summaryrefslogtreecommitdiffstats
path: root/pki/base/migrate/80/MigrateSecurityDomain.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/migrate/80/MigrateSecurityDomain.java')
-rw-r--r--pki/base/migrate/80/MigrateSecurityDomain.java222
1 files changed, 222 insertions, 0 deletions
diff --git a/pki/base/migrate/80/MigrateSecurityDomain.java b/pki/base/migrate/80/MigrateSecurityDomain.java
new file mode 100644
index 000000000..33bbb72b1
--- /dev/null
+++ b/pki/base/migrate/80/MigrateSecurityDomain.java
@@ -0,0 +1,222 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2008 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import com.netscape.cmsutil.xml.*;
+import com.netscape.cmscore.base.*;
+import com.netscape.cmscore.ldapconn.*;
+import com.netscape.cmsutil.ldap.*;
+import netscape.ldap.*;
+import java.io.*;
+import java.util.*;
+import org.w3c.dom.*;
+
+public class MigrateSecurityDomain {
+
+ private static LDAPConnection getLDAPConn(FileConfigStore cs, String passwd)
+ throws IOException
+ {
+
+ String host = "";
+ String port = "";
+ String binddn = "";
+ String security = "";
+
+ try {
+ host = cs.getString("internaldb.ldapconn.host");
+ port = cs.getString("internaldb.ldapconn.port");
+ binddn = cs.getString("internaldb.ldapauth.bindDN");
+ security = cs.getString("internaldb.ldapconn.secureConn");
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: getLDAPConnection" + e.toString());
+ throw new IOException(
+ "Failed to retrieve LDAP information from CS.cfg.");
+ }
+
+ int p = -1;
+
+ try {
+ p = Integer.parseInt(port);
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString());
+ throw new IOException("Port is not valid");
+ }
+
+ LDAPConnection conn = null;
+ if (security.equals("true")) {
+ System.out.println("MigrateSecurityDomain getLDAPConn: creating secure (SSL) connection for internal ldap");
+ conn = new LDAPConnection(new LdapJssSSLSocketFactory());
+ } else {
+ System.out.println("MigrateSecurityDomain getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+ conn = new LDAPConnection();
+ }
+
+ System.out.println("MigrateSecurityDomain connecting to " + host + ":" + p);
+ try {
+ conn.connect(host, p, binddn, passwd);
+ } catch (LDAPException e) {
+ System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString());
+ throw new IOException("Failed to connect to the internal database.");
+ }
+
+ return conn;
+ }
+
+
+ public static void main(String args[]) throws Exception
+ {
+ if (args.length != 2) {
+ System.out.println("Usage: MigrateSecurityDomain <instance root path> <directory manager password>");
+ System.exit(0);
+ }
+
+ String instRoot = args[0];
+ String dmPass = args[1];
+
+ XMLObject parser = null;
+ // get the security domain data from the domain.xml file
+ try {
+ String path = instRoot + "/conf/domain.xml";
+ System.out.println("MigrateSecurityDomain: Reading domain.xml from file ...");
+ parser = new XMLObject(new FileInputStream(path));
+
+ }
+ catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: Unable to get domain info from domain.xml file");
+ System.out.println(e.toString());
+ System.exit(1);
+ }
+
+ try {
+ String configFile = instRoot + "/conf/CS.cfg";
+ FileConfigStore cs = new FileConfigStore(configFile);
+
+ LDAPConnection conn = null;
+ conn = MigrateSecurityDomain.getLDAPConn(cs, dmPass);
+ if (conn == null) {
+ System.out.println("MigrateSecurityDomain: Failed to connect to internal database");
+ System.exit(1);
+ }
+
+ // add new schema elements
+ String importFile = "./schema-add.ldif";
+ try {
+ LDAPUtil.importLDIF(conn, importFile);
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: Error in adding new schema elements");
+ System.exit(1);
+ }
+ // create the containers
+ String basedn = cs.getString("internaldb.basedn");
+ String secdomain = parser.getValue("Name");
+
+ try {
+ String dn = "ou=Security Domain," + basedn;
+ System.out.println("MigrateSecurityDomain: creating ldap entry : " + dn);
+
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "organizationalUnit"));
+ attrs.add(new LDAPAttribute("name", secdomain));
+ attrs.add(new LDAPAttribute("ou", "Security Domain"));
+ entry = new LDAPEntry(dn, attrs);
+ conn.add(entry);
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() != 68) {
+ System.out.println("Unable to create security domain" + e.toString());
+ System.exit(1);
+ }
+ }
+
+ // create list containers
+ String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"};
+ for (int i=0; i< 6; i++) {
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup"));
+ attrs.add(new LDAPAttribute("cn", clist[i]));
+ entry = new LDAPEntry(dn, attrs);
+ try {
+ conn.add(entry);
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() != 68) {
+ System.out.println("Unable to create security domain list entry " + dn +": "+ e.toString());
+ System.exit(1);
+ }
+ }
+ }
+
+ // create system entries
+ String tlist[] = {"CA", "OCSP", "KRA", "RA", "TKS", "TPS"};
+ Document doc = parser.getDocument();
+ for (int j=0; j<6; j++) {
+ String type = tlist[j];
+ NodeList nodeList = doc.getElementsByTagName(type);
+ int len = nodeList.getLength();
+ for (int i = 0; i < len; i++) {
+ Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), "Clone");
+ Vector v_name = parser.getValuesFromContainer(nodeList.item(i), "SubsystemName");
+ Vector v_host = parser.getValuesFromContainer(nodeList.item(i), "Host");
+ Vector v_port = parser.getValuesFromContainer(nodeList.item(i), "SecurePort");
+
+ String cn = (String)v_host.elementAt(0) + ":" + (String)v_port.elementAt(0);
+ String dn = "cn=" + cn + ",cn=" + type +"List,ou=Security Domain," + basedn;
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem"));
+ attrs.add(new LDAPAttribute("Host", (String)v_host.elementAt(0)));
+ attrs.add(new LDAPAttribute("SecurePort", (String)v_port.elementAt(0)));
+ attrs.add(new LDAPAttribute("Clone", (String)v_clone.elementAt(0)));
+ attrs.add(new LDAPAttribute("SubsystemName", (String)v_name.elementAt(0)));
+ attrs.add(new LDAPAttribute("cn", cn));
+ attrs.add(new LDAPAttribute("DomainManager", "true"));
+ // Since the initial port separation feature didn't occur
+ // until an RHCS 7.3 errata, simply store the "SecurePort"
+ // value for BOTH the "SecureAgentPort" and the
+ // "SecureAdminPort", and DON'T store any values for the
+ // "UnSecurePort"
+ attrs.add(new LDAPAttribute("SecureAgentPort", (String)v_port.elementAt(0)));
+ attrs.add(new LDAPAttribute("SecureAdminPort", (String)v_port.elementAt(0)));
+ entry = new LDAPEntry(dn, attrs);
+
+ try {
+ conn.add(entry);
+ }
+ catch (LDAPException e) {
+ if (e.getLDAPResultCode() != 68) {
+ System.out.println("Unable to create entry " + dn +": "+ e.toString());
+ }
+ }
+ }
+ }
+ cs.putString("securitydomain.store", "ldap");
+ cs.commit(false);
+ System.out.println("MigrateSecurityDomain: Domain successfully migrated.");
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: Migration failed. " + e.toString());
+ }
+ System.exit(0);
+ }
+
+}
generated by cgit (git 2.34.1) at 2024-04-25 01:30:15 +0000