diff options
author | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-06-30 21:52:25 +0000 |
---|---|---|
committer | mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-06-30 21:52:25 +0000 |
commit | 1685275fabdc90acf449feb9414ecb1021100448 (patch) | |
tree | c8564ff1bdafead242722cb41910dee1f772aea2 /pki/base | |
parent | f0189237025c3dfd2137140915bfb48e743dafa5 (diff) | |
download | pki-1685275fabdc90acf449feb9414ecb1021100448.tar.gz pki-1685275fabdc90acf449feb9414ecb1021100448.tar.xz pki-1685275fabdc90acf449feb9414ecb1021100448.zip |
Bugzilla Bug #532548 - Tool to do DRM re-key (use configuration file, process based upon records, added additional options)
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2034 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base')
-rw-r--r-- | pki/base/java-tools/src/CMakeLists.txt | 6 | ||||
-rw-r--r-- | pki/base/java-tools/src/com/netscape/cmstools/DRMTool.cfg | 160 | ||||
-rw-r--r-- | pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java | 3332 |
3 files changed, 3080 insertions, 418 deletions
diff --git a/pki/base/java-tools/src/CMakeLists.txt b/pki/base/java-tools/src/CMakeLists.txt index 7ea53cf89..678671e7f 100644 --- a/pki/base/java-tools/src/CMakeLists.txt +++ b/pki/base/java-tools/src/CMakeLists.txt @@ -67,6 +67,12 @@ set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION}) # build pki-tools add_jar(pki-tools ${pki-tools_java_SRCS}) add_dependencies(pki-tools osutil pki-nsutil pki-cmsutil) +install( + FILES + com/netscape/cmstools/DRMTool.cfg + DESTINATION + ${SHARE_INSTALL_PREFIX}/pki/java-tools/ +) install_jar(pki-tools ${JAVA_JAR_INSTALL_DIR}/pki) set(PKI_TOOLS_JAR ${pki-tools_JAR_FILE} CACHE INTERNAL "pki-tools jar file") diff --git a/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.cfg b/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.cfg new file mode 100644 index 000000000..b43441e19 --- /dev/null +++ b/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.cfg @@ -0,0 +1,160 @@ +drmtool.ldif.caEnrollmentRequest._000=######################################## +drmtool.ldif.caEnrollmentRequest._001=## DRM CA Enrollment Request ## +drmtool.ldif.caEnrollmentRequest._002=######################################## +drmtool.ldif.caEnrollmentRequest._003=## ## +drmtool.ldif.caEnrollmentRequest._004=## NEVER allow 'DRMTOOL' the ability ## +drmtool.ldif.caEnrollmentRequest._005=## to change the CA 'naming context' ## +drmtool.ldif.caEnrollmentRequest._006=## data in the following fields: ## +drmtool.ldif.caEnrollmentRequest._007=## ## +drmtool.ldif.caEnrollmentRequest._008=## extdata-auth--005ftoken;uid ## +drmtool.ldif.caEnrollmentRequest._009=## extdata-auth--005ftoken;userid ## +drmtool.ldif.caEnrollmentRequest._010=## extdata-updatedby ## +drmtool.ldif.caEnrollmentRequest._011=## ## +drmtool.ldif.caEnrollmentRequest._012=## NEVER allow 'DRMTOOL' the ability ## +drmtool.ldif.caEnrollmentRequest._013=## to change CA 'numeric' data in ## +drmtool.ldif.caEnrollmentRequest._014=## the following fields: ## +drmtool.ldif.caEnrollmentRequest._015=## ## +drmtool.ldif.caEnrollmentRequest._016=## extdata-requestId ## +drmtool.ldif.caEnrollmentRequest._017=## ## +drmtool.ldif.caEnrollmentRequest._018=######################################## +drmtool.ldif.caEnrollmentRequest.cn=true +drmtool.ldif.caEnrollmentRequest.dateOfModify=true +drmtool.ldif.caEnrollmentRequest.dn=true +drmtool.ldif.caEnrollmentRequest.extdata.keyRecord=true +drmtool.ldif.caEnrollmentRequest.extdata.requestNotes=true +drmtool.ldif.caEnrollmentRequest.requestId=true +drmtool.ldif.caKeyRecord._000=######################################### +drmtool.ldif.caKeyRecord._001=## DRM CA Key Record ## +drmtool.ldif.caKeyRecord._002=######################################### +drmtool.ldif.caKeyRecord._003=## ## +drmtool.ldif.caKeyRecord._004=## NEVER allow 'DRMTOOL' the ability ## +drmtool.ldif.caKeyRecord._005=## to change the CA 'naming context' ## +drmtool.ldif.caKeyRecord._006=## data in the following fields: ## +drmtool.ldif.caKeyRecord._007=## ## +drmtool.ldif.caKeyRecord._008=## archivedBy ## +drmtool.ldif.caKeyRecord._009=## ## +drmtool.ldif.caKeyRecord._010=######################################### +drmtool.ldif.caKeyRecord.cn=true +drmtool.ldif.caKeyRecord.dateOfModify=true +drmtool.ldif.caKeyRecord.dn=true +drmtool.ldif.caKeyRecord.privateKeyData=true +drmtool.ldif.caKeyRecord.serialno=true +drmtool.ldif.namingContext._000=############################################ +drmtool.ldif.namingContext._001=## DRM Naming Context Fields ## +drmtool.ldif.namingContext._002=############################################ +drmtool.ldif.namingContext._003=## ## +drmtool.ldif.namingContext._004=## NEVER allow 'DRMTOOL' the ability to ## +drmtool.ldif.namingContext._005=## change the CA 'naming context' data ## +drmtool.ldif.namingContext._006=## in the following 'non-KeyRecord / ## +drmtool.ldif.namingContext._007=## non-Request' fields (as these records ## +drmtool.ldif.namingContext._008=## should be removed via the option to ## +drmtool.ldif.namingContext._009=## process requests and key records only ## +drmtool.ldif.namingContext._010=## if this is a DRM migration): ## +drmtool.ldif.namingContext._011=## ## +drmtool.ldif.namingContext._012=## cn ## +drmtool.ldif.namingContext._013=## sn ## +drmtool.ldif.namingContext._014=## uid ## +drmtool.ldif.namingContext._015=## uniqueMember ## +drmtool.ldif.namingContext._016=## ## +drmtool.ldif.namingContext._017=## NEVER allow 'DRMTOOL' the ability to ## +drmtool.ldif.namingContext._018=## change the DRM 'naming context' data ## +drmtool.ldif.namingContext._019=## in the following 'non-KeyRecord / ## +drmtool.ldif.namingContext._020=## non-Request' fields (as these records ## +drmtool.ldif.namingContext._021=## should be removed via the option to ## +drmtool.ldif.namingContext._022=## process requests and key records only ## +drmtool.ldif.namingContext._023=## if this is a DRM migration): ## +drmtool.ldif.namingContext._024=## ## +drmtool.ldif.namingContext._025=## dc ## +drmtool.ldif.namingContext._026=## dn ## +drmtool.ldif.namingContext._027=## uniqueMember ## +drmtool.ldif.namingContext._028=## ## +drmtool.ldif.namingContext._029=## NEVER allow 'DRMTOOL' the ability to ## +drmtool.ldif.namingContext._030=## change the TPS 'naming context' data ## +drmtool.ldif.namingContext._031=## in the following 'non-KeyRecord / ## +drmtool.ldif.namingContext._032=## non-Request' fields (as these records ## +drmtool.ldif.namingContext._033=## should be removed via the option to ## +drmtool.ldif.namingContext._034=## process requests and key records only ## +drmtool.ldif.namingContext._035=## if this is a DRM migration): ## +drmtool.ldif.namingContext._036=## ## +drmtool.ldif.namingContext._037=## uid ## +drmtool.ldif.namingContext._038=## uniqueMember ## +drmtool.ldif.namingContext._039=## ## +drmtool.ldif.namingContext._040=## If '-source_naming_context ## +drmtool.ldif.namingContext._041=## <original source DRM naming context>' ## +drmtool.ldif.namingContext._042=## and '-target_naming_context ## +drmtool.ldif.namingContext._043=## <renamed target DRM naming context>' ## +drmtool.ldif.namingContext._044=## options are specified, ALWAYS ## +drmtool.ldif.namingContext._045=## require 'DRMTOOL' to change the ## +drmtool.ldif.namingContext._046=## DRM 'naming context' data in ALL of ## +drmtool.ldif.namingContext._047=## the following fields in EACH of the ## +drmtool.ldif.namingContext._048=## following types of records: ## +drmtool.ldif.namingContext._049=## ## +drmtool.ldif.namingContext._050=## caEnrollmentRequest: ## +drmtool.ldif.namingContext._051=## ## +drmtool.ldif.namingContext._052=## dn ## +drmtool.ldif.namingContext._053=## extdata-auth--005ftoken;user ## +drmtool.ldif.namingContext._054=## extdata-auth--005ftoken;userdn ## +drmtool.ldif.namingContext._055=## ## +drmtool.ldif.namingContext._056=## caKeyRecord: ## +drmtool.ldif.namingContext._057=## ## +drmtool.ldif.namingContext._058=## dn ## +drmtool.ldif.namingContext._059=## ## +drmtool.ldif.namingContext._060=## recoveryRequest: ## +drmtool.ldif.namingContext._061=## ## +drmtool.ldif.namingContext._062=## dn ## +drmtool.ldif.namingContext._063=## ## +drmtool.ldif.namingContext._064=## tpsKeyRecord: ## +drmtool.ldif.namingContext._065=## ## +drmtool.ldif.namingContext._066=## dn ## +drmtool.ldif.namingContext._067=## ## +drmtool.ldif.namingContext._068=## tpsNetkeyKeygenRequest: ## +drmtool.ldif.namingContext._069=## ## +drmtool.ldif.namingContext._070=## dn ## +drmtool.ldif.namingContext._071=## ## +drmtool.ldif.namingContext._072=############################################ +drmtool.ldif.recoveryRequest._000=##################################### +drmtool.ldif.recoveryRequest._001=## DRM CA / TPS Recovery Request ## +drmtool.ldif.recoveryRequest._002=##################################### +drmtool.ldif.recoveryRequest.cn=true +drmtool.ldif.recoveryRequest.dateOfModify=true +drmtool.ldif.recoveryRequest.dn=true +drmtool.ldif.recoveryRequest.extdata.requestId=true +drmtool.ldif.recoveryRequest.extdata.requestNotes=true +drmtool.ldif.recoveryRequest.extdata.serialnumber=true +drmtool.ldif.recoveryRequest.requestId=true +drmtool.ldif.tpsKeyRecord._000=######################################### +drmtool.ldif.tpsKeyRecord._001=## DRM TPS Key Record ## +drmtool.ldif.tpsKeyRecord._002=######################################### +drmtool.ldif.tpsKeyRecord._003=## ## +drmtool.ldif.tpsKeyRecord._004=## NEVER allow 'DRMTOOL' the ability ## +drmtool.ldif.tpsKeyRecord._005=## to change the TPS 'naming context' ## +drmtool.ldif.tpsKeyRecord._006=## data in the following fields: ## +drmtool.ldif.tpsKeyRecord._007=## ## +drmtool.ldif.tpsKeyRecord._008=## archivedBy ## +drmtool.ldif.tpsKeyRecord._009=## ## +drmtool.ldif.tpsKeyRecord._010=######################################### +drmtool.ldif.tpsKeyRecord.cn=true +drmtool.ldif.tpsKeyRecord.dateOfModify=true +drmtool.ldif.tpsKeyRecord.dn=true +drmtool.ldif.tpsKeyRecord.privateKeyData=true +drmtool.ldif.tpsKeyRecord.serialno=true +drmtool.ldif.tpsNetkeyKeygenRequest._000=##################################### +drmtool.ldif.tpsNetkeyKeygenRequest._001=## DRM TPS Netkey Keygen Request ## +drmtool.ldif.tpsNetkeyKeygenRequest._002=##################################### +drmtool.ldif.tpsNetkeyKeygenRequest._003=## ## +drmtool.ldif.tpsNetkeyKeygenRequest._004=## NEVER allow 'DRMTOOL' the ## +drmtool.ldif.tpsNetkeyKeygenRequest._005=## ability to change the ## +drmtool.ldif.tpsNetkeyKeygenRequest._006=## TPS 'naming context' data in ## +drmtool.ldif.tpsNetkeyKeygenRequest._007=## the following fields: ## +drmtool.ldif.tpsNetkeyKeygenRequest._008=## ## +drmtool.ldif.tpsNetkeyKeygenRequest._009=## extdata-updatedby ## +drmtool.ldif.tpsNetkeyKeygenRequest._010=## ## +drmtool.ldif.tpsNetkeyKeygenRequest._011=##################################### +drmtool.ldif.tpsNetkeyKeygenRequest.cn=true +drmtool.ldif.tpsNetkeyKeygenRequest.dateOfModify=true +drmtool.ldif.tpsNetkeyKeygenRequest.dn=true +drmtool.ldif.tpsNetkeyKeygenRequest.extdata.keyRecord=true +drmtool.ldif.tpsNetkeyKeygenRequest.extdata.requestId=true +drmtool.ldif.tpsNetkeyKeygenRequest.extdata.requestNotes=true +drmtool.ldif.tpsNetkeyKeygenRequest.requestId=true + diff --git a/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java b/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java index e2838854e..f327337d3 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java @@ -33,6 +33,7 @@ import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.PrivateKey; import org.mozilla.jss.crypto.*; import org.mozilla.jss.pkcs11.PK11PubKey; +import org.mozilla.jss.util.Password; import org.mozilla.jss.*; /** @@ -45,7 +46,10 @@ import org.mozilla.jss.*; * * STARTING INVENTORY: * - * (1) an LDIF file containing 'exported' DRM data + * (1) a DRMTOOL configuration file containing DRM LDIF record + * types and the processing status of their associated fields + * + * (2) an LDIF file containing 'exported' DRM data * (referred to as the "source" DRM) * * NOTE: If this LDIF file contains data that was originally @@ -53,7 +57,7 @@ import org.mozilla.jss.*; * must have previously undergone the appropriate * migration steps. * - * (2) the NSS security databases (e. g. - cert8.db, key3.db, + * (3) the NSS security databases (e. g. - cert8.db, key3.db, * and secmod.db) associated with the data contained in * the source LDIF file * @@ -66,7 +70,7 @@ import org.mozilla.jss.*; * this key (e. g. - which may be located in * the source DRM's 'password.conf' file). * - * (3) a file containing the ASCII BASE-64 storage certificate + * (4) a file containing the ASCII BASE-64 storage certificate * from the DRM instance for which the output LDIF file is * intended (referred to as the "target") * @@ -82,36 +86,52 @@ import org.mozilla.jss.*; * * DRMTool PARAMETERS: * - * (1) the name of the input LDIF file containing data which was + * (1) the name of the DRMTOOL configuration file containing + * DRM LDIF record types and the processing status of their + * associated fields + * + * (2) the name of the input LDIF file containing data which was * 'exported' from the source DRM instance * - * (2) the name of the output LDIF file intended to contain the + * (3) the name of the output LDIF file intended to contain the * revised data suitable for 'import' to a target DRM instance * - * (3) the name of the log file that may be used for auditing + * (4) the name of the log file that may be used for auditing * purposes * - * (4) the path to the security databases that were used by + * (5) the path to the security databases that were used by * the source DRM instance * - * (5) the name of the token that was used by + * (6) the name of the token that was used by * the source DRM instance * - * (6) the name of the storage certificate that was used by + * (7) the name of the storage certificate that was used by * the source DRM instance * - * (7) the name of the file containing the ASCII BASE-64 storage + * (8) the name of the file containing the ASCII BASE-64 storage * certificate from the target DRM instance for which the * output LDIF file is intended * - * DATA FIELDS AFFECTED: + * (9) OPTIONALLY, the name of a file which ONLY contains the + * password needed to access the source DRM instance's + * security databases + * + * (10) OPTIONALLY, choose to change the specified source DRM naming + * context to the specified target DRM naming context + * + * (11) OPTIONALLY, choose to ONLY process CA enrollment requests, + * CA recovery requests, CA key records, TPS netkeyKeygen + * enrollment requests, TPS recovery requests, and + * TPS key records + * + * DATA FIELDS AFFECTED (using default config file values): * * (1) CA DRM enrollment request * * (a) dateOfModify * (b) extdata-requestnotes * - * (2) CA DRM keyrecord + * (2) CA DRM key record * * (a) dateOfModify * (b) privateKeyData @@ -126,7 +146,7 @@ import org.mozilla.jss.