 0: + st = t.CreateInstance(); + if (st) { + System.out.println("server Instance created "); + System.exit(1); + } else { + + System.out.println("Error: Server Instance could not be created"); + System.exit(0); + } + break; + + case 1: + st = t.RemoveInstance(); + if (st) { + System.out.println("Server instance removed"); + System.exit(1); + } else { + + System.out.println("Server instance could not be removed"); + System.exit(0); + } + break; + + default: + System.out.println("Incorrect usage"); + System.exit(-1); + + } // end of switch + }// end of function main + +} // end of class + diff --git a/pki/base/silent/src/common/CMSLDAP.java b/pki/base/silent/src/common/CMSLDAP.java new file mode 100644 index 000000000..f5e4989c5 --- /dev/null +++ b/pki/base/silent/src/common/CMSLDAP.java @@ -0,0 +1,613 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import netscape.ldap.*; +import java.io.*; +import java.security.cert.X509Certificate; +import java.security.cert.*; + + +/** + * CMS Test framework . + * Using this class you can add a user and user certificate to LDAP server. + * You can also check if a certificate / CRL is published in LDAP server + * USe this class to turn of SSL and turn on SSL in a LDAP server. + */ + + +public class CMSLDAP { + + private String HOST, DN, BASEDN, PASSWORD; + private int PORT; + + private LDAPConnection conn = new LDAPConnection(); + + public CMSLDAP() {} + + /** + * Constructor. Takes parametes ldaphost, ldapport + */ + public CMSLDAP(String h, String p) { + HOST = h; + PORT = Integer.parseInt(p); + } + + /** + * Cosntructor. Takes parameters ldaphost,ldapport,ldapbinddn, ldapbindnpassword. + */ + public CMSLDAP(String h, String p, String dn, String pwd) { + HOST = h; + PORT = Integer.parseInt(p); + DN = dn; + PASSWORD = pwd; + } + + /** + * Connect to ldap server + */ + + public boolean connect() { + try { + conn.connect(HOST, PORT, DN, PASSWORD); + return true; + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + } + + /** + * Disconnect form ldap server + */ + + public void disconnect() { + + if ((conn != null) && conn.isConnected()) { + try { + conn.disconnect(); + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + } + + } + + } + + private boolean RemoveInstance(String basedn) { + try { + conn.delete(basedn); + return true; + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + /** + * Search for certificaterevocationList attribute. Takes basedn and filter as parameters + */ + + public boolean searchCRL(String basedn, String filter) throws LDAPException { + int searchScope = LDAPv2.SCOPE_SUB; + String getAttrs[] = { "certificateRevocationList;binary"}; + LDAPSearchResults results = conn.search(basedn, searchScope, filter, + getAttrs, false); + + if (results == null) { + System.out.println("Could not search"); + return false; + } + while (results.hasMoreElements()) { + LDAPEntry entry = (LDAPEntry) results.nextElement(); + + System.out.println(entry.getDN()); + LDAPAttribute anAttr = entry.getAttribute( + "certificateRevocationList;binary"); + + if (anAttr == null) { + System.out.println("Attribute not found "); + return false; + } else { + System.out.println(anAttr.getName()); + System.out.println(anAttr.getByteValueArray()); + return true; + } + } + return true; + } + + /** + * Search for attriburte usercertificate. Takes parameters basedn and filter + */ + + + + public boolean searchUserCert(String basedn, String filter) throws LDAPException { + int searchScope = LDAPv2.SCOPE_SUB; + String getAttrs[] = { "usercertificate;binary"}; + LDAPSearchResults results = conn.search(basedn, searchScope, filter, + getAttrs, false); + + if (results == null) { + System.out.println("Could not search"); + return false; + } + while (results.hasMoreElements()) { + LDAPEntry entry = (LDAPEntry) results.nextElement(); + + System.out.println(entry.getDN()); + LDAPAttribute anAttr = entry.getAttribute("usercertificate;binary"); + + if (anAttr == null) { + System.out.println("Attribute not found "); + return false; + } else { + System.out.println(anAttr.getName()); + System.out.println(anAttr.getByteValueArray()); + return true; + } + } + return true; + } + + /** + * Adds a user to direcrtory server . Takes parameters basedn, cn,sn,uid and passwd + */ + + public boolean userAdd(String basedn, String cn, String sn, String uid, String pwd) { + try { + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + + attrSet.add( + new LDAPAttribute("objectclass", + new String[] { + "top", "person", "organizationalPerson", + "inetorgperson"})); + attrSet.add(new LDAPAttribute("cn", cn)); + attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com")); + attrSet.add(new LDAPAttribute("userpassword", pwd)); + attrSet.add(new LDAPAttribute("sn", sn)); + attrSet.add(new LDAPAttribute("givenName", cn + sn)); + String name = "uid=" + uid + "," + basedn; + + System.out.println("Basedn " + name); + LDAPEntry entry = new LDAPEntry(name, attrSet); + + conn.add(entry); + System.out.println("ADDED: " + name); + return true; + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + private X509Certificate getXCertificate(byte[] cpack) { + + try { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + ByteArrayInputStream s = new ByteArrayInputStream(cpack); + + System.out.println("Building certificate :" + cpack); + java.security.cert.X509Certificate the_cert = ( + java.security.cert.X509Certificate) cf.generateCertificate(s); + + return the_cert; + } catch (Exception e) { + System.out.println("ERROR: getXCertificate " + e.toString()); + return null; + } + + } + + private String buildDNString(String s) { + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == ',') && (s.charAt(i + 1) == ' ')) { + val += ','; + i++; + continue; + } else { + val += s.charAt(i); + } + } + return val; + } + + /** + * Returns the SerialNumber;issuerDN;SubjectDN string. + * Takes certificate as parameter + */ + + public String getCertificateString(X509Certificate cert) { + if (cert == null) { + return null; + } + String idn = ((cert.getIssuerDN()).toString()).trim(); + + idn = buildDNString(idn); + String sdn = ((cert.getSubjectDN()).toString()).trim(); + + sdn = buildDNString(sdn); + + System.out.println("GetCertificateString : " + idn + ";" + sdn); + + // note that it did not represent a certificate fully + // return cert.getVersion() + ";" + cert.getSerialNumber().toString() + + // ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN(); + return "2;" + cert.getSerialNumber().toString() + ";" + idn + ";" + sdn; + + } + + /** + * Adds a user of objectclass cmsuser . Takes cn,sn,uid,password,certificate as parameters. + */ + public boolean CMSuserAdd(String cn, String sn, String uid, String pwd, byte[] certpack) { + try { + X509Certificate cert = getXCertificate(certpack); + + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + + attrSet.add( + new LDAPAttribute("objectclass", + new String[] { + "top", "person", "organizationalPerson", + "inetorgperson", "cmsuser"})); + attrSet.add(new LDAPAttribute("cn", cn)); + attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com")); + attrSet.add(new LDAPAttribute("userpassword", pwd)); + attrSet.add(new LDAPAttribute("sn", sn)); + attrSet.add(new LDAPAttribute("givenName", cn + sn)); + attrSet.add(new LDAPAttribute("usertype", "sub")); + attrSet.add(new LDAPAttribute("userstate", "1")); + + attrSet.add( + new LDAPAttribute("description", getCertificateString(cert))); + LDAPAttribute attrCertBin = new LDAPAttribute("usercertificate"); + + attrCertBin.addValue(cert.getEncoded()); + attrSet.add(attrCertBin); + + String name = "uid=" + uid + "," + + "ou=People,o=netscapecertificateServer"; + LDAPEntry entry = new LDAPEntry(name, attrSet); + + conn.add(entry); + System.out.println("ADDED: " + name); + return true; + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + /** + * Adds a user of objectclass cmsuser . Takes cn,sn,uid,password,certificate as parameters. + */ + + public boolean CMSuserAdd(String cn, String sn, String uid, String pwd, X509Certificate cert) { + + try { + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + + attrSet.add( + new LDAPAttribute("objectclass", + new String[] { + "top", "person", "organizationalPerson", + "inetorgperson", "cmsuser"})); + attrSet.add(new LDAPAttribute("cn", cn)); + attrSet.add(new LDAPAttribute("mail", uid + "@netscape.com")); + attrSet.add(new LDAPAttribute("userpassword", pwd)); + attrSet.add(new LDAPAttribute("sn", sn)); + attrSet.add(new LDAPAttribute("givenName", cn + sn)); + attrSet.add(new LDAPAttribute("usertype", "sub")); + attrSet.add(new LDAPAttribute("userstate", "1")); + + attrSet.add( + new LDAPAttribute("description", getCertificateString(cert))); + + LDAPAttribute attrCertBin = new LDAPAttribute("usercertificate"); + + attrCertBin.addValue(cert.getEncoded()); + attrSet.add(attrCertBin); + + String name = "uid=" + uid + "," + + "ou=People,o=netscapecertificateServer"; + LDAPEntry entry = new LDAPEntry(name, attrSet); + + conn.add(entry); + System.out.println("ADDED: " + name); + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + return true; + } + + /** + * adds a cms user to Trusted Manager Group. Takes uid as parameter. + */ + + public boolean addCMSUserToTMGroup(String uid) { + try { + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + LDAPAttribute um = new LDAPAttribute("uniquemember", + "uid=" + uid + ",ou=People,o=NetscapeCertificateServer"); + + attrSet.add(um); + LDAPModification gr = new LDAPModification(LDAPModification.ADD, um); + + String dn = "cn=Trusted Managers,ou=groups,o=netscapeCertificateServer"; + + conn.modify(dn, gr); + return true; + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + /** + * adds a cms user to Agent Group. Takes subsytem (ca/ra/ocsp/kra) and uid as parameters . + */ + + public boolean addCMSUserToAgentGroup(String subsystem, String uid) { + try { + String dn = null; + + if (subsystem.equals("ocsp")) { + dn = "cn=Online Certificate Status Manager Agents,ou=groups,o=netscapeCertificateServer"; + } + if (subsystem.equals("kra")) { + dn = "cn=Data Recovery Manager Agents,ou=groups,o=netscapeCertificateServer"; + } + if (subsystem.equals("ra")) { + dn = "cn=Registration Manager Agents,ou=groups,o=netscapeCertificateServer"; + } + if (subsystem.equals("ca")) { + dn = "cn=Certificate Manager Agents,ou=groups,o=netscapeCertificateServer"; + } + if (subsystem.equals("tks")) { + dn = "cn=Token Key Service Manager Agents,ou=groups,o=netscapeCertificateServer"; + } + + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + LDAPAttribute um = new LDAPAttribute("uniquemember", + "uid=" + uid + ",ou=People,o=NetscapeCertificateServer"); + + System.out.println( + "uid=" + uid + ",ou=People,o=NetscapeCertificateServer"); + + attrSet.add(um); + LDAPModification gr = new LDAPModification(LDAPModification.ADD, um); + + conn.modify(dn, gr); + + return true; + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + /** + * Will trun of SSL in LDAP server + **/ + + public boolean TurnOffSSL() { + try { + + LDAPModificationSet mods = new LDAPModificationSet(); + LDAPAttribute ssl3 = new LDAPAttribute("nsssl3", "off"); + LDAPAttribute ssl3ciphers = new LDAPAttribute("nsssl3ciphers", ""); + LDAPAttribute kfile = new LDAPAttribute("nskeyfile", "alias/"); + LDAPAttribute cfile = new LDAPAttribute("nscertfile", "alias/"); + LDAPAttribute cauth = new LDAPAttribute("nssslclientauth", "allowed"); + + // conn.delete("cn=RSA,cn=encryption,cn=config"); + + + mods.add(LDAPModification.REPLACE, ssl3); + mods.add(LDAPModification.DELETE, ssl3ciphers); + mods.add(LDAPModification.DELETE, kfile); + mods.add(LDAPModification.DELETE, cfile); + mods.add(LDAPModification.DELETE, cauth); + System.out.println("going to mod"); + // conn.modify("cn=encryption,cn=config",mods); + System.out.println("mod en=encryption"); + int i = 4; + + while (i >= 0) { + mods.removeElementAt(i); + i--; + } + + LDAPAttribute sec = new LDAPAttribute("nsslapd-security", "off"); + + mods.add(LDAPModification.REPLACE, sec); + conn.modify("cn=config", mods); + System.out.println("mod cn=config"); + + return true; + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + /** + * Will Turn ON SSL in LDAP server . Takes certPrefix, certificatenickanme and sslport as parameters. + **/ + + public boolean TurnOnSSL(String certPrefix, String certName, String sslport) { + String dn; + String CIPHERS = "-rsa_null_md5,+rsa_fips_3des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_rc4_128_md5,+rsa_des_sha,+rsa_rc2_40_md5,+rsa_rc4_40_md5"; + + try { + boolean found = false; + int searchScope = LDAPv2.SCOPE_SUB; + String getAttrs[] = { "nssslactivation"}; + + LDAPModificationSet mods = new LDAPModificationSet(); + LDAPAttribute sec = new LDAPAttribute("nsslapd-security", "on"); + LDAPAttribute sp = new LDAPAttribute("nsslapd-securePort", sslport); + + mods.add(LDAPModification.REPLACE, sec); + mods.add(LDAPModification.REPLACE, sp); + conn.modify("cn=config", mods); + mods.removeElementAt(1); + mods.removeElementAt(0); + + LDAPAttribute ssl3 = new LDAPAttribute("nsssl3", "on"); + LDAPAttribute ssl3ciphers = new LDAPAttribute("nsssl3ciphers", + CIPHERS); + LDAPAttribute kfile = new LDAPAttribute("nskeyfile", + "alias/" + certPrefix + "-key3.db"); + LDAPAttribute cfile = new LDAPAttribute("nscertfile", + "alias/" + certPrefix + "-cert7.db"); + LDAPAttribute cauth = new LDAPAttribute("nssslclientauth", "allowed"); + + mods.add(LDAPModification.REPLACE, ssl3); + mods.add(LDAPModification.REPLACE, ssl3ciphers); + mods.add(LDAPModification.REPLACE, kfile); + mods.add(LDAPModification.REPLACE, cfile); + mods.add(LDAPModification.REPLACE, cauth); + + conn.modify("cn=encryption,cn=config", mods); + int i = 4; + + while (i >= 0) { + mods.removeElementAt(i); + i--; + } + + // conn.delete("cn=RSA,cn=encryption,cn=config"); + try { + LDAPSearchResults results = conn.search( + "cn=RSA,cn=encryption,cn=config", searchScope, null, + getAttrs, false); + LDAPAttribute cn = new LDAPAttribute("cn", "RSA"); + LDAPAttribute ssltoken = new LDAPAttribute("nsssltoken", + "internal (software)"); + LDAPAttribute activation = new LDAPAttribute("nssslactivation", + "on"); + LDAPAttribute cname = new LDAPAttribute("nssslpersonalityssl", + certName); + + mods.add(LDAPModification.REPLACE, cn); + mods.add(LDAPModification.REPLACE, ssltoken); + mods.add(LDAPModification.REPLACE, activation); + mods.add(LDAPModification.REPLACE, cname); + + conn.modify("cn=RSA,cn=encryption,cn=config", mods); + + } catch (Exception e1) { + LDAPAttributeSet attrSet = new LDAPAttributeSet(); + + attrSet.add( + new LDAPAttribute("objectclass", + new String[] { "top", "nsEncryptionModule"})); + attrSet.add(new LDAPAttribute("cn", "RSA")); + attrSet.add( + new LDAPAttribute("nsssltoken", "internal (software)")); + attrSet.add(new LDAPAttribute("nssslactivation", "on")); + attrSet.add(new LDAPAttribute("nssslpersonalityssl", certName)); + LDAPEntry entry = new LDAPEntry("cn=RSA,cn=encryption,cn=config", + attrSet); + + conn.add(entry); + } + + return true; + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + