summaryrefslogtreecommitdiffstats
path: root/pki/base/migrate/80
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/migrate/80')
-rw-r--r--pki/base/migrate/80/MigrateSecurityDomain.classbin0 -> 6951 bytes
-rw-r--r--pki/base/migrate/80/MigrateSecurityDomain.java222
-rw-r--r--pki/base/migrate/80/readme29
-rw-r--r--pki/base/migrate/80/schema-add.ldif50
4 files changed, 301 insertions, 0 deletions
diff --git a/pki/base/migrate/80/MigrateSecurityDomain.class b/pki/base/migrate/80/MigrateSecurityDomain.class
new file mode 100644
index 000000000..f2a174dab
--- /dev/null
+++ b/pki/base/migrate/80/MigrateSecurityDomain.class
Binary files differ
diff --git a/pki/base/migrate/80/MigrateSecurityDomain.java b/pki/base/migrate/80/MigrateSecurityDomain.java
new file mode 100644
index 000000000..33bbb72b1
--- /dev/null
+++ b/pki/base/migrate/80/MigrateSecurityDomain.java
@@ -0,0 +1,222 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2008 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import com.netscape.cmsutil.xml.*;
+import com.netscape.cmscore.base.*;
+import com.netscape.cmscore.ldapconn.*;
+import com.netscape.cmsutil.ldap.*;
+import netscape.ldap.*;
+import java.io.*;
+import java.util.*;
+import org.w3c.dom.*;
+
+public class MigrateSecurityDomain {
+
+ private static LDAPConnection getLDAPConn(FileConfigStore cs, String passwd)
+ throws IOException
+ {
+
+ String host = "";
+ String port = "";
+ String binddn = "";
+ String security = "";
+
+ try {
+ host = cs.getString("internaldb.ldapconn.host");
+ port = cs.getString("internaldb.ldapconn.port");
+ binddn = cs.getString("internaldb.ldapauth.bindDN");
+ security = cs.getString("internaldb.ldapconn.secureConn");
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: getLDAPConnection" + e.toString());
+ throw new IOException(
+ "Failed to retrieve LDAP information from CS.cfg.");
+ }
+
+ int p = -1;
+
+ try {
+ p = Integer.parseInt(port);
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString());
+ throw new IOException("Port is not valid");
+ }
+
+ LDAPConnection conn = null;
+ if (security.equals("true")) {
+ System.out.println("MigrateSecurityDomain getLDAPConn: creating secure (SSL) connection for internal ldap");
+ conn = new LDAPConnection(new LdapJssSSLSocketFactory());
+ } else {
+ System.out.println("MigrateSecurityDomain getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+ conn = new LDAPConnection();
+ }
+
+ System.out.println("MigrateSecurityDomain connecting to " + host + ":" + p);
+ try {
+ conn.connect(host, p, binddn, passwd);
+ } catch (LDAPException e) {
+ System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString());
+ throw new IOException("Failed to connect to the internal database.");
+ }
+
+ return conn;
+ }
+
+
+ public static void main(String args[]) throws Exception
+ {
+ if (args.length != 2) {
+ System.out.println("Usage: MigrateSecurityDomain <instance root path> <directory manager password>");
+ System.exit(0);
+ }
+
+ String instRoot = args[0];
+ String dmPass = args[1];
+
+ XMLObject parser = null;
+ // get the security domain data from the domain.xml file
+ try {
+ String path = instRoot + "/conf/domain.xml";
+ System.out.println("MigrateSecurityDomain: Reading domain.xml from file ...");
+ parser = new XMLObject(new FileInputStream(path));
+
+ }
+ catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: Unable to get domain info from domain.xml file");
+ System.out.println(e.toString());
+ System.exit(1);
+ }
+
+ try {
+ String configFile = instRoot + "/conf/CS.cfg";
+ FileConfigStore cs = new FileConfigStore(configFile);
+
+ LDAPConnection conn = null;
+ conn = MigrateSecurityDomain.getLDAPConn(cs, dmPass);
+ if (conn == null) {
+ System.out.println("MigrateSecurityDomain: Failed to connect to internal database");
+ System.exit(1);
+ }
+
+ // add new schema elements
+ String importFile = "./schema-add.ldif";
+ try {
+ LDAPUtil.importLDIF(conn, importFile);
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: Error in adding new schema elements");
+ System.exit(1);
+ }
+ // create the containers
+ String basedn = cs.getString("internaldb.basedn");
+ String secdomain = parser.getValue("Name");
+
+ try {
+ String dn = "ou=Security Domain," + basedn;
+ System.out.println("MigrateSecurityDomain: creating ldap entry : " + dn);
+
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "organizationalUnit"));
+ attrs.add(new LDAPAttribute("name", secdomain));