*; * (a) dateOfModify * (b) extdata-requestnotes (NEW) * - * (5) TPS DRM keyrecord + * (5) TPS DRM key record * * (a) dateOfModify * (b) privateKeyData @@ -141,7 +161,10 @@ import org.mozilla.jss.*; * * STARTING INVENTORY: * - * (1) an LDIF file containing 'exported' DRM data + * (1) a DRMTOOL configuration file containing DRM LDIF record + * types and the processing status of their associated fields + * + * (2) an LDIF file containing 'exported' DRM data * (referred to as the "source" DRM) * * NOTE: If this LDIF file contains data that was originally @@ -161,30 +184,41 @@ import org.mozilla.jss.*; * * DRMTool PARAMETERS: * - * (1) the name of the input LDIF file containing data which was + * (1) the name of the DRMTOOL configuration file containing + * DRM LDIF record types and the processing status of their + * associated fields + * + * (2) the name of the input LDIF file containing data which was * 'exported' from the source DRM instance * - * (2) the name of the output LDIF file intended to contain the + * (3) the name of the output LDIF file intended to contain the * revised data suitable for 'import' to a target DRM instance * - * (3) the name of the log file that may be used for auditing + * (4) the name of the log file that may be used for auditing * purposes * - * (4) a large numeric ID offset (mask) to be appended to existing + * (5) a large numeric ID offset (mask) to be appended to existing * numeric data in the source DRM instance's LDIF file * - * DATA FIELDS AFFECTED: + * (6) OPTIONALLY, choose to change the specified source DRM naming + * context to the specified target DRM naming context + * + * (7) OPTIONALLY, choose to ONLY process CA enrollment requests, + * CA recovery requests, CA key records, TPS netkeyKeygen + * enrollment requests, TPS recovery requests, and + * TPS key records + * + * DATA FIELDS AFFECTED (using default config file values): * * (1) CA DRM enrollment request * * (a) cn * (b) dateOfModify * (c) extdata-keyrecord - * (d) extdata-requestid - * (e) extdata-requestnotes - * (f) requestId + * (d) extdata-requestnotes + * (e) requestId * - * (2) CA DRM keyrecord + * (2) CA DRM key record * * (a) cn * (b) dateOfModify @@ -196,7 +230,7 @@ import org.mozilla.jss.*; * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) - * (e) extdata-serialno + * (e) extdata-serialnumber * (f) requestId * * (4) TPS DRM netkeyKeygen (enrollment) request @@ -208,7 +242,7 @@ import org.mozilla.jss.*; * (e) extdata-requestnotes (NEW) * (f) requestId * - * (5) TPS DRM keyrecord + * (5) TPS DRM key record * * (a) cn * (b) dateOfModify @@ -220,7 +254,7 @@ import org.mozilla.jss.*; * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) - * (e) extdata-serialno + * (e) extdata-serialnumber * (f) requestId * * (C) Specify an ID offset to be removed from existing numeric data @@ -228,7 +262,10 @@ import org.mozilla.jss.*; * * STARTING INVENTORY: * - * (1) an LDIF file containing 'exported' DRM data + * (1) a DRMTOOL configuration file containing DRM LDIF record + * types and the processing status of their associated fields + * + * (2) an LDIF file containing 'exported' DRM data * (referred to as the "source" DRM) * * NOTE: If this LDIF file contains data that was originally @@ -248,30 +285,41 @@ import org.mozilla.jss.*; * * DRMTool PARAMETERS: * - * (1) the name of the input LDIF file containing data which was + * (1) the name of the DRMTOOL configuration file containing + * DRM LDIF record types and the processing status of their + * associated fields + * + * (2) the name of the input LDIF file containing data which was * 'exported' from the source DRM instance * - * (2) the name of the output LDIF file intended to contain the + * (3) the name of the output LDIF file intended to contain the * revised data suitable for 'import' to a target DRM instance * - * (3) the name of the log file that may be used for auditing + * (4) the name of the log file that may be used for auditing * purposes * - * (4) a large numeric ID offset (mask) to be removed from existing + * (5) a large numeric ID offset (mask) to be removed from existing * numeric data in the source DRM instance's LDIF file * - * DATA FIELDS AFFECTED: + * (6) OPTIONALLY, choose to change the specified source DRM naming + * context to the specified target DRM naming context + * + * (7) OPTIONALLY, choose to ONLY process CA enrollment requests, + * CA recovery requests, CA key records, TPS netkeyKeygen + * enrollment requests, TPS recovery requests, and + * TPS key records + * + * DATA FIELDS AFFECTED (using default config file values): * * (1) CA DRM enrollment request * * (a) cn * (b) dateOfModify * (c) extdata-keyrecord - * (d) extdata-requestid - * (e) extdata-requestnotes - * (f) requestId + * (d) extdata-requestnotes + * (e) requestId * - * (2) CA DRM keyrecord + * (2) CA DRM key record * * (a) cn * (b) dateOfModify @@ -283,7 +331,7 @@ import org.mozilla.jss.*; * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) - * (e) extdata-serialno + * (e) extdata-serialnumber * (f) requestId * * (4) TPS DRM netkeyKeygen (enrollment) request @@ -295,7 +343,7 @@ import org.mozilla.jss.*; * (e) extdata-requestnotes (NEW) * (f) requestId * - * (5) TPS DRM keyrecord + * (5) TPS DRM key record * * (a) cn * (b) dateOfModify @@ -307,7 +355,7 @@ import org.mozilla.jss.*; * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) - * (e) extdata-serialno + * (e) extdata-serialnumber * (f) requestId * * </PRE> @@ -317,6 +365,7 @@ import org.mozilla.jss.*; * <PRE> * * DRMTool + * -drmtool_config_file <path + drmtool config file> * -source_ldif_file <path + source ldif file> * -target_ldif_file <path + target ldif file> * -log_file <path + log file> @@ -324,11 +373,16 @@ import org.mozilla.jss.*; * [-source_storage_token_name '<source token>'] * [-source_storage_certificate_nickname '<source nickname>'] * [-target_storage_certificate_file <path to target certificate file>] + * [-source_pki_security_database_pwdfile <path to PKI password file>] * [-append_id_offset <numeric offset>] * [-remove_id_offset <numeric offset>] + * [-source_drm_naming_context '<original source DRM naming context>'] + * [-target_drm_naming_context '<renamed target DRM naming context>'] + * [-process_requests_and_key_records_only] * * where the following options are 'Mandatory': * + * -drmtool_config_file <path + drmtool config file> * -source_ldif_file <path + source ldif file> * -target_ldif_file <path + target ldif file> * -log_file <path + log file> @@ -344,19 +398,62 @@ import org.mozilla.jss.*; * [-target_storage_certificate_file * <path to target certificate file>] * + * AND OPTIONALLY, specify the name of a file which ONLY contains + * the password needed to access the source DRM instance's + * security databases: + * + * [-source_pki_security_database_pwdfile + * <path to PKI password file>] + * + * AND OPTIONALLY, rename source DRM naming context --> target + * DRM naming context: + * + * [-source_drm_naming_context '<source DRM naming context>'] + * [-target_drm_naming_context '<target DRM naming context>'] + * + * AND OPTIONALLY, process requests and key records ONLY: + * + * [-process_requests_and_key_records_only] + * * (b) option for appending the specified numeric ID offset * to existing numerical data: * * [-append_id_offset <numeric offset>] * + * AND OPTIONALLY, rename source DRM naming context --> target + * DRM naming context: + * + * [-source_drm_naming_context '<source DRM naming context>'] + * [-target_drm_naming_context '<target DRM naming context>'] + * + * AND OPTIONALLY, process requests and key records ONLY: + * + * [-process_requests_and_key_records_only] + * * (c) option for removing the specified numeric ID offset * from existing numerical data: * + * AND OPTIONALLY, rename source DRM naming context --> target + * DRM naming context: + * + * [-source_drm_naming_context '<source DRM naming context>'] + * [-target_drm_naming_context '<target DRM naming context>'] + * * [-remove_id_offset <numeric offset>] * + * AND OPTIONALLY, process requests and key records ONLY: + * + * [-process_requests_and_key_records_only] + * * (d) (a) rewrap AND (b) append ID offset + * [AND OPTIONALLY, rename source DRM naming context --> target + * DRM naming context] + * [AND OPTIONALLY process requests and key records ONLY] * * (e) (a) rewrap AND (c) remove ID offset + * [AND OPTIONALLY, rename source DRM naming context --> target + * DRM naming context] + * [AND OPTIONALLY process requests and key records ONLY] * * NOTE: Options (b) and (c) are mutually exclusive! * @@ -375,6 +472,9 @@ public class DRMTool private static final boolean FAILURE = false; private static final boolean SUCCESS = true; private static final String COLON = ":"; + private static final String DOT = "."; + private static final String EQUAL_SIGN = "="; + private static final String HASH = "#"; private static final String LEFT_BRACE = "["; private static final String NEWLINE = "\n"; private static final String PLUS = "+"; @@ -390,24 +490,37 @@ public class DRMTool // Constants: PKCS #11 Information private static final String INTERNAL_TOKEN = "Internal Key Storage Token"; - private static final String STORAGE_NICKNAME = "storageCert cert-pki-kra"; - private static final String TARGET_STORAGE_CERT = "target_storage.cert"; - private static final String ID_OFFSET_VALUE = "10000000"; // Constants: Command-line Options private static final int ID_OFFSET_NAME_VALUE_PAIRS = 1; - private static final int MANDATORY_NAME_VALUE_PAIRS = 3; + private static final int PWDFILE_NAME_VALUE_PAIRS = 1; + private static final int NAMING_CONTEXT_NAME_VALUE_PAIRS = 2; + private static final int MANDATORY_NAME_VALUE_PAIRS = 4; private static final int REWRAP_NAME_VALUE_PAIRS = 4; - private static final int ID_OFFSET_ARGS = 8; - private static final int REWRAP_ARGS = 14; - private static final int REWRAP_AND_ID_OFFSET_ARGS = 16; + private static final int ID_OFFSET_ARGS = 10; + private static final int REWRAP_ARGS = 16; + private static final int REWRAP_AND_ID_OFFSET_ARGS = 18; // Constants: Command-line Options (Mandatory) private static final String DRM_TOOL = "DRMTool"; private static final String + DRMTOOL_CFG_FILE = "-drmtool_config_file"; + + private static final String + DRMTOOL_CFG_DESCRIPTION = " <complete path to the drmtool config file" + + NEWLINE + + " " + + " ending with the drmtool config file name>"; + + private static final String + DRMTOOL_CFG_FILE_EXAMPLE = DRMTOOL_CFG_FILE + + " " + + "/usr/share/pki/java-tools/DRMTool.cfg"; + + private static final String SOURCE_LDIF_FILE = "-source_ldif_file"; private static final String @@ -417,7 +530,9 @@ public class DRMTool + " ending with the source LDIF file name>"; private static final String - SOURCE_LDIF_FILE_EXAMPLE = "-source_ldif_file /export/pki/source.ldif"; + SOURCE_LDIF_FILE_EXAMPLE = SOURCE_LDIF_FILE + + " " + + "/export/pki/source.ldif"; private static final String TARGET_LDIF_FILE = "-target_ldif_file"; @@ -429,7 +544,9 @@ public class DRMTool + " ending with the target LDIF file name>"; private static final String - TARGET_LDIF_FILE_EXAMPLE = "-target_ldif_file /export/pki/target.ldif"; + TARGET_LDIF_FILE_EXAMPLE = TARGET_LDIF_FILE + + " " + + "/export/pki/target.ldif"; private static final String LOG_FILE = "-log_file"; @@ -441,7 +558,9 @@ public class DRMTool + " ending with the log file name>"; private static final String - LOG_FILE_EXAMPLE = "-log_file /export/pki/drmtool.log"; + LOG_FILE_EXAMPLE = LOG_FILE + + " " + + "/export/pki/DRMTool.log"; // Constants: Command-line Options (Rewrap) @@ -456,7 +575,8 @@ public class DRMTool + " used by data in the source LDIF file>"; private static final String - SOURCE_NSS_DB_PATH_EXAMPLE = "-source_pki_security_database_path " + SOURCE_NSS_DB_PATH_EXAMPLE = SOURCE_NSS_DB_PATH + + " " + "/export/pki"; private static final String @@ -467,10 +587,11 @@ public class DRMTool + "the source storage token>"; private static final String - SOURCE_STORAGE_TOKEN_NAME_EXAMPLE = "-source_storage_token_name " - + "\'" - + INTERNAL_TOKEN - + "\'"; + SOURCE_STORAGE_TOKEN_NAME_EXAMPLE = SOURCE_STORAGE_TOKEN_NAME + + " " + + TIC + + "Internal Key Storage Token" + + TIC; private static final String SOURCE_STORAGE_CERT_NICKNAME = "-source_storage_certificate_nickname"; @@ -480,11 +601,11 @@ public class DRMTool + "storage certificate>"; private static final String - SOURCE_STORAGE_CERT_NICKNAME_EXAMPLE = - "-source_storage_certificate_nickname" - + " \'" - + STORAGE_NICKNAME - + "\'"; + SOURCE_STORAGE_CERT_NICKNAME_EXAMPLE = SOURCE_STORAGE_CERT_NICKNAME + + " " + + TIC + + "storageCert cert-pki-kra" + + TIC; private static final String TARGET_STORAGE_CERTIFICATE_FILE = "-target_storage_certificate_file"; @@ -506,9 +627,26 @@ public class DRMTool + "header and footer>"; private static final String - TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE = "-target_storage_certificate_file" - + " /export/pki/" - + TARGET_STORAGE_CERT; + TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE = TARGET_STORAGE_CERTIFICATE_FILE + + " " + + "/export/pki/target_storage.cert"; + + private static final String + SOURCE_NSS_DB_PWDFILE = "-source_pki_security_database_pwdfile"; + + private static final String + SOURCE_NSS_DB_PWDFILE_DESCRIPTION = " <complete path to the password " + + "file which ONLY contains the" + + NEWLINE + + " " + + " password used to access the " + + "source security databases>"; + + private static final String + SOURCE_NSS_DB_PWDFILE_EXAMPLE = SOURCE_NSS_DB_PWDFILE + + " " + + "/export/pki/pwdfile"; + // Constants: Command-line Options (ID Offset) @@ -520,8 +658,9 @@ public class DRMTool + "each record's source ID>"; private static final String - APPEND_ID_OFFSET_EXAMPLE = "-append_id_offset " - + ID_OFFSET_VALUE; + APPEND_ID_OFFSET_EXAMPLE = APPEND_ID_OFFSET + + " " + + "100000000000"; private static final String REMOVE_ID_OFFSET = "-remove_id_offset"; @@ -531,8 +670,245 @@ public class DRMTool + "each record's source ID>"; private static final String - REMOVE_ID_OFFSET_EXAMPLE = "-remove_id_offset " - + ID_OFFSET_VALUE; + REMOVE_ID_OFFSET_EXAMPLE = REMOVE_ID_OFFSET + + " " + + "100000000000"; + + + // Constants: Command-line Options + private static final String + SOURCE_DRM_NAMING_CONTEXT = "-source_drm_naming_context"; + + private static final String + SOURCE_DRM_NAMING_CONTEXT_DESCRIPTION = " <source DRM naming context>"; + + private static final String + SOURCE_DRM_NAMING_CONTEXT_EXAMPLE = SOURCE_DRM_NAMING_CONTEXT + + " " + + TIC + + "alpha.example.com-pki-kra" + + TIC; + + private static final String + TARGET_DRM_NAMING_CONTEXT = "-target_drm_naming_context"; + + private static final String + TARGET_DRM_NAMING_CONTEXT_DESCRIPTION = " <target DRM naming context>"; + + private static final String + TARGET_DRM_NAMING_CONTEXT_EXAMPLE = TARGET_DRM_NAMING_CONTEXT + + " " + + TIC + + "omega.example.com-pki-kra" + + TIC; + + private static final String + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY = + "-process_requests_and_key_records_only"; + + + // Constants: DRMTOOL Config File + private static final String DRMTOOL_CFG_PREFIX = "drmtool.ldif"; + private static final String DRMTOOL_CFG_ENROLLMENT = "caEnrollmentRequest"; + private static final String DRMTOOL_CFG_CA_KEY_RECORD = "caKeyRecord"; + private static final String DRMTOOL_CFG_RECOVERY = "recoveryRequest"; + private static final String DRMTOOL_CFG_TPS_KEY_RECORD = "tpsKeyRecord"; + private static final String DRMTOOL_CFG_KEYGEN = "tpsNetkeyKeygenRequest"; + + + // Constants: DRMTOOL Config File (DRM CA Enrollment Request Fields) + private static final String + DRMTOOL_CFG_ENROLLMENT_CN = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_ENROLLMENT + + DOT + + "cn"; + private static final String + DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_ENROLLMENT + + DOT + + "dateOfModify"; + private static final String + DRMTOOL_CFG_ENROLLMENT_DN = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_ENROLLMENT + + DOT + + "dn"; + private static final String + DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_ENROLLMENT + + DOT + + "extdata.keyRecord"; + private static final String + DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_ENROLLMENT + + DOT + + "extdata.requestNotes"; + private static final String + DRMTOOL_CFG_ENROLLMENT_REQUEST_ID = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_ENROLLMENT + + DOT + + "requestId"; + + + // Constants: DRMTOOL Config File (DRM CA Key Record Fields) + private static final String + DRMTOOL_CFG_CA_KEY_RECORD_CN = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_CA_KEY_RECORD + + DOT + + "cn"; + private static final String + DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_CA_KEY_RECORD + + DOT + + "dateOfModify"; + private static final String + DRMTOOL_CFG_CA_KEY_RECORD_DN = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_ENROLLMENT + + DOT + + "dn"; + private static final String + DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_CA_KEY_RECORD + + DOT + + "privateKeyData"; + private static final String + DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_CA_KEY_RECORD + + DOT + + "serialno"; + + + // Constants: DRMTOOL Config File (DRM CA / TPS Recovery Request Fields) + private static final String + DRMTOOL_CFG_RECOVERY_CN = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_RECOVERY + + DOT + + "cn"; + private static final String + DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_RECOVERY + + DOT + + "dateOfModify"; + private static final String + DRMTOOL_CFG_RECOVERY_DN = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_RECOVERY + + DOT + + "dn"; + private static final String + DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_RECOVERY + + DOT + + "extdata.requestId"; + private static final String + DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_RECOVERY + + DOT + + "extdata.requestNotes"; + private static final String + DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_RECOVERY + + DOT + + "extdata.serialnumber"; + private static final String + DRMTOOL_CFG_RECOVERY_REQUEST_ID = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_RECOVERY + + DOT + + "requestId"; + + + // Constants: DRMTOOL Config File (DRM TPS Key Record Fields) + private static final String + DRMTOOL_CFG_TPS_KEY_RECORD_CN = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_TPS_KEY_RECORD + + DOT + + "cn"; + private static final String + DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_TPS_KEY_RECORD + + DOT + + "dateOfModify"; + private static final String + DRMTOOL_CFG_TPS_KEY_RECORD_DN = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_TPS_KEY_RECORD + + DOT + + "dn"; + private static final String + DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_TPS_KEY_RECORD + + DOT + + "privateKeyData"; + private static final String + DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_TPS_KEY_RECORD + + DOT + + "serialno"; + + + // Constants: DRMTOOL Config File (DRM TPS Netkey Keygen Request Fields) + private static final String + DRMTOOL_CFG_KEYGEN_CN = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_KEYGEN + + DOT + + "cn"; + private static final String + DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_KEYGEN + + DOT + + "dateOfModify"; + private static final String + DRMTOOL_CFG_KEYGEN_DN = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_KEYGEN + + DOT + + "dn"; + private static final String + DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_KEYGEN + + DOT + + "extdata.keyRecord"; + private static final String + DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_KEYGEN + + DOT + + "extdata.requestId"; + private static final String + DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_KEYGEN + + DOT + + "extdata.requestNotes"; + private static final String + DRMTOOL_CFG_KEYGEN_REQUEST_ID = DRMTOOL_CFG_PREFIX + + DOT + + DRMTOOL_CFG_KEYGEN + + DOT + + "requestId"; // Constants: Target Certificate Information @@ -541,32 +917,67 @@ public class DRMTool private static final String X509_INFO = "x509.INFO"; - // Constants: DRM LDIF Record Fields (always include trailing space) - private static final String CN = "cn:"; - private static final String DATE_OF_MODIFY = "dateOfModify:"; - private static final String EXTDATA_KEYRECORD = "extdata-keyrecord:"; - private static final String EXTDATA_REQUESTID = "extdata-requestid:"; - private static final String EXTDATA_REQUESTNOTES = "extdata-requestnotes:"; - private static final String EXTDATA_REQUEST_TYPE = "extdata-requesttype:"; - private static final String EXTDATA_SERIALNUMBER = "extdata-serialnumber:"; - private static final String PRIVATE_KEY_DATA = "privateKeyData::"; - private static final String REQUESTID = "requestId:"; - private static final String SERIALNO = "serialno:"; + // Constants: DRM LDIF Record Fields (always include trailing delimiters) + private static final String DRM_LDIF_ARCHIVED_BY = "archivedBy:"; + private static final String DRM_LDIF_CN = "cn:"; + private static final String DRM_LDIF_DATE_OF_MODIFY = "dateOfModify:"; + private static final String DRM_LDIF_DN = "dn:"; + private static final String + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER = "extdata-auth--005ftoken;user:"; + private static final String + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN = "extdata-auth--005ftoken;userdn:"; + private static final String + DRM_LDIF_EXTDATA_KEY_RECORD = "extdata-keyrecord:"; + private static final String + DRM_LDIF_EXTDATA_REQUEST_ID = "extdata-requestid:"; + private static final String + DRM_LDIF_EXTDATA_REQUEST_NOTES = "extdata-requestnotes:"; + private static final String + DRM_LDIF_EXTDATA_REQUEST_TYPE = "extdata-requesttype:"; + private static final String + DRM_LDIF_EXTDATA_SERIAL_NUMBER = "extdata-serialnumber:"; + private static final String DRM_LDIF_PRIVATE_KEY_DATA = "privateKeyData::"; + private static final String DRM_LDIF_REQUEST_ID = "requestId:"; + private static final String DRM_LDIF_REQUEST_TYPE = "requestType:"; + private static final String DRM_LDIF_SERIAL_NO = "serialno:"; // Constants: DRM LDIF Record Values - private static final String NETKEY_KEYGEN = "netkeyKeygen"; - private static final String RECOVERY = "recovery"; - private static final String REWRAP_MESSAGE = "REWRAPPED the existing '" - + "DES3 symmetric session key" - + "' with the '"; - private static final String RSA_MESSAGE = "-bit RSA public key' obtained " - + "from the target storage " - + "certificate"; - private static final String APPENDED_ID_OFFSET_MESSAGE = "APPENDED " - + "ID OFFSET"; - private static final String REMOVED_ID_OFFSET_MESSAGE = "REMOVED " - + "ID OFFSET"; + private static final int INITIAL_LDIF_RECORD_CAPACITY = 0; + private static final int EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH = 56; + private static final int PRIVATE_KEY_DATA_FIRST_LINE_DATA_LENGTH = 60; + private static final String DRM_LDIF_RECORD = "Generic"; + private static final String DRM_LDIF_CA_KEY_RECORD = "CA"; + private static final String DRM_LDIF_ENROLLMENT = "enrollment"; + private static final String DRM_LDIF_KEYGEN = "netkeyKeygen"; + private static final String DRM_LDIF_RECOVERY = "recovery"; + private static final String DRM_LDIF_TPS_KEY_RECORD = "TPS"; + + + // Constants: DRM LDIF Record Messages + private static final String DRM_LDIF_REWRAP_MESSAGE = "REWRAPPED the '" + + "existing DES3 " + + "symmetric " + + "session key" + + "' with the '"; + private static final String DRM_LDIF_RSA_MESSAGE = "-bit RSA public key' " + + "obtained from the " + + "target storage " + + "certificate"; + private static final String DRM_LDIF_USED_PWDFILE_MESSAGE = + "USED source PKI security database " + + "password file"; + private static final String DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE = + "APPENDED ID offset"; + private static final String DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE = + "REMOVED ID offset"; + private static final String DRM_LDIF_SOURCE_NAME_CONTEXT_MESSAGE = + "RENAMED source DRM naming context '"; + private static final String DRM_LDIF_TARGET_NAME_CONTEXT_MESSAGE = + "' to target DRM naming context '"; + private static final String + DRM_LDIF_PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY_MESSAGE = + "PROCESSED requests and key records ONLY!"; /*************/ @@ -580,15 +991,21 @@ public class DRMTool // Variables: Command-Line Options private static boolean mMandatoryFlag = false; private static boolean mRewrapFlag = false; + private static boolean mPwdfileFlag = false; private static boolean mAppendIdOffsetFlag = false; private static boolean mRemoveIdOffsetFlag = false; + private static boolean mDrmNamingContextsFlag = false; + private static boolean mProcessRequestsAndKeyRecordsOnlyFlag = false; private static int mMandatoryNameValuePairs = 0; private static int mRewrapNameValuePairs = 0; + private static int mPKISecurityDatabasePwdfileNameValuePairs = 0; private static int mAppendIdOffsetNameValuePairs = 0; private static int mRemoveIdOffsetNameValuePairs = 0; + private static int mDrmNamingContextNameValuePairs = 0; // Variables: Command-Line Values (Mandatory) + private static String mDrmtoolCfgFilename = null; private static String mSourceLdifFilename = null; private static String mTargetLdifFilename = null; private static String mLogFilename = null; @@ -600,12 +1017,28 @@ public class DRMTool private static String mSourceStorageCertNickname = null; private static String mTargetStorageCertificateFilename = null; + // Variables: Command-Line Values (Rewrap Password File) + private static String mSourcePKISecurityDatabasePwdfile = null; // Variables: Command-Line Values (ID Offset) private static BigInteger mAppendIdOffset = null; private static BigInteger mRemoveIdOffset = null; + // Variables: Command-Line Values (DRM Naming Contexts) + private static String mSourceDrmNamingContext = null; + private static String mTargetDrmNamingContext = null; + + + // Variables: DRMTOOL Config File Parameters of Interest + private static Hashtable<String, Boolean> drmtoolCfg = null; + + + // Variables: DRMTOOL LDIF File Parameters of Interest + private static Vector<String> record = null; + private static Iterator<String> ldif_record = null; + + // Variables: Logging private static boolean mDebug = false; // set 'true' for debug messages private static PrintWriter logger = null; @@ -613,7 +1046,6 @@ public class DRMTool // Variables: PKCS #11 Information - private static CryptoToken mInternalToken = null; private static CryptoToken mSourceToken = null; private static X509Certificate mUnwrapCert = null; private static PrivateKey mUnwrapPrivateKey = null; @@ -621,6 +1053,12 @@ public class DRMTool private static int mPublicKeySize = 0; + // Variables: DRM LDIF Record Messages + private static String mSourcePKISecurityDatabasePwdfileMessage = null; + private static String mDrmNamingContextMessage = null; + private static String mProcessRequestsAndKeyRecordsOnlyMessage = null; + + /********************/ /* Calendar Methods */ /********************/ @@ -652,6 +1090,12 @@ public