return false; + } + + } + + public static void main(String args[]) { + String HOST = args[0]; + // int PORT = Integer.parseInt(args[1]); + String PORT = args[1]; + String DN = args[2]; + String PASSWORD = args[3]; + String BASEDN = args[4]; + + String s = "MIICFzCCAYCgAwIBAgIBBjANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVz\ndDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MTEyMTUx\nMzZaFw0wNDA0MTAwOTQ2NTVaMFwxCzAJBgNVBAYTAlVTMQwwCgYDVQQKEwNTU0wxHTAbBgNVBAsT\nFHNzbHRlc3QxMDUwMDk3ODkzNzQ1MSAwHgYDVQQDExdqdXBpdGVyMi5uc2NwLmFvbHR3Lm5ldDBc\nMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDCsCTIIQ+bJMfPHi6kwa7HF+/xSTVHcpZ5zsodXsNWjPlD\noRu/5KAO8NotfwGnYmALWdYnqXCF0q0gkaJQalQTAgMBAAGjRjBEMA4GA1UdDwEB/wQEAwIFoDAR\nBglghkgBhvhCAQEEBAMCBkAwHwYDVR0jBBgwFoAUzxZkSySZT/Y3SxGMEiNyHnLUOPAwDQYJKoZI\nhvcNAQEEBQADgYEALtpqMOtZt6j5KlghDFgdg/dvf36nWiZwC1ap6+ka22shLkA/RjmOix97btzT\nQ+8LcmdkAW5iap4YbtrCu0wdN6IbIEXoQI1QGZBoKO2o02utssXANmTnRCyH/GX2KefQlp1NSRj9\nZNZ+GRT2Qk/8G5Ds9vVjm1I5+/AkzI9jS14="; + + s = "-----BEGIN CERTIFICATE-----" + "\n" + s + "\n" + + "-----END CERTIFICATE-----\n"; + + try { + + System.out.println(HOST + PORT + DN + PASSWORD + BASEDN); + CMSLDAP caIdb = new CMSLDAP(HOST, PORT, DN, PASSWORD); + + /* FileInputStream fis = new FileInputStream("t1"); + DataInputStream dis = new DataInputStream(fis); + + byte[] bytes = new byte[dis.available()]; + dis.readFully(bytes); + + // bytes=s.getBytes(); + */ + + if (!caIdb.connect()) { + System.out.println("Could not connect to CA internal DB port"); + } + + if (!caIdb.searchCRL("o=mcom.com", "uid=CManager")) { + System.out.println("CRL is not published"); + } + + // if(!caIdb.searchUserCert("o=mcom.com","uid=test")) + // System.out.println("USer cert is not published"); + + // if (!caIdb.CMSuserAdd("ra-trust" ,"ra-trust","ra-trust","netscape",bytes)) + // {System.out.println("Trusted MAnager user Could not be add ");} + + // if(!caIdb.addCMSUserToTMGroup("ra-trust")) + // {System.out.println("CMS user Could not be added to Trusted manager group "); } + + // if(!caIdb.addCMSUserToAgentGroup("ra","ra-agent")) + // {System.out.println("CMS user Could not be added to Trusted manager group "); } + /* if(!caIdb.userAdd(BASEDN,"raeetest1","raeetest1","raeetest1","netscape")) + {System.out.println("CMS user Could not be added to Trusted manager group "); } + */ + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + } + + } +} + diff --git a/pki/base/silent/src/common/CMSProperties.java b/pki/base/silent/src/common/CMSProperties.java new file mode 100644 index 000000000..2c9008b75 --- /dev/null +++ b/pki/base/silent/src/common/CMSProperties.java @@ -0,0 +1,698 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +/* + * @(#)Properties.java 1.60 00/02/02 + * + * Copyright 1995-2000 Sun Microsystems, Inc. All Rights Reserved. + * + * This software is the proprietary information of Sun Microsystems, Inc. + * Use is subject to license terms. + * + */ + +import java.util.*; +import java.io.IOException; +import java.io.PrintStream; +import java.io.PrintWriter; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.BufferedReader; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.BufferedWriter; +import java.util.Hashtable; + + +/** + * The <code>Properties</code> class represents a persistent set of + * properties. The <code>Properties</code> can be saved to a stream + * or loaded from a stream. Each key and its corresponding value in + * the property list is a string. + * <p> + * A property list can contain another property list as its + * "defaults"; this second property list is searched if + * the property key is not found in the original property list. + * <p> + * Because <code>Properties</code> inherits from <code>Hashtable</code>, the + * <code>put</code> and <code>putAll</code> methods can be applied to a + * <code>Properties</code> object. Their use is strongly discouraged as they + * allow the caller to insert entries whose keys or values are not + * <code>Strings</code>. The <code>setProperty</code> method should be used + * instead. If the <code>store</code> or <code>save</code> method is called + * on a "compromised" <code>Properties</code> object that contains a + * non-<code>String</code> key or value, the call will fail. + * <p> + * <a name="encoding"></a> + * When saving properties to a stream or loading them from a stream, the + * ISO 8859-1 character encoding is used. For characters that cannot be directly + * represented in this encoding, + * <a href="http://java.sun.com/docs/books/jls/html/3.doc.html#100850">Unicode escapes</a> + * are used; however, only a single 'u' character is allowed in an escape sequence. + * The native2ascii tool can be used to convert property files to and from + * other character encodings. + * + * @see <a href="../../../tooldocs/solaris/native2ascii.html">native2ascii tool for Solaris</a> + * @see <a href="../../../tooldocs/win32/native2ascii.html">native2ascii tool for Windows</a> + * + * @author Arthur van Hoff + * @author Michael McCloskey + * @version 1.60, 02/02/00 + * @since JDK1.0 + */ + +class CMSProperties extends Hashtable { + + /** + * use serialVersionUID from JDK 1.1.X for interoperability + */ + private static final long serialVersionUID = 4112578634029874840L; + + /** + * A property list that contains default values for any keys not + * found in this property list. + * + * @serial + */ + protected CMSProperties defaults; + + /** + * Creates an empty property list with no default values. + */ + public CMSProperties() { + this(null); + } + + /** + * Creates an empty property list with the specified defaults. + * + * @param defaults the defaults. + */ + public CMSProperties(CMSProperties defaults) { + this.defaults = defaults; + } + + /** + * Calls the hashtable method <code>put</code>. Provided for + * parallelism with the <tt>getProperty</tt> method. Enforces use of + * strings for property keys and values. + * + * @param key the key to be placed into this property list. + * @param value the value corresponding to <tt>key</tt>. + * @see #getProperty + * @since 1.2 + */ + public synchronized Object setProperty(String key, String value) { + return put(key, value); + } + + private static final String keyValueSeparators = "=: \t\r\n\f"; + + private static final String strictKeyValueSeparators = "=:"; + + private static final String specialSaveChars = " \t\r\n\f"; + + private static final String whiteSpaceChars = " \t\r\n\f"; + + /** + * Reads a property list (key and element pairs) from the input stream. + * The stream is assumed to be using the ISO 8859-1 character encoding. + * <p> + * Every property occupies one line of the input stream. Each line + * is terminated by a line terminator (<code>\n</code> or <code>\r</code> + * or <code>\r\n</code>). Lines from the input stream are processed until + * end of file is reached on the input stream. + * <p> + * A line that contains only whitespace or whose first non-whitespace + * character is an ASCII <code>#</code> or <code>!</code> is ignored + * (thus, <code>#</code> or <code>!</code> indicate comment lines). + * <p> + * Every line other than a blank line or a comment line describes one + * property to be added to the table (except that if a line ends with \, + * then the following line, if it exists, is treated as a continuation + * line, as described + * below). The key consists of all the characters in the line starting + * with the first non-whitespace character and up to, but not including, + * the first ASCII <code>=</code>, <code>:</code>, or whitespace + * character. All of the key termination characters may be included in + * the key by preceding them with a \. + * Any whitespace after the key is skipped; if the first non-whitespace + * character after the key is <code>=</code> or <code>:</code>, then it + * is ignored and any whitespace characters after it are also skipped. + * All remaining characters on the line become part of the associated + * element string. Within the element string, the ASCII + * escape sequences <code>\t</code>, <code>\n</code>, + * <code>\r</code>, <code>\\</code>, <code>\"</code>, <code>\'</code>, + * <code>\  </code>  (a backslash and a space), and + * <code>\u</code><i>xxxx</i> are recognized and converted to single + * characters. Moreover, if the last character on the line is + * <code>\</code>, then the next line is treated as a continuation of the + * current line; the <code>\</code> and line terminator are simply + * discarded, and any leading whitespace characters on the continuation + * line are also discarded and are not part of the element string. + * <p> + * As an example, each of the following four lines specifies the key + * <code>"Truth"</code> and the associated element value + * <code>"Beauty"</code>: + * <p> + * <pre> + * Truth = Beauty + * Truth:Beauty + * Truth :Beauty + * </pre> + * As another example, the following three lines specify a single + * property: + * <p> + * <pre> + * fruits apple, banana, pear, \ + * cantaloupe, watermelon, \ + * kiwi, mango + * </pre> + * The key is <code>"fruits"</code> and the associated element is: + * <p> + * <pre>"apple, banana, pear, cantaloupe, watermelon,kiwi, mango"</pre> + * Note that a space appears before each <code>\</code> so that a space + * will appear after each comma in the final result; the <code>\</code>, + * line terminator, and leading whitespace on the continuation line are + * merely discarded and are <i>not</i> replaced by one or more other + * characters. + * <p> + * As a third example, the line: + * <p> + * <pre>cheeses + * </pre> + * specifies that the key is <code>"cheeses"</code> and the associated + * element is the empty string.<p> + * + * @param inStream the input stream. + * @exception IOException if an error occurred when reading from the + * input stream. + */ + public synchronized void load(InputStream inStream) throws IOException { + + BufferedReader in = new BufferedReader( + new InputStreamReader(inStream, "8859_1")); + + while (true) { + // Get next line + String line = in.readLine(); + + if (line == null) { + return; + } + + if (line.length() > 0) { + // Continue lines that end in slashes if they are not comments + char firstChar = line.charAt(0); + + if ((firstChar != '#') && (firstChar != '!')) { + while (continueLine(line)) { + String nextLine = in.readLine(); + + if (nextLine == null) { + nextLine = new String(""); + } + String loppedLine = line.substring(0, line.length() - 1); + // Advance beyond whitespace on new line + int startIndex = 0; + + for (startIndex = 0; startIndex < nextLine.length(); startIndex++) { + if (whiteSpaceChars.indexOf( + nextLine.charAt(startIndex)) + == -1) { + break; + } + } + nextLine = nextLine.substring(startIndex, + nextLine.length()); + line = new String(loppedLine + nextLine); + } + + // Find start of key + int len = line.length(); + int keyStart; + + for (keyStart = 0; keyStart < len; keyStart++) { + if (whiteSpaceChars.indexOf(line.charAt(keyStart)) == -1) { + break; + } + } + + // Blank lines are ignored + if (keyStart == len) { + continue; + } + + // Find separation between key and value + int separatorIndex; + + for (separatorIndex = keyStart; separatorIndex < len; separatorIndex++) { + char currentChar = line.charAt(separatorIndex); + + if (currentChar == '\\') { + separatorIndex++; + } else if (keyValueSeparators.indexOf(currentChar) != -1) { + break; + } + } + + // Skip over whitespace after key if any + int valueIndex; + + for (valueIndex = separatorIndex; valueIndex < len; valueIndex++) { + if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) + == -1) { + break; + } + } + + // Skip over one non whitespace key value separators if any + if (valueIndex < len) { + if (strictKeyValueSeparators.indexOf( + line.charAt(valueIndex)) + != -1) { + valueIndex++; + } + } + + // Skip over white space after other separators if any + while (valueIndex < len) { + if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) + == -1) { + break; + } + valueIndex++; + } + String key = line.substring(keyStart, separatorIndex); + String value = (separatorIndex < len) + ? line.substring(valueIndex, len) + : ""; + + // Convert then store key and value + key = loadConvert(key); + value = loadConvert(value); + put(key, value); + } + } + } + } + + /* + * Returns true if the given line is a line that must + * be appended to the next line + */ + private boolean continueLine(String line) { + int slashCount = 0; + int index = line.length() - 1; + + while ((index >= 0) && (line.charAt(index--) == '\\')) { + slashCount++; + } + return (slashCount % 2 == 1); + } + + /* + * Converts encoded \uxxxx to unicode chars + * and changes special saved chars to their original forms + */ + private String loadConvert(String theString) { + char aChar; + int len = theString.length(); + StringBuffer outBuffer = new StringBuffer(len); + + for (int x = 0; x < len;) { + aChar = theString.charAt(x++); + if (aChar == '\\') { + aChar = theString.charAt(x++); + if (aChar == 'u') { + // Read the xxxx + int value = 0; + + for (int i = 0; i < 4; i++) { + aChar = theString.charAt(x++); + switch (aChar) { + case '0': + case '1': + case '2': + case '3': + case '4': + case '5': + case '6': + case '7': + case '8': + case '9': + value = (value << 4) + aChar - '0'; + break; + + case 'a': + case 'b': + case 'c': + case 'd': + case 'e': + case 'f': + value = (value << 4) + 10 + aChar - 'a'; + break; + + case 'A': + case 'B': + case 'C': + case 'D': + case 'E': + case 'F': + value = (value << 4) + 10 + aChar - 'A'; + break; + + default: + throw new IllegalArgumentException( + "Malformed \\uxxxx encoding."); + } + } + outBuffer.append((char) value); + } else { + if (aChar == 't') { + aChar = '\t'; + } else if (aChar == 'r') { + aChar = '\r'; + } else if (aChar == 'n') { + aChar = '\n'; + } else if (aChar == 'f') { + aChar = '\f'; + } + outBuffer.append(aChar); + } + } else { + outBuffer.append(aChar); + } + } + return outBuffer.toString(); + } + + /* + * Converts unicodes to encoded \uxxxx + * and writes out any of the characters in specialSaveChars + * with a preceding slash + */ + private String saveConvert(String theString, boolean escapeSpace) { + int len = theString.length(); + StringBuffer outBuffer = new StringBuffer(len * 2); + + for (int x = 0; x < len; x++) { + char aChar = theString.charAt(x); + + switch (aChar) { + case ' ': + if (x == 0 || escapeSpace) { + outBuffer.append('\\'); + } + + outBuffer.append(' '); + break; + + case '\\': + outBuffer.append('\\'); + outBuffer.append('\\'); + break; + + case '\t': + outBuffer.append('\\'); + outBuffer.append('t'); + break; + + case '\n': + outBuffer.append('\\'); + outBuffer.append('n'); + break; + + case '\r': + outBuffer.append('\\'); + outBuffer.append('r'); + break; + + case '\f': + outBuffer.append('\\'); + outBuffer.append('f'); + break; + + default: + if ((aChar < 0x0020) || (aChar > 0x007e)) { + outBuffer.append('\\'); + outBuffer.append('u'); + outBuffer.append(toHex((aChar >> 12) & 0xF)); + outBuffer.append(toHex((aChar >> 8) & 0xF)); + outBuffer.append(toHex((aChar >> 4) & 