+ attrs.add(new LDAPAttribute("ou", "Security Domain"));
+ entry = new LDAPEntry(dn, attrs);
+ conn.add(entry);
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() != 68) {
+ System.out.println("Unable to create security domain" + e.toString());
+ System.exit(1);
+ }
+ }
+
+ // create list containers
+ String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"};
+ for (int i=0; i< 6; i++) {
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup"));
+ attrs.add(new LDAPAttribute("cn", clist[i]));
+ entry = new LDAPEntry(dn, attrs);
+ try {
+ conn.add(entry);
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() != 68) {
+ System.out.println("Unable to create security domain list entry " + dn +": "+ e.toString());
+ System.exit(1);
+ }
+ }
+ }
+
+ // create system entries
+ String tlist[] = {"CA", "OCSP", "KRA", "RA", "TKS", "TPS"};
+ Document doc = parser.getDocument();
+ for (int j=0; j<6; j++) {
+ String type = tlist[j];
+ NodeList nodeList = doc.getElementsByTagName(type);
+ int len = nodeList.getLength();
+ for (int i = 0; i < len; i++) {
+ Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), "Clone");
+ Vector v_name = parser.getValuesFromContainer(nodeList.item(i), "SubsystemName");
+ Vector v_host = parser.getValuesFromContainer(nodeList.item(i), "Host");
+ Vector v_port = parser.getValuesFromContainer(nodeList.item(i), "SecurePort");
+
+ String cn = (String)v_host.elementAt(0) + ":" + (String)v_port.elementAt(0);
+ String dn = "cn=" + cn + ",cn=" + type +"List,ou=Security Domain," + basedn;
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem"));
+ attrs.add(new LDAPAttribute("Host", (String)v_host.elementAt(0)));
+ attrs.add(new LDAPAttribute("SecurePort", (String)v_port.elementAt(0)));
+ attrs.add(new LDAPAttribute("Clone", (String)v_clone.elementAt(0)));
+ attrs.add(new LDAPAttribute("SubsystemName", (String)v_name.elementAt(0)));
+ attrs.add(new LDAPAttribute("cn", cn));
+ attrs.add(new LDAPAttribute("DomainManager", "true"));
+ // Since the initial port separation feature didn't occur
+ // until an RHCS 7.3 errata, simply store the "SecurePort"
+ // value for BOTH the "SecureAgentPort" and the
+ // "SecureAdminPort", and DON'T store any values for the
+ // "UnSecurePort"
+ attrs.add(new LDAPAttribute("SecureAgentPort", (String)v_port.elementAt(0)));
+ attrs.add(new LDAPAttribute("SecureAdminPort", (String)v_port.elementAt(0)));
+ entry = new LDAPEntry(dn, attrs);
+
+ try {
+ conn.add(entry);
+ }
+ catch (LDAPException e) {
+ if (e.getLDAPResultCode() != 68) {
+ System.out.println("Unable to create entry " + dn +": "+ e.toString());
+ }
+ }
+ }
+ }
+ cs.putString("securitydomain.store", "ldap");
+ cs.commit(false);
+ System.out.println("MigrateSecurityDomain: Domain successfully migrated.");
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: Migration failed. " + e.toString());
+ }
+ System.exit(0);
+ }
+
+}
diff --git a/pki/base/migrate/80/readme b/pki/base/migrate/80/readme
new file mode 100644
index 000000000..50365c985
--- /dev/null
+++ b/pki/base/migrate/80/readme
@@ -0,0 +1,29 @@
+Date
+
+ Fri Oct 3 00:37:14 EDT 2008
+
+Version
+
+ CMS 8.0
+
+Overview
+
+ In CMS8.0, the security domain data has been migrated into the
+ internal LDAP database to allow easier replication of this data
+ when cloning. Prior to this release, this information was stored
+ in the domain.xml configuration file on the CA serving as the Domain
+ Master.
+
+Program
+
+ MigrateSecurityDomain - This command will add the relevant schema and migrate
+ security domain data that resides in domain.xml into the internal database.
+ The program needs only two arguments - the location of the instance root directory
+ (like /var/lib/pki-ca) and the directory user's password.
+
+Example
+
+ Here is an example of MigrateSecurityDomain usage
+java -cp /usr/share/java/ldapjdk.jar:/usr/share/java/pki/cmscore.jar:/usr/share/java/pki/cmsutil.jar:/usr/share/java/pki/certsrv.jar:. MigrateSecurityDomain /var/lib/pki-ca mypassword
+
+
diff --git a/pki/base/migrate/80/schema-add.ldif b/pki/base/migrate/80/schema-add.ldif
new file mode 100644
index 000000000..fe6577e51
--- /dev/null
+++ b/pki/base/migrate/80/schema-add.ldif
@@ -0,0 +1,50 @@
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ name ) X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ UnSecurePort ) X-ORIGIN 'user defined' )
+
generated by cgit (git 2.34.1) at 2024-04-18 11:55:26 +0000