class DRMTool + DRM_TOOL + NEWLINE + " " + + DRMTOOL_CFG_FILE + + NEWLINE + + " " + + DRMTOOL_CFG_DESCRIPTION + + NEWLINE + + " " + SOURCE_LDIF_FILE + NEWLINE + " " @@ -703,6 +1147,14 @@ public class DRMTool + NEWLINE + " " + "[" + + SOURCE_NSS_DB_PWDFILE + + NEWLINE + + " " + + SOURCE_NSS_DB_PWDFILE_DESCRIPTION + + "]" + + NEWLINE + + " " + + "[" + APPEND_ID_OFFSET + NEWLINE + " " @@ -716,6 +1168,27 @@ public class DRMTool + " " + REMOVE_ID_OFFSET_DESCRIPTION + "]" + + NEWLINE + + " " + + "[" + + SOURCE_DRM_NAMING_CONTEXT + + NEWLINE + + " " + + SOURCE_DRM_NAMING_CONTEXT_DESCRIPTION + + "]" + + NEWLINE + + " " + + "[" + + TARGET_DRM_NAMING_CONTEXT + + NEWLINE + + " " + + TARGET_DRM_NAMING_CONTEXT_DESCRIPTION + + "]" + + NEWLINE + + " " + + "[" + + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY + + "]" + NEWLINE ); System.out.println( "Example of 'Rewrap and Append ID Offset':" @@ -725,6 +1198,9 @@ public class DRMTool + DRM_TOOL + NEWLINE + " " + + DRMTOOL_CFG_FILE_EXAMPLE + + NEWLINE + + " " + SOURCE_LDIF_FILE_EXAMPLE + NEWLINE + " " @@ -746,7 +1222,19 @@ public class DRMTool + TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE + NEWLINE + " " + + SOURCE_NSS_DB_PWDFILE_EXAMPLE + + NEWLINE + + " " + APPEND_ID_OFFSET_EXAMPLE + + NEWLINE + + " " + + SOURCE_DRM_NAMING_CONTEXT_EXAMPLE + + NEWLINE + + " " + + TARGET_DRM_NAMING_CONTEXT_EXAMPLE + + NEWLINE + + " " + + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY + NEWLINE ); System.out.println( "Example of 'Rewrap and Remove ID Offset':" @@ -756,6 +1244,9 @@ public class DRMTool + DRM_TOOL + NEWLINE + " " + + DRMTOOL_CFG_FILE_EXAMPLE + + NEWLINE + + " " + SOURCE_LDIF_FILE_EXAMPLE + NEWLINE + " " @@ -777,7 +1268,19 @@ public class DRMTool + TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE + NEWLINE + " " + + SOURCE_NSS_DB_PWDFILE_EXAMPLE + + NEWLINE + + " " + REMOVE_ID_OFFSET_EXAMPLE + + NEWLINE + + " " + + SOURCE_DRM_NAMING_CONTEXT_EXAMPLE + + NEWLINE + + " " + + TARGET_DRM_NAMING_CONTEXT_EXAMPLE + + NEWLINE + + " " + + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY + NEWLINE ); System.out.println( "Example of 'Rewrap':" @@ -787,6 +1290,9 @@ public class DRMTool + DRM_TOOL + NEWLINE + " " + + DRMTOOL_CFG_FILE_EXAMPLE + + NEWLINE + + " " + SOURCE_LDIF_FILE_EXAMPLE + NEWLINE + " " @@ -806,6 +1312,18 @@ public class DRMTool + NEWLINE + " " + TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE + + NEWLINE + + " " + + SOURCE_NSS_DB_PWDFILE_EXAMPLE + + NEWLINE + + " " + + SOURCE_DRM_NAMING_CONTEXT_EXAMPLE + + NEWLINE + + " " + + TARGET_DRM_NAMING_CONTEXT_EXAMPLE + + NEWLINE + + " " + + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY + NEWLINE ); System.out.println( "Example of 'Append ID Offset':" @@ -815,6 +1333,9 @@ public class DRMTool + DRM_TOOL + NEWLINE + " " + + DRMTOOL_CFG_FILE_EXAMPLE + + NEWLINE + + " " + SOURCE_LDIF_FILE_EXAMPLE + NEWLINE + " " @@ -825,6 +1346,15 @@ public class DRMTool + NEWLINE + " " + APPEND_ID_OFFSET_EXAMPLE + + NEWLINE + + " " + + SOURCE_DRM_NAMING_CONTEXT_EXAMPLE + + NEWLINE + + " " + + TARGET_DRM_NAMING_CONTEXT_EXAMPLE + + NEWLINE + + " " + + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY + NEWLINE ); System.out.println( "Example of 'Remove ID Offset':" @@ -834,6 +1364,9 @@ public class DRMTool + DRM_TOOL + NEWLINE + " " + + DRMTOOL_CFG_FILE_EXAMPLE + + NEWLINE + + " " + SOURCE_LDIF_FILE_EXAMPLE + NEWLINE + " " @@ -844,6 +1377,15 @@ public class DRMTool + NEWLINE + " " + REMOVE_ID_OFFSET_EXAMPLE + + NEWLINE + + " " + + SOURCE_DRM_NAMING_CONTEXT_EXAMPLE + + NEWLINE + + " " + + TARGET_DRM_NAMING_CONTEXT_EXAMPLE + + NEWLINE + + " " + + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY + NEWLINE ); } @@ -867,7 +1409,7 @@ public class DRMTool System.err.println( "ERROR: Unable to open file '" + logfile + "' for writing: '" - + eFile + + eFile.toString() + "'" + NEWLINE ); System.exit( 0 ); @@ -963,7 +1505,7 @@ public class DRMTool } catch( TokenException exToken ) { log( "ERROR: Getting private key - " + "TokenException: '" - + exToken + + exToken.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1008,7 +1550,7 @@ public class DRMTool + "certificate file named '" + mTargetStorageCertificateFilename + "' exists! FileNotFoundException: '" - + exWrapFileNotFound + + exWrapFileNotFound.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1030,7 +1572,7 @@ public class DRMTool + "encoded error encountered while reading '" + mTargetStorageCertificateFilename + "'! IOException: '" - + exWrapReadLineIO + + exWrapReadLineIO.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1044,7 +1586,7 @@ public class DRMTool + "encoded error encountered in closing '" + mTargetStorageCertificateFilename + "'! IOException: '" - + exWrapCloseIO + + exWrapCloseIO.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1072,7 +1614,7 @@ public class DRMTool + "in parsing certificate in '" + mTargetStorageCertificateFilename + "' CertificateException: '" - + exWrapCertificate + + exWrapCertificate.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1095,7 +1637,7 @@ public class DRMTool } catch( InvalidKeyException exInvalidKey ) { log( "ERROR: Converting X.509 public key --> RSA public key - " + "InvalidKeyException: '" - + exInvalidKey + + exInvalidKey.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1131,7 +1673,7 @@ public class DRMTool log( "ERROR: source_pki_security_database_path='" + mSourcePKISecurityDatabasePath + "' KeyDatabaseException: '" - + exKey + + exKey.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1139,7 +1681,7 @@ public class DRMTool log( "ERROR: source_pki_security_database_path='" + mSourcePKISecurityDatabasePath + "' CertDatabaseException: '" - + exCert + + exCert.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1147,7 +1689,7 @@ public class DRMTool log( "ERROR: source_pki_security_database_path='" + mSourcePKISecurityDatabasePath + "' AlreadyInitializedException: '" - + exAlreadyInitialized + + exAlreadyInitialized.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1155,46 +1697,61 @@ public class DRMTool log( "ERROR: source_pki_security_database_path='" + mSourcePKISecurityDatabasePath + "' GeneralSecurityException: '" - + exSecurity + + exSecurity.toString() + "'" + NEWLINE, true ); System.exit( 0 ); } - // Retrieve the internal token from the source database + // Retrieve the source storage token by its name try { - log( "Retrieving internal token from CryptoManager." + log( "Retrieving token from CryptoManager." + NEWLINE, true ); cm = CryptoManager.getInstance(); - mInternalToken = cm.getInternalKeyStorageToken(); - if( mInternalToken == null ) { - return FAILURE; - } - } catch( Exception exUninitialized ) { - log( "ERROR: Uninitialized CryptoManager - '" - + exUninitialized - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } - - // Retrieve the source storage token by its name - try { log( "Retrieving source storage token called '" + mSourceStorageTokenName + "'." + NEWLINE, true ); - mSourceToken = cm.getTokenByName( mSourceStorageTokenName ); + if( mSourceStorageTokenName.equals( INTERNAL_TOKEN ) ) { + mSourceToken = cm.getInternalKeyStorageToken(); + } else { + mSourceToken = cm.getTokenByName( mSourceStorageTokenName ); + } + if( mSourceToken == null ) { return FAILURE; } - } catch( NoSuchTokenException exToken ) { - log( "ERROR: No source storage token named '" - + mSourceStorageTokenName - + "' exists! NoSuchTokenException: '" - + exToken + + if( mPwdfileFlag ) { + BufferedReader in = null; + String pwd = null; + Password mPwd = null; + + try { + in = new BufferedReader( + new FileReader( + mSourcePKISecurityDatabasePwdfile ) ); + pwd = in.readLine(); + + mPwd = new Password( pwd.toCharArray() ); + + mSourceToken.login( mPwd ); + } catch( Exception exReadPwd ) { + log( "ERROR: Failed to read the keydb password from " + + "the file '" + + mSourcePKISecurityDatabasePwdfile + + "'. Exception: '" + + exReadPwd.toString() + + "'" + + NEWLINE, true ); + System.exit( 0 ); + } + } + } catch( Exception exUninitialized ) { + log( "ERROR: Uninitialized CryptoManager - '" + + exUninitialized.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1232,7 +1789,7 @@ public class DRMTool + "source storage cert named '" + mSourceStorageCertNickname + "' exists! ObjectNotFoundException: '" - + exUnwrapObjectNotFound + + exUnwrapObjectNotFound.toString() + "'" + NEWLINE, true ); } else { @@ -1253,7 +1810,7 @@ public class DRMTool + "source storage cert named '" + mSourceStorageCertNickname + "' exists! TokenException: '" - + exUnwrapToken + + exUnwrapToken.toString() + "'" + NEWLINE, true ); } else { @@ -1317,7 +1874,7 @@ public class DRMTool + "public key from target storage certificate stored in '" + mTargetStorageCertificateFilename + "' InvalidKeyFormatException '" - + exInvalidPublicKey + + exInvalidPublicKey.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1394,42 +1951,42 @@ public class DRMTool } catch( IOException exUnwrapIO ) { log( "ERROR: Unwrapping key data - " + "IOException: '" - + exUnwrapIO + + exUnwrapIO.toString() + "'" + NEWLINE, true ); System.exit( 0 ); } catch( NoSuchAlgorithmException exUnwrapAlgorithm ) { log( "ERROR: Unwrapping key data - " + "NoSuchAlgorithmException: '" - + exUnwrapAlgorithm + + exUnwrapAlgorithm.toString() + "'" + NEWLINE, true ); System.exit( 0 ); } catch( TokenException exUnwrapToken ) { log( "ERROR: Unwrapping key data - " + "TokenException: '" - + exUnwrapToken + + exUnwrapToken.toString() + "'" + NEWLINE, true ); System.exit( 0 ); } catch( InvalidKeyException exUnwrapInvalidKey ) { log( "ERROR: Unwrapping key data - " + "InvalidKeyException: '" - + exUnwrapInvalidKey + + exUnwrapInvalidKey.toString() + "'" + NEWLINE, true ); System.exit( 0 ); } catch( InvalidAlgorithmParameterException exUnwrapInvalidAlgorithm ) { log( "ERROR: Unwrapping key data - " + "InvalidAlgorithmParameterException: '" - + exUnwrapInvalidAlgorithm + + exUnwrapInvalidAlgorithm.toString() + "'" + NEWLINE, true ); System.exit( 0 ); } catch( IllegalStateException exUnwrapState ) { log( "ERROR: Unwrapping key data - " + "InvalidStateException: '" - + exUnwrapState + + exUnwrapState.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1439,8 +1996,8 @@ public class DRMTool // mStorageUnit.encryptInternalPrivate( byte priKey[] ) // throws EBaseException try { - // Use "mInternalToken" to get "KeyWrapAlgorithm.RSA" - target_rsaWrap = mInternalToken.getKeyWrapper( + // Use "mSourceToken" to get "KeyWrapAlgorithm.RSA" + target_rsaWrap = mSourceToken.getKeyWrapper( KeyWrapAlgorithm.RSA ); target_rsaWrap.initWrap( mWrapPublicKey, null ); target_session = target_rsaWrap.wrap( sk ); @@ -1456,42 +2013,42 @@ public class DRMTool } catch( NoSuchAlgorithmException exWrapAlgorithm ) { log( "ERROR: Wrapping key data - " + "NoSuchAlgorithmException: '" - + exWrapAlgorithm + + exWrapAlgorithm.toString() + "'" + NEWLINE, true ); System.exit( 0 ); } catch( TokenException exWrapToken ) { log( "ERROR: Wrapping key data - " + "TokenException: '" - + exWrapToken + + exWrapToken.toString() + "'" + NEWLINE, true ); System.exit( 0 ); } catch( InvalidKeyException exWrapInvalidKey ) { log( "ERROR: Wrapping key data - " + "InvalidKeyException: '" - + exWrapInvalidKey + + exWrapInvalidKey.toString() + "'" + NEWLINE, true ); System.exit( 0 ); } catch( InvalidAlgorithmParameterException exWrapInvalidAlgorithm ) { log( "ERROR: Wrapping key data - " + "InvalidAlgorithmParameterException: '" - + exWrapInvalidAlgorithm + + exWrapInvalidAlgorithm.toString() + "'" + NEWLINE, true ); System.exit( 0 ); } catch( IllegalStateException exWrapState ) { log( "ERROR: Wrapping key data - " + "InvalidStateException: '" - + exWrapState + + exWrapState.toString() + "'" + NEWLINE, true ); System.exit( 0 ); } catch( IOException exWrapIO ) { log( "ERROR: Wrapping key data - " + "IOException: '" - + exWrapIO + + exWrapIO.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1506,8 +2063,8 @@ public class DRMTool * from the passed in string. * <P> * - * @param data consisting of an ASCII BASE 64 string containing EOLs - * @return a string consisting of an ASCII BASE 64 string with no EOLs + * @param data consisting of a string containing EOLs + * @return a string consisting of a string with no EOLs */ private static String stripEOL( String data ) { StringBuffer buffer = new StringBuffer(); @@ -1527,21 +2084,22 @@ public class DRMTool /** - * Helper method used to format the unformatted string containing an - * ASCII BASE 64 string into an ASCII BASE 64 string suitable as an - * entry for an LDIF file. + * Helper method used to format a string containing unformatted data + * into a string containing formatted data suitable as an entry for + * an LDIF file. * <P> * - * @param an unformatted string containing an ASCII BASE 64 string - * @return formatted data consisting of an ASCII BASE 64 string + * @param length the length of the first line of data + * @param data a string containing unformatted data + * @return formatted data consisting of data formatted for an LDIF record * suitable for an LDIF file */ - private static String format_ldif_data( String data ) { + private static String format_ldif_data( int length, String data ) { String revised_data = ""; - if( data.length() > 60 ) { + if( data.length() > length ) { // process first line - for( int i = 0; i < 60; i++ ) { + for( int i = 0; i < length; i++ ) { revised_data += data.charAt( i ); } @@ -1550,7 +2108,7 @@ public class DRMTool // process remaining lines int j = 0; - for( int i = 60; i < data.length(); i++ ) { + for( int i = length; i < data.length(); i++ ) { if( j == 0 ) { revised_data += ' '; } @@ -1649,12 +2207,12 @@ public class DRMTool * An "attribute" consists of one of the following values: * * <PRE> - * CN = "cn:"; - * EXTDATA_KEYRECORD = "extdata-keyrecord:"; - * EXTDATA_REQUESTID = "extdata-requestid:"; - * EXTDATA_SERIALNUMBER = "extdata-serialnumber:"; - * REQUESTID = "requestId:"; - * SERIALNO = "serialno:"; + * DRM_LDIF_CN = "cn:"; + * DRM_LDIF_EXTDATA_KEY_RECORD = "extdata-keyrecord:"; + * DRM_LDIF_EXTDATA_REQUEST_ID = "extdata-requestid:"; + * DRM_LDIF_EXTDATA_SERIAL_NUMBER = "extdata-serialnumber:"; + * DRM_LDIF_REQUEST_ID = "requestId:"; + * DRM_LDIF_SERIAL_NO = "serialno:"; * * * NOTE: Indexed data means that the numeric data @@ -1781,7 +2339,7 @@ public class DRMTool log( "ERROR: source_line='" + source_line + "' IndexOutOfBoundsException: '" - + exBounds + + exBounds.