0xF)); + outBuffer.append(toHex(aChar & 0xF)); + } else { + if (specialSaveChars.indexOf(aChar) != -1) { + outBuffer.append('\\'); + } + outBuffer.append(aChar); + } + } + } + return outBuffer.toString(); + } + + /** + * Calls the <code>store(OutputStream out, String header)</code> method + * and suppresses IOExceptions that were thrown. + * + * @deprecated This method does not throw an IOException if an I/O error + * occurs while saving the property list. As of the Java 2 platform v1.2, the preferred + * way to save a properties list is via the <code>store(OutputStream out, + * String header)</code> method. + * + * @param out an output stream. + * @param header a description of the property list. + * @exception ClassCastException if this <code>Properties</code> object + * contains any keys or values that are not <code>Strings</code>. + */ + public synchronized void save(OutputStream out, String header) { + try { + store(out, header); + } catch (IOException e) {} + } + + /** + * Writes this property list (key and element pairs) in this + * <code>Properties</code> table to the output stream in a format suitable + * for loading into a <code>Properties</code> table using the + * <code>load</code> method. + * The stream is written using the ISO 8859-1 character encoding. + * <p> + * Properties from the defaults table of this <code>Properties</code> + * table (if any) are <i>not</i> written out by this method. + * <p> + * If the header argument is not null, then an ASCII <code>#</code> + * character, the header string, and a line separator are first written + * to the output stream. Thus, the <code>header</code> can serve as an + * identifying comment. + * <p> + * Next, a comment line is always written, consisting of an ASCII + * <code>#</code> character, the current date and time (as if produced + * by the <code>toString</code> method of <code>Date</code> for the + * current time), and a line separator as generated by the Writer. + * <p> + * Then every entry in this <code>Properties</code> table is written out, + * one per line. For each entry the key string is written, then an ASCII + * <code>=</code>, then the associated element string. Each character of + * the element string is examined to see whether it should be rendered as + * an escape sequence. The ASCII characters <code>\</code>, tab, newline, + * and carriage return are written as <code>\\</code>, <code>\t</code>, + * <code>\n</code>, and <code>\r</code>, respectively. Characters less + * than <code>\u0020</code> and characters greater than + * <code>\u007E</code> are written as <code>\u</code><i>xxxx</i> for + * the appropriate hexadecimal value <i>xxxx</i>. Leading space characters, + * but not embedded or trailing space characters, are written with a + * preceding <code>\</code>. The key and value characters <code>#</code>, + * <code>!</code>, <code>=</code>, and <code>:</code> are written with a + * preceding slash to ensure that they are properly loaded. + * <p> + * After the entries have been written, the output stream is flushed. The + * output stream remains open after this method returns. + * + * @param out an output stream. + * @param header a description of the property list. + * @exception IOException if writing this property list to the specified + * output stream throws an <tt>IOException</tt>. + * @exception ClassCastException if this <code>Properties</code> object + * contains any keys or values that are not <code>Strings</code>. + */ + public synchronized void store(OutputStream out, String header) + throws IOException { + BufferedWriter awriter; + + awriter = new BufferedWriter(new OutputStreamWriter(out, "8859_1")); + if (header != null) { + writeln(awriter, "#" + header); + } + writeln(awriter, "#" + new Date().toString()); + for (Enumeration e = keys(); e.hasMoreElements();) { + String key = (String) e.nextElement(); + String val = (String) get(key); + + key = saveConvert(key, true); + + /* No need to escape embedded and trailing spaces for value, hence + * pass false to flag. + */ + val = saveConvert(val, false); + writeln(awriter, key + "=" + val); + } + awriter.flush(); + } + + private static void writeln(BufferedWriter bw, String s) throws IOException { + bw.write(s); + bw.newLine(); + } + + /** + * Searches for the property with the specified key in this property list. + * If the key is not found in this property list, the default property list, + * and its defaults, recursively, are then checked. The method returns + * <code>null</code> if the property is not found. + * + * @param key the property key. + * @return the value in this property list with the specified key value. + * @see #setProperty + * @see #defaults + */ + public String getProperty(String key) { + Object oval = super.get(key); + String sval = (oval instanceof String) ? (String) oval : null; + + return ((sval == null) && (defaults != null)) + ? defaults.getProperty(key) + : sval; + } + + /** + * Searches for the property with the specified key in this property list. + * If the key is not found in this property list, the default property list, + * and its defaults, recursively, are then checked. The method returns the + * default value argument if the property is not found. + * + * @param key the hashtable key. + * @param defaultValue a default value. + * + * @return the value in this property list with the specified key value. + * @see #setProperty + * @see #defaults + */ + public String getProperty(String key, String defaultValue) { + String val = getProperty(key); + + return (val == null) ? defaultValue : val; + } + + /** + * Returns an enumeration of all the keys in this property list, including + * the keys in the default property list. + * + * @return an enumeration of all the keys in this property list, including + * the keys in the default property list. + * @see java.util.Enumeration + * @see java.util.Properties#defaults + */ + public Enumeration propertyNames() { + Hashtable h = new Hashtable(); + + enumerate(h); + return h.keys(); + } + + /** + * Prints this property list out to the specified output stream. + * This method is useful for debugging. + * + * @param out an output stream. + */ + public void list(PrintStream out) { + out.println("-- listing properties --"); + Hashtable h = new Hashtable(); + + enumerate(h); + for (Enumeration e = h.keys(); e.hasMoreElements();) { + String key = (String) e.nextElement(); + String val = (String) h.get(key); + + if (val.length() > 40) { + val = val.substring(0, 37) + "..."; + } + out.println(key + "=" + val); + } + } + + /** + * Prints this property list out to the specified output stream. + * This method is useful for debugging. + * + * @param out an output stream. + * @since JDK1.1 + */ + + /* + * Rather than use an anonymous inner class to share common code, this + * method is duplicated in order to ensure that a non-1.1 compiler can + * compile this file. + */ + public void list(PrintWriter out) { + out.println("-- listing properties --"); + Hashtable h = new Hashtable(); + + enumerate(h); + for (Enumeration e = h.keys(); e.hasMoreElements();) { + String key = (String) e.nextElement(); + String val = (String) h.get(key); + + if (val.length() > 40) { + val = val.substring(0, 37) + "..."; + } + out.println(key + "=" + val); + } + } + + /** + * Enumerates all key/value pairs in the specified hastable. + * @param h the hashtable + */ + private synchronized void enumerate(Hashtable h) { + if (defaults != null) { + defaults.enumerate(h); + } + for (Enumeration e = keys(); e.hasMoreElements();) { + String key = (String) e.nextElement(); + + h.put(key, get(key)); + } + } + + /** + * Convert a nibble to a hex character + * @param nibble the nibble to convert. + */ + private static char toHex(int nibble) { + return hexDigit[(nibble & 0xF)]; + } + + /** A table of hex digits */ + private static final char[] hexDigit = { + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', + 'E', 'F' + }; +} diff --git a/pki/base/silent/src/common/CMSTask.java b/pki/base/silent/src/common/CMSTask.java new file mode 100644 index 000000000..31ba4547f --- /dev/null +++ b/pki/base/silent/src/common/CMSTask.java @@ -0,0 +1,185 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.net.*; +import java.io.*; + + +/** + * CS Test framework . + * This class starts and stops CS server from command line + */ + +public class CMSTask { + + private static String operation; + private static String debug; + private static String serverRoot; + private Process p = null; + + /** + * Constructor . Takes CMS server root as parameter + * for example (/export/qa/cert-jupiter2) + **/ + + public CMSTask() {// do nothing + } + + public CMSTask(String sroot) { + serverRoot = sroot; + } + + public boolean CMSStart() { + + try { + System.out.println("Starting Certificate System:"); + Runtime r = Runtime.getRuntime(); + + p = r.exec(serverRoot + "/start-cert"); + + InputStreamReader isr = new InputStreamReader(p.getInputStream()); + BufferedReader br = new BufferedReader(isr); + String s = null; + + try { + while ((s = br.readLine()) != null) { + if (s.indexOf("started") > 0) { + return true; + } + // do something + } + } catch (IOException ioe) { + ioe.printStackTrace(); + } + + return false; + + } catch (Throwable e) { + e.printStackTrace(); + } + + return false; + } + + public boolean CMSStop() { + try { + Runtime r = Runtime.getRuntime(); + + System.out.println("Stopping Certificate System:"); + p = r.exec(serverRoot + "/stop-cert"); + BufferedReader br = new BufferedReader( + new InputStreamReader(p.getInputStream())); + String line; + + while ((line = br.readLine()) != null) { + System.out.println(" " + line); + if (line.indexOf("server shut down") > -1) { + return true; + } else { + return false; + } + } + } catch (Throwable e) { + e.printStackTrace(); + } + return false; + } + + public boolean CMSRestart() { + try { + System.out.println("Restarting Certificate System:"); + Runtime r = Runtime.getRuntime(); + + p = r.exec(serverRoot + "/restart-cert"); + BufferedReader br = new BufferedReader( + new InputStreamReader(p.getInputStream())); + String line; + + while ((line = br.readLine()) != null) { + System.out.println(" " + line); + if (line.indexOf("started") > -1) { + return true; + } else { + return false; + } + } + + } catch (Throwable e) { + e.printStackTrace(); + } + return false; + } + + public boolean task() { + if (operation.equalsIgnoreCase("stop")) { + CMSStop(); + return true; + } + + if (operation.equalsIgnoreCase("start")) { + CMSStart(); + return true; + } + + if (operation.equalsIgnoreCase("restart")) { + CMSRestart(); + return true; + } + + return false; + } + + public static void main(String args[]) { + CMSTask prof = new CMSTask(); + // parse args + StringHolder x_instance_root = new StringHolder(); + StringHolder x_operation = new StringHolder(); + + // parse the args + ArgParser parser = new ArgParser("CMSTask"); + + parser.addOption("-instance_root %s #CA Server Root", x_instance_root); + parser.addOption("-operation %s #CA operation [stop,start,restart]", + x_operation); + + // and then match the arguments + String[] unmatched = null; + + unmatched = parser.matchAllArgs(args, 0, parser.EXIT_ON_UNMATCHED); + + if (unmatched != null) { + System.out.println("ERROR: Argument Mismatch"); + System.exit(-1); + } + + // set variables + serverRoot = x_instance_root.value; + operation = x_operation.value; + + boolean st = prof.task(); + + if (!st) { + System.out.println("ERROR"); + } + + System.out.println("SUCCESS"); + + } // end of function main + +} // end of class + diff --git a/pki/base/silent/src/common/Certificate_Record.java b/pki/base/silent/src/common/Certificate_Record.java new file mode 100644 index 000000000..0331e02e5 --- /dev/null +++ b/pki/base/silent/src/common/Certificate_Record.java @@ -0,0 +1,50 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.util.*; +import java.io.*; +import java.net.*; + + +public class Certificate_Record { + + public String revokedOn = null; + public String revokedBy = null; + public String revocation_info = null; + public String signatureAlgorithm = null; + public String serialNumber = null; + public String subjectPublicKeyLength = null; + public String type = null; + public String subject = null; + public String issuedOn = null; + public String validNotBefore = null; + public String validNotAfter = null; + public String issuedBy = null; + public String subjectPublicKeyAlgorithm = null; + public String certChainBase64 = null; + public String certFingerprint = null; + public String pkcs7ChainBase64 = null; + public String certPrettyPrint = null; + + public Certificate_Record() {// Do nothing + } + +} + + +; diff --git a/pki/base/silent/src/common/ComCrypto.java b/pki/base/silent/src/common/ComCrypto.java new file mode 100644 index 000000000..6afc4f9cf --- /dev/null +++ b/pki/base/silent/src/common/ComCrypto.java @@ -0,0 +1,784 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.net.*; +import java.io.*; +import java.util.*; +import java.math.*; +import java.util.Date; +import java.util.StringTokenizer; +import java.net.URL; +import java.net.URLConnection; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.BufferedReader; +import java.net.URLEncoder; +import java.security.KeyPair; +import java.lang.Exception; + +import org.mozilla.jss.*; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.util.*; +import org.mozilla.jss.ssl.*; +import org.mozilla.jss.crypto.*; +import org.mozilla.jss.CertDatabaseException; +import org.mozilla.jss.pkcs11.*; +import org.mozilla.jss.pkcs11.PK11Token; +import org.mozilla.jss.util.Password; +import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.crypto.KeyPairGenerator; +import org.mozilla.jss.crypto.KeyPairAlgorithm; +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkix.primitive.*; +import org.mozilla.jss.pkix.crmf.*; + +//import netscape.security.provider.RSAPublicKey; +import netscape.security.pkcs.PKCS10; +import netscape.security.x509.X500Name; +import netscape.security.util.BigInt; +import netscape.security.x509.X500Signer; + +//import sun.misc.BASE64Encoder; +//import sun.misc.BASE64Decoder; +import java.security.Signature; +import com.netscape.osutil.OSUtil; + + +/** + * CMS Test framework . + * Use this class to initalize,add a certificate ,generate a certificate request from certificate database. + */ + + +public class ComCrypto { + + private String cdir, certnickname, keysize, keytype, tokenpwd; + private String certpackage, pkcs10request; + private boolean debug = true; + private boolean DBlogin = false; + private boolean generaterequest = false; + + private String transportcert = null; + private boolean dualkey = false; + public String CRMF_REQUEST = null; + int START = 1; + int END = START + 1; + Password password = null; + + public static CryptoManager manager; + public static CryptoToken token; + private CryptoStore store; + private Password pass1 = null, pass2 = null; + + private String bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----"; + private String blob, Blob1 = null; + private String Blob2 = null; + private String estr = "-----END NEW CERTIFICATE REQUEST-----"; + + private String certprefix = null; + + public ComCrypto() {} + ; + + /** + * Constructor . Takes the parameter certificatedbdirectory , passwordfor cert database, certificatenickname,keysize, keytype(RSA/DSA) + * @param certdbdirectory. + * @param certdbpassword + * @param certnickname + * @param keysize (1024/2048/4096) + * @param keytype (RSA/DSA) + */ + + + public ComCrypto(String cd, String tpwd, String cn, String ks, String kt) { + cdir = cd; + tokenpwd = tpwd; + certnickname = cn; + keysize = ks; + keytype = kt; + } + + // Set and Get functions + + public void setCertDir(String cd) { + cdir = cd; + } + + public void setCertnickname(String cd) { + certnickname = cd; + } + + public void setKeySize(String cd) { + keysize = cd; + } + + public void setKeyType(String cd) { + keytype = cd; + } + + public void setTokenPWD(String cd) { + tokenpwd = cd; + } + + public void setCertPackage(String cd) { + certpackage = cd; + } + + public void setGenerateRequest(boolean c) { + generaterequest = c; + } + + public void setDebug(boolean t) { + debug = t; + } + + public void setCertPrefix(String prefix) { + certprefix = prefix; + } + + /* + * setTransportCert() should only be called when the calling profile + * needs to do key archivals with the DRM and make sure the function + * generateCRMFtransport() is called for the CRMF request generation + * part. + */ + public void setTransportCert(String tcert) { + transportcert = tcert; + } + + public void setDualKey(boolean dkey) { + dualkey = dkey; + } + + public String getPkcs10Request() { + return pkcs10request; + } + + /** + * Parses the Certificate and returns SubjectDN . Takes certificate as parameter + */ + + public String getCertificateString(X509Certificate cert) { + if (cert == null) { + return null; + } + + // note that it did not represent a certificate fully + return cert.getVersion() + ";" + cert.getSerialNumber().toString() + ";" + + cert.getIssuerDN() + ";" + cert.getSubjectDN(); + } + + /** + * Finds and returns Certificate . Takes certificatenickname as parameter. + */ + + + public X509Certificate findCert(String certname) { + try { + + X509Certificate cert2 = manager.findCertByNickname(certname); + + return cert2; + + } catch (Exception e) { + System.out.println("exception importing cert " + e.getMessage()); + return null; + } + + } + + /** + * Imports a certificate to Certificate Database. Takes certificate and nickname as parameters. + */ + + + public boolean importCert(X509Certificate xcert, String nickname) { + try { + + System.out.println( + "importCert x509 : importing with nickname: " + nickname); + + InternalCertificate cert2 = manager.importCertToPerm(xcert, nickname); + + cert2.setSSLTrust(2); + return true; + + } catch (Exception e) { + System.out.println("exception importing cert " + e.getMessage()); + return false; + } + + } + + /** + * Imports a certificate to Certificate Database. Takes certificate and nickname as parameters. + */ + + + public boolean importCert(String cpack, String cn) { + + System.out.println("importCert string: importing with nickname: " + cn); + try { + + String tmp = normalize(cpack); + + if (DBlogin) { + System.out.println("Already logged into to DB"); + } + + if (manager == null) { + System.out.println("Manager object is null"); + } + + X509Certificate cert = manager.importCertPackage(tmp.getBytes(), cn); + + return true; + + } catch (Exception e) { + System.out.println( + "ERROR:exception importing cert " + e.getMessage()); + e.printStackTrace(); + return false; + } + + } + + /* imports CA certificate + */ + + public boolean importCACert(String cpack) { + + try { + String tmp = normalize(cpack); + + if (DBlogin) { + System.out.println("Already logged into to DB"); + } + + if (manager == null) { + System.out.println("Manager object is null"); + } + + X509Certificate cert = manager.importCACertPackage(tmp.getBytes()); + + return true; + + } catch (Exception e) { + System.out.println( + "ERROR:exception importing cert " + e.getMessage()); + return false; + } + + } + + /** + * Normalizes a given certificate string . Removes the extra \\ in the certificate returned by CMS server. + */ + + + public String normalize(String s) { + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { + val += '\n'; + i++; + continue; + } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { + i++; + continue; + } else if (s.charAt(i) == '"') { + continue; + } + val += s.charAt(i); + } + return val; + } + + /** + * Normalizes a given certificate string . Removes the extra \\ in the certificate returned by CMS server. + */ + + + String normalizeForLDAP(String s) { + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { + val += '\n' + " "; + i++; + continue; + } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { + i++; + continue; + } else if (s.charAt(i) == '"') { + continue; + } + val += s.charAt(i); + } + return val; + } + + /** + * Convert to pkcs7 format + */ + + + public String pkcs7Convertcert(String s) { + + String val = ""; + + int len = s.length(); + + for (int i = 0; i < len; i = i + 64) { + + if (i + 64 < len) { + val = val + s.substring(i, i + 64) + "\n"; + } else { + val = val + s.substring(i, len); + } + + } + return val; + } + + /** + * Delete all keys frim key3.db + **/ + + public void deleteKeys() { + try { + int i = 0; + + store = token.getCryptoStore(); + PrivateKey[] keys = store.getPrivateKeys(); + + if (debug) { + System.out.println("Now we shall delete all the keys!"); + } + + keys = store.getPrivateKeys(); + for (i = 0; i < keys.length; i++) { + PrivateKey key = (PrivateKey) keys[i]; + + store.deletePrivateKey(key); + } + + } catch (Exception e) { + e.printStackTrace(); + } + } + + /** + * Creates a new certificate database + **/ + + + public boolean CreateCertDB() { + return loginDB(); + + } + + /** + * Login to cert database + **/ + + public boolean loginDB() { + Password pass1 = null; + + try { + if (debug) { + System.out.println("CRYPTO INIT WITH CERTDB:" + cdir); + } + + // this piece of code is to create db's with certain prefix + if (certprefix != null) { + CryptoManager.InitializationValues vals; + + vals = new CryptoManager.InitializationValues(cdir, certprefix, + certprefix, "secmod.db"); + CryptoManager.initialize(vals); + } else { + CryptoManager.initialize(cdir); + } + + manager = CryptoManager.getInstance(); + token = (PK11Token) manager.getInternalKeyStorageToken(); + pass1 = new Password(tokenpwd.toCharArray()); + if (token.isLoggedIn() && debug) { + System.out.println("Already Logged in "); + } + + if (debug) { + System.out.println("tokenpwd:" + tokenpwd); + } + + token.login(pass1); + pass1.clear(); + + } catch (AlreadyInitializedException e) { + if (debug) { + System.out.println("Crypto manager already initialized"); + } + } catch (Exception e) { + try { + if (!token.isLoggedIn()) { + token.initPassword(pass1, pass1); + } + return true; + } catch (Exception er) { + System.err.println("some exception:" + e); + return false; + } + } + DBlogin = true; + return true; + } + + /** + * Generate Certificate Request + **/ + + public synchronized boolean generateRequest() { + + System.out.println("generating pkcs10 Request"); + loginDB(); + + try { + debug = true; + System.out.println("Generating request : keysize :" + keysize); + System.out.println("Generating request : subject :" + certnickname); + System.out.println("Generating request : keytype :" + keytype); + + Integer n = new Integer(keysize); + + if (generaterequest) { + blob = token.generateCertRequest(certnickname, n.intValue(), + keytype, (byte[]) null, (byte[]) null, (byte[]) null); + + System.out.println("Cert Request Generated."); + + bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----"; + Blob1 = blob.substring(bstr.length() + 1); + Blob2 = Blob1.substring(0, Blob1.indexOf(estr)); + + System.out.println(Blob2); + pkcs10request = Blob2; + } + + return true; + + } catch (Exception e) { + System.out.println("Exception: Unable to generate request: " + e); + } + + return false; + } + + public String generateCRMFrequest() { + URL url = null; + URLConnection conn = null; + InputStream is = null; + BufferedReader reader = null; + boolean success = false; + int num = 1; + long total_time = 0; + KeyPair pair = null; + + System.out.println("Debug : initialize crypto Manager"); + try { + + // Step 1. initialize crypto Manager + try { + CryptoManager.initialize(cdir); + } catch (Exception e) { + // it is ok if it is already initialized + System.out.println("INITIALIZATION ERROR: " + e.toString()); + System.out.println("cdir = " + cdir); + } + + // Step 2 log into database + try { + + System.out.println("Debug : before getInstance"); + + manager = CryptoManager.getInstance(); + String token_pwd = tokenpwd; + + System.out.println("Debug : before get token"); + + token = manager.getInternalKeyStorageToken(); + password = new Password(token_pwd.toCharArray()); + + System.out.println("Debug : before login password"); + + token.login(password); + + System.out.println("Debug : after login password"); + } catch (Exception e) { + System.out.println("INITIALIZATION ERROR: " + e.toString()); + + if (!token.isLoggedIn()) { + token.initPassword(password, password); + } + } + + // Generating CRMF request + + KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA); + + Integer x = new Integer(keysize); + int key_len = x.intValue(); + + kg.initialize(key_len); + + // 1st key pair + pair = kg.genKeyPair(); + + // create CRMF + CertTemplate certTemplate = new CertTemplate(); + + certTemplate.setVersion(new INTEGER(2)); + + if (certnickname != null) { + X500Name name = new X500Name(certnickname); + ByteArrayInputStream cs = new ByteArrayInputStream(name.getEncoded()); + Name n = (Name) Name.getTemplate().decode(cs); + certTemplate.setSubject(n); + } + + certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); + + SEQUENCE seq = new SEQUENCE(); + CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, + seq); + byte popdata[] = { 0x0, 0x3, 0x0}; + + ProofOfPossession pop = ProofOfPossession.createKeyEncipherment( + POPOPrivKey.createThisMessage(new BIT_STRING(popdata, 3))); + + CertReqMsg crmfMsg = new CertReqMsg(certReq, pop, null); + + SEQUENCE s1 = new SEQUENCE(); + + // 1st : Encryption key + + s1.addElement(crmfMsg); + + // 2nd : Signing Key + + if (dualkey) { + System.out.println("dualkey = true"); + SEQUENCE seq1 = new SEQUENCE(); + CertRequest certReqSigning = new CertRequest(new INTEGER(1), + certTemplate, seq1); + CertReqMsg signingMsg = new CertReqMsg(certReqSigning, pop, null); + + s1.addElement(signingMsg); + } + + byte encoded[] = ASN1Util.encode(s1); + + // BASE64Encoder encoder = new BASE64Encoder(); + // String Req1 = encoder.encodeBuffer(encoded); + String Req1 = OSUtil.BtoA(encoded); + + // Set CRMF_REQUEST variable + CRMF_REQUEST = Req1; + + System.out.println("CRMF_REQUEST = " + CRMF_REQUEST); + + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + e.printStackTrace(); + return null; + } + + return CRMF_REQUEST; + } + + /* + * This function is used to Generated CRMF requests wrapped with the + * transport cert so that we can do key archival with the drm. + * This function expects transportcert variable to be set in this class. + * Use setTransportCert() to do the same. + */ + + public String generateCRMFtransport() { + + boolean success = false; + int num = 1; + long total_time = 0; + KeyPair pair = null; + + try { + // Step 1. initialize crypto Manager + try { + CryptoManager.initialize(cdir); + } catch (Exception e) { + // it is ok if it is already initialized + System.out.println("INITIALIZATION ERROR: " + e.toString()); + System.out.println("cdir = " + cdir); + } + + // Step 2 log into database + try { + + System.out.println("Debug : before getInstance"); + + manager = CryptoManager.getInstance(); + String token_pwd = tokenpwd; + + System.out.println("Debug : before get token"); + + token = manager.getInternalKeyStorageToken(); + password = new Password(token_pwd.toCharArray()); + + System.out.println("Debug : before login password"); + + token.login(password); + + System.out.println("Debug : after login password"); + } catch (Exception e) { + System.out.println("INITIALIZATION ERROR: " + e.toString()); + + if (!token.isLoggedIn()) { + token.initPassword(password, password); + } + } + + // Key Pair Generation + KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA); + Integer x = new Integer(keysize); + int key_len = x.intValue(); + + kg.initialize(key_len); + + pair = kg.genKeyPair(); + + // wrap private key + // BASE64Decoder decoder = new BASE64Decoder(); + // byte transport[] = decoder.decodeBuffer(transportcert); + byte transport[] = OSUtil.AtoB(transportcert); + + X509Certificate tcert = manager.importCACertPackage(transport); + + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + + KeyGenerator kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3); + SymmetricKey sk = kg1.generate(); + + // wrap private key using session + KeyWrapper wrapper1 = token.getKeyWrapper( + KeyWrapAlgorithm.DES3_CBC_PAD); + + wrapper1.initWrap(sk, new IVParameterSpec(iv)); + + byte key_data[] = wrapper1.wrap(( + org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()); + + // wrap session using transport + KeyWrapper rsaWrap = token.getKeyWrapper(KeyWrapAlgorithm.RSA); + + rsaWrap.initWrap(tcert.getPublicKey(), null); + + byte session_data[] = rsaWrap.wrap(sk); + + // create CRMF + CertTemplate certTemplate = new CertTemplate(); + + certTemplate.setVersion(new INTEGER(2)); + + if (certnickname != null) { + X500Name name = new X500Name(certnickname); + ByteArrayInputStream cs = new ByteArrayInputStream(name.getEncoded()); + Name n = (Name) Name.getTemplate().decode(cs); + certTemplate.setSubject(n); + } + + certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); + + // set extension + AlgorithmIdentifier algS = new AlgorithmIdentifier( + new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), + new OCTET_STRING(iv)); + + EncryptedValue encValue = new EncryptedValue(null, algS, + new BIT_STRING(session_data, 0), null, null, + new BIT_STRING(key_data, 0)); + + EncryptedKey key = new EncryptedKey(encValue); + PKIArchiveOptions opt = new PKIArchiveOptions(key); + + SEQUENCE seq = new SEQUENCE(); + + seq.addElement( + new AVA(new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.5.1.4"), opt)); + + CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, + seq); + + // Adding proof of possesion data + byte popdata[] = { 0x0, 0x3, 0x0}; + ProofOfPossession pop = ProofOfPossession.createKeyEncipherment( + POPOPrivKey.createThisMessage(new BIT_STRING(popdata, 3))); + + CertReqMsg crmfMsg = new CertReqMsg(certReq, pop, null); + + SEQUENCE s1 = new SEQUENCE(); + + // 1st : Encryption key + s1.addElement(crmfMsg); + + // 2nd : Signing Key + + if (dualkey) { + System.out.println("dualkey = true"); + SEQUENCE seq1 = new SEQUENCE(); + CertRequest certReqSigning = new CertRequest(new INTEGER(1), + certTemplate, seq1); + CertReqMsg signingMsg = new CertReqMsg(certReqSigning, pop, null); + + s1.addElement(signingMsg); + } + + byte encoded[] = ASN1Util.encode(s1); + + // BASE64Encoder encoder = new BASE64Encoder(); + + // CRMF_REQUEST = encoder.encodeBuffer(encoded); + CRMF_REQUEST = OSUtil.BtoA(encoded); + + System.out.println("Generated crmf request: ...... "); + System.out.println(""); + + System.out.println(CRMF_REQUEST); + System.out.println(""); + System.out.println("End crmf Request:"); + } catch (Exception e) { + System.out.println("Exception: " + e.getMessage()); + } + + return CRMF_REQUEST; + } + +} // end of class + diff --git a/pki/base/silent/src/common/Con2Agent.java b/pki/base/silent/src/common/Con2Agent.java new file mode 100644 index 000000000..bbf7a12b2 --- /dev/null +++ b/pki/base/silent/src/common/Con2Agent.java @@ -0,0 +1,329 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.net.