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1789,7 +2347,7 @@ public class DRMTool log( "ERROR: data='" + data + "' PatternSyntaxException: '" - + exPattern + + exPattern.toString() + "'" + NEWLINE, true ); System.exit( 0 ); @@ -1804,210 +2362,1362 @@ public class DRMTool /***********************/ /** - * This method performs the actual parsing of the "source" LDIF file - * and produces the "target" LDIF file. + * Helper method which composes the output line for DRM_LDIF_CN. * <P> * - * @return true if the "target" LDIF file is successfully created + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line */ - private static boolean convert_source_ldif_to_target_ldif() { - boolean success = false; - BufferedReader reader = null; - PrintWriter writer = null; - String line = null; - String previous_line = null; - String revised_line = null; + private static String output_cn( String record_type, + String line ) { + String output = null; + + if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_CN ) ) { + output = compose_numeric_line( DRM_LDIF_CN, + line, + false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_CN ) ) { + output = compose_numeric_line( DRM_LDIF_CN, + line, + false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_CN ) ) { + output = compose_numeric_line( DRM_LDIF_CN, + line, + false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_CN ) ) { + output = compose_numeric_line( DRM_LDIF_CN, + line, + false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_CN ) ) { + output = compose_numeric_line( DRM_LDIF_CN, + line, + false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_RECORD ) ) { + // Non-Request / Non-Key Record: + // Pass through the original + // 'cn' line UNCHANGED + // so that it is ALWAYS written + output = line; + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_CN + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); + } + + return output; + } + + + /** + * Helper method which composes the output line for DRM_LDIF_DATE_OF_MODIFY. + * <P> + * + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line + */ + private static String output_date_of_modify( String record_type, + String line ) { + String output = null; + + if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY ) ) { + output = DRM_LDIF_DATE_OF_MODIFY + + SPACE + + mDateOfModify; + + log( "Changed '" + + line + + "' to '" + + output + + "'." + + NEWLINE, false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY ) ) { + output = DRM_LDIF_DATE_OF_MODIFY + + SPACE + + mDateOfModify; + + log( "Changed '" + + line + + "' to '" + + output + + "'." + + NEWLINE, false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY ) ) { + output = DRM_LDIF_DATE_OF_MODIFY + + SPACE + + mDateOfModify; + + log( "Changed '" + + line + + "' to '" + + output + + "'." + + NEWLINE, false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY ) ) { + output = DRM_LDIF_DATE_OF_MODIFY + + SPACE + + mDateOfModify; + + log( "Changed '" + + line + + "' to '" + + output + + "'." + + NEWLINE, false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY ) ) { + output = DRM_LDIF_DATE_OF_MODIFY + + SPACE + + mDateOfModify; + + log( "Changed '" + + line + + "' to '" + + output + + "'." + + NEWLINE, false ); + } else { + output = line; + } + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_DATE_OF_MODIFY + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); + } + + return output; + } + + + /** + * Helper method which composes the output line for DRM_LDIF_DN. + * <P> + * + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line + */ + private static String output_dn( String record_type, + String line ) { + String data = null; + String output = null; + + try { + if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_DN ) ) { + // Since "-source_drm_naming_context", and + // "-target_drm_naming_context" are OPTIONAL + // parameters, ONLY process this field if both of + // these options have been selected + if( mDrmNamingContextsFlag ) { + output = line.replace( mSourceDrmNamingContext, + mTargetDrmNamingContext ); + } else { + output = line; + } + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_DN ) ) { + // Since "-source_drm_naming_context", and + // "-target_drm_naming_context" are OPTIONAL + // parameters, ONLY process this field if both of + // these options have been selected + if( mDrmNamingContextsFlag ) { + output = line.replace( mSourceDrmNamingContext, + mTargetDrmNamingContext ); + } else { + output = line; + } + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_DN ) ) { + // Since "-source_drm_naming_context", and + // "-target_drm_naming_context" are OPTIONAL + // parameters, ONLY process this field if both of + // these options have been selected + if( mDrmNamingContextsFlag ) { + output = line.replace( mSourceDrmNamingContext, + mTargetDrmNamingContext ); + } else { + output = line; + } + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_DN ) ) { + // Since "-source_drm_naming_context", and + // "-target_drm_naming_context" are OPTIONAL + // parameters, ONLY process this field if both of + // these options have been selected + if( mDrmNamingContextsFlag ) { + output = line.replace( mSourceDrmNamingContext, + mTargetDrmNamingContext ); + } else { + output = line; + } + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_DN ) ) { + // Since "-source_drm_naming_context", and + // "-target_drm_naming_context" are OPTIONAL + // parameters, ONLY process this field if both of + // these options have been selected + if( mDrmNamingContextsFlag ) { + output = line.replace( mSourceDrmNamingContext, + mTargetDrmNamingContext ); + } else { + output = line; + } + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_RECORD ) ) { + // Non-Request / Non-Key Record: + // Pass through the original + // 'dn' line UNCHANGED + // so that it is ALWAYS written + output = line; + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_DN + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); + } + } catch( NullPointerException exNullPointerException ) { + log( "ERROR: Unable to replace source DRM naming context '" + + mSourceDrmNamingContext + + "' with target DRM naming context '" + + mTargetDrmNamingContext + + "' NullPointerException: '" + + exNullPointerException.toString() + + "'" + + NEWLINE, true ); + } + + return output; + } + + + /** + * Helper method which composes the output line for + * DRM_LDIF_EXTDATA_KEY_RECORD. + * <P> + * + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line + */ + private static String output_extdata_key_record( String record_type, + String line ) { + String output = null; + + if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD ) ) { + output = compose_numeric_line( DRM_LDIF_EXTDATA_KEY_RECORD, + line, + false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD ) ) { + output = compose_numeric_line( DRM_LDIF_EXTDATA_KEY_RECORD, + line, + false ); + } else { + output = line; + } + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_KEY_RECORD + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); + } + + return output; + } + + + /** + * Helper method which composes the output line for + * DRM_LDIF_EXTDATA_REQUEST_ID. + * <P> + * + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line + */ + private static String output_extdata_request_id( String record_type, + String line ) { + String output = null; + + if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + // ALWAYS pass-through "extdata-requestId" for + // DRM_LDIF_ENROLLMENT records UNCHANGED because the + // value in this field is associated with the issuing CA! + output = line; + } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID ) ) { + output = compose_numeric_line( DRM_LDIF_EXTDATA_REQUEST_ID, + line, + false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID ) ) { + output = compose_numeric_line( DRM_LDIF_EXTDATA_REQUEST_ID, + line, + false ); + } else { + output = line; + } + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_REQUEST_ID + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); + } + + return output; + } + + + /** + * Helper method which composes the output line for + * DRM_LDIF_EXTDATA_REQUEST_NOTES. + * <P> + * + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line + */ + private static String output_extdata_request_notes( String record_type, + String line ) { + String input = null; String data = null; - String revised_data = null; String unformatted_data = null; - String formatted_data = null; - byte source_wrappedKeyData[] = null; - byte target_wrappedKeyData[] = null; + String output = null; + String next_line = null; + + // extract the data + input = line.substring( + DRM_LDIF_EXTDATA_REQUEST_NOTES.length() + 1 + ).trim(); + + while( ( line = ldif_record.next() ) != null ) { + if( line.startsWith( SPACE ) ) { + // Do NOT use "trim()"; + // remove single leading space and + // trailing carriage returns and newlines ONLY! + input += line.replaceFirst(" ","").replace('\r','\0').replace('\n','\0'); + } else { + next_line = line; + break; + } + } - if( mRewrapFlag ) { - success = obtain_RSA_rewrapping_keys(); - if( !success ) { - return FAILURE; + if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + if(drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES )) { + // write out a revised 'extdata-requestnotes' line + if( mRewrapFlag && mAppendIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRewrapFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mAppendIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRemoveIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } + + // log this information + log( "Changed:" + + NEWLINE + + TIC + + DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + input ) + + TIC + + NEWLINE + + "--->" + + NEWLINE + + TIC + + output + + TIC + + NEWLINE, false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES ) ) { + // write out a revised 'extdata-requestnotes' line + if( mRewrapFlag && mAppendIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRewrapFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mAppendIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRemoveIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } + + // log this information + log( "Changed:" + + NEWLINE + + TIC + + DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + input ) + + TIC + + NEWLINE + + "--->" + + NEWLINE + + TIC + + output + + TIC + + NEWLINE, false ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES ) ) { + // write out a revised 'extdata-requestnotes' line + if( mRewrapFlag && mAppendIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRewrapFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mAppendIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRemoveIdOffsetFlag ) { + data = input + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } + + // log this information + log( "Changed:" + + NEWLINE + + TIC + + DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + input ) + + TIC + + NEWLINE + + "--->" + + NEWLINE + + TIC + + output + + TIC + + NEWLINE, false ); + } else { + output = line; } + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_REQUEST_NOTES + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); } - // Process each line in the source LDIF file - // and store it in the target LDIF file - try { - // Open source LDIF file for reading - reader = new BufferedReader( - new FileReader( mSourceLdifFilename ) ); + if( output != null ) { + output += NEWLINE + next_line; + } - // Open target LDIF file for writing - writer = new PrintWriter( - new BufferedWriter( - new FileWriter( mTargetLdifFilename ) ) ); + return output; + } - System.out.print( "PROCESSING: " ); - while( ( line = reader.readLine() ) != null ) { - if( line.startsWith( CN ) ) { - revised_line = compose_numeric_line( CN, - line, - false ); - } else if( line.startsWith( DATE_OF_MODIFY ) ) { - // write out a new 'dateOfModify' line - revised_line = DATE_OF_MODIFY + SPACE + mDateOfModify; + + /** + * Helper method which composes the output line for + * DRM_LDIF_EXTDATA_REQUEST_NOTES. + * <P> + * + * @param record_type the string representation of the input record type + * @param previous_line the string representation of the previous input line + * @param writer the PrintWriter used to output this new LDIF line + * @return the composed output line + */ + private static void create_extdata_request_notes( String record_type, + String previous_line, + PrintWriter writer ) { + String data = null; + String unformatted_data = null; + String output = null; + + if( record_type.equals( DRM_LDIF_RECOVERY ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES ) ) { + if(!previous_line.startsWith( DRM_LDIF_EXTDATA_REQUEST_NOTES)) { + // write out the missing 'extdata-requestnotes' line + if( mRewrapFlag && mAppendIdOffsetFlag ) { + data = LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { + data = LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRewrapFlag ) { + data = LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mAppendIdOffsetFlag ) { + data = LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } else if( mRemoveIdOffsetFlag ) { + data = LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + } // log this information - log( "Changed '" - + line - + "' to '" - + revised_line - + "'." + log( "Created:" + + NEWLINE + + TIC + + output + + TIC + NEWLINE, false ); - } else if( line.startsWith( EXTDATA_KEYRECORD ) ) { - revised_line = compose_numeric_line( EXTDATA_KEYRECORD, - line, - false ); - } else if( line.startsWith( EXTDATA_REQUESTID ) ) { - revised_line = compose_numeric_line( EXTDATA_REQUESTID, - line, - false ); - } else if( line.startsWith( EXTDATA_REQUESTNOTES ) ) { - // write out a revised 'extdata-requestnotes' line + + // Write out this revised line + // and flush the buffer + writer.write( output + NEWLINE ); + writer.flush(); + System.out.print( "." ); + } + } + } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES ) ) { + if(!previous_line.startsWith( DRM_LDIF_EXTDATA_REQUEST_NOTES)) { + // write out the missing 'extdata-requestnotes' line if( mRewrapFlag && mAppendIdOffsetFlag ) { - revised_line = line + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + COLON + SPACE - + REWRAP_MESSAGE - + mPublicKeySize - + RSA_MESSAGE + SPACE - + PLUS + SPACE - + APPENDED_ID_OFFSET_MESSAGE + SPACE - + TIC + mAppendIdOffset.toString() + TIC; + data = LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { - revised_line = line + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + COLON + SPACE - + REWRAP_MESSAGE - + mPublicKeySize - + RSA_MESSAGE + SPACE - + PLUS + SPACE - + REMOVED_ID_OFFSET_MESSAGE + SPACE - + TIC + mRemoveIdOffset.toString() + TIC; + data = LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); } else if( mRewrapFlag ) { - revised_line = line + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + COLON + SPACE - + REWRAP_MESSAGE - + mPublicKeySize - + RSA_MESSAGE; + data = LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); } else if( mAppendIdOffsetFlag ) { - revised_line = line + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + COLON + SPACE - + APPENDED_ID_OFFSET_MESSAGE + SPACE - + TIC + mAppendIdOffset.toString() + TIC; + data = LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); } else if( mRemoveIdOffsetFlag ) { - revised_line = line + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + COLON + SPACE - + REMOVED_ID_OFFSET_MESSAGE + SPACE - + TIC + mRemoveIdOffset.toString() + TIC; + data = LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; + + // Unformat the data + unformatted_data = stripEOL( data ); + + // Format the unformatted_data + // to match the desired LDIF format + output = DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data ); } // log this information - log( "Changed '" - + line - + "' to '" - + revised_line - + "'." + log( "Created:" + + NEWLINE + + TIC + + output + + TIC + NEWLINE, false ); - } else if( line.startsWith( EXTDATA_REQUEST_TYPE ) ) { - if( ( line.contains( NETKEY_KEYGEN ) || - line.contains( RECOVERY ) ) && - !previous_line.startsWith( EXTDATA_REQUESTNOTES ) ) { - // write out the missing 'extdata-requestnotes' line - if( mRewrapFlag && mAppendIdOffsetFlag ) { - revised_line = EXTDATA_REQUESTNOTES + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + COLON + SPACE - + REWRAP_MESSAGE - + mPublicKeySize - + RSA_MESSAGE + SPACE - + PLUS + SPACE - + APPENDED_ID_OFFSET_MESSAGE + SPACE - + TIC + mAppendIdOffset.toString() - + TIC; - } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { - revised_line = EXTDATA_REQUESTNOTES + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + COLON + SPACE - + REWRAP_MESSAGE - + mPublicKeySize - + RSA_MESSAGE + SPACE - + PLUS + SPACE - + REMOVED_ID_OFFSET_MESSAGE + SPACE - + TIC + mRemoveIdOffset.toString() - + TIC; - } else if( mRewrapFlag ) { - revised_line = EXTDATA_REQUESTNOTES + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + COLON + SPACE - + REWRAP_MESSAGE - + mPublicKeySize - + RSA_MESSAGE; - } else if( mAppendIdOffsetFlag ) { - revised_line = EXTDATA_REQUESTNOTES + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + COLON + SPACE - + APPENDED_ID_OFFSET_MESSAGE + SPACE - + TIC + mAppendIdOffset.toString() - + TIC; - } else if( mRemoveIdOffsetFlag ) { - revised_line = EXTDATA_REQUESTNOTES + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + COLON + SPACE - + REMOVED_ID_OFFSET_MESSAGE + SPACE - + TIC + mRemoveIdOffset.toString() - + TIC; + + // Write out this revised line + // and flush the buffer + writer.write( output + NEWLINE ); + writer.flush(); + System.out.print( "." ); + } + } + } + } + + + /** + * Helper method which composes the output line for + * DRM_LDIF_EXTDATA_SERIAL_NUMBER. + * <P> + * + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line + */ + private static String output_extdata_serial_number( String record_type, + String line ) { + String output = null; + + if( record_type.equals( DRM_LDIF_RECOVERY ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER ) ) { + output = compose_numeric_line( DRM_LDIF_EXTDATA_SERIAL_NUMBER, + line, + false ); + } else { + output = line; + } + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_SERIAL_NUMBER + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); + } + + return output; + } + + + /** + * Helper method which composes the output line for + * DRM_LDIF_PRIVATE_KEY_DATA. + * <P> + * + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line + */ + private static String output_private_key_data( String record_type, + String line ) { + byte source_wrappedKeyData[] = null; + byte target_wrappedKeyData[] = null; + String data = null; + String revised_data = null; + String unformatted_data = null; + String formatted_data = null; + String output = null; + + try { + if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) { + if(drmtoolCfg.get(DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA)) { + // Since "-source_pki_security_database_path", + // "-source_storage_token_name", + // "-source_storage_certificate_nickname", and + // "-target_storage_certificate_file" are OPTIONAL + // parameters, ONLY process this field if all of + // these options have been selected + if( mRewrapFlag ) { + // extract the data + data = line.substring( + DRM_LDIF_PRIVATE_KEY_DATA.length() + 1 + ).trim(); + + while( ( line = ldif_record.next() ) != null ) { + if( line.startsWith( SPACE ) ) { + data += line.trim(); + } else { + break; + } } + // Decode the ASCII BASE 64 certificate + // enclosed in the String() object + // into a BINARY BASE 64 byte[] object + source_wrappedKeyData = + com.netscape.osutil.OSUtil.AtoB( data ); + + // rewrap the source wrapped private key data + target_wrappedKeyData = rewrap_wrapped_key_data( + source_wrappedKeyData ); + + // Encode the BINARY BASE 64 byte[] object + // into an ASCII BASE 64 certificate + // enclosed in a String() object + revised_data = com.netscape.osutil.OSUtil.BtoA( + target_wrappedKeyData ); + + // Unformat the ASCII BASE 64 certificate + // for the log file + unformatted_data = stripEOL( revised_data ); + + // Format the ASCII BASE 64 certificate + // to match the desired LDIF format + formatted_data = format_ldif_data( + PRIVATE_KEY_DATA_FIRST_LINE_DATA_LENGTH, + unformatted_data ); + + // construct a revised 'privateKeyData' line + output = DRM_LDIF_PRIVATE_KEY_DATA + + SPACE + + formatted_data + + NEWLINE + + line; + // log this information - log( "Created '" - + revised_line - + "'." + log( "Changed 'privateKeyData' from:" + + NEWLINE + + TIC + + data + + TIC + + NEWLINE + + " to:" + + NEWLINE + + TIC + + unformatted_data + + TIC + NEWLINE, false ); - - // Write out this revised line and flush the buffer - writer.write( revised_line + NEWLINE ); - writer.flush(); - System.out.print( "." ); + } else { + output = line; } - - // ALWAYS pass through the original 'extdata-requesttype' - // line UNCHANGED so that it is ALWAYS written - revised_line = line; - } else if( line.startsWith( EXTDATA_SERIALNUMBER ) ) { - revised_line = compose_numeric_line( EXTDATA_SERIALNUMBER, - line, - false ); - } else if( line.startsWith( PRIVATE_KEY_DATA ) ) { + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) { + if(drmtoolCfg.get(DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA)){ // Since "-source_pki_security_database_path", // "-source_storage_token_name", // "-source_storage_certificate_nickname", and @@ -2016,10 +3726,11 @@ public class DRMTool // these options have been selected if( mRewrapFlag ) { // extract the data - data = line.substring( PRIVATE_KEY_DATA.length() + 1 - ).trim(); + data = line.substring( + DRM_LDIF_PRIVATE_KEY_DATA.length() + 1 + ).trim(); - while( ( line = reader.readLine() ) != null ) { + while( ( line = ldif_record.next() ) != null ) { if( line.startsWith( SPACE ) ) { data += line.trim(); } else { @@ -2027,10 +3738,11 @@ public class DRMTool } } - // Decode the ASCII BASE 64 certificate enclosed in the - // String() object into a BINARY BASE 64 byte[] object - source_wrappedKeyData = com.netscape.osutil.OSUtil.AtoB( - data ); + // Decode the ASCII BASE 64 certificate + // enclosed in the String() object + // into a BINARY BASE 64 byte[] object + source_wrappedKeyData = + com.netscape.osutil.OSUtil.AtoB( data ); // rewrap the source wrapped private key data target_wrappedKeyData = rewrap_wrapped_key_data( @@ -2048,14 +3760,16 @@ public class DRMTool // Format the ASCII BASE 64 certificate // to match the desired LDIF format - formatted_data = format_ldif_data( unformatted_data ); + formatted_data = format_ldif_data( + PRIVATE_KEY_DATA_FIRST_LINE_DATA_LENGTH, + unformatted_data ); // construct a revised 'privateKeyData' line - revised_line = PRIVATE_KEY_DATA - + SPACE - + formatted_data - + NEWLINE - + line; + output = DRM_LDIF_PRIVATE_KEY_DATA + + SPACE + + formatted_data + + NEWLINE + + line; // log this information log( "Changed 'privateKeyData' from:" @@ -2071,44 +3785,581 @@ public class DRMTool + TIC + NEWLINE, false ); } else { - revised_line = line; + output = line; } - } else if( line.startsWith( REQUESTID ) ) { - revised_line = compose_numeric_line( REQUESTID, - line, - true ); - } else if( line.startsWith( SERIALNO ) ) { - revised_line = compose_numeric_line( SERIALNO, - line, - true ); } else { - // Pass through line unchanged - revised_line = line; + output = line; } + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_PRIVATE_KEY_DATA + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); + } + } catch( Exception exRewrap ) { + log( "ERROR: Unable to rewrap BINARY BASE 64 data. " + + "Exception: '" + + exRewrap.toString() + + "'" + + NEWLINE, true ); + } + + return output; + } - // Always save a copy of this line - previous_line = revised_line; - // Always write out the revised line and flush the buffer - writer.write( revised_line + NEWLINE ); - writer.flush(); - System.out.print( "." ); + /** + * Helper method which composes the output line for DRM_LDIF_REQUEST_ID. + * <P> + * + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line + */ + private static String output_request_id( String record_type, + String line ) { + String output = null; + + if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_REQUEST_ID ) ) { + output = compose_numeric_line( DRM_LDIF_REQUEST_ID, + line, + true ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_REQUEST_ID ) ) { + output = compose_numeric_line( DRM_LDIF_REQUEST_ID, + line, + true ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_REQUEST_ID ) ) { + output = compose_numeric_line( DRM_LDIF_REQUEST_ID, + line, + true ); + } else { + output = line; + } + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_REQUEST_ID + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); + } + + return output; + } + + + /** + * Helper method which composes the output line for DRM_LDIF_SERIAL_NO. + * <P> + * + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line + */ + private static String output_serial_no( String record_type, + String line ) { + String output = null; + + if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO ) ) { + output = compose_numeric_line( DRM_LDIF_SERIAL_NO, + line, + true ); + } else { + output = line; + } + } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) { + if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO ) ) { + output = compose_numeric_line( DRM_LDIF_SERIAL_NO, + line, + true ); + } else { + output = line; + } + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_SERIAL_NO + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); + } + + return output; + } + + + /** + * Helper method which composes the output line for + * DRM_LDIF_EXTDATA_AUTH_TOKEN_USER. + * <P> + * + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line + */ + private static String output_extdata_auth_token_user( String record_type, + String line ) { + String data = null; + String output = null; + + try { + if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + // Since "-source_drm_naming_context", and + // "-target_drm_naming_context" are OPTIONAL + // parameters, ONLY process this field if both of + // these options have been selected + if( mDrmNamingContextsFlag ) { + output = line.replace( mSourceDrmNamingContext, + mTargetDrmNamingContext ); + } else { + output = line; + } + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); + } + } catch( NullPointerException exNullPointerException ) { + log( "ERROR: Unable to replace source DRM naming context '" + + mSourceDrmNamingContext + + "' with target DRM naming context '" + + mTargetDrmNamingContext + + "' NullPointerException: '" + + exNullPointerException.toString() + + "'" + + NEWLINE, true ); + } + + return output; + } + + + /** + * Helper method which composes the output line for + * DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN. + * <P> + * + * @param record_type the string representation of the input record type + * @param line the string representation of the input line + * @return the composed output line + */ + private static String output_extdata_auth_token_user_dn( String record_type, + String line ) { + String data = null; + String output = null; + + try { + if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + // Since "-source_drm_naming_context", and + // "-target_drm_naming_context" are OPTIONAL + // parameters, ONLY process this field if both of + // these options have been selected + if( mDrmNamingContextsFlag ) { + output = line.replace( mSourceDrmNamingContext, + mTargetDrmNamingContext ); + } else { + output = line; + } + } else { + log( "ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true ); + } + } catch( NullPointerException exNullPointerException ) { + log( "ERROR: Unable to replace source DRM naming context '" + + mSourceDrmNamingContext + + "' with target DRM naming context '" + + mTargetDrmNamingContext + + "' NullPointerException: '" + + exNullPointerException.toString() + + "'" + + NEWLINE, true ); + } + + return output; + } + + + /** + * This method performs the actual parsing of the "source" LDIF file + * and produces the "target" LDIF file. + * <P> + * + * @return true if the "target" LDIF file is successfully created + */ + private static boolean convert_source_ldif_to_target_ldif() { + boolean success = false; + BufferedReader reader = null; + PrintWriter writer = null; + String input = null; + String line = null; + String previous_line = null; + String output = null; + String data = null; + String record_type = null; + + if( mRewrapFlag ) { + success = obtain_RSA_rewrapping_keys(); + if( !success ) { + return FAILURE; + } + } + + // Create a vector for LDIF input + record = new Vector<String>( INITIAL_LDIF_RECORD_CAPACITY ); + + // Process each line in the source LDIF file + // and store it in the target LDIF file + try { + // Open source LDIF file for reading + reader = new BufferedReader( + new FileReader( mSourceLdifFilename ) ); + + // Open target LDIF file for writing + writer = new PrintWriter( + new BufferedWriter( + new FileWriter( mTargetLdifFilename ) ) ); + + System.out.print( "PROCESSING: " ); + while( ( input = reader.readLine() ) != null ) { + // Read in a record from the source LDIF file and + // add this line of input into the record vector + success = record.add( input ); + if( !success ) { + return FAILURE; + } + + // Check for the end of an LDIF record + if( !input.equals( "" ) ) { + // Check to see if input line identifies the record type + if( input.startsWith( DRM_LDIF_REQUEST_TYPE ) ) { + // set the record type: + // + // * DRM_LDIF_ENROLLMENT + // * DRM_LDIF_KEYGEN + // * DRM_LDIF_RECOVERY + // + record_type = input.substring( + DRM_LDIF_REQUEST_TYPE.length() + 1 + ).trim(); + if( !record_type.equals( DRM_LDIF_ENROLLMENT ) && + !record_type.equals( DRM_LDIF_KEYGEN ) && + !record_type.equals( DRM_LDIF_RECOVERY ) ) { + log( "ERROR: Unknown LDIF record type='" + + record_type + + "'!" + + NEWLINE, true ); + return FAILURE; + } + } else if( input.startsWith( DRM_LDIF_ARCHIVED_BY ) ) { + // extract the data + data = input.substring( + DRM_LDIF_ARCHIVED_BY.length() + 1 + ).trim(); + + // set the record type: + // + // * DRM_LDIF_CA_KEY_RECORD + // * DRM_LDIF_TPS_KEY_RECORD + // + if( data.startsWith( DRM_LDIF_TPS_KEY_RECORD ) ) { + record_type = DRM_LDIF_TPS_KEY_RECORD; + } else if( data.startsWith( DRM_LDIF_CA_KEY_RECORD ) ) { + record_type = DRM_LDIF_CA_KEY_RECORD; + } else { + log( "ERROR: Unable to determine LDIF record type " + + "from data='" + + data + + "'!" + + NEWLINE, true ); + return FAILURE; + } + } + + // continue adding input lines into this record + continue; + } + + // If record type is unset, then this record is neither + // an LDIF request record nor an LDIF key record; check + // to see if it needs to be written out to the target + // LDIF file or thrown away. + if( ( record_type == null ) && + mProcessRequestsAndKeyRecordsOnlyFlag ) { + // Mark each removed record with an 'x' + System.out.print( "x" ); + + // log this information + log( "INFO: Throwing away an LDIF record which is " + + "neither a Request nor a Key Record!" + + NEWLINE, false ); + + // clear this LDIF record from the record vector + record.clear(); + + // NOTE: there is no need to reset the record type + + // begin adding input lines into a new record + continue; + } else if( record_type == null ) { + // Set record type to specify a "generic" LDIF record + record_type = DRM_LDIF_RECORD; + } + + ldif_record = record.iterator(); + + // Process each line of the record: + // * If LDIF Record Type for this line is 'valid' + // * If DRMTOOL Configuration File Parameter is 'true' + // * Process this data + // * Else If DRMTOOL Configuration File Parameter is 'false' + // * Pass through this data unchanged + // * Else If LDIF Record Type for this line is 'invalid' + // * Log error and leave method returning 'false' + while( ldif_record.hasNext() ) { + + line = ldif_record.next(); + + if( line.startsWith( DRM_LDIF_CN ) ) { + output = output_cn( record_type, line ); + if( output == null ) { + return FAILURE; + } + } else if( line.startsWith( DRM_LDIF_DATE_OF_MODIFY ) ) { + output = output_date_of_modify( record_type, line ); + if( output == null ) { + return FAILURE; + } + } else if( line.startsWith( DRM_LDIF_DN ) ) { + output = output_dn( record_type, line ); + if( output == null ) { + return FAILURE; + } + } else if(line.startsWith( DRM_LDIF_EXTDATA_KEY_RECORD )) { + output = output_extdata_key_record( record_type, + line ); + if( output == null ) { + return FAILURE; + } + } else if(line.startsWith( DRM_LDIF_EXTDATA_REQUEST_ID )) { + output = output_extdata_request_id( record_type, + line ); + if( output == null ) { + return FAILURE; + } + } else if(line.startsWith(DRM_LDIF_EXTDATA_REQUEST_NOTES)) { + output = output_extdata_request_notes( record_type, + line ); + if( output == null ) { + return FAILURE; + } + } else if(line.startsWith(DRM_LDIF_EXTDATA_REQUEST_TYPE)) { + // if one is not already present, + // compose and write out the missing + // 'extdata_requestnotes' line + create_extdata_request_notes( record_type, + previous_line, + writer ); + + // ALWAYS pass through the original + // 'extdata-requesttype' line UNCHANGED + // so that it is ALWAYS written + output = line; + } else if(line.startsWith(DRM_LDIF_EXTDATA_SERIAL_NUMBER)) { + output = output_extdata_serial_number( record_type, + line ); + if( output == null ) { + return FAILURE; + } + } else if( line.startsWith( DRM_LDIF_PRIVATE_KEY_DATA ) ) { + output = output_private_key_data( record_type, + line ); + if( output == null ) { + return FAILURE; + } + } else if( line.startsWith( DRM_LDIF_REQUEST_ID ) ) { + output = output_request_id( record_type, line ); + if( output == null ) { + return FAILURE; + } + } else if( line.startsWith( DRM_LDIF_SERIAL_NO ) ) { + output = output_serial_no( record_type, line ); + if( output == null ) { + return FAILURE; + } + } else if( previous_line != null && + previous_line.startsWith( + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER ) ) { + output = output_extdata_auth_token_user( record_type, + line ); + if( output == null ) { + return FAILURE; + } + } else if( previous_line != null && + previous_line.startsWith( + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN ) ) { + output = output_extdata_auth_token_user_dn( record_type, + line ); + if( output == null ) { + return FAILURE; + } + } else { + // Pass through line unchanged + output = line; + } + + // Always save a copy of this line + previous_line = output; + + // Always write out the output line and flush the buffer + writer.write( output + NEWLINE ); + writer.flush(); + System.out.print( "." ); + } + // Mark the end of the LDIF record + System.out.print( "!" ); + + // clear this LDIF record from the record vector + record.clear(); } System.out.println( " FINISHED." + NEWLINE ); } catch( IOException exIO ) { log( "ERROR: line='" + line - + "' OR revised_line='" - + revised_line + + "' OR output='" + + output + "' IOException: '" - + exIO + + exIO.toString() + "'" + NEWLINE, true ); return FAILURE; - } catch( Exception exRewrap ) { - log( "ERROR: Unable to rewrap BINARY BASE 64 data. " - + "Exception: '" - + exRewrap + } + + return SUCCESS; + } + + + /**************************************/ + /* DRMTOOL Config File Parser Methods */ + /**************************************/ + + /** + * This method performs the actual parsing of the DRMTOOL config file + * and initializes how the DRM Record Fields should be processed. + * <P> + * + * @return true if the DRMTOOL config file is successfully processed + */ + private static boolean process_drmtool_config_file() { + boolean success = false; + BufferedReader reader = null; + String line = null; + String name_value_pair[] = null; + String name = null; + Boolean value = null; + + // Process each line containing a name/value pair + // in the DRMTOOL config file + try { + // Open DRMTOOL config file for reading + reader = new BufferedReader( + new FileReader( mDrmtoolCfgFilename ) ); + + // Create a hashtable for relevant name/value pairs + drmtoolCfg = new Hashtable<String, Boolean>(); + + System.out.print( "PROCESSING DRMTOOL CONFIG FILE: " ); + while( ( line = reader.readLine() ) != null ) { + if( line.startsWith( DRMTOOL_CFG_PREFIX ) ) { + // obtain "name=value" pair + name_value_pair = line.split( EQUAL_SIGN ); + + // obtain "name" + name = name_value_pair[0]; + + // compute "boolean" value + if( name_value_pair[1].equals( "true" ) ) { + value = Boolean.TRUE; + } else { + value = Boolean.FALSE; + } + + // store relevant DRM LDIF fields for processing + if( name.equals( DRMTOOL_CFG_ENROLLMENT_CN ) + || name.equals( DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY ) + || name.equals( DRMTOOL_CFG_ENROLLMENT_DN ) + || name.equals( DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD ) + || name.equals( DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES ) + || name.equals( DRMTOOL_CFG_ENROLLMENT_REQUEST_ID ) + || name.equals( DRMTOOL_CFG_CA_KEY_RECORD_CN ) + || name.equals( DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY ) + || name.equals( DRMTOOL_CFG_CA_KEY_RECORD_DN ) + || name.equals( DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA ) + || name.equals( DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO ) + || name.equals( DRMTOOL_CFG_RECOVERY_CN ) + || name.equals( DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY ) + || name.equals( DRMTOOL_CFG_RECOVERY_DN ) + || name.equals( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID ) + || name.equals( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES ) + || name.equals( DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER ) + || name.equals( DRMTOOL_CFG_RECOVERY_REQUEST_ID ) + || name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_CN ) + || name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY ) + || name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_DN ) + || name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA ) + || name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO ) + || name.equals( DRMTOOL_CFG_KEYGEN_CN ) + || name.equals( DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY ) + || name.equals( DRMTOOL_CFG_KEYGEN_DN ) + || name.equals( DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD ) + || name.equals( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID ) + || name.equals( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES ) + || name.equals( DRMTOOL_CFG_KEYGEN_REQUEST_ID ) ) { + drmtoolCfg.put( name, value ); + System.out.print( "." ); + } + } + } + System.out.println( " FINISHED." + NEWLINE ); + } catch( FileNotFoundException exDrmtoolCfgFileNotFound ) { + log( "ERROR: No DRMTOOL config file named '" + + mDrmtoolCfgFilename + + "' exists! FileNotFoundException: '" + + exDrmtoolCfgFileNotFound.toString() + + "'" + + NEWLINE, true ); + return FAILURE; + } catch( IOException exDrmtoolCfgIO ) { + log( "ERROR: line='" + + line + + "' IOException: '" + + exDrmtoolCfgIO.toString() + + "'" + + NEWLINE, true ); + return FAILURE; + } catch( PatternSyntaxException exDrmtoolCfgNameValuePattern ) { + log( "ERROR: line='" + + line + + "' PatternSyntaxException: '" + + exDrmtoolCfgNameValuePattern.toString() + "'" + NEWLINE, true ); return FAILURE; @@ -2132,8 +4383,13 @@ public class DRMTool // Variables String append_id_offset = null; String remove_id_offset = null; + String process_drm_naming_context_fields = null; + String process_requests_and_key_records_only = null; + String use_PKI_security_database_pwdfile = null; + File cfgFile = null; File sourceFile = null; File sourceDBPath = null; + File sourceDBPwdfile = null; File targetStorageCertFile = null; File targetFile = null; File logFile = null; @@ -2144,9 +4400,26 @@ public class DRMTool // Check that the correct number of arguments were // submitted to the program - if( ( args.length != ID_OFFSET_ARGS ) && - ( args.length != REWRAP_ARGS ) && - ( args.length != REWRAP_AND_ID_OFFSET_ARGS ) ) { + if( ( args.length != ID_OFFSET_ARGS ) && + ( args.length != ( ID_OFFSET_ARGS + 1 ) ) && + ( args.length != ( ID_OFFSET_ARGS + 4 ) ) && + ( args.length != ( ID_OFFSET_ARGS + 5 ) ) && + ( args.length != REWRAP_ARGS ) && + ( args.length != ( REWRAP_ARGS + 1 ) ) && + ( args.length != ( REWRAP_ARGS + 2 ) ) && + ( args.length != ( REWRAP_ARGS + 3 ) ) && + ( args.length != ( REWRAP_ARGS + 4 ) ) && + ( args.length != ( REWRAP_ARGS + 5 ) ) && + ( args.length != ( REWRAP_ARGS + 6 ) ) && + ( args.length != ( REWRAP_ARGS + 7 ) ) && + ( args.length != REWRAP_AND_ID_OFFSET_ARGS ) && + ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 1 ) ) && + ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 2 ) ) && + ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 3 ) ) && + ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 4 ) ) && + ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 5 ) ) && + ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 6 ) ) && + ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 7 ) ) ) { System.err.println( "ERROR: Incorrect number of arguments!" + NEWLINE ); printUsage(); @@ -2155,7 +4428,10 @@ public class DRMTool // Process command-line arguments for( int i = 0; i < args.length; i += 2 ) { - if( args[i].equals( SOURCE_LDIF_FILE ) ) { + if( args[i].equals( DRMTOOL_CFG_FILE ) ) { + mDrmtoolCfgFilename = args[i + 1]; + mMandatoryNameValuePairs++; + } else if( args[i].equals( SOURCE_LDIF_FILE ) ) { mSourceLdifFilename = args[i + 1]; mMandatoryNameValuePairs++; } else if( args[i].equals( TARGET_LDIF_FILE ) ) { @@ -2176,12 +4452,25 @@ public class DRMTool } else if( args[i].equals( TARGET_STORAGE_CERTIFICATE_FILE ) ) { mTargetStorageCertificateFilename = args[i + 1]; mRewrapNameValuePairs++; + } else if( args[i].equals( SOURCE_NSS_DB_PWDFILE ) ) { + mSourcePKISecurityDatabasePwdfile = args[i + 1]; + mPKISecurityDatabasePwdfileNameValuePairs++; } else if( args[i].equals( APPEND_ID_OFFSET ) ) { append_id_offset = args[i + 1]; mAppendIdOffsetNameValuePairs++; } else if( args[i].equals( REMOVE_ID_OFFSET ) ) { remove_id_offset = args[i + 1]; mRemoveIdOffsetNameValuePairs++; + } else if( args[i].equals( SOURCE_DRM_NAMING_CONTEXT ) ) { + mSourceDrmNamingContext = args[i + 1]; + mDrmNamingContextNameValuePairs++; + } else if( args[i].equals( TARGET_DRM_NAMING_CONTEXT ) ) { + mTargetDrmNamingContext = args[i + 1]; + mDrmNamingContextNameValuePairs++; + } else if( args[i].equals( PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY ) ) + { + mProcessRequestsAndKeyRecordsOnlyFlag = true; + i -= 1; } else { System.err.println( "ERROR: Unknown argument '" + args[i] @@ -2195,6 +4484,8 @@ public class DRMTool // Verify that correct number of valid mandatory // arguments were submitted to the program if( mMandatoryNameValuePairs != MANDATORY_NAME_VALUE_PAIRS || + mDrmtoolCfgFilename == null || + mDrmtoolCfgFilename.length() == 0 || mSourceLdifFilename == null || mSourceLdifFilename.length() == 0 || mTargetLdifFilename == null || @@ -2206,13 +4497,29 @@ public class DRMTool printUsage(); System.exit( 0 ); } else { + // Check for a valid DRMTOOL config file + cfgFile = new File( mDrmtoolCfgFilename ); + if( !cfgFile.exists() || + !cfgFile.isFile() || + ( cfgFile.length() == 0 ) ) { + System.err.println( "ERROR: '" + + mDrmtoolCfgFilename + + "' does NOT exist, is NOT a file, " + + "or is empty!" + + NEWLINE ); + printUsage(); + System.exit( 0 ); + } + // Check for a valid source LDIF file sourceFile = new File( mSourceLdifFilename ); if( !sourceFile.exists() || - !sourceFile.isFile() ) { + !sourceFile.isFile() || + ( sourceFile.length() == 0 ) ) { System.err.println( "ERROR: '" + mSourceLdifFilename - + "' does NOT exist or is NOT a file!" + + "' does NOT exist, is NOT a file, " + + "or is empty!" + NEWLINE ); printUsage(); System.exit( 0 ); @@ -2278,10 +4585,12 @@ public class DRMTool targetStorageCertFile = new File( mTargetStorageCertificateFilename ); if( !targetStorageCertFile.exists() || - !targetStorageCertFile.isFile() ) { + !targetStorageCertFile.isFile() || + ( targetStorageCertFile.length() == 0 ) ) { System.err.println( "ERROR: '" + mTargetStorageCertificateFilename - + "' does NOT exist or is NOT a file!" + + "' does NOT exist, is NOT a file, " + + "or is empty!" + NEWLINE ); printUsage(); System.exit( 0 ); @@ -2331,7 +4640,7 @@ public class DRMTool System.err.println( "ERROR: append_id_offset='" + append_id_offset + "' PatternSyntaxException: '" - + exAppendPattern + + exAppendPattern.toString() + "'" + NEWLINE ); System.exit( 0 ); @@ -2371,7 +4680,7 @@ public class DRMTool System.err.println( "ERROR: remove_id_offset='" + remove_id_offset + "' PatternSyntaxException: '" - + exRemovePattern + + exRemovePattern.toString() + "'" + NEWLINE ); System.exit( 0 ); @@ -2398,13 +4707,135 @@ public class DRMTool System.exit( 0 ); } + // Check to see that if the OPTIONAL + // 'PKI Security Database Password File' + // command-line options were specified, + // that they are all present and accounted for + if( mPKISecurityDatabasePwdfileNameValuePairs > 0 ) { + if( mPKISecurityDatabasePwdfileNameValuePairs != + PWDFILE_NAME_VALUE_PAIRS || + mSourcePKISecurityDatabasePwdfile == null || + mSourcePKISecurityDatabasePwdfile.length() == 0 ) { + System.err.println( "ERROR: Missing 'Password File' " + + "arguments!" + + NEWLINE ); + printUsage(); + System.exit( 0 ); + } else { + if( mRewrapFlag ) { + // Check for a valid source PKI + // security database password file + sourceDBPwdfile = new + File( mSourcePKISecurityDatabasePwdfile ); + if( !sourceDBPwdfile.exists() || + !sourceDBPwdfile.isFile() || + ( sourceDBPwdfile.length() == 0 ) ) { + System.err.println( "ERROR: '" + + mSourcePKISecurityDatabasePwdfile + + "' does NOT exist, is NOT a file, " + + "or is empty!" + + NEWLINE ); + printUsage(); + System.exit( 0 ); + } + + use_PKI_security_database_pwdfile = SPACE + + SOURCE_NSS_DB_PWDFILE + + SPACE + + TIC + + mSourcePKISecurityDatabasePwdfile + + TIC; + + mSourcePKISecurityDatabasePwdfileMessage = SPACE + + PLUS + + SPACE + + DRM_LDIF_USED_PWDFILE_MESSAGE; + + // Mark the 'Password File' flag true + mPwdfileFlag = true; + } else { + System.err.println( "ERROR: The " + + TIC + + SOURCE_NSS_DB_PWDFILE + + TIC + + " option is ONLY valid when " + + "performing rewrapping." + + NEWLINE ); + printUsage(); + System.exit( 0 ); + } + } + } else { + use_PKI_security_database_pwdfile = ""; + mSourcePKISecurityDatabasePwdfileMessage = ""; + } + + // Check to see that if the OPTIONAL 'DRM Naming Context' command-line + // options were specified, that they are all present and accounted for + if( mDrmNamingContextNameValuePairs > 0 ) { + if( mDrmNamingContextNameValuePairs != + NAMING_CONTEXT_NAME_VALUE_PAIRS || + mSourceDrmNamingContext == null || + mSourceDrmNamingContext.length() == 0 || + mTargetDrmNamingContext == null || + mTargetDrmNamingContext.length() == 0 ) { + System.err.println( "ERROR: Both 'source DRM naming context' " + + "and 'target DRM naming context' " + + "options MUST be specified!" + + NEWLINE ); + printUsage(); + System.exit( 0 ); + } else { + process_drm_naming_context_fields = SPACE + + SOURCE_DRM_NAMING_CONTEXT + + SPACE + + TIC + + mSourceDrmNamingContext + + TIC + + SPACE + + TARGET_DRM_NAMING_CONTEXT + + SPACE + + TIC + + mTargetDrmNamingContext + + TIC; + + mDrmNamingContextMessage = SPACE + + PLUS + + SPACE + + DRM_LDIF_SOURCE_NAME_CONTEXT_MESSAGE + + mSourceDrmNamingContext + + DRM_LDIF_TARGET_NAME_CONTEXT_MESSAGE + + mTargetDrmNamingContext + + TIC; + + // Mark the 'DRM Naming Contexts' flag true + mDrmNamingContextsFlag = true; + } + } else { + process_drm_naming_context_fields = ""; + mDrmNamingContextMessage = ""; + } + + // Check for OPTIONAL "Process Requests and Key Records ONLY" option + if( mProcessRequestsAndKeyRecordsOnlyFlag ) { + process_requests_and_key_records_only = SPACE + + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY; + mProcessRequestsAndKeyRecordsOnlyMessage = SPACE + PLUS + SPACE + + DRM_LDIF_PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY_MESSAGE; + } else { + process_requests_and_key_records_only = ""; + mProcessRequestsAndKeyRecordsOnlyMessage = ""; + } + // Enable logging process . . . open_log( mLogFilename ); // Begin logging progress . . . if( mRewrapFlag && mAppendIdOffsetFlag ) { - log( "BEGIN '" + log( "BEGIN \"" + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + SOURCE_LDIF_FILE + SPACE + mSourceLdifFilename + SPACE + TARGET_LDIF_FILE + SPACE @@ -2414,17 +4845,23 @@ public class DRMTool + SOURCE_NSS_DB_PATH + SPACE + mSourcePKISecurityDatabasePath + SPACE + SOURCE_STORAGE_TOKEN_NAME + SPACE - + mSourceStorageTokenName + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + mSourceStorageCertNickname + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + TARGET_STORAGE_CERTIFICATE_FILE + SPACE + mTargetStorageCertificateFilename + SPACE + + use_PKI_security_database_pwdfile + APPEND_ID_OFFSET + SPACE - + append_id_offset + "' . . ." + + append_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\" . . ." + NEWLINE, true ); } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { - log( "BEGIN '" + log( "BEGIN \"" + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + SOURCE_LDIF_FILE + SPACE + mSourceLdifFilename + SPACE + TARGET_LDIF_FILE + SPACE @@ -2434,17 +4871,23 @@ public class DRMTool + SOURCE_NSS_DB_PATH + SPACE + mSourcePKISecurityDatabasePath + SPACE + SOURCE_STORAGE_TOKEN_NAME + SPACE - + mSourceStorageTokenName + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + mSourceStorageCertNickname + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + TARGET_STORAGE_CERTIFICATE_FILE + SPACE + mTargetStorageCertificateFilename + SPACE + + use_PKI_security_database_pwdfile + REMOVE_ID_OFFSET + SPACE - + remove_id_offset + "' . . ." + + remove_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\" . . ." + NEWLINE, true ); } else if( mRewrapFlag ) { - log( "BEGIN '" + log( "BEGIN \"" + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + SOURCE_LDIF_FILE + SPACE + mSourceLdifFilename + SPACE + TARGET_LDIF_FILE + SPACE @@ -2454,15 +4897,21 @@ public class DRMTool + SOURCE_NSS_DB_PATH + SPACE + mSourcePKISecurityDatabasePath + SPACE + SOURCE_STORAGE_TOKEN_NAME + SPACE - + mSourceStorageTokenName + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + mSourceStorageCertNickname + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + TARGET_STORAGE_CERTIFICATE_FILE + SPACE - + mTargetStorageCertificateFilename + "' . . ." + + mTargetStorageCertificateFilename + + use_PKI_security_database_pwdfile + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\" . . ." + NEWLINE, true ); } else if( mAppendIdOffsetFlag ) { - log( "BEGIN '" + log( "BEGIN \"" + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + SOURCE_LDIF_FILE + SPACE + mSourceLdifFilename + SPACE + TARGET_LDIF_FILE + SPACE @@ -2470,11 +4919,16 @@ public class DRMTool + LOG_FILE + SPACE + mLogFilename + SPACE + APPEND_ID_OFFSET + SPACE - + append_id_offset + "' . . ." + + append_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\" . . ." + NEWLINE, true ); } else if( mRemoveIdOffsetFlag ) { - log( "BEGIN '" + log( "BEGIN \"" + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + SOURCE_LDIF_FILE + SPACE + mSourceLdifFilename + SPACE + TARGET_LDIF_FILE + SPACE @@ -2482,24 +4936,40 @@ public class DRMTool + LOG_FILE + SPACE + mLogFilename + SPACE + REMOVE_ID_OFFSET + SPACE - + remove_id_offset + "' . . ." + + remove_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\" . . ." + NEWLINE, true ); } - // Convert the source LDIF file to a target LDIF file - success = convert_source_ldif_to_target_ldif(); + // Process the DRMTOOL config file + success = process_drmtool_config_file(); if( !success ) { - log( "FAILED converting source LDIF file --> target LDIF file!" + log( "FAILED processing drmtool config file!" + NEWLINE, true ); } else { - log( "SUCCESSFULLY converted source LDIF file --> target LDIF file!" + log( "SUCCESSFULLY processed drmtool config file!" + NEWLINE, true ); + + // Convert the source LDIF file to a target LDIF file + success = convert_source_ldif_to_target_ldif(); + if( !success ) { + log( "FAILED converting source LDIF file --> target LDIF file!" + + NEWLINE, true ); + } else { + log( "SUCCESSFULLY converted source LDIF file --> " + + "target LDIF file!" + + NEWLINE, true ); + } } // Finish logging progress if( mRewrapFlag && mAppendIdOffsetFlag ) { - log( "FINISHED '" + log( "FINISHED \"" + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + SOURCE_LDIF_FILE + SPACE + mSourceLdifFilename + SPACE + TARGET_LDIF_FILE + SPACE @@ -2509,17 +4979,23 @@ public class DRMTool + SOURCE_NSS_DB_PATH + SPACE + mSourcePKISecurityDatabasePath + SPACE + SOURCE_STORAGE_TOKEN_NAME + SPACE - + mSourceStorageTokenName + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + mSourceStorageCertNickname + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + TARGET_STORAGE_CERTIFICATE_FILE + SPACE + mTargetStorageCertificateFilename + SPACE + + use_PKI_security_database_pwdfile + APPEND_ID_OFFSET + SPACE - + append_id_offset + "'." + + append_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\"." + NEWLINE, true ); } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { - log( "FINISHED '" + log( "FINISHED \"" + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + SOURCE_LDIF_FILE + SPACE + mSourceLdifFilename + SPACE + TARGET_LDIF_FILE + SPACE @@ -2529,17 +5005,23 @@ public class DRMTool + SOURCE_NSS_DB_PATH + SPACE + mSourcePKISecurityDatabasePath + SPACE + SOURCE_STORAGE_TOKEN_NAME + SPACE - + mSourceStorageTokenName + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + mSourceStorageCertNickname + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + TARGET_STORAGE_CERTIFICATE_FILE + SPACE + mTargetStorageCertificateFilename + SPACE + + use_PKI_security_database_pwdfile + REMOVE_ID_OFFSET + SPACE - + remove_id_offset + "'." + + remove_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\"." + NEWLINE, true ); } else if( mRewrapFlag ) { - log( "FINISHED '" + log( "FINISHED \"" + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + SOURCE_LDIF_FILE + SPACE + mSourceLdifFilename + SPACE + TARGET_LDIF_FILE + SPACE @@ -2549,15 +5031,21 @@ public class DRMTool + SOURCE_NSS_DB_PATH + SPACE + mSourcePKISecurityDatabasePath + SPACE + SOURCE_STORAGE_TOKEN_NAME + SPACE - + mSourceStorageTokenName + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + mSourceStorageCertNickname + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + TARGET_STORAGE_CERTIFICATE_FILE + SPACE - + mTargetStorageCertificateFilename + "'." + + mTargetStorageCertificateFilename + + use_PKI_security_database_pwdfile + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\"." + NEWLINE, true ); } else if( mAppendIdOffsetFlag ) { - log( "FINISHED '" + log( "FINISHED \"" + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + SOURCE_LDIF_FILE + SPACE + mSourceLdifFilename + SPACE + TARGET_LDIF_FILE + SPACE @@ -2565,11 +5053,16 @@ public class DRMTool + LOG_FILE + SPACE + mLogFilename + SPACE + APPEND_ID_OFFSET + SPACE - + append_id_offset + "'." + + append_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\"." + NEWLINE, true ); } else if( mRemoveIdOffsetFlag ) { - log( "FINISHED '" + log( "FINISHED \"" + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + SOURCE_LDIF_FILE + SPACE + mSourceLdifFilename + SPACE + TARGET_LDIF_FILE + SPACE @@ -2577,7 +5070,10 @@ public class DRMTool + LOG_FILE + SPACE + mLogFilename + SPACE + REMOVE_ID_OFFSET + SPACE - + remove_id_offset + "'." + + remove_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\"." + NEWLINE, true ); } |