*; +import java.io.*; +import java.util.*; +import java.math.*; + +import org.mozilla.jss.*; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.util.*; +import org.mozilla.jss.ssl.*; +import org.mozilla.jss.crypto.*; +import org.mozilla.jss.CertDatabaseException; +import org.mozilla.jss.pkcs11.*; +import org.mozilla.jss.pkcs11.PK11Token; + +import sun.misc.*; +import java.lang.Exception; +import java.security.*; +import java.net.URLEncoder; + + +/** + * CMS Test framework . + * Submits a requests to agent port with sslclient authentication. + */ + +public class Con2Agent implements SSLClientCertificateSelectionCallback, + SSLCertificateApprovalCallback { + + private int i, port; + private String host, certdir, certnickname, tokenpwd, certname, query; + private String ACTIONURL; + + private BufferedReader stdin = null; + private StringBuffer stdout = new StringBuffer(); + + public Con2Agent() {} + + /** + *Constructor. Takes hostname , portnumber , certificate nickname, token password ,client certdb directory + * @param hostname + * @param portnumber + * @param agent cert nickname + * @param token password + * @param certdb directory + */ + + + public Con2Agent(String hs, int p, String cname, String tpwd, String cdir) { + host = hs; + port = p; + certnickname = cname; + tokenpwd = tpwd; + certdir = cdir; + } + + public boolean approve(X509Certificate x509, SSLCertificateApprovalCallback.ValidityStatus status) { + return true; + } + + public String select(Vector nicknames) { + Enumeration e = nicknames.elements(); + + System.out.println("nicknames size = " + nicknames.size()); + int i = 0; + + while (e.hasMoreElements()) { + String s = (String) e.nextElement(); + + i++; + } + + if (i > 0) { + return (String) nicknames.elementAt(0); + } else { + return null; + } + + } + + // Get and Set methods + + /* + * Get the page returned by the server + */ + + public StringBuffer getPage() { + return stdout; + } + + /* + * Set the query string to be submitted to the server + */ + + public void setQueryString(String qu) { + query = qu; + } + + /* + *Set token password + */ + + public void setTokenPassword(String pwd) { + tokenpwd = pwd; + } + + /* + * Set Client cert database + */ + + public void setCertDBDir(String cdir) { + certdir = cdir; + } + + /* + * Set host name + */ + + public void setHost(String hs) { + host = hs; + } + + /* + * set Agent port number + */ + + public void setPort(int p) { + port = p; + } + + /* + * Set Agent cert nickname + */ + + public void setCertNickName(String cname) { + certnickname = cname; + } + + /* + * Set action URL + */ + + public void setActionURL(String url) { + ACTIONURL = url; + } + + // Submit requests + + public boolean Send() { + boolean st = false; + + try { + + if (!loginCertDB()) { + return false; + } + + SSLSocket socket = new SSLSocket(host, port, null, 0, this, null); + + System.out.println("Con2Agent.java: host = " + host); + System.out.println("Con2Agent.java: port = " + port); + System.out.println("Con2Agent.java: certnickname = " + certnickname); + + socket.setClientCertNickname(certnickname); + System.out.println("Connected to the socket"); + + OutputStream rawos = socket.getOutputStream(); + BufferedOutputStream os = new BufferedOutputStream(rawos); + PrintStream ps = new PrintStream(os); + + System.out.println(ACTIONURL); + System.out.println("Query :" + query); + ps.println("POST " + ACTIONURL + " HTTP/1.0"); + ps.println("Connection: Keep-Alive"); + ps.println("Content-type: application/x-www-form-urlencoded"); + ps.println("Content-length: " + query.length()); + ps.println(""); + ps.println(query); + ps.println("\r"); + ps.flush(); + os.flush(); + BufferedReader stdin1 = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + String line; + + while ((line = stdin1.readLine()) != null) { + stdout.append(line + "\n"); + System.out.println(line); + } + + // Send Connection: close to let the server close the connection. + // Else the socket on the server side continues to remain in TIME_WAIT state + + ps.println("Connection: close"); + ps.flush(); + os.flush(); + os.close(); + rawos.close(); + ps.close(); + stdin1.close(); + socket.close(); + + if (socket.isClosed()) { + System.out.println("Con2Agent.java : Socket is Closed"); + } else { + System.out.println("Con2Agent.java : Socket not Closed"); + } + + } catch (Exception e) { + System.out.println("some exception: in Send routine" + e); + return false; + } + + return true; + + } + + private boolean loginCertDB() { + CryptoManager manager; + Password pass1 = null, pass2 = null; + + try { + System.out.println("Step 1: Initializing CryptoManager"); + CryptoManager.initialize(certdir); + + System.out.println("Step 2: Login to Cert Database"); + manager = CryptoManager.getInstance(); + CryptoToken token = (PK11Token) manager.getInternalKeyStorageToken(); + + if (token.isLoggedIn()) { + System.out.println("Con2Agent: Logged in incorrect"); + } + + System.out.println("tokenpwd:" + tokenpwd); + char[] passchar1 = new char[tokenpwd.length()]; + + tokenpwd.getChars(0, tokenpwd.length(), passchar1, 0); + + pass1 = new Password((char[]) passchar1.clone()); + token.login(pass1); + + X509Certificate cert2 = manager.findCertByNickname(certnickname); + + certname = cert2.getNickname(); + return true; + + } catch (AlreadyInitializedException e) { + System.out.println("Crypto manager already initialized"); + return true; + } catch (NumberFormatException e) { + System.err.println("Invalid key size: " + e); + return false; + } catch (java.security.InvalidParameterException e) { + System.err.println("Invalid key size: " + e); + return false; + + } catch (Exception e) { + System.err.println("some exception:" + e); + e.printStackTrace(); + return false; + } + + } + + public boolean Send_withGET() { + + boolean st = false; + + try { + + if (!loginCertDB()) { + return false; + } + + SSLSocket socket = new SSLSocket(host, port, null, 0, this, null); + + socket.setClientCertNickname(certnickname); + System.out.println("Connected to the socket"); + + OutputStream rawos = socket.getOutputStream(); + BufferedOutputStream os = new BufferedOutputStream(rawos); + PrintStream ps = new PrintStream(os); + + System.out.println("Query in con2agent :" + query); + System.out.println("ACTIONURL in con2agent : " + ACTIONURL); + + ps.println("GET " + ACTIONURL + query + " HTTP/1.0"); + ps.println(""); + ps.println("\r"); + ps.flush(); + os.flush(); + BufferedReader stdin2 = new BufferedReader( + new InputStreamReader(socket.getInputStream())); + String line; + + while ((line = stdin2.readLine()) != null) { + stdout.append(line + "\n"); + } + stdin2.close(); + + socket.close(); + + } catch (Exception e) { + System.err.println("some exception: in Send routine" + e); + return false; + } + + return true; + + } + +} // end of class diff --git a/pki/base/silent/src/common/ParseXML.java b/pki/base/silent/src/common/ParseXML.java new file mode 100644 index 000000000..e80c512d0 --- /dev/null +++ b/pki/base/silent/src/common/ParseXML.java @@ -0,0 +1,165 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import org.w3c.dom.*; +import org.apache.xml.serialize.*; + +import javax.xml.parsers.*; +import java.util.*; +import java.io.*; +import java.net.*; + + +public class ParseXML { + Document dom = null; + + public ParseXML() {// nothing + } + + public void parse(java.io.InputStream is) { + try { + // get the factory + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + + // Using factory get an instance of document builder + DocumentBuilder db = dbf.newDocumentBuilder(); + + // parse using builder to get DOM representation of the XML file + dom = db.parse(is); + } catch (Exception se) { + System.out.println("ERROR: unable to parse xml"); + se.printStackTrace(); + + try { + BufferedReader br = new BufferedReader(new InputStreamReader(is)); + StringBuilder sb = new StringBuilder(); + String line = null; + + while ((line = br.readLine()) != null) { + sb.append(line + "\n"); + } + + br.close(); + System.out.println("ERROR XML = " + sb.toString()); + } catch (Exception se1) { + System.out.println("ERROR: unable to print xml"); + se1.printStackTrace(); + } + } + } + + public String getvalue(String tag) { + String temp = null; + + try { + + // get the root elememt + Element docEle = dom.getDocumentElement(); + + // get a nodelist of <employee> elements + NodeList nl = docEle.getElementsByTagName(tag); + + if (nl != null && nl.getLength() > 0) { + Element el = (Element) nl.item(0); + + if (el != null) { + temp = el.getFirstChild().getNodeValue(); + } + } + } catch (Exception e) { + System.out.println("ERROR: Tag=" + tag + "has no values"); + return null; + } + + return temp; + } + + public void prettyprintxml() { + try { + // Serialize the document + OutputFormat format = new OutputFormat(dom); + + format.setLineWidth(65); + format.setIndenting(true); + format.setIndent(2); + XMLSerializer serializer = new XMLSerializer(System.out, format); + + serializer.serialize(dom); + } catch (Exception e) {} + } + + private String getTextValue(Element ele, String tagName) { + String textVal = null; + NodeList nl = ele.getElementsByTagName(tagName); + + if (nl != null && nl.getLength() > 0) { + Element el = (Element) nl.item(0); + + textVal = el.getFirstChild().getNodeValue(); + } + + return textVal; + } + + // returns an arraylist of values for the corresponding tag + + public ArrayList constructvaluelist(String first, String second) { + String temp = null; + ArrayList al = new ArrayList(); + + try { + // get the root elememt + Element docEle = dom.getDocumentElement(); + + // get a nodelist of <employee> elements + NodeList nl = docEle.getElementsByTagName(first); + + if (nl != null && nl.getLength() > 0) { + for (int i = 0; i < nl.getLength(); i++) { + Element el = (Element) nl.item(i); + String value = getTextValue(el, second); + + System.out.println("tag=" + second + " value=" + value); + if (value != null) { + al.add(value); + } + } + } + } catch (Exception e) { + System.out.println("ERROR: Tag=" + first + " has no values"); + } + + return al; + } + + public static void main(String args[]) { + try { + + ParseXML px = new ParseXML(); + FileInputStream fiscfg = new FileInputStream("/tmp/test.xml"); + + px.parse(fiscfg); + px.prettyprintxml(); + + } catch (Exception e) {} + } + +} + + +; // end class diff --git a/pki/base/silent/src/common/PostQuery.java b/pki/base/silent/src/common/PostQuery.java new file mode 100644 index 000000000..b8ab7505a --- /dev/null +++ b/pki/base/silent/src/common/PostQuery.java @@ -0,0 +1,137 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.net.*; +import java.io.*; +import java.util.*; + +import com.netscape.osutil.OSUtil; + +/** + * CMS Test framework . + * This class submits request to admin server after authenticating with UID and Password. You can get back the response by calling the method. getPage(). + */ + + + +public class PostQuery { + + private boolean st; + private String NmcStatus = "NMC_STATUS: 0"; + private String postQuery = null; + private String adminID, adminPWD, URLString; + + private StringBuffer stdout = new StringBuffer(); + + /** + * Constructor . Takes the parameters urlstring("http://hostname:<portnumber> , Id for authenticating to the server, password for authentication to the server and query which needs to be submitted to the server + */ + + public PostQuery(String urlstr, String authid, String authpwd, String querystring) { + + URLString = urlstr; + adminID = authid; + adminPWD = authpwd; + postQuery = querystring; + + } + + public void setNMCStatus(String m) { + NmcStatus = m; + } + + public void setPostQueryString(String querystring) { + postQuery = querystring; + } + + public void setAuth(String ID, String Pwd) { + adminID = ID; + adminPWD = Pwd; + } + + public StringBuffer getPage() { + return stdout; + } + + public boolean Send() { + // / This functions connects to the URL and POST HTTP Request . + // It compares with NMC_STATUS and return the status. + System.out.println(URLString); + st = false; + + try { + + BufferedReader mbufferedReader = null; + URL myUrl = new URL(URLString); + String userPassword = adminID + ":" + adminPWD; + + System.out.println("adminid=" + adminID); + System.out.println("adminpwd=" + adminPWD); + // String encoding = new sun.misc.BASE64Encoder().encode( + // userPassword.getBytes()); + String encoding = OSUtil.BtoA( + userPassword.getBytes()); + HttpURLConnection URLCon = (HttpURLConnection) myUrl.openConnection(); + + URLCon.setRequestProperty("Authorization", "Basic " + encoding); + URLCon.setDoOutput(true); + URLCon.setDoInput(true); + URLCon.setUseCaches(false); + URLCon.setRequestProperty("Content-type", + "application/x-www-form-urlencoded"); + // URLCon.setRequestMethod("POST"); + System.out.println("After post"); + + DataOutputStream os = new DataOutputStream(URLCon.getOutputStream()); + + System.out.println("Query: " + postQuery); + + int querylength = postQuery.length(); + + os.writeBytes(postQuery); + os.flush(); + os.close(); + + InputStream Content = (InputStream) URLCon.getInputStream(); + + System.out.println("Configuring Cert Instance : Return Response"); + BufferedReader in = new BufferedReader( + new InputStreamReader(Content)); + String line; + + while ((line = in.readLine()) != null) { + System.out.println(line); + stdout.append(line + "\n"); + st = line.startsWith(NmcStatus); + if (st) { + break; + } + } + URLCon.disconnect(); + } // try + catch (MalformedURLException e) { + System.out.println(URLString + " is not a valid URL."); + + } catch (IOException e) { + System.out.println("exception : " + e.getMessage()); + } + System.out.println(st); + return st; + } + +} diff --git a/pki/base/silent/src/common/ServerInfo.java b/pki/base/silent/src/common/ServerInfo.java new file mode 100644 index 000000000..09d3e4759 --- /dev/null +++ b/pki/base/silent/src/common/ServerInfo.java @@ -0,0 +1,375 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.net.*; +import java.io.*; +import java.util.*; + + +/** + * CMS Test framework . + * This class fetches all the necssary ServerInformation to run the test . For example AdminServer information linke port , hsotname, Config LDAP server port, CMS servers Agentport,AdminPort, EESSL port, EE port etc.. + */ + + +public class ServerInfo { + + public String serverRoot, instanceRoot, instanceID; + public String ldapPort, ldapHost, ldapSSLPort, ldapBaseSuffix, adminPort, admDN, admDNPW, singleSignOnPWD, domain; + public String caSigningCertNickName, raSigningCertNickName, ocspSigningCertNickName, kraTransportCertNickName; + public String ServerCertNickName, CertAuthority; + public String CMSAgentPort, CMSEESSLPort, CMSEEPort, CMSAdminPort, IDBPort; + + public static CMSProperties props = null; + public static CMSProperties CMSprops = null; + + // Private variables + private int i; + public String CMSConfigFile, AdminConfigFile; + + public ServerInfo() {} + + /** + * Constructor. Takes Server root as parameter for example ( /export/qa). Reads and collects information about adminserver and Config LDAP server. + */ + public ServerInfo(String sroot) { + serverRoot = sroot; + AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf"; + readAdminConfig(); + SystemInfo(); + } + + /** + * Constructor. Takes Serverroot ( /export/qa) and instanceRoot (/export/qa/cert-jupiter2) as parameters . Reads and collects information about Admin Server , Config LDAP server and CMS server . + */ + + + public ServerInfo(String sroot, String instRoot) { + serverRoot = sroot; + instanceRoot = instRoot; + CMSConfigFile = instanceRoot + "/config/CS.cfg"; + AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf"; + instanceID = instanceRoot.substring(instanceRoot.indexOf("cert-") + 5); + readAdminConfig(); + SystemInfo(); + parseServerXML(); + readCMSConfig(); + } + + public String GetAdminPort() { + return adminPort; + } + + public String GetConfigLDAPPort() { + return ldapPort; + } + + public String GetHostName() { + if (domain.indexOf(".") > 0) { + return domain.substring(0, domain.indexOf(".")); + } else { + return domain; + } + } + + public String GetInstanceID() { + return instanceID; + } + + public String GetCMSConfigFileName() { + return CMSConfigFile; + } + + public String GetDomainName() { + return ldapHost.substring(ldapHost.indexOf(".") + 1); + } + + public String GetAgentPort() { + return CMSAgentPort; + } + + public String GetEESSLPort() { + return CMSEESSLPort; + } + + public String GetEEPort() { + return CMSEEPort; + } + + public String GetCMSAdminPort() { + return CMSAdminPort; + } + + public String GetInternalDBPort() { + return IDBPort; + } + + public String GetCertAuthority() { + return CertAuthority; + } + + public String GetCASigningCert() { + return caSigningCertNickName; + } + + public String GetRASigningCert() { + return raSigningCertNickName; + } + + public String GetServerCertNickName() { + return ServerCertNickName; + } + + public void setInstanceRoot(String instRoot) { + instanceRoot = instRoot; + CMSConfigFile = instanceRoot + "/config/CS.cfg"; + AdminConfigFile = serverRoot + "/admin-serv/config/adm.conf"; + instanceID = instanceRoot.substring(instanceRoot.indexOf("cert-") + 5); + SystemInfo(); + parseServerXML(); + readCMSConfig(); + } + + // Private functions + private void SystemInfo() { + try { + domain = InetAddress.getLocalHost().getHostName(); + System.out.println("Debu:SystemInfo " + domain); + } catch (Exception e) { + System.out.println("Exception InetAddress : " + e.getMessage()); + } + + } + + private void parseServerXML() { + int AGENT = 1; + int ADMIN = 2; + int EE_SSL = 3; + int EE_NON_SSL = 4; + int IP = 5; + int PORT = 6; + BufferedReader in = null; + + try { + String xmlFilePath = instanceRoot + "/config/server.xml"; + + in = new BufferedReader(new FileReader(xmlFilePath)); + String s = in.readLine(); + + while (s != null) { + // <SSLPARAMS servercertnickname="Server-Cert cert-firefly" + int index = s.indexOf("servercertnickname"); + + if (index >= 0) { + String str = s.substring(index + 20); + StringTokenizer tokenizer = new StringTokenizer(str, "\""); + + if (tokenizer.hasMoreElements()) { + String mServerCertNickname = tokenizer.nextToken(); + } + } + + // <LS id="agent" ip="0.0.0.0" port="8101" security="on" + // acceptorthreads="1" blocking="no"> + if (s.startsWith("<LS id=")) { + StringTokenizer st = new StringTokenizer(s, "\""); + int index1 = 5, index2 = 3; + + while (st.hasMoreTokens()) { + String token = st.nextToken(); + + if (token.equalsIgnoreCase("agent")) { + index1 = AGENT; + } else if (token.equalsIgnoreCase("admin")) { + index1 = ADMIN; + } else if (token.equalsIgnoreCase("eeSSL")) { + index1 = EE_SSL; + } else if (token.equalsIgnoreCase("ee_nonSSL")) { + index1 = EE_NON_SSL; + } else if (token.equals(" ip=")) { + index2 = IP; + } else if (token.equals(" port=")) { + index2 = PORT; + } + + if (index1 != 5 && index2 == IP && !token.equals(" ip=")) { + String ip = token; + } else if (index2 == PORT && !token.equals(" port=")) { + + switch (index1) { + case 1: + CMSAgentPort = token; + break; + + case 2: + CMSAdminPort = token; + break; + + case 3: + CMSEESSLPort = token; + break; + + case 4: + CMSEEPort = token; + break; + + default: + break; + + } + + break; + } + } // while token + } // if LS + s = in.readLine(); + } // while file no end + in.close(); + } catch (Exception e) { + if (in != null) { + try { + in.close(); + } catch (Exception ex) {} + } + } + } + + private void getProperties(String filePath) throws Exception { + try { + FileInputStream fis = new FileInputStream(filePath); + + props = new CMSProperties(); + props.load(fis); + System.out.println("Reading Properties file successful"); + fis.close(); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + private String stripSpace(String s) { + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == ' ')) { + i++; + continue; + } else { + val += s.charAt(i); + } + } + return val; + } + + private void readAdminConfig() { + String ldapHostStr = "ldapHost:"; + String ldapPortStr = "ldapPort:"; + String adminPortStr = "port:"; + + try { + FileInputStream fis = new FileInputStream(AdminConfigFile); + int size = fis.available(); + byte b[] = new byte[size]; + + if (fis.read(b) != b.length) { + System.out.println("Could not read "); + + } else { + String tmpstr = new String(b, 0, b.length); + int ret; + + if ((ret = tmpstr.indexOf(ldapHostStr)) > -1) { + ldapHost = tmpstr.substring(ret + ldapHostStr.length() + 1, + tmpstr.indexOf("ldapPort", ret) - 1); + ldapHost = stripSpace(ldapHost); + // System.out.println(ldapPort); + } + + if ((ret = tmpstr.indexOf(ldapPortStr)) > -1) { + ldapPort = tmpstr.substring(ret + ldapPortStr.length() + 1, + tmpstr.indexOf("sie", ret) - 1); + ldapPort = stripSpace(ldapPort); + // System.out.println(ldapPort); + } + if ((ret = tmpstr.indexOf(adminPortStr)) > -1) { + adminPort = tmpstr.substring(ret + adminPortStr.length() + 1, + tmpstr.indexOf("ldapStart", ret) - 1); + adminPort = stripSpace(adminPort); + // System.out.println(adminPort); + } + + } + + fis.close(); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + private void readCMSConfig() { + + try { + FileInputStream fis = new FileInputStream(CMSConfigFile); + + CMSprops = new CMSProperties(); + CMSprops.load(fis); + System.out.println("Reading CMS Config file successful"); + CertAuthority = CMSprops.getProperty("subsystem.0.id"); + if (CertAuthority.equals("ca")) { + caSigningCertNickName = CMSprops.getProperty( + "ca.signing.cacertnickname"); + ServerCertNickName = "Server-Cert cert-" + instanceID; + } + if (CertAuthority.equals("ra")) { + raSigningCertNickName = CMSprops.getProperty( + "ra.signing.cacertnickname"); + ServerCertNickName = "Server-Cert cert-" + instanceID; + } + IDBPort = CMSprops.getProperty("internaldb.ldapconn.port"); + + fis.close(); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + public static void main(String args[]) { + ServerInfo s = new ServerInfo("Test", "Test"); + + System.out.println(" Admin Port : " + s.GetAdminPort()); + System.out.println(" LDAP Port : " + s.GetConfigLDAPPort()); + System.out.println("Hostname " + s.GetHostName()); + System.out.println("InstanceID" + s.GetInstanceID()); + System.out.println(" doamin name : " + s.GetDomainName()); + System.out.println("AgentPort " + s.GetAgentPort()); + System.out.println("EESSLPort " + s.GetEESSLPort()); + System.out.println("EEPort " + s.GetEEPort()); + System.out.println("CMSAdminPort :" + s.GetCMSAdminPort()); + System.out.println("CAAuthority : " + s.GetCertAuthority()); + System.out.println("CASigningCert:" + s.GetCASigningCert()); + System.out.println("RASigningCert:" + s.GetRASigningCert()); + System.out.println("ServerCert" + s.GetServerCertNickName()); + + }// end of function main + +} // end of class + diff --git a/pki/base/silent/src/common/TestClient.java b/pki/base/silent/src/common/TestClient.java new file mode 100644 index 000000000..e953f09f7 --- /dev/null +++ b/pki/base/silent/src/common/TestClient.java @@ -0,0 +1,978 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.net.*; +import java.io.*; +import java.util.*; +import java.math.*; + +import org.mozilla.jss.*; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.util.*; +import org.mozilla.jss.ssl.*; +import org.mozilla.jss.crypto.*; +import org.mozilla.jss.CertDatabaseException; +import org.mozilla.jss.pkcs11.*; +import org.mozilla.jss.pkcs11.PK11Token; + +// import sun.misc.*; +import java.lang.Exception; + + +/** + * CMS Test framework . + * Before createing an instance of this class make sure you havae set an environment variable TEST_CONFIG_FILE. + */ + + + +public class TestClient implements SSLCertificateApprovalCallback { + + public int port; + + // properties file parameters + public static String host, ports, adminid, adminpwd, propfileName, cdir; + public static String certnickname, keysize, keytype, tokenpwd; + public static String serverRoot, instanceRoot, ldaprootDN, ldaprootDNPW, caInstanceRoot, dataDirectory; + + // Program variables + public String STATUS; + public Properties props = null; + public String ACTION_STRING; + public String query; + public boolean debug = false; + // Certificate nicknames to be used by Test Clients + private int i; + private String testConfigFile; + + public String caAgentCertName = "ca-agent"; + public String raAgentCertName = "ra-agent"; + public String ocspAgentCertName = "ocsp-agent"; + public String kraAgentCertName = "kra-agent"; + public String tksAgentCertName = "tks-agent"; + public String singleSignOnPWD = "secret12"; + public String adminCertName = "cn=admin"; + private String ldapBaseSuffix = "dc=netscape,dc=com"; + private String admDN = "admin"; + private String admDNPW = "admin"; + private String TmpDir; + private String TestLogFile; + private String startupTests, cleanupTests; + + private X509Certificate SSLServerCert = null; + + // Cert Sub vart + public String UID, OU, O, DN, E, CN, C, GN, SN, L, MAIL; + // Enroll + String PWD; + // CRypto + public ComCrypto cCrypt = new ComCrypto(); + public String pkcs10request = null; + + // Error + + public String ErrorDetail; + + private String serverKeyType, serverKeySize, serverKeyAlgo; + + private String unauth[] = { + "Unauthorized Access", "Server Error", + "Not Found", "Generic Unauthorized"}; + + public boolean approve(X509Certificate x509, SSLCertificateApprovalCallback.ValidityStatus status) { + SSLServerCert = x509; + return true; + } + + // Constructor + + + public TestClient() { + keysize = "1024"; + keytype = "RSA"; + } + + /** + * Constructor . Takes the parameter for keysize and keytype . + * Before creating a new instance of this class make sure you have set TEST_CONFIG_FILE variable in your environnemt. + * Reads the TEST_CONFIG_FILE . Initializes the certificate database. See engage.cfg file for example. + * @param keysize + * @param keytype + */ + + + public TestClient(String ks, String kt) { + + testConfigFile = ReadEnv("TEST_CONFIG_FILE"); + + System.out.println(testConfigFile); + readConfigFile(); + keysize = ks; + keytype = kt; + cCrypt.setCertDir(cdir); + cCrypt.setCertnickname(adminCertName); + cCrypt.setKeySize(keysize); + cCrypt.setKeyType(keytype); + cCrypt.setTokenPWD(tokenpwd); + cCrypt.setDebug(true); + cCrypt.CreateCertDB(); + + } + + /** + * Gets the SSLServer Certificate of the server + */ + + public X509Certificate getSSLServerCert() { + return SSLServerCert; + } + + /** + * finds the cert with nickname cname in the clients cert database + */ + + public X509Certificate findCertByNickname(String cname) { + + return cCrypt.findCert(cname); + + } + + /** + * Imports certificate to cert database.Takes parameters Certpackage and certnickname + */ + boolean importCert(String cp, String nickname) { + + return cCrypt.importCert(cp, nickname); + + } + + /** + * This function returns true if you choose to executeStartupTests + */ + + public boolean executeStartupTests() { + + if (startupTests == null) { + return false; + } else if (startupTests.equals("y")) { + return true; + } else { + return false; + } + + } + + /** + * This function returns true if you choose to executeCleanupTests + */ + + + public boolean executeCleanupTests() { + + if (cleanupTests == null) { + return false; + } else if (cleanupTests.equals("y")) { + return true; + } else { + return false; + } + + } + + public String GetServerRoot() { + return serverRoot; + } + + public String GetInstanceRoot() { + return instanceRoot; + } + + public String getErrorDetail() { + return ErrorDetail; + } + + public String GetAdminDN() { + return admDN; + } + + public String GetAdminDNPWD() { + return admDNPW; + } + + public String GetLDAPDN() { + return ldaprootDN; + } + + public String GetLDAPDNPW() { + return ldaprootDNPW; + } + + public String GetLDAPBASE() { + return ldapBaseSuffix; + } + + public String GetAdminCertName() { + return adminCertName; + } + + public String GetRAAgentCertName() { + return raAgentCertName; + } + + public String GetKRAAgentCertName() { + return kraAgentCertName; + } + + public String GetOCSPAgentCertName() { + return ocspAgentCertName; + } + + public String GetTKSAgentCertName() { + return tksAgentCertName; + } + + public String GetDataDirectory() { + return dataDirectory; + } + + public String GetClientCertDB() { + return cdir; + } + + public String GetClientCertDBPW() { + return tokenpwd; + } + + public String GetSingleSignOnPW() { + return singleSignOnPWD; + } + + public String GetCARoot() { + return caInstanceRoot; + } + + public String GetTmpDir() { + return TmpDir; + } + + public String GetServerKeySize() { + return serverKeySize; + } + + public String GetServerKeyType() { + return serverKeyType; + } + + public String GetServerKeyAlgorithm() { + return serverKeyAlgo; + } + + public void setStatusString(String ststr) { + STATUS = ststr; + } + + public void setDebug(boolean t) { + debug = t; + } + + public void setpkcs10Request(String t) { + pkcs10request = t; + } + + public void setHostName(String s) { + host = s; + } + + public void setCARoot(String s) { + caInstanceRoot = s; + } + + public void setTestLogFile(String s) { + TestLogFile = s; + } + + /** + * parses a http page and returns true if any error is returned by server + **/ + + public boolean getError(String line) { + + int ret; + + ret = line.indexOf("fixed.errorDetails"); + + if (line.indexOf("fixed.errorDetails") == 0) { + ErrorDetail = line.substring( + ret + ("fixed.errorDetails = ").length()); + return true; + } + + if (line.indexOf("fixed.errorDetails") >= 0) { + ErrorDetail = line.substring( + ret + ("fixed.errorDetails = ").length()); + return true; + } + + ret = line.indexOf("fixed.unexpectedError"); + + if (line.indexOf("fixed.unexpectedError") == 0) { + System.out.println("Processing unexpectedError"); + ErrorDetail = line.substring( + ret + ("fixed.unexpectedError = ").length()); + return true; + } + + if (line.indexOf(unauth[0]) > 0) { + ErrorDetail = unauth[0]; + return true; + } + if (line.indexOf(unauth[1]) > -1) { + ErrorDetail = unauth[1]; + return true; + } + if (line.indexOf(unauth[2]) > -1) { + ErrorDetail = unauth[2]; + return true; + } + if (line.indexOf(unauth[3]) > -1) { + ErrorDetail = unauth[3]; + return true; + } + + if (line.indexOf("errorReason") >= 0) { + ErrorDetail = line.substring(ret + ("errorReason=").length()); + return true; + } + + return false; + } + + /** + * Reads a properties file . Takes filename as input parameter. + */ + + public void getProperties(String fileName) throws Exception { + try { + FileInputStream fis = new FileInputStream(fileName); + + props = new Properties(); + props.load(fis); + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + } + + } + + public String ReadEnv(String str) { + try { + Process p = null; + Runtime r = Runtime.getRuntime(); + String OS = System.getProperty("os.name").toLowerCase(); + + if (OS.indexOf("windows") > 1) { + p = r.exec("cmd.exe /c set"); + } else { + p = r.exec("env"); + } + + BufferedReader br = new BufferedReader( + new InputStreamReader(p.getInputStream())); + String line; + + while ((line = br.readLine()) != null) { + int idx = line.indexOf('='); + String key = line.substring(0, idx); + String value = line.substring(idx + 1); + + // System.out.println(key + "=" + value); + if (key.startsWith(str)) { + return value; + } + } + return null; + } catch (Throwable e) { + e.printStackTrace(); + } + return null; + } + + private void readConfigFile() { + try { + getProperties(testConfigFile); + } catch (Exception e) { + System.out.println( + "exception reading TestConfigFile " + e.getMessage()); + } + + serverRoot = props.getProperty("SROOT"); + instanceRoot = props.getProperty("IROOT"); + dataDirectory = props.getProperty("DATA_DIR"); + ldapBaseSuffix = props.getProperty("LDAPBASESUFFIX"); + + if (ldapBaseSuffix.indexOf("\"") > -1) { + ldapBaseSuffix = ldapBaseSuffix.substring(1, + ldapBaseSuffix.length() - 1); + } + + ldaprootDN = props.getProperty("LDAPROOTDN"); + // Strip of th e quotes "cn=directory manager" string + if (ldaprootDN.indexOf("\"") > -1) { + ldaprootDN = ldaprootDN.substring(1, ldaprootDN.length() - 1); + } + System.out.println("ldaprootDN : " + ldaprootDN); + + ldaprootDNPW = props.getProperty("LDAPROOTDNPW"); + cdir = props.getProperty("CERTDB"); + tokenpwd = props.getProperty("CERTDBPW"); + caInstanceRoot = props.getProperty("CAIROOT"); + admDN = props.getProperty("ADMINDN"); + admDNPW = props.getProperty("ADMINDNPW"); + singleSignOnPWD = props.getProperty("SINGLESIGNONPW"); + serverKeySize = props.getProperty("KEYSIZE"); + serverKeyType = props.getProperty("KEYTYPE"); + serverKeyAlgo = props.getProperty("KEYALGORITHM"); + + TmpDir = props.getProperty("TMP_DIR"); + TestLogFile = props.getProperty("TEST_LOG_FILE"); + + String de = props.getProperty("DEBUG"); + + if (de == null) { + debug = false; + } else if (de.equals("true")) { + debug = true; + } else { + debug = false; + } + + } + + /** + * returns a String representation of an interger + */ + public String getString(int m) { + Integer x = new Integer(m); + String s = x.toString(); + + return s; + } + + private static boolean isSocketUnused(String h, int p) { + + try { + + Socket ss = new Socket(h, p); + + ss.close(); + return false; + + } catch (IOException e) { + return true; + } + } + + /** + * returns FreePort in this machine . Takes a parmater portnumber. For example getFreePort("4026"). + */ + public String getFreePort(String s) { + Integer x = new Integer(s); + int p = x.intValue(); + boolean st = true; + + // if p = 0, then the serversocket constructor get a free port by itself + p = 0; + try { + ServerSocket ss1 = new ServerSocket(p); + + p = ss1.getLocalPort(); + System.out.println("Obtained Free Port = " + p); + ss1.close(); + return (getString(p)); + } catch (Exception e) { + System.out.println("Unable to get Free Port"); + e.printStackTrace(); + p = 0; + return (getString(p)); + } + + // This following method doesn't Always get a free port. + // while (st) { + // if(isSocketUnused(host,p) ) + // st=false; + // p++; + // } + // return (getString(p)); + + } + + /** + * Reads a file and returns the cert request as string + **/ + + public String readRequest(String filename) { + try { + FileInputStream f1 = new FileInputStream(filename); + int size = f1.available(); + byte b[] = new byte[size]; + + if (f1.read(b) != b.length) { + return null; + } + + f1.close(); + String s = new String(b); + + return s; + } catch (Exception e) { + System.out.println("exception " + e.getMessage()); + return null; + } + } + + public static void main(String args[]) { + TestClient t = new TestClient("1024", "RSA"); + + /* + ******************************************************************* + * Sample programs to initialze calsses + ******************************************************************* + */ + + + /* + ******************************************************************** + * To Test AutoInstaller + ******************************************************************* + */ + + + /* + AutoInstaller a = new AutoInstaller(t.GetServerRoot()); + + ServerInfo s = new ServerInfo(t.GetServerRoot()); + System.out.println (" Admin Port : " + s.GetAdminPort()); + System.out.println (" LDAP Port : "+ s.GetConfigLDAPPort()); + System.out.println( "Hostname " + s.GetHostName()); + System.out.println(" doamin name : " + s.GetDomainName()); + + t.setHostName(s.GetHostName()); + // Set adminServer Info + a.setAdminInfo(s.GetHostName(),s.GetAdminPort(),s.GetDomainName(),"admin","admin"); + a.setAdminInfo(s.GetHostName(),s.GetAdminPort(),"mcom.com","admin","admin"); + + // setCAInfo + a.setCAInfo(s.GetHostName(),"1027","8100","admin","secret12"); + //setInternalDB info + String dp = t.getFreePort("38900"); + a.setInternalDBInfo(s.GetHostName(),"38907","ca-db","cn=directory manager","secret12" ); + + // set tokenInfo + + a.setTokenInfo("Internal","secret12"); + + // set Subsystem info + String agp = t.getFreePort("8100"); + String adp = t.getFreePort("8200"); + String eesp = t.getFreePort("1027"); + String eep = t.getFreePort("1100"); + + System.out.println(agp); + + a.setSubSystemInfo("testra",t.GetServerRoot(),"RSA","1024","MD5","365","cn=certificate manager,ou=test,o=test",adp,agp,eesp,eep); + + a.setClientDBInfo(t.GetClientCertDB(),"secret12",t.GetAdminCertName()); + + a.ConfigureCA("admin","admin","secret12","secret12"); + + // a.ConfigureRA("admin","admin","secret12","secret12"); + + */ + + /* + ****************************************************** + * Example to Get Server Details + ****************************************************** + */ + + + + ServerInfo s = new ServerInfo(t.GetServerRoot(), t.GetInstanceRoot()); + + t.setHostName(s.GetHostName()); + + System.out.println("AgentPort " + s.GetAgentPort()); + System.out.println("EESSLPort " + s.GetEESSLPort()); + System.out.println("EEPort " + s.GetEEPort()); + System.out.println("CMSAdminPort :" + s.GetCMSAdminPort()); + System.out.println("IDBPort : " + s.GetInternalDBPort()); + System.out.println("CAAuthority : " + s.GetCertAuthority()); + System.out.println("CASigningCert:" + s.GetCASigningCert()); + System.out.println("RASigningCert:" + s.GetRASigningCert()); + System.out.println("ServerCert" + s.GetServerCertNickName()); + System.out.println("------------------------------------------"); + System.out.println(" Internal Database Test:"); + System.out.println(" LDAP Port : " + s.GetConfigLDAPPort()); + System.out.println("Hostname " + s.GetHostName()); + + DirEnroll de = new DirEnroll(s.GetHostName(), s.GetEESSLPort()); + + de.setAuthenticator("Portal"); + de.setUIDInfo("caeetest110", "secret12"); + de.enroll(); + + /* **************************************************************** + * CMC Enroll + *************************************************************** + */ + + /* CMSUtils cmsutils = new CMSUtils(t.GetServerRoot()); + String requestfile="/u/lgopal/work/tetCMS/ns/tetframework/testcases/CMS/6.0/acceptance/data/basic/cmcreq/cmctest1.req"; + cmsutils.runCMCEnroll(t.GetClientCertDB(),"cn=admin",t.GetClientCertDBPW(),requestfile); + Profiles pr = new Profiles(s.GetHostName(),s.GetEESSLPort()); + pr.setProfileType("caCMCUserCert"); + pr.setCertAuthority("ca"); + + String request = t.readRequest(requestfile+".out"); + String bstr = "-----BEGIN NEW CERTIFICATE REQUEST-----"; + String estr="-----END NEW CERTIFICATE REQUEST-----"; + String Blob1 = request.substring(bstr.length() + 1); + String Blob2 = Blob1.substring(0,Blob1.indexOf(estr)); + request=Blob2; + + + pr.setRequest(request); + + pr.setUserInfo("UID=test1,Ou=netscape,o=aol","test","test","test","netscape","aol"); + pr.clientCertEnroll(); + */ + + + /* **************************************************************** + * OCSP Client stuff + ************************************************************ + */ + + /* + String ip= "10.169.25.26"; + OCSPClient ocspclient= new OCSPClient(s.GetHostName(),ip,s.GetEEPort(),t.GetClientCertDB(),t.GetClientCertDBPW(),"cn=admin" ,"/tmp/ocsp.out","4"); + ocspclient.setCert(t.findCertByNickname("ocsp-agent")); + + ocspclient.SendOCSPRequest(); + */ + + + /* + ***************************************************** + * Test CRMFcleint and KRA REcovery and Archival + ***************************************************** + */ + + /* + ********************************************************* + * OCSP Agent stuff + ********************************************************* + */ + + + /* Retrieval rtr = new Retrieval(s.GetHostName(),s.GetEESSLPort()); + rtr.getCACert(); + System.out.println("CA Cert chain" + rtr.getCert()); + + OcspAgent ocspAgent= new OcspAgent(s.GetHostName(),"8111"); + ocspAgent.setAgentCertName(t.GetOCSPAgentCertName()); + + String cert = "-----BEGIN CERTIFICATE-----"+"\n"+rtr.getCert()+"\n"+"-----END CERTIFICATE-----\n"; + + ocspAgent.setCACert(cert); + ocspAgent.addCA(); + */ + + + /* + *************************************************************** + Submit Profile based request + ********************************************************* + */ + + /* + Profiles pr = new Profiles(s.GetHostName(),s.GetEESSLPort()); + pr.setProfileType("caUserCert"); + // pr.setProfileType("caDirUserCert"); + + pr.setCertAuthority("ca"); + pr.setUserInfo("UID=test1,Ou=netscape,o=aol","test","test","test","netscape","aol"); + //pr.setDirUserInfo("test","netscape"); + pr.clientCertEnroll(); + System.out.println("Request ID is " + pr.getRequestID()); + + + Request re = new Request (s.GetHostName(),s.GetAgentPort(),"ca"); + re.setAgentCertName(t.GetAdminCertName()); + re.ApproveProfileRequests(pr.getRequestID()); + */ + + /* + String TransportCert="MIICJTCCAY6gAwIBAgIBBTANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVzdDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MjMyMTM3NTFaFw0wNDA0MjIwOTMzMzFaMDkxETAPBgNVBAoTCHRlc3QxMDI0MRcwFQYDVQQLEw5hY2NlcHRhbmNldGVzdDELMAkGA1UEAxMCcmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANVW81T7GatHIB25kF0jdY4h4hOF1NAlAHE2YdN/UEyXuU22CfwrIltA3x/6sKFHhbbFysn6nGJlgKipPJqJDwyYTIv07hgoXqgcUu8fSYQg4BDHYhpHJxsUt3BSfADTjxAUHize7C2F8TVhBIcWW043FSkwvAiUjJb7uqQRKn7lAgMBAAGjMzAxMA4GA1UdDwEB/wQEAwIFIDAfBgNVHSMEGDAWgBTqvc3UPGDSWq+21DZGSUABNGIUbDANBgkqhkiG9w0BAQQFAAOBgQCNLJivNDHTTmCb2vDefUwLMxXNjuHwrbjVqymHPFqUjredTq2Yp+Ed1zxj+mxRovzegd65Tbnx+MV84j8K3Qc1kWOC+kbohAY9svSPsN3o5Q5BB19+5nUPC5Gk/mxkWJWWJLOnpKJGiAHMZIr58TH7hF8KQWXWMN9ikSFkPj0a/g=="; + + + CRMFClient CrmfClient = new CRMFClient(s.GetHostName(),s.GetEEPort()); + CrmfClient.setDBInfo(t.GetClientCertDB(),t.GetClientCertDBPW()); + CrmfClient.setTransportCert(TransportCert); + CrmfClient.setUserInfo("user","netscape"); + CrmfClient.setLDAPInfo(t.GetLDAPDN(),t.GetLDAPDNPW()); + CrmfClient.setDualKey(true); + + if(!CrmfClient.Enroll()) + {System.out.println("CRMFClient : could not submit request");} + + + checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),t.getString(CrmfClient.getRequestId()),"false"); + cr.checkRequestStatus(); + System.out.println("Serial num " + cr.getSerialNumber()); + System.out.println("cert pack " + cr.getCert()); + + KraAgent kraAgent = new KraAgent(s.GetHostName(),"8111"); + kraAgent.setAgentCertName("cn=admin"); + System.out.println("KRAAgent List archival"); + + Vector aReq= kraAgent.ListArchivalRequests(); + int i=0; + while(i < aReq.size() ) + { + System.out.print(aReq.elementAt(i) + " "); + i++; + } + + kraAgent.setCertificate(cr.getCert()); + kraAgent.setLocalAgent(false); + kraAgent.recoverKeys(); + */ + + /* + ************************************************************* + * Example to Connect oto Config Directory port + ************************************************************* + */ + + /* + CMSLDAP cmsldap = new CMSLDAP(s.GetHostName(),s.GetConfigLDAPPort(),t.GetLDAPDN(),t.GetLDAPDNPW()); + if(cmsldap.connect()) + System.out.println("LDAP Connection successful"); + else + System.out.println("Error Connecting to LDAPSERVER"); + + // Add user to config directoory + if (cmsldap.userAdd("ou=people,"+t.GetLDAPBASE(),"t2","t2","t2","netscape")) + System.out.println("Added user to Config directory"); + + */ + + + /* + ************************************************************* + * Example to Submit a CRMFCleint request to CA + ************************************************************* + */ + + String TransportCert = "MIICJTCCAY6gAwIBAgIBBTANBgkqhkiG9w0BAQQFADBDMRswGQYDVQQKExJhY2NlcHRhY25ldGVzdDEwMjQxFzAVBgNVBAsTDmFjY2VwdGFuY2V0ZXN0MQswCQYDVQQDEwJjYTAeFw0wMzA0MTgyMjMwMDhaFw0wNDA0MTcxMDI2MDhaMDkxETAPBgNVBAoTCHRlc3QxMDI0MRcwFQYDVQQLEw5hY2NlcHRhbmNldGVzdDELMAkGA1UEAxMCcmEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN6sQ3mSU8mL6i6gTZIXDLzOZPhYOkQLpnJjit5hcPZ0JMn0CQVXo4QjKN1xvuZv8qVlZoQw9czmzp/knTa0sCDgFKd0r+u0TnLeZkJMSimgFnma9CnChlaDHnBd8Beu4vyaHmo7rJ0xA4etn7HjhmKbaQZOcv/aP0SW9JXRga7ZAgMBAAGjMzAxMA4GA1UdDwEB/wQEAwIFIDAfBgNVHSMEGDAWgBSC3fsQHb7fddr2vL0UdkM2dAmUWzANBgkqhkiG9w0BAQQFAAOBgQBkAGbgd9HIqwoLKAr+V6bj9oWesDmDH80gPPxj10qyWSQYIs8PofOs/75yGS9nxhydtgSMFoBgCPdroUI31kZQQlFzxtudGoKD+5MWSXho79XzPwpjheOBYgpX6ch+L4tMLFDpqeraB1yZESO5EEeKm20DGVBOKVWxHhddO1BenA=="; + + /* + CRMFClient CrmfClient = new CRMFClient(s.GetHostName(),s.GetEEPort()); + CrmfClient.setDBInfo(t.GetClientCertDB(),t.GetClientCertDBPW()); + CrmfClient.setTransportCert(TransportCert); + CrmfClient.setUserInfo("user","netscape"); + CrmfClient.setLDAPInfo(t.GetLDAPDN(),t.GetLDAPDNPW()); + CrmfClient.setDualKey(true); + + if(!CrmfClient.Enroll()) + {System.out.println("CRMFClient : could not submit request");} + */ + + /* KRA Agent list archived request */ + + /* ServerInfo KRAsvrInfo = new ServerInfo(t.GetServerRoot()); + String KRAinstanceRoot=t.GetServerRoot() + "/cert-" + "KRARSA1024" ; + KRAsvrInfo.setInstanceRoot(KRAinstanceRoot);*/ + + /* System.out.println("KRAAgent "); + KraAgent kraAgent = new KraAgent(s.GetHostName(),s.GetAgentPort()); + kraAgent.setAgentCertName(t.GetKRAAgentCertName()); + System.out.println("KRAAgent List archival"); + + Vector aReq= kraAgent.ListArchivalRequests(); + int i=0; + while(i < aReq.size() ) + { + System.out.print(aReq.elementAt(i) + " "); + i++; + } + + */ + + + // cmsldap.disconnect(); + + /* + ************************************************************* + * Example to submit manual user enrollment request + ************************************************************* + /* + + + /* + UserEnroll ue = new UserEnroll(s.GetHostName(),"1029"); + ue.setUserInfo("E=testman,CN=testman,OU=netscape,O=aol,UID=testman1,C=US","testman", "testman", "testman1", "netscape","t"); + + boolean flag = ue.clientCertEnroll(); + if(flag) + System.out.println("Success submitted request"); + */ + + /* + ************************************************************* + * Example to submit Directory based enroolemt request + ************************************************************* + /* + + /* + // Add user to config directoory + if (cmsldap.userAdd("dc=netscape,dc=com","t2","t2","t2","netscape")) + System.out.println("Success "); + + if(cmsldap.TurnOnSSL("slapd-jupiter2","Server-Cert cert-jupiter2","7000")) + System.out.println("Turned on ssl"); + else + return; + + cmsldap.TurnOffSSL(); + + cmsldap.disconnect(); + + DirEnroll de = new DirEnroll(s.GetHostName(),s.GetEESSLPort()); + de.setUIDInfo("t2","netscape"); + de.enroll(); + + */ + + /* + ************************************************************* + * Example to submit Admin Enrollment request + ************************************************************* + /* + + /* + + AdminEnroll ade = new AdminEnroll("jupiter2","8200","cn=CMS Administrator,UID=admin,C=US","admin", "secret12"); + flag = ade.Enroll(); + if (flag) + System.out.println("adminEnrolled Successfully"); + */ + + /* + ************************************************************* + * Example gent List Pending request + ************************************************************* + /* + + /* + + // Agent List and Approve Request + Request re = new Request (s.GetHostName(),s.GetAgentPort(),s.GetCertAuthority()); + re.setAgentCertName(t.GetAdminCertName()); + re.ListPendingRequests("2","70"); + re.ApproveRequests(t.getString(ue.getRequestId())); + */ + + /* + ************************************************************* + * Example for CheckRequest Status and add the certificate to internal db + ************************************************************* + /* + + /* + // check request status and Revoke cert + checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),t.getString(ue.getRequestId()),"false"); + checkRequest cr = new checkRequest(s.GetHostName(),s.GetEESSLPort(),"1","false"); + + cr.checkRequestStatus(); + System.out.println("Serial num " + cr.getSerialNumber()); + System.out.println("cert pack " + cr.getCert()); + + String st= "-----BEGIN CERTIFICATE-----"+"\n"+cr.getCert()+"\n"+"-----END CERTIFICATE-----\n"; + System.out.println("cert pack " + st); + + cmsldap.getXCertificate(st.getBytes()); + + */ + + + /* + ************************************************************* + * Example agent ro revoke request + ************************************************************* + /* + + /* + Revoke rr = new Revoke (s.GetHostName(),s.GetAgentPort(),s.GetCertAuthority(),t.getString(cr.getSerialNumber())); + rr.revokeCerts(); + */ + + /* + ************************************************************* + * Example Agent update CRL + ************************************************************* + /* + + /* + // Update CRLand DISPLAY it + + System.out.println("Displayin CRL"); + CRL crl = new CRL (s.GetHostName(),s.GetAgentPort(),"/tmp/crlfile"); + crl.setAgentCertName(t.GetAdminCertName()); + crl.updateCRL(); + crl.displayCRL(); + crl.getRevokedCerts(); + */ + + // Update CRL in Directory + /* UpdateDir dcrl = new UpdateDir(s.GetHostName(),s.GetEESSLPort()); + dcrl.updateDir();*/ + + /* + ************************************************************* + * Example for stopping and starting servers + ************************************************************* + */ + + /* + DSTask idb = new DSTask(t.GetServerRoot()+"/slapd-jupiter2-db"); + if (idb.ldapStop()) System.out.println("IDB stopped"); + if(idb.ldapStart()) System.out.println("IDB Started"); + + System.out.println("------------------------------------------"); + System.out.println(" CMS Test:"); + CMSTask task = new CMSTask(t.GetInstanceRoot()); + task.CMSStop(); + task.CMSStart(); + */ + + + + }// end of function main + +} diff --git a/pki/base/silent/src/common/Utilities.java b/pki/base/silent/src/common/Utilities.java new file mode 100644 index 000000000..444d9b6bf --- /dev/null +++ b/pki/base/silent/src/common/Utilities.java @@ -0,0 +1,353 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.util.*; +import java.io.*; +import java.net.*; + +import java.security.*; +import java.security.cert.*; +import sun.misc.*; +import netscape.security.x509.*; +import netscape.security.util.*; + +import com.netscape.osutil.OSUtil; + +public class Utilities { + private static final String keyValueSeparators = "=: \t\r\n\f"; + private static final String strictKeyValueSeparators = "=:"; + private static final String specialSaveChars = " \t\r\n\f"; + private static final String whiteSpaceChars = " \t\r\n\f"; + + public Utilities() {// Do nothing + } + + public String cleanupQuotes(String token) { + + StringBuffer buf = new StringBuffer(); + int length = token.length(); + int curIndex = 0; + + if (token.startsWith("\"") && token.endsWith("\"")) { + curIndex = 1; + length--; + } + + boolean oneQuoteFound = false; + boolean twoQuotesFound = false; + + while (curIndex < length) { + char curChar = token.charAt(curIndex); + + if (curChar == '"') { + twoQuotesFound = (oneQuoteFound) ? true : false; + oneQuoteFound = true; + } else { + oneQuoteFound = false; + twoQuotesFound = false; + } + + if (twoQuotesFound) { + twoQuotesFound = false; + oneQuoteFound = false; + curIndex++; + continue; + } + + buf.append(curChar); + curIndex++; + } + + return buf.toString(); + } + + public String removechar(String token) { + + StringBuffer buf = new StringBuffer(); + int end = token.length(); + int begin = 0; + + if (token.endsWith(";")) { + end--; + } + + while (begin < end) { + char curChar = token.charAt(begin); + + buf.append(curChar); + begin++; + } + return buf.toString(); + + } + + public String parse_httpresponse(String line) { + // look for name=value pair + // remove trailing white spaces + // remove trailing ; + // remove double quotes + + String temp = line.substring(line.indexOf("=") + 1); + + return cleanupQuotes(removechar(temp.trim())); + + } + + public String remove_newline(String s) { + if (s == null) { + return null; + } + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { + i++; + continue; + } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { + i++; + continue; + } else if (s.charAt(i) == '"') { + continue; + } + val += s.charAt(i); + } + return val; + + } + + public String normalize(String s) { + + if (s == null) { + return null; + } + + String val = ""; + + for (int i = 0; i < s.length(); i++) { + if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'n')) { + val += '\n'; + i++; + continue; + } else if ((s.charAt(i) == '\\') && (s.charAt(i + 1) == 'r')) { + i++; + continue; + } else if (s.charAt(i) == '"') { + continue; + } + val += s.charAt(i); + } + return val; + } + + /* + * format of the file should be like this: + * -----BEGIN CERTIFICATE----- + * base64 encoded certificate + * -----END CERTIFICATE----- + */ + public String getcertfromfile(String filename) { + StringBuffer tempBuffer = new StringBuffer(); + + try { + FileInputStream fis = new FileInputStream(filename); + DataInputStream in = new DataInputStream(fis); + + while (in.available() != 0) { + String temp = in.readLine(); + + if (temp.equalsIgnoreCase("-----BEGIN CERTIFICATE-----") + || temp.equalsIgnoreCase("-----END CERTIFICATE-----")) { + continue; + } + tempBuffer.append(temp); + } + + return tempBuffer.toString(); + } catch (Exception e) { + System.out.println("ERROR: getcertfromfile" + e.toString()); + return null; + } + + } + + public String getcertfromfile_withheaders(String filename) { + StringBuffer tempBuffer = new StringBuffer(); + + try { + FileInputStream fis = new FileInputStream(filename); + DataInputStream in = new DataInputStream(fis); + + while (in.available() != 0) { + String temp = in.readLine(); + + tempBuffer.append(temp); + } + return tempBuffer.toString(); + } catch (Exception e) { + System.out.println( + "ERROR: getcertfromfile_withheaders" + e.toString()); + return null; + } + } + + /* + * format of the file should be like this: + * -----BEGIN CERTIFICATE REVOCATION LIST----- + * base64 encoded CRL + * -----END CERTIFICATE REVOCATION LIST----- + */ + public String getcrlfromfile(String filename) { + StringBuffer tempBuffer = new StringBuffer(); + + try { + FileInputStream fis = new FileInputStream(filename); + DataInputStream in = new DataInputStream(fis); + + while (in.available() != 0) { + String temp = in.readLine(); + + tempBuffer.append(temp); + } + + return tempBuffer.toString(); + } catch (Exception e) { + System.out.println("ERROR: getcrlfromfile" + e.toString()); + return null; + } + + } + + /* + * format of the file should be like this: + * -----BEGIN CERTIFICATE----- + * base64 encoded certificate + * -----END CERTIFICATE----- + */ + public String getcafromfile(String filename) { + StringBuffer tempBuffer = new StringBuffer(); + + try { + FileInputStream fis = new FileInputStream(filename); + DataInputStream in = new DataInputStream(fis); + + while (in.available() != 0) { + String temp = in.readLine(); + + tempBuffer.append(temp); + } + + return tempBuffer.toString(); + } catch (Exception e) { + System.out.println("ERROR: getcafromfile" + e.toString()); + return null; + } + + } + + /* + * function for RFC 2254. converts a x509 certificate given as + * a binary array[] to a Ldap filter string + */ + public static String escapeBinaryData(byte data[]) { + String result = ""; + + for (int i = 0; i < data.length; i++) { + String s = Integer.toHexString((int) (0xff & data[i])); + + if (s.length() == 1) { + s = "0" + s; + } + result = result + "\\" + s; + } + + System.out.println("LDAP_FILTER=" + result); + return result; + } + + /* + * function to decode base64 encoded certificate + */ + public Certificate_Record decode_cert(String cert) { + + String head = "-----BEGIN CERTIFICATE-----"; + String tail = "-----END CERTIFICATE-----"; + + Certificate_Record cr = new Certificate_Record(); + + int head_pos = cert.indexOf(head); + int tail_pos = cert.indexOf(tail); + + // String not found + if (head_pos == -1 || tail_pos == -1) { + return null; + } + + String temp = cert.substring(head_pos + head.length(), tail_pos); + + temp = temp.replaceAll("\\r", ""); + temp = temp.replaceAll("\\n", ""); + + try { + // BASE64Decoder base64 = new BASE64Decoder(); + // byte decodedBASE64Cert[] = base64.decodeBuffer(temp); + byte decodedBASE64Cert[] = OSUtil.AtoB(temp); + X509CertImpl x509_cert = new X509CertImpl(decodedBASE64Cert); + X509CertInfo certinfo = (X509CertInfo) x509_cert.get("x509.INFO"); + + /* Get Serial Number */ + CertificateSerialNumber csn = (CertificateSerialNumber) + certinfo.get(X509CertInfo.SERIAL_NUMBER); + SerialNumber sn = (SerialNumber) csn.get("NUMBER"); + + // just adding serialnumber for add. + // we can add mode here like subject name, extensions,issuer to this record. + cr.serialNumber = sn.getNumber().toString().trim(); + + /* Get Subject Name */ + + CertificateSubjectName csn1 = (CertificateSubjectName) + certinfo.get(X509CertInfo.SUBJECT); + + Enumeration en = csn1.getElements(); + + X500Name dname = (X500Name) csn1.get(CertificateSubjectName.DN_NAME); + + String pp = ""; + RDN[] rdns = dname.getNames(); + + for (int i = rdns.length - 1; i >= 0; i--) { + pp = pp + rdns[i] + "\n"; + } + + cr.subject = pp; + + } catch (Exception e) { + System.out.println("ERROR: Exception when decoding certificate=" + e); + e.printStackTrace(); + return null; + } + + return cr; + + } + +} + + +; // end class diff --git a/pki/base/silent/src/common/createinstance.java b/pki/base/silent/src/common/createinstance.java new file mode 100644 index 000000000..2fea96d27 --- /dev/null +++ b/pki/base/silent/src/common/createinstance.java @@ -0,0 +1,112 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.net.*; +import java.io.*; + + +public class createinstance { + + private static String host; + private static String port; + private static String AdminDN; + private static String AdminDNPW; + private static String serverRoot; + private static String instanceID; + private static String sieurl; + private static String adminDomain; + private static String first_arg; + + public createinstance() {// do nothing :) + } + + public void usage() { + System.out.println("Usage : "); + System.out.println(" createinstance -c host"); + System.out.println(" port"); + System.out.println(" AdminDN"); + System.out.println(" AdminDNPW"); + System.out.println(" adminDomain"); + System.out.println(" serverRoot"); + System.out.println(" instanceID"); + System.out.println(" machineName"); + System.out.println(" sieURL"); + System.out.println(" OR "); + System.out.println(" createinstance -h <to print this usage string>"); + + } + + public boolean CreateInstance() { + String startURL = "/cert/Tasks/Operation/Create"; + String myStringUrl = "http://" + host + "." + adminDomain + ":" + port + + startURL; + + System.out.println(myStringUrl); + + String query = "serverRoot=" + URLEncoder.encode(serverRoot); + + query += "&instanceID=" + URLEncoder.encode(instanceID); + query += "&adminDomain=" + URLEncoder.encode(adminDomain); + query += "&sieURL=" + URLEncoder.encode(sieurl); + query += "&adminUID=" + URLEncoder.encode(AdminDN); + query += "&adminPWD=" + URLEncoder.encode(AdminDNPW); + query += "&machineName=" + URLEncoder.encode(host + "." + adminDomain); + + PostQuery sm = new PostQuery(myStringUrl, AdminDN, AdminDNPW, query); + + return (sm.Send()); + + } + + public static void main(String args[]) { + createinstance newinstance = new createinstance(); + + // set variables + + first_arg = args[0]; + if (args[0].equals("-h")) { + newinstance.usage(); + System.exit(-1); + } else if (args[0].equals("-c")) { + host = args[1]; + port = args[2]; + AdminDN = args[3]; + AdminDNPW = args[4]; + serverRoot = args[5]; + instanceID = args[6]; + sieurl = args[7]; + adminDomain = args[8]; + + } + + boolean st = newinstance.CreateInstance(); + + if (!st) { + System.out.println("ERROR: Certificate System - Instance NOT created"); + System.exit(-1); + } + + System.out.println("Certificate System - Instance created"); + System.exit(0); + + } + +